Commit 9b4b6be5 authored by Stephan Großberndt's avatar Stephan Großberndt Committed by Stefan Neufeind
Browse files

[BUGFIX] Access Close.html from Resources/Public/Html/

Clicking the close button in a editing popup accesses Close.html in
Resources/Public/Html/ which is a folder accessible by a web user
instead of Resources/Private/Templates/ which lead to a HTTP 403 error
on closing the popup.

Releases: master, 8.7, 7.6
Resolves: #83258
Related: #68108
Change-Id: Ibe7e328936240df436a3c9585e53122f1577dc6e
Reviewed-on: https://review.typo3.org/54983


Tested-by: default avatarTYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: default avatarStefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: default avatarStefan Neufeind <typo3.neufeind@speedpartner.de>
parent 04e68467
......@@ -1491,7 +1491,7 @@ class EditDocumentController
*/
protected function getCloseUrl(): string
{
$closeUrl = GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/Close.html');
$closeUrl = GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Public/Html/Close.html');
return PathUtility::getAbsoluteWebPath($closeUrl);
}
......
......@@ -2,7 +2,7 @@
<html>
<head>
<!-- Close script, used in particular by FormEngine to close the current edit window -->
<!-- TYPO3 Script ID: typo3/sysext/backend/Resources/Private/Templates/close.html -->
<!-- TYPO3 Script ID: typo3/sysext/backend/Resources/Private/Templates/Close.html -->
<meta charset="utf-8" />
<title>Close</title>
<script type="text/javascript">
......@@ -12,4 +12,4 @@
</head>
<body>
</body>
</html>
\ No newline at end of file
</html>
<!DOCTYPE html>
<html>
<head>
<!-- Close script, used in particular by FormEngine to close the current edit window -->
<!-- TYPO3 Script ID: typo3/sysext/backend/Resources/Public/Html/Close.html -->
<meta charset="utf-8" />
<title>Close</title>
<script type="text/javascript">
self.close();
window.opener.location.reload(true);
</script>
</head>
<body>
</body>
</html>
......@@ -299,7 +299,7 @@ class FrontendEditPanel
{
$width = MathUtility::forceIntegerInRange($this->backendUser->getTSConfigVal('options.feedit.popupWidth'), 690, 5000, 690);
$height = MathUtility::forceIntegerInRange($this->backendUser->getTSConfigVal('options.feedit.popupHeight'), 500, 5000, 500);
$onclick = 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url . '&returnUrl=' . rawurlencode(PathUtility::getAbsoluteWebPath(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/Close.html')))) . ',\'FEquickEditWindow\',\'width=' . $width . ',height=' . $height . ',status=0,menubar=0,scrollbars=1,resizable=1\');vHWin.focus();return false;';
$onclick = 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url . '&returnUrl=' . rawurlencode(PathUtility::getAbsoluteWebPath(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Public/Html/Close.html')))) . ',\'FEquickEditWindow\',\'width=' . $width . ',height=' . $height . ',status=0,menubar=0,scrollbars=1,resizable=1\');vHWin.focus();return false;';
return '<a href="#" class="typo3-editPanel-btn typo3-editPanel-btn-default frontEndEditIconLinks ' . htmlspecialchars($additionalClasses) . '" onclick="' . htmlspecialchars($onclick) . '" style="display: none;">' . $string . '</a>';
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment