From 1d5195c1eff555da1680c334dd99eb23e37e58c6 Mon Sep 17 00:00:00 2001 From: Markus Klein Date: Sat, 13 May 2023 00:09:30 +0200 Subject: [PATCH] [BUGFIX] Ensure BE_USER uid is always used as int MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix some left-over places where an int-cast is possibly necessary to avoid PHP warnings. Resolves: #100866 Releases: main, 12.4, 11.5 Change-Id: If9111e0c2e2de8c90a94202cf518abdbe8c987fb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78984 Tested-by: Stefan Bürk Tested-by: core-ci Reviewed-by: Stefan Bürk --- typo3/sysext/core/Classes/DataHandling/DataHandler.php | 4 ++-- .../impexp/Classes/Domain/Repository/PresetRepository.php | 6 +++--- typo3/sysext/redirects/Classes/Service/SlugService.php | 2 +- .../setup/Classes/Controller/SetupModuleController.php | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/typo3/sysext/core/Classes/DataHandling/DataHandler.php b/typo3/sysext/core/Classes/DataHandling/DataHandler.php index e164390f11ad..8c44eca99eb5 100644 --- a/typo3/sysext/core/Classes/DataHandling/DataHandler.php +++ b/typo3/sysext/core/Classes/DataHandling/DataHandler.php @@ -633,7 +633,7 @@ public function start($data, $cmd, $altUserObject = null) { // Initializing BE_USER $this->BE_USER = is_object($altUserObject) ? $altUserObject : $GLOBALS['BE_USER']; - $this->userid = $this->BE_USER->user['uid'] ?? 0; + $this->userid = (int)($this->BE_USER->user['uid'] ?? 0); $this->admin = $this->BE_USER->user['admin'] ?? false; // set correlation id for each new set of data or commands @@ -7911,7 +7911,7 @@ protected function getRecordHistoryStore(): RecordHistoryStore return GeneralUtility::makeInstance( RecordHistoryStore::class, RecordHistoryStore::USER_BACKEND, - $this->BE_USER->user['uid'], + (int)$this->BE_USER->user['uid'], (int)$this->BE_USER->getOriginalUserIdWhenInSwitchUserMode(), $GLOBALS['EXEC_TIME'], $this->BE_USER->workspace diff --git a/typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php b/typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php index 9ca083beeb5c..4f2c2aa7b6de 100644 --- a/typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php +++ b/typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php @@ -73,7 +73,7 @@ public function getPresets(int $pageId): array while ($presetCfg = $presets->fetchAssociative()) { $options[$presetCfg['uid']] = $presetCfg['title'] . ' [' . $presetCfg['uid'] . ']' . ($presetCfg['public'] ? ' [Public]' : '') - . ($presetCfg['user_uid'] === $backendUser->user['uid'] ? ' [Own]' : ''); + . ((int)$presetCfg['user_uid'] === (int)$backendUser->user['uid'] ? ' [Own]' : ''); } return $options; } @@ -105,7 +105,7 @@ public function updatePreset(int $uid, array $data): void { $backendUser = $this->getBackendUser(); $preset = $this->getPreset($uid); - if (!($backendUser->isAdmin() || $preset['user_uid'] === $backendUser->user['uid'])) { + if (!($backendUser->isAdmin() || (int)$preset['user_uid'] === (int)$backendUser->user['uid'])) { throw new InsufficientUserPermissionsException( 'ERROR: You were not the owner of the preset so you could not delete it.', 1604584766 @@ -151,7 +151,7 @@ public function deletePreset(int $uid): void { $backendUser = $this->getBackendUser(); $preset = $this->getPreset($uid); - if (!($backendUser->isAdmin() || $preset['user_uid'] === $backendUser->user['uid'])) { + if (!($backendUser->isAdmin() || (int)$preset['user_uid'] === (int)$backendUser->user['uid'])) { throw new InsufficientUserPermissionsException( 'ERROR: You were not the owner of the preset so you could not delete it.', 1604564346 diff --git a/typo3/sysext/redirects/Classes/Service/SlugService.php b/typo3/sysext/redirects/Classes/Service/SlugService.php index fcb41e4b968f..449ff5d93913 100644 --- a/typo3/sysext/redirects/Classes/Service/SlugService.php +++ b/typo3/sysext/redirects/Classes/Service/SlugService.php @@ -353,7 +353,7 @@ protected function getRecordHistoryStore(): RecordHistoryStore return GeneralUtility::makeInstance( RecordHistoryStore::class, RecordHistoryStore::USER_BACKEND, - $backendUser->user['uid'], + (int)$backendUser->user['uid'], (int)$backendUser->getOriginalUserIdWhenInSwitchUserMode(), $this->context->getPropertyFromAspect('date', 'timestamp'), $backendUser->workspace diff --git a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php index eb00dfed18df..9a00273384ea 100644 --- a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php +++ b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php @@ -184,7 +184,7 @@ protected function storeIncomingData(ServerRequestInterface $request): void $d = $postData['data'] ?? null; $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns']; $backendUser = $this->getBackendUser(); - $beUserId = $backendUser->user['uid']; + $beUserId = (int)$backendUser->user['uid']; $storeRec = []; $doSaveData = false; $fieldList = $this->getFieldsFromShowItem(); @@ -519,7 +519,7 @@ class="form-check-input" case 'avatar': // Get current avatar image $html = ''; - $avatarFileUid = $this->getAvatarFileUid($backendUser->user['uid']); + $avatarFileUid = $this->getAvatarFileUid((int)$backendUser->user['uid']); if ($avatarFileUid) { $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);