Project

General

Profile

Download (2.03 KB)

Feature #20146 » 0010639_v10_userauth.patch

Administrator Admin, 2009-05-03 13:52

View differences:

t3lib/class.t3lib_userauth.php (Arbeitskopie)
$this->hash_length = t3lib_div::intInRange($this->hash_length,6,32);
$this->svConfig = $TYPO3_CONF_VARS['SVCONF']['auth'];
// if we have a flash client, take the ID from the GP
if (!$id && $this->isAllowedGenericUserAgentActive()) {
$id = t3lib_div::_GP($this->name);
}
// If fallback to get mode....
if (!$id && $this->getFallBack && $this->get_name) {
......
/**
* This returns the where-clause needed to lock a user to a hash integer
*
* if the client is flash (e.g. from a flash application inside TYPO3 that does a server request)
* then don't evaluate with the hashLockClause, as the client /browser is included in this hash
* and thus, the flash request would be rejected
*
* @return string
* @access private
*/
function hashLockClause() {
$wherePart = 'AND '.$this->session_table.'.ses_hashlock='.intval($this->hashLockClause_getHashInt());
if ($this->isAllowedGenericUserAgentActive()) {
$wherePart = '';
} else {
$wherePart = 'AND ' . $this->session_table . '.ses_hashlock = ' . intval($this->hashLockClause_getHashInt());
}
return $wherePart;
}
......
return $user;
}
/**
* Determines whether a generic user agent is active (such as the flash file uploader).
* This information is used to bypass some too restrictive checks only for these specific
* situations.
*
* @return boolean Whether an allowed generic user agent is active
* @see hashLockClause()
*/
protected function isAllowedGenericUserAgentActive() {
return ($GLOBALS['CLIENT']['BROWSER'] == 'flash'
&& isset($GLOBALS['ajaxID']) && $GLOBALS['ajaxID'] == 'TYPO3_tcefile::process'
);
}
......
/*************************
*
* Create/update user - EXPERIMENTAL
(5-5/8)