[SECURITY] Deny access to import module for non-admin users 43/61143/2
authorOliver Hader <oliver@typo3.org>
Tue, 25 Jun 2019 06:41:42 +0000 (08:41 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 25 Jun 2019 06:41:47 +0000 (08:41 +0200)
commit4bdd03fb053b7f714b962f849c4204c79936df85
tree73cf0848b649a00ab8111bf78c3e8140fc469b18
parent807b0e5de83a5c5d42a961fde629568aaa492887
[SECURITY] Deny access to import module for non-admin users

Due to an incomplete condition it was possible for regular
backend users to make use of the import module - which only
would be accessible to admin users or to those users have
User TSconfig `options.impexp.enableImportForNonAdminUser`
enabled.

Resolves: #88284
Releases: master, 9.5
Security-Commit: a3ca05df1e9e9269b45daf9dd79517df9d202604
Security-Bulletin: TYPO3-CORE-SA-2019-017
Change-Id: I9ac9a026d5715f9c03eda37f0ef84178640b2f1d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61143
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/impexp/Classes/Controller/ImportExportController.php