[BUGFIX] Resolve asterisk in allowed tables for suggest wizard 47/20047/6
authorNicole Cordes <typo3@cordes.co>
Sun, 21 Apr 2013 00:08:19 +0000 (02:08 +0200)
committerGeorg Ringer <georg.ringer@gmail.com>
Sat, 4 May 2013 08:46:32 +0000 (10:46 +0200)
In the suggest ajax script the setting of allowed tables is not parsed for
the asterisk (*). If it is set all TCA tables should be parsed and checked
for access and added to queryTables array.

Change-Id: I0a02b9fc7fbfd094e1d3aaf2c7853be8eee13248
Fixes: #21588
Releases: 6.1, 6.0, 4.7, 4.5
Reviewed-on: https://review.typo3.org/20047
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
typo3/sysext/backend/Classes/Form/Element/SuggestElement.php

index 1ade0e5..278fc3e 100644 (file)
@@ -155,7 +155,22 @@ class SuggestElement {
                }
                $wizardConfig = $fieldConfig['wizards']['suggest'];
                if (isset($fieldConfig['allowed'])) {
-                       $queryTables = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $fieldConfig['allowed']);
+                       if ($fieldConfig['allowed'] === '*') {
+                               foreach ($GLOBALS['TCA'] as $table => $tableConfig) {
+                                       // TODO: Refactor function to BackendUtility
+                                       if (empty($tableConfig['ctrl']['hideTable'])
+                                               && ($GLOBALS['BE_USER']->isAdmin()
+                                                       || (empty($tableConfig['ctrl']['adminOnly'])
+                                                               && (empty($tableConfig['ctrl']['rootLevel'])
+                                                                       || !empty($tableConfig['ctrl']['security']['ignoreRootLevelRestriction']))))
+                                       ) {
+                                               $queryTables[] = $table;
+                                       }
+                               }
+                               unset($table, $tableConfig);
+                       } else {
+                               $queryTables = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $fieldConfig['allowed']);
+                       }
                } elseif (isset($fieldConfig['foreign_table'])) {
                        $queryTables = array($fieldConfig['foreign_table']);
                        $foreign_table_where = $fieldConfig['foreign_table_where'];