Bug #40611

Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry in logout.php

Added by Tobias Schaefer about 8 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
Start date:
2012-09-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.2
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

After updating from 4.4.15 to 4.5.19 I always get this error when the BE-session expires and I click on the Logout-button:
Fatal error: Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry() in /srv/www/libs/typo3_src-4.5.19/typo3/logout.php on line 73


Related issues

Has duplicate TYPO3 Core - Bug #68220: Do not log out a logged out userClosed2015-07-16

Actions
#1

Updated by Francois Suter about 8 years ago

  • Status changed from New to Accepted
  • Assignee set to Francois Suter
  • Target version set to 4.5.20
  • Complexity set to easy

Hi Tobias,

Looking at the source code, I found that the error is coming from the form protection factory selecting the wrong form protection class, because the session has already expired. Thus instead of getting an instance of "t3lib_formprotection_BackendFormProtection", it returns an instance of "t3lib_formprotection_DisabledFormProtection". Only the latter has method removeSessionTokenFromRegistry().

There are several ways this could be solved:

  1. add method removeSessionTokenFromRegistry() to t3lib_formprotection_Abstract class from which all others inherit, with a dummy implementation.
  2. in logout.php, add a check for the class returned by the factory method and invoke removeSessionTokenFromRegistry() only if the class is "t3lib_formprotection_BackendFormProtection"
  3. cleaner IMO, would be to define some more generic method like "logoutCleanup", which each form protection class could implement to perform its own cleanup, but that's a more important change of API and not appropriate to a bugfix.

I would favor method 1. I'll ask in the Core ML for opinions before making a patch.

#2

Updated by Ernesto Baschny about 8 years ago

Why not make logout() call this method:

/**
 * Deletes the session token and persists the (empty) token.
 *
 * This function is intended to be called when a user logs on or off.
 *
 * @return void
*/
public function clean() {
unset($this->sessionToken);
$this->persistSessionToken();
}

which is already defined in the Abstract class, and have the Backendformprotection subclass override this method by also calling (interally) removeSessionTokenFromRegistry.

logout.php calling:

t3lib_formProtection_Factory::get()->removeSessionTokenFromRegistry();

doesn't really look right, because this method is not part of the abstract class (and get() returns a t3lib_formprotection_Abstract after all).

#3

Updated by Francois Suter about 8 years ago

Thanks for your feedback Ernesto. Your suggestion sounds good. I'll take a look at it tomorrow hopefully.

#4

Updated by Andreas Kiessling almost 8 years ago

Any news on that? Some bot triggers this error constantly on one of my sites running 4.5.22

#5

Updated by Francois Suter almost 8 years ago

  • Assignee deleted (Francois Suter)

Sorry, I never had the time to look at that again. I've been fully busy with documentation. I hope someone else can pick up this issue.

#6

Updated by Gerrit Code Review over 6 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28295

#7

Updated by Oliver Hader about 6 years ago

  • Target version changed from 4.5.20 to next-patchlevel
  • TYPO3 Version changed from 4.5 to 6.2
  • Is Regression set to No

Valid for all versions (6.2, 6.1, 4.5)

#8

Updated by Helmut Hummel about 6 years ago

Oliver Hader wrote:

Valid for all versions (6.2, 6.1, 4.5)

Since 6.2 when the session expires, the backend will show an overly with a login box, so you cannot press the logout button.

But I agree this should fixed in the code nontheless

#9

Updated by Mathias Schreiber almost 6 years ago

  • Target version changed from next-patchlevel to 7.4 (Backend)
#10

Updated by Christian Kuhn over 5 years ago

abandoned the 4.5 patch. since the issue exists in 6.2 & master, the issue will not be closed, though.

#11

Updated by Christian Kuhn over 5 years ago

  • Status changed from Under Review to New
#12

Updated by Susanne Moog over 5 years ago

  • Target version changed from 7.4 (Backend) to 7.5
#13

Updated by Helmut Hummel about 5 years ago

  • Status changed from New to Resolved

Resolved with https://review.typo3.org/#/c/41466/ in 6.2 and master

#14

Updated by Riccardo De Contardi about 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF