[TYPO3-core] RFC #8715: Bug: non-Admins can not import pages from their own directory

[Johannes Pieper]

Hi,

Martin Kutschker <masi-no at spam-typo3.org> wrote:
> Johannes Pieper schrieb:
> > Hi,
> > 
> > "Dmitry Dulepov [typo3]" <dmitry at typo3.org> wrote:
> >> Johannes Pieper wrote:
> >>> Problem:
> >>> A reporter (non admin) can't import pages, because the own directory,
> >>> where he can write files are not listing in the importfield
> >>>
> >>> Solution:
> >>> Set Path to search for Import-Files to the "userSaveFolder", where user
> >>> can save their export files.
> >> Doesn't that mean people cannot import from fileadmin/ any more?
> > 
> > In the most case a reporter hasn't access to fileadmin/. With the old patch he can import data only from a place he could read and write.
> > 
> > I have a new one, so that importfiles from the userSaveFolder merged to the importfiles in fileadmin/
> 
> Why do you strstr()? 

For example $this->userSaveFolder(); returns /var/lib/typo3-dummy/fileadmin/test/
but t3lib_div::getFilesInDir(PATH_site.$userPath,'t3d,xml',1,1); only works with fileadmin/test/

so I have to delete the part before fileadmin.

> Isn't it possible to have user dirs outside of
> fileadmin? BTW, you can use another folder instead of fileadmin. There
> is a $TYPO3_CONF_VAR setting for this (I know the bug is in the existing
> code).

I change the code for strstr($userPath, "fileadmin/"); to strstr($userPath, $TYPO3_CONF_VARS['BE']['fileadminDir']); so in the normal way it do the same and it works after change the fileadmin-path, too.

Greetings Johannes

-- 
Deutsche Lebens-Rettungs-Gesellschaft e.V. - Präsidium
Johannes Pieper
Arbeitskreis Internet
E-Mail: Pieper at DLRG.de
http://www.DLRG.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch_8715_3.diff
Type: text/x-patch
Size: 1265 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20080830/61511a5d/attachment.bin