From d62c8da36e75128c7dccc4f1c9df2fff4445f519 Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Mon, 3 Jul 2023 14:40:11 +0200
Subject: [PATCH] [BUGFIX] Avoid BackendUser access in AdminPanel constructor

Resolves: #100538
Releases: main, 12.4, 11.5
Change-Id: Ia0e37a39ed566938a9b9f947ad21949a9ab3b0bc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/79550
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
---
 .../Classes/Service/ConfigurationService.php      | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/typo3/sysext/adminpanel/Classes/Service/ConfigurationService.php b/typo3/sysext/adminpanel/Classes/Service/ConfigurationService.php
index 930aca99ddac..320f730fa5c6 100644
--- a/typo3/sysext/adminpanel/Classes/Service/ConfigurationService.php
+++ b/typo3/sysext/adminpanel/Classes/Service/ConfigurationService.php
@@ -32,19 +32,12 @@ use TYPO3\CMS\Core\SingletonInterface;
  */
 class ConfigurationService implements SingletonInterface
 {
-    protected array $mainConfiguration;
-
-    public function __construct()
-    {
-        $this->mainConfiguration = $this->getBackendUser()->getTSConfig()['admPanel.'] ?? [];
-    }
-
     /**
      * Get MainConfiguration (User TSConfig admPanel)
      */
     public function getMainConfiguration(): array
     {
-        return $this->mainConfiguration;
+        return $this->getBackendUser()->getTSConfig()['admPanel.'] ?? [];
     }
 
     /**
@@ -57,11 +50,7 @@ class ConfigurationService implements SingletonInterface
             throw new \InvalidArgumentException('Identifier and option may not be empty', 1532861423);
         }
 
-        if (isset($this->mainConfiguration['override.'][$identifier . '.'][$option])) {
-            $returnValue = $this->mainConfiguration['override.'][$identifier . '.'][$option];
-        } else {
-            $returnValue = $this->getBackendUser()->uc['AdminPanel'][$identifier . '_' . $option] ?? '';
-        }
+        $returnValue = $this->getMainConfiguration()['override.'][$identifier . '.'][$option] ?? $this->getBackendUser()->uc['AdminPanel'][$identifier . '_' . $option] ?? '';
 
         return (string)$returnValue;
     }
-- 
GitLab