[BUGFIX] Check access right in the backend LiveSearch 00/41600/2
authorTim Lochmueller <tim@fruit-lab.de>
Fri, 17 Jul 2015 19:55:04 +0000 (21:55 +0200)
committerBenjamin Mack <benni@typo3.org>
Fri, 17 Jul 2015 23:00:22 +0000 (01:00 +0200)
Check the access right against BE user (tables_select and
tables_modify) to avoid wrong records in the LiveSearch
of editors.

Resolves: #64536
Releases: master
Change-Id: I7369da0bf6a2210eacf1ab60b2ca0960d93218d1
Reviewed-on: http://review.typo3.org/41600
Reviewed-by: Marco Huber <mail@marco-huber.de>
Tested-by: Marco Huber <mail@marco-huber.de>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Search/LiveSearch/LiveSearch.php

index 74cf522..9bdb3d9 100644 (file)
@@ -148,6 +148,10 @@ class LiveSearch {
                $limit = $this->limitCount;
                $getRecordArray = array();
                foreach ($GLOBALS['TCA'] as $tableName => $value) {
+                       // if no access for the table (read or write), skip this table
+                       if (!$GLOBALS['BE_USER']->check('tables_select', $tableName) && !$GLOBALS['BE_USER']->check('tables_modify', $tableName) ){
+                               continue;
+                       }
                        $recordArray = $this->findByTable($tableName, $pageIdList, '0,' . $limit);
                        $recordCount = count($recordArray);
                        if ($recordCount) {