Commit 73c81341 authored by Martin Kutschker's avatar Martin Kutschker Committed by Christian Kuhn
Browse files

[BUGFIX] Remove link from login logo

The login logo is linked only for technical reasons of a security check.
It is not meant to be used by humans but is placed prominently enough
to be an accessibility issue.

Remove the link around the logo and create a new one hidden from the
user interface.

Resolves: #93172
Releases: master, 10.4
Change-Id: Id1edc5dd0e059a8700e4bb6c0e09e3f443b6f9fb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67252

Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Richard Haeser's avatarRichard Haeser <richard@richardhaeser.com>
Reviewed-by: default avatarJörg Bösche <typo3@joergboesche.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent 5450af47
......@@ -99,6 +99,16 @@ $login-input-padding-horizontal: $padding-large-horizontal;
}
}
#t3js-login-url {
width: 0;
height: 0;
border: 0;
padding: 0;
overflow: hidden;
clip: rect(0, 0, 0, 0);
cursor: default;
}
//
// Logo
//
......
......@@ -35,7 +35,7 @@ class BackendLogin {
formFields: '.t3js-login-formfields',
interfaceField: '.t3js-login-interface-field',
loginForm: '#typo3-login-form',
loginUrlWrapper: 't3js-login-url',
loginUrlLink: 't3js-login-url',
submitButton: '.t3js-login-submit',
submitHandler: null,
useridentField: '.t3js-login-userident-field',
......@@ -113,10 +113,10 @@ class BackendLogin {
private checkDocumentReferrerSupport(): void {
const referrerRefreshed = Client.get('referrerRefresh') === '1';
const loginUrlWrapper = document.getElementById(this.options.loginUrlWrapper) as HTMLAnchorElement;
if (loginUrlWrapper === null
|| typeof loginUrlWrapper.dataset.referrerCheckEnabled === 'undefined'
|| loginUrlWrapper.dataset.referrerCheckEnabled !== '1'
const loginUrlLink = document.getElementById(this.options.loginUrlLink) as HTMLAnchorElement;
if (loginUrlLink === null
|| typeof loginUrlLink.dataset.referrerCheckEnabled === 'undefined'
|| loginUrlLink.dataset.referrerCheckEnabled !== '1'
) {
return;
}
......@@ -135,7 +135,7 @@ class BackendLogin {
this.ready = false;
Client.set('referrerRefresh', '1');
loginUrlWrapper.click();
loginUrlLink.click();
}
}
......
<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" data-namespace-typo3-fluid="true">
<div class="typo3-login">
<div class="typo3-login-inner">
<div class="typo3-login-container">
......@@ -5,9 +6,7 @@
<div class="card card-lg card-login">
<div class="card-body">
<div class="typo3-login-logo">
<a href="{loginUrl}" id="t3js-login-url" data-referrer-check-enabled="{f:if(condition: '{referrerCheckEnabled}', then: '1', else: '0')}">
<img src="{logo}" class="typo3-login-image" alt="" />
</a>
<img src="{logo}" class="typo3-login-image" alt="" />
</div>
<f:if condition="{formType} == 'LoginForm'">
<f:then>
......@@ -127,4 +126,7 @@
</div>
</f:if>
</div>
<f:comment>This link is only used for protection of the backend.</f:comment>
<a href="{loginUrl}" id="t3js-login-url" data-referrer-check-enabled="{f:if(condition: '{referrerCheckEnabled}', then: '1', else: '0')}" aria-hidden="true" tabindex="-1"></a>
</div>
</html>
......@@ -10,4 +10,4 @@
*
* The TYPO3 project - inspiring people to share!
*/
var __importDefault=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};define(["require","exports","jquery","TYPO3/CMS/Backend/Storage/Client","bootstrap","TYPO3/CMS/Backend/Input/Clearable"],(function(e,t,o,i){"use strict";o=__importDefault(o);return new class{constructor(){this.ready=!0,this.options={error:".t3js-login-error",errorNoCookies:".t3js-login-error-nocookies",errorNoReferrer:".t3js-login-error-noreferrer",formFields:".t3js-login-formfields",interfaceField:".t3js-login-interface-field",loginForm:"#typo3-login-form",loginUrlWrapper:"t3js-login-url",submitButton:".t3js-login-submit",submitHandler:null,useridentField:".t3js-login-userident-field"},this.checkCookieSupport(),this.checkForInterfaceCookie(),this.checkDocumentReferrerSupport(),this.initializeEvents(),top.location.href!==location.href&&(this.ready=!1,top.location.href=location.href),this.ready&&document.body.setAttribute("data-typo3-login-ready","true")}showLoginProcess(){this.showLoadingIndicator(),o.default(this.options.error).addClass("hidden"),o.default(this.options.errorNoCookies).addClass("hidden")}showLoadingIndicator(){o.default(this.options.submitButton).button("loading")}handleSubmit(e){this.showLoginProcess(),"function"==typeof this.options.submitHandler&&this.options.submitHandler(e)}interfaceSelectorChanged(){const e=new Date,t=new Date(e.getTime()+31536e6);document.cookie="typo3-login-interface="+o.default(this.options.interfaceField).val()+"; expires="+t.toUTCString()+";"}checkForInterfaceCookie(){if(o.default(this.options.interfaceField).length){const e=document.cookie.indexOf("typo3-login-interface=");if(-1!==e){let t=document.cookie.substr(e+22);t=t.substr(0,t.indexOf(";")),o.default(this.options.interfaceField).val(t)}}}checkDocumentReferrerSupport(){const e="1"===i.get("referrerRefresh"),t=document.getElementById(this.options.loginUrlWrapper);null!==t&&void 0!==t.dataset.referrerCheckEnabled&&"1"===t.dataset.referrerCheckEnabled&&("string"!=typeof document.referrer||""===document.referrer?e?(i.unset("referrerRefresh"),document.querySelectorAll(this.options.errorNoReferrer).forEach(e=>e.classList.remove("hidden"))):(this.ready=!1,i.set("referrerRefresh","1"),t.click()):e&&i.unset("referrerRefresh"))}showCookieWarning(){o.default(this.options.formFields).addClass("hidden"),o.default(this.options.errorNoCookies).removeClass("hidden")}hideCookieWarning(){o.default(this.options.formFields).removeClass("hidden"),o.default(this.options.errorNoCookies).addClass("hidden")}checkCookieSupport(){const e=navigator.cookieEnabled;!1===e?this.showCookieWarning():document.cookie||null!==e||(document.cookie="typo3-login-cookiecheck=1",document.cookie?document.cookie="typo3-login-cookiecheck=; expires="+new Date(0).toUTCString():this.showCookieWarning())}initializeEvents(){o.default(document).ajaxStart(this.showLoadingIndicator.bind(this)),o.default(this.options.loginForm).on("submit",this.handleSubmit.bind(this)),o.default(this.options.interfaceField).length>0&&o.default(document).on("change blur",this.options.interfaceField,this.interfaceSelectorChanged.bind(this)),document.querySelectorAll(".t3js-clearable").forEach(e=>e.clearable()),o.default(".t3js-login-news-carousel").on("slide.bs.carousel",e=>{const t=o.default(e.relatedTarget).height();o.default(e.target).find("div.active").parent().animate({height:t},500)})}}}));
\ No newline at end of file
var __importDefault=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};define(["require","exports","jquery","TYPO3/CMS/Backend/Storage/Client","bootstrap","TYPO3/CMS/Backend/Input/Clearable"],(function(e,t,o,i){"use strict";o=__importDefault(o);return new class{constructor(){this.ready=!0,this.options={error:".t3js-login-error",errorNoCookies:".t3js-login-error-nocookies",errorNoReferrer:".t3js-login-error-noreferrer",formFields:".t3js-login-formfields",interfaceField:".t3js-login-interface-field",loginForm:"#typo3-login-form",loginUrlLink:"t3js-login-url",submitButton:".t3js-login-submit",submitHandler:null,useridentField:".t3js-login-userident-field"},this.checkCookieSupport(),this.checkForInterfaceCookie(),this.checkDocumentReferrerSupport(),this.initializeEvents(),top.location.href!==location.href&&(this.ready=!1,top.location.href=location.href),this.ready&&document.body.setAttribute("data-typo3-login-ready","true")}showLoginProcess(){this.showLoadingIndicator(),o.default(this.options.error).addClass("hidden"),o.default(this.options.errorNoCookies).addClass("hidden")}showLoadingIndicator(){o.default(this.options.submitButton).button("loading")}handleSubmit(e){this.showLoginProcess(),"function"==typeof this.options.submitHandler&&this.options.submitHandler(e)}interfaceSelectorChanged(){const e=new Date,t=new Date(e.getTime()+31536e6);document.cookie="typo3-login-interface="+o.default(this.options.interfaceField).val()+"; expires="+t.toUTCString()+";"}checkForInterfaceCookie(){if(o.default(this.options.interfaceField).length){const e=document.cookie.indexOf("typo3-login-interface=");if(-1!==e){let t=document.cookie.substr(e+22);t=t.substr(0,t.indexOf(";")),o.default(this.options.interfaceField).val(t)}}}checkDocumentReferrerSupport(){const e="1"===i.get("referrerRefresh"),t=document.getElementById(this.options.loginUrlLink);null!==t&&void 0!==t.dataset.referrerCheckEnabled&&"1"===t.dataset.referrerCheckEnabled&&("string"!=typeof document.referrer||""===document.referrer?e?(i.unset("referrerRefresh"),document.querySelectorAll(this.options.errorNoReferrer).forEach(e=>e.classList.remove("hidden"))):(this.ready=!1,i.set("referrerRefresh","1"),t.click()):e&&i.unset("referrerRefresh"))}showCookieWarning(){o.default(this.options.formFields).addClass("hidden"),o.default(this.options.errorNoCookies).removeClass("hidden")}hideCookieWarning(){o.default(this.options.formFields).removeClass("hidden"),o.default(this.options.errorNoCookies).addClass("hidden")}checkCookieSupport(){const e=navigator.cookieEnabled;!1===e?this.showCookieWarning():document.cookie||null!==e||(document.cookie="typo3-login-cookiecheck=1",document.cookie?document.cookie="typo3-login-cookiecheck=; expires="+new Date(0).toUTCString():this.showCookieWarning())}initializeEvents(){o.default(document).ajaxStart(this.showLoadingIndicator.bind(this)),o.default(this.options.loginForm).on("submit",this.handleSubmit.bind(this)),o.default(this.options.interfaceField).length>0&&o.default(document).on("change blur",this.options.interfaceField,this.interfaceSelectorChanged.bind(this)),document.querySelectorAll(".t3js-clearable").forEach(e=>e.clearable()),o.default(".t3js-login-news-carousel").on("slide.bs.carousel",e=>{const t=o.default(e.relatedTarget).height();o.default(e.target).find("div.active").parent().animate({height:t},500)})}}}));
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment