Skip to content
Commit 5b4563b2 authored by Morton Jonuschat's avatar Morton Jonuschat
Browse files

[BUGFIX] Fix page permissions SQL clause in BackendConfigurationManager 

Instead of passing the simple value "1" to QueryGenerator->getTreeList()
use a page permission clause created using $BE_USER->getPagePermsClause()
when determining the recursive storage pids. Passing the unprocessed value
"1" causes invalid SQL statements and does not perform any access checks.

Releases: master, 7.6
Resolves: #75912
Change-Id: I6edadd627c0a9c01a78c3cb55805455fed710d14
Reviewed-on: https://review.typo3.org/48220


Reviewed-by: default avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: default avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: default avatarWouter Wolters <typo3@wouterwolters.nl>
Tested-by: default avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: default avatarMorton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: default avatarMorton Jonuschat <m.jonuschat@mojocode.de>
parent 918ef519
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment