-
Manually accessing backend entry-points regarding files passing an identifier with storage 0 may allow unfiltered access for read, write, rename, create and delete actions. The user interface must never deal with storage 0. Therefore implement checks for storage 0 as protection. Change-Id: Ia387dfac3057760800171163ff91cd9f55cab4b5 Releases: 6.2, 6.1, 6.0 Fixes: #50886 Security-Commit: b813a875ad76aa7860b76602eb1f32dcfc9fadcd Security-Bulletin: TYPO3-CORE-SA-2013-003 Reviewed-on: https://review.typo3.org/23608 Reviewed-by: Oliver Hader Tested-by: Oliver Hader
cbed687f
