Merge branch 'S13933_sip_report_IP_adress_and_FE_user' into 'develop'

S13933 Ausgabe von Client Remote IP und falls vorhanden auch FE-Username. See merge request !422

Merge branch 'S13933_sip_report_IP_adress_and_FE_user' into 'develop'
S13933 Ausgabe von Client Remote IP und falls vorhanden auch FE-Username. See merge request !422
b6866fa0 · Carsten Rose · e3abf0a4 · 04ca482c · b6866fa0
Commit b6866fa0 authored May 14, 2022 by Carsten Rose
--- a/extension/Classes/Core/Store/Sip.php
+++ b/extension/Classes/Core/Store/Sip.php
@@ -335,6 +335,8 @@ class Sip {
     */
    public function getVarsFromSip($s) {

+        static $exceptionAlreadyThrown = false;
+
        # Check if parameter is manipulated
        if (strlen($s) != SIP_TOKEN_LENGTH) {
            Config::attackDetectedExitNow(array(), 'Invalid SIP token length: ' . strlen($s) . " _GET['s']=" . htmlentities($s));
@@ -347,6 +349,12 @@ class Sip {
        $sessionVar = Session::get($s);

        if ($sessionVar === false) {
+
+            if ($exceptionAlreadyThrown) {
+                // There is already an exception throw for Store SIP: just return an empty array and do not throw a new exception.
+                return array();
+            }
+            $exceptionAlreadyThrown = true;
            throw new \UserFormException("SIP '$s' not registered - please reload the previous site and try again.", ERROR_SIP_NOT_FOUND);
        }