From 44bb64fdfeec29c29b84afeeb7e9aee307677ba9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stephan=20Gro=C3=9Fberndt?= Date: Fri, 8 Dec 2017 12:16:16 +0100 Subject: [PATCH] [BUGFIX] Access Close.html from Resources/Public/Html/ Clicking the close button in a editing popup accesses Close.html in Resources/Public/Html/ which is a folder accessible by a web user instead of Resources/Private/Templates/ which lead to a HTTP 403 error on closing the popup. Releases: master, 8.7, 7.6 Resolves: #83258 Related: #68108 Change-Id: Ibe7e328936240df436a3c9585e53122f1577dc6e Reviewed-on: https://review.typo3.org/54983 Tested-by: TYPO3com Reviewed-by: Benni Mack Tested-by: Benni Mack Reviewed-by: Wouter Wolters Reviewed-by: Stefan Neufeind Tested-by: Stefan Neufeind --- Classes/FrontendEditPanel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Classes/FrontendEditPanel.php b/Classes/FrontendEditPanel.php index 011873e..fcc311b 100644 --- a/Classes/FrontendEditPanel.php +++ b/Classes/FrontendEditPanel.php @@ -299,7 +299,7 @@ class FrontendEditPanel { $width = MathUtility::forceIntegerInRange($this->backendUser->getTSConfigVal('options.feedit.popupWidth'), 690, 5000, 690); $height = MathUtility::forceIntegerInRange($this->backendUser->getTSConfigVal('options.feedit.popupHeight'), 500, 5000, 500); - $onclick = 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url . '&returnUrl=' . rawurlencode(PathUtility::getAbsoluteWebPath(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/Close.html')))) . ',\'FEquickEditWindow\',\'width=' . $width . ',height=' . $height . ',status=0,menubar=0,scrollbars=1,resizable=1\');vHWin.focus();return false;'; + $onclick = 'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url . '&returnUrl=' . rawurlencode(PathUtility::getAbsoluteWebPath(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Public/Html/Close.html')))) . ',\'FEquickEditWindow\',\'width=' . $width . ',height=' . $height . ',status=0,menubar=0,scrollbars=1,resizable=1\');vHWin.focus();return false;'; return ''; }