[BUGFIX] Inaccessible pages on shortcuts/PageNotFound handler 90/21390/9
authorAlexander Opitz <opitz.alexander@googlemail.com>
Thu, 13 Jun 2013 13:48:17 +0000 (15:48 +0200)
committerMarkus Klein <klein.t3@mfc-linz.at>
Tue, 6 May 2014 13:20:39 +0000 (15:20 +0200)
The var pageNotFound is set, if the called page has access
restrictions. Afterwards starts a searching for an accessible page
in the rootline upwards.

If that page is a short link which also isn't accessible we stop
instead of searching again in this new rootline. Limiting this to a
maximum of 20 iterations to prevent endless loops.

If an accessible page is found we do not reset the pageNotFound var.
The PageNotFound handler reacts on this var and redirects to the 404
page instead of presenting the accessible page we found later on.

You can reproduce this with the introduction package, for example
change the access to the Example/Tables page to "Customer".
Afterwards go to http://yourdomain/?id=38 and you will see the 404
page. If you disable the pageNotFound_handling you will see the
content of the Example page.

Resolves: #16472
Releases: 6.2, 6.1
Change-Id: I1e58ec1f96422c6bf3e5c9c74f1b1c1666b68762
Reviewed-on: https://review.typo3.org/21390
Reviewed-by: Sascha Wilking
Tested-by: Sascha Wilking
Reviewed-by: Markus Klein
Tested-by: Markus Klein
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

index 283dc87..d840b37 100644 (file)
@@ -1574,13 +1574,14 @@ class TypoScriptFrontendController {
         *
         * Sets or manipulates internal variables such as: $this->id, $this->page, $this->rootLine, $this->MP, $this->pageNotFound
         *
-        * @throws \TYPO3\CMS\Core\Error\Http\ServiceUnavailableException
-        * @throws \TYPO3\CMS\Core\Error\Http\PageNotFoundException
+        * @param integer $iterations Number of loops which can be done to find a page (follow shortcuts or login pages)
         * @return void
+        * @throws \TYPO3\CMS\Core\Error\Http\PageNotFoundException
+        * @throws \TYPO3\CMS\Core\Error\Http\ServiceUnavailableException
         * @access private
         * @todo Define visibility
         */
-       public function getPageAndRootline() {
+       public function getPageAndRootline($iterations = 20) {
                $this->page = $this->sys_page->getPage($this->id);
                if (!count($this->page)) {
                        // If no page, we try to find the page before in the rootLine.
@@ -1622,6 +1623,8 @@ class TypoScriptFrontendController {
                                throw new \TYPO3\CMS\Core\Error\Http\PageNotFoundException($message, 1301648781);
                        }
                }
+               // We found something so reset to zero
+               $this->pageNotFound = 0;
                // Is the ID a link to another page??
                if ($this->page['doktype'] == \TYPO3\CMS\Frontend\Page\PageRepository::DOKTYPE_SHORTCUT) {
                        // We need to clear MP if the page is a shortcut. Reason is if the short cut goes to another page, then we LEAVE the rootline which the MP expects.
@@ -1658,19 +1661,26 @@ class TypoScriptFrontendController {
                }
                // Checking for include section regarding the hidden/starttime/endtime/fe_user (that is access control of a whole subbranch!)
                if ($this->checkRootlineForIncludeSection()) {
-                       if (!count($this->rootLine)) {
+                       $message = '';
+                       if (count($this->rootLine)) {
+                               if ($iterations > 0) {
+                                       $this->pageNotFound = 0;
+                                       $el = reset($this->rootLine);
+                                       $this->id = $el['uid'];
+                                       $this->getPageAndRootline($iterations - 1);
+                               } else {
+                                       $message = 'The requested page was not accessible due to many shortcut loops into non accessible pages!';
+                               }
+                       } else {
                                $message = 'The requested page was not accessible!';
+                       }
+                       if ($message) {
                                if ($this->checkPageUnavailableHandler()) {
                                        $this->pageUnavailableAndExit($message);
                                } else {
                                        GeneralUtility::sysLog($message, 'cms', GeneralUtility::SYSLOG_SEVERITY_ERROR);
                                        throw new \TYPO3\CMS\Core\Error\Http\ServiceUnavailableException($message, 1301648234);
                                }
-                       } else {
-                               $el = reset($this->rootLine);
-                               $this->id = $el['uid'];
-                               $this->page = $this->sys_page->getPage($this->id);
-                               $this->rootLine = $this->sys_page->getRootLine($this->id, $this->MP);
                        }
                }
        }