Bug #105699
openUsing <f:image in SystemEmail trigger exception in backend context
0%
Description
To reproduce the bug:
in settings.php
'EXTENSIONS' => [
'backend' => [
'loginLogo' => 'fileadmin/user_upload/test.jpg',
],
],
in SystemEmail.html, use `<f:image base64="true" src="{typo3.systemConfiguration.backend.loginLogo}" />`
Then, use the "forgot password" link before you log in the backend
It will trigger this exception
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1375955684: You are not allowed to access the given folder: "_processed_" | TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException thrown in file /var/www/html/vendor/typo3/cms-core/Classes/Resource/ResourceStorage.php in line 875. Requested URL: https://test-distrib.ddev.site/typo3/login/password-reset/initiate-reset?loginProvider=1433416747
A mail sent by EXT:form in a frontend context will work nice as expected.
Updated by Sebastien Convers 13 days ago
- Related to Bug #97733: Test mail setup fails with resources from fileadmin added
Updated by Garvin Hicking 13 days ago
- Category set to File Abstraction Layer (FAL)
- Status changed from New to Accepted
This probably is due to the FAL in backend context checking the user permissions, and in your case no valid BE user account exists. I don't have a good idea to solve this - circumventing the BE user checks would allow for possible arbitrary file inclusion. Not using the EXT notation here has some problematic implications. And the mail must be sent in backend context due to other requirements, and we cannot just switch to "frontend mode" for the image generation here without nasty hacks.