diff --git a/typo3/sysext/backend/Classes/Controller/BackendController.php b/typo3/sysext/backend/Classes/Controller/BackendController.php
index 37f9cf00ff0c0a12e1b38bd2c4d6368f615f32cf..f2730773e2634b23921f2dda2679c864e545cc10 100644
--- a/typo3/sysext/backend/Classes/Controller/BackendController.php
+++ b/typo3/sysext/backend/Classes/Controller/BackendController.php
@@ -263,7 +263,7 @@ class BackendController
$view = $this->getFluidTemplateObject($this->templatePath . 'Backend/Main.html');
// Extension Configuration to find the TYPO3 logo in the left corner
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend']);
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend'], ['allowed_classes' => false]);
$logoPath = '';
if (!empty($extConf['backendLogo'])) {
$customBackendLogo = GeneralUtility::getFileAbsFileName($extConf['backendLogo']);
diff --git a/typo3/sysext/backend/Classes/Controller/LoginController.php b/typo3/sysext/backend/Classes/Controller/LoginController.php
index 4923a2e537475a5fd6d8665f18375b4b85952ba9..8172309f81f7e98b794c93b26dcc848066ed6c38 100644
--- a/typo3/sysext/backend/Classes/Controller/LoginController.php
+++ b/typo3/sysext/backend/Classes/Controller/LoginController.php
@@ -159,7 +159,7 @@ class LoginController
$this->checkRedirect();
// Extension Configuration
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend']);
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['backend'], ['allowed_classes' => false]);
// Background Image
if (!empty($extConf['loginBackgroundImage'])) {
diff --git a/typo3/sysext/compatibility7/Classes/Controller/SearchFormController.php b/typo3/sysext/compatibility7/Classes/Controller/SearchFormController.php
index 5144c08769c6e5e1d85dfd719ba43c7bd5b45bfe..783cf520f3cf8dd505e5b12fcbec17d754af1b64 100755
--- a/typo3/sysext/compatibility7/Classes/Controller/SearchFormController.php
+++ b/typo3/sysext/compatibility7/Classes/Controller/SearchFormController.php
@@ -216,7 +216,7 @@ class SearchFormController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
public function initialize()
{
// Indexer configuration from Extension Manager interface:
- $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
$this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
$this->storeMetaphoneInfoAsWords = !\TYPO3\CMS\IndexedSearch\Utility\IndexedSearchUtility::isTableUsed('index_words');
$this->timeTracker = GeneralUtility::makeInstance(TimeTracker::class);
diff --git a/typo3/sysext/css_styled_content/Configuration/TCA/Overrides/pages.php b/typo3/sysext/css_styled_content/Configuration/TCA/Overrides/pages.php
index 739e7fdf941b732b4ed6325ec858464bb0048653..08bfb6848d5346831794c4b66955af5f700fd7d7 100644
--- a/typo3/sysext/css_styled_content/Configuration/TCA/Overrides/pages.php
+++ b/typo3/sysext/css_styled_content/Configuration/TCA/Overrides/pages.php
@@ -1,18 +1,14 @@
<?php
defined('TYPO3_MODE') or die();
-call_user_func(
- function ($extKey) {
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
-
- if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
- // Add pageTSconfig
- \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
- $extKey,
- 'Configuration/PageTSconfig/NewContentElementWizard.ts',
- 'CSS-based Content Elements'
- );
- }
- },
- 'css_styled_content'
-);
+call_user_func(function () {
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['css_styled_content'], ['allowed_classes' => false]);
+ if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
+ // Add pageTSconfig
+ \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
+ 'css_styled_content',
+ 'Configuration/PageTSconfig/NewContentElementWizard.ts',
+ 'CSS-based Content Elements'
+ );
+ }
+});
diff --git a/typo3/sysext/css_styled_content/ext_localconf.php b/typo3/sysext/css_styled_content/ext_localconf.php
index 0018f5623d9b42a5efc185effac9c986ad6f5e97..79a5863aac5cde2203b9bfac4a648cf57082747e 100644
--- a/typo3/sysext/css_styled_content/ext_localconf.php
+++ b/typo3/sysext/css_styled_content/ext_localconf.php
@@ -23,24 +23,21 @@ $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['cms/layout/class.tx_cms_layout.php'][
\TYPO3\CMS\CssStyledContent\Hooks\PageLayoutView\TextPreviewRenderer::class;
if (TYPO3_MODE === 'BE') {
- call_user_func(
- function ($extKey) {
- // Get the extension configuration
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
-
- if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
- // Include new content elements to modWizards
- \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:css_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
- }
-
- $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
- $dispatcher->connect(
- \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
- 'afterExtensionConfigurationWrite',
- \TYPO3\CMS\CssStyledContent\Hooks\TcaCacheClearing::class,
- 'clearTcaCache'
- );
- },
- $_EXTKEY
- );
+ call_user_func(function () {
+ // Get the extension configuration
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['css_styled_content'], ['allowed_classes' => false]);
+
+ if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
+ // Include new content elements to modWizards
+ \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:css_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
+ }
+
+ $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
+ $dispatcher->connect(
+ \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
+ 'afterExtensionConfigurationWrite',
+ \TYPO3\CMS\CssStyledContent\Hooks\TcaCacheClearing::class,
+ 'clearTcaCache'
+ );
+ });
}
diff --git a/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php b/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
index f1bada85f3b51604ebd7e409c6d59abbfab480dc..0c8b92b516e3162ac656ca7c5b44c808e0206a52 100644
--- a/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
+++ b/typo3/sysext/dbal/Classes/Database/DatabaseConnection.php
@@ -2564,7 +2564,7 @@ class DatabaseConnection extends \TYPO3\CMS\Core\Database\DatabaseConnection
*/
public function sql_query($query)
{
- $globalConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['dbal']);
+ $globalConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['dbal'], ['allowed_classes' => false]);
if ($globalConfig['sql_query.']['passthrough']) {
return parent::sql_query($query);
}
diff --git a/typo3/sysext/extensionmanager/Classes/Utility/ConfigurationUtility.php b/typo3/sysext/extensionmanager/Classes/Utility/ConfigurationUtility.php
index 0c2e0dfbb9baa1592a14e90ff868986f44f0a357..c6ae97aa36311929790b06e408a971f4b4b7f295 100644
--- a/typo3/sysext/extensionmanager/Classes/Utility/ConfigurationUtility.php
+++ b/typo3/sysext/extensionmanager/Classes/Utility/ConfigurationUtility.php
@@ -79,7 +79,8 @@ class ConfigurationUtility implements \TYPO3\CMS\Core\SingletonInterface
public function getCurrentConfiguration($extensionKey)
{
$mergedConfiguration = $this->getDefaultConfigurationFromExtConfTemplateAsValuedArray($extensionKey);
- $currentExtensionConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extensionKey]);
+ // No objects allowed in extConf at all - it is safe to deny that during unserialize()
+ $currentExtensionConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extensionKey], ['allowed_classes' => false]);
$currentExtensionConfig = is_array($currentExtensionConfig) ? $currentExtensionConfig : array();
$currentExtensionConfig = $this->convertNestedToValuedConfiguration($currentExtensionConfig);
\TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule(
diff --git a/typo3/sysext/extensionmanager/ext_localconf.php b/typo3/sysext/extensionmanager/ext_localconf.php
index f38c6bb4d5b12c79fcc1a2859b426eb48cb43016..8ab4e256e4ef25915966fe71b191b76dbf25156e 100644
--- a/typo3/sysext/extensionmanager/ext_localconf.php
+++ b/typo3/sysext/extensionmanager/ext_localconf.php
@@ -2,7 +2,7 @@
defined('TYPO3_MODE') or die();
// Register extension list update task
-$_EXTCONF = unserialize($_EXTCONF);
+$_EXTCONF = unserialize($_EXTCONF, ['allowed_classes' => false]);
if (empty($_EXTCONF['offlineMode'])) {
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks'][\TYPO3\CMS\Extensionmanager\Task\UpdateExtensionListTask::class] = array(
'extension' => $_EXTKEY,
diff --git a/typo3/sysext/fluid_styled_content/Configuration/TCA/Overrides/pages.php b/typo3/sysext/fluid_styled_content/Configuration/TCA/Overrides/pages.php
index 859ea0f700ee3a2f931facdf943bfeaf710fa278..d75617374801da906608b7628643d4b41ee68f29 100644
--- a/typo3/sysext/fluid_styled_content/Configuration/TCA/Overrides/pages.php
+++ b/typo3/sysext/fluid_styled_content/Configuration/TCA/Overrides/pages.php
@@ -1,18 +1,14 @@
<?php
defined('TYPO3_MODE') or die();
-call_user_func(
- function ($extKey) {
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
-
- if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
- // Add pageTSconfig
- \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
- $extKey,
- 'Configuration/PageTSconfig/NewContentElementWizard.ts',
- 'Fluid-based Content Elements'
- );
- }
- },
- 'fluid_styled_content'
-);
+call_user_func(function () {
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['fluid_styled_content'], ['allowed_classes' => false]);
+ if (isset($extConf['loadContentElementWizardTsConfig']) && (int)$extConf['loadContentElementWizardTsConfig'] === 0) {
+ // Add pageTSconfig
+ \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::registerPageTSConfigFile(
+ 'fluid_styled_content',
+ 'Configuration/PageTSconfig/NewContentElementWizard.ts',
+ 'Fluid-based Content Elements'
+ );
+ }
+});
diff --git a/typo3/sysext/fluid_styled_content/ext_localconf.php b/typo3/sysext/fluid_styled_content/ext_localconf.php
index 272b8b7e160801f0426635357ccc78e581087b03..7cca6aed3e9a5850bbca5f56812ba7b223b51bdf 100644
--- a/typo3/sysext/fluid_styled_content/ext_localconf.php
+++ b/typo3/sysext/fluid_styled_content/ext_localconf.php
@@ -8,24 +8,21 @@ $GLOBALS['TYPO3_CONF_VARS']['FE']['contentRenderingTemplates'][] = 'fluidstyledc
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['cms/layout/class.tx_cms_layout.php']['tt_content_drawItem']['textmedia'] = \TYPO3\CMS\FluidStyledContent\Hooks\TextmediaPreviewRenderer::class;
if (TYPO3_MODE === 'BE') {
- call_user_func(
- function ($extKey) {
- // Get the extension configuration
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf'][$extKey]);
+ call_user_func(function () {
+ // Get the extension configuration
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['fluid_styled_content'], ['allowed_classes' => false]);
- if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
- // Include new content elements to modWizards
- \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:fluid_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
- }
+ if (!isset($extConf['loadContentElementWizardTsConfig']) || (int)$extConf['loadContentElementWizardTsConfig'] === 1) {
+ // Include new content elements to modWizards
+ \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:fluid_styled_content/Configuration/PageTSconfig/NewContentElementWizard.ts">');
+ }
- $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
- $dispatcher->connect(
- \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
- 'afterExtensionConfigurationWrite',
- \TYPO3\CMS\FluidStyledContent\Hooks\TcaCacheClearing::class,
- 'clearTcaCache'
- );
- },
- $_EXTKEY
- );
+ $dispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
+ $dispatcher->connect(
+ \TYPO3\CMS\Extensionmanager\Controller\ConfigurationController::class,
+ 'afterExtensionConfigurationWrite',
+ \TYPO3\CMS\FluidStyledContent\Hooks\TcaCacheClearing::class,
+ 'clearTcaCache'
+ );
+ });
}
diff --git a/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php b/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
index 033050573e6b537794b0431fccbe36557dcca369..30643ffbc43e085f05c9a60f0b699f721ee95636 100644
--- a/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
+++ b/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
@@ -151,7 +151,7 @@ class AdministrationController extends ActionController
public function initializeAction()
{
$this->pageUid = (int)GeneralUtility::_GET('id');
- $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
$this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
$this->indexer = GeneralUtility::makeInstance(Indexer::class);
diff --git a/typo3/sysext/indexed_search/Classes/Controller/SearchController.php b/typo3/sysext/indexed_search/Classes/Controller/SearchController.php
index 2e75a46f6515cca2aa2be3b3f87670441ffb1085..671b0103638441543a5dcfea849e31d7550ba365 100644
--- a/typo3/sysext/indexed_search/Classes/Controller/SearchController.php
+++ b/typo3/sysext/indexed_search/Classes/Controller/SearchController.php
@@ -175,7 +175,7 @@ class SearchController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionControlle
$searchData = array_merge($this->settings['defaultOptions'], $searchData);
}
// Indexer configuration from Extension Manager interface:
- $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
$this->enableMetaphoneSearch = (bool)$this->indexerConfig['enableMetaphoneSearch'];
$this->initializeExternalParsers();
// If "_sections" is set, this value overrides any existing value.
diff --git a/typo3/sysext/indexed_search/Classes/FileContentParser.php b/typo3/sysext/indexed_search/Classes/FileContentParser.php
index 9cc7be2cc19db9f820dafaf6fb59e34a3adbfa7e..87978ae3ae9773421aee4960cca837a71bc7c629 100644
--- a/typo3/sysext/indexed_search/Classes/FileContentParser.php
+++ b/typo3/sysext/indexed_search/Classes/FileContentParser.php
@@ -76,7 +76,7 @@ class FileContentParser
public function initParser($extension)
{
// Then read indexer-config and set if appropriate:
- $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
// If windows, apply extension to tool name:
$exe = TYPO3_OS == 'WIN' ? '.exe' : '';
// lg
@@ -288,7 +288,7 @@ class FileContentParser
public function searchTypeMediaTitle($extension)
{
// Read indexer-config
- $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
// Ignore extensions
$ignoreExtensions = GeneralUtility::trimExplode(',', strtolower($indexerConfig['ignoreExtensions']), true);
if (in_array($extension, $ignoreExtensions)) {
diff --git a/typo3/sysext/indexed_search/Classes/Indexer.php b/typo3/sysext/indexed_search/Classes/Indexer.php
index e4b09284df7858e3c5bd4e997e5e3ff4eff1e332..4749ed2b8d10ca3bc3a57e3991f026acc6a997fc 100644
--- a/typo3/sysext/indexed_search/Classes/Indexer.php
+++ b/typo3/sysext/indexed_search/Classes/Indexer.php
@@ -251,7 +251,7 @@ class Indexer
public function hook_indexContent(&$pObj)
{
// Indexer configuration from Extension Manager interface:
- $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
// Crawler activation:
// Requirements are that the crawler is loaded, a crawler session is running and re-indexing requested as processing instruction:
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('crawler') && $pObj->applicationData['tx_crawler']['running'] && in_array('tx_indexedsearch_reindex', $pObj->applicationData['tx_crawler']['parameters']['procInstructions'])) {
@@ -474,7 +474,7 @@ class Indexer
// Setting phash / phash_grouping which identifies the indexed page based on some of these variables:
$this->setT3Hashes();
// Indexer configuration from Extension Manager interface:
- $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search']);
+ $this->indexerConfig = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['indexed_search'], ['allowed_classes' => false]);
$this->tstamp_minAge = MathUtility::forceIntegerInRange($this->indexerConfig['minAge'] * 3600, 0);
$this->tstamp_maxAge = MathUtility::forceIntegerInRange($this->indexerConfig['maxAge'] * 3600, 0);
$this->maxExternalFiles = MathUtility::forceIntegerInRange($this->indexerConfig['maxExternalFiles'], 0, 1000, 5);
diff --git a/typo3/sysext/indexed_search/ext_localconf.php b/typo3/sysext/indexed_search/ext_localconf.php
index 20ece71edbbdb3ed5c7c96d1fc90eb6794dc7164..321ce16a27a3fa6929456ece0ce5212a2150b46d 100644
--- a/typo3/sysext/indexed_search/ext_localconf.php
+++ b/typo3/sysext/indexed_search/ext_localconf.php
@@ -45,7 +45,7 @@ $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['external_parsers'] = a
);
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['use_tables'] = 'index_phash,index_fulltext,index_rel,index_words,index_section,index_grlist,index_stat_search,index_stat_word,index_debug,index_config';
// unserializing the configuration so we can use it here:
-$_EXTCONF = unserialize($_EXTCONF);
+$_EXTCONF = unserialize($_EXTCONF, ['allowed_classes' => false]);
// Use the advanced doubleMetaphone parser instead of the internal one (usage of metaphone parsers is generally disabled by default)
if (isset($_EXTCONF['enableMetaphoneSearch']) && (int)$_EXTCONF['enableMetaphoneSearch'] == 2) {
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['metaphone'] = \TYPO3\CMS\IndexedSearch\Utility\DoubleMetaPhoneUtility::class;
diff --git a/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php b/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
index 5ac4ac8a0d1d691ebb68d34839ca5bfb7f579549..03d8f6e1f5e43ff4d78b58c6b2db57090105921b 100755
--- a/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
+++ b/typo3/sysext/install/Classes/Service/SilentConfigurationUpgradeService.php
@@ -98,7 +98,6 @@ class SilentConfigurationUpgradeService
{
$this->generateEncryptionKeyIfNeeded();
$this->configureBackendLoginSecurity();
- $this->configureSaltedPasswords();
$this->migrateImageProcessorSetting();
$this->transferHttpSettings();
$this->disableImageMagickDetailSettingsIfImageMagickIsDisabled();
@@ -154,43 +153,6 @@ class SilentConfigurationUpgradeService
}
}
- /**
- * Check the settings for salted passwords extension to load it as a required extension.
- * Unset obsolete configuration options if given.
- *
- * @return void
- */
- protected function configureSaltedPasswords()
- {
- $defaultConfiguration = $this->configurationManager->getDefaultConfiguration();
- $defaultExtensionConfiguration = unserialize($defaultConfiguration['EXT']['extConf']['saltedpasswords']);
- try {
- $extensionConfiguration = @unserialize($this->configurationManager->getLocalConfigurationValueByPath('EXT/extConf/saltedpasswords'));
- } catch (\RuntimeException $e) {
- $extensionConfiguration = [];
- }
- if (is_array($extensionConfiguration) && !empty($extensionConfiguration)) {
- if (isset($extensionConfiguration['BE.']['enabled'])) {
- if ($extensionConfiguration['BE.']['enabled']) {
- unset($extensionConfiguration['BE.']['enabled']);
- } else {
- $extensionConfiguration['BE.'] = $defaultExtensionConfiguration['BE.'];
- }
- $this->configurationManager->setLocalConfigurationValueByPath(
- 'EXT/extConf/saltedpasswords',
- serialize($extensionConfiguration)
- );
- $this->throwRedirectException();
- }
- } else {
- $this->configurationManager->setLocalConfigurationValueByPath(
- 'EXT/extConf/saltedpasswords',
- serialize($defaultExtensionConfiguration)
- );
- $this->throwRedirectException();
- }
- }
-
/**
* The encryption key is crucial for securing form tokens
* and the whole TYPO3 link rendering later on. A random key is set here in
diff --git a/typo3/sysext/install/Tests/Unit/Service/SilentConfigurationUpgradeServiceTest.php b/typo3/sysext/install/Tests/Unit/Service/SilentConfigurationUpgradeServiceTest.php
index 10bc6808890c7d728c08f48e97982ba83c155b08..359da5de869b5d5d6680150f5a5eadc388ce75a0 100644
--- a/typo3/sysext/install/Tests/Unit/Service/SilentConfigurationUpgradeServiceTest.php
+++ b/typo3/sysext/install/Tests/Unit/Service/SilentConfigurationUpgradeServiceTest.php
@@ -187,141 +187,6 @@ class SilentConfigurationUpgradeServiceTest extends \TYPO3\CMS\Core\Tests\UnitTe
$silentConfigurationUpgradeServiceInstance->_call('removeObsoleteLocalConfigurationSettings');
}
- /**
- * @test
- */
- public function configureSaltedPasswordsWithDefaultConfiguration()
- {
- /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
- $silentConfigurationUpgradeServiceInstance = $this->getAccessibleMock(
- SilentConfigurationUpgradeService::class,
- array('dummy'),
- array(),
- '',
- false
- );
- $config = 'a:2:{s:3:"BE.";a:3:{s:11:"forceSalted";i:0;s:15:"onlyAuthService";i:0;s:12:"updatePasswd";i:1;}s:3:"FE.";a:4:{s:7:"enabled";i:0;s:11:"forceSalted";i:0;s:15:"onlyAuthService";i:0;s:12:"updatePasswd";i:1;}}';
- $defaultConfiguration = array();
- $defaultConfiguration['EXT']['extConf']['saltedpasswords'] = $config;
-
- $closure = function () {
- throw new \RuntimeException('Path does not exist in array', 1341397869);
- };
-
- $this->createConfigurationManagerWithMockedMethods(
- array(
- 'getDefaultConfiguration',
- 'getLocalConfigurationValueByPath',
- 'setLocalConfigurationValueByPath',
- )
- );
- $this->configurationManager->expects($this->exactly(1))
- ->method('getDefaultConfiguration')
- ->will($this->returnValue($defaultConfiguration));
- $this->configurationManager->expects($this->exactly(1))
- ->method('getLocalConfigurationValueByPath')
- ->will($this->returnCallback($closure));
- $this->configurationManager->expects($this->once())
- ->method('setLocalConfigurationValueByPath')
- ->with($this->equalTo('EXT/extConf/saltedpasswords'), $this->equalTo($config));
-
- $this->expectException(RedirectException::class);
-
- $silentConfigurationUpgradeServiceInstance->_set('configurationManager', $this->configurationManager);
-
- $silentConfigurationUpgradeServiceInstance->_call('configureSaltedPasswords');
- }
-
- /**
- * @test
- */
- public function configureSaltedPasswordsWithExtensionConfigurationBeEnabled()
- {
- /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
- $silentConfigurationUpgradeServiceInstance = $this->getAccessibleMock(
- SilentConfigurationUpgradeService::class,
- array('dummy'),
- array(),
- '',
- false
- );
- $config = 'a:2:{s:3:"BE.";a:1:{s:21:"saltedPWHashingMethod";}s:3:"FE.";a:2:{s:7:"enabled";i:0;s:11:"forceSalted";i:0;}}';
- $defaultConfiguration = array();
- $defaultConfiguration['EXT']['extConf']['saltedpasswords'] = $config;
-
- $currentLocalConfiguration = array(
- array('EXT/extConf/saltedpasswords', 'a:2:{s:3:"BE.";a:1:{s:7:"enabled";i:1;}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}')
- );
- $newConfig = 'a:2:{s:3:"BE.";a:0:{}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}';
- $this->createConfigurationManagerWithMockedMethods(
- array(
- 'getDefaultConfiguration',
- 'getLocalConfigurationValueByPath',
- 'setLocalConfigurationValueByPath',
- )
- );
- $this->configurationManager->expects($this->exactly(1))
- ->method('getDefaultConfiguration')
- ->will($this->returnValue($defaultConfiguration));
- $this->configurationManager->expects($this->exactly(1))
- ->method('getLocalConfigurationValueByPath')
- ->will($this->returnValueMap($currentLocalConfiguration));
- $this->configurationManager->expects($this->once())
- ->method('setLocalConfigurationValueByPath')
- ->with($this->equalTo('EXT/extConf/saltedpasswords'), $this->equalTo($newConfig));
-
- $this->expectException(RedirectException::class);
-
- $silentConfigurationUpgradeServiceInstance->_set('configurationManager', $this->configurationManager);
-
- $silentConfigurationUpgradeServiceInstance->_call('configureSaltedPasswords');
- }
-
- /**
- * @test
- */
- public function configureSaltedPasswordsWithExtensionConfigurationBeNotEnabled()
- {
- /** @var $silentConfigurationUpgradeServiceInstance SilentConfigurationUpgradeService|\PHPUnit_Framework_MockObject_MockObject|\TYPO3\CMS\Core\Tests\AccessibleObjectInterface */
- $silentConfigurationUpgradeServiceInstance = $this->getAccessibleMock(
- SilentConfigurationUpgradeService::class,
- array('dummy'),
- array(),
- '',
- false
- );
- $config = 'a:2:{s:3:"BE.";a:1:{s:15:"onlyAuthService";i:0;}s:3:"FE.";a:2:{s:7:"enabled";i:0;s:11:"forceSalted";i:0;}}';
- $defaultConfiguration = array();
- $defaultConfiguration['EXT']['extConf']['saltedpasswords'] = $config;
-
- $currentLocalConfiguration = array(
- array('EXT/extConf/saltedpasswords', 'a:2:{s:3:"BE.";a:2:{s:7:"enabled";i:0;s:12:"updatePasswd";i:1;}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}')
- );
- $newConfig = 'a:2:{s:3:"BE.";a:1:{s:15:"onlyAuthService";i:0;}s:3:"FE.";a:1:{s:7:"enabled";i:0;}}';
- $this->createConfigurationManagerWithMockedMethods(
- array(
- 'getDefaultConfiguration',
- 'getLocalConfigurationValueByPath',
- 'setLocalConfigurationValueByPath',
- )
- );
- $this->configurationManager->expects($this->exactly(1))
- ->method('getDefaultConfiguration')
- ->will($this->returnValue($defaultConfiguration));
- $this->configurationManager->expects($this->exactly(1))
- ->method('getLocalConfigurationValueByPath')
- ->will($this->returnValueMap($currentLocalConfiguration));
- $this->configurationManager->expects($this->once())
- ->method('setLocalConfigurationValueByPath')
- ->with($this->equalTo('EXT/extConf/saltedpasswords'), $this->equalTo($newConfig));
-
- $this->expectException(RedirectException::class);
-
- $silentConfigurationUpgradeServiceInstance->_set('configurationManager', $this->configurationManager);
-
- $silentConfigurationUpgradeServiceInstance->_call('configureSaltedPasswords');
- }
-
/**
* @test
*/
@@ -711,4 +576,4 @@ class SilentConfigurationUpgradeServiceTest extends \TYPO3\CMS\Core\Tests\UnitTe
$silentConfigurationUpgradeServiceInstance->_call('setImageMagickDetailSettings');
}
-}
+}
\ No newline at end of file
diff --git a/typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php b/typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
index 42ffba888e8ee184d91588af3cba012ce94ea934..406e5663153bc0b78e20c164010a6a397b648c8a 100644
--- a/typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
+++ b/typo3/sysext/rsaauth/Classes/Backend/CommandLineBackend.php
@@ -54,7 +54,7 @@ class CommandLineBackend extends AbstractBackend
{
$this->opensslPath = CommandUtility::getCommand('openssl');
// Get temporary directory from the configuration
- $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
+ $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth'], ['allowed_classes' => false]);
if (
$extconf['temporaryDirectory'] !== ''
&& $extconf['temporaryDirectory'][0] === '/'
diff --git a/typo3/sysext/rsaauth/Classes/BackendWarnings.php b/typo3/sysext/rsaauth/Classes/BackendWarnings.php
index ca45eeb21bafb8ae41cd215b16deb39922ae9745..ecd702851d5835f8f40195c33e7d203eff7fa1fe 100644
--- a/typo3/sysext/rsaauth/Classes/BackendWarnings.php
+++ b/typo3/sysext/rsaauth/Classes/BackendWarnings.php
@@ -34,7 +34,7 @@ class BackendWarnings
$lang = $this->getLanguageService();
$warnings['rsaauth_cmdline'] = $lang->sL('LLL:EXT:rsaauth/Resources/Private/Language/locallang.xlf:hook_using_cmdline');
// Check the path
- $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth']);
+ $extconf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['rsaauth'], ['allowed_classes' => false]);
$path = trim($extconf['temporaryDirectory']);
if ($path == '') {
// Path is empty
diff --git a/typo3/sysext/rtehtmlarea/ext_localconf.php b/typo3/sysext/rtehtmlarea/ext_localconf.php
index dfa123994d4304033c021d32a648974d09889792..c97f4bff078a34027a8039182ac6b78f49efa254 100644
--- a/typo3/sysext/rtehtmlarea/ext_localconf.php
+++ b/typo3/sysext/rtehtmlarea/ext_localconf.php
@@ -13,7 +13,7 @@ require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('rtehtm
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['rtehtmlarea']['version'] = $EM_CONF['rtehtmlarea']['version'];
// Unserializing the configuration so we can use it here
-$_EXTCONF = unserialize($_EXTCONF);
+$_EXTCONF = unserialize($_EXTCONF, ['allowed_classes' => false]);
// Add default RTE transformation configuration
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addPageTSConfig('<INCLUDE_TYPOSCRIPT: source="FILE:EXT:rtehtmlarea/Configuration/PageTSconfig/Proc/pageTSConfig.txt">');
diff --git a/typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php b/typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
index 73de410afbed00b5d7b813174d41bb36c33b5d0a..45a56e0cad3a06524c337cf1e3c1b60f015342a2 100755
--- a/typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
+++ b/typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
@@ -149,7 +149,7 @@ class ExtensionManagerConfigurationUtility
private function init()
{
$requestSetup = $this->processPostData((array) $_REQUEST['data']);
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'], ['allowed_classes' => false]);
$this->extConf['BE'] = array_merge((array)$extConf['BE.'], (array)$requestSetup['BE.']);
$this->extConf['FE'] = array_merge((array)$extConf['FE.'], (array)$requestSetup['FE.']);
$this->getLanguageService()->includeLLFile('EXT:saltedpasswords/Resources/Private/Language/locallang.xlf');
diff --git a/typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php b/typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
index c80358cbd591af6168490963eae804401fd263e8..2b656faa041b292adbba077913ba77f2606b05a5 100644
--- a/typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
+++ b/typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
@@ -51,7 +51,7 @@ class SaltedPasswordsUtility
{
$currentConfiguration = self::returnExtConfDefaults();
if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
- $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+ $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'], ['allowed_classes' => false]);
// Merge default configuration with modified configuration:
if (isset($extensionConfiguration[$mode . '.'])) {
$currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
diff --git a/typo3/sysext/scheduler/Classes/Scheduler.php b/typo3/sysext/scheduler/Classes/Scheduler.php
index 925d221214471352b25bd2fa2594150045a02330..84cb1a4766178f991426346a22fb867406343b3d 100644
--- a/typo3/sysext/scheduler/Classes/Scheduler.php
+++ b/typo3/sysext/scheduler/Classes/Scheduler.php
@@ -38,7 +38,7 @@ class Scheduler implements \TYPO3\CMS\Core\SingletonInterface
public function __construct()
{
// Get configuration from the extension manager
- $this->extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler']);
+ $this->extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler'], ['allowed_classes' => false]);
if (empty($this->extConf['maxLifetime'])) {
$this->extConf['maxLifetime'] = 1440;
}
diff --git a/typo3/sysext/scheduler/ext_localconf.php b/typo3/sysext/scheduler/ext_localconf.php
index 3bf20ed5e9d605c0cbec5cbf1f56efc66e6b1ce4..ab11a969a66e292266b63f0e96189c94d5c311db 100644
--- a/typo3/sysext/scheduler/ext_localconf.php
+++ b/typo3/sysext/scheduler/ext_localconf.php
@@ -10,7 +10,7 @@ $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['cliKeys']['scheduler'] = ar
'_CLI_scheduler'
);
// Get the extensions's configuration
-$extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler']);
+$extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['scheduler'], ['allowed_classes' => false]);
// If sample tasks should be shown,
// register information for the test and sleep tasks
if (!empty($extConf['showSampleTasks'])) {