Project

General

Profile

Actions
Copy link

Bug #23253

closed

intExplode somehow returns comma-containing string values

Added by Björn Pedersen almost 14 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Ernesto Baschny
Category:
-
Target version:
-
Start date:
2010-07-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
4.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

An strange uncaugt exception error happens sometime during felogin.

We get the following error backtrace during login (see attached error.png).

Looking at the code, there should never be string values or commas in the meberGroups array.

/**
 * Creating where-clause for checking group access to elements in enableFields function
 *
 * @param    string        Field with group list
 * @param    string        Table name
 * @return    string        AND sql-clause
 * @see enableFields()
     */
    function getMultipleGroupsWhereClause($field, $table)    {
        $memberGroups = t3lib_div::intExplode(',',$GLOBALS['TSFE']->gr_list);
        $orChecks=array();
        $orChecks[]=$field.'=\'\'';    // If the field is empty, then OK
        $orChecks[]=$field.' IS NULL';    // If the field is NULL, then OK
        $orChecks[]=$field.'=\'0\'';    // If the field contsains zero, then OK
foreach($memberGroups as $value)    {
            $orChecks[] = $GLOBALS['TYPO3_DB']->listQuery($field, $value, $table);
        }
return ' AND ('.implode(' OR ',$orChecks).')';
    }

(issue imported from #M15211)

Files

Download all files
typo error.png (66.1 KB) typo error.png Administrator Admin, 2010-07-23 10:02
t3lib_db_listQuery.diff (524 Bytes) t3lib_db_listQuery.diff Administrator Admin, 2010-07-23 10:40
15211-v2.diff (2.44 KB) 15211-v2.diff Administrator Admin, 2010-07-24 08:54

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #22959: t3lib_db->listQuery() performanceClosedXavier Perseguers2010-06-22

Actions
Actions
Copy link
 #1

Updated by Björn Pedersen almost 14 years ago

A better look at the code gave an other idea:

we are passing numeric values to the strpos function, which expect strings.
if the value matches the charcode of ',', we get a false positive.

can be tested with the following in t3lib_DivTest.php:
/** * @test
*/
public function checkStrposWithIntegers() {

$testarray = array(ord(','),10,20);
        $checkarray = array(',',',',',');
        $expectedArray = array(false, false,false );
        $actualArray = array_map(strpos,$checkarray,$testarray);
$this->assertEquals($expectedArray, $actualArray);
    }
Actions
Copy link
 #2

Updated by Björn Pedersen almost 14 years ago

possible fixes:
1) run the value through stringval in t3lib_db->listquery if it is not a string
2) only pass strings to t3lib_db->listquery
3) check for comma only for strings.

my prefered solution would be 1.

the following testcase runs clean:

public function checkStrposWithIntegers2() {

$testarray = array(ord(','),10,20);
        $checkarray = array(',',',',',');
        $expectedArray = array(false, false,false );
        $testarray2=array_map(strval,$testarray);
        $actualArray = array_map(strpos,$checkarray,$testarray2);
$this->assertEquals($expectedArray, $actualArray);
    }
Actions
Copy link
 #3

Updated by Ernesto Baschny almost 14 years ago

Commited v2.diff to trunk (rev. 8259)

Actions
Copy link
 #4

Updated by Susanne Moog about 13 years ago

  • Target version deleted (4.5.0)
Actions
Copy link

Also available in: Atom PDF