Actions
Bug #100153
closed
ADMCMD_simUser vs. dumpFile-Link
Status:
Closed
Priority:
Could have
Assignee:
-
Category:
-
Target version:
-
Start date:
2023-03-13
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
When previewing an access protected page (with GET parameter ADMCMD_simUser on the URL) this parameter seems not to be attached to the "dumpFile" URL that is being created for non-public files via EXT:core/Classes/Resource/ResourceStorage.php#L1404-L1417
if ($publicUrl === null && $resourceObject instanceof FileInterface) {
$queryParameterArray = ['eID' => 'dumpFile', 't' => ''];
if ($resourceObject instanceof File) {
$queryParameterArray['f'] = $resourceObject->getUid();
$queryParameterArray['t'] = 'f';
} elseif ($resourceObject instanceof ProcessedFile) {
$queryParameterArray['p'] = $resourceObject->getUid();
$queryParameterArray['t'] = 'p';
}
$queryParameterArray['token'] = GeneralUtility::hmac(implode('|', $queryParameterArray), 'resourceStorageDumpFile');
$publicUrl = GeneralUtility::locationHeaderUrl(PathUtility::getAbsoluteWebPath(Environment::getPublicPath() . '/index.php'));
$publicUrl .= '?' . http_build_query($queryParameterArray, '', '&', PHP_QUERY_RFC3986);
}
Since we're using EXT:fal_securedownload this might not be a core issue but one of said extension. But I thought I start on force...
Setup:
- TYPO3 10.4.36
- EXT:fal_securedownload 3.0.2
Updated by 
Updated by 
Updated by
Actions