[BUGFIX] CacheHashCalculator does not exclude ADMCMD arguments 65/51265/3
authorOliver Hader <oliver@typo3.org>
Wed, 11 Jan 2017 14:17:12 +0000 (15:17 +0100)
committerBenni Mack <benni@typo3.org>
Wed, 11 Jan 2017 16:35:32 +0000 (17:35 +0100)
ADMCMD arguments are not filtered when calculating the cache-hash
which results in a page not found error. The behavior can be
triggered by creating and opening a preview link in the workspace
module which implicitly sets ADMCMD_previewWS during runtime.

Resolves: #79275
Releases: master, 7.6, 6.2
Change-Id: I339c2787e7de1adf47bb1322c91e0a78c476f790
Reviewed-on: https://review.typo3.org/51265
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/frontend/Classes/Page/CacheHashCalculator.php

index 61dde47..c139ad8 100644 (file)
@@ -169,15 +169,17 @@ class CacheHashCalculator implements SingletonInterface
     }
 
     /**
-     * Checks whether the given parameter starts with TSFE_ADMIN_PANEL
-     * stripos check added to avoid bad performance
+     * Checks whether the given parameter is out of a known data-set starting
+     * with ADMCMD or starts with TSFE_ADMIN_PANEL.
      *
      * @param string $key
      * @return bool
      */
     protected function isAdminPanelParameter($key)
     {
-        return stripos($key, 'TSFE_ADMIN_PANEL') !== false && preg_match('/TSFE_ADMIN_PANEL\\[.*?\\]/', $key);
+        return $key === 'ADMCMD_noBeUser' || $key === 'ADMCMD_view' || $key === 'ADMCMD_editIcons'
+            || $key === 'ADMCMD_simUser' || $key === 'ADMCMD_simTime' || $key === 'ADMCMD_previewWS'
+            || stripos($key, 'TSFE_ADMIN_PANEL') !== false && preg_match('/TSFE_ADMIN_PANEL\\[.*?\\]/', $key);
     }
 
     /**