Bug #91217
closed
hmac-error due to different sorting in config
0%
Description
I have a case where I have the same array-keys and the same values but different sorting in the config-array.
Array original is this:
"config":{
....
"appearance":{
....
"enabledControls":{
"info":true,
"new":true,
"dragdrop":true,
"sort":true,
"hide":true,
"delete":true,
"localize":true,
"0":"info",
"1":"new",
"2":"dragdrop",
"3":"sort",
"4":"hide",
"5":"delete",
"6":"localize"
}
....
}
....
}
and after ajax-call on server-side its sorted like this:
"config":{
....
"appearance":{
....
"enabledControls":{
"0":"info",
"1":"new",
"2":"dragdrop",
"3":"sort",
"4":"hide",
"5":"delete",
"6":"localize",
"info":true,
"new":true,
"dragdrop":true,
"sort":true,
"hide":true,
"delete":true,
"localize":true
}
....
}
....
}
Therefore the hash-comparison fails and the form can't be used.
Attached extension adds a field in table news for content-elements. It can be found in tab "Extra". Clicking on one of both buttons is triggering the error.
Changing the method TYPO3\CMS\Backend\Form\Container\InlineControlContainer::render()
from:
$this->inlineData['config'][$nameObject] = [
'table' => $foreign_table,
'md5' => md5($nameObject)
];
$this->inlineData['config'][$nameObject . '-' . $foreign_table] = [
'min' => $config['minitems'],
'max' => $config['maxitems'],
'sortable' => $config['appearance']['useSortable'],
'top' => [
'table' => $top['table'],
'uid' => $top['uid']
],
'context' => [
'config' => $config,
'hmac' => GeneralUtility::hmac(json_encode($config), 'InlineContext'),
],
];
to this:
$this->inlineData['config'][$nameObject] = [
'table' => $foreign_table,
'md5' => md5($nameObject)
];
$configAltered = $config;
if (isset($configAltered['appearance']['enabledControls'])) {
$enabledControls = $configAltered['appearance']['enabledControls'];
$tmpIntVals = [];
$tmpStrVals = [];
foreach ($enabledControls as $key => $enabledControl) {
if (MathUtility::canBeInterpretedAsInteger($key)) {
$tmpIntVals[$key] = $enabledControl;
} else {
$tmpStrVals[$key] = $enabledControl;
}
}
$configAltered['appearance']['enabledControls'] = array_merge($tmpIntVals, $tmpStrVals);
}
$this->inlineData['config'][$nameObject . '-' . $foreign_table] = [
'min' => $configAltered['minitems'],
'max' => $configAltered['maxitems'],
'sortable' => $configAltered['appearance']['useSortable'],
'top' => [
'table' => $top['table'],
'uid' => $top['uid']
],
'context' => [
'config' => $configAltered,
'hmac' => GeneralUtility::hmac(json_encode($configAltered), 'InlineContext'),
],
];
... is sorting the concerned array in advance and the hashes are the same on client and server.
The code id neither nice, nor does it take other array-parts in consideration as I primary wanted to test if the calculated hashes are the same then.
Nevertheless together with the extension the fault can be reproduced and the code can serve as base for a solution.
BTW: the field in the extension is bidirectional and shows IRRE-functionality combined with select-dropdown.
Files
Updated by 
Updated by 
Updated by 
Updated by