Bug #42601
Content Security: QOM rewriting is omitted if used in certain cases in an Action Controller
100%
Description
The QOM Query Rewriting Aspect checks if the security context is initialized. If it is not yet initialized, it will suspend query rewriting and just proceed to call the execute() or count() method.
This may be a problem because it is not defined when the security context is initialized. It can does happen that if no getRole() etc. methods have been called previously (no user is logged in), content is shown which must not be visible.
This issue is, however, quite predictable and becomes apparent during development already.
Related issues
Updated by Gerrit Code Review over 9 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16106
Updated by Robert Lemke over 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9af3204b3ceb08b488370d6d85802cac87821154.
Updated by Gerrit Code Review over 9 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch FLOW3-1.1 has been pushed to the review server.
It is available at https://review.typo3.org/17084
Updated by
Updated by Gerrit Code Review about 9 years ago
- Status changed from Resolved to Under Review
Patch set 2 for branch FLOW3-1.1 has been pushed to the review server.
It is available at https://review.typo3.org/17084