Bug #17793
closedInsufficient value check in record_registration()
0%
Description
In class.tslib_feuserauth.php, method record_registration() the following lines (470) only update values if they are different to the session value:
if ($value != $recs_array[$table][$rec_id]) {
$recs_array[$table][$rec_id] = $value;
$change=1;
}
Because of PHP's type conversion '01' is the same as '1' and therefore the session values won't be updated.
Instead of using != for comparison it has to be !== in the if-clause to prevent PHP from dropping leading '0' and to update the session value.
This issue can be reproduced by posting values to the recs-Array (<input type="text" name="recs[test]" value="" />) with and without a leading 0 ('1.2000' and '01.2000' causes the misbehavior too).
(issue imported from #M6718)
Files
Updated by Bjrn Kraus about 16 years ago
This is just a reminder since this bug is active for one year now.
Updated by Chris topher over 14 years ago
The code is still the same in current trunk.
The reason for noone fixing this might be, that the bug report is very abstract and therefore hard to understand:
- What do you want to do and what does not work when doing this?
- How can one reproduce the problem?
You sound like you even have a fix ready:
Could you post that to Core List?
Check out http://typo3.org/teams/core/core-mailinglist-rules/
Updated by Bjrn Kraus over 14 years ago
I thought my explanation was clear: If you fill the recs array by a input form field like "<input type="text" name="recs[test]" value="" />" and you first post '1.2000' and in a second post '01.2000' the recs is not updated because of wrong comparison operator. The patch should fix it.
Updated by Chris topher over 14 years ago
Ahh, I see.
Please post the issue to Core List now!
Updated by Bjrn Kraus over 14 years ago
I don't follow the list. Should be enough to post it here...
Updated by Chris topher over 14 years ago
Updated by Stefan Galinski almost 13 years ago
- Category deleted (
Communication) - Target version deleted (
0)
The first hunk of the patch seems to be applied to the core in the meanwhile. Please consider to open a review request for the second hunk if this bug is still valid.
Updated by Alexander Opitz over 11 years ago
- Status changed from Needs Feedback to Closed
No response over one year => closed.