Page MenuHomeIn-Portal Phabricator
Differential D519

INP-1908 - Discard template parser opened output buffers before doing a redirect
Needs ReviewPublic
Actions

Authored by alex on Tue, Apr 15, 11:07 AM.

Details

Reviewers
erik
Test Plan

Part 1 - redirect using DBG_REDIRECT

  • in IDE:
    1. enable the DBG_REDIRECT flag inside the /system/debug.php file
  • in Admin Console:
    1. go to the login screen
    2. type your credentials
    3. login
    4. confirm, that the Debug output above !!! text is shown instead of the Admin Console
    5. confirm, that View Source of that page won't contain anything except that text (and related markup) and Debugger-related HTML/JS
  • in IDE:
    1. disable the DBG_REDIRECT flag inside the /system/debug.php file
  • in Admin Console:
    1. click on the shown link to procced with the redirect
    2. confirm, that you're seeing an Admin Console
    3. logout

Part 2 - redirect using JavaScript

  • in IDE:
    1. open the core/units/users/users_event_handler.php file for editing
    2. add this code at the beginning of the OnLogin event code:
$buffer_count = 0;
while ( ob_get_level() ) {
    ob_end_clean();
    $buffer_count++;
}

echo 'some output';

while ( $buffer_count ) {
    ob_start();
    $buffer_count--;
}
    1. save changes
  • in Admin Console:
    1. go to the login screen
    2. type your credentials
    3. login
    4. confirm, that you're seeing an Admin Console
  • in IDE:
    1. rollback changes made to the core/units/users/users_event_handler.php file

Part 3 - redirect using #redirect# text

  • in Admin Console:
    1. login
    2. go to the Website & ContentLabels & Phrases section
    3. open URL from the main frame in the new tab (and switch to that tab)
    4. add the &ajax=yes to the current page URL
  • in the Database:
    1. clear contents of the UserSessions table
    2. clear contents of the UserSessionData table
  • in Admin Console:
    1. reload the page
    2. do the View Source on the page
    3. confirm, that page content only contains 1 line of text in #redirect#url_here&expired=1 format
    4. replace the tab URL with the provided URL (text after #redirect#)

Part 4 - redirect using Location HTTP header

  • in Admin Console:
    1. login
    2. go to the Website & ContentLabels & Phrases section
    3. open URL from the main frame in the new tab (and switch to that tab)
  • in the Database:
    1. clear contents of the UserSessions table
    2. clear contents of the UserSessionData table
  • in Admin Console:
    1. reload the page
    2. confirm, that you're redirect to the login page

Diff Detail

Repository
rINP In-Portal
Branch
/in-portal/branches/5.2.x
Lint
Lint ErrorsExcuse: Not fixing.
SeverityLocationCodeMessage
Errorcore/kernel/application.php:1954PHPCS.E.Generic.Files.LineLength.MaxExceededGeneric.Files.LineLength.MaxExceeded
Unit
No Unit Test Coverage
Build Status
Buildable 11082
Build 3782: arc lint + arc unit

Event Timeline

alex created this revision.Tue, Apr 15, 11:07 AM
alex requested review of this revision.Tue, Apr 15, 11:07 AM
alex edited the test plan for this revision. (Show Details)Tue, Apr 15, 11:14 AM

Revision Contents
Changeset List

DiffIDBaseDescriptionCreatedLintUnit
BaseBase
Diff 1133616824Tue, Apr 15, 11:07 AM

Diff 1336

View Options

core/kernel/application.php

Loading...
In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server