[SECURITY] Check permissions in all actions of ResourceStorage 01/23601/2
authorSteffen Ritter <info@rs-websystems.de>
Wed, 4 Sep 2013 11:23:07 +0000 (13:23 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 4 Sep 2013 11:23:12 +0000 (13:23 +0200)
commitc524c0dc5e15fc0f20ac89d5683961a98ea72a8b
tree1609f289cd99ab72f089caa57fa1980a67a04b99
parentc9e9c4fdae79ddc0045047203992a043b89a364f
[SECURITY] Check permissions in all actions of ResourceStorage

The ResourceStorage omits checks for the configured user and
group permissions within the actions on that Storage.

This patch refines some naming within the security methods
as well as adding security checks to every method.

PHP file extensions are now also removed from the
text file extension list.

Change-Id: I2dbea79707cc054b6c532f3d6c250f7a05baa3e6
Releases: 6.2, 6.1, 6.0
Fixes: #51079
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23601
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
typo3/sysext/backend/Classes/Controller/File/EditFileController.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Classes/Resource/Service/UserFileMountService.php
typo3/sysext/core/Classes/Utility/File/ExtendedFileUtility.php
typo3/sysext/core/Configuration/DefaultConfiguration.php
typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
typo3/sysext/core/Tests/Unit/Resource/ResourceStorageTest.php
typo3/sysext/filelist/Classes/Controller/FileListController.php
typo3/sysext/filelist/Classes/FileList.php