Bug #87048

File search searches in forbidden folders => InsufficientFolderAccessPermissionsException

Added by Philipp Seiler 10 days ago. Updated 1 day ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2018-11-30
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

- A backend user has certain folder permissions in fileadmin, not the whole fileadmin directory.
- User searches in one of those folders, e.g. the letter "a".
- Within the searched folder, any file containing the letters "a" will be found.

- However: TYPO3 also searches for files by metadata!
- This includes files in user_upload directory.
- Any file in user_upload with the letter "a" will be found as well!
- user_upload is however not accessible by the user
- Therefore \TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException is thrown.

Problem originates from \TYPO3\CMS\Core\Resource\FileRepository:
Here the searchByName-Method not only searches in the selected directory, but also metadata:

$fileRecords = $this->getFileIndexRepository()->findByFolders($folders, false, $fileName);
$fileRecords = array_merge($fileRecords, $this->getFileIndexRepository()->findBySearchWordInMetaData($fileName));

Quick solution

Simply remove the line which searches in metadata.

Proper solution

Respect accessible/forbidden folders when searching for files in the backend.

History

#1 Updated by Guido Schmechel 1 day ago

There is patchset which is related to this issue: https://review.typo3.org/c/58985/

Also available in: Atom PDF