Commit cbed687f authored by Steffen Ritter's avatar Steffen Ritter Committed by Oliver Hader
Browse files

[SECURITY] Prohibit accessing storage 0 from backend UI

Manually accessing backend entry-points regarding files passing
an identifier with storage 0 may allow unfiltered access for read,
write, rename, create and delete actions.

The user interface must never deal with storage 0. Therefore
implement checks for storage 0 as protection.

Change-Id: Ia387dfac3057760800171163ff91cd9f55cab4b5
Releases: 6.2, 6.1, 6.0
Fixes: #50886
Security-Commit: b813a875ad76aa7860b76602eb1f32dcfc9fadcd
Security-Bulletin: TYPO3-CORE-SA-2013-003
Reviewed-on: https://review.typo3.org/23608
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
parent f48a1c1b
......@@ -120,6 +120,10 @@ class CreateFolderController {
$message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', TRUE);
throw new \RuntimeException($title . ': ' . $message, 1294586843);
}
if ($this->folderObject->getStorage()->getUid() === 0) {
throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException("You are not allowed to access folders outside your storages", 1375889838);
}
// Setting the title and the icon
$icon = \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('apps-filetree-root');
$this->title = $icon . htmlspecialchars($this->folderObject->getStorage()->getName()) . ': ' . htmlspecialchars($this->folderObject->getIdentifier());
......
......@@ -112,6 +112,10 @@ class EditFileController {
$message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', TRUE);
throw new \RuntimeException($title . ': ' . $message, 1294586841);
}
if ($this->fileObject->getStorage()->getUid() === 0) {
throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFileAccessPermissionsException("You are not allowed to access files outside your storages", 1375889832);
}
// Setting the title and the icon
$icon = IconUtility::getSpriteIcon('apps-filetree-root');
$this->title = $icon . htmlspecialchars($this->fileObject->getStorage()->getName()) . ': ' . htmlspecialchars($this->fileObject->getIdentifier());
......
......@@ -106,6 +106,10 @@ class FileUploadController {
if ($this->target) {
$this->folderObject = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->retrieveFileOrFolderObject($this->target);
}
if ($this->folderObject->getStorage()->getUid() === 0) {
throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException("You are not allowed to access folders outside your storages", 1375889834);
}
// Cleaning and checking target directory
if (!$this->folderObject) {
$title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', TRUE);
......
......@@ -107,6 +107,10 @@ class RenameFileController {
$message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', TRUE);
throw new \RuntimeException($title . ': ' . $message, 1294586844);
}
if ($this->fileOrFolderObject->getStorage()->getUid() === 0) {
throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFileAccessPermissionsException("You are not allowed to access files outside your storages", 1375889840);
}
// If a folder should be renamed, AND the returnURL should go to the old directory name, the redirect is forced
// so the redirect will NOT end in a error message
// this case only happens if you select the folder itself in the foldertree and then use the clickmenu to
......
......@@ -527,6 +527,9 @@ class ExtendedFileUtility extends \TYPO3\CMS\Core\Utility\File\BasicFileUtility
if (!is_object($object)) {
throw new \TYPO3\CMS\Core\Resource\Exception\InvalidFileException('The item ' . $identifier . ' was not a file or directory!!', 1320122453);
}
if ($object->getStorage()->getUid() === 0) {
throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFileAccessPermissionsException("You are not allowed to access files outside your storages", 1375889830);
}
return $object;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment