From cc32fcdf08867493fcfdb95e23ea1940312e7268 Mon Sep 17 00:00:00 2001
From: Markus Hoelzle <typo3@markus-hoelzle.de>
Date: Wed, 22 Feb 2017 09:38:40 +0100
Subject: [PATCH] [BUGFIX] Fix parameter type in BackendModuleRequestHandler

The function
\TYPO3\CMS\Core\Authentication\BackendUserAuthentication
->getPagePermsClause accepts only an integer value as parameter,
but a boolean value is given in
TYPO3\CMS\Backend\Http\BackendModuleRequestHandler->dispatchModule

Resolves: #79949
Releases: master
Change-Id: I6d0e6049ce2f68f361853f5c5ea50984c9448347
Reviewed-on: https://review.typo3.org/51791
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
---
 .../backend/Classes/Http/BackendModuleRequestHandler.php       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php b/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
index 61fc8c9c0c45..d04c39fdecd8 100644
--- a/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
+++ b/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
@@ -24,6 +24,7 @@ use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
 use TYPO3\CMS\Core\Http\Dispatcher;
 use TYPO3\CMS\Core\Http\RequestHandlerInterface;
 use TYPO3\CMS\Core\Http\Response;
+use TYPO3\CMS\Core\Type\Bitmask\Permission;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Utility\MathUtility;
 
@@ -149,7 +150,7 @@ class BackendModuleRequestHandler implements RequestHandlerInterface
         $this->backendUserAuthentication->modAccess($moduleConfiguration, true);
         $id = isset($this->request->getQueryParams()['id']) ? $this->request->getQueryParams()['id'] : $this->request->getParsedBody()['id'];
         if ($id && MathUtility::canBeInterpretedAsInteger($id)) {
-            $permClause = $this->backendUserAuthentication->getPagePermsClause(true);
+            $permClause = $this->backendUserAuthentication->getPagePermsClause(Permission::PAGE_SHOW);
             // Check page access
             $access = is_array(BackendUtility::readPageAccess((int)$id, $permClause));
             if (!$access) {
-- 
GitLab