Project

General

Profile

Actions

Bug #105699

open

Using <f:image in SystemEmail trigger exception in backend context

Added by Sebastien Convers 13 days ago. Updated 13 days ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2024-11-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
13
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

To reproduce the bug:

in settings.php

'EXTENSIONS' => [
   'backend' => [
      'loginLogo' => 'fileadmin/user_upload/test.jpg',
   ],
],

in SystemEmail.html, use `<f:image base64="true" src="{typo3.systemConfiguration.backend.loginLogo}" />`

Then, use the "forgot password" link before you log in the backend

It will trigger this exception

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1375955684: You are not allowed to access the given folder: "_processed_" | TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException thrown in file /var/www/html/vendor/typo3/cms-core/Classes/Resource/ResourceStorage.php in line 875. Requested URL: https://test-distrib.ddev.site/typo3/login/password-reset/initiate-reset?loginProvider=1433416747 

A mail sent by EXT:form in a frontend context will work nice as expected.


Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #97733: Test mail setup fails with resources from fileadminUnder Review2022-06-05

Actions
Actions #1

Updated by Sebastien Convers 13 days ago

  • Related to Bug #97733: Test mail setup fails with resources from fileadmin added
Actions #2

Updated by Garvin Hicking 13 days ago

  • Category set to File Abstraction Layer (FAL)
  • Status changed from New to Accepted

This probably is due to the FAL in backend context checking the user permissions, and in your case no valid BE user account exists. I don't have a good idea to solve this - circumventing the BE user checks would allow for possible arbitrary file inclusion. Not using the EXT notation here has some problematic implications. And the mail must be sent in backend context due to other requirements, and we cannot just switch to "frontend mode" for the image generation here without nasty hacks.

Actions

Also available in: Atom PDF