From b7bdd84177ef69fca91430409df3280804395680 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Thu, 8 Aug 2013 12:48:24 +0200
Subject: [PATCH] [BUGFIX] BackendUtility::viewOnClick() called with
 non-integer

The origin is in DatabaseRecordList::makeControl() that
tries to create a preview link with the page id "243#33163"
- more strict checks will deny this request because it's not
the expected integer value. Thus, BackendUtility::viewOnClick()
is called with a string instead of an integer.
This happens in the regular list module in the TYPO3 backend.
It's not critical if hooks and further processors use intval() on the
argument, but is bad if methods expect the defined integer value.

Change-Id: Ib66c1ee219b67e51d534f11fbf1eaa330476ca93
Fixes: #50912
Releases: 4.5, 6.0, 6.1, 6.2
Reviewed-on: https://review.typo3.org/22951
Reviewed-by: Sascha Egerer
Tested-by: Sascha Egerer
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
---
 .../Classes/RecordList/DatabaseRecordList.php        | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index b7b1c635cba7..7400212da3be 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -1011,8 +1011,16 @@ class DatabaseRecordList extends \TYPO3\CMS\Recordlist\RecordList\AbstractDataba
 		$permsEdit = $table == 'pages' && $localCalcPerms & 2 || $table != 'pages' && $this->calcPerms & 16;
 		// "Show" link (only pages and tt_content elements)
 		if ($table == 'pages' || $table == 'tt_content') {
-			$params = '&edit[' . $table . '][' . $row['uid'] . ']=edit';
-			$cells['view'] = '<a href="#" onclick="' . htmlspecialchars(BackendUtility::viewOnClick(($table == 'tt_content' ? $this->id . '#' . $row['uid'] : $row['uid']), $this->backPath)) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', TRUE) . '">' . IconUtility::getSpriteIcon('actions-document-view') . '</a>';
+			$cells['view'] = '<a href="#" onclick="'
+				. htmlspecialchars(
+					BackendUtility::viewOnClick(
+						($table === 'tt_content' ? $this->id : $row['uid']),
+						$this->backPath,
+						'',
+						($table === 'tt_content' ? '#' . $row['uid'] : '')
+					)
+				) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', TRUE) . '">'
+				. IconUtility::getSpriteIcon('actions-document-view') . '</a>';
 		} elseif (!$this->table) {
 			$cells['view'] = $this->spaceIcon;
 		}
-- 
GitLab