Project

General

Profile

Bug #102751

Updated by Sven Proffe 7 months ago

In TYPO3\CMS\Core\Authentication\AbstractUserAuthentication, line 919 reads (as of current main): 

 <pre><code class="php"> 
 if ($this->checkPid && $this->checkPid_value !== null) { 
 </code></pre> 

 As $this->checkPid_value $this->checkPid may be a string it may be empty, which is not checked. In that case TYPO3\CMS\Core\Authentication\AbstractAuthenticationService->fetchUserRecord() will end up with a corrupt SQL query containing a restriction like ... AND pid in ()... 

 So, I'd like to suggest to check for an empty string, as well. 
 <pre><code class="php"> 
 if ($this->checkPid && $this->checkPid_value !== null && $this->checkPid_value !== '') { 
 </code></pre>

Back