TYPO3 Core

Okay, the reason is in cms/class.tslib_fe.php: 1230

function checkPagerecordForIncludeSection($row)    {
        return (!$row['extendToSubpages'] || $this->checkEnableFields($row)) ? 1 : 0;
    }

This check is plainly wrong, here is the fail-scenario:
Rootline:

1: not protected
`-- 2: fe_group, no extendTo
`-- 3: fe_group, extendTo enabled
`-- 4: not protected

• sys_page->getPage returns the entry (not protected)
• checkRootlineForIncludeSection() returns:
  TRUE, TRUE, FALSE, TRUE for non-removal
• the page displayed is the last in the rootLine, which is '2', which is wrong!

• sys_page->getPage returns no entry
• getPageAndRootline() takes over the search for the next valid page and correctly removes 2, 3, 4
• the page displayed is the last in the rootLine, which is '1'

It can be seen that getPageAndRootline() itself does the job just fine, checkRootlineForIncludeSection() is just a post-function for cases that are a bit more complex, especially trying to cover extendTo cases. I asume from that one-liner that the initial intention is to not return FALSE for un-protected pages (those that do not have fe_groups). Reconstructing that initial intention the function should be:

function checkPagerecordForIncludeSection($row)    {
        return (!$row['fe_group'] || $this->checkEnableFields($row)) ? 1 : 0;
    }

instead.

It makes no sense to bind access-restriction to the pure existance of the extendTo-flag!

Patch attached and verified under the given fail-case. Acessing '2', '3' or '4' all drop to '1' now. If logged-in, they all allow correct access.

After three months of testing and verification I came up with the last uploaded solution. Changing "checkPagerecordForIncludeSection" will break getPidList (logins, realurl, ...), which must not execute extendTo-functionality (as storage folders within extendTo will not be able to be found, etc.).

Did you test whether this behaviour also occurred in TYPO3 4.2?

Give me a day, I'm going to check it in 4.2.0. Deductions says "yes", as the code hasn't changed since ages.

I have another kind of problem with this issue :

When a page is not accessible, the checkRootlineForIncludeSection function fall back to the last valid page correctly. But the last accessible page is (in my case) a shortcut page... which is not resolved.

This "problem" occurs around the checkRootlineForIncludeSection function usage (around line 1084 of tslib_fe)

Well, i tried something.

As rootline is modified each time we follow a shortcut, the shortcut resolution should maybe be a loop (around in tslib_fe, line 1041).

Rootline check maybe have to be done one time, and then each time we follow a shortcut.