Project

General

Profile

Actions

Bug #34781

closed

t3lib_userauth->getAuthInfoArray calls TYPO3_DB->cleanIntList without string parameter

Added by Christian Finkemeier over 12 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2012-03-13
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

The same problem as i described in this bug: http://forge.typo3.org/issues/34780

The t3lib_userauth->getAuthInfoArray calls TYPO3_DB->cleanIntList without parameter being string...

Should be updated to something like this:

t3lib/class.t3lib_userauth.php: line 1282
$authInfo['db_user']['check_pid_clause'] = $this->checkPid ? ' AND pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList((string)$authInfo['db_user']['checkPidList']).')' : '';


Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #34780: tslib_fe->initFEuser uses TYPO3_DB->cleanIntList with empty valueClosed2012-03-13

Actions
Actions #1

Updated by Oliver Hader over 12 years ago

  • Status changed from New to Accepted
Actions #2

Updated by Christian Finkemeier almost 10 years ago

This issue is not patched already in TYPO3 4.5.39 (i don't know, if it has been patched in newer major versions).

File t3lib/class.t3lib_userauth.php had to be changed like this (line 1298-1299):

$authInfo['db_user']['checkPidList'] = $this->checkPid ? $this->checkPid_value : '';
$authInfo['db_user']['check_pid_clause'] = $this->checkPid ? ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')' : '';

if ($this->checkPid && ($this->checkPid_value || $this->checkPid_value === '0')) {
    $authInfo['db_user']['checkPidList'] = $this->checkPid_value;
    $authInfo['db_user']['check_pid_clause'] = ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($authInfo['db_user']['checkPidList']) . ')';
} else {
    $authInfo['db_user']['checkPidList'] = '';
    $authInfo['db_user']['check_pid_clause'] = '';
}
Actions #3

Updated by Alexander Opitz almost 10 years ago

  • Status changed from Accepted to Closed
  • Assignee deleted (Christian Finkemeier)
  • Target version deleted (4.5.13)
  • Is Regression set to No

Closing as duplicate of #34780

Actions

Also available in: Atom PDF