Actions
Bug #17793
closed
Insufficient value check in record_registration()
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2007-11-15
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
In class.tslib_feuserauth.php, method record_registration() the following lines (470) only update values if they are different to the session value:
if ($value != $recs_array[$table][$rec_id]) {
$recs_array[$table][$rec_id] = $value;
$change=1;
}
Because of PHP's type conversion '01' is the same as '1' and therefore the session values won't be updated.
Instead of using != for comparison it has to be !== in the if-clause to prevent PHP from dropping leading '0' and to update the session value.
This issue can be reproduced by posting values to the recs-Array (<input type="text" name="recs[test]" value="" />) with and without a leading 0 ('1.2000' and '01.2000' causes the misbehavior too).
(issue imported from #M6718)
Files
Updated by 
Updated by 
Updated by 
Updated by
Actions