[TASK] Invalid SQL and bad code in tslib_fe
authorDmitry Dulepov <dmitry@typo3.org>
Tue, 29 Nov 2011 13:21:10 +0000 (15:21 +0200)
committerSteffen Ritter <info@rs-websystems.de>
Mon, 12 Mar 2012 16:25:24 +0000 (17:25 +0100)
tslibe_fe::determineId() contains invalid SQL statement (using "!=")
and bad code (variable "$idQ", missing check for start/stop dates).

Change-Id: I72a27bf45c209ef07de6c53272dad7ae3b8c382d
Resolves: #32159
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/7409
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
Reviewed-by: Stefan Neufeind
Reviewed-by: Wouter Wolters
Reviewed-by: Tolleiv Nietsch
Tested-by: Tolleiv Nietsch
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/cms/tslib/class.tslib_fe.php

index 4422a15..99726ab 100644 (file)
 
                        if ($this->id)  {
 
-                                       // Now it's investigated if the raw page-id points to a hidden page and if so, the flag is set.
-                                       // This does not require the preview flag to be set in the admin panel
-                               $idQ = t3lib_div::testInt($this->id) ? 'uid='.intval($this->id) : 'alias='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, 'pages').' AND pid>=0';        // pid>=0 added for the sake of versioning...
-                               $count = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('uid', 'pages', $idQ . ' AND hidden!=0 AND deleted=0');
-                               if ($count) {
-                                       $this->fePreview = 1;   // The preview flag is set only if the current page turns out to actually be hidden!
+                               if ($this->determineIdIsHiddenPage()) {
+                                               // The preview flag is set only if the current page turns out to actually be hidden!
+                                       $this->fePreview = 1;
                                        $this->showHiddenPage = 1;
                                }
 
        }
 
        /**
+        * Checks if the page is hidden. If it is hidden, preview flags will be set.
+        *
+        * @return bool
+        */
+       protected function determineIdIsHiddenPage() {
+               $field = t3lib_div::testInt($this->id) ? 'uid' : 'alias';
+               $pageSelectCondition = $field . '=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, 'pages');
+               $page = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('uid,hidden,starttime,endtime', 'pages',
+                       $pageSelectCondition . ' AND pid>=0 AND deleted=0');
+               $result = is_array($page) && (
+                       $page['hidden'] || $page['starttime'] > $GLOBALS['SIM_EXEC_TIME'] ||
+                               ($page['endtime'] != 0 && $page['endtime'] <= $GLOBALS['SIM_EXEC_TIME'])
+               );
+               return $result;
+       }
+
+       /**
         * Get The Page ID
         * This gets the id of the page, checks if the page is in the domain and if the page is accessible
         * Sets variables such as $this->sys_page, $this->loginUser, $this->gr_list, $this->id, $this->type, $this->domainStartPage, $this->idParts
@@ -4878,4 +4892,4 @@ if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLA
        include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['tslib/class.tslib_fe.php']);
 }
 
-?>
+?>
\ No newline at end of file