Page MenuHomeIn-Portal Phabricator
Differential D519

INP-1908 - Discard template parser opened output buffers before doing a redirect
ClosedPublic
Actions

Authored by alex on Apr 15 2025, 11:07 AM.

Details

Reviewers
erik
Commits
rINP16846: Fixes INP-1908 - Discard template parser opened output buffers before doing a…
Test Plan

Part 1 - redirect using DBG_REDIRECT

  • in IDE:
    1. enable the DBG_REDIRECT flag inside the /system/debug.php file
  • in Admin Console:
    1. go to the login screen
    2. type your credentials
    3. login
    4. confirm, that the Debug output above !!! text is shown instead of the Admin Console
    5. confirm, that View Source of that page won't contain anything except that text (and related markup) and Debugger-related HTML/JS
  • in IDE:
    1. disable the DBG_REDIRECT flag inside the /system/debug.php file
  • in Admin Console:
    1. click on the shown link to procced with the redirect
    2. confirm, that you're seeing an Admin Console
    3. logout

Part 2 - redirect using JavaScript (updated)

  • in IDE:
    1. open the core/kernel/db/db_event_handler.php file for editing
    2. add this code at the beginning of the OnEdit event code:
$buffer_count = 0;
while ( ob_get_level() ) {
    ob_end_clean();
    $buffer_count++;
}

echo 'some output';

while ( $buffer_count ) {
    ob_start();
    $buffer_count--;
}
    1. save changes
  • in Admin Console:
    1. login
    2. go to the Website & ContentLanguages & Phrases section
    3. open any phrase for editing
    4. confirm, that you're seeing a chosen phrase editing page
  • in IDE:
    1. rollback changes made to the core/kernel/db/db_event_handler.php file

Part 3 - redirect using #redirect# text

  • in Admin Console:
    1. login
    2. go to the Website & ContentLabels & Phrases section
    3. open URL from the main frame in the new tab (and switch to that tab)
    4. add the &ajax=yes to the current page URL
  • in the Database:
    1. clear contents of the UserSessions table
    2. clear contents of the UserSessionData table
  • in Admin Console:
    1. reload the page
    2. do the View Source on the page
    3. confirm, that page content only contains 1 line of text in #redirect#url_here&expired=1 format
    4. replace the tab URL with the provided URL (text after #redirect#)
    5. (added) confirm, that you'll see an Admin Login Screen with the Session Expired error on it

Part 4 - redirect using Location HTTP header

  • in Admin Console:
    1. login
    2. go to the Website & ContentLabels & Phrases section
    3. open URL from the main frame in the new tab (and switch to that tab)
  • in the Database:
    1. clear contents of the UserSessions table
    2. clear contents of the UserSessionData table
  • in Admin Console:
    1. reload the page
    2. confirm, that you're redirect to the login page

Diff Detail

Repository
rINP In-Portal
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

alex created this revision.Apr 15 2025, 11:07 AM
alex requested review of this revision.Apr 15 2025, 11:07 AM
alex edited the test plan for this revision. (Show Details)Apr 15 2025, 11:14 AM
erik requested changes to this revision.Apr 16 2025, 5:29 AM

Part 2 - "confirm, that you're seeing an Admin Console" - no, adding test code to OnLogin prevents from login to the adm.console.
Part 3 - "replace the tab URL with the provided URL (text after #redirect#)" - seems, missing some action and/or confirmation after this step ot the test plan

This revision now requires changes to proceed.Apr 16 2025, 5:29 AM
alex requested review of this revision.Apr 29 2025, 7:42 AM
alex edited the test plan for this revision. (Show Details)
In D519#10607, @erik wrote:

Part 2 - "confirm, that you're seeing an Admin Console" - no, adding test code to OnLogin prevents from login to the adm.console.

Fixed Part 2 ... test.

Part 3 - "replace the tab URL with the provided URL (text after #redirect#)" - seems, missing some action and/or confirmation after this step ot the test plan

Added missing confirm, that ... line.

Please retest.

erik accepted this revision.Apr 29 2025, 8:00 AM
This revision is now accepted and ready to land.Apr 29 2025, 8:00 AM
This revision was landed with ongoing or failed builds.Aug 31 2025, 11:45 AM
Closed by commit rINP16846: Fixes INP-1908 - Discard template parser opened output buffers before doing a… (authored by alex, committed by ). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

DiffIDBaseDescriptionCreatedLintUnit
BaseBase
Diff 1133616824Apr 15 2025, 11:07 AM
Diff 2138116845rINP16846Aug 31 2025, 11:45 AM

Diff 1381

View Options

branches/5.2.x/core/kernel/application.php

Loading...
In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server