Project

General

Profile

Task #104588

Updated by Jannis Bell 4 months ago

This is a followup to this Ticket 
 https://forge.typo3.org/issues/104509 

 This Tickets addition (to the prior) 
 a) the function still allows for Static calls 
 b) More Files that allow these bugs 
 -------------------- 
 a) 
 I tested the scopes with this 
 <pre><code class="php"> 
 //    /test.php 
 <?php 

 class Test 
 { 
     public function __construct() { 
         require __DIR__."/test2.php"; 

         $require = function ($file) { require $file; }; 
         $require(__DIR__."/test2.php"); 

         $require = static function ($file) { require $file; }; 
         $require(__DIR__."/test2.php"); 

         self::requireFile(__DIR__."/test2.php"); 

         requireFile(__DIR__."/test2.php"); 
     } 

     private function objectTest() 
     { 
         echo 'access to Object-Context is happening'. PHP_EOL; 
     } 

     protected static function staticTest() 
     { 
         echo 'access to Static-Context is happening' . PHP_EOL; 
     } 

     private static function requireFile(string $string) 
     { 
         require $string; 
     } 
 } 

 function requireFile($file) 
 { 
     require $file; 
 } 

 new Test(); 

 // /test2.php 
 <?php 
 self::staticTest(); 
 $this->objectTest(); 
 </code></pre> 

 Results:  
 require ... ;. . . . . . . . . . . . . . . . . . . . Local vars, $this and self:: accessible 
 $require = function () { ... }; . . . . . $this and self:: accessible 
 $require = static function (); . . . . self::    accessible 
 self::requireFile() ; . . . . . . . . . . . . .self::    accessible 
 (global) function require() . . . . . nothing accessible 

 Thus a new global function require should be used to include these files 
 <pre><code class="php"> 
 function requireFile(string $filepath): mixed 
 { 
     return require $filepath; 
 } 
 </code></pre> 


 b)  
 Files where this is happening:  
 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Package/AbstractServiceProvider.php 
 (from the last Ticket:)    AbstractServiceProvider  
 Lines: 74, 93, 105, 131, 155, 172 

 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/dashboard/Classes/ServiceProvider.php 
 (from the last Ticket:) Dashboard/.../ServiceProvider 
 Lines: 141, 161, 180 

 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/ExpressionLanguage/ProviderConfigurationLoader.php#L58 
 ProviderConfigurationLoader Line 58 requires Configuration/ExpressionLanguage.php 

 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/extbase/Classes/Persistence/ClassesConfigurationFactory.php#L48 
 ClassesConfigurationFactory Line 48 requires Configuration/Extbase/Persistence/Classes.php 

 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/backend/Classes/CodeEditor/CodeEditor.php#L113 
 backend/.../CodeEditor Lines 113 and 121 require Configuration/Backend/T3editor/ Modes.php and Addons.php 

 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Configuration/Tca/TcaFactory.php#L122 
 TcaFactory Lines 122 and 156 require the TCA files 

 ext_tables.php is loaded multiple times. 
 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/install/Classes/Service/LoadTcaService.php#L68 
 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Configuration/Extension/ExtTablesFactory.php#L99 
 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/install/Classes/Controller/UpgradeController.php#L1247     (?) 

 ext_localconf.php  
 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/core/Classes/Configuration/Extension/ExtLocalconfFactory.php#L100 
 https://github.com/TYPO3/typo3/blob/main/typo3/sysext/install/Classes/Controller/UpgradeController.php#L1235 

 These are just the ones I found. (there might be more) 
 Christian Kuhn wrote that these should be done in several patches 
 https://review.typo3.org/c/Packages/TYPO3.CMS/+/85501/comments/3627cbf2_5c83c3a4 

 thx for your work

Back