Project

General

Profile

Actions
Copy link

Bug #17327

closed

secure filelinks width jumpurl.secure don't check permission recursive

Added by Anliker Hubert almost 17 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2007-05-24
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.1
PHP Version:
5.1
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Secure filelinks with jumpurl.secure = 1 on access restricted pages ignore the group restriction, if the group-restriction is not applied on the same page where the filelink is placed. So when a branch is access-restricted the secure filelinks will only function if every page is access-restricted. Otherwise if the link from the secure filelink is opened directly then you can download the file!

The Problem seems to be the function checkRecord in the class.t3lib_page.php.

The Access-Vaidation must include the rootline.
Compare the Attachement. I added the Access-Validation in the function and made a redirect if the Access is not granted. - It's a rough workaround. It would be great to have a fine solution!

(issue imported from #M5674)

Files

class.t3lib_page.php (51.9 KB) class.t3lib_page.php Administrator Admin, 2007-05-24 14:36
Actions
Copy link

Also available in: Atom PDF