Project

General

Profile

Actions
Copy link

Bug #103530

open

ImageViewHelper breaks a BE login provider page with "You cannot read folders"

Added by Krzysztof Putyra about 1 month ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Fluid
Target version:
-
Start date:
2024-04-03
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Overview

I have a backend login provider that displays images using f:image tag with a property height=20. The images are uploaded into fileadmin storage using Filelist module. Loading the page (if no BE user is logged in) results in 503 error and the log contains the message:

component="TYPO3.CMS.Core.Error.ProductionExceptionHandler": Core: Exception handler (WEB: BE): TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException, code #1430657869, file /var/www/typo3_src/typo3/sysext/core/Classes/Resource/ResourceStorage.php, line 874: You are not allowed to read folders - {"mode":"WEB","application_mode":"BE","exception_class":"TYPO3\\CMS\\Core\\Resource\\Exception\\InsufficientFolderAccessPermissionsException","exception_code":1430657869,"file":"/var/www/typo3_src/typo3/sysext/core/Classes/Resource/ResourceStorage.php","line":874,"message":"You are not allowed to read folders","request_url":"http://....../typo3?loginProvider=1706879181","exception":null}

After the same images are displayed elsewhere, the above mentioned login provider page loads successfully.

Steps to reproduce

  1. Failed attempt
    1. Upload an image to fileadmin and store a reference to it somewhere
    2. Create a backend login provider that uses a f:image tag with width parameter to display the uploaded image using its reference
    3. Select this provider on the backend login page - this results in a 503 error.
  2. Successful attempt
    1. Add the same f:image tag to any template that can be displayed on a frontend
    2. Load the page with this template
    3. Go back to the backend login page and select the problematic login provider - now the page loads.

Results of an investigation

Using a debugger I've been able to localize the problem to ImageViewHelper::render() method, line 182 in ImageViewHelper.php:

$processedImage = $this->imageService->applyProcessingInstructions($image, $processingInstructions);

and further to FileProcessingService::processFile(), lines 109-111 in FileProcessingService.php:
if (!$processedFile->isProcessed()) {
    $this->process($processedFile, $targetStorage);
}

Unless the file is already processed, the process() method calls exists() that requires read permission for the fileadmin storage. However, as no user is logged in, all permissions are revoked and the exception is raised.

To confirm, I've forced the processing of the images by displaying them on the frontend (using the same f:image tag), after which the login provider page loads with no problem. In this case the line $processedFile->isProcessed() returned true, so that $this->process(...) was not invoked.

No data to display

Actions
Copy link

Also available in: Atom PDF