Bug #16637
closed
recs['clear_all'] should be clear as an array
Added by Bjrn Kraus about 18 years ago.
Updated over 14 years ago.
Description
The FE User Auth class (typo3/sysext/cms/tslib/class.tslib_feuserauth.php) has the possibility to automatically store form values in the session if they are submitted in the recs array. There is a switch in the record_registration() function to reset this array ($this->setKey('ses','recs','');) any time "recs[clear_all]" is submitted. If this is done and you start posting form values again in the recs array the function will throw a fatal error 'cause the result of $this->getKey('ses','recs') is a string and the following loops can't handle $recs_array (= '') as an array.
The (simple) solution is to change the reset into "$this->setKey('ses','recs',array());". Now $recs_array is an empty array and the array functions won't fail.
(issue imported from #M4367)
Files
I know this feature in TYPO3 isn't used by many users. But since it is a small bug and easy to fix (patch is included ;-)), it would be cool to have it in the 4.0.3 release. Thx!
I have uploaded this as a .diff for the developers.
Just realised I ran the diff command the wrong way around, please look at the diff in reverse :)
Bug still present in 4.0.3rc1. Patch (1 line of code) is included.
You as the reporter did not confirm that the problem is solved, that was probably the main reason why I didn't look at it yet - sorry.
I think this requires some testing and shouldn't just be applied. Therefore, it would require a 2nd RC only for this change. Is it worth the hassle? I'll try to bring it into 4.0.4 / 4.1
Hi Michael!
Please have a look at function record_registration(). You will see that 'recs' is treated as an array. If the array is reseted as a string ($this->setKey('ses','recs','')), the code afterwards will obviously fail.
I've applied the patch in my installations (testing and production environment) and have no problem with it.
I would realy appreciate if you could add the change before the next release so I can update my installations without applying the patch again.
BTW: I guess there will be more than one fix before the next rc ;-)
Just recognized that the bug is also in the core_permalogin extension - the code is copied from the original class.
This bug seems to be critical if you use &recs['clear_all'] as additional parameter for the logout button since PHP 5.1.6 throws a fatal error:
PHP Fatal error: Cannot use string offset as an array in /home/.../htdocs/typo3conf/ext/core_permalogin/class.ux_ux_tslib_feuserauth.php on line 403
The result is a blank page.
Since the same method is affected as in Bug #0006718 I'd like to send a reminder for this issue. It's still present in 4.1.3 and hasn't been fixed for almost a year now.
@Michael: The problem is described in this bug report since 1,5 years and we've a patch for it.
Is there a need for further discussions??
Yes. The patch needs to be tested, reviewed and approved.
All I can say is that we've extensions that make use of this functionality and without the patch we get PHP errors (what is pretty obvious if you take a look at the code).
Since 1,5 years our TYPO3 instances (> 20) run fine with this patch.
If there is no official patch it won't be resolved.
I created a patch but with different approach. Setting array to empty string is ok, but for the loop the var has to be tested before. Please test it and report here.
@Steffen: Sorry, I don't agree with you. recs is always treated as an array. If you reset it as string you run into the same problems in the setKey/getKey functions some lines above.
$this->setKey('ses','recs','') is simply wrong. It has to be $this->setKey('ses','recs',array()).
This is just a reminder since this bug is active for two years now.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by