From adaa7dc03cd425538cb5f3c6bb2fdbedddd9187b Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 6 Feb 2023 22:10:04 +0100
Subject: [PATCH] [BUGFIX] Avoid disabling page caches when having cHash
 validation enforced
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If $GLOBALS['TYPO3_CONF_VARS']['FE']['cacheHash']['enforceValidation']
is enabled and the HTTP request only contains the `?id` query parameter,
caching for the page is disabled - which should be avoided.

Resolves: #99859
Releases: main, 11.5, 10.4
Change-Id: I14a81f5a2ec3ecabedd1abf0756a3ee32e7af4e4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77734
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan BÃ¼rk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Stefan BÃ¼rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
---
 .../frontend/Classes/Middleware/PageArgumentValidator.php  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/typo3/sysext/frontend/Classes/Middleware/PageArgumentValidator.php b/typo3/sysext/frontend/Classes/Middleware/PageArgumentValidator.php
index 296f2b789695..6625bbb69ea6 100644
--- a/typo3/sysext/frontend/Classes/Middleware/PageArgumentValidator.php
+++ b/typo3/sysext/frontend/Classes/Middleware/PageArgumentValidator.php
@@ -207,9 +207,14 @@ class PageArgumentValidator implements MiddlewareInterface, LoggerAwareInterface
             return $this->evaluateQueryParametersWithoutCacheHash($pageArguments->getDynamicArguments(), $pageNotFoundOnCacheHashError);
         }
         $relevantParameters = $this->getRelevantParametersForCacheHashCalculation($pageArguments);
+        // There are no parameters that require a cHash.
+        // We end up here when the site was called with an `id` param, e.g. https://example.org/index?id=123.
+        if (empty($relevantParameters)) {
+            return true;
+        }
         // There are parameters that would be needed for the current page, but no cHash is given.
         // Thus, a "page not found" error is thrown - as configured via "pageNotFoundOnCHashError".
-        if (!empty($relevantParameters) && $pageNotFoundOnCacheHashError) {
+        if ($pageNotFoundOnCacheHashError) {
             return false;
         }
         // Caching is disabled now (but no 404)
-- 
GitLab