Invalid sf_culture values are processed by the view layer cache
|Target version:||Release 2.4.0|
|Google Code Legacy ID:||Tested version:|
User discussion thread: https://groups.google.com/forum/#!topic/ica-atom-users/rBKIkQ1QZ7o
#6 Updated by Steve Breker about 3 years ago
An issue was reported where if urls were constructed with bad sf_culture
values and bad sf_cache_config values, cache files with the same
names/paths would be created in the partials cache directory structure.
This was happening because the sf_culture value was merely checked to
see if it was not null, and if so, it was assigned to the session culture
value. Once this happens, this sf_culture value gets used as sf_cache_key for
partial views. A cache file will not be found named with the garbage value and
so the view cache manager will create a new corresponding cache file.
I have added code to filter bad sf_culture values. I have changed the
check in sfUser.class.php to instead verify that it is a valid
sf_culture, and if not, fall back to:
- use the culture defined in the user session
- use the default culture set in settings.yml
This prevents 500 errors and prevents the ability to inject paths and
files into the cache directory.
#8 Updated by Steve Breker about 3 years ago
To replicate the bug, url must be formed such that sf_cache_config and sf_culture are both included.
sf_cache_config must be set to a junk value
sf_culture must be set to a non valid language code
If both cases are true, files named identically to the lang code will be created in the cache dir.
The above will create a cache file called steve in the cache folder.