Bug #22179 » 13650-sysaction-disclosure-4_2-v2.patch
| typo3/sysext/sys_action/class.tx_sysaction.php (revision ) | ||
|---|---|---|
|
$data["be_users"][$key]["disable"]=intval($arr[$key]["disable"]);
|
||
|
$data["be_users"][$key]["admin"]=0;
|
||
|
$data["be_users"][$key]["usergroup"] = $this->fixUserGroup($data["be_users"][$key]["usergroup"],$actionRow["t1_allowed_groups"],$arr[$key]["usergroups"]);
|
||
|
$data["be_users"][$key]["db_mountpoints"]=$arr[$key]["db_mountpoints"];
|
||
|
$data["be_users"][$key]["db_mountpoints"]=$this->fixDbMount($arr[$key]["db_mountpoints"]);
|
||
|
$data["be_users"][$key]["createdByAction"]=$actionRow["uid"];
|
||
|
}
|
||
|
} else {
|
||
| ... | ... | |
|
$data["be_users"][$key]["disable"]=intval($arr[$key]["disable"]);
|
||
|
$data["be_users"][$key]["admin"]=0;
|
||
|
$data["be_users"][$key]["usergroup"] = $this->fixUserGroup($beRec["usergroup"],$actionRow["t1_allowed_groups"],$arr[$key]["usergroups"]);
|
||
|
$data["be_users"][$key]["db_mountpoints"]=$arr[$key]["db_mountpoints"];
|
||
|
$data["be_users"][$key]["db_mountpoints"]=$this->fixDbMount($arr[$key]["db_mountpoints"]);
|
||
|
$nId=$key;
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
return $prefix.$username;
|
||
|
} else return false;
|
||
|
}
|
||
|
/**
|
||
|
* @param array $curUserGroup Group array in which the user is already in
|
||
|
* @param array $allowedGroups Groups this task allows the be users to be in
|
||
|
* @param array $inGroups List of groups the user wants to be in, comes from $_POST
|
||
|
* @return string
|
||
|
*/
|
||
|
function fixUserGroup($curUserGroup,$allowedGroups,$inGroups) {
|
||
|
// User group:
|
||
|
// All current groups:
|
||
| ... | ... | |
|
if (is_array($inGroups)) {
|
||
|
reset($inGroups);
|
||
|
while(list(,$gu)=each($inGroups)) {
|
||
|
$gu = intval($gu);
|
||
|
$checkGr = t3lib_BEfunc::getRecord("be_groups",$gu);
|
||
|
if (is_array($checkGr) && in_array($gu,$grList)) {
|
||
|
$cGroups[]=$gu;
|
||
| ... | ... | |
|
}
|
||
|
return implode(",",$cGroups);
|
||
|
}
|
||
|
/**
|
||
|
* Clean the to be applied DB-Mounts from not allowed ones
|
||
|
*
|
||
|
* @param string $appliedDbMounts: List of pages like pages_123,pages456
|
||
|
* @return string Cleaned list
|
||
|
*/
|
||
|
function fixDbMount($appliedDbMounts) {
|
||
|
if (!empty($appliedDbMounts) && !$GLOBALS['BE_USER']->isAdmin()) {
|
||
|
$cleanDbMountList = array();
|
||
|
$dbMounts = t3lib_div::trimExplode(',', $appliedDbMounts, 1);
|
||
|
// walk through every wanted DB-Mount and check if it is allowed for the current user
|
||
|
foreach ($dbMounts as $dbMount) {
|
||
|
$uid = intval(substr($dbMount, (strrpos($dbMount, '_') + 1)));
|
||
|
$page = t3lib_BEfunc::getRecord('pages', $uid);
|
||
|
// check rootline and access rights
|
||
|
if ($this->checkRootline($uid) && $GLOBALS['BE_USER']->calcPerms($page)) {
|
||
|
$cleanDbMountList[] = 'pages_' . $uid;
|
||
|
}
|
||
|
}
|
||
|
$appliedDbMounts = implode(',', $cleanDbMountList);
|
||
|
}
|
||
|
return $appliedDbMounts;
|
||
|
}
|
||
|
/**
|
||
|
* Check if a page is inside the rootline the current user can see
|
||
|
*
|
||
|
* @param int $pageId: Id of the the page to be checked
|
||
|
* @return boolean Access to the page
|
||
|
*/
|
||
|
function checkRootline($pageId) {
|
||
|
$access = FALSE;
|
||
|
$dbMounts = array_flip(explode(',', trim($GLOBALS['BE_USER']->dataLists['webmount_list'], ',')));
|
||
|
$rootline = t3lib_BEfunc::BEgetRootLine($pageId);
|
||
|
foreach ($rootline as $page) {
|
||
|
if (isset($dbMounts[$page['uid']]) && !$access) {
|
||
|
$access = TRUE;
|
||
|
}
|
||
|
}
|
||
|
return $access;
|
||
|
}
|
||
|
function action_createDir($uid) {
|
||
|
$path = $this->action_getUserMainDir();
|
||
|
if ($path) {
|
||