Bug #24858
closed
t3lib_div::fixed_lgd_cs() may crash when using tslib_eidtools::initFeUser()
100%
Description
When calling
tslib_eidtools::initFeUser
from a script that's called with an eID, under certain circumstances
t3lib_div::fixed_lgd_cs()
is being called. Since $GLOBALS['TSFE'] is nearly empty with eID, the method throws a fatal error because $GLOBALS['TSFE']->csConvObj and the method itself only checks for $GLOBALS['TSFE']:
} elseif (is_object($GLOBALS['TSFE'])) {
$charSet = ($GLOBALS['TSFE']->renderCharset != '' ? $GLOBALS['TSFE']->renderCharset : $GLOBALS['TSFE']->defaultCharSet);
return $GLOBALS['TSFE']->csConvObj->crop($charSet, $string, $chars, $appendString);
The fix is to check if $GLOBALS['TSFE']->csConvObj exists.
The fix is
( ! ) Fatal error: Call to a member function crop() on a non-object in /var/www/server-lokal/www.aida.de/cwe/t3lib/class.t3lib_div.php on line 593Call Stack
- Time Memory Function Location
1 0.0004 69180 {main}( ) ../index.php:0
2 0.0028 211796 require( '.../typo3/sysext/cms/tslib/index_ts.php' ) ../index.php:80
3 0.1474 7719484 require( '.../typo3conf/ext/example_auth/eid/example_auth_feusertest.php' ) ../index_ts.php:187
4 0.1478 7740672 tslib_eidtools::initFeUser( ) ../example_auth_feusertest.php:22
5 0.5667 13297496 tslib_fe->initFEuser( ) ../class.tslib_eidtools.php:82
6 0.5765 13789040 tslib_feUserAuth->start( ) ../class.tslib_fe.php:652
7 0.5765 13789064 t3lib_userAuth->start( ) ../class.tslib_feuserauth.php:156
8 0.5940 14324368 t3lib_userAuth->checkAuthentication( ) ../class.t3lib_userauth.php:256
9 8.2535 15933636 t3lib_div::arrayToLogString( array ('ses_id' => '9a78985273fa8c0247752134a9ee81f0', 'ses_name' => 'fe_typo_user', ...), array (0 => 'uid', 1 => 'username'), ? ) ../class.t3lib_userauth.php:568
10 8.2536 15936648 t3lib_div::fixed_lgd_cs( '1977', 20, ? ) ../class.t3lib_div.php:5663
(issue imported from #M17365)
Updated by Christian Weiske over 13 years ago
"certain circumstances" are when you POST a login form to that eID.
Updated by Oliver Hader over 13 years ago
Set version to 4.4.6 since this issue was not introduced with 4.5.0.
Updated by Christian Weiske over 13 years ago
The bug exists at least since 4.3.10
Updated by Christian Weiske over 13 years ago
4.3.0 has it, too:
https://svn.typo3.org/TYPO3v4/Core/tags/TYPO3_4-3-0/t3lib/class.t3lib_div.php
4.2.15 did it differently:
https://svn.typo3.org/TYPO3v4/Core/tags/TYPO3_4-2-15/t3lib/class.t3lib_div.php
if (is_object($GLOBALS['LANG'])) {
return $GLOBALS['LANG']->csConvObj->crop($GLOBALS['LANG']->charSet,$string,$chars,'...');
Updated by Mathias Schreiber over 9 years ago
- Description updated (diff)
- Target version changed from 0 to 7.2 (Frontend)
- Is Regression set to No
Updated by Benni Mack almost 9 years ago
- Target version changed from 7.2 (Frontend) to 7.4 (Backend)
Updated by Gerrit Code Review almost 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40498
Updated by Gerrit Code Review almost 9 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/40525
Updated by Benni Mack almost 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset e08e22625057276ee7f7434b3fc6f275c06c46c8.
Updated by Riccardo De Contardi over 6 years ago
- Status changed from Resolved to Closed