[BUGFIX] Enable rootline / content access to sysfolders

Only disallow DOCTYPE_RECYCLER in rootline and cObj->checkPid(),
instead of disallowing DOCTYPE_SYSFOLDER.

This makes it possible to fetch content from sysfolder pages.

At the same time, a hard check on accessing sys folders is added
to TSFE.

Resolves: #18079
Resolves: #20933
Releases: master
Change-Id: Ieb54d139bc1e7fc489c35f70510800be8ff14fb9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64038
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

typo3/sysext/core/Classes/Domain/Repository/PageRepository.php

@@ -166,7 +166,7 @@ protected function init($show_hidden)
                     $expressionBuilder->eq('pages.t3ver_wsid', 0),
                     $expressionBuilder->eq('pages.t3ver_wsid', (int)$this->versioningWorkspaceId)
                 ),
-                $expressionBuilder->lt('pages.doktype', 200)
+                $expressionBuilder->neq('pages.doktype', self::DOKTYPE_RECYCLER)
             );
         } else {
             // add starttime / endtime, and check for hidden/deleted
@@ -176,7 +176,7 @@ protected function init($show_hidden)
                 QueryHelper::stripLogicalOperatorPrefix(
                     $this->enableFields('pages', $show_hidden, ['fe_group' => true])
                 ),
-                $expressionBuilder->lt('pages.doktype', 200)
+                $expressionBuilder->neq('pages.doktype', self::DOKTYPE_RECYCLER)
             );
         }
         if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS'][self::class]['init'] ?? false)) {

typo3/sysext/core/Documentation/Changelog/master/Important-18079-PagesdoktypeRestrictionForFrontendQueriesRefined.rst

@@ -0,0 +1,22 @@
+.. include:: ../../Includes.txt
+
+==========================================================================
+Important: #18079 - pages.doktype restriction for frontend queries refined
+==========================================================================
+
+See :issue:`18079`
+
+Description
+===========
+
+Since over 15 years, TYPO3's Frontend rendering had a restriction to only allow pages with a "page type" (pages.doktype such as "Shortcut", "Link to external URL") to be limited to a fixed number less than 200.
+
+This meant that pages of certain types such as a Sys Folder and Recycler never were respected when fetching content from a specific page (via Typoscript) or querying records from there.
+
+This limitation has now been lifted in order to fix certain bugs,
+such as "content sliding" via TypoScript. But this also allows custom page doktypes to be used that have a higher number 200.
+
+This could potentially result in unexpected behavior in TypoScript or content fetching, if the previous limited behavior was mis-used
+for certain purposes.
+
+.. index:: Frontend, TypoScript, ext:frontend

typo3/sysext/core/Tests/Functional/Domain/Repository/PageRepositoryTest.php

@@ -340,7 +340,7 @@ public function initSetsPublicPropertyCorrectlyForWorkspacePreview()
         $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable('pages');
 
         $expectedSQL = sprintf(
-            ' AND (%s = 0) AND ((%s = 0) OR (%s = 2)) AND (%s < 200)',
+            ' AND (%s = 0) AND ((%s = 0) OR (%s = 2)) AND (%s <> 255)',
             $connection->quoteIdentifier('pages.deleted'),
             $connection->quoteIdentifier('pages.t3ver_wsid'),
             $connection->quoteIdentifier('pages.t3ver_wsid'),
@@ -361,7 +361,7 @@ public function initSetsEnableFieldsCorrectlyForLive(): void
 
         $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable('pages');
         $expectedSQL = sprintf(
-            ' AND ((%s = 0) AND (%s <= 0) AND (%s <> -1) AND (%s = 0) AND (%s <= 1451779200) AND ((%s = 0) OR (%s > 1451779200))) AND (%s < 200)',
+            ' AND ((%s = 0) AND (%s <= 0) AND (%s <> -1) AND (%s = 0) AND (%s <= 1451779200) AND ((%s = 0) OR (%s > 1451779200))) AND (%s <> 255)',
             $connection->quoteIdentifier('pages.deleted'),
             $connection->quoteIdentifier('pages.t3ver_state'),
             $connection->quoteIdentifier('pages.pid'),

typo3/sysext/frontend/Classes/ContentObject/Menu/AbstractMenuContentObject.php

@@ -61,7 +61,7 @@ abstract class AbstractMenuContentObject
      *
      * @var int[]
      */
-    protected $excludedDoktypes = [PageRepository::DOKTYPE_BE_USER_SECTION];
+    protected $excludedDoktypes = [PageRepository::DOKTYPE_BE_USER_SECTION, PageRepository::DOKTYPE_SYSFOLDER];
 
     /**
      * @var int[]
@@ -501,6 +501,7 @@ protected function prepareMenuItems()
         if (isset($this->mconf['additionalWhere.'])) {
             $additionalWhere = $this->parent_cObj->stdWrap($additionalWhere, $this->mconf['additionalWhere.']);
         }
+        $additionalWhere .= $this->getDoktypeExcludeWhere();
 
         // ... only for the FIRST level of a HMENU
         if ($this->menuNumber == 1 && $this->conf['special']) {

typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

@@ -1380,8 +1380,8 @@ protected function getPageAndRootline()
                 }
             }
         }
-        // Spacer is not accessible in frontend
-        if ($this->page['doktype'] == PageRepository::DOKTYPE_SPACER) {
+        // Spacer and sysfolders is not accessible in frontend
+        if ($this->page['doktype'] == PageRepository::DOKTYPE_SPACER || $this->page['dokype'] == PageRepository::DOKTYPE_SYSFOLDER) {
             $message = 'The requested page does not exist!';
             $this->logger->error($message);
             try {