From 5c794dfcdd42b319325c867f4a807429ad93a553 Mon Sep 17 00:00:00 2001 From: Robbie Averill Date: Mon, 29 Jul 2019 16:07:04 +0200 Subject: [PATCH] FIX Prevent setting session value when no session exists yet --- src/Security/Security.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Security/Security.php b/src/Security/Security.php index e066988ac..ad221afc8 100644 --- a/src/Security/Security.php +++ b/src/Security/Security.php @@ -2,6 +2,7 @@ namespace SilverStripe\Security; +use BadMethodCallException; use LogicException; use Page; use ReflectionClass; @@ -420,10 +421,14 @@ class Security extends Controller implements TemplateGlobalProvider $message = $messageSet['default']; } - list($messageText, $messageCast) = $parseMessage($message); - static::singleton()->setSessionMessage($messageText, ValidationResult::TYPE_WARNING, $messageCast); + try { + list($messageText, $messageCast) = $parseMessage($message); + static::singleton()->setSessionMessage($messageText, ValidationResult::TYPE_WARNING, $messageCast); - $controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']); + $controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']); + } catch (BadMethodCallException $ex) { + // noop, if session was not set yet + } // TODO AccessLogEntry needs an extension to handle permission denied errors // Audit logging hook