[BUGFIX] Use strict authMode access check for list_type 65/45165/2
authorGeorg Ringer <georg.ringer@gmail.com>
Mon, 7 Dec 2015 09:37:24 +0000 (10:37 +0100)
committerFrank Nägler <frank.naegler@typo3.org>
Mon, 7 Dec 2015 12:09:51 +0000 (13:09 +0100)
Enforcing a strict authMode check is required to make sure
that editors only see those content elements of type CType='list'
which they are allowed to see.

Change-Id: I47f92a03a3dacbbf686fd9592ea679a40f3a828b
Resolves: #32209
Releases: master, 6.2
Reviewed-on: https://review.typo3.org/45165
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Josef Glatz <josef.glatz@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Ralf Merz <info@merzilla.de>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Frank Nägler <frank.naegler@typo3.org>
Tested-by: Frank Nägler <frank.naegler@typo3.org>
typo3/sysext/frontend/Configuration/TCA/tt_content.php

index ff81640..c936f0c 100644 (file)
@@ -808,6 +808,7 @@ return array(
                 'itemsProcFunc' => \TYPO3\CMS\Frontend\Hooks\TableColumnHooks::class . '->sortPluginList',
                 'default' => '',
                 'authMode' => $GLOBALS['TYPO3_CONF_VARS']['BE']['explicitADmode'],
+                'authMode_enforce' => 'strict'
             )
         ),
         'select_key' => array(