Bug #40611
closed
Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry in logout.php
Added by Tobias Schaefer over 12 years ago.
Updated over 7 years ago.
Category:
Backend User Interface
Description
After updating from 4.4.15 to 4.5.19 I always get this error when the BE-session expires and I click on the Logout-button:
Fatal error: Call to undefined method t3lib_formprotection_DisabledFormProtection::removeSessionTokenFromRegistry() in /srv/www/libs/typo3_src-4.5.19/typo3/logout.php on line 73
- Status changed from New to Accepted
- Assignee set to Francois Suter
- Target version set to 4.5.20
- Complexity set to easy
Hi Tobias,
Looking at the source code, I found that the error is coming from the form protection factory selecting the wrong form protection class, because the session has already expired. Thus instead of getting an instance of "t3lib_formprotection_BackendFormProtection", it returns an instance of "t3lib_formprotection_DisabledFormProtection". Only the latter has method removeSessionTokenFromRegistry().
There are several ways this could be solved:
- add method removeSessionTokenFromRegistry() to t3lib_formprotection_Abstract class from which all others inherit, with a dummy implementation.
- in logout.php, add a check for the class returned by the factory method and invoke removeSessionTokenFromRegistry() only if the class is "t3lib_formprotection_BackendFormProtection"
- cleaner IMO, would be to define some more generic method like "logoutCleanup", which each form protection class could implement to perform its own cleanup, but that's a more important change of API and not appropriate to a bugfix.
I would favor method 1. I'll ask in the Core ML for opinions before making a patch.
Why not make logout() call this method:
/**
* Deletes the session token and persists the (empty) token.
*
* This function is intended to be called when a user logs on or off.
*
* @return void
*/
public function clean() {
unset($this->sessionToken);
$this->persistSessionToken();
}
which is already defined in the Abstract class, and have the Backendformprotection subclass override this method by also calling (interally) removeSessionTokenFromRegistry.
logout.php calling:
t3lib_formProtection_Factory::get()->removeSessionTokenFromRegistry();
doesn't really look right, because this method is not part of the abstract class (and get() returns a t3lib_formprotection_Abstract after all).
Thanks for your feedback Ernesto. Your suggestion sounds good. I'll take a look at it tomorrow hopefully.
Any news on that? Some bot triggers this error constantly on one of my sites running 4.5.22
- Assignee deleted (
Francois Suter)
Sorry, I never had the time to look at that again. I've been fully busy with documentation. I hope someone else can pick up this issue.
- Status changed from Accepted to Under Review
- Target version changed from 4.5.20 to next-patchlevel
- TYPO3 Version changed from 4.5 to 6.2
- Is Regression set to No
Valid for all versions (6.2, 6.1, 4.5)
Oliver Hader wrote:
Valid for all versions (6.2, 6.1, 4.5)
Since 6.2 when the session expires, the backend will show an overly with a login box, so you cannot press the logout button.
But I agree this should fixed in the code nontheless
- Target version changed from next-patchlevel to 7.4 (Backend)
abandoned the 4.5 patch. since the issue exists in 6.2 & master, the issue will not be closed, though.
- Status changed from Under Review to New
- Target version changed from 7.4 (Backend) to 7.5
- Status changed from New to Resolved
- Status changed from Resolved to Closed
Also available in: Atom
PDF