From 36fe8f1a669bab6d2aa3e9a537b0881293871313 Mon Sep 17 00:00:00 2001
From: Markus Klein <markus.klein@typo3.org>
Date: Thu, 17 Nov 2016 08:10:11 +0100
Subject: [PATCH] [FOLLOWUP][BUGFIX] Redirect BE user to login on invalid
 module/route token

Resolves: #69763
Releases: master, 7.6
Change-Id: Ib5ec7e26cadb51b972ff617f23121cebd490bdb5
Reviewed-on: https://review.typo3.org/50688
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
 typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php | 5 ++---
 typo3/sysext/backend/Classes/Http/RequestHandler.php     | 3 +--
 typo3/sysext/backend/Classes/Http/RouteDispatcher.php    | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php b/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
index f1019a0c635d..c92491ea4a81 100644
--- a/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
+++ b/typo3/sysext/backend/Classes/Http/AjaxRequestHandler.php
@@ -16,9 +16,8 @@ namespace TYPO3\CMS\Backend\Http;
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException;
 use TYPO3\CMS\Backend\Routing\Exception\ResourceNotFoundException;
-use TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException;
-use TYPO3\CMS\Backend\Routing\Route;
 use TYPO3\CMS\Core\Core\Bootstrap;
 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
 use TYPO3\CMS\Core\Http\RequestHandlerInterface;
@@ -151,7 +150,7 @@ class AjaxRequestHandler implements RequestHandlerInterface
      * @param ServerRequestInterface $request
      * @return ResponseInterface $response
      * @throws ResourceNotFoundException if no valid route was found
-     * @throws RouteNotFoundException if the request could not be verified
+     * @throws InvalidRequestTokenException if the request could not be verified
      */
     protected function dispatch(ServerRequestInterface $request)
     {
diff --git a/typo3/sysext/backend/Classes/Http/RequestHandler.php b/typo3/sysext/backend/Classes/Http/RequestHandler.php
index 3441d5f152f2..2508f5cebfe9 100644
--- a/typo3/sysext/backend/Classes/Http/RequestHandler.php
+++ b/typo3/sysext/backend/Classes/Http/RequestHandler.php
@@ -17,7 +17,6 @@ namespace TYPO3\CMS\Backend\Http;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException;
-use TYPO3\CMS\Backend\Routing\Exception\RouteNotFoundException;
 use TYPO3\CMS\Core\Core\Bootstrap;
 use TYPO3\CMS\Core\Http\RequestHandlerInterface;
 use TYPO3\CMS\Core\Http\Response;
@@ -129,7 +128,7 @@ class RequestHandler implements RequestHandlerInterface
      *
      * @param ServerRequestInterface $request
      * @return ResponseInterface
-     * @throws RouteNotFoundException when no route is registered
+     * @throws InvalidRequestTokenException if the request could not be verified
      * @throws \InvalidArgumentException when a route is found but the target of the route cannot be called
      */
     protected function dispatch($request)
diff --git a/typo3/sysext/backend/Classes/Http/RouteDispatcher.php b/typo3/sysext/backend/Classes/Http/RouteDispatcher.php
index 19db8cb04a1e..66a32b8a11b1 100644
--- a/typo3/sysext/backend/Classes/Http/RouteDispatcher.php
+++ b/typo3/sysext/backend/Classes/Http/RouteDispatcher.php
@@ -35,7 +35,7 @@ class RouteDispatcher extends Dispatcher implements DispatcherInterface
      * @param ServerRequestInterface $request the current server request
      * @param ResponseInterface $response the prepared response
      * @return ResponseInterface the filled response by the callable / controller/action
-     * @throws RouteNotFoundException if the route was not found
+     * @throws InvalidRequestTokenException if the route was not found
      * @throws \InvalidArgumentException if the defined target for the route is invalid
      */
     public function dispatch(ServerRequestInterface $request, ResponseInterface $response)
-- 
GitLab