Important: #94951 - Restrict export functionality to allowed users¶
See Issue #94951
This change was introduced as part of the TYPO3 11.5.11 and 10.4.29 security release.
The export functionality has the following security drawbacks:
- Export for editors is not limited on field level
- The Save to filename functionality saves to a shared folder, which other editors with different access rights may have access to.
Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins.
The export functionality is restricted
to TYPO3 admin users and to users, who explicitly have
access through the new user TSConfig setting
Installations with EXT:impexp installed where non-admin users need to use the export functionality.
If non-admin users should be able to use the export tool, set the following user TSconfig:
options.impexp.enableExportForNonAdminUser = 1