TYPO3 Core

A backend user has only access to one or more specific folders that are shared via "filemount". When this user now uses the file search, the core calls "TYPO3\CMS\Backend\Controller\FileStorage::filterDataAction" which then calls "$this->treeProvider->prepareFolderInformation($nextFolder);" in a loop, to make sure that the parent folders are all accessible.

During this check the method "TYPO3\CMS\Core\Resource::isWithinFileMountBoundaries()" is called with all the parent folders and fails, since it compares the directory names of the filemounts with all the parent folders and the last one is "/". $this->fileMounts will be looped to check the permissions and it contains the folders that are shared with the current backend user.

If the user only has access to subfolders, e.g. "fileadmin/images" and "fileadmin/documents" we create a filemount "images" and a filemount "documents" with the default storage "fileadmin". (This worked fine till TYPO3 v10)

Throughout this configuration the variable $this->fileMounts will now contain the two filemounts and isWithinFileMountBoundaries will compare "/" with "/images" und "/documents" in "typo3/sysext/core/Classes/Resource/ResourceStorage.php line 634" via "$this->driver->isWithin($folder->getIdentifier(), $identifier)" which is now "$this->driver->isWithin("/images", "/") and it will not match and cause an InsufficientFolderReadPermissionsException.

I can prevent the error if I create for every folder an storage and change the filemount to this storage and the folder to "/", but I don't think that this a the right solution for this problem.