[BUGFIX] BackendUserAuthentication checks wrong BE user permission 54/50054/2
authorFelix Rauch <rauch@skaiamail.de>
Mon, 5 Sep 2016 15:50:27 +0000 (17:50 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Wed, 28 Sep 2016 12:40:42 +0000 (14:40 +0200)
In BackendUserAuthentication::getDefaultUploadFolder, the addFolder
permission flag is checked instead of the writeFolder permission flag in
determining whether the folder is writable and thus suitable as an
upload target.

This fix changes the behaviour to check for the BE user's "writeFolder"
permission flag.

Resolves: #77856
Releases: master, 7.6
Change-Id: Ib78f8f3d371780e2687b30bd402a7beaa44ec700
Reviewed-on: https://review.typo3.org/50054
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php

index a048cab..e9494d2 100644 (file)
@@ -1830,7 +1830,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                 if ($storage->isDefault() && $storage->isWritable()) {
                     try {
                         $uploadFolder = $storage->getDefaultFolder();
-                        if ($uploadFolder->checkActionPermission('add')) {
+                        if ($uploadFolder->checkActionPermission('write')) {
                             break;
                         }
                         $uploadFolder = null;
@@ -1846,7 +1846,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                     if ($storage->isWritable()) {
                         try {
                             $uploadFolder = $storage->getDefaultFolder();
-                            if ($uploadFolder->checkActionPermission('add')) {
+                            if ($uploadFolder->checkActionPermission('write')) {
                                 break;
                             }
                             $uploadFolder = null;