Bug #92242

Problem after updating to TYPO3 9.5.21 w adminpanel: Page is cached with hidden elements and is served with these elements even if not logged in

Added by Sybille Peters 3 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Must have
Assignee:
-
Category:
AdminPanel
Target version:
-
Start date:
2020-09-09
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
adminpanel, cache
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

Reproduce

1. Use a page with hidden elements
2. Select "Show hidden records" in adminpanel. Unset "No caching"
3. Remove cache for page and load (e.g. with CTRL + SHIFT + r)
4. Now load the page without being logged in (e.g. in different browser, via proxy, logout from BE etc.)

Actual result

The hidden elements are displayed even if not logged in.

Expected Result

The hidden elements should not get displayed if not logged in


Related issues

Related to TYPO3 Core - Bug #91083: Preview setting "showHiddenRecords" in the admin panel does not work.ClosedChristian Eßl2020-04-17

Actions
Related to TYPO3 Core - Bug #92746: Undefined references to AdminPanel in Frontend extensionResolvedBenni Mack2020-11-02

Actions
#1

Updated by Oliver Hader 3 months ago

  • Is Regression set to Yes
#2

Updated by Oliver Hader 3 months ago

  • Related to Bug #91083: Preview setting "showHiddenRecords" in the admin panel does not work. added
#4

Updated by DANIEL Rémy 3 months ago

I had a bad filling when reviewing #91083 https://review.typo3.org/c/Packages/TYPO3.CMS/+/64491 but I removed my -1 vote because I had no time to involve, neither Susanne Moog, nor Chris Müller.

The clear_preview() call that was removed WAS obsiously important.
I thought the issue is more a middleware priority issue (see my comment on the review): the admin panel middleware should run after the frontend middleware

#5

Updated by Simon Gilli 3 months ago

  • Priority changed from Should have to Must have
#6

Updated by Chris Müller 2 months ago

I have the same behaviour in v10.4.8. After Shift+Reload with active Admin Panel and activated "Show hidden records" the hidden elements are delivered also to website visitors.

1. The editor has "Show hidden records" deactivated.
2. She activated the "Show hidden records" options.
3. The page is shown with no hidden elements (from cache, I assume).
4. Shift+Reload builds the page with hidden elements.
5. As a normal website user (not logged-in) I see now also the hidden elements from that page.

With activated "No caching" option this behaviour was not observed.

#7

Updated by Sybille Peters about 2 months ago

Daniel Hinderink Rémy

It seems to me the problem is that the page is cached (as viewed by the BE user). As Chris pointed out, the problem does not occur if "No caching" is activated.

The adminpanel view (or logged in view) and not logged in view should have a different cache entry. This does not seem to be the case.

BTW, we had a similar (or the same) problem quite some time ago, where pages with Fluid debug output (there is also an option for that in adminpanel) were also visible in non-logged in view.

#8

Updated by Sybille Peters about 2 months ago

see #85087 ("Prevent Admin Panel Fluid Debug View from being cached")

I cannot reproduce problem with Fluid debug output (in 9.5.22).

I can still reproduce problem with hidden elements (in 9.5.22).

#9

Updated by Gerrit Code Review about 1 month ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66156

#10

Updated by Gerrit Code Review about 1 month ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66156

#11

Updated by Gerrit Code Review about 1 month ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66156

#12

Updated by Gerrit Code Review about 1 month ago

Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66192

#13

Updated by Benni Mack about 1 month ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#14

Updated by RVVN no-lastname-given about 1 month ago

No fix for version 9.5 ?

#15

Updated by Sybille Peters about 1 month ago

I added a comment to patch https://review.typo3.org/c/Packages/TYPO3.CMS/+/66156 and raised issue in Slack. So I would recommend to wait patiently for now, until someone responds or it is backported.

There might have been problems backporting (sometimes there are conflicts and things done differently).

#16

Updated by Gerrit Code Review about 1 month ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66218

#17

Updated by Benni Mack about 1 month ago

  • Status changed from Under Review to Resolved
#18

Updated by Benni Mack 27 days ago

  • Related to Bug #92746: Undefined references to AdminPanel in Frontend extension added

Also available in: Atom PDF