[TYPO3-core] RFC #17034: Live search also returns records which not available to the user

Jeff Segars jsegars at alumni.rice.edu
Fri Jan 14 17:37:16 CET 2011


On 1/14/11 9:01 AM, Peter Beernink wrote:
> Hi,
>
> This is a SVN patch request.
>
> Type: Feature
>
> BT reference: http://bugs.typo3.org/view.php?id=17034
>
> Branches: trunk
>
> Problem:
> When performing a live-search as a 'simple' backend user with only a
> small page tree available, I also receive records to which I don't have
> access.
> For example other backend-users and backend-groups.
>
> Solution:
> Use the correct where statement, which already was partially built
>
> How to test:
> Login as a non-admin with only a small pagetree. Search for anything
> outside your pagetree, for example a backend user.
>
> Greets,
> Peter

Good catch! +1 on reading and testing.  The pages table was OK but 
others exhibited the issue.

Thanks,
Jeff


More information about the TYPO3-team-core mailing list