Bug #73493
closed
Check if page really exists for TypoScript "browse" menu
100%
Description
Hi there,
I found a bug in the AbstractMenuContentObject class in line 1103 (TYPO3 version 7.6.3). The TypoScript HMENU "special = browse" ( items = next|prev ) tries to generate links although the page is not accessible because of a TypoScript condition (PIDupinRootline ). This results in an SQL error because 'pid in ()' is not allowed ( will be called in the following function "$this->sys_page->getMenu(...)").
The TYPO3 core check whether the possible site is an array but not whether the array is empty.
\TYPO3\CMS\Frontend\ContentObject\Menu\AbstractMenuContentObject line 1103
// prevsection / nextsection is found
// You can only do this, if there is a valid page two levels up!
if (is_array($recArr['index'])) {
should be changed to:
// prevsection / nextsection is found
// You can only do this, if there is a valid page two levels up!
if (empty($recArr['index']) === false && is_array($recArr['index'])) {
Updated by Gerrit Code Review about 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715
Updated by Gerrit Code Review about 8 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715
Updated by Daniel Goerz about 8 years ago
This is kind of an edge case. But valid I guess. To reproduce create a page tree with four level with the first level being root. Insert a browse menu as e.g. this snippet:
page.20 = HMENU
page.20 {
special = browse
special {
items = index|up|next|prev
items.prevnextToSection = 1
}
1 = TMENU
1.NO = 1
1.NO.allWrap = <li>|</li>
1.wrap = <ul class="level1">|</ul>
}
The make the level2 page inaccessible by showing it only to loged in users. The browse menu will now produce a sql error on level 4.
Updated by Gerrit Code Review about 8 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715
Updated by Gerrit Code Review about 8 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715
Updated by Gerrit Code Review about 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46924
Updated by Markus Hölzle about 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 5f33fb0194064336aef866ab2a922db0270ba2a2.
Updated by