View Issue Details

IDProjectCategoryView StatusLast Update
0006263OXID eShop (all versions)4.08. Cachepublic2015-11-20 09:58
Status acknowledgedResolutionopen 
Product Version4.9.4 / 5.2.4 
Target VersionFixed in Version 
Summary0006263: Dependency invalidation fails with URLs containing regular expression characters
DescriptionWhen using eg. category urls like http://shop.tld/Special+Langingpage/ OXID EE fails to invalidate these urls in the executeDependencyEvent().
The reason for this is that escaping of seo urls is missing in the core class oxReverseProxyUrlGenerator which instructs varnish to treat the special character '+' as a regular expression character and therefore fails to identify the correct object in cache.
Steps To Reproduce1) change the SEO IDs separator to '+'
2) add a category with title 'Special/Landingpage'
3) Load this category in the shop frontend two times to warm up the cache for this object, verify the HIT in the second request.
4) Trigger a save action in the oxid backend for this category
5) Reload the category in the shop frontend and verify via varnish headers, that the request will be a HIT instead of the expected MISS.
Additional InformationIn the vcl subroutine oxInvalidateRecv the ban call is initiated with the tilde operator in order to treat the suffix '.*' as a wildcard

The ban arguments are resolved like this:

varnishd[15744]: obj.http.x-url ~ /Special+Landingpage/.*
varnishd[15744]: obj.http.x-host ~ .*

As you can see, the plus character is not escaped and therefore treated as "match one or more times".

The correct way would be:

varnishd[15744]: obj.http.x-url ~ /Special\+Landingpage/.*
varnishd[15744]: obj.http.x-host ~ .*

Suggested and tested fix:
In the class oxReverseProxyUrlGenerator the oxseo table is used three times. Don't use CONCAT but select the oxseourl only. Escape every oxseourl with preg_quote() concatenate the leading slash and the ending wildcard before merging with $this->_aUrlPool.
TagsCache, Varnish
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined


related to 0006267 acknowledgedflorian.auer Varnish vcl evalutates regex url expressions case sensitive while invalidation requests 


There are no notes attached to this issue.