From e259036ba9e5cfae0f66736d7d229b851a156136 Mon Sep 17 00:00:00 2001
From: Christian Kuhn <lolli@schwarzbu.ch>
Date: Fri, 7 Apr 2023 13:33:42 +0200
Subject: [PATCH] [BUGFIX] Sanitize BackendUtility::titleAttribForPages()

When the "Access" module is called without a selected
page, the root page icon rendering triggers a PHP 8.0
array access warning.

This was triggered by the refactoring with #100454, but
is a general issue of the method, which is why the patch
should go to 11.5 as well.

The patch sanitizes $row['uid']. Other parts of the
method access further array keys without fallback,
but those should be fine - at least for now - since
this is about 'pages', and if there is a uid, the
other fields are probably provided as well.

Resolves: #100527
Related: #100454
Releases: main, 11.5
Change-Id: I40df9fcb86a145cfa68f7dc3086649c52efe7d79
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78558
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
---
 typo3/sysext/backend/Classes/Utility/BackendUtility.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/typo3/sysext/backend/Classes/Utility/BackendUtility.php b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
index af0275bea4b4..7622378d4288 100644
--- a/typo3/sysext/backend/Classes/Utility/BackendUtility.php
+++ b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
@@ -1134,6 +1134,9 @@ class BackendUtility
      */
     public static function titleAttribForPages($row, $perms_clause = '', $includeAttrib = true)
     {
+        if (!isset($row['uid'])) {
+            return '';
+        }
         $lang = static::getLanguageService();
         $parts = [];
         $parts[] = 'id=' . $row['uid'];
-- 
GitLab