Bug #10718

Content security: query rewriting fails if no other constraints are set on the query

Added by Florian Kugler almost 11 years ago. Updated almost 11 years ago.

Status:
Resolved
Priority:
Must have
Category:
Security
Start date:
2010-11-10
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

The query rewriting aspect fails if the policy constraint is the only constraint on the query.

In PersistenceQueryRewritingAspect::rewriteQomQuery() the policy constraint is added to the query by:

if ($additionalCalculatedConstraints !== NULL) {
    $newConstraints = $query->logicalAnd($query->getConstraint(), $query->logicalNot($additionalCalculatedConstraints));
    $query->matching($newConstraints);
}

However, if $query->getConstraint() returns NULL the call of logicalAnd() fails.

This is my quick fix:

if ($query->getConstraint() !== NULL) {
    $newConstraints = $query->logicalAnd($query->getConstraint(), $query->logicalNot($additionalCalculatedConstraints));
} else {
    $newConstraints = $query->logicalNot($additionalCalculatedConstraints);
}
#1

Updated by Karsten Dambekalns almost 11 years ago

  • Category set to Security
  • Assignee set to Andreas Förthner

Andi, any comments?

#2

Updated by Karsten Dambekalns almost 11 years ago

  • Status changed from New to Accepted
  • Assignee changed from Andreas Förthner to Karsten Dambekalns
#3

Updated by Andreas Förthner almost 11 years ago

yep, this is correct. Fix looks good to me. Karsten Hachmeister: Do we get this into alpha13, or is it already too late?

#4

Updated by Karsten Dambekalns almost 11 years ago

  • Status changed from Accepted to Under Review
#5

Updated by Karsten Dambekalns almost 11 years ago

  • Target version set to 1.0 alpha 13
#6

Updated by Karsten Dambekalns almost 11 years ago

Hi Florian,

it would be really cool if you could test the fix in http://review.typo3.org/330

Thanks, Karsten

#7

Updated by Karsten Dambekalns almost 11 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF