[BUGFIX] Re-enables fileDenyPattern check for admin users 29/48329/2
authorTorben Hansen <derhansen@gmail.com>
Thu, 26 May 2016 19:20:23 +0000 (21:20 +0200)
committerHelmut Hummel <helmut.hummel@typo3.org>
Fri, 27 May 2016 17:50:37 +0000 (19:50 +0200)
commite549bd999ac4ba4a06f5d3b972431e142af2c0e1
treea4d788fd029e4dc76f693bea80f59adb388338ed
parent5bd1c2483d8bbbfaec6519d8c00ac245e41ec045
[BUGFIX] Re-enables fileDenyPattern check for admin users

When an admin user tries to upload a file which has a fileextension
that is included in the fileDenyPattern, the upload is denied.

With the security fix in #51326 admin users are now able to change
the extension of a file to any value, since the fileDenyPattern is
not checked for admin users. This leads to the situation, that admin
users can create/rename files in the filelist with a fileextension
of their choice.

To keep the behavior consistent, this patch re-enables the check
of the fileDenyPattern for admin users in the filelist.

Resolves: #60173
Releases: master, 7.6, 6.2
Change-Id: I3b819e70cf2218a4580203ac7b7a6b0c3c5087ab
Reviewed-on: https://review.typo3.org/48329
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/core/Classes/Resource/ResourceStorage.php
typo3/sysext/core/Tests/Unit/Resource/ResourceStorageTest.php