[BUGFIX] Re-enables fileDenyPattern check for admin users
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Resource / ResourceStorage.php
index b8bb973..4ecb615 100644 (file)
@@ -707,12 +707,9 @@ class ResourceStorage implements ResourceStorageInterface
      */
     protected function checkFileExtensionPermission($fileName)
     {
-        if (!$this->evaluatePermissions) {
-            return true;
-        }
         $fileName = $this->driver->sanitizeFileName($fileName);
         $isAllowed = GeneralUtility::verifyFilenameAgainstDenyPattern($fileName);
-        if ($isAllowed) {
+        if ($isAllowed && $this->evaluatePermissions) {
             $fileExtension = strtolower(PathUtility::pathinfo($fileName, PATHINFO_EXTENSION));
             // Set up the permissions for the file extension
             $fileExtensionPermissions = $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']['webspace'];
@@ -739,7 +736,7 @@ class ResourceStorage implements ResourceStorageInterface
                 return true;
             }
         }
-        return false;
+        return $isAllowed;
     }
 
     /**