Bug #91217
closedhmac-error due to different sorting in config
0%
Description
I have a case where I have the same array-keys and the same values but different sorting in the config-array.
Array original is this:
"config":{ .... "appearance":{ .... "enabledControls":{ "info":true, "new":true, "dragdrop":true, "sort":true, "hide":true, "delete":true, "localize":true, "0":"info", "1":"new", "2":"dragdrop", "3":"sort", "4":"hide", "5":"delete", "6":"localize" } .... } .... }
and after ajax-call on server-side its sorted like this:
"config":{ .... "appearance":{ .... "enabledControls":{ "0":"info", "1":"new", "2":"dragdrop", "3":"sort", "4":"hide", "5":"delete", "6":"localize", "info":true, "new":true, "dragdrop":true, "sort":true, "hide":true, "delete":true, "localize":true } .... } .... }
Therefore the hash-comparison fails and the form can't be used.
Attached extension adds a field in table news for content-elements. It can be found in tab "Extra". Clicking on one of both buttons is triggering the error.
Changing the method TYPO3\CMS\Backend\Form\Container\InlineControlContainer::render()
from:
$this->inlineData['config'][$nameObject] = [ 'table' => $foreign_table, 'md5' => md5($nameObject) ]; $this->inlineData['config'][$nameObject . '-' . $foreign_table] = [ 'min' => $config['minitems'], 'max' => $config['maxitems'], 'sortable' => $config['appearance']['useSortable'], 'top' => [ 'table' => $top['table'], 'uid' => $top['uid'] ], 'context' => [ 'config' => $config, 'hmac' => GeneralUtility::hmac(json_encode($config), 'InlineContext'), ], ];
to this:
$this->inlineData['config'][$nameObject] = [ 'table' => $foreign_table, 'md5' => md5($nameObject) ]; $configAltered = $config; if (isset($configAltered['appearance']['enabledControls'])) { $enabledControls = $configAltered['appearance']['enabledControls']; $tmpIntVals = []; $tmpStrVals = []; foreach ($enabledControls as $key => $enabledControl) { if (MathUtility::canBeInterpretedAsInteger($key)) { $tmpIntVals[$key] = $enabledControl; } else { $tmpStrVals[$key] = $enabledControl; } } $configAltered['appearance']['enabledControls'] = array_merge($tmpIntVals, $tmpStrVals); } $this->inlineData['config'][$nameObject . '-' . $foreign_table] = [ 'min' => $configAltered['minitems'], 'max' => $configAltered['maxitems'], 'sortable' => $configAltered['appearance']['useSortable'], 'top' => [ 'table' => $top['table'], 'uid' => $top['uid'] ], 'context' => [ 'config' => $configAltered, 'hmac' => GeneralUtility::hmac(json_encode($configAltered), 'InlineContext'), ], ];
... is sorting the concerned array in advance and the hashes are the same on client and server.
The code id neither nice, nor does it take other array-parts in consideration as I primary wanted to test if the calculated hashes are the same then.
Nevertheless together with the extension the fault can be reproduced and the code can serve as base for a solution.
BTW: the field in the extension is bidirectional and shows IRRE-functionality combined with select-dropdown.
Files
Updated by David Bruchmann almost 5 years ago
Question is if the values with integer-keys are redundant and could be removed completely?
If the integer-keys are NOT regarded as redundant, another question is if the array had to be sorted each time before creating or comparing the hashes.
In my case the sorting worked, question is if it's on every system sorted in the same kind.
As Operating System I used Windows 10 to discover and fix the bug.
Updated by Andreas Kienast almost 5 years ago
- Related to Bug #88094: Opening inline elements fails added
Updated by Andreas Kienast almost 5 years ago
Well, your TCA is not written as documented here: https://docs.typo3.org/m/typo3/reference-tca/master/en-us/ColumnsConfig/Type/Inline.html
enabledControls (array) Associative array with the keys ‘info’, ‘new’, ‘dragdrop’, ‘sort’, ‘hide’, ‘delete’, ‘localize’. If the accordant values are set to a boolean value (true or false), the control is shown or hidden in the header of each record.
Updated by Gerrit Code Review almost 5 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64334
Updated by Gerrit Code Review almost 5 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64334
Updated by Andreas Kienast almost 5 years ago
- Status changed from Under Review to Needs Feedback
Can you please tell us which TYPO3 version you are using exactly? The related issue #88094 should solve your issue and is included in 9.5.15.
Updated by David Bruchmann almost 5 years ago
@Andreas Otto †, thanks a lot about the hint concerning the new TYPO3 Version on Snap.
I updated to 9.5.16 and it's working well.
The issue can be closed.
Updated by Riccardo De Contardi almost 5 years ago
- Status changed from Needs Feedback to Closed
@David Bruchmann thank you for your reply, closing it.
If you think that this is the wrong decision or experience the issue again, please reopen it or ping me on Slack and I'll do.
Thank you