Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[BUGFIX] Properly set user to admin in setup module
SetupModuleController serves as a backdoor so regular users without permission to manipulate be_users records can still edit their profile. For this to work, the access check needs to be bypassed for this particular record by DataHandler. The start() method of DataHandler prepares e.g. exclude fields to be checked. With current code, incoming user is not yet set to admin, so exclude field checking may fail, especially if 3rd party extensions manipulate this. The patch hands a temporary user with activated admin flag to DataHandler, so it can bypass the access check for profile editing. Resolves: #92097 Related: #85196 Releases: master, 10.4 Change-Id: I0696f81bbccc7932f8c03eec9452dade9423c074 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/65451 Tested-by: TYPO3com <noreply@typo3.com> Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
- Loading branch information