Bug #16472
closedNon accessible Page And PageNotFound Handler.
100%
Description
If a Page in Tree isn't accessible then the Variable pageNotFound is set. (To 1 if access rights are direct or 2 if access rights are from upper tree.)
The PageNotFound Handler reacts on that and goes to the 404 Page.
But that isn't always the right way, cause the function getPageAndRootline() (class.tslib_fe.php) looks for a page in the rootLine that can be accessed and this page should be shown. But that function do not set pageNotFound back to zero.
This problem may be older then 3.8.0, I don't know if the PageNotFound Handler reacts same way like in 3.8.x, the getPageAndRootline in class.tslib_fe.php is the same.
(issue imported from #M4047)
Files
Updated by Alexander Opitz over 18 years ago
Here my rewritten getPageAndRootline function:
- Do not iterate more then 20 times
function getPageAndRootline($itera=20) {
$this->page = $this->sys_page->getPage($this->id);
if (!count($this->page)) {
// If no page, we try to find the page before in the rootLine.
$this->pageNotFound=1; // Page is 'not found' in case the id itself was not an accessible page. code 1
$this->rootLine = $this->sys_page->getRootLine($this->id,$this->MP);
if (count($this->rootLine)) {
$c=count($this->rootLine)-1;
while($c>0) {// Add to page access failure history:
$this->pageAccessFailureHistory['direct_access'][] = $this->rootLine[$c];// Decrease to next page in rootline and check the access to that, if OK, set as page record and ID value.
$c--;
$this->id = $this->rootLine[$c]['uid'];
$this->page = $this->sys_page->getPage($this->id);
if (count($this->page)){ break; }
}
}
// If still no page...
if (!count($this->page)) {
if ($this->TYPO3_CONF_VARS['FE']['pageNotFound_handling']) {
$this->pageNotFoundAndExit('The requested page does not exist!');
} else {
$this->printError('The requested page does not exist!');
exit;
}
} - A Page was found so reset to zero
$this->pageNotFound=0;
}
// Is the ID a link to another page??
if ($this->page['doktype']==4) {
$this->MP = ''; // We need to clear MP if the page is a shortcut. Reason is if the short cut goes to another page, then we LEAVE the rootline which the MP expects.
$this->page = $this->getPageShortcut($this->page['shortcut'],$this->page['shortcut_mode'],$this->page['uid']);
$this->id = $this->page['uid'];
}
// Gets the rootLine
$this->rootLine = $this->sys_page->getRootLine($this->id,$this->MP);// If not rootline we're off...
if (!count($this->rootLine)) {
$this->printError('The requested page didn\'t have a proper connection to the tree-root! <br /><br />('.$this->sys_page->error_getRootLine.')');
exit;
}// Checking for include section regarding the hidden/starttime/endtime/fe_user (that is access control of a whole subbranch!)
if ($this->checkRootlineForIncludeSection()) {
if (!count($this->rootLine)) {
$this->printError('The requested page was not accessible!');
exit;
} else { - There is an element up the rootline that is accessible
if ($itera>0) { - reset pageNotFound to zero
$this->pageNotFound=0;
$el = reset($this->rootLine);
$this->id = $el['uid']; - Revalidate that Page, it mayght be a Shortcut (Wasn't test before)
$this->getPageAndRootline($itera-1);
} else { - Error if to much iterations
$this->printError('The requested page was not accessible due to much shortcut loopings into non accessible pages!');
exit;
}
}
}
}
Updated by Alexander Opitz over 14 years ago
We are now at Typo3 Version 4.3.3 and the bug exists. No response and so on.
As I can't edit my own bug report, here the notice.
Updated by Chris topher over 14 years ago
Hi Alexander,
thanks for your work!
You should send your patch to Core List! That is why it does not go on here...
Check out http://typo3.org/teams/core/core-mailinglist-rules/
By the way: It should read "due to too many shortcut loops" (not "due to much loops"). ;-)
Updated by Alexander Opitz almost 13 years ago
- Target version deleted (
0)
Again one year lost and Typo3 4.6 has this Problem!
Updated by Ingo Renner over 12 years ago
- File deleted (
class.tslib_fe.php.patch)
Updated by Gerrit Code Review about 12 years ago
- Status changed from New to Under Review
Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/16359
Updated by Gerrit Code Review about 12 years ago
Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/16360
Updated by Gerrit Code Review about 12 years ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/16361
Updated by Alexander Opitz about 12 years ago
Oh I forgott to mention, this patch also resolves the problem, if next accessible page is a shortcut to another page.
Updated by Andreas Wolf almost 12 years ago
- Category changed from Communication to Frontend
- Target version set to 6.0.2
- TYPO3 Version changed from 3.8.0 to 6.0
- PHP Version deleted (
4)
We should definitely get this finally in...
Could you provide an exact specification on how to test (what page structure with which settings do I need)? Or - even better - upload a .t3d with a matching page structure.
Updated by Alexander Opitz almost 12 years ago
HowTo Reproduce:
- Install a TYPO3 with Introduction Package
- In the backend go to the Examples/Tables page and set its access to Customer
- Now go to http://yourdomain/?id=38
=> You will see the 404 site not found page.
- Now edit your typo3conf/localconf.php (or typo3conf/LocalConfiguration.php)
- Disable the page not found handling (you may found more then one entry in your typo3conf/localconf.php)
//$TYPO3_CONF_VARS['FE']['pageNotFound_handling'] = t3lib_div::getIndpEnv('TYPO3_SITE_URL').'index.php?id=16';
or
'FE' => array( //'pageNotFound_handling' => 'http://yourdomain/index.php?id=16', ),
- Reload the page
=> You will see the Example page.
Updated by Alexander Opitz over 11 years ago
- Target version deleted (
6.0.2) - TYPO3 Version changed from 6.0 to 3.8
The problem occured in 3.8 so setting TYPO3 version back to 3.8
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review over 11 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review over 11 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Clément MICHELET almost 11 years ago
Still not fixed in 6.1.6
Tree configuration :
Root page - Shortcut to first subpage- Page 1 - Hide at login + extends to subpage
- Page 1.2
- Page 2 - Show at any login + extends to subpage
- Page 2.1
- Page 2.2
- Page 2.2.1
- Page 2.2.2
- Page 2.3
Environment Configuration :
pageNotFound_handling empty
No realurl enabled (yet)
Tests
With no login, request Page 2.2.2
Expected : Redirect to root page which redirect/shortcut to Page 1
Result: Display root page (which is a shortcut) as Page 2.2.2
With login, request Page 1.2
Expected : Redirect to root page which redirect/shortcut to Page 2
Result: Display root page (which is a shortcut) as Page 1.2
Workaround:
Apply access configurations on each subpages
Updated by Gerrit Code Review almost 11 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review almost 11 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review almost 11 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review over 10 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review over 10 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/29897
Updated by Alexander Opitz over 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9ab3b9b5dd96ae0f955277a8997abb4bd69a66ff.
Updated by Gregor Schreier over 10 years ago
There is a bug in the change https://review.typo3.org/29897
access restricted pages can't be handled by the pageNotFound_handling anymore if the user is not logged in - if pageNotFound_handling defined.
Given:
You have a page in an access restricted area.
Someone link to the page in the access restricted are directly - now you get the first page witch is accessible in the Rootline with an Status Code 200 - this is wrong - and you have no way to change the site or status code.
You have to tell google at least that the status for the page is 401 - Unauthorized
In TYPO3 6.2.1 the handling was correct and points to the pageNotFound_handling - if defined.
The Commit which brings this bug was:
https://git.typo3.org/Packages/TYPO3.CMS.git/commit/9ab3b9b5dd96ae0f955277a8997abb4bd69a66ff
line 1627:
// We found something so reset to zero
$this->pageNotFound = 0;
This reset the pageNotFound Status if the page is in an access-restricted area and was marked before as pageNotFound
in line 1589:
if (!count($this->page)) {
// If no page, we try to find the page before in the rootLine.
// Page is 'not found' in case the id itself was not an accessible page. code 1
$this->pageNotFound = 1;
best regards
gregor
Updated by Alexander Opitz over 10 years ago
- Is Regression set to No
Hmmm thats a real Chicken/Egg issue in the source.
We can't show the best page to the user if $this->pageNotFound is set or we can't send correct header data/status codes if we set $this->pageNotFound = 0.
The $this->pageNotFound also has 5 possible values and IMHO there are more issues about the header data/status codes and the pageNotFound handler and possible redirects.