diff --git a/typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php b/typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php index 4ef09537ffc8..f047478f9226 100644 --- a/typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php +++ b/typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php @@ -15,6 +15,7 @@ * The TYPO3 project - inspiring people to share! */ +use Doctrine\DBAL\Connection; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use TYPO3\CMS\Backend\Backend\Avatar\Avatar; @@ -544,23 +545,35 @@ protected function makeRef($table, $ref, ServerRequestInterface $request) /** @var \TYPO3\CMS\Core\Database\Query\QueryBuilder $queryBuilder */ $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class) ->getQueryBuilderForTable('sys_refindex'); + + $predicates = [ + $queryBuilder->expr()->eq( + 'ref_table', + $queryBuilder->createNamedParameter($selectTable, \PDO::PARAM_STR) + ), + $queryBuilder->expr()->eq( + 'ref_uid', + $queryBuilder->createNamedParameter($selectUid, \PDO::PARAM_INT) + ), + $queryBuilder->expr()->eq( + 'deleted', + $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT) + ) + ]; + + $backendUser = $this->getBackendUser(); + if (!$backendUser->isAdmin()) { + $allowedSelectTables = GeneralUtility::trimExplode(',', $backendUser->groupData['tables_select']); + $predicates[] = $queryBuilder->expr()->in( + 'tablename', + $queryBuilder->createNamedParameter($allowedSelectTables, Connection::PARAM_STR_ARRAY) + ); + } + $rows = $queryBuilder ->select('*') ->from('sys_refindex') - ->where( - $queryBuilder->expr()->eq( - 'ref_table', - $queryBuilder->createNamedParameter($selectTable, \PDO::PARAM_STR) - ), - $queryBuilder->expr()->eq( - 'ref_uid', - $queryBuilder->createNamedParameter($selectUid, \PDO::PARAM_INT) - ), - $queryBuilder->expr()->eq( - 'deleted', - $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT) - ) - ) + ->where(...$predicates) ->execute() ->fetchAll(); @@ -572,9 +585,14 @@ protected function makeRef($table, $ref, ServerRequestInterface $request) return; } } + $line = []; $record = BackendUtility::getRecord($row['tablename'], $row['recuid']); if ($record) { + BackendUtility::fixVersioningPid($row['tablename'], $record); + if (!$this->canAccessPage($row['tablename'], $record)) { + continue; + } $parentRecord = BackendUtility::getRecord('pages', $record['pid']); $parentRecordTitle = is_array($parentRecord) ? BackendUtility::getRecordTitle('pages', $parentRecord) @@ -626,19 +644,31 @@ protected function makeRefFrom($table, $ref, ServerRequestInterface $request): a /** @var \TYPO3\CMS\Core\Database\Query\QueryBuilder $queryBuilder */ $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class) ->getQueryBuilderForTable('sys_refindex'); + + $predicates = [ + $queryBuilder->expr()->eq( + 'tablename', + $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR) + ), + $queryBuilder->expr()->eq( + 'recuid', + $queryBuilder->createNamedParameter($ref, \PDO::PARAM_INT) + ) + ]; + + $backendUser = $this->getBackendUser(); + if (!$backendUser->isAdmin()) { + $allowedSelectTables = GeneralUtility::trimExplode(',', $backendUser->groupData['tables_select']); + $predicates[] = $queryBuilder->expr()->in( + 'ref_table', + $queryBuilder->createNamedParameter($allowedSelectTables, Connection::PARAM_STR_ARRAY) + ); + } + $rows = $queryBuilder ->select('*') ->from('sys_refindex') - ->where( - $queryBuilder->expr()->eq( - 'tablename', - $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR) - ), - $queryBuilder->expr()->eq( - 'recuid', - $queryBuilder->createNamedParameter($ref, \PDO::PARAM_INT) - ) - ) + ->where(...$predicates) ->execute() ->fetchAll(); @@ -647,6 +677,10 @@ protected function makeRefFrom($table, $ref, ServerRequestInterface $request): a $line = []; $record = BackendUtility::getRecord($row['ref_table'], $row['ref_uid']); if ($record) { + BackendUtility::fixVersioningPid($row['ref_table'], $record); + if (!$this->canAccessPage($row['ref_table'], $record)) { + continue; + } $urlParameters = [ 'edit' => [ $row['ref_table'] => [ @@ -711,6 +745,18 @@ protected function transformFileReferenceToRecordReference(array $referenceRecor ]; } + /** + * @param string $tableName Name of the table + * @param array $record Record to be checked (ensure pid is resolved for workspaces) + * @return bool + */ + protected function canAccessPage(string $tableName, array $record): bool + { + $recordPid = (int)($tableName === 'pages' ? $record['uid'] : $record['pid']); + return $this->getBackendUser()->isInWebMount($recordPid) + || $recordPid === 0 && !empty($GLOBALS['TCA'][$tableName]['ctrl']['security']['ignoreRootLevelRestriction']); + } + /** * Returns LanguageService *