Project

General

Profile

Actions

Bug #67148

closed

Can only access first mount point

Added by Xavier Perseguers over 9 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2015-05-26
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.6
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:
Stabilization Sprint

Description

Since the merge of #64759, whenever a user has more than 1 mount point, he only can access the first one in File > List. Trying to access other ones crashes with:

#1375955684: You are not allowed to access the given folder

How-to reproduce

Let’s assume you have following directory structure:

fileadmin
     directory1
          directory1.1
          directory1.2

Now you define two mount points on directory1.1 and directory1.2 and assign them to a simple user. When you log in and go to file list, you can successfully open mount point for directory1.1 but not for directory1.2 since \TYPO3\CMS\Core\Resource\Folder::getReadablePath does that:

        if ($rootId === NULL) {
            $rootId = $this->storage->getRootLevelFolder()->getIdentifier();
        }

this method is called from FileList with rootId = NULL. As such it defines rootId as directory1.1 and then directory1.2 not being equal to directory1.1 it checks if you have access to parent folder (directory1) which is of course not the case:

        if ($this->identifier !== $rootId) {
            $readablePath = $this->getParentFolder()->getReadablePath($rootId);
        }

in short you have access to first mount point and not any other.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #76441: Update storage index (scheduler) and file mountsClosed2016-06-03

Actions
Follows TYPO3 Core - Bug #64759: File list shows folder identifier instead of pathClosed2015-02-02

Actions
Actions #1

Updated by Xavier Perseguers over 9 years ago

  • Subject changed from Cannot only access first mount point to Can only access first mount point
Actions #2

Updated by Xavier Perseguers over 9 years ago

  • Description updated (diff)
Actions #3

Updated by Xavier Perseguers over 9 years ago

  • Status changed from New to Accepted
Actions #4

Updated by Xavier Perseguers over 9 years ago

Analyse

Problem is that a call to ->getParentFolder() will call in turn \TYPO3\CMS\Core\Resource\ResourceStorage::assureFolderReadPermission on it and this is why it crashes!

Actions #5

Updated by Gerrit Code Review over 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39747

Actions #6

Updated by Frans Saris over 9 years ago

I think we should go for:

    public function getReadablePath($rootId = NULL) {
        $oldPermissionFlag = $this->getStorage()->getEvaluatePermissions();
        $this->getStorage()->setEvaluatePermissions(FALSE);
        if ($rootId === NULL) {
            $rootId = $this->storage->getRootLevelFolder()->getIdentifier();
        }
        $readablePath = '';
        if ($this->identifier !== $rootId) {
            $readablePath = $this->getParentFolder()->getReadablePath($rootId);
        }
        $this->getStorage()->setEvaluatePermissions($oldPermissionFlag);
        return $readablePath . $this->name . '/';
    }

As information disclosure (naming of the full path) was no issue prior to the change, the temporary disabling of the permissions check isn't an issue.

Actions #7

Updated by Frans Saris over 9 years ago

Will provide a patch tomorrow is not done by someone else already

Actions #8

Updated by Frans Saris over 9 years ago

ok, issue is

if ($rootId === NULL) {
            $rootId = $this->storage->getRootLevelFolder()->getIdentifier();
        }

and not the permissions part. getRootLevelFolder() returns the first readable mount point instead "current" mount point.

Actions #9

Updated by Gerrit Code Review over 9 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39767

Actions #10

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39767

Actions #11

Updated by Gerrit Code Review over 9 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/39787

Actions #12

Updated by Frans Saris over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #13

Updated by Riccardo De Contardi about 7 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF