[BUGFIX] Use strict authMode access check for list_type 67/45167/2
authorFrank Nägler <frank.naegler@typo3.org>
Mon, 7 Dec 2015 12:14:34 +0000 (13:14 +0100)
committerGeorg Ringer <georg.ringer@gmail.com>
Mon, 7 Dec 2015 12:34:52 +0000 (13:34 +0100)
Enforcing a strict authMode check is required to make sure
that editors only see those content elements of type CType='list'
which they are allowed to see.

Resolves: #32209
Releases: master, 6.2
Change-Id: I47f92a03a3dacbbf686fd9592ea679a40f3a828b
Reviewed-on: https://review.typo3.org/45167
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
typo3/sysext/frontend/Configuration/TCA/tt_content.php

index c57751d..b7621d4 100644 (file)
@@ -1193,6 +1193,7 @@ return array(
                                'itemsProcFunc' => 'user_sortPluginList',
                                'default' => '',
                                'authMode' => $GLOBALS['TYPO3_CONF_VARS']['BE']['explicitADmode'],
+                               'authMode_enforce' => 'strict',
                                'iconsInOptionTags' => 1,
                                'noIconsBelowSelect' => 1
                        )