Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix _forward secret key matching expects standard router matching #40

Closed
wants to merge 1 commit into from
Closed

Fix _forward secret key matching expects standard router matching #40

wants to merge 1 commit into from

Commits on Jul 10, 2012

  1. _forward secret key matching expects the standard router

    Background:
    When you are in admin and using secret keys, the key in the request
    has to match up with the controller + action + salt. If not you are
    bounced to the dashboard. When you call _forward to get sent to a new
    URL, the new dispatch loop call checks the secret key a second time.
    The 'problem' at this stage is the secret key doesn't match up with
    the controller and/or action portion. The 'fix' that currently is in
    place is to grab the the original PATH_INFO from the request, split
     that on '/', grab indexes 1 and 2, and use those as the
    controller and action.
    Keep in mind, this only happens if the controller and/or action are
    not passed directly to the getSecretKey call. Additionally, if
    either of these is empty then it has a second try of getting the
    controller or action name stored in the request object directly.
    
    Ok, that's the background. Here's the 'bug':
    If you have code in place that handles routing differently than the
    standard routers, the getSecretKey method erroneously making
    assumptions about the translation of a PATH_INFO string into a
    module/controller/action array. And, as luck would have it, the
    request object has a MUCH better method of working around the issue.
    The is a getBeforeForwardInfo method that can give the original
    request module/controller/action that was made. That info would
    correspond to what getSecretKey expects.
    
    This patch was also submitted as MCACE-144 to the Magento 1.6.2.0
    MCA-CE contributor repository in Mage_Adminhtml_Model_Url.
    
    Thanks to Lee Saferite for this one.
    Vinai committed Jul 10, 2012
    Configuration menu
    Copy the full SHA
    d5c9b61 View commit details
    Browse the repository at this point in the history