[BUGFIX] Check folder access for inline uploader 02/27302/5
authorAlexander Stehlik <alexander.stehlik@googlemail.com>
Mon, 3 Feb 2014 18:57:23 +0000 (19:57 +0100)
committerMarkus Klein <klein.t3@mfc-linz.at>
Wed, 5 Feb 2014 08:57:29 +0000 (09:57 +0100)
Before the inline drag and drop upload functionality to the default
upload folder is enabled it is made sure that the upload folder
is initialized and that the user is allowed to add files.

Resolves: #55628
Releases: 6.2
Change-Id: Ia18678dc432c6f0addea33aa0389db54297435e3
Reviewed-on: https://review.typo3.org/27302
Reviewed-by: Lorenz Ulrich
Tested-by: Lorenz Ulrich
Reviewed-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein
typo3/sysext/backend/Classes/Form/Element/InlineElement.php

index 7525ce5..95dfc04 100644 (file)
@@ -864,7 +864,7 @@ class InlineElement {
 
        /**
         * Generate a link that opens an element browser in a new window.
-        * For group/db there is no way o use a "selector" like a <select>|</select>-box.
+        * For group/db there is no way to use a "selector" like a <select>|</select>-box.
         *
         * @param array $conf TCA configuration of the parent(!) field
         * @param array $PA An array with additional configuration options
@@ -900,24 +900,31 @@ class InlineElement {
                $browserParams = '|||' . $allowed . '|' . $objectPrefix . '|inline.checkUniqueElement||inline.importElement';
                $onClick = 'setFormValueOpenBrowser(\'' . $mode . '\', \'' . $browserParams . '\'); return false;';
 
-               $item = '<a href="#" class="t3-button" onclick="' . htmlspecialchars($onClick) . '">' . IconUtility::getSpriteIcon('actions-insert-record', array('title' => $createNewRelationText)) . $createNewRelationText . '</a>';
+               $item = '<a href="#" class="t3-button" onclick="' . htmlspecialchars($onClick) . '">';
+               $item .= IconUtility::getSpriteIcon('actions-insert-record', array('title' => $createNewRelationText));
+               $item .= $createNewRelationText . '</a>';
 
                if ($showUpload && $this->fObj->edit_docModuleUpload) {
-                       $maxFileSize = GeneralUtility::getMaxUploadFileSize() * 1024;
-                       $folder = $folder = $GLOBALS['BE_USER']->getDefaultUploadFolder();
-                       $item .= ' <a href="#" class="t3-button t3-drag-uploader"
-                               style="display:none"
-                               data-dropzone-target="#'.htmlspecialchars($this->inlineNames['object']).'"
-                               data-insert-dropzone-before="1"
-                               data-file-irre-object="'.htmlspecialchars($objectPrefix).'"
-                               data-file-allowed="'.htmlspecialchars($allowed).'"
-                               data-target-folder="'.htmlspecialchars($folder->getCombinedIdentifier()).'"
-                               data-max-file-size="'.htmlspecialchars($maxFileSize).'"
-                               ><span class="t3-icon t3-icon-actions t3-icon-actions-edit t3-icon-edit-upload">&nbsp;</span>';
-                       $item .= $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.select-and-submit', TRUE);
-                       $item .= '</a>';
-
-                       $this->loadDragUploadJs();
+                       $folder = $GLOBALS['BE_USER']->getDefaultUploadFolder();
+                       if (
+                               $folder instanceof \TYPO3\CMS\Core\Resource\Folder
+                               && $folder->checkActionPermission('add')
+                       ) {
+                               $maxFileSize = GeneralUtility::getMaxUploadFileSize() * 1024;
+                               $item .= ' <a href="#" class="t3-button t3-drag-uploader"
+                                       style="display:none"
+                                       data-dropzone-target="#' . htmlspecialchars($this->inlineNames['object']) . '"
+                                       data-insert-dropzone-before="1"
+                                       data-file-irre-object="' . htmlspecialchars($objectPrefix) . '"
+                                       data-file-allowed="' . htmlspecialchars($allowed) . '"
+                                       data-target-folder="' . htmlspecialchars($folder->getCombinedIdentifier()) . '"
+                                       data-max-file-size="' . htmlspecialchars($maxFileSize) . '"
+                                       ><span class="t3-icon t3-icon-actions t3-icon-actions-edit t3-icon-edit-upload">&nbsp;</span>';
+                               $item .= $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.select-and-submit', TRUE);
+                               $item .= '</a>';
+
+                               $this->loadDragUploadJs();
+                       }
                }
                return $item;
        }