Project

General

Profile

Actions
Copy link

Bug #103079

open

Record access control: false negative

Added by David CADU 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2024-02-07
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Exemple: tt_content record with `CType`=text and `list_type` not empty (because record was update form `CType`=list to `CType`=text) coud not be edit by user without `list_type` value access.

\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals check all fields of the table, not only fields used by the current type.

Possible correction :
in \TYPO3\CMS\Core\Authentication\BackendUserAuthentication add the function :

  protected function getFieldsByType(string $table, array $row) {
    $fields = NULL;
    $recordTypeValue = $recordShowitem = '';
    if(($GLOBALS['TCA'][$table]['ctrl']['type']??'') && isset($row[$GLOBALS['TCA'][$table]['ctrl']['type']??''])) {
      $recordTypeValue = $row[$GLOBALS['TCA'][$table]['ctrl']['type']??''];
    }

    if($recordTypeValue && ($GLOBALS['TCA'][$table]['types'][$recordTypeValue]['showitem']??'')){
      $recordShowitem = $GLOBALS['TCA'][$table]['types'][$recordTypeValue]['showitem'];
    }
    elseif($GLOBALS['TCA'][$table]['types']['0']['showitem']??'') {
      $recordShowitem = $GLOBALS['TCA'][$table]['types']['0']['showitem'];
    }
    elseif($GLOBALS['TCA'][$table]['types']['1']['showitem']??'') {
      $recordShowitem = $GLOBALS['TCA'][$table]['types']['1']['showitem'];
    }

    $recordShowitem = trim((string)$recordShowitem);
    if($recordShowitem) {
      $item = GeneralUtility::trimExplode(',', $recordShowitem);
      foreach($item as $itemConf) {
        $conf = GeneralUtility::trimExplode(';', $itemConf);
        if(($conf[0]??'') && !in_array(($conf[0]??''), ['--div--','--palette--']) && isset($GLOBALS['TCA'][$table]['columns'][$conf[0]??''])) {
          $fields[] = $conf[0];
        }
        elseif(($conf[0]??'')=='--palette--' && ($conf[2]??'') && isset($GLOBALS['TCA'][$table]['palettes'][$conf[2]??'']['showitem'])) {
          $pItem = GeneralUtility::trimExplode(',', $GLOBALS['TCA'][$table]['palettes'][$conf[2]??'']['showitem']);
          foreach($pItem as $pItemConf) {
            $paletteConf = GeneralUtility::trimExplode(';', $pItemConf);
            if(($paletteConf[0]??'') && ($paletteConf[0]??'')!='--linebreak--' && isset($GLOBALS['TCA'][$table]['columns'][$paletteConf[0]??''])) {
              $fields[] = $paletteConf[0];
            }
          }
        }
      }
    }
    return $fields;
  }

and
in \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals
replace 

    // Checking authMode fields:
    if (is_array($GLOBALS['TCA'][$table]['columns'])) {
      foreach ($GLOBALS['TCA'][$table]['columns'] as $fieldName => $fieldValue) {
by
    // Checking authMode fields:
    $fieldsByType = $this->getFieldsByType($table, $idOrRow);
    if (is_array($fieldsByType)) {
      foreach ($fieldsByType as $fieldName) {
        $fieldValue = $GLOBALS['TCA'][$table]['columns'][$fieldName]??NULL;

Actions
Copy link
 #1

Updated by Markus Klein 3 months ago

Thanks for your report. Maybe you can propose your changes to our review system?
The guide can be found here: https://docs.typo3.org/m/typo3/guide-contributionworkflow/main/en-us/

Actions
Copy link

Also available in: Atom PDF