URL to article stays valid when unpublished or protected

[fritzmg]

Problem

If you unpublish an article, its URL, i.e. /page/articles/article.html stays valid and simply shows an empty page - but with the title of the (unpublished) article and either description (teaser) of the article or, when not available, the description of the page of the article. Contao will only show a 404 page, if you delete the article completely.

Reproduction

1. create a new article on any page
2. fill in the article title and also an article teaser
3. activate the Show teaser option
4. publish the article and save
5. go to the page in the frontend an copy the URL to the detail page of the article
6. unpublish the article
7. open the URL to the detail page of the article in the frontend again

Shortcut:

1. create a new article on any page
2. fill in the article title (and optionally the article alias)
3. save the article (do not publish the article)
4. open the following URL in the frontend: /page-alias/articles/article-alias.html

You'll see an empty page with the title of the unpublished article and, when available, the teaser of the article in the meta description (or the page's meta description otherwise).

Expected behaviour

• unpublished articles should generate a 404 page when accessed
• protected articles should generate a 403 page when accessed without access rights

[zonky2]

siehe https://community.contao.org/de/showthread.php?61668-SEO-Frage-Artikel-ist-ausgeblendet-und-daher-wird-doppelte-Metatags-angekrreidet

[fritzmg]

Possible fix or workaround: replace https://github.com/contao/core/blob/3.5.8/system/modules/core/modules/ModuleArticle.php#L61 with

$objHandler = new $GLOBALS['TL_PTY']['error_404']();
$objHandler->generate($this->alias);

[zonky2]

o.k. - going well!

    public function generate($blnNoMarkup=false)
    {
        if (TL_MODE == 'FE' && !BE_USER_LOGGED_IN && (!$this->published || ($this->start != '' && $this->start > time()) || ($this->stop != '' && $this->stop < time())))
        {
-           return '';
+           $objHandler = new $GLOBALS['TL_PTY']['error_404']();
+           $objHandler->generate($this->alias);
        }

        $this->type = 'article';
        $this->blnNoMarkup = $blnNoMarkup;

        return parent::generate();
    }

[fritzmg]

The URL to protected articles stays valid too. The aforementioned workaround/fix has no effect in such a case.

I was wrong about seeing the title and teaser of the unpublished or protected article though - no information about the unpublished or protected article is visible in the frontend, when accessed via its URL. (At least I couldn't reproduce that now.)

[leofeyer]

Fixed in d9ef512.

[zonky2]

Thanks!