[TYPO3-core] RFC: #7189: Bugfix: Processing of loginSecurityLevel in t3lib_userauth
Steffen Ritter
info at rs-websystems.de
Thu Jan 17 13:26:49 CET 2008
Steffen Kamper schrieb:
> "Steffen Ritter" <info at rs-websystems.de> schrieb im Newsbeitrag
> news:mailman.1.1200570989.23586.typo3-team-core at lists.netfielders.de...
>> This is an SVN patch request.
>>
>> Type: Bugfix
>>
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=7189
>>
>> Branches:
>> trunk
>>
>> Problem:
>> t3lib_userauth::start() does not set t3_lib_userauth::security_level
>> depending on a change of $TYPO3_CONF_VARS[FE/BE]['loginsecurityLevel']
>> but t3lib_userauth::processLoginData() changes the array of loginData
>> based upon this information.
>> Due to this, Frontend Login with challenged oder superchallenged mode is
>> not possible, because $loginData['uident'] becomes cleared.
>>
>> Solution:
>> adding:
>> if ( $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] ) {
>> $this->security_level =
>> $TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'];
>> }
>>
>> to t3lib_userauth::start();
>>
>>
>> Notes:
>> Se Patch attached
>>
>> Greetings
>>
>> Steffen
>
> Hi Steffen,
>
> in general i agree. but you have to account for prior settings, see comment
> above:
> // set level to normal if not already set
>
> in this case you overwrite it.
>
> vg Steffen
>
>
Yes you're right. I did not think of this.
Hardcoded it's set to normal. (Line 135).
So
// set level to normal if not already set
$this->security_level = $this->security_level ? $this->security_level :
'normal';
does not have any effect.
But you're right, the value can't be overwritten without cecking...
Probably wie should change my if statement and ask
if ( ($this->security_level=='normal')
&&$TYPO3_CONF_VARS[$this->loginType]['loginSecurityLevel'] )
which would have the effect, that the value only is written over if was
not modified before.
Greetings
More information about the TYPO3-team-core
mailing list