Task #104588
openoverwriting certain $variables in included (require) files causes Problems
0%
Description
This is a followup to this Ticket
https://forge.typo3.org/issues/104509
This Tickets addition (to the prior)
a) the function still allows for Static calls
b) More Files that allow these bugs
--------------------
a)
I tested the scopes with this
// /test.php
<?php
class Test
{
public function __construct() {
require __DIR__."/test2.php";
$require = function ($file) { require $file; };
$require(__DIR__."/test2.php");
$require = static function ($file) { require $file; };
$require(__DIR__."/test2.php");
self::requireFile(__DIR__."/test2.php");
requireFile(__DIR__."/test2.php");
}
private function objectTest()
{
echo 'access to Object-Context is happening'. PHP_EOL;
}
protected static function staticTest()
{
echo 'access to Static-Context is happening' . PHP_EOL;
}
private static function requireFile(string $string)
{
require $string;
}
}
function requireFile($file)
{
require $file;
}
new Test();
// /test2.php
<?php
self::staticTest();
$this->objectTest();
Results:
require ... ;. . . . . . . . . . . . . . . . . . . . Local vars, $this and self:: accessible
$require = function () { ... }; . . . . . $this and self:: accessible
$require = static function (); . . . . self:: accessible
self::requireFile() ; . . . . . . . . . . . . .self:: accessible
(global) function require() . . . . . nothing accessible
Thus a new global function require should be used to include these files
function requireFile(string $filepath): mixed
{
return require $filepath;
}
b)
Files where this is happening:
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Package/AbstractServiceProvider.php
(from the last Ticket:) AbstractServiceProvider
Lines: 74, 93, 105, 131, 155, 172
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/dashboard/Classes/ServiceProvider.php
(from the last Ticket:) Dashboard/.../ServiceProvider
Lines: 141, 161, 180
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/ExpressionLanguage/ProviderConfigurationLoader.php#L58
ProviderConfigurationLoader Line 58 requires Configuration/ExpressionLanguage.php
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/extbase/Classes/Persistence/ClassesConfigurationFactory.php#L48
ClassesConfigurationFactory Line 48 requires Configuration/Extbase/Persistence/Classes.php
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/backend/Classes/CodeEditor/CodeEditor.php#L113
backend/.../CodeEditor Lines 113 and 121 require Configuration/Backend/T3editor/ Modes.php and Addons.php
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Configuration/Tca/TcaFactory.php#L122
TcaFactory Lines 122 and 156 require the TCA files
ext_tables.php is loaded multiple times.
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/install/Classes/Service/LoadTcaService.php#L68
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Configuration/Extension/ExtTablesFactory.php#L99
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/install/Classes/Controller/UpgradeController.php#L1247 (?)
ext_localconf.php
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Configuration/Extension/ExtLocalconfFactory.php#L100
https://github.com/TYPO3/typo3/blob/main/typo3/sysext/install/Classes/Controller/UpgradeController.php#L1235
These are just the ones I found. (there might be more)
Christian Kuhn wrote that these should be done in several patches
https://review.typo3.org/c/Packages/TYPO3.CMS/+/85501/comments/3627cbf2_5c83c3a4
thx for your work