Bug #84991
closed
Accessing localhost/typo3 while being logged in shows a strange login form
100%
Description
This is due to a wrong condition in the LoginController.
A bit of history:
Before the new BE login API was introduced with v7 the condition in LoginController:checkRedirect wasif (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) { // do the redirect stuff
This condition was furthermore later documented in the phpdoc header of the function.
Over time this condition has been adjusted (falsely improved) multiple times, up until recently, where we got back toif (empty($this->getBackendUserAuthentication()->user['uid']) || (!($this->isLoginInProgress($request) || $this->loginRefresh))) { return; }
as a guard clause.
The only difference between the v6 and v9 code is the $this->interfaceSelector member.
While the condition worked correctly in v6 it does not work in v9.
The reason is hidden within $this->interfaceSelector, which was only set if $this->isLoginInProgress() == true.
So the v6 condition could actually be sort ofif (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->isLoginInProgress())) { // do the redirect stuff
making the second part of the conjunction always true.
Consequently, the condition is therefore only dependent on a BE user being present.
In contrast, the condition in v9 does not reflect this fact anymore as the $this->interfaceSelector part was removed while refactoring the code during v7 development.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by