[BUGFIX] CacheHashCalculator does not exclude ADMCMD arguments 69/51269/2
authorOliver Hader <oliver@typo3.org>
Wed, 11 Jan 2017 14:17:12 +0000 (15:17 +0100)
committerBenni Mack <benni@typo3.org>
Wed, 11 Jan 2017 17:11:54 +0000 (18:11 +0100)
ADMCMD arguments are not filtered when calculating the cache-hash
which results in a page not found error. The behavior can be
triggered by creating and opening a preview link in the workspace
module which implicitly sets ADMCMD_previewWS during runtime.

Resolves: #79275
Releases: master, 7.6, 6.2
Change-Id: I339c2787e7de1adf47bb1322c91e0a78c476f790
Reviewed-on: https://review.typo3.org/51269
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/frontend/Classes/Page/CacheHashCalculator.php

index 6687b81..f99b3f0 100644 (file)
@@ -164,15 +164,17 @@ class CacheHashCalculator implements \TYPO3\CMS\Core\SingletonInterface
     }
 
     /**
-     * Checks whether the given parameter starts with TSFE_ADMIN_PANEL
-     * stristr check added to avoid bad performance
+     * Checks whether the given parameter is out of a known data-set starting
+     * with ADMCMD or starts with TSFE_ADMIN_PANEL.
      *
      * @param string $key
      * @return bool
      */
     protected function isAdminPanelParameter($key)
     {
-        return stristr($key, 'TSFE_ADMIN_PANEL') !== false && preg_match('/TSFE_ADMIN_PANEL\\[.*?\\]/', $key);
+        return $key === 'ADMCMD_noBeUser' || $key === 'ADMCMD_view' || $key === 'ADMCMD_editIcons'
+            || $key === 'ADMCMD_simUser' || $key === 'ADMCMD_simTime' || $key === 'ADMCMD_previewWS'
+            || stripos($key, 'TSFE_ADMIN_PANEL') !== false && preg_match('/TSFE_ADMIN_PANEL\\[.*?\\]/', $key);
     }
 
     /**