Bug #91559

Reverting auto slug update for editors does not work

Added by Chris Müller about 1 year ago. Updated 12 days ago.

Status:
Under Review
Priority:
Must have
Assignee:
-
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
2020-06-03
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When reverting a redirect which was created as an editor, a successful notification is shown. However, the redirect record is still available.

As an admin user the redirect record is removed.

This behaviour was observed in TYPO3 10.4.3.


Related issues

Has duplicate TYPO3 Core - Bug #94105: Redirects not revertable by non adminsClosed2021-05-10

Actions
#1

Updated by Guido Schmechel about 2 months ago

  • Has duplicate Bug #94105: Redirects not revertable by non admins added
#2

Updated by Riccardo De Contardi about 2 months ago

I report here the description of #94105 to keep track of it

Non-admin users are not able to revert the redirect via the blue popup on page save, when the slug is changed and the page saved.

How to reproduce:
Create a page “test123” and save
Change page title to “test345", update the slug and save.
Redirect for keyword “test123” in Source Path should be visible in Redirect Module.
Click “Revert redirects only” in the blue popup
Redirect for keyword “test123” in Source Path should be gone in Redirect Module.
Repeat with any non-admin editor (make sure to grant access to redirect module, list rights for redirect show/edit, and allow all fields in the record itself)
The redirect will not be deleted in the last step.

#3

Updated by Henrik Elsner about 1 month ago

  • Priority changed from Should have to Must have

We too have this issue. (with 10.4.17)
And i would declare it as must have as this can highly affect SEO etc.

#4

Updated by Albrecht Köhnlein 29 days ago

The problem seems to be combination of the facts, that all redirects are stored on pid=0 and that non-admins don't have page access to page id 0

I xdebug'ed the problem and came out here: https://github.com/TYPO3/TYPO3.CMS/blob/7aad9f6dea9246a1cc64f1b076e106605db3e04c/typo3/sysext/backend/Classes/History/RecordHistory.php#L273

if (empty($GLOBALS['TCA'][$table]) || !$this->hasTableAccess($table) || !$this->hasPageAccess($table, $uid)) {
    return [];
}

Calling the method $this->hasPageAccess($table, $uid) will return false.

So one (complex) solution could be to not save redirect records on pid=0 but any other page, the editor has access. A simpler solution could be to always skip the access tests for table "sys_redirect"

#5

Updated by Gerrit Code Review 29 days ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

#6

Updated by Gerrit Code Review 18 days ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

#7

Updated by Gerrit Code Review 12 days ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

Also available in: Atom PDF