From 5708fafa183ae502a533508d7b1f217ab0a1bd6b Mon Sep 17 00:00:00 2001
From: Alexander Stehlik <alexander.stehlik@googlemail.com>
Date: Mon, 3 Feb 2014 19:57:23 +0100
Subject: [PATCH] [BUGFIX] Check folder access for inline uploader
Before the inline drag and drop upload functionality to the default
upload folder is enabled it is made sure that the upload folder
is initialized and that the user is allowed to add files.
Resolves: #55628
Releases: 6.2
Change-Id: Ia18678dc432c6f0addea33aa0389db54297435e3
Reviewed-on: https://review.typo3.org/27302
Reviewed-by: Lorenz Ulrich
Tested-by: Lorenz Ulrich
Reviewed-by: Wouter Wolters
Reviewed-by: Markus Klein
Tested-by: Markus Klein
---
.../Classes/Form/Element/InlineElement.php | 41 +++++++++++--------
1 file changed, 24 insertions(+), 17 deletions(-)
diff --git a/typo3/sysext/backend/Classes/Form/Element/InlineElement.php b/typo3/sysext/backend/Classes/Form/Element/InlineElement.php
index 7525ce51de5a..95dfc040adad 100644
--- a/typo3/sysext/backend/Classes/Form/Element/InlineElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/InlineElement.php
@@ -864,7 +864,7 @@ class InlineElement {
/**
* Generate a link that opens an element browser in a new window.
- * For group/db there is no way o use a "selector" like a <select>|</select>-box.
+ * For group/db there is no way to use a "selector" like a <select>|</select>-box.
*
* @param array $conf TCA configuration of the parent(!) field
* @param array $PA An array with additional configuration options
@@ -900,24 +900,31 @@ class InlineElement {
$browserParams = '|||' . $allowed . '|' . $objectPrefix . '|inline.checkUniqueElement||inline.importElement';
$onClick = 'setFormValueOpenBrowser(\'' . $mode . '\', \'' . $browserParams . '\'); return false;';
- $item = '<a href="#" class="t3-button" onclick="' . htmlspecialchars($onClick) . '">' . IconUtility::getSpriteIcon('actions-insert-record', array('title' => $createNewRelationText)) . $createNewRelationText . '</a>';
+ $item = '<a href="#" class="t3-button" onclick="' . htmlspecialchars($onClick) . '">';
+ $item .= IconUtility::getSpriteIcon('actions-insert-record', array('title' => $createNewRelationText));
+ $item .= $createNewRelationText . '</a>';
if ($showUpload && $this->fObj->edit_docModuleUpload) {
- $maxFileSize = GeneralUtility::getMaxUploadFileSize() * 1024;
- $folder = $folder = $GLOBALS['BE_USER']->getDefaultUploadFolder();
- $item .= ' <a href="#" class="t3-button t3-drag-uploader"
- style="display:none"
- data-dropzone-target="#'.htmlspecialchars($this->inlineNames['object']).'"
- data-insert-dropzone-before="1"
- data-file-irre-object="'.htmlspecialchars($objectPrefix).'"
- data-file-allowed="'.htmlspecialchars($allowed).'"
- data-target-folder="'.htmlspecialchars($folder->getCombinedIdentifier()).'"
- data-max-file-size="'.htmlspecialchars($maxFileSize).'"
- ><span class="t3-icon t3-icon-actions t3-icon-actions-edit t3-icon-edit-upload"> </span>';
- $item .= $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.select-and-submit', TRUE);
- $item .= '</a>';
-
- $this->loadDragUploadJs();
+ $folder = $GLOBALS['BE_USER']->getDefaultUploadFolder();
+ if (
+ $folder instanceof \TYPO3\CMS\Core\Resource\Folder
+ && $folder->checkActionPermission('add')
+ ) {
+ $maxFileSize = GeneralUtility::getMaxUploadFileSize() * 1024;
+ $item .= ' <a href="#" class="t3-button t3-drag-uploader"
+ style="display:none"
+ data-dropzone-target="#' . htmlspecialchars($this->inlineNames['object']) . '"
+ data-insert-dropzone-before="1"
+ data-file-irre-object="' . htmlspecialchars($objectPrefix) . '"
+ data-file-allowed="' . htmlspecialchars($allowed) . '"
+ data-target-folder="' . htmlspecialchars($folder->getCombinedIdentifier()) . '"
+ data-max-file-size="' . htmlspecialchars($maxFileSize) . '"
+ ><span class="t3-icon t3-icon-actions t3-icon-actions-edit t3-icon-edit-upload"> </span>';
+ $item .= $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.select-and-submit', TRUE);
+ $item .= '</a>';
+
+ $this->loadDragUploadJs();
+ }
}
return $item;
}
--
GitLab