Bug #77856
closed
BackendUserAuthentication::getDefaultUploadFolder checks the wrong permission flag
100%
Description
In BackendUserAuthentication::getDefaultUploadFolder, the addFolder permission flag is checked instead of the writeFolder permission flag in determining whether the folder is writable and thus suitable as an upload target.
I found this issue while checking #77841, which would lead to users not getting the IRRE "Upload file" button if they didn't have the "addFolder" permission.
The steps from the other ticket can be used to reproduce this too:- Create a BE user with any mix of file operation permissions, as long as the "Folder/Directory Add" permission is not given, and "Write Folder" + "Add File" are given.
- As the BE user, create a CE of the type "Text and Media".
- Switch to the "Media" tab in the CE form
- The button is not visible. Via the "Add media" button, files can still be uploaded.
In this case (with #77841 fixed) the button is not visible, due to (as can be seen when stepping through with e.g. XDebug) no folder suitable for uploading files can be found.
Updated by Gerrit Code Review about 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49866
Updated by Gerrit Code Review about 8 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49866
Updated by Gerrit Code Review about 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50054
Updated by Felix Rauch about 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 7be5ced3866b36b352a950da3eaf8db2784b370c.
Updated by