[BUGFIX] BackendUserAuthentication checks wrong BE user permission 66/49866/3
authorFelix Rauch <rauch@skaiamail.de>
Mon, 5 Sep 2016 15:50:27 +0000 (17:50 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Wed, 28 Sep 2016 12:36:52 +0000 (14:36 +0200)
In BackendUserAuthentication::getDefaultUploadFolder, the addFolder
permission flag is checked instead of the writeFolder permission flag in
determining whether the folder is writable and thus suitable as an
upload target.

This fix changes the behaviour to check for the BE user's "writeFolder"
permission flag.

Resolves: #77856
Releases: master, 7.6
Change-Id: Ib78f8f3d371780e2687b30bd402a7beaa44ec700
Reviewed-on: https://review.typo3.org/49866
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Michael Oehlhof <typo3@oehlhof.de>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php

index d6e5b30..538267d 100644 (file)
@@ -1898,7 +1898,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                 if ($storage->isDefault() && $storage->isWritable()) {
                     try {
                         $uploadFolder = $storage->getDefaultFolder();
-                        if ($uploadFolder->checkActionPermission('add')) {
+                        if ($uploadFolder->checkActionPermission('write')) {
                             break;
                         }
                         $uploadFolder = null;
@@ -1914,7 +1914,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                     if ($storage->isWritable()) {
                         try {
                             $uploadFolder = $storage->getDefaultFolder();
-                            if ($uploadFolder->checkActionPermission('add')) {
+                            if ($uploadFolder->checkActionPermission('write')) {
                                 break;
                             }
                             $uploadFolder = null;