• Steffen Ritter's avatar
    [SECURITY] Prohibit accessing storage 0 from backend UI · cbed687f
    Steffen Ritter authored and Oliver Hader's avatar Oliver Hader committed
    Manually accessing backend entry-points regarding files passing
    an identifier with storage 0 may allow unfiltered access for read,
    write, rename, create and delete actions.
    
    The user interface must never deal with storage 0. Therefore
    implement checks for storage 0 as protection.
    
    Change-Id: Ia387dfac3057760800171163ff91cd9f55cab4b5
    Releases: 6.2, 6.1, 6.0
    Fixes: #50886
    Security-Commit: b813a875ad76aa7860b76602eb1f32dcfc9fadcd
    Security-Bulletin: TYPO3-CORE-SA-2013-003
    Reviewed-on: https://review.typo3.org/23608
    Reviewed-by: Oliver Hader
    Tested-by: Oliver Hader
    cbed687f