FIX Prevent setting session value when no session exists yet

This commit is contained in:
Robbie Averill 2019-07-29 16:07:04 +02:00
parent 2d2b0b82f0
commit 5c794dfcdd

View File

@ -2,6 +2,7 @@
namespace SilverStripe\Security; namespace SilverStripe\Security;
use BadMethodCallException;
use LogicException; use LogicException;
use Page; use Page;
use ReflectionClass; use ReflectionClass;
@ -420,10 +421,14 @@ class Security extends Controller implements TemplateGlobalProvider
$message = $messageSet['default']; $message = $messageSet['default'];
} }
try {
list($messageText, $messageCast) = $parseMessage($message); list($messageText, $messageCast) = $parseMessage($message);
static::singleton()->setSessionMessage($messageText, ValidationResult::TYPE_WARNING, $messageCast); static::singleton()->setSessionMessage($messageText, ValidationResult::TYPE_WARNING, $messageCast);
$controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']); $controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']);
} catch (BadMethodCallException $ex) {
// noop, if session was not set yet
}
// TODO AccessLogEntry needs an extension to handle permission denied errors // TODO AccessLogEntry needs an extension to handle permission denied errors
// Audit logging hook // Audit logging hook