[BUGFIX] Access Close.html from Resources/Public/Html/ 83/54983/2
authorStephan Großberndt <stephan@grossberndt.de>
Fri, 8 Dec 2017 11:16:16 +0000 (12:16 +0100)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Fri, 8 Dec 2017 14:31:52 +0000 (15:31 +0100)
Clicking the close button in a editing popup accesses Close.html in
Resources/Public/Html/ which is a folder accessible by a web user
instead of Resources/Private/Templates/ which lead to a HTTP 403 error
on closing the popup.

Releases: master, 8.7, 7.6
Resolves: #83258
Related: #68108
Change-Id: Ibe7e328936240df436a3c9585e53122f1577dc6e
Reviewed-on: https://review.typo3.org/54983
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Resources/Private/Templates/Close.html
typo3/sysext/backend/Resources/Public/Html/Close.html [new file with mode: 0644]
typo3/sysext/feedit/Classes/FrontendEditPanel.php

index 27f7100..aa253cf 100644 (file)
@@ -1491,7 +1491,7 @@ class EditDocumentController
      */
     protected function getCloseUrl(): string
     {
-        $closeUrl = GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/Close.html');
+        $closeUrl = GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Public/Html/Close.html');
         return PathUtility::getAbsoluteWebPath($closeUrl);
     }
 
index e5fbc77..5a0cfc5 100644 (file)
@@ -2,7 +2,7 @@
 <html>
        <head>
                <!-- Close script, used in particular by FormEngine to close the current edit window -->
-               <!-- TYPO3 Script ID: typo3/sysext/backend/Resources/Private/Templates/close.html -->
+               <!-- TYPO3 Script ID: typo3/sysext/backend/Resources/Private/Templates/Close.html -->
                <meta charset="utf-8" />
                <title>Close</title>
                <script type="text/javascript">
@@ -12,4 +12,4 @@
        </head>
        <body>
        </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/typo3/sysext/backend/Resources/Public/Html/Close.html b/typo3/sysext/backend/Resources/Public/Html/Close.html
new file mode 100644 (file)
index 0000000..1a4faf6
--- /dev/null
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+       <head>
+               <!-- Close script, used in particular by FormEngine to close the current edit window -->
+               <!-- TYPO3 Script ID: typo3/sysext/backend/Resources/Public/Html/Close.html -->
+               <meta charset="utf-8" />
+               <title>Close</title>
+               <script type="text/javascript">
+                       self.close();
+                       window.opener.location.reload(true);
+               </script>
+       </head>
+       <body>
+       </body>
+</html>
index 011873e..fcc311b 100644 (file)
@@ -299,7 +299,7 @@ class FrontendEditPanel
     {
         $width = MathUtility::forceIntegerInRange($this->backendUser->getTSConfigVal('options.feedit.popupWidth'), 690, 5000, 690);
         $height = MathUtility::forceIntegerInRange($this->backendUser->getTSConfigVal('options.feedit.popupHeight'), 500, 5000, 500);
-        $onclick = 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url . '&returnUrl=' . rawurlencode(PathUtility::getAbsoluteWebPath(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/Close.html')))) . ',\'FEquickEditWindow\',\'width=' . $width . ',height=' . $height . ',status=0,menubar=0,scrollbars=1,resizable=1\');vHWin.focus();return false;';
+        $onclick = 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url . '&returnUrl=' . rawurlencode(PathUtility::getAbsoluteWebPath(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Public/Html/Close.html')))) . ',\'FEquickEditWindow\',\'width=' . $width . ',height=' . $height . ',status=0,menubar=0,scrollbars=1,resizable=1\');vHWin.focus();return false;';
         return '<a href="#" class="typo3-editPanel-btn typo3-editPanel-btn-default frontEndEditIconLinks ' . htmlspecialchars($additionalClasses) . '" onclick="' . htmlspecialchars($onclick) . '" style="display: none;">' . $string . '</a>';
     }