search

in2code-de / powermail

This is the official repository of the TYPO3 extension powermail! Powermail is a well-known, editor-friendly, powerful and easy mailform extension for TYPO3
https://in2code.de
88 stars 175 forks source link

Editors are not able to place a new Powermail Plug-in on any page #963

Open noeol opened 8 months ago

noeol commented 8 months ago

Issue

The Powermail Plug-in collects, while it is added to a page in TYPO3 backend, all available forms and only shows those for which the logged-in user has the necessary rights by checking if the user has access to the parent page (tx_powermail_domain_model_form.pid). If this page does not exist in the database any more ("hard" deleted, NOT pages.deleted=1) a wrong type is returned (false instead of array) and the error occurs.

Powermail

How to test

  1. Login as a regular editor (NOT admin)
  2. Create a page/sys folder
  3. On this page/sys folder create a Powermail form
  4. Delete the page/sys folder but not the form in the database ("hard", means delete the complete row in the pages table)
  5. Try to add a Powermail Plug-in to a random page as a non-admin

Possible fix

In app/public/typo3conf/ext/powermail/Classes/Domain/Repository/PageRepository.php change the return type of getPropertiesFromUid() to mixed since fetchAssociative() can possibly return false.

    /**
     * @param int $uid
-    * @return array
+    * @return mixed
     * @throws Exception
     * @throws ExceptionDbal
     */
-    public function getPropertiesFromUid(int $uid): array
+    public function getPropertiesFromUid(int $uid)
    {
        $connection = DatabaseUtility::getConnectionForTable('pages');
        return $connection->executeQuery('select * from pages where uid=' . (int)$uid . ' limit 1')->fetchAssociative();
    }
markusa86 commented 7 months ago

Same Issue with Forms in workspaces. Then the uid is -1. And then the resullt ist false instead of an array.