[BUGFIX] Correctly check for permissions of a hidden field in context menu 43/56343/2
authorTymoteusz Motylewski <t.motylewski@gmail.com>
Sun, 18 Mar 2018 09:17:46 +0000 (10:17 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Sun, 18 Mar 2018 11:12:02 +0000 (12:12 +0100)
Allow hidden field to not be an exclude field.
See other places in the core where check for check('non_exclude_fields')
is performed.

Resolves: #82785
Releases: master
Change-Id: Id6ab3c7b7dd0c727fe2458eb865c97433184aece
Reviewed-on: https://review.typo3.org/56343
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php

index dde8349..bb80e5e 100644 (file)
@@ -607,8 +607,11 @@ class RecordProvider extends AbstractProvider
         if (isset($GLOBALS['TCA'][$this->table]['ctrl']['enablecolumns']['disabled'])) {
             $hiddenFieldName = $GLOBALS['TCA'][$this->table]['ctrl']['enablecolumns']['disabled'];
             if (
-                $hiddenFieldName !== '' && !empty($GLOBALS['TCA'][$this->table]['columns'][$hiddenFieldName]['exclude'])
-                && $this->backendUser->check('non_exclude_fields', $this->table . ':' . $hiddenFieldName)
+                $hiddenFieldName !== '' && !empty($GLOBALS['TCA'][$this->table]['columns'][$hiddenFieldName])
+                && (
+                    empty($GLOBALS['TCA'][$this->table]['columns'][$hiddenFieldName]['exclude'])
+                    || $this->backendUser->check('non_exclude_fields', $this->table . ':' . $hiddenFieldName)
+                )
             ) {
                 return (int)$this->record[$hiddenFieldName] === (int)$value;
             }