Project

General

Profile

Actions

Bug #87903

closed

Backend users having bookmark/shortcut with empty returnUrl parameter cannot access backend

Added by Joerg Kummer about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2019-03-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

After upgrade from TYPO3 7.6 to 9.5.5, we had one backend user, which could not access to backend after successfull login.

Given

You have a backend user with at least one bookmark, which contains a uri with empty returnUrl parameter.

Expected

If you are logged in, you can see your bookmark (upper toolbar star icon) and open it on click.

Actual

If you are logged in, the rendering of backend breaks with a PHP TypeError.
You cannot see anything or act in backend.

Error message

parse_str() expects parameter 1 to be string, null given
…
in /Users/jok/Dev/Sites/typo3/cms/review/10/typo3/sysext/backend/Classes/Backend/Shortcut/ShortcutRepository.php line 741

How to Reproduce (both TYPO3 v9.5.5 and 10.0.0-dev)

Manipulate stored URl for any bookmark in database directly to have an empty returnUrl parameter in it…

Having a backend user, create a bookmark for example:

  • Go to WebList module
  • Select Root page
    
* Open your backend user for editing
  • Add this edit page to bookmark (Star at upper right corner)

Goto database table sys_be_shortcuts and change field url, that it contains an empty parameter &returnUrl=
for example
from:

/typo3/index.php?&route=record_edit&route=%2Frecord%2Fedit&returnUrl=%2Ftypo3%2Findex.php%3Froute%3D%252Fweb%252Flist%252F%26token%3D407860fa493b86d79f3c738efdc762ccc71bf3d8%26id%3D0%26table%3D%26imagemode%3D1&edit%5Bbe_users%5D%5B1%5D=edit

to:

/typo3/index.php?&route=record_edit&route=%2Frecord%2Fedit&returnUrl=&edit%5Bbe_users%5D%5B1%5D=edit

Reload backend in your browser, and expect, that you will see PHP TypeError as described above



How to solve



The class typo3/sysext/backend/Classes/Backend/Shortcut/ShortcutRepository.php should be changed to ensure, that first argument in PHP method parse_uri() is a valid string.

I will append a patch for it.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #89533: parse_str() expects parameter 1 to be string, null given in typo3_src-9.5.10/typo3/sysext/backend/Classes/Backend/Shortcut/ShortcutRepository.php line 743Closed2019-10-29

Actions
Actions #1

Updated by Gerrit Code Review about 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60239

Actions #2

Updated by Gerrit Code Review about 5 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60239

Actions #3

Updated by Gerrit Code Review about 5 years ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60295

Actions #4

Updated by Joerg Kummer about 5 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #5

Updated by Benni Mack almost 5 years ago

  • Status changed from Resolved to Closed
Actions #6

Updated by Marcus Bieber over 4 years ago

  • Related to Bug #89533: parse_str() expects parameter 1 to be string, null given in typo3_src-9.5.10/typo3/sysext/backend/Classes/Backend/Shortcut/ShortcutRepository.php line 743 added
Actions

Also available in: Atom PDF