Skip to content
Snippets Groups Projects
Commit 420044e0 authored by Stefan Bürk's avatar Stefan Bürk
Browse files

[BUGFIX] Avoid executing anonymous function in Configuration Module 

Hook implementation are configured with the well known

    $GLOBAL['TYPO3_CONF_VARS']['SC_OPTIONS'][...][] = '';

syntax since ages. Directly defining an anonymous callback function
is undocumented and rarely used, but technical valid and supported
by the `GeneralUtility::callUserFunction()` method.

Due to the refactoring of the `ext:lowlevel` Configuration module
for the revamped TypoScript parser with TYPO3 v12 the code in the
`ConfigurationController` has been modified to do an array cast,
which triggers the execution of the function - which can lead to
some deep recursions and thus exceeding server resource limits.

Direct callback function should not be executed within the backend
Configuration module, which literally is a invalid execution of them.

Following code in a extension `ext_localconf.php` file will lead to
the resource limit issue:

    $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']
        ['tslib/index_ts.php']['preprocessRequest'][]
            = function($parameters, $parent) {};

This change modifies the `ConfigurationController->renderTree()` to
check if a value is a callable and display the information, and in
case of an anonymous function (`Closure::__invoke`) add additional
static information:

   Closure::__invoke (anonymous callback function: function() {})

Note: That does not make it obvious where the function is defined,
but it avoids calling these callback methods.

Resolves: #103813
Related: #99899
Releases: main, 12.4
Change-Id: I839d1668cf306100cf32af09ec9e24ad0120c43b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/84187


Reviewed-by: default avatarStefan Froemken <froemken@gmail.com>
Reviewed-by: default avatarTorben Hansen <derhansen@gmail.com>
Tested-by: default avatarTorben Hansen <derhansen@gmail.com>
Reviewed-by: default avatarNikita Hovratov <nikita.h@live.de>
Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarStefan Froemken <froemken@gmail.com>
Reviewed-by: default avatarStefan Bürk <stefan@buerk.tech>
Tested-by: default avatarNikita Hovratov <nikita.h@live.de>
Tested-by: default avatarStefan Bürk <stefan@buerk.tech>
parent 33a20162
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment