Bug #10673
Invalid sf_culture values are processed by the view layer cache
| Status: | Verified | Start date: | 12/12/2016 | |
|---|---|---|---|---|
| Priority: | Medium | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | I18N | |||
| Target version: | Release 2.4.0 | |||
| Google Code Legacy ID: | Tested version: | |||
| Sponsored: | No | Requires documentation: |
Description
User discussion thread: https://groups.google.com/forum/#!topic/ica-atom-users/rBKIkQ1QZ7o
History
#1 Updated by Dan Gillean about 3 years ago
- Priority changed from High to Medium
- Target version deleted (
Release 2.4.0)
#2 Updated by Nick Wilkinson about 3 years ago
- Assignee set to Mike Gale
#3 Updated by Nick Wilkinson about 3 years ago
- Assignee changed from Mike Gale to José Raddaoui Marín
Hi Radda, re-assigning to you to balance out workloads.
#4 Updated by Nick Wilkinson about 3 years ago
- Target version set to Release 2.4.0
#5 Updated by Nick Wilkinson about 3 years ago
- Assignee changed from José Raddaoui Marín to Steve Breker
Hi Steve, re-assigning this to balance out workloads.
#6 Updated by Steve Breker about 3 years ago
An issue was reported where if urls were constructed with bad sf_culture
values and bad sf_cache_config values, cache files with the same
names/paths would be created in the partials cache directory structure.
This was happening because the sf_culture value was merely checked to
see if it was not null, and if so, it was assigned to the session culture
value. Once this happens, this sf_culture value gets used as sf_cache_key for
partial views. A cache file will not be found named with the garbage value and
so the view cache manager will create a new corresponding cache file.
I have added code to filter bad sf_culture values. I have changed the
check in sfUser.class.php to instead verify that it is a valid
sf_culture, and if not, fall back to:
- use the culture defined in the user session
- use the default culture set in settings.yml
This prevents 500 errors and prevents the ability to inject paths and
files into the cache directory.
#7 Updated by Steve Breker about 3 years ago
- Status changed from New to Code Review
- Assignee changed from Steve Breker to Nick Wilkinson
Ready for CR.
#8 Updated by Steve Breker about 3 years ago
To replicate the bug, url must be formed such that sf_cache_config and sf_culture are both included.
sf_cache_config must be set to a junk value
sf_culture must be set to a non valid language code
If both cases are true, files named identically to the lang code will be created in the cache dir.
e.g. 10.10.10.10?sf_cache_config=test&sf_culture=steve
The above will create a cache file called steve in the cache folder.
#9 Updated by Nick Wilkinson about 3 years ago
- Assignee changed from Nick Wilkinson to José Raddaoui Marín
#10 Updated by Steve Breker about 3 years ago
- Status changed from Code Review to In progress
- Assignee changed from José Raddaoui Marín to Steve Breker
#11 Updated by Steve Breker about 3 years ago
- Status changed from In progress to QA/Review
- Assignee changed from Steve Breker to Nick Wilkinson
MikeG code reviewed and gave it the thumbs up.
Merged to qa/2.4.x
Ready for QA.
Note that this issue affects stable/2.3.x and stable/2.2.x as well.
#12 Updated by Nick Wilkinson about 3 years ago
- Assignee changed from Nick Wilkinson to Dan Gillean
#13 Updated by Dan Gillean about 3 years ago
- Assignee deleted (
Dan Gillean)
#14 Updated by Dan Gillean about 3 years ago
- Status changed from QA/Review to Verified