From 37f059e1e0ec9145c286d39715d30ee1f56c157c Mon Sep 17 00:00:00 2001
From: Jochen Roth <jochen.roth@b13.com>
Date: Thu, 18 Nov 2021 12:07:02 +0100
Subject: [PATCH] [BUGFIX] Fix array access for user without read permissions
 in PHP8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Given you have a user which has no access to the current page
or no page at all, a "access array offset on value of type"
is thrown in PHP8.

This has been fixed by adding a fallback in case the
array key does not exist which then throws the expected
exception.

Resolves: #96026
Releases: master, 11.5
Change-Id: I335a74fb6c2566d7a3e65632977dbc2740249414
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72228
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
---
 typo3/sysext/backend/Classes/Http/RouteDispatcher.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/typo3/sysext/backend/Classes/Http/RouteDispatcher.php b/typo3/sysext/backend/Classes/Http/RouteDispatcher.php
index bfa29f73a594..85e2cc56b41d 100644
--- a/typo3/sysext/backend/Classes/Http/RouteDispatcher.php
+++ b/typo3/sysext/backend/Classes/Http/RouteDispatcher.php
@@ -185,7 +185,7 @@ class RouteDispatcher extends Dispatcher
                 // Check if page has been deleted
                 $deleteField = $GLOBALS['TCA']['pages']['ctrl']['delete'];
                 $pageInfo = BackendUtility::getRecord('pages', $id, $deleteField, $permClause ? ' AND ' . $permClause : '', false);
-                if (!$pageInfo[$deleteField]) {
+                if (!($pageInfo[$deleteField] ?? false)) {
                     throw new \RuntimeException('You don\'t have access to this page', 1289917924);
                 }
             }
-- 
GitLab