Project

General

Profile

Actions
Copy link

Bug #73493

closed

Check if page really exists for TypoScript "browse" menu

Added by Markus Hölzle almost 9 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2016-02-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hi there,

I found a bug in the AbstractMenuContentObject class in line 1103 (TYPO3 version 7.6.3). The TypoScript HMENU "special = browse" ( items = next|prev ) tries to generate links although the page is not accessible because of a TypoScript condition (PIDupinRootline ). This results in an SQL error because 'pid in ()' is not allowed ( will be called in the following function "$this->sys_page->getMenu(...)").

The TYPO3 core check whether the possible site is an array but not whether the array is empty.

\TYPO3\CMS\Frontend\ContentObject\Menu\AbstractMenuContentObject line 1103

// prevsection / nextsection is found
// You can only do this, if there is a valid page two levels up!
if (is_array($recArr['index'])) {

should be changed to:

// prevsection / nextsection is found
// You can only do this, if there is a valid page two levels up!
if (empty($recArr['index']) === false && is_array($recArr['index'])) {

Actions
Copy link
 #1

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715

Actions
Copy link
 #2

Updated by Gerrit Code Review almost 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715

Actions
Copy link
 #3

Updated by Daniel Goerz almost 9 years ago

This is kind of an edge case. But valid I guess. To reproduce create a page tree with four level with the first level being root. Insert a browse menu as e.g. this snippet:

page.20 = HMENU
page.20 {
  special = browse
  special {
    items = index|up|next|prev
    items.prevnextToSection = 1
  }
  1 = TMENU
  1.NO = 1
  1.NO.allWrap = <li>|</li>
  1.wrap = <ul class="level1">|</ul>
}

The make the level2 page inaccessible by showing it only to loged in users. The browse menu will now produce a sql error on level 4.

Actions
Copy link
 #4

Updated by Gerrit Code Review almost 9 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715

Actions
Copy link
 #5

Updated by Gerrit Code Review almost 9 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46715

Actions
Copy link
 #6

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/46924

Actions
Copy link
 #7

Updated by Markus Hölzle over 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #8

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF