Index: t3lib/class.t3lib_tcemain.php =================================================================== --- t3lib/class.t3lib_tcemain.php (revision 7217) +++ t3lib/class.t3lib_tcemain.php (working copy) @@ -2763,7 +2763,8 @@ // Now, the $uid is the actual record we will copy while $origUid is the record we asked to get copied - but that could be a live version. */ if ($this->doesRecordExist($table,$uid,'show')) { // This checks if the record can be selected which is all that a copy action requires. - if (($language > 0 && $this->BE_USER->checkLanguageAccess($language) ) || $this->BE_USER->recordEditAccessInternals($table, $uid, false, false, true)) { //Used to check language and general editing rights + $fullCheckNeeded = ($table != 'pages'); + if (($language > 0 && $this->BE_USER->checkLanguageAccess($language) ) || $this->BE_USER->recordEditAccessInternals($table, $uid, false, false, $fullCheckNeeded)) { //Used to check language and general editing rights $data = Array(); $nonFields = array_unique(t3lib_div::trimExplode(',','uid,perms_userid,perms_groupid,perms_user,perms_group,perms_everybody,t3ver_oid,t3ver_wsid,t3ver_id,t3ver_label,t3ver_state,t3ver_swapmode,t3ver_count,t3ver_stage,t3ver_tstamp,'.$excludeFields,1)); @@ -3487,7 +3488,8 @@ } // Checking if there is anything else disallowing moving the record by checking if editing is allowed - $mayEditAccess = $this->BE_USER->recordEditAccessInternals($table, $uid, false, false, true); + $fullCheckNeeded = ($table != 'pages'); + $mayEditAccess = $this->BE_USER->recordEditAccessInternals($table, $uid, false, false, $fullCheckNeeded); // If moving is allowed, begin the processing: if ($mayEditAccess) { @@ -4399,14 +4401,22 @@ $brExist = $this->doesBranchExist('',$uid,$this->pMap['delete'],1); // returns the branch if ($brExist != -1) { // Checks if we had permissions if ($this->noRecordsFromUnallowedTables($brExist.$uid)) { - return t3lib_div::trimExplode(',',$brExist.$uid,1); + $pagesInBranch = t3lib_div::trimExplode(',', $brExist . $uid, 1); + foreach ($pagesInBranch as $pageInBranch) { + if (!$this->BE_USER->recordEditAccessInternals('pages', $pageInBranch, FALSE, FALSE, TRUE)) { + return 'Attempt to delete page which has prohibited localizations.'; + } + } + return $pagesInBranch; } else return 'Attempt to delete records from disallowed tables'; } else return 'Attempt to delete pages in branch without permissions'; } else { $brExist = $this->doesBranchExist('',$uid,$this->pMap['delete'],1); // returns the branch if ($brExist == '') { // Checks if branch exists - if ($this->noRecordsFromUnallowedTables($uid)) { - return array($uid); + if ($this->noRecordsFromUnallowedTables($uid)) { + if ($this->BE_USER->recordEditAccessInternals('pages', $uid, FALSE, FALSE, TRUE)) { + return array($uid); + } else return 'Attempt to delete page which has prohibited localizations.'; } else return 'Attempt to delete records from disallowed tables'; } else return 'Attempt to delete page which has subpages'; } Index: t3lib/class.t3lib_userauthgroup.php =================================================================== --- t3lib/class.t3lib_userauthgroup.php (revision 7217) +++ t3lib/class.t3lib_userauthgroup.php (working copy) @@ -547,14 +547,27 @@ */ function checkFullLanguagesAccess($table, $record) { $recordLocalizationAccess = $this->checkLanguageAccess(0); - if ($recordLocalizationAccess && t3lib_BEfunc::isTableLocalizable($table)) { + if ($recordLocalizationAccess + && ( + t3lib_BEfunc::isTableLocalizable($table) + || isset($GLOBALS['TCA'][$table]['ctrl']['transForeignTable']) + ) + ) { - $pointerField = $GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField']; + if (isset($GLOBALS['TCA'][$table]['ctrl']['transForeignTable'])) { + $l10nTable = $GLOBALS['TCA'][$table]['ctrl']['transForeignTable']; + $pointerField = $GLOBALS['TCA'][$l10nTable]['ctrl']['transOrigPointerField']; + $pointerValue = $record['uid']; + } else { + $l10nTable = $table; + $pointerField = $GLOBALS['TCA'][$l10nTable]['ctrl']['transOrigPointerField']; + $pointerValue = $record[$pointerField] > 0 ? $record[$pointerField] : $record['uid']; + } $recordLocalizations = t3lib_BEfunc::getRecordsByField( - $table, + $l10nTable, $pointerField, - $record[$pointerField] > 0 ? $record[$pointerField] : $record['uid'], + $pointerValue, '', '', '', @@ -563,7 +576,8 @@ if (is_array($recordLocalizations)) { foreach($recordLocalizations as $localization) { - $recordLocalizationAccess = $recordLocalizationAccess && $this->checkLanguageAccess($localization[$GLOBALS['TCA'][$table]['ctrl']['languageField']]); + $recordLocalizationAccess = $recordLocalizationAccess + && $this->checkLanguageAccess($localization[$GLOBALS['TCA'][$l10nTable]['ctrl']['languageField']]); if (!$recordLocalizationAccess) { break; } @@ -624,6 +638,8 @@ $this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!'; return FALSE; } + } elseif (isset($TCA[$table]['ctrl']['transForeignTable']) && $checkFullLanguageAccess && !$this->checkFullLanguagesAccess($table, $idOrRow)) { + return FALSE; } // Checking authMode fields: