Index: t3lib/class.t3lib_beuserauth.php =================================================================== --- t3lib/class.t3lib_beuserauth.php (Revision 6942) +++ t3lib/class.t3lib_beuserauth.php (Arbeitskopie) @@ -365,50 +365,6 @@ } /** - * VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS. - * This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser... - * - * @return string - */ - function veriCode() { - return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10); - } - - - /** - * The session_id is used to find user in the database. - * Two tables are joined: The session-table with user_id of the session and the usertable with its primary key - * if the client is flash (e.g. from a flash application inside TYPO3 that does a server request) - * then don't evaluate with the hashLockClause, as the client/browser is included in this hash - * and thus, the flash request would be rejected - * - * @return DB result object or false on error - * @access private - */ - protected function fetchUserSessionFromDB() { - if ($GLOBALS['CLIENT']['BROWSER'] == 'flash') { - // if on the flash client, the veri code is valid, then the user session is fetched - // from the DB without the hashLock clause - if (t3lib_div::_GP('vC') == $this->veriCode()) { - $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery( - '*', - $this->session_table.','.$this->user_table, - $this->session_table.'.ses_id = '.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, $this->session_table).' - AND '.$this->session_table.'.ses_name = '.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->name, $this->session_table).' - AND '.$this->session_table.'.ses_userid = '.$this->user_table.'.'.$this->userid_column.' - '.$this->ipLockClause().' - '.$this->user_where_clause() - ); - } else { - $dbres = false; - } - } else { - $dbres = parent::fetchUserSessionFromDB(); - } - return $dbres; - } - - /** * Determines whether a backend user is allowed to access the backend. * * The conditions are: