[BUGFIX] Check page access only if integer in ModuleRunner

If you register a module in main module "file" an error is thrown
because the ModuleRunner checks page access for the variable "id".
In any file module the id is a FAL identifier which can't be converted
to an integer value and the check fails.

This patch adds a limitation to the ModuleRunner to check page access
only if the id can be interpreted as integer value.

Releases: master, 6.2
Resolves: #67079
Change-Id: Iba44499b9b13172818aee48aefb01d102f810285
Reviewed-on: http://review.typo3.org/39648


Reviewed-by: Markus Sommer <markussom@posteo.de>
Tested-by: Markus Sommer <markussom@posteo.de>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>

typo3/sysext/extbase/Classes/Core/ModuleRunner.php

@@ -42,10 +42,11 @@ class ModuleRunner implements ModuleRunnerInterface {
 
 		// Check permissions and exit if the user has no permission for entry
 		$GLOBALS['BE_USER']->modAccess($moduleConfiguration, TRUE);
-		if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id')) {
+		$id = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id');
+		if ($id && \TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($id)) {
 			// Check page access
 			$permClause = $GLOBALS['BE_USER']->getPagePermsClause(TRUE);
-			$access = is_array(\TYPO3\CMS\Backend\Utility\BackendUtility::readPageAccess((int)\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id'), $permClause));
+			$access = is_array(\TYPO3\CMS\Backend\Utility\BackendUtility::readPageAccess((int)$id, $permClause));
 			if (!$access) {
 				throw new \RuntimeException('You don\'t have access to this page', 1289917924);
 			}