View Issue Details

Jump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0005621OXID eShop (all versions)2. ----- eShop backend (admin) -----public2014-01-24 14:172023-11-24 09:19
Reportermark Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version4.8.1 / 5.1.1 
Summary0005621: malformed script breaks session in admin (only FireFox + EE)
DescriptionSome admin templates include bottomitem.tpl like this:
  [{include file="bottomitem.tpl"}]
and this bottomitem contains this line:
  [{ oxscript }]

Now the problem:
Latest changes to core/smarty/plugins/function.oxscript.php (EE only) force the shop to include the oxwidgetshandler.js, which fails in admin template. So please change line 103 and include isAdmin in the if condition or change _oxscript_include (line 154) adding ' && $sSrc !== ""' to the if condition. This (both fixes) avoid oxid to write the following line to the html sourcecode which leads to this error:
<script type="text/javascript" src=""></script>

This line breaks the session (Firefox only)
Steps To Reproduce1) Login to a enterprise demoshop admin with Firefox and varnish activated (RP->isActive)
2) Go to Artikel -> Artikel verwalten
3) Choose random article from list
4) switch to another tab
TagsVarnish
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Activities

jurate.baseviciene

2014-01-31 13:54

reporter   ~0009458

Reminder sent to: mark

Hi,

Thanks a lot for submitting this issue, but unfortunately we can not reproduce this issue. Step how we try reproduce:

1) Login to a enterprise admin with Firefox (version 26.0) and varnish activated (RP->isActive)
2) Then we go to Administer Products->Products
3) Choose product 1402
4) Go to "Extended" tab
And we see that everything work as expected, we does not see that session is breaks.

So please explain more detailed how need to reproduced this issue? Maybe we missed something...

Best regards

mark

2014-01-31 14:13

reporter   ~0009460

Hi!

Anyhow - can you see <script type="text/javascript" src=""></script> in the source of the iframe?

best regards,
Mark

aurimas.gladutis

2014-02-05 14:48

reporter   ~0009473

Last edited: 2014-02-05 14:51

 Hi,

the case here is that varnish configuration supplied by us should pass through admin requests and RP->isActive() here would then return false, so as long as admin requests is not going through varnish, this problem should not appear.

mark

2014-07-29 17:50

reporter   ~0010045

We added this tweak:

    if (isAdmin())
    {
        $_SERVER["HTTP_SURROGATE_CAPABILITY"] = 'varnish=ESI';
    }

in config bootstrap process to allow using some varnish functions in admin (like checking if its available or purging after changing sth in admin