[SECURITY] Limit user access in workspace previews 02/47602/2
authorNicole Cordes <typo3@cordes.co>
Tue, 12 Apr 2016 09:10:23 +0000 (11:10 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 12 Apr 2016 09:10:25 +0000 (11:10 +0200)
commit819c1f901106161cfc9bb8e650bc8291b8d37a62
tree3f71fc53e1d16bc95fba7b8c308b7eef902c5e9b
parentea14aaac26f20172ea9d2f4a3c616f90a203d6dc
[SECURITY] Limit user access in workspace previews

To view a preview of a workspace page a backend user is simulated.
Currently the user who created the preview link is taken into account.
This patch creates a limited backend user to be able to process the
web request.

Resolves: #28175
Releases: master, 7.6, 6.2
Security-Commit: 9a6f69102513373baaa65f4ade4751a45d57e133
Security-Bulletins: TYPO3-CORE-SA-2016-009, 010, 011, 012
Change-Id: I5124a24acf06478f6952b80585917c8e9f266d16
Reviewed-on: https://review.typo3.org/47602
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/version/Classes/Hook/PreviewHook.php
typo3/sysext/version/ext_localconf.php