[BUGFIX] Prevent search upload folder in write protected storages 64/42864/3
authorNicole Cordes <typo3@cordes.co>
Tue, 25 Aug 2015 10:10:17 +0000 (12:10 +0200)
committerPhilipp Gampe <philipp.gampe@typo3.org>
Sat, 5 Sep 2015 20:46:24 +0000 (22:46 +0200)
If a storage is marked as non-writeable there isn't any possibility to
have an upload folder in there. So this storage should be skipped in the
lookup of the default upload folder of an user.

Resolves: #69303
Releases: master, 6.2
Change-Id: If53b5545a6af6aa1d333d48bb0856a5de070fd2d
Reviewed-on: http://review.typo3.org/42864
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Philipp Gampe <philipp.gampe@typo3.org>
Tested-by: Philipp Gampe <philipp.gampe@typo3.org>
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php

index 9579733..5e81df3 100644 (file)
@@ -1787,7 +1787,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                        $uploadFolder = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFolderObjectFromCombinedIdentifier($uploadFolder);
                } else {
                        foreach($this->getFileStorages() as $storage) {
-                               if ($storage->isDefault()) {
+                               if ($storage->isDefault() && $storage->isWritable()) {
                                        try {
                                                $uploadFolder = $storage->getDefaultFolder();
                                                if ($uploadFolder->checkActionPermission('add')) {
@@ -1803,14 +1803,16 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                        if (!$uploadFolder instanceof \TYPO3\CMS\Core\Resource\Folder) {
                                /** @var ResourceStorage $storage */
                                foreach ($this->getFileStorages() as $storage) {
-                                       try {
-                                               $uploadFolder = $storage->getDefaultFolder();
-                                               if ($uploadFolder->checkActionPermission('add')) {
-                                                       break;
+                                       if ($storage->isWritable()) {
+                                               try {
+                                                       $uploadFolder = $storage->getDefaultFolder();
+                                                       if ($uploadFolder->checkActionPermission('add')) {
+                                                               break;
+                                                       }
+                                                       $uploadFolder = NULL;
+                                               } catch (\TYPO3\CMS\Core\Resource\Exception $folderAccessException) {
+                                                       // If the folder is not accessible (no permissions / does not exist) try the next one.
                                                }
-                                               $uploadFolder = NULL;
-                                       } catch (\TYPO3\CMS\Core\Resource\Exception $folderAccessException) {
-                                               // If the folder is not accessible (no permissions / does not exist) try the next one.
                                        }
                                }
                        }