From 4a598ded51dd99c2f9997439601c76677d5838c8 Mon Sep 17 00:00:00 2001
From: Guy Sartorelli <guy.sartorelli@silverstripe.com>
Date: Tue, 27 Sep 2022 10:52:40 +1300
Subject: [PATCH 1/2] FIX Allow removing named extensions in yaml config

---
 .../Config/Middleware/ExtensionMiddleware.php |  5 ++
 src/Core/Extensible.php                       |  5 ++
 tests/php/Core/ExtensionTest.php              | 48 +++++++++++++++++++
 .../php/Core/ExtensionTest/NamedExtension.php | 14 ++++++
 4 files changed, 72 insertions(+)
 create mode 100644 tests/php/Core/ExtensionTest.php
 create mode 100644 tests/php/Core/ExtensionTest/NamedExtension.php

diff --git a/src/Core/Config/Middleware/ExtensionMiddleware.php b/src/Core/Config/Middleware/ExtensionMiddleware.php
index f41da6d92..f05ae866f 100644
--- a/src/Core/Config/Middleware/ExtensionMiddleware.php
+++ b/src/Core/Config/Middleware/ExtensionMiddleware.php
@@ -63,6 +63,11 @@ class ExtensionMiddleware implements Middleware
 
         $extensions = $extensionSourceConfig['extensions'];
         foreach ($extensions as $extension) {
+            // Allow removing extensions via yaml config by setting named extension config to null
+            if ($extension === null) {
+                continue;
+            }
+
             list($extensionClass, $extensionArgs) = ClassInfo::parse_class_spec($extension);
             // Strip service name specifier
             $extensionClass = strtok($extensionClass ?? '', '.');
diff --git a/src/Core/Extensible.php b/src/Core/Extensible.php
index 37e79a185..f041caf4a 100644
--- a/src/Core/Extensible.php
+++ b/src/Core/Extensible.php
@@ -553,6 +553,11 @@ trait Extensible
 
             if ($extensions) {
                 foreach ($extensions as $extension) {
+                    // Allow removing extensions via yaml config by setting named extension config to null
+                    if ($extension === null) {
+                        continue;
+                    }
+
                     $name = $extension;
                     // Allow service names of the form "%$ServiceName"
                     if (substr($name ?? '', 0, 2) == '%$') {
diff --git a/tests/php/Core/ExtensionTest.php b/tests/php/Core/ExtensionTest.php
new file mode 100644
index 000000000..4b3baefd1
--- /dev/null
+++ b/tests/php/Core/ExtensionTest.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace SilverStripe\Core\Tests;
+
+use BadMethodCallException;
+use ReflectionProperty;
+use SilverStripe\Core\Config\Config;
+use SilverStripe\Core\Tests\ExtensionTest\NamedExtension;
+use SilverStripe\Dev\SapphireTest;
+use SilverStripe\ORM\DataObject;
+
+class ExtensionTest extends SapphireTest
+{
+    protected function setUp(): void
+    {
+        parent::setUp();
+        // Reset extra_methods so that when we set NamedExtension to null it re-evaluates which methods are available
+        $reflectionProperty = new ReflectionProperty(DataObject::class, 'extra_methods');
+        $reflectionProperty->setAccessible(true);
+        $reflectionProperty->setValue([]);
+        // Add named extension config like we would in yaml
+        Config::modify()->merge(DataObject::class, 'extensions', ['NamedExtension' => NamedExtension::class]);
+    }
+
+    public function testHasNamedExtension()
+    {
+        $this->assertTrue(DataObject::has_extension(NamedExtension::class));
+        $instance = new DataObject();
+        $this->assertTrue($instance->hasMethod('getTestValue'));
+        $this->assertSame('test', $instance->getTestValue());
+    }
+
+    public function testRemoveNamedExtension()
+    {
+        Config::modify()->merge(DataObject::class, 'extensions', ['NamedExtension' => null]);
+        $this->assertFalse(DataObject::has_extension(NamedExtension::class));
+        $instance = new DataObject();
+        $this->assertFalse($instance->hasMethod('getTestValue'));
+    }
+
+    public function testRemoveNamedExtensionException()
+    {
+        Config::modify()->merge(DataObject::class, 'extensions', ['NamedExtension' => null]);
+        $instance = new DataObject();
+        $this->expectException(BadMethodCallException::class);
+        $instance->getTestValue();
+    }
+}
diff --git a/tests/php/Core/ExtensionTest/NamedExtension.php b/tests/php/Core/ExtensionTest/NamedExtension.php
new file mode 100644
index 000000000..2314c4204
--- /dev/null
+++ b/tests/php/Core/ExtensionTest/NamedExtension.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace SilverStripe\Core\Tests\ExtensionTest;
+
+use SilverStripe\Core\Extension;
+use SilverStripe\Dev\TestOnly;
+
+class NamedExtension extends Extension implements TestOnly
+{
+    public function getTestValue()
+    {
+        return 'test';
+    }
+}

From 54892fa267d091a94fb529e03cef84451f62bad1 Mon Sep 17 00:00:00 2001
From: Thomas Portelange <thomas@lekoala.be>
Date: Wed, 28 Sep 2022 10:44:13 +0200
Subject: [PATCH 2/2] request may not have a session

see https://github.com/silverstripe/silverstripe-framework/pull/10512
---
 src/Security/MemberAuthenticator/MemberAuthenticator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Security/MemberAuthenticator/MemberAuthenticator.php b/src/Security/MemberAuthenticator/MemberAuthenticator.php
index 76127a995..bda474820 100644
--- a/src/Security/MemberAuthenticator/MemberAuthenticator.php
+++ b/src/Security/MemberAuthenticator/MemberAuthenticator.php
@@ -47,7 +47,7 @@ class MemberAuthenticator implements Authenticator
         // Optionally record every login attempt as a {@link LoginAttempt} object
         $this->recordLoginAttempt($data, $request, $member, $result->isValid());
 
-        if ($member) {
+        if ($member && $request->hasSession()) {
             $request->getSession()->clear('BackURL');
         }