Skip to content

Commit

Permalink
[TASK] Remove access check when generating preview URL (#395)
Browse files Browse the repository at this point in the history
  • Loading branch information
Richard Haeser authored Dec 10, 2020
1 parent f33641b commit b736181
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 48 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ We will follow [Semantic Versioning](http://semver.org/).
## Yoast SEO Premium for TYPO3
Besides the free version of our plugin, we also have a premium version. The free version enables you to do all necessary optimizations. With the premium version, we make it even easier to do! More information can be found on https://www.maxserv.com/yoast.

## 7.0.7 December 9, 2020
### Fixed
* It should not matter if a backend user has backend access to the page which is used to preview. This is mainly when using Yoast SEO for records other than pages and the detail page itself is not accessible for the backend user.

## 7.0.6 November 20, 2020
### Fixed
* The script adding additional information for the preview now checks if the getWebsiteTitle method exists before calling it. This prevents errors in TYPO3 v9 as this method is not availalbe there.
Expand Down
88 changes: 41 additions & 47 deletions Classes/Service/UrlService.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
use TYPO3\CMS\Core\Routing\RouteNotFoundException;
use TYPO3\CMS\Core\Site\Entity\Site;
use TYPO3\CMS\Core\Site\SiteFinder;
use TYPO3\CMS\Core\Type\Bitmask\Permission;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Frontend\Page\PageRepository;
use YoastSeoForTypo3\YoastSeo\Utility\YoastUtility;
Expand Down Expand Up @@ -54,58 +53,53 @@ public function getPreviewUrl(
int $languageId,
$additionalGetVars = ''
): string {
$permissionClause = $this->getBackendUser()->getPagePermsClause(Permission::PAGE_SHOW);
$pageRecord = BackendUtility::readPageAccess($pageId, $permissionClause);
if ($pageRecord) {
$rootLine = BackendUtility::BEgetRootLine($pageId);
// Mount point overlay: Set new target page id and mp parameter
$pageRepository = GeneralUtility::makeInstance(PageRepository::class);
$finalPageIdToShow = $pageId;
$mountPointInformation = $pageRepository->getMountPointInfo($pageId);
if ($mountPointInformation && $mountPointInformation['overlay']) {
// New page id
$finalPageIdToShow = $mountPointInformation['mount_pid'];
$additionalGetVars .= '&MP=' . $mountPointInformation['MPvar'];
}
$rootLine = BackendUtility::BEgetRootLine($pageId);
// Mount point overlay: Set new target page id and mp parameter
$pageRepository = GeneralUtility::makeInstance(PageRepository::class);
$finalPageIdToShow = $pageId;
$mountPointInformation = $pageRepository->getMountPointInfo($pageId);
if ($mountPointInformation && $mountPointInformation['overlay']) {
// New page id
$finalPageIdToShow = $mountPointInformation['mount_pid'];
$additionalGetVars .= '&MP=' . $mountPointInformation['MPvar'];
}

if (version_compare(TYPO3_branch, '9.5', '>=')) {
$siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
$site = $siteFinder->getSiteByPageId($finalPageIdToShow, $rootLine);
if ($site instanceof Site) {
$this->checkRouteEnhancers($site);

$additionalQueryParams = [];
parse_str($additionalGetVars, $additionalQueryParams);
$additionalQueryParams['_language'] = $site->getLanguageById($languageId);
$uriToCheck = YoastUtility::fixAbsoluteUrl(
(string)$site->getRouter()->generateUri($finalPageIdToShow, $additionalQueryParams)
);

if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS'][self::class]['urlToCheck'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS'][self::class]['urlToCheck'] as $_funcRef) {
$_params = [
'urlToCheck' => $uriToCheck,
'site' => $site,
'finalPageIdToShow' => $finalPageIdToShow,
'languageId' => $languageId
];

$uriToCheck = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
if (version_compare(TYPO3_branch, '9.5', '>=')) {
$siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
$site = $siteFinder->getSiteByPageId($finalPageIdToShow, $rootLine);
if ($site instanceof Site) {
$this->checkRouteEnhancers($site);

$additionalQueryParams = [];
parse_str($additionalGetVars, $additionalQueryParams);
$additionalQueryParams['_language'] = $site->getLanguageById($languageId);
$uriToCheck = YoastUtility::fixAbsoluteUrl(
(string)$site->getRouter()->generateUri($finalPageIdToShow, $additionalQueryParams)
);

if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS'][self::class]['urlToCheck'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS'][self::class]['urlToCheck'] as $_funcRef) {
$_params = [
'urlToCheck' => $uriToCheck,
'site' => $site,
'finalPageIdToShow' => $finalPageIdToShow,
'languageId' => $languageId
];

$uriToCheck = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
$uri = (string)$this->uriBuilder->buildUriFromRoute('ajax_yoast_preview', [
'uriToCheck' => $uriToCheck, 'pageId' => $finalPageIdToShow
]);
} else {
$uri = BackendUtility::getPreviewUrl($finalPageIdToShow, '', $rootLine, '', '', $additionalGetVars);
}
$uri = (string)$this->uriBuilder->buildUriFromRoute('ajax_yoast_preview', [
'uriToCheck' => $uriToCheck, 'pageId' => $finalPageIdToShow
]);
} else {
$uri = $this->getUrlForType(self::FE_PREVIEW_TYPE, '&pageIdToCheck=' . $pageId . '&languageIdToCheck=' . $languageId);
$uri = BackendUtility::getPreviewUrl($finalPageIdToShow, '', $rootLine, '', '', $additionalGetVars);
}

return $uri;
} else {
$uri = $this->getUrlForType(self::FE_PREVIEW_TYPE, '&pageIdToCheck=' . $pageId . '&languageIdToCheck=' . $languageId);
}
return '#';

return (string)$uri;
}

/**
Expand Down
2 changes: 1 addition & 1 deletion ext_emconf.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
'dependencies' => '',
'state' => 'stable',
'uploadfolder' => 0,
'version' => '7.0.6',
'version' => '7.0.7',
'constraints' => [
'depends' => [
'typo3' => '8.7.0-10.4.99',
Expand Down

0 comments on commit b736181

Please sign in to comment.