[SECURITY] Check permissions in all actions of ResourceStorage 95/23595/2
authorSteffen Ritter <info@rs-websystems.de>
Wed, 4 Sep 2013 11:13:48 +0000 (13:13 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 4 Sep 2013 11:13:52 +0000 (13:13 +0200)
commit770b53e1231303e7c8df507f229cb8ac611e064b
treeb4f8f392dfcafb0d961c795d8a608a5cc1ec6414
parent3d096be4aa29b5de5d30dc72a7b33f646e931745
[SECURITY] Check permissions in all actions of ResourceStorage

The ResourceStorage omits checks for the configured user and
group permissions within the actions on that Storage.

This patch refines some naming within the security methods
as well as adding security checks to every method.

PHP file extensions are now also removed from the
text file extension list.

Releases: 6.2, 6.1, 6.0
Fixes: #51079
Change-Id: I95a6d89da7eb2b6ea52afea1c49b1df8acb00707
Security-Commit: f5d926ec7a99098ad42117cf2e0b3b67dae057a4
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23595
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
typo3/sysext/backend/Classes/Controller/File/EditFileController.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Classes/Resource/Service/UserFileMountService.php
typo3/sysext/core/Classes/Utility/File/ExtendedFileUtility.php
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
typo3/sysext/core/Tests/Unit/Resource/ResourceStorageTest.php
typo3/sysext/filelist/Classes/Controller/FileListController.php
typo3/sysext/filelist/Classes/FileList.php