From 9ced33d346268244c632dc1afd84decd0d7b00fe Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Tue, 24 Jul 2018 16:56:20 +0200
Subject: [PATCH] [BUGFIX] Context User Aspect must deal with empty fe_user

TSFE->fe_user is set to '' by default, but UserAspect
expects "null".

Extensions like solr set up their own TSFE object which
is fine, however they still access gr_list which is OK,
because it is deprecated. However, a deprecation
message must be thrown, and NOT a strict typing warning.

UserAspect expects either "null" or object of type
AbstractUserAuthentication, but TSFE delivers '' by
default.

Modifying '' would not be an option as this would be
(slightly but still) breaking.

Resolves: #85632
Releases: master
Change-Id: I2dbd46bee1c497f413ede8a1e55334ef954cf723
Reviewed-on: https://review.typo3.org/57674
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
---
 .../adminpanel/Classes/Modules/PreviewModule.php       |  2 +-
 .../Controller/TypoScriptFrontendController.php        | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/typo3/sysext/adminpanel/Classes/Modules/PreviewModule.php b/typo3/sysext/adminpanel/Classes/Modules/PreviewModule.php
index b430d48b37eb..d228d71316ae 100644
--- a/typo3/sysext/adminpanel/Classes/Modules/PreviewModule.php
+++ b/typo3/sysext/adminpanel/Classes/Modules/PreviewModule.php
@@ -199,7 +199,7 @@ class PreviewModule extends AbstractModule
                     $tsfe->fe_user->usergroup_column => $tsfe->simUserGroup,
                 ];
             }
-            $context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $tsfe->fe_user));
+            $context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $tsfe->fe_user ?: null));
         }
         if (!$tsfe->simUserGroup && !$simTime && !$showHiddenPage && !$showHiddenRecords) {
             $tsfe->fePreview = 0;
diff --git a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
index 0bb14d099126..2a98a13614d5 100644
--- a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
+++ b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
@@ -995,7 +995,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
         }
 
         $this->gr_list = implode(',', $userGroups);
-        $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user, $userGroups));
+        $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user ?: null, $userGroups));
 
         // For every 60 seconds the is_online timestamp for a logged-in user is updated
         if ($isUserAndGroupSet) {
@@ -1164,7 +1164,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
                     $userGroups = [0, -2];
                 }
                 $this->gr_list = implode(',', $userGroups);
-                $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user, $userGroups));
+                $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user ?: null, $userGroups));
                 // Fetching the id again, now with the preview settings reset.
                 $this->fetch_the_id();
             }
@@ -5096,7 +5096,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
                 /** @var UserAspect $aspect */
                 $aspect = $this->context->getAspect('frontend.user');
                 if ($propertyValue) {
-                    $aspect = GeneralUtility::makeInstance(UserAspect::class, $this->fe_user, $aspect->getGroupIds());
+                    $aspect = GeneralUtility::makeInstance(UserAspect::class, $this->fe_user ?: null, $aspect->getGroupIds());
                 } else {
                     $aspect = GeneralUtility::makeInstance(UserAspect::class, null, $aspect->getGroupIds());
                 }
@@ -5104,7 +5104,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
                 break;
             case 'gr_list':
                 trigger_error('Property $TSFE->gr_list is not in use anymore as this information is now stored within the frontend.user aspect.');
-                $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user, GeneralUtility::intExplode(',', $propertyValue)));
+                $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user ?: null, GeneralUtility::intExplode(',', $propertyValue)));
                 break;
             case 'beUserLogin':
                 trigger_error('Property $TSFE->beUserLogin is not in use anymore as this information is now stored within the backend.user aspect.');
@@ -5168,7 +5168,7 @@ class TypoScriptFrontendController implements LoggerAwareInterface
                 break;
             case 'gr_list':
                 trigger_error('Property $TSFE->gr_list is not in use anymore as this information is now stored within the frontend.user aspect.');
-                $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user, []));
+                $this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $this->fe_user ?: null, []));
                 break;
             case 'beUserLogin':
                 trigger_error('Property $TSFE->beUserLogin is not in use anymore as this information is now stored within the backend.user aspect.');
-- 
GitLab