Important: #94951 - Restrict export functionality to allowed users¶
See forge#94951
Important
This change was introduced as part of the TYPO3 11.5.11 and 10.4.29 security release.
Description¶
The export functionality has the following security drawbacks:
Export for editors is not limited on field level
The Save to filename functionality saves to a shared folder, which other editors with different access rights may have access to.
Both issues are not easy to resolve and also the target audience for the Import/Export functionality are mainly TYPO3 admins.
Impact¶
The export functionality is restricted
to TYPO3 admin users and to users, who explicitly have
access through the new user TSconfig setting
options.impexp.enableExportForNonAdminUser
.
Affected installations¶
Installations with EXT:impexp installed where non-admin users need to use the export functionality.