[BUGFIX] Add access check in FAL renameFolder() 45/17445/3
authorGeorg Ringer <georg.ringer@gmail.com>
Thu, 10 Jan 2013 09:55:43 +0000 (10:55 +0100)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sat, 12 Jan 2013 15:07:13 +0000 (16:07 +0100)
Currently no access check is done when trying to rename a folder.
This is marked also as todo in the code.

Change-Id: Ie1909804c0ccc7cfa5c495ba98322cad7d712c96
Fixes: #44425
Releases: 6.1,6.0
Reviewed-on: https://review.typo3.org/17445
Reviewed-by: Andreas Wolf
Reviewed-by: Mattias Nilsson
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
typo3/sysext/core/Classes/Resource/ResourceStorage.php

index 2d7b822..f25e42e 100644 (file)
@@ -1415,7 +1415,11 @@ class ResourceStorage {
         */
        public function renameFolder($folderObject, $newName) {
                // TODO unit tests
-               // TODO access checks
+
+               if (!$this->checkFolderActionPermission('rename', $folderObject)) {
+                       throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFileAccessPermissionsException('You are not allowed to rename the folder "' . $folderObject->getIdentifier() . '\'', 1357811441);
+               }
+
                $returnObject = NULL;
                if ($this->driver->folderExistsInFolder($newName, $folderObject)) {
                        throw new \InvalidArgumentException('The folder ' . $newName . ' already exists in folder ' . $folderObject->getIdentifier(), 1325418870);