[BUGFIX] Only access FAL security checks when in Backend 15/54315/2
authorBenni Mack <benni@typo3.org>
Fri, 6 Oct 2017 15:34:52 +0000 (17:34 +0200)
committerBenni Mack <benni@typo3.org>
Tue, 10 Oct 2017 06:06:01 +0000 (08:06 +0200)
commit45a002359f849d5919d1e5e5bd857e8ecf38bc6f
tree4064d1f6144f3925952863aa87d16adedd5f0c9b
parent8f64dc55bd3c8533a3e9379790407efea38edb72
[BUGFIX] Only access FAL security checks when in Backend

The FAL security checks which adds additional checks for Backend Users
are currently placed within TYPO3_MODE === BE which applies to CLI as well.

In order to even use the FAL API via CLI, a user has to be authenticated (just for
browsing files). Therefore, the check needs to be handled via TYPO3_REQUEST_TYPE
which excludes symfony commands on CLI basis.

Additionally, the REQUEST TYPE checks are handled within the Slot and not
when to register the hook (see other cleanup patch as well).

Resolves: #82691
Releases: master, 8.7
Change-Id: I7b895a119a17ea166331eb1dbcb75e57fffbd388
Reviewed-on: https://review.typo3.org/54315
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Joerg Boesche <typo3@joergboesche.de>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Henning Liebe <h.liebe@neusta.de>
Reviewed-by: Daniel Gorges <daniel.gorges@b13.de>
Tested-by: Daniel Gorges <daniel.gorges@b13.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php
typo3/sysext/backend/ext_localconf.php
typo3/sysext/core/Classes/Resource/Security/StoragePermissionsAspect.php
typo3/sysext/core/ext_localconf.php