From 7077be752e5e3332ea8945f15459c6b150753298 Mon Sep 17 00:00:00 2001
From: Oliver Bartsch <bo@cedev.de>
Date: Wed, 8 Apr 2020 22:55:48 +0200
Subject: [PATCH] [BUGFIX] Evaluate proper permissions on pasting content

The check if a user is allowed to paste content from the clipboard
now evaluates the content modify and content edit permissions instead
of the page edit permission. This is done in both PageLayoutView and
the fluid based page module.

Resolves: #90961
Releases: master, 9.5
Change-Id: I65a29a9a6cf4ae4e73af28d1319d0b730fd5f5bd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64105
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Josef Glatz <josefglatz@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Josef Glatz <josefglatz@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
---
 .../View/Drawing/BackendLayoutRenderer.php        | 15 ++++++++++++++-
 .../backend/Classes/View/PageLayoutView.php       |  2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/backend/Classes/View/Drawing/BackendLayoutRenderer.php b/typo3/sysext/backend/Classes/View/Drawing/BackendLayoutRenderer.php
index e2b6b9aaa2c1..8dd5eb60b352 100644
--- a/typo3/sysext/backend/Classes/View/Drawing/BackendLayoutRenderer.php
+++ b/typo3/sysext/backend/Classes/View/Drawing/BackendLayoutRenderer.php
@@ -35,6 +35,7 @@ use TYPO3\CMS\Core\Localization\LanguageService;
 use TYPO3\CMS\Core\Messaging\FlashMessage;
 use TYPO3\CMS\Core\Messaging\FlashMessageService;
 use TYPO3\CMS\Core\Page\PageRenderer;
+use TYPO3\CMS\Core\Type\Bitmask\Permission;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Extbase\Mvc\Controller\ControllerContext;
 use TYPO3\CMS\Extbase\Mvc\Request;
@@ -220,7 +221,7 @@ class BackendLayoutRenderer
         $this->clipboard->endClipboard();
 
         $elFromTable = $this->clipboard->elFromTable('tt_content');
-        if (!empty($elFromTable) && $this->context->isPageEditable()) {
+        if (!empty($elFromTable) && $this->isContentEditable()) {
             $pasteItem = (int)substr(key($elFromTable), 11);
             $pasteRecord = BackendUtility::getRecord('tt_content', (int)$pasteItem);
             $pasteTitle = (string)($pasteRecord['header'] ?: $pasteItem);
@@ -265,6 +266,18 @@ class BackendLayoutRenderer
         return $pasteIcon;
     }
 
+    protected function isContentEditable(): bool
+    {
+        if ($this->getBackendUser()->isAdmin()) {
+            return true;
+        }
+
+        $pageRecord = $this->context->getPageRecord();
+        return !$pageRecord['editlock']
+            && $this->getBackendUser()->check('tables_modify', 'tt_content')
+            && $this->getBackendUser()->doesUserHaveAccess($pageRecord, Permission::CONTENT_EDIT);
+    }
+
     protected function getBackendUser(): BackendUserAuthentication
     {
         return $GLOBALS['BE_USER'];
diff --git a/typo3/sysext/backend/Classes/View/PageLayoutView.php b/typo3/sysext/backend/Classes/View/PageLayoutView.php
index 55609547a7cc..cd1c81dd52de 100644
--- a/typo3/sysext/backend/Classes/View/PageLayoutView.php
+++ b/typo3/sysext/backend/Classes/View/PageLayoutView.php
@@ -648,7 +648,7 @@ class PageLayoutView implements LoggerAwareInterface
             }
         }
         $elFromTable = $this->clipboard->elFromTable('tt_content');
-        if (!empty($elFromTable) && $this->isPageEditable()) {
+        if (!empty($elFromTable) && $this->isContentEditable()) {
             $pasteItem = substr(key($elFromTable), 11);
             $pasteRecord = BackendUtility::getRecord('tt_content', (int)$pasteItem);
             $pasteTitle = $pasteRecord['header'] ?: $pasteItem;
-- 
GitLab