[TASK] Invalid SQL and bad code in tslib_fe
authorDmitry Dulepov <dmitry@typo3.org>
Tue, 29 Nov 2011 13:21:10 +0000 (15:21 +0200)
committerSteffen Ritter <info@rs-websystems.de>
Fri, 16 Dec 2011 14:12:25 +0000 (15:12 +0100)
tslibe_fe::determineId() contains invalid SQL statement (using "!=")
and bad code (variable "$idQ", missing check for start/stop dates).

Change-Id: If4c5db49a010331b5257ee33647cb23b31c5e020
Resolves: #32159
Releases: 4.7, 4.6, 4.5
Reviewed-on: http://review.typo3.org/6974
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Steffen Ritter
Tested-by: Steffen Ritter
typo3/sysext/cms/tslib/class.tslib_fe.php

index 769576c..b05628d 100644 (file)
 
                        if ($this->id)  {
 
-                                       // Now it's investigated if the raw page-id points to a hidden page and if so, the flag is set.
-                                       // This does not require the preview flag to be set in the admin panel
-                               $idQ = t3lib_utility_Math::canBeInterpretedAsInteger($this->id) ? 'uid='.intval($this->id) : 'alias='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, 'pages').' AND pid>=0';     // pid>=0 added for the sake of versioning...
-                               $count = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('uid', 'pages', $idQ . ' AND hidden!=0 AND deleted=0');
-                               if ($count) {
-                                       $this->fePreview = 1;   // The preview flag is set only if the current page turns out to actually be hidden!
+                               if ($this->determineIdIsHiddenPage()) {
+                                               // The preview flag is set only if the current page turns out to actually be hidden!
+                                       $this->fePreview = 1;
                                        $this->showHiddenPage = 1;
                                }
 
        }
 
        /**
+        * Checks if the page is hidden. If it is hidden, preview flags will be set.
+        *
+        * @return bool
+        */
+       protected function determineIdIsHiddenPage() {
+               $field = t3lib_utility_Math::canBeInterpretedAsInteger($this->id) ? 'uid' : 'alias';
+               $pageSelectCondition = $field . '=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, 'pages');
+               $page = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('uid,hidden,starttime,endtime', 'pages',
+                       $pageSelectCondition . ' AND pid>=0 AND deleted=0');
+               $result = is_array($page) && (
+                       $page['hidden'] || $page['starttime'] > $GLOBALS['SIM_EXEC_TIME'] ||
+                               ($page['endtime'] != 0 && $page['endtime'] <= $GLOBALS['SIM_EXEC_TIME'])
+               );
+               return $result;
+       }
+
+        /**
         * Get The Page ID
         * This gets the id of the page, checks if the page is in the domain and if the page is accessible
         * Sets variables such as $this->sys_page, $this->loginUser, $this->gr_list, $this->id, $this->type, $this->domainStartPage, $this->idParts