Bug #22179 » 13650-sysaction-disclosure.patch
| typo3/sysext/sys_action/class.tx_sysaction.php (Arbeitskopie) | ||
|---|---|---|
|
$data["be_users"][$key]["email"]=$arr[$key]["email"];
|
||
|
$data["be_users"][$key]["disable"]=intval($arr[$key]["disable"]);
|
||
|
$data["be_users"][$key]["admin"]=0;
|
||
|
$data["be_users"][$key]["usergroup"] = $this->fixUserGroup($data["be_users"][$key]["usergroup"],$actionRow["t1_allowed_groups"],$arr[$key]["usergroups"]);
|
||
|
$data["be_users"][$key]["db_mountpoints"]=$arr[$key]["db_mountpoints"];
|
||
|
$data["be_users"][$key]["usergroup"] = $this->fixUserGroup($arr[$key]['usergroups'], $actionRow);
|
||
|
$data["be_users"][$key]["db_mountpoints"] = $this->fixDbMount($arr[$key]['db_mountpoints']);
|
||
|
$data["be_users"][$key]["createdByAction"]=$actionRow["uid"];
|
||
|
}
|
||
|
} else {
|
||
| ... | ... | |
|
$data["be_users"][$key]["email"]=$arr[$key]["email"];
|
||
|
$data["be_users"][$key]["disable"]=intval($arr[$key]["disable"]);
|
||
|
$data["be_users"][$key]["admin"]=0;
|
||
|
$data["be_users"][$key]["usergroup"] = $this->fixUserGroup($beRec["usergroup"],$actionRow["t1_allowed_groups"],$arr[$key]["usergroups"]);
|
||
|
$data["be_users"][$key]["db_mountpoints"]=$arr[$key]["db_mountpoints"];
|
||
|
$data["be_users"][$key]["usergroup"] = $this->fixUserGroup($arr[$key]['usergroups'], $actionRow);
|
||
|
$data["be_users"][$key]["db_mountpoints"]= $this->fixDbMount($arr[$key]['db_mountpoints']);
|
||
|
$nId=$key;
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
return $prefix.$username;
|
||
|
} else return false;
|
||
|
}
|
||
|
function fixUserGroup($curUserGroup,$allowedGroups,$inGroups) {
|
||
|
// User group:
|
||
|
// All current groups:
|
||
|
$cGroups = array_flip(t3lib_div::trimExplode(",",$curUserGroup,1));
|
||
|
$grList = t3lib_div::intExplode(",",$allowedGroups);
|
||
|
reset($grList);
|
||
|
while(list(,$gu)=each($grList)) {
|
||
|
unset($cGroups[$gu]); // Remove the group if it's in the array for some reason...
|
||
|
function fixUserGroup($appliedUsergroups, $actionRecord) {
|
||
|
$cleanGroupList = array();
|
||
|
$allowedUsergroups = array_flip(explode(',', $actionRecord['t1_allowed_groups']));
|
||
|
foreach ($appliedUsergroups as $group) {
|
||
|
if (isset($allowedUsergroups[$group])) {
|
||
|
$cleanGroupList[] = $group;
|
||
|
}
|
||
|
}
|
||
|
// reverse array again and set incoming groups:
|
||
|
$cGroups=array_keys($cGroups);
|
||
|
if (is_array($inGroups)) {
|
||
|
reset($inGroups);
|
||
|
while(list(,$gu)=each($inGroups)) {
|
||
|
$checkGr = t3lib_BEfunc::getRecord("be_groups",$gu);
|
||
|
if (is_array($checkGr) && in_array($gu,$grList)) {
|
||
|
$cGroups[]=$gu;
|
||
|
$appliedUsergroups = $cleanGroupList;
|
||
|
return $appliedUsergroups;
|
||
|
}
|
||
|
function fixDbMount($appliedDbMounts) {
|
||
|
if (!empty($appliedDbMounts) && !$GLOBALS['BE_USER']->isAdmin()) {
|
||
|
$cleanDbMountList = array();
|
||
|
$dbMounts = t3lib_div::trimExplode(',', $appliedDbMounts, 1);
|
||
|
// walk through every wanted DB-Mount and check if it is allowed for the current user
|
||
|
foreach ($dbMounts as $dbMount) {
|
||
|
$uid = intval(substr($dbMount, (strrpos($dbMount, '_') + 1)));
|
||
|
$page = t3lib_BEfunc::getRecord('pages', $uid);
|
||
|
// check DB mount and access rights
|
||
|
if ($this->checkDbMountRights($uid) && $GLOBALS['BE_USER']->calcPerms($page)) {
|
||
|
$cleanDbMountList[] = 'pages' . $uid;
|
||
|
}
|
||
|
}
|
||
|
$appliedDbMounts = implode(',', $cleanDbMountList);
|
||
|
}
|
||
|
return implode(",",$cGroups);
|
||
|
return $appliedDbMounts;
|
||
|
}
|
||
|
function checkDbMountRights($pageId) {
|
||
|
$access = FALSE;
|
||
|
$dbMounts = array_flip(explode(',', trim($GLOBALS['BE_USER']->dataLists['webmount_list'], ',')));
|
||
|
$rootline = t3lib_BEfunc::BEgetRootLine($pageId);
|
||
|
foreach ($rootline as $page) {
|
||
|
if (isset($dbMounts[$page['uid']]) && !$access) {
|
||
|
$access = TRUE;
|
||
|
}
|
||
|
}
|
||
|
return $access;
|
||
|
}
|
||
|
function action_createDir($uid) {
|
||
|
$path = $this->action_getUserMainDir();
|
||
|
if ($path) {
|
||