View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006263 | OXID eShop (all versions) | 4.08. Cache | public | 2015-11-14 13:17 | 2015-11-20 09:58 |
| Reporter | Adrian.Kirchner | Assigned To | |||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | acknowledged | Resolution | open | ||
| Product Version | 4.9.4 / 5.2.4 | ||||
| Summary | 0006263: Dependency invalidation fails with URLs containing regular expression characters | ||||
| Description | When using eg. category urls like http://shop.tld/Special+Langingpage/ OXID EE fails to invalidate these urls in the executeDependencyEvent(). The reason for this is that escaping of seo urls is missing in the core class oxReverseProxyUrlGenerator which instructs varnish to treat the special character '+' as a regular expression character and therefore fails to identify the correct object in cache. | ||||
| Steps To Reproduce | 1) change the SEO IDs separator to '+' 2) add a category with title 'Special/Landingpage' 3) Load this category in the shop frontend two times to warm up the cache for this object, verify the HIT in the second request. 4) Trigger a save action in the oxid backend for this category 5) Reload the category in the shop frontend and verify via varnish headers, that the request will be a HIT instead of the expected MISS. | ||||
| Additional Information | In the vcl subroutine oxInvalidateRecv the ban call is initiated with the tilde operator in order to treat the suffix '.*' as a wildcard The ban arguments are resolved like this: varnishd[15744]: obj.http.x-url ~ /Special+Landingpage/.* varnishd[15744]: obj.http.x-host ~ .* As you can see, the plus character is not escaped and therefore treated as "match one or more times". The correct way would be: varnishd[15744]: obj.http.x-url ~ /Special\+Landingpage/.* varnishd[15744]: obj.http.x-host ~ .* Suggested and tested fix: In the class oxReverseProxyUrlGenerator the oxseo table is used three times. Don't use CONCAT but select the oxseourl only. Escape every oxseourl with preg_quote() concatenate the leading slash and the ending wildcard before merging with $this->_aUrlPool. | ||||
| Tags | Cache, Varnish | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
