Bug #87048

File search searches in forbidden folders => InsufficientFolderAccessPermissionsException

Added by Philipp Seiler 8 months ago. Updated 24 days ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2018-11-30
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
Tags:
search
Complexity:
Is Regression:
Sprint Focus:

Description

- A backend user has certain folder permissions in fileadmin, not the whole fileadmin directory.
- User searches in one of those folders, e.g. the letter "a".
- Within the searched folder, any file containing the letters "a" will be found.

- However: TYPO3 also searches for files by metadata!
- This includes files in user_upload directory.
- Any file in user_upload with the letter "a" will be found as well!
- user_upload is however not accessible by the user
- Therefore \TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException is thrown.

Problem originates from \TYPO3\CMS\Core\Resource\FileRepository:
Here the searchByName-Method not only searches in the selected directory, but also metadata:

$fileRecords = $this->getFileIndexRepository()->findByFolders($folders, false, $fileName);
$fileRecords = array_merge($fileRecords, $this->getFileIndexRepository()->findBySearchWordInMetaData($fileName));

Quick solution

Simply remove the line which searches in metadata.

Proper solution

Respect accessible/forbidden folders when searching for files in the backend.


Related issues

Related to TYPO3 Core - Bug #87610: Filelist Search - Add constraint to avoid searching of records marked as missing. Closed 2019-02-01

History

#1 Updated by Guido Schmechel 7 months ago

There is patchset which is related to this issue: https://review.typo3.org/c/58985/

#2 Updated by Susanne Moog 4 months ago

  • Tags set to search

#3 Updated by Markus Klein 24 days ago

  • Related to Bug #87610: Filelist Search - Add constraint to avoid searching of records marked as missing. added

#4 Updated by Markus Klein 24 days ago

It is an intended feature to search in metadata too. IMO this is a good feature.
But of course it should not search in non-accessible stuff.

Besides that: I hope you correctly configured the default upload folder for the users then, if user_upload (the factory default) is not accessible.

Also available in: Atom PDF