Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • T TYPO3.CMS
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 0
    • Issues 0
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 8
    • Merge requests 8
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • accessibilityaccessibility
  • TYPO3.CMS
  • Repository
Switch branch/tag
  • TYPO3.CMS
  • typo3
  • sysext
  • core
  • ext_localconf.php
Find file BlameHistoryPermalink
  • Marc Bastian Heinrichs's avatar
    [SECURITY] Prevent edit of file metadata of files with no access · d3c9706c
    Marc Bastian Heinrichs authored Apr 23, 2014 and Benni Mack's avatar Benni Mack committed Jul 01, 2015
    By forging edit URLs it was possible to edit
    meta data records of files which were not
    within a user mount.
    
    Implement several hooks to check access to the file
    and only grant access to a meta data record if the
    user has access to the file.
    
    Resolves: #56644
    Releases: master, 6.2
    Security-Bulletin: TYPO3-CORE-SA-2015-002
    Change-Id: I0f0704af2e7f01d16b9420f9ba4ac1a7846b5270
    Reviewed-on: http://review.typo3.org/40804
    
    
    Reviewed-by: Benni Mack's avatarBenjamin Mack <benni@typo3.org>
    Tested-by: Benni Mack's avatarBenjamin Mack <benni@typo3.org>
    Reviewed-by: default avatarHelmut Hummel <helmut.hummel@typo3.org>
    Tested-by: default avatarHelmut Hummel <helmut.hummel@typo3.org>
    d3c9706c