Bug #103079
closedRecord access control: false negative
0%
Description
Exemple: tt_content record with `CType`=text and `list_type` not empty (because record was update form `CType`=list to `CType`=text) coud not be edit by user without `list_type` value access.
\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals check all fields of the table, not only fields used by the current type.
Possible correction :
in \TYPO3\CMS\Core\Authentication\BackendUserAuthentication add the function :
protected function getFieldsByType(string $table, array $row) {
$fields = NULL;
$recordTypeValue = $recordShowitem = '';
if(($GLOBALS['TCA'][$table]['ctrl']['type']??'') && isset($row[$GLOBALS['TCA'][$table]['ctrl']['type']??''])) {
$recordTypeValue = $row[$GLOBALS['TCA'][$table]['ctrl']['type']??''];
}
if($recordTypeValue && ($GLOBALS['TCA'][$table]['types'][$recordTypeValue]['showitem']??'')){
$recordShowitem = $GLOBALS['TCA'][$table]['types'][$recordTypeValue]['showitem'];
}
elseif($GLOBALS['TCA'][$table]['types']['0']['showitem']??'') {
$recordShowitem = $GLOBALS['TCA'][$table]['types']['0']['showitem'];
}
elseif($GLOBALS['TCA'][$table]['types']['1']['showitem']??'') {
$recordShowitem = $GLOBALS['TCA'][$table]['types']['1']['showitem'];
}
$recordShowitem = trim((string)$recordShowitem);
if($recordShowitem) {
$item = GeneralUtility::trimExplode(',', $recordShowitem);
foreach($item as $itemConf) {
$conf = GeneralUtility::trimExplode(';', $itemConf);
if(($conf[0]??'') && !in_array(($conf[0]??''), ['--div--','--palette--']) && isset($GLOBALS['TCA'][$table]['columns'][$conf[0]??''])) {
$fields[] = $conf[0];
}
elseif(($conf[0]??'')=='--palette--' && ($conf[2]??'') && isset($GLOBALS['TCA'][$table]['palettes'][$conf[2]??'']['showitem'])) {
$pItem = GeneralUtility::trimExplode(',', $GLOBALS['TCA'][$table]['palettes'][$conf[2]??'']['showitem']);
foreach($pItem as $pItemConf) {
$paletteConf = GeneralUtility::trimExplode(';', $pItemConf);
if(($paletteConf[0]??'') && ($paletteConf[0]??'')!='--linebreak--' && isset($GLOBALS['TCA'][$table]['columns'][$paletteConf[0]??''])) {
$fields[] = $paletteConf[0];
}
}
}
}
}
return $fields;
}
and
in \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals
replace
// Checking authMode fields:
if (is_array($GLOBALS['TCA'][$table]['columns'])) {
foreach ($GLOBALS['TCA'][$table]['columns'] as $fieldName => $fieldValue) {
by // Checking authMode fields:
$fieldsByType = $this->getFieldsByType($table, $idOrRow);
if (is_array($fieldsByType)) {
foreach ($fieldsByType as $fieldName) {
$fieldValue = $GLOBALS['TCA'][$table]['columns'][$fieldName]??NULL;
Updated by Markus Klein 10 months ago
Thanks for your report. Maybe you can propose your changes to our review system?
The guide can be found here: https://docs.typo3.org/m/typo3/guide-contributionworkflow/main/en-us/
Updated by Oliver Bartsch 5 days ago
- Status changed from New to Closed
Hi, thanks for reporting. I however will close this issue, since we removed the subtypes feature in v14 completely (#105538) to simplify configuration and prevent bugs like the one you reported here.
Bets, Oli