From 7716367157e51dcaad9e400240f12f3959cdbb0d Mon Sep 17 00:00:00 2001 From: derflocki Date: Thu, 28 Feb 2019 10:38:34 +0100 Subject: [PATCH 1/4] migrated from pages_language_overlay to pages --- Classes/Module/Dmail.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Classes/Module/Dmail.php b/Classes/Module/Dmail.php index 48accc50d..622d8a295 100644 --- a/Classes/Module/Dmail.php +++ b/Classes/Module/Dmail.php @@ -2129,12 +2129,14 @@ protected function getAvailablePageLanguages($pageUid) if ((int)$lang['uid'] > 0) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class) - ->getQueryBuilderForTable('pages_language_overlay'); + ->getQueryBuilderForTable('pages'); $langRow = $queryBuilder ->select('uid') - ->from('pages_language_overlay') - ->add('where', 'pid=' . (int)$pageUid . - ' AND sys_language_uid=' . (int)$lang['uid']) + ->from('pages') + ->where( + $queryBuilder->expr()->eq('l10n_parent', $queryBuilder->createNamedParameter((int)$pageUid)), + $queryBuilder->expr()->eq('sys_language_uid', $queryBuilder->createNamedParameter((int)$land['uid'])), + ) ->execute() ->fetchAll(); From 3f288830aaaf7e930aaf115295c7888fc32f78b9 Mon Sep 17 00:00:00 2001 From: derflocki Date: Thu, 28 Feb 2019 10:55:45 +0100 Subject: [PATCH 2/4] Fixed indentation and unexpected "(" --- Classes/Module/Dmail.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Classes/Module/Dmail.php b/Classes/Module/Dmail.php index 622d8a295..f4a61f66d 100644 --- a/Classes/Module/Dmail.php +++ b/Classes/Module/Dmail.php @@ -2133,10 +2133,10 @@ protected function getAvailablePageLanguages($pageUid) $langRow = $queryBuilder ->select('uid') ->from('pages') - ->where( - $queryBuilder->expr()->eq('l10n_parent', $queryBuilder->createNamedParameter((int)$pageUid)), - $queryBuilder->expr()->eq('sys_language_uid', $queryBuilder->createNamedParameter((int)$land['uid'])), - ) + ->where( + $queryBuilder->expr()->eq('l10n_parent', $queryBuilder->createNamedParameter((int)$pageUid)), + $queryBuilder->expr()->eq('sys_language_uid', $queryBuilder->createNamedParameter((int)$land['uid'])) + ) ->execute() ->fetchAll(); From 4f579a789b8b2d551e6f53b5c12757b840e7e8ed Mon Sep 17 00:00:00 2001 From: derflocki Date: Tue, 5 Mar 2019 14:15:42 +0100 Subject: [PATCH 3/4] Fixed adding modules.css --- Classes/Module/Configuration.php | 2 +- Classes/Module/Dmail.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Classes/Module/Configuration.php b/Classes/Module/Configuration.php index 717b9a84f..e82e123aa 100644 --- a/Classes/Module/Configuration.php +++ b/Classes/Module/Configuration.php @@ -200,7 +200,7 @@ public function main() $this->doc->setModuleTemplate('EXT:direct_mail/Resources/Private/Templates/Module.html'); $this->doc->form = '
'; - $this->doc->addStyleSheet('direct_mail', ExtensionManagementUtility::extPath('direct_mail') .'Resources/Public/StyleSheets/modules.css'); + $this->doc->addStyleSheet('direct_mail', 'EXT:direct_mail/Resources/Public/StyleSheets/modules.css'); // Add CSS $this->doc->inDocStylesArray['dmail'] = '.toggleTitle { width: 70%; }'; diff --git a/Classes/Module/Dmail.php b/Classes/Module/Dmail.php index f4a61f66d..9337a7d2a 100644 --- a/Classes/Module/Dmail.php +++ b/Classes/Module/Dmail.php @@ -250,7 +250,7 @@ public function main() $this->doc->form = ''; // Add CSS - $this->getPageRenderer()->addCssFile(ExtensionManagementUtility::extPath('direct_mail') . 'Resources/Public/StyleSheets/modules.css', + $this->getPageRenderer()->addCssFile('EXT:direct_mail/Resources/Public/StyleSheets/modules.css', 'stylesheet', 'all', '', false, false); // JavaScript From f3005453fc2ef14a5f73435f9a90481820119b28 Mon Sep 17 00:00:00 2001 From: Ivan Kartolo Date: Tue, 15 Oct 2019 08:19:18 +0200 Subject: [PATCH 4/4] Security fix release --- Classes/DirectMailUtility.php | 18 ++++++++++++++---- .../Private/Language/locallang_mod2-6.xlf | 3 +++ ext_emconf.php | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/Classes/DirectMailUtility.php b/Classes/DirectMailUtility.php index 8fdd87e55..c73f81ddb 100644 --- a/Classes/DirectMailUtility.php +++ b/Classes/DirectMailUtility.php @@ -998,6 +998,10 @@ public static function getRecordList(array $listArr, $table, $pageId, $editLinkF // init iconFactory $iconFactory = GeneralUtility::makeInstance(IconFactory::class); + $isAllowedDisplayTable = $GLOBALS['BE_USER']->check('tables_select', $table); + $isAllowedEditTable = $GLOBALS['BE_USER']->check('tables_modify', $table); + $notAllowedPlaceholder = $GLOBALS['LANG']->getLL('mailgroup_table_disallowed_placeholder'); + if (is_array($listArr)) { $count = count($listArr); $returnUrl = GeneralUtility::getIndpEnv('REQUEST_URI'); @@ -1006,7 +1010,7 @@ public static function getRecordList(array $listArr, $table, $pageId, $editLinkF $editLink = ''; if ($row['uid']) { $tableIcon = '' . $iconFactory->getIconForRecord($table, array()) . ''; - if ($editLinkFlag) { + if ($editLinkFlag && $isAllowedEditTable) { $urlParameters = [ 'edit' => [ $table => [ @@ -1022,11 +1026,17 @@ public static function getRecordList(array $listArr, $table, $pageId, $editLinkF } } - $lines[] = ' + if ($isAllowedDisplayTable) { + $exampleData = ' ' . htmlspecialchars($row['email']) . ' + ' . htmlspecialchars($row['name']) . ' '; + } else { + $exampleData = '' . $notAllowedPlaceholder . ''; + } + + $lines[]=' ' . $tableIcon . ' ' . $editLink . ' - ' . htmlspecialchars($row['email']) . ' - ' . htmlspecialchars($row['name']) . ' + ' . $exampleData . ' '; } } diff --git a/Resources/Private/Language/locallang_mod2-6.xlf b/Resources/Private/Language/locallang_mod2-6.xlf index 06dae8bec..3572f1288 100644 --- a/Resources/Private/Language/locallang_mod2-6.xlf +++ b/Resources/Private/Language/locallang_mod2-6.xlf @@ -592,6 +592,9 @@ Website User Table + + Missing permission to display data + Assign categories to content elements diff --git a/ext_emconf.php b/ext_emconf.php index 5ff6616a5..e3b56250c 100644 --- a/ext_emconf.php +++ b/ext_emconf.php @@ -15,7 +15,7 @@ 'description' => 'Advanced Direct Mail/Newsletter mailer system with sophisticated options for personalization of emails including response statistics.', 'category' => 'module', 'shy' => 0, - 'version' => '5.2.2', + 'version' => '5.2.3', 'dependencies' => 'cms,tt_address', 'conflicts' => 'sr_direct_mail_ext,it_dmail_fix,plugin_mgm,direct_mail_123', 'priority' => '',