From dc3087bfc605642e4103711179ef028aba2a3d7c Mon Sep 17 00:00:00 2001
From: Michael Oehlhof <typo3@oehlhof.de>
Date: Tue, 24 Nov 2015 00:14:07 +0100
Subject: [PATCH] [BUGFIX] Check if selected page is available before loading
 BE module

If a formerly selected page (in page tree) is not available anymore
(e.g. deleted), any access to a backend module will now check
this condition and will avoid an error.
An empty module will be displayed in such a case.

Resolves: #66449
Releases: master, 7.6
Change-Id: I4caf6abf715af2009705caf126f2614ae5cde9ed
Reviewed-on: https://review.typo3.org/44923
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Bjoern Jacob <bjoern.jacob@tritum.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
---
 .../Classes/Http/BackendModuleRequestHandler.php  | 15 ++++++++++-----
 .../Controller/AdministrationController.php       |  4 +++-
 .../Classes/Controller/ReviewController.php       |  6 ++++--
 3 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php b/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
index 27f2ea28169f..ed8f97c997ae 100644
--- a/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
+++ b/typo3/sysext/backend/Classes/Http/BackendModuleRequestHandler.php
@@ -142,21 +142,26 @@ class BackendModuleRequestHandler implements RequestHandlerInterface
     {
         $moduleConfiguration = $this->getModuleConfiguration($moduleName);
 
+        /** @var Response $response */
+        $response = GeneralUtility::makeInstance(Response::class);
+
         // Check permissions and exit if the user has no permission for entry
         $this->backendUserAuthentication->modAccess($moduleConfiguration, true);
         $id = isset($this->request->getQueryParams()['id']) ? $this->request->getQueryParams()['id'] : $this->request->getParsedBody()['id'];
         if ($id && MathUtility::canBeInterpretedAsInteger($id)) {
-            // Check page access
             $permClause = $this->backendUserAuthentication->getPagePermsClause(true);
+            // Check page access
             $access = is_array(BackendUtility::readPageAccess((int)$id, $permClause));
             if (!$access) {
-                throw new \RuntimeException('You don\'t have access to this page', 1289917924);
+                // Check if page has been deleted
+                $deleteField = $GLOBALS['TCA']['pages']['ctrl']['delete'];
+                $pageInfo = BackendUtility::getRecord('pages', (int)$id, $deleteField, $permClause ? ' AND ' . $permClause : '', false);
+                if (!$pageInfo[$deleteField]) {
+                    throw new \RuntimeException('You don\'t have access to this page', 1289917924);
+                }
             }
         }
 
-        /** @var Response $response */
-        $response = GeneralUtility::makeInstance(Response::class);
-
         // Use Core Dispatching
         if (isset($moduleConfiguration['routeTarget'])) {
             $dispatcher = GeneralUtility::makeInstance(Dispatcher::class);
diff --git a/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php b/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
index b132d7a95f5d..033050573e6b 100644
--- a/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
+++ b/typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
@@ -90,7 +90,9 @@ class AdministrationController extends ActionController
             parent::initializeView($view);
             $permissionClause = $this->getBackendUserAuthentication()->getPagePermsClause(1);
             $pageRecord = BackendUtility::readPageAccess($this->pageUid, $permissionClause);
-            $view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
+            if ($pageRecord) {
+                $view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
+            }
             $this->generateMenu();
             $this->view->getModuleTemplate()->setFlashMessageQueue($this->controllerContext->getFlashMessageQueue());
         }
diff --git a/typo3/sysext/workspaces/Classes/Controller/ReviewController.php b/typo3/sysext/workspaces/Classes/Controller/ReviewController.php
index 0e59ff7be881..3b6c3cb1b6d4 100644
--- a/typo3/sysext/workspaces/Classes/Controller/ReviewController.php
+++ b/typo3/sysext/workspaces/Classes/Controller/ReviewController.php
@@ -73,8 +73,10 @@ class ReviewController extends AbstractController
         $this->view->assign('pageUid', GeneralUtility::_GP('id'));
         if (GeneralUtility::_GP('id')) {
             $pageRecord = BackendUtility::getRecord('pages', GeneralUtility::_GP('id'));
-            $this->view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
-            $this->view->assign('pageTitle', BackendUtility::getRecordTitle('pages', $pageRecord));
+            if ($pageRecord) {
+                $this->view->getModuleTemplate()->getDocHeaderComponent()->setMetaInformation($pageRecord);
+                $this->view->assign('pageTitle', BackendUtility::getRecordTitle('pages', $pageRecord));
+            }
         }
         $this->view->assign('showLegend', !($GLOBALS['BE_USER']->workspace === 0 && !$GLOBALS['BE_USER']->isAdmin()));
         $wsList = $wsService->getAvailableWorkspaces();
-- 
GitLab