[BUGFIX] Check if selected page is available before loading BE module 14/47114/2
authorMichael Oehlhof <typo3@oehlhof.de>
Mon, 23 Nov 2015 23:14:07 +0000 (00:14 +0100)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 5 Mar 2016 18:52:27 +0000 (19:52 +0100)
If a formerly selected page (in page tree) is not available anymore
(e.g. deleted), any access to a backend module will now check
this condition and will avoid an error.
An empty module will be displayed in such a case.

Resolves: #66449
Releases: master, 7.6
Change-Id: I4caf6abf715af2009705caf126f2614ae5cde9ed
Reviewed-on: https://review.typo3.org/47114
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
typo3/sysext/workspaces/Classes/Controller/ReviewController.php

index 1fbcc90..d0c8524 100644 (file)
@@ -174,21 +174,26 @@ class BackendModuleRequestHandler implements RequestHandlerInterface
     {
         $moduleConfiguration = $this->getModuleConfiguration($moduleName);
 
+        /** @var Response $response */
+        $response = GeneralUtility::makeInstance(Response::class);
+
         // Check permissions and exit if the user has no permission for entry
         $this->backendUserAuthentication->modAccess($moduleConfiguration, true);
         $id = isset($this->request->getQueryParams()['id']) ? $this->request->getQueryParams()['id'] : $this->request->getParsedBody()['id'];
         if ($id && MathUtility::canBeInterpretedAsInteger($id)) {
-            // Check page access
             $permClause = $this->backendUserAuthentication->getPagePermsClause(true);
+            // Check page access
             $access = is_array(BackendUtility::readPageAccess((int)$id, $permClause));
             if (!$access) {
-                throw new \RuntimeException('You don\'t have access to this page', 1289917924);
+                // Check if page has been deleted
+                $deleteField = $GLOBALS['TCA']['pages']['ctrl']['delete'];
+                $pageInfo = BackendUtility::getRecord('pages', (int)$id, $deleteField, $permClause ? ' AND ' . $permClause : '', false);
+                if (!$pageInfo[$deleteField]) {
+                    throw new \RuntimeException('You don\'t have access to this page', 1289917924);
+                }
             }
         }
 
-        /** @var Response $response */
-        $response = GeneralUtility::makeInstance(Response::class);
-
         // Use Core Dispatching
         if (isset($moduleConfiguration['routeTarget'])) {
             $dispatcher = GeneralUtility::makeInstance(Dispatcher::class);
index b132d7a..0330505 100644 (file)
@@ -90,7 +90,9 @@ class AdministrationController extends ActionController
             parent::initializeView($view);
             $permissionClause = $this->getBackendUserAuthentication()->getPagePermsClause(1);
             $pageRecord = BackendUtility::readPageAccess($this->pageUid, $permissionClause);
-            $view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
+            if ($pageRecord) {
+                $view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
+            }
             $this->generateMenu();
             $this->view->getModuleTemplate()->setFlashMessageQueue($this->controllerContext->getFlashMessageQueue());
         }
index 0e59ff7..3b6c3cb 100644 (file)
@@ -73,8 +73,10 @@ class ReviewController extends AbstractController
         $this->view->assign('pageUid', GeneralUtility::_GP('id'));
         if (GeneralUtility::_GP('id')) {
             $pageRecord = BackendUtility::getRecord('pages', GeneralUtility::_GP('id'));
-            $this->view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
-            $this->view->assign('pageTitle', BackendUtility::getRecordTitle('pages', $pageRecord));
+            if ($pageRecord) {
+                $this->view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
+                $this->view->assign('pageTitle', BackendUtility::getRecordTitle('pages', $pageRecord));
+            }
         }
         $this->view->assign('showLegend', !($GLOBALS['BE_USER']->workspace === 0 && !$GLOBALS['BE_USER']->isAdmin()));
         $wsList = $wsService->getAvailableWorkspaces();