Bug #16561

Typolink doesn't check if a page in rootline has some access and include subpages is set...

Added by Volker Graubaum about 13 years ago. Updated almost 4 years ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
TypoScript
Target version:
-
Start date:
2006-09-13
Due date:
% Done:

0%

TYPO3 Version:
4.0
PHP Version:
4.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Typolink doesn't check the parent sides for enableFields together with include subpages

Example: try to search for a subsite in the indexSearch or link this side directly.
The link is working but you are sent to the first parent side, which is accessable...

typolink checks with calling $GLOBALS['TSFE']->sys_page->getPage

There is no check for parent sides.

(issue imported from #M4213)

4213_v1.diff View (3.73 KB) Administrator Admin, 2009-06-27 01:09


Related issues

Related to TYPO3 Core - Bug #87025: sysext:seo: XML sitemap shouldn't display subpages of a restricted page Closed 2018-11-28
Duplicated by TYPO3 Core - Bug #17952: typolinkLinkAccessRestrictedPages / showAccessRestrictedPages access does not work with "include subpages" Closed 2007-12-26
Duplicated by TYPO3 Core - Bug #19297: extendToSubpages not working Closed 2008-09-07

History

#1 Updated by Volker Graubaum about 13 years ago

To files has to be changed

1) class.tslib_content.php

change line 5193 $page = $GLOBALS['TSFE']->sys_page->getPage($link_param,$disableGroupAccessCheck);

to

$page = $GLOBALS['TSFE']->sys_page->getPage($link_param,$disableGroupAccessCheck,TRUE);

(a third parameter is added for getPage)

2) class.t3lib_page.php

Line 184ff
Change the function get Page and add the function checkPage

/**
 * Returns the $row for the page with uid = $uid (observing ->where_hid_del)
 * Any pages_language_overlay will be applied before the result is returned.
 * If no page is found an empty array is returned.
 *
 * @param    integer        The page id to look up.
 * @param    boolean        If set, the check for group access is disabled. VERY rarely used
 * @param     boolean        If set, the check will include the rootline
 * @return    array        The page row with overlayed localized fields. Empty it no page.
 * @see getPage_noCheck()
/
function getPage($uid, $disableGroupAccessCheck=FALSE,$userRootlineCheck=FALSE) {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('
', 'pages', 'uid='.intval($uid).$this->where_hid_del.($disableGroupAccessCheck ? '' : $this->where_groupAccess));
$row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
$check = ($userRootlineCheck ? $this->checkPage($uid) : 1 );
if ($row && $check){
$this->versionOL('pages',$row);
if (is_array($row)) return $this->getPageOverlay($row);
}
return Array();
}
/**
 * Checks the current rootline for defined sections.
 *
 * @param    integer        The page id to look up.
 * @return    boolean        
*/
function checkPage($uid)    {
$MP = t3lib_div::_GP('MP');
$rootLine = $this->getRootLine($uid,$MP);
$c=count($rootLine);
while(list($k,$page) = each($rootLine)){
if($page['title']=='Seminare'){
if ($page['extendToSubpages'] && !$GLOBALS['TSFE']->checkEnableFields($page)) {
return false;
}
}
}
return true;
}

#2 Updated by Christian Kuhn about 10 years ago

confirmed for 4.3, please take a look at the duplicate issues for a "how to reproduce"

#3 Updated by Christian Kuhn about 8 years ago

  • Category deleted (Communication)
  • Assignee deleted (Christian Kuhn)
  • Target version deleted (0)

#4 Updated by Riccardo De Contardi almost 4 years ago

  • Category set to TypoScript
  • Is Regression set to No

#5 Updated by Dima Nozdrin 10 months ago

  • Related to Bug #87025: sysext:seo: XML sitemap shouldn't display subpages of a restricted page added

Also available in: Atom PDF