Bug #92762

Accessing a restricted subpage of a sysfolder triggers a 404 instead of 403

Added by DANIEL Rémy 9 months ago. Updated 2 months ago.

Status:
Under Review
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
-
Start date:
2020-11-03
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
medium
Is Regression:
Yes
Sprint Focus:

Description

On TYPO3 9, accessing a restricted subpage of a sysfolder triggered a 403.
On TYPO3 10, a 404 is triggered.

This is a regression introduced in https://review.typo3.org/c/Packages/TYPO3.CMS/+/58829

How to reproduce

With the following page tree:

Rootpage
- page 1 (public, enabled)
- sysfolder 3 (enabled)
-- subpage 2 (restricted to authenticated users, enabled)

Without a frontend session, access the subpage 2 triggers a 404.

What should I see?

Without a frontend session, access the subpage B should trigger a 403.


Related issues

Related to TYPO3 Core - Task #92225: Add test previewing created hidden page & content in workspaceUnder ReviewBenni Mack2020-09-07

Actions
Related to TYPO3 Core - Bug #86346: Hidden pages sent 403 HeaderUnder Review2018-09-21

Actions
Related to TYPO3 Core - Bug #18079: slide of cObj CONTENT stops if sysfolder in rootlineClosed2008-01-30

Actions
Related to TYPO3 Core - Feature #20933: Enable working with SysFolders in CONTENTClosed2009-08-26

Actions
#1

Updated by DANIEL Rémy 9 months ago

  • Related to Task #92225: Add test previewing created hidden page & content in workspace added
#2

Updated by DANIEL Rémy 9 months ago

  • Related to Bug #86346: Hidden pages sent 403 Header added
#3

Updated by Benoit Chenu 8 months ago

I think the issue was introduced here :

https://review.typo3.org/c/Packages/TYPO3.CMS/+/64038/5/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

Related to this issue :

https://forge.typo3.org/issues/18079

If we remove the condition on DOKTYPE_SYSFOLDER, TYPO3 send a 403 as expected :

< if ($this->page['doktype']  PageRepository::DOKTYPE_SPACER || $this->page['doktype']  PageRepository::DOKTYPE_SYSFOLDER) {
> if ($this->page['doktype'] == PageRepository::DOKTYPE_SPACER) {
#4

Updated by Benoit Chenu 8 months ago

  • Related to Bug #18079: slide of cObj CONTENT stops if sysfolder in rootline added
#5

Updated by Markus Klein 8 months ago

  • Related to Feature #20933: Enable working with SysFolders in CONTENT added
#6

Updated by Marc Hirdes 2 months ago

A fix would be great

#7

Updated by Gerrit Code Review 2 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69306

Also available in: Atom PDF