diff --git a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
index 48910292cd20b36e425b2cd7ecd0a4a669a18299..5829287553d074632a4474c2f20c24e658a01db2 100644
--- a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
@@ -658,6 +658,10 @@ class BackendUserAuthentication extends AbstractUserAuthentication
if ((string)$value === '') {
return true;
}
+ // Allow dividers:
+ if ($value === '--div--') {
+ return true;
+ }
// Certain characters are not allowed in the value
if (preg_match('/[:|,]/', $value)) {
return false;
diff --git a/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php b/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
index 843b5922f20ef63906494c90823f7aef434a8b94..b4c42a3b957c7806bff9c4929a554b8fd6f5d012 100644
--- a/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
+++ b/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\Tests\Unit\Authentication;
* The TYPO3 project - inspiring people to share!
*/
+use PHPUnit\Framework\MockObject\MockObject;
use Prophecy\Argument;
use Prophecy\Prophecy\ObjectProphecy;
use Psr\Log\NullLogger;
@@ -780,4 +781,78 @@ class BackendUserAuthenticationTest extends UnitTestCase
self::assertEquals($expected, $subject->getPagePermsClause($perms));
}
+
+ /**
+ * @test
+ * @dataProvider checkAuthModeReturnsExpectedValueDataProvider
+ * @param string $theValue
+ * @param string $authMode
+ * @param bool $expectedResult
+ */
+ public function checkAuthModeReturnsExpectedValue(string $theValue, string $authMode, bool $expectedResult)
+ {
+ /** @var BackendUserAuthentication|MockObject $subject */
+ $subject = $this->getMockBuilder(BackendUserAuthentication::class)
+ ->disableOriginalConstructor()
+ ->onlyMethods(['isAdmin'])
+ ->getMock();
+
+ $subject
+ ->expects(self::any())
+ ->method('isAdmin')
+ ->willReturn(false);
+
+ $subject->groupData['explicit_allowdeny'] =
+ 'dummytable:dummyfield:explicitly_allowed_value:ALLOW,'
+ . 'dummytable:dummyfield:explicitly_denied_value:DENY';
+
+ $result = $subject->checkAuthMode('dummytable', 'dummyfield', $theValue, $authMode);
+ self::assertEquals($expectedResult, $result);
+ }
+
+ public function checkAuthModeReturnsExpectedValueDataProvider(): array
+ {
+ return [
+ 'explicit allow, not allowed value' => [
+ 'non_allowed_field',
+ 'explicitAllow',
+ false,
+ ],
+ 'explicit allow, allowed value' => [
+ 'explicitly_allowed_value',
+ 'explicitAllow',
+ true,
+ ],
+ 'explicit deny, not denied value' => [
+ 'non_denied_field',
+ 'explicitDeny',
+ true,
+ ],
+ 'explicit deny, denied value' => [
+ 'explicitly_denied_value',
+ 'explicitDeny',
+ false,
+ ],
+ 'invalid value colon' => [
+ 'containing:invalid:chars',
+ 'does not matter',
+ false,
+ ],
+ 'invalid value comma' => [
+ 'containing,invalid,chars',
+ 'does not matter',
+ false,
+ ],
+ 'blank value' => [
+ '',
+ 'does not matter',
+ true,
+ ],
+ 'divider' => [
+ '--div--',
+ 'explicitAllow',
+ true,
+ ],
+ ];
+ }
}