From 81e901ca10268d68e3acc306b030a7483f2a6805 Mon Sep 17 00:00:00 2001
From: Benjamin Franzke <bfr@qbus.de>
Date: Mon, 15 Nov 2021 10:21:14 +0100
Subject: [PATCH] [BUGFIX] Fix loose type check in BackendUserAuthentication

empty() returns true if a record contains 0 as value.
Therefore isset() needs to be used instead.

The corresponding fix that was introduced with #91145
to workaround this flaw is removed again.

Resolves: #95972
Related: #91145
Releases: master, 10.4
Change-Id: Idfea91b84d8391d680900966f57b406c28a616ce
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72170
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
---
 .../sysext/backend/Classes/Controller/Page/TreeController.php  | 3 ---
 .../core/Classes/Authentication/BackendUserAuthentication.php  | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Controller/Page/TreeController.php b/typo3/sysext/backend/Classes/Controller/Page/TreeController.php
index 076244f23615..f2ff74207d10 100644
--- a/typo3/sysext/backend/Classes/Controller/Page/TreeController.php
+++ b/typo3/sysext/backend/Classes/Controller/Page/TreeController.php
@@ -352,9 +352,6 @@ class TreeController
         if (in_array($pageId, $this->hiddenRecords, true)) {
             return [];
         }
-        if ($pageId === 0 && !$backendUser->isAdmin()) {
-            return [];
-        }
 
         $stopPageTree = !empty($page['php_tree_stop']) && $depth > 0;
         $identifier = $entryPoint . '_' . $pageId;
diff --git a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
index 10d7ec201d0a..2bbebf260c1a 100644
--- a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
@@ -340,7 +340,7 @@ class BackendUserAuthentication extends AbstractUserAuthentication
         $checkRec = [];
         $fetchPageFromDatabase = true;
         if (is_array($idOrRow)) {
-            if (empty($idOrRow['uid'])) {
+            if (!isset($idOrRow['uid'])) {
                 throw new \RuntimeException('The given page record is invalid. Missing uid.', 1578950324);
             }
             $checkRec = $idOrRow;
-- 
GitLab