[BUGFIX] Resolve asterisk in allowed tables for suggest wizard 11/20511/2
authorNicole Cordes <typo3@cordes.co>
Sun, 21 Apr 2013 00:08:19 +0000 (02:08 +0200)
committerNicole Cordes <typo3@cordes.co>
Sun, 5 May 2013 12:04:47 +0000 (14:04 +0200)
In the suggest ajax script the setting of allowed tables is not parsed for
the asterisk (*). If it is set all TCA tables should be parsed and checked
for access and added to queryTables array.

Change-Id: Icc288bcd31595a5f653aa4ac4faa4602535ecbcf
Fixes: #21588
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/20511
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
typo3/sysext/backend/Classes/Form/Element/SuggestElement.php

index bf0da2f..b21830f 100644 (file)
@@ -154,7 +154,22 @@ class SuggestElement {
                }
                $wizardConfig = $fieldConfig['wizards']['suggest'];
                if (isset($fieldConfig['allowed'])) {
-                       $queryTables = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $fieldConfig['allowed']);
+                       if ($fieldConfig['allowed'] === '*') {
+                               foreach ($GLOBALS['TCA'] as $tableName => $tableConfig) {
+                                       // TODO: Refactor function to BackendUtility
+                                       if (empty($tableConfig['ctrl']['hideTable'])
+                                               && ($GLOBALS['BE_USER']->isAdmin()
+                                                       || (empty($tableConfig['ctrl']['adminOnly'])
+                                                               && (empty($tableConfig['ctrl']['rootLevel'])
+                                                                       || !empty($tableConfig['ctrl']['security']['ignoreRootLevelRestriction']))))
+                                       ) {
+                                               $queryTables[] = $tableName;
+                                       }
+                               }
+                               unset($tableName, $tableConfig);
+                       } else {
+                               $queryTables = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $fieldConfig['allowed']);
+                       }
                } elseif (isset($fieldConfig['foreign_table'])) {
                        $queryTables = array($fieldConfig['foreign_table']);
                        $foreign_table_where = $fieldConfig['foreign_table_where'];