Page MenuHomeIn-Portal Phabricator

INP-1908 - Discard template parser opened output buffers before doing a redirect
AcceptedPublic

Authored by alex on Tue, Apr 15, 11:07 AM.

Details

Reviewers
erik
Test Plan

Part 1 - redirect using DBG_REDIRECT

  • in IDE:
    1. enable the DBG_REDIRECT flag inside the /system/debug.php file
  • in Admin Console:
    1. go to the login screen
    2. type your credentials
    3. login
    4. confirm, that the Debug output above !!! text is shown instead of the Admin Console
    5. confirm, that View Source of that page won't contain anything except that text (and related markup) and Debugger-related HTML/JS
  • in IDE:
    1. disable the DBG_REDIRECT flag inside the /system/debug.php file
  • in Admin Console:
    1. click on the shown link to procced with the redirect
    2. confirm, that you're seeing an Admin Console
    3. logout

Part 2 - redirect using JavaScript (updated)

  • in IDE:
    1. open the core/kernel/db/db_event_handler.php file for editing
    2. add this code at the beginning of the OnEdit event code:
$buffer_count = 0;
while ( ob_get_level() ) {
    ob_end_clean();
    $buffer_count++;
}

echo 'some output';

while ( $buffer_count ) {
    ob_start();
    $buffer_count--;
}
    1. save changes
  • in Admin Console:
    1. login
    2. go to the Website & ContentLanguages & Phrases section
    3. open any phrase for editing
    4. confirm, that you're seeing a chosen phrase editing page
  • in IDE:
    1. rollback changes made to the core/kernel/db/db_event_handler.php file

Part 3 - redirect using #redirect# text

  • in Admin Console:
    1. login
    2. go to the Website & ContentLabels & Phrases section
    3. open URL from the main frame in the new tab (and switch to that tab)
    4. add the &ajax=yes to the current page URL
  • in the Database:
    1. clear contents of the UserSessions table
    2. clear contents of the UserSessionData table
  • in Admin Console:
    1. reload the page
    2. do the View Source on the page
    3. confirm, that page content only contains 1 line of text in #redirect#url_here&expired=1 format
    4. replace the tab URL with the provided URL (text after #redirect#)
    5. (added) confirm, that you'll see an Admin Login Screen with the Session Expired error on it

Part 4 - redirect using Location HTTP header

  • in Admin Console:
    1. login
    2. go to the Website & ContentLabels & Phrases section
    3. open URL from the main frame in the new tab (and switch to that tab)
  • in the Database:
    1. clear contents of the UserSessions table
    2. clear contents of the UserSessionData table
  • in Admin Console:
    1. reload the page
    2. confirm, that you're redirect to the login page

Diff Detail

Repository
rINP In-Portal
Branch
/in-portal/branches/5.2.x
Lint
Lint ErrorsExcuse: Not fixing.
SeverityLocationCodeMessage
Errorcore/kernel/application.php:1954PHPCS.E.Generic.Files.LineLength.MaxExceededGeneric.Files.LineLength.MaxExceeded
Unit
No Unit Test Coverage
Build Status
Buildable 11082
Build 3782: arc lint + arc unit

Event Timeline

alex created this revision.Tue, Apr 15, 11:07 AM
alex requested review of this revision.Tue, Apr 15, 11:07 AM
alex edited the test plan for this revision. (Show Details)Tue, Apr 15, 11:14 AM
erik requested changes to this revision.Wed, Apr 16, 5:29 AM

Part 2 - "confirm, that you're seeing an Admin Console" - no, adding test code to OnLogin prevents from login to the adm.console.
Part 3 - "replace the tab URL with the provided URL (text after #redirect#)" - seems, missing some action and/or confirmation after this step ot the test plan

This revision now requires changes to proceed.Wed, Apr 16, 5:29 AM
alex requested review of this revision.Tue, Apr 29, 7:42 AM
alex edited the test plan for this revision. (Show Details)
In D519#10607, @erik wrote:

Part 2 - "confirm, that you're seeing an Admin Console" - no, adding test code to OnLogin prevents from login to the adm.console.

Fixed Part 2 ... test.

Part 3 - "replace the tab URL with the provided URL (text after #redirect#)" - seems, missing some action and/or confirmation after this step ot the test plan

Added missing confirm, that ... line.

Please retest.

erik accepted this revision.Tue, Apr 29, 8:00 AM
This revision is now accepted and ready to land.Tue, Apr 29, 8:00 AM