[SECURITY] Limit user access in workspace previews 10/47610/2
authorNicole Cordes <typo3@cordes.co>
Tue, 12 Apr 2016 09:11:26 +0000 (11:11 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 12 Apr 2016 09:11:30 +0000 (11:11 +0200)
commit7e72fd0d3654c1604e594a822a1506f0d03c27e7
treee00d2b5b4749a221fe2234d2cf65f4f66e0e88bf
parentc5df0d116847646abfa824b18ac35c26d4a94c64
[SECURITY] Limit user access in workspace previews

To view a preview of a workspace page a backend user is simulated.
Currently the user who created the preview link is taken into account.
This patch creates a limited backend user to be able to process the
web request.

Resolves: #28175
Releases: master, 7.6, 6.2
Security-Commit: f0445be5322b4c0e4b1c0900542aca4e00a39f46
Security-Bulletins: TYPO3-CORE-SA-2016-009, 010, 011, 012
Change-Id: I80dd9168b22bf62b2a2ed4a264240d07f056cc73
Reviewed-on: https://review.typo3.org/47610
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/version/Classes/Hook/PreviewHook.php
typo3/sysext/version/ext_localconf.php