Bug #16472

Non accessible Page And PageNotFound Handler.

Added by Alexander Opitz almost 15 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Category:
Frontend
Target version:
-
Start date:
2006-08-15
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
3.8
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

If a Page in Tree isn't accessible then the Variable pageNotFound is set. (To 1 if access rights are direct or 2 if access rights are from upper tree.)

The PageNotFound Handler reacts on that and goes to the 404 Page.

But that isn't always the right way, cause the function getPageAndRootline() (class.tslib_fe.php) looks for a page in the rootLine that can be accessed and this page should be shown. But that function do not set pageNotFound back to zero.

This problem may be older then 3.8.0, I don't know if the PageNotFound Handler reacts same way like in 3.8.x, the getPageAndRootline in class.tslib_fe.php is the same.
(issue imported from #M4047)


Files

class.tslib_fe.php.1.diff (1.61 KB) class.tslib_fe.php.1.diff Administrator Admin, 2010-05-04 09:29

Related issues

Related to TYPO3 Core - Bug #23178: Wrong HTTP headers sent when trying to access pages that require loginClosedMarkus Klein2010-07-14

Actions
Related to TYPO3 Core - Bug #32304: pageNotFound_handling target does not handle shortcutsClosed2011-12-05

Actions
Related to TYPO3 Core - Bug #58728: Regression: unaccessible protected section with shortcut in rootlineClosed2014-05-12

Actions
#1

Updated by Alexander Opitz almost 15 years ago

Here my rewritten getPageAndRootline function:

  1. Do not iterate more then 20 times
    function getPageAndRootline($itera=20) {
    $this->page = $this->sys_page->getPage($this->id);
    if (!count($this->page)) {
    // If no page, we try to find the page before in the rootLine.
    $this->pageNotFound=1; // Page is 'not found' in case the id itself was not an accessible page. code 1
    $this->rootLine = $this->sys_page->getRootLine($this->id,$this->MP);
    if (count($this->rootLine)) {
    $c=count($this->rootLine)-1;
    while($c>0) {

    // Add to page access failure history:
    $this->pageAccessFailureHistory['direct_access'][] = $this->rootLine[$c];

    // Decrease to next page in rootline and check the access to that, if OK, set as page record and ID value.
    $c--;
    $this->id = $this->rootLine[$c]['uid'];
    $this->page = $this->sys_page->getPage($this->id);
    if (count($this->page)){ break; }
    }
    }
    // If still no page...
    if (!count($this->page)) {
    if ($this->TYPO3_CONF_VARS['FE']['pageNotFound_handling']) {
    $this->pageNotFoundAndExit('The requested page does not exist!');
    } else {
    $this->printError('The requested page does not exist!');
    exit;
    }
    }

  2. A Page was found so reset to zero
    $this->pageNotFound=0;
    }
    // Is the ID a link to another page??
    if ($this->page['doktype']==4) {
    $this->MP = ''; // We need to clear MP if the page is a shortcut. Reason is if the short cut goes to another page, then we LEAVE the rootline which the MP expects.
    $this->page = $this->getPageShortcut($this->page['shortcut'],$this->page['shortcut_mode'],$this->page['uid']);
    $this->id = $this->page['uid'];
    }
    // Gets the rootLine
    $this->rootLine = $this->sys_page->getRootLine($this->id,$this->MP);

    // If not rootline we're off...
    if (!count($this->rootLine)) {
    $this->printError('The requested page didn\'t have a proper connection to the tree-root! <br /><br />('.$this->sys_page->error_getRootLine.')');
    exit;
    }

    // Checking for include section regarding the hidden/starttime/endtime/fe_user (that is access control of a whole subbranch!)
    if ($this->checkRootlineForIncludeSection()) {
    if (!count($this->rootLine)) {
    $this->printError('The requested page was not accessible!');
    exit;
    } else {

  3. There is an element up the rootline that is accessible
    if ($itera>0) {
  4. reset pageNotFound to zero
    $this->pageNotFound=0;
    $el = reset($this->rootLine);
    $this->id = $el['uid'];
  5. Revalidate that Page, it mayght be a Shortcut (Wasn't test before)
    $this->getPageAndRootline($itera-1);
    } else {
  6. Error if to much iterations
    $this->printError('The requested page was not accessible due to much shortcut loopings into non accessible pages!');
    exit;
    }
    }
    }
    }
#2

Updated by Alexander Opitz about 11 years ago

We are now at Typo3 Version 4.3.3 and the bug exists. No response and so on.

As I can't edit my own bug report, here the notice.

#3

Updated by Chris topher about 11 years ago

Hi Alexander,

thanks for your work!

You should send your patch to Core List! That is why it does not go on here...
Check out http://typo3.org/teams/core/core-mailinglist-rules/

By the way: It should read "due to too many shortcut loops" (not "due to much loops"). ;-)

#4

Updated by Alexander Opitz over 9 years ago

  • Target version deleted (0)

Again one year lost and Typo3 4.6 has this Problem!

#5

Updated by Ingo Renner about 9 years ago

  • File deleted (class.tslib_fe.php.patch)
#6

Updated by Gerrit Code Review over 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at http://review.typo3.org/16359

#7

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/16360

#8

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/16361

#9

Updated by Alexander Opitz over 8 years ago

Oh I forgott to mention, this patch also resolves the problem, if next accessible page is a shortcut to another page.

#10

Updated by Andreas Wolf over 8 years ago

  • Category changed from Communication to Frontend
  • Target version set to 6.0.2
  • TYPO3 Version changed from 3.8.0 to 6.0
  • PHP Version deleted (4)

We should definitely get this finally in...

Could you provide an exact specification on how to test (what page structure with which settings do I need)? Or - even better - upload a .t3d with a matching page structure.

#11

Updated by Alexander Opitz over 8 years ago

HowTo Reproduce:

- Install a TYPO3 with Introduction Package
- In the backend go to the Examples/Tables page and set its access to Customer
- Now go to http://yourdomain/?id=38

=> You will see the 404 site not found page.

- Now edit your typo3conf/localconf.php (or typo3conf/LocalConfiguration.php)
- Disable the page not found handling (you may found more then one entry in your typo3conf/localconf.php)

//$TYPO3_CONF_VARS['FE']['pageNotFound_handling'] = t3lib_div::getIndpEnv('TYPO3_SITE_URL').'index.php?id=16';

or
    'FE' => array(
        //'pageNotFound_handling' => 'http://yourdomain/index.php?id=16',
    ),

- Reload the page

=> You will see the Example page.

#12

Updated by Alexander Opitz about 8 years ago

  • Assignee set to Alexander Opitz
#13

Updated by Alexander Opitz about 8 years ago

  • Target version deleted (6.0.2)
  • TYPO3 Version changed from 6.0 to 3.8

The problem occured in 3.8 so setting TYPO3 version back to 3.8

#14

Updated by Gerrit Code Review about 8 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21390

#15

Updated by Gerrit Code Review about 8 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21390

#16

Updated by Gerrit Code Review almost 8 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21390

#17

Updated by Clément MICHELET over 7 years ago

Still not fixed in 6.1.6

Tree configuration :

Root page - Shortcut to first subpage
  • Page 1 - Hide at login + extends to subpage
    • Page 1.2
  • Page 2 - Show at any login + extends to subpage
    • Page 2.1
    • Page 2.2
      • Page 2.2.1
      • Page 2.2.2
    • Page 2.3

Environment Configuration :
pageNotFound_handling empty
No realurl enabled (yet)

Tests

With no login, request Page 2.2.2
Expected : Redirect to root page which redirect/shortcut to Page 1
Result: Display root page (which is a shortcut) as Page 2.2.2

With login, request Page 1.2
Expected : Redirect to root page which redirect/shortcut to Page 2
Result: Display root page (which is a shortcut) as Page 1.2

Workaround:
Apply access configurations on each subpages

#18

Updated by Gerrit Code Review over 7 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390

#19

Updated by Gerrit Code Review over 7 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390

#20

Updated by Gerrit Code Review over 7 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390

#21

Updated by Gerrit Code Review over 7 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390

#22

Updated by Gerrit Code Review about 7 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/21390

#23

Updated by Gerrit Code Review about 7 years ago

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/29897

#24

Updated by Alexander Opitz about 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#25

Updated by Gregor Schreier about 7 years ago

There is a bug in the change https://review.typo3.org/29897

access restricted pages can't be handled by the pageNotFound_handling anymore if the user is not logged in - if pageNotFound_handling defined.

Given:
You have a page in an access restricted area.
Someone link to the page in the access restricted are directly - now you get the first page witch is accessible in the Rootline with an Status Code 200 - this is wrong - and you have no way to change the site or status code.
You have to tell google at least that the status for the page is 401 - Unauthorized

In TYPO3 6.2.1 the handling was correct and points to the pageNotFound_handling - if defined.

The Commit which brings this bug was:
https://git.typo3.org/Packages/TYPO3.CMS.git/commit/9ab3b9b5dd96ae0f955277a8997abb4bd69a66ff

line 1627:

// We found something so reset to zero
$this->pageNotFound = 0;

This reset the pageNotFound Status if the page is in an access-restricted area and was marked before as pageNotFound

in line 1589:

if (!count($this->page)) {
// If no page, we try to find the page before in the rootLine.
// Page is 'not found' in case the id itself was not an accessible page. code 1
$this->pageNotFound = 1;

best regards
gregor

#26

Updated by Alexander Opitz about 7 years ago

  • Is Regression set to No

Hmmm thats a real Chicken/Egg issue in the source.
We can't show the best page to the user if $this->pageNotFound is set or we can't send correct header data/status codes if we set $this->pageNotFound = 0.

The $this->pageNotFound also has 5 possible values and IMHO there are more issues about the header data/status codes and the pageNotFound handler and possible redirects.

#27

Updated by Alexander Stehlik about 7 years ago

Regression in #58728 :(

#28

Updated by Benni Mack over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF