Project

General

Profile

Actions

Bug #102751

closed

AbstractUserAuthentication: Missing condition for empty checkPid_value

Added by Sven Proffe 11 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2024-01-04
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

In TYPO3\CMS\Core\Authentication\AbstractUserAuthentication, line 919 reads (as of current main):

if ($this->checkPid && $this->checkPid_value !== null) {

As $this->checkPid_value may be a string it may be empty, which is not checked. In that case TYPO3\CMS\Core\Authentication\AbstractAuthenticationService->fetchUserRecord() will end up with a corrupt SQL query containing a restriction like ... AND pid in ()...

So, I'd like to suggest to check for an empty string, as well.

if ($this->checkPid && $this->checkPid_value !== null && $this->checkPid_value !== '') {

Actions #1

Updated by Sven Proffe 11 months ago

  • Description updated (diff)
Actions #2

Updated by Gerrit Code Review 11 months ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/82309

Actions #3

Updated by Gerrit Code Review 11 months ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/82309

Actions #4

Updated by Gerrit Code Review 11 months ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/82309

Actions #5

Updated by Gerrit Code Review 11 months ago

Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/82372

Actions #6

Updated by Oliver Bartsch 11 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #7

Updated by Benni Mack 5 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF