BUGFIX: findNodeToEdit() checks if the node belongs to the correct site #3796
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ect site Fixes neos#3795 Neos uses shared sessions when working with multiple sites on different domains. This fix ensures that we do not try to open a lastVisitedNode within a site the node does not belong to.
mhsdesign
reviewed
Jun 18, 2024
| @@ -224,7 +224,7 @@ protected function findNodeToEdit(): ?NodeInterface | |||
| $reflectionMethod->setAccessible(true); | |||
| $node = $reflectionMethod->invoke($this->backendRedirectionService, $siteNode->getContext()->getWorkspaceName()); | |||
|
|
|||
| if ($node === null) { | |||
| if ($node === null || !str_starts_with($node->findNodePath()->jsonSerialize(), $siteNode->findNodePath()->jsonSerialize())) { | |||
There was a problem hiding this comment.
hmm we absolutely try to NOT to any string logic on the paths as this might be really fragile and with Neos 9 is no longer possible.
So really we want to fetch the node's side node and check if the site node equals $siteNode
Buuutt the proposed solution is slightly faster and doenst require any sql queries AND the last visited node feature was removed with Neos 9 meaning that this will not need to be 9.0 compatible.
Under these circumstances im willing to +1 this hack :D
Still one more thing, lets use the native methods:
Suggested change
| if ($node === null || !str_starts_with($node->findNodePath()->jsonSerialize(), $siteNode->findNodePath()->jsonSerialize())) { | |
| if ($node === null || !str_starts_with($node->getPath(), $siteNode->getPath())) { |
There was a problem hiding this comment.
No objections to that :D
Just applied your proposal, thank you very much for the feedback 👍
Co-authored-by: Marc Henry Schultz <[email protected]>
mhsdesign
approved these changes
Jun 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3795
Neos uses shared sessions when working with multiple sites on different domains. This fix ensures that we do not try to open a lastVisitedNode within a site the node does not belong to.
What I did
Added a check to findNodeToEdit() that ensures the found node (from lastVisitedNode) belongs to the currently opened site.
How I did it
The check confirms that the found node is within the site node's sub-tree by comparing the node path.
How to verify it
Check the issue for step-by-step instructions on how to reproduce the bug. With this fix, the bug no longer occurs (instead of a rendering error, the backend displays the site node). Remembering the last visited node within the same site still works.