Merge pull request #9152 from creative-commoners/pulls/4.3/session-exists-check

FIX Prevent setting session value when no session exists yet
This commit is contained in:
Loz Calver 2019-07-30 09:42:45 +01:00 committed by GitHub
commit 6f19cb3a83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,6 +2,7 @@
namespace SilverStripe\Security;
use BadMethodCallException;
use LogicException;
use Page;
use ReflectionClass;
@ -420,10 +421,14 @@ class Security extends Controller implements TemplateGlobalProvider
$message = $messageSet['default'];
}
try {
list($messageText, $messageCast) = $parseMessage($message);
static::singleton()->setSessionMessage($messageText, ValidationResult::TYPE_WARNING, $messageCast);
$controller->getRequest()->getSession()->set("BackURL", $_SERVER['REQUEST_URI']);
} catch (BadMethodCallException $ex) {
// noop, if session was not set yet
}
// TODO AccessLogEntry needs an extension to handle permission denied errors
// Audit logging hook