Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent special characters finding their way into layout handle due to SKU being used #874

Merged

Conversation

Marko-M
Copy link
Contributor

@Marko-M Marko-M commented Dec 26, 2014

Prevent special characters finding their way into layout handle due to SKU being used.

This avoids page cache issue when Varnish tries to retrieve ESI with invalid URL on
product page.

…o SKU being used.

This avoids page cache issue when Varnish tries to retrieve ESI with invalid URL on
product page.
@Marko-M
Copy link
Contributor Author

Marko-M commented Dec 26, 2014

@maksek Resubmitted as new PR on top of 0.42.0-beta1, develop branch as instructed.

@maksek
Copy link
Contributor

maksek commented Dec 29, 2014

Thanks @Marko-M. Can you provide also some use-cases, to validate the changes.

@maksek maksek self-assigned this Dec 29, 2014
@maksek maksek added the MX label Dec 29, 2014
@Marko-M Marko-M changed the title Prevent special characters finding their way into layout handle due to S... Prevent special characters finding their way into layout handle due to SKU being used Dec 29, 2014
@Marko-M
Copy link
Contributor Author

Marko-M commented Dec 29, 2014

While composing use-cases necessary to validate this pull request, I noticed that this issue has already been patched in Alpha 108, but in a different place in Magento 2 source code when compared to what's contained in this pull request. Since I prefer approach implemented by this pull request over approach used in Alpha 108, I have modified this branch to revert fix from Alpha 108 version, and will outline reasons.

Original issue was that if product has SKU containing special characters, these characters end up inside ESI URL when Varnish is used for page cache. This is because ESI src URL has layout handles as parameter, and one of the layout handles is derived directly from product SKU. Result of this issue was that catalog top nav block outputs "400 Bad Request" instead of block content due to Varnish responding to malformed URL with error.

Alpha 108+ code fixes this issue by urlencoding layout handles just before composing ESI src URL as shown here:

https://github.com/magento/magento2/blob/master/app/code/Magento/PageCache/Model/Observer/ProcessLayoutRenderElement.php#L40

In my opinion this is inferior approach because issue at hand isn't only that ESI src URL is malformed, it's that one of the programmatically added layout handles contain special characters and it shouldn't. Therefore this pull request urlencodes affected layout handles before adding them to layout, what consequently fixes page cache ESI issue. I consider this to be better approach because layout handle with special characters inside doesn't fit inside current Magento 2 environment since regular layout handles are derived from class names, and these can not have special characters inside. Additionally, if one would like to hook into such malformed layout handle, it isn't possible to create layout xml with all special characters on all file storage systems (ie. if someone uses / inside product SKU). Therefore we shouldn't allow special characters inside layout handles framework-wide, not only inside page cache module code and we should document that in such case, handle will be hook-able using its urlencoded equivalent

@maksek maksek added Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development and removed Progress: needs update labels Dec 29, 2014
@verklov
Copy link
Contributor

verklov commented Jan 5, 2015

MAGETWO-32349

@kokoc
Copy link
Member

kokoc commented Jan 6, 2015

✅ Review: passed
✅ Builds: green
✅ Resolution: ready to merge

@kokoc
Copy link
Member

kokoc commented Jan 6, 2015

Documentation has to be updated

@maksek maksek removed the Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development label Jan 6, 2015
maksek pushed a commit that referenced this pull request Jan 6, 2015
…hars

Prevent special characters finding their way into layout handle due to SKU being used (MAGETWO-32349)
@maksek maksek merged commit c913c94 into magento:develop Jan 6, 2015
mmansoor-magento pushed a commit that referenced this pull request Feb 24, 2017
[Cloud] MAGETWO-51176 ST compiler supplies ObjectManagerInterface to direct third party dependencies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants