Bug #40611
closedCall to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry in logout.php
0%
Description
After updating from 4.4.15 to 4.5.19 I always get this error when the BE-session expires and I click on the Logout-button:
Fatal error: Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry() in /srv/www/libs/typo3_src-4.5.19/typo3/logout.php on line 73
Updated by Francois Suter over 12 years ago
- Status changed from New to Accepted
- Assignee set to Francois Suter
- Target version set to 4.5.20
- Complexity set to easy
Hi Tobias,
Looking at the source code, I found that the error is coming from the form protection factory selecting the wrong form protection class, because the session has already expired. Thus instead of getting an instance of "t3lib_formprotection_BackendFormProtection", it returns an instance of "t3lib_formprotection_DisabledFormProtection". Only the latter has method removeSessionTokenFromRegistry().
There are several ways this could be solved:
- add method removeSessionTokenFromRegistry() to t3lib_formprotection_Abstract class from which all others inherit, with a dummy implementation.
- in logout.php, add a check for the class returned by the factory method and invoke removeSessionTokenFromRegistry() only if the class is "t3lib_formprotection_BackendFormProtection"
- cleaner IMO, would be to define some more generic method like "logoutCleanup", which each form protection class could implement to perform its own cleanup, but that's a more important change of API and not appropriate to a bugfix.
I would favor method 1. I'll ask in the Core ML for opinions before making a patch.
Updated by Ernesto Baschny over 12 years ago
Why not make logout() call this method:
/**
* Deletes the session token and persists the (empty) token.
*
* This function is intended to be called when a user logs on or off.
*
* @return void
*/
public function clean() {
unset($this->sessionToken);
$this->persistSessionToken();
}
which is already defined in the Abstract class, and have the Backendformprotection subclass override this method by also calling (interally) removeSessionTokenFromRegistry.
logout.php calling:
t3lib_formProtection_Factory::get()->removeSessionTokenFromRegistry();
doesn't really look right, because this method is not part of the abstract class (and get() returns a t3lib_formprotection_Abstract after all).
Updated by Francois Suter over 12 years ago
Thanks for your feedback Ernesto. Your suggestion sounds good. I'll take a look at it tomorrow hopefully.
Updated by Andreas Kießling about 12 years ago
Any news on that? Some bot triggers this error constantly on one of my sites running 4.5.22
Updated by Francois Suter about 12 years ago
- Assignee deleted (
Francois Suter)
Sorry, I never had the time to look at that again. I've been fully busy with documentation. I hope someone else can pick up this issue.
Updated by Gerrit Code Review almost 11 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28295
Updated by Oliver Hader over 10 years ago
- Target version changed from 4.5.20 to next-patchlevel
- TYPO3 Version changed from 4.5 to 6.2
- Is Regression set to No
Valid for all versions (6.2, 6.1, 4.5)
Updated by Helmut Hummel over 10 years ago
Oliver Hader wrote:
Valid for all versions (6.2, 6.1, 4.5)
Since 6.2 when the session expires, the backend will show an overly with a login box, so you cannot press the logout button.
But I agree this should fixed in the code nontheless
Updated by Mathias Schreiber about 10 years ago
- Target version changed from next-patchlevel to 7.4 (Backend)
Updated by Christian Kuhn over 9 years ago
abandoned the 4.5 patch. since the issue exists in 6.2 & master, the issue will not be closed, though.
Updated by Christian Kuhn over 9 years ago
- Status changed from Under Review to New
Updated by Susanne Moog over 9 years ago
- Target version changed from 7.4 (Backend) to 7.5
Updated by Helmut Hummel over 9 years ago
- Status changed from New to Resolved
Resolved with https://review.typo3.org/#/c/41466/ in 6.2 and master
Updated by Riccardo De Contardi over 7 years ago
- Status changed from Resolved to Closed