diff --git a/Classes/Controller/InvitationController.php b/Classes/Controller/InvitationController.php index b122fc3a5f..606f38a38f 100644 --- a/Classes/Controller/InvitationController.php +++ b/Classes/Controller/InvitationController.php @@ -32,7 +32,10 @@ class InvitationController extends AbstractFrontendController */ public function newAction(): ResponseInterface { - $this->allowedUserForInvitationNewAndCreate(); + $permissionCheck = $this->allowedUserForInvitationNewAndCreate(); + if ($permissionCheck instanceof ResponseInterface) { + return $permissionCheck; + } $this->view->assign('allUserGroups', $this->allUserGroups); $this->assignForAll(); return $this->htmlResponse(); @@ -57,7 +60,10 @@ public function createAction(User $user) $this->redirect('status'); } - $this->allowedUserForInvitationNewAndCreate(); + $permissionCheck = $this->allowedUserForInvitationNewAndCreate(); + if ($permissionCheck instanceof ResponseInterface) { + return $permissionCheck; + } $user->setDisable(true); $user = FrontendUtility::forceValues( $user, diff --git a/Documentation/Changelog/Index.rst b/Documentation/Changelog/Index.rst index 998175507b..d1da0e5274 100644 --- a/Documentation/Changelog/Index.rst +++ b/Documentation/Changelog/Index.rst @@ -7,6 +7,14 @@ Changelog .. t3-field-list-table:: :header-rows: 1 +- + :Version: 7.2.2 + :Date: 2023-10-04 + :Changes: + + * [SECURITY] This update is needed for version for 7.0.0 to 7.2.1 older versions are not affected + * [BUGFIX] Add missing permission check for invitation controlling - thx to Daniel Hofmann (in2code) + - :Version: 7.2.1 :Date: 2023-08-08 diff --git a/ext_emconf.php b/ext_emconf.php index 343c30b392..988158808c 100644 --- a/ext_emconf.php +++ b/ext_emconf.php @@ -14,7 +14,7 @@ 'author_email' => 'info@in2code.de', 'author_company' => 'in2code.de - Wir leben TYPO3', 'state' => 'stable', - 'version' => '7.2.1', + 'version' => '7.2.2', 'constraints' => [ 'depends' => [ 'typo3' => '11.5.0-11.5.99',