Actions
Bug #80226
closedFrontend user login doesn't respect Delete resctriction
Status:
Rejected
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2017-03-10
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
It's possible to login after frontend user record was deleted.
in sysext/core/Classes/Authentication/AbstractUserAuthentication.php on line 1594 query is created with DeletedRestriction, but DeletedRestriction could not be created correct, because TCA configuration is not set in that moment.
Updated by Frans Saris over 7 years ago
- Status changed from New to Needs Feedback
Did you test latest versions?
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-002/
Updated by Pixelant Developer over 7 years ago
sorry, didn't see that it's fixed already.
Updated by Frans Saris over 7 years ago
- Status changed from Needs Feedback to Rejected
Actions