Bug #55307
closed
Undefined error message -> [newlog()] Attempt to delete records from disallowed tables
Added by d.ros no-lastname-given almost 11 years ago.
Updated almost 4 years ago.
Category:
DataHandler aka TCEmain
Description
Reproducability:¶
- create page as admin
- put a TS Template on that page
- push all possible rights to a certain usergroup
- give groupaccess with all flags to that group
- login as groupuser and try to delete the page
does not work. Error message appears -> [newlog()] Attempt to delete records from disallowed tables
- You must delete the TS Setup from that page as Admin. Then the usergroup can delete the page
Expected Behaviour¶
- Give an error message that is understandable.
Files
@Sec-Team: Would it be ok to display the table name that failed here?
Also happens in 4.5.33.
Is there any workaround?
- TYPO3 Version changed from 6.1 to 6.2
The bug is also present in 6.2.12
The error message is:
Exception
[1.0.-1]: [newlog()] Attempt to delete records from disallowed tables
I can understand what happened, but is somehow cryptic: what does "[1.0.-1]: [newlog()]" mean?
Adding the table of the forbidden record could be a good suggestion.
still present on 7.6-dev (latest master) with the same error message
- Target version deleted (
6.2.0)
Still present in TYPO3 6.2.25. Access rights ok and group rights are set for deleting. Editors cannot delete pages below a specific page. All rights for editing are set. Just admins can delete.
Markus Klein wrote:
@Sec-Team: Would it be ok to display the table name that failed here?
Sure it would be ok. But Imho the der facing message should not contain the table name but some hint to contact an admin
and maybe a time. in the log the table (and/or any other useful info) should be listed
Hi,
had the same issue today and after some investigation time, I just figured out that the error message is just incomplete.
People think that they have all permissions on the user and group for the page and so the user should be able to delete the page.
BUT sub records can also be a problem. And TYPO3 is also checking the permissions of subtrees and sub records on the page. The user maybe don`t see the record that is breaking
the expected behavior.
So the real problem is that TYPO3 is not responding with a good error message. If the user gets a message like 'You are not permitted to delete the records of table "foo". '
It will be much easier to understand for integrators, whats going wrong.
I am not sure if the code will be changed when the DataHandler gets overhaul. So maybe it is not needed to add a patch here because the core team will overhaul the datahandler at all.
@helmut But deletePages() does not log informations like tablename and so on. Only the error message that will be returned from canDeletePage(), which is a string, will be saved to the log.
So this is maybe the point for a patch. But I would prefer a correct error message with table name as well.
Tested again on both 7.6.16 and 8.7-dev (latest master) On both cases the error message is the one shown on the attached file
- Category changed from Backend User Interface to DataHandler aka TCEmain
This happens in datahandler:
if (!$this->checkForRecordsFromDisallowedTables($pagesInBranch)) {
return 'Attempt to delete records from disallowed tables';
}
Problem is, that we already return false on the first disallowed table. To show all disallowed tables that check would need to be adjusted (which might have performance implications).
- Status changed from New to Under Review
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Related to Bug #15204: In some cases BE users unable to delete pages added
Is there any chance to get this fixed for 9.5?
- Status changed from Resolved to Closed
I just added the code change to a v8.7 - it worked there too and I found out why the message appeared in the first place. Maybe someone finds this helpful to fix the permissions configuration.
So should be working in v9.5 also.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 