View Issue Details

IDProjectCategoryView StatusLast Update
0005621OXID eShop (all versions)2. ----- eShop backend (admin) -----public2015-12-01 10:58
Status acknowledgedResolutionopen 
Product Version4.8.1 / 5.1.1 
Target VersionFixed in Version 
Summary0005621: malformed script breaks session in admin (only FireFox + EE)
DescriptionSome admin templates include bottomitem.tpl like this:
  [{include file="bottomitem.tpl"}]
and this bottomitem contains this line:
  [{ oxscript }]

Now the problem:
Latest changes to core/smarty/plugins/function.oxscript.php (EE only) force the shop to include the oxwidgetshandler.js, which fails in admin template. So please change line 103 and include isAdmin in the if condition or change _oxscript_include (line 154) adding ' && $sSrc !== ""' to the if condition. This (both fixes) avoid oxid to write the following line to the html sourcecode which leads to this error:
<script type="text/javascript" src=""></script>

This line breaks the session (Firefox only)
Steps To Reproduce1) Login to a enterprise demoshop admin with Firefox and varnish activated (RP->isActive)
2) Go to Artikel -> Artikel verwalten
3) Choose random article from list
4) switch to another tab
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined



2014-01-31 13:54

reporter   ~0009458

Reminder sent to: mark


Thanks a lot for submitting this issue, but unfortunately we can not reproduce this issue. Step how we try reproduce:

1) Login to a enterprise admin with Firefox (version 26.0) and varnish activated (RP->isActive)
2) Then we go to Administer Products->Products
3) Choose product 1402
4) Go to "Extended" tab
And we see that everything work as expected, we does not see that session is breaks.

So please explain more detailed how need to reproduced this issue? Maybe we missed something...

Best regards


2014-01-31 14:13

reporter   ~0009460


Anyhow - can you see <script type="text/javascript" src=""></script> in the source of the iframe?

best regards,


2014-02-05 14:48

reporter   ~0009473

Last edited: 2014-02-05 14:51

View 2 revisions


the case here is that varnish configuration supplied by us should pass through admin requests and RP->isActive() here would then return false, so as long as admin requests is not going through varnish, this problem should not appear.


2014-07-29 17:50

reporter   ~0010045

We added this tweak:

    if (isAdmin())

in config bootstrap process to allow using some varnish functions in admin (like checking if its available or purging after changing sth in admin