Project

General

Profile

Actions
Copy link

Bug #40611

closed

Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry in logout.php

Added by Tobias Schaefer over 11 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
7.5
Start date:
2012-09-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.2
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

After updating from 4.4.15 to 4.5.19 I always get this error when the BE-session expires and I click on the Logout-button:
Fatal error: Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry() in /srv/www/libs/typo3_src-4.5.19/typo3/logout.php on line 73

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #68220: Do not log out a logged out userClosed2015-07-16

Actions
Actions
Copy link
 #1

Updated by Francois Suter over 11 years ago

  • Status changed from New to Accepted
  • Assignee set to Francois Suter
  • Target version set to 4.5.20
  • Complexity set to easy

Hi Tobias,

Looking at the source code, I found that the error is coming from the form protection factory selecting the wrong form protection class, because the session has already expired. Thus instead of getting an instance of "t3lib_formprotection_BackendFormProtection", it returns an instance of "t3lib_formprotection_DisabledFormProtection". Only the latter has method removeSessionTokenFromRegistry().

There are several ways this could be solved:

  1. add method removeSessionTokenFromRegistry() to t3lib_formprotection_Abstract class from which all others inherit, with a dummy implementation.
  2. in logout.php, add a check for the class returned by the factory method and invoke removeSessionTokenFromRegistry() only if the class is "t3lib_formprotection_BackendFormProtection"
  3. cleaner IMO, would be to define some more generic method like "logoutCleanup", which each form protection class could implement to perform its own cleanup, but that's a more important change of API and not appropriate to a bugfix.

I would favor method 1. I'll ask in the Core ML for opinions before making a patch.

Actions
Copy link
 #2

Updated by Ernesto Baschny over 11 years ago

Why not make logout() call this method:

/**
 * Deletes the session token and persists the (empty) token.
 *
 * This function is intended to be called when a user logs on or off.
 *
 * @return void
         */
        public function clean() {
                unset($this->sessionToken);
                $this->persistSessionToken();
        }

which is already defined in the Abstract class, and have the Backendformprotection subclass override this method by also calling (interally) removeSessionTokenFromRegistry.

logout.php calling:

t3lib_formProtection_Factory::get()->removeSessionTokenFromRegistry();

doesn't really look right, because this method is not part of the abstract class (and get() returns a t3lib_formprotection_Abstract after all).

Actions
Copy link
 #3

Updated by Francois Suter over 11 years ago

Thanks for your feedback Ernesto. Your suggestion sounds good. I'll take a look at it tomorrow hopefully.

Actions
Copy link
 #4

Updated by Andreas Kiessling over 11 years ago

Any news on that? Some bot triggers this error constantly on one of my sites running 4.5.22

Actions
Copy link
 #5

Updated by Francois Suter over 11 years ago

  • Assignee deleted (Francois Suter)

Sorry, I never had the time to look at that again. I've been fully busy with documentation. I hope someone else can pick up this issue.

Actions
Copy link
 #6

Updated by Gerrit Code Review about 10 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28295

Actions
Copy link
 #7

Updated by Oliver Hader over 9 years ago

  • Target version changed from 4.5.20 to next-patchlevel
  • TYPO3 Version changed from 4.5 to 6.2
  • Is Regression set to No

Valid for all versions (6.2, 6.1, 4.5)

Actions
Copy link
 #8

Updated by Helmut Hummel over 9 years ago

Oliver Hader wrote:

Valid for all versions (6.2, 6.1, 4.5)

Since 6.2 when the session expires, the backend will show an overly with a login box, so you cannot press the logout button.

But I agree this should fixed in the code nontheless

Actions
Copy link
 #9

Updated by Mathias Schreiber over 9 years ago

  • Target version changed from next-patchlevel to 7.4 (Backend)
Actions
Copy link
 #10

Updated by Christian Kuhn almost 9 years ago

abandoned the 4.5 patch. since the issue exists in 6.2 & master, the issue will not be closed, though.

Actions
Copy link
 #11

Updated by Christian Kuhn almost 9 years ago

  • Status changed from Under Review to New
Actions
Copy link
 #12

Updated by Susanne Moog over 8 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions
Copy link
 #13

Updated by Helmut Hummel over 8 years ago

  • Status changed from New to Resolved

Resolved with https://review.typo3.org/#/c/41466/ in 6.2 and master

Actions
Copy link
 #14

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF