[BUGFIX] Re-enables fileDenyPattern check for admin users 10/32610/12
authorTorben Hansen <derhansen@gmail.com>
Thu, 26 May 2016 19:20:23 +0000 (21:20 +0200)
committerHelmut Hummel <helmut.hummel@typo3.org>
Fri, 27 May 2016 11:43:33 +0000 (13:43 +0200)
commita3635263d849db4ae1ceaab98305d702e4efbb7f
tree1a4d1156dd533a3afa855c0eead3663b39ac3bfc
parent7e2ce1d2bb982fee534d6514c30dc4f6b1762120
[BUGFIX] Re-enables fileDenyPattern check for admin users

When an admin user tries to upload a file which has a fileextension
that is included in the fileDenyPattern, the upload is denied.

With the security fix in #51326 admin users are now able to change
the extension of a file to any value, since the fileDenyPattern is
not checked for admin users. This leads to the situation, that admin
users can create/rename files in the filelist with a fileextension
of their choice.

To keep the behavior consistent, this patch re-enables the check
of the fileDenyPattern for admin users in the filelist.

Resolves: #60173
Releases: master, 7.6, 6.2
Change-Id: I3b819e70cf2218a4580203ac7b7a6b0c3c5087ab
Reviewed-on: https://review.typo3.org/32610
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Tests/Unit/Resource/ResourceStorageTest.php