Project

General

Profile

Actions
Copy link

Bug #17793

closed

Insufficient value check in record_registration()

Added by Bjrn Kraus over 16 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2007-11-15
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

In class.tslib_feuserauth.php, method record_registration() the following lines (470) only update values if they are different to the session value:

if ($value != $recs_array[$table][$rec_id]) {
$recs_array[$table][$rec_id] = $value;
$change=1;
}

Because of PHP's type conversion '01' is the same as '1' and therefore the session values won't be updated.
Instead of using != for comparison it has to be !== in the if-clause to prevent PHP from dropping leading '0' and to update the session value.

This issue can be reproduced by posting values to the recs-Array (<input type="text" name="recs[test]" value="" />) with and without a leading 0 ('1.2000' and '01.2000' causes the misbehavior too).

(issue imported from #M6718)

Files

typo3.patch (1.41 KB) typo3.patch Administrator Admin, 2010-07-28 17:45
Actions
Copy link
 #1

Updated by Bjrn Kraus about 16 years ago

Still present in 4.1.6

Actions
Copy link
 #2

Updated by Bjrn Kraus over 15 years ago

This is just a reminder since this bug is active for one year now.

Actions
Copy link
 #3

Updated by Chris topher almost 14 years ago

The code is still the same in current trunk.

The reason for noone fixing this might be, that the bug report is very abstract and therefore hard to understand:

  • What do you want to do and what does not work when doing this?
  • How can one reproduce the problem?

You sound like you even have a fix ready:
Could you post that to Core List?
Check out http://typo3.org/teams/core/core-mailinglist-rules/

Actions
Copy link
 #4

Updated by Bjrn Kraus almost 14 years ago

I thought my explanation was clear: If you fill the recs array by a input form field like "<input type="text" name="recs[test]" value="" />" and you first post '1.2000' and in a second post '01.2000' the recs is not updated because of wrong comparison operator. The patch should fix it.

Actions
Copy link
 #5

Updated by Chris topher almost 14 years ago

Ahh, I see.

Please post the issue to Core List now!

Actions
Copy link
 #6

Updated by Bjrn Kraus almost 14 years ago

I don't follow the list. Should be enough to post it here...

Actions
Copy link
 #7

Updated by Chris topher almost 14 years ago

Not really.

Noone will hurt you... ;-)

=> http://typo3.org/teams/core/core-mailinglist-rules/

Actions
Copy link
 #8

Updated by Stefan Galinski over 12 years ago

  • Category deleted (Communication)
  • Target version deleted (0)

The first hunk of the patch seems to be applied to the core in the meanwhile. Please consider to open a review request for the second hunk if this bug is still valid.

http://wiki.typo3.org/Contribution_Walkthrough_Tutorials

Actions
Copy link
 #9

Updated by Alexander Opitz about 11 years ago

  • Status changed from Needs Feedback to Closed

No response over one year => closed.

Actions
Copy link

Also available in: Atom PDF