Bug #42601

Content Security: QOM rewriting is omitted if used in certain cases in an Action Controller

Added by Robert Lemke almost 9 years ago. Updated about 8 years ago.

Status:
Under Review
Priority:
Must have
Assignee:
Category:
Security
Start date:
2012-11-01
Due date:
% Done:

100%

Estimated time:
PHP Version:
5.4
Has patch:
No
Complexity:
medium

Description

The QOM Query Rewriting Aspect checks if the security context is initialized. If it is not yet initialized, it will suspend query rewriting and just proceed to call the execute() or count() method.

This may be a problem because it is not defined when the security context is initialized. It can does happen that if no getRole() etc. methods have been called previously (no user is logged in), content is shown which must not be visible.

This issue is, however, quite predictable and becomes apparent during development already.


Related issues

Related to TYPO3.Flow - Bug #42758: Unit test for PersistenceQueryRewritingAspect brokenResolvedKarsten Dambekalns2012-11-07

Actions
Related to TYPO3.Flow - Bug #44765: Functional test brokenResolvedKarsten Dambekalns2013-01-23

Actions
#1

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16106

#2

Updated by Robert Lemke almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#3

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch FLOW3-1.1 has been pushed to the review server.
It is available at https://review.typo3.org/17084

#4

Updated by Karsten Dambekalns almost 9 years ago

  • Target version changed from 2.0 beta 1 to 2.0
#6

Updated by Robert Lemke over 8 years ago

  • Status changed from Under Review to Resolved
#7

Updated by Gerrit Code Review over 8 years ago

  • Status changed from Resolved to Under Review

Patch set 2 for branch FLOW3-1.1 has been pushed to the review server.
It is available at https://review.typo3.org/17084

#8

Updated by Karsten Dambekalns about 8 years ago

  • Target version changed from 2.0 to 2.0.1

Also available in: Atom PDF