From c6eb4502eb7dfe391409e34c1a1dd0520e0c3af5 Mon Sep 17 00:00:00 2001
From: Helmut Hummel <helmut.hummel@typo3.org>
Date: Sat, 16 Mar 2013 16:29:20 +0100
Subject: [PATCH] [BUGFIX] Fix PHP warning in BackendUtility::lockRecords

This methods triggers a warning "Illegal String offset"
with PHP 5.4, because $GLOBALS['BE_USER']->user['uid'] is accessed
even if a user is not logged in.

Additionally a delete query is executed in this case which
does not make sense at all.

Properly check if a user is logged in before executing any
functionality in this method.

Fixes: #46361
Releases: 4.5, 4.7, 6.0, 6.1
Change-Id: I370e0a8610a55b3d684bef95d7c6905eaaaacbab
Reviewed-on: https://review.typo3.org/18978
Reviewed-by: Markus Klein
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
---
 .../Classes/Utility/BackendUtility.php        | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Utility/BackendUtility.php b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
index e901ac5b44c7..37c51557fd83 100644
--- a/typo3/sysext/backend/Classes/Utility/BackendUtility.php
+++ b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
@@ -2937,20 +2937,22 @@ class BackendUtility {
 	 * @see t3lib_transferData::lockRecord(), alt_doc.php, db_layout.php, db_list.php, wizard_rte.php
 	 */
 	static public function lockRecords($table = '', $uid = 0, $pid = 0) {
-		$user_id = intval($GLOBALS['BE_USER']->user['uid']);
-		if ($table && $uid) {
-			$fields_values = array(
-				'userid' => $user_id,
-				'feuserid' => 0,
-				'tstamp' => $GLOBALS['EXEC_TIME'],
-				'record_table' => $table,
-				'record_uid' => $uid,
-				'username' => $GLOBALS['BE_USER']->user['username'],
-				'record_pid' => $pid
-			);
-			$GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_lockedrecords', $fields_values);
-		} else {
-			$GLOBALS['TYPO3_DB']->exec_DELETEquery('sys_lockedrecords', 'userid=' . intval($user_id));
+		if (isset($GLOBALS['BE_USER']->user['uid'])) {
+			$user_id = intval($GLOBALS['BE_USER']->user['uid']);
+			if ($table && $uid) {
+				$fields_values = array(
+					'userid' => $user_id,
+					'feuserid' => 0,
+					'tstamp' => $GLOBALS['EXEC_TIME'],
+					'record_table' => $table,
+					'record_uid' => $uid,
+					'username' => $GLOBALS['BE_USER']->user['username'],
+					'record_pid' => $pid
+				);
+				$GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_lockedrecords', $fields_values);
+			} else {
+				$GLOBALS['TYPO3_DB']->exec_DELETEquery('sys_lockedrecords', 'userid=' . intval($user_id));
+			}
 		}
 	}
 
-- 
GitLab