Bug #92242
closed
Problem after updating to TYPO3 9.5.21 w adminpanel: Page is cached with hidden elements and is served with these elements even if not logged in
Added by Sybille Peters over 3 years ago.
Updated over 3 years ago.
Description
Reproduce¶
1. Use a page with hidden elements
2. Select "Show hidden records" in adminpanel. Unset "No caching"
3. Remove cache for page and load (e.g. with CTRL + SHIFT + r)
4. Now load the page without being logged in (e.g. in different browser, via proxy, logout from BE etc.)
Actual result¶
The hidden elements are displayed even if not logged in.
Expected Result¶
The hidden elements should not get displayed if not logged in
- Related to Bug #91083: Preview setting "showHiddenRecords" in the admin panel does not work. added
I had a bad filling when reviewing #91083 https://review.typo3.org/c/Packages/TYPO3.CMS/+/64491 but I removed my -1 vote because I had no time to involve, neither Susanne Moog, nor Chris Müller.
The clear_preview() call that was removed WAS obsiously important.
I thought the issue is more a middleware priority issue (see my comment on the review): the admin panel middleware should run after the frontend middleware
- Priority changed from Should have to Must have
I have the same behaviour in v10.4.8. After Shift+Reload with active Admin Panel and activated "Show hidden records" the hidden elements are delivered also to website visitors.
1. The editor has "Show hidden records" deactivated.
2. She activated the "Show hidden records" options.
3. The page is shown with no hidden elements (from cache, I assume).
4. Shift+Reload builds the page with hidden elements.
5. As a normal website user (not logged-in) I see now also the hidden elements from that page.
With activated "No caching" option this behaviour was not observed.
@Daniel Hinderink Rémy
It seems to me the problem is that the page is cached (as viewed by the BE user). As Chris pointed out, the problem does not occur if "No caching" is activated.
The adminpanel view (or logged in view) and not logged in view should have a different cache entry. This does not seem to be the case.
BTW, we had a similar (or the same) problem quite some time ago, where pages with Fluid debug output (there is also an option for that in adminpanel) were also visible in non-logged in view.
see #85087 ("Prevent Admin Panel Fluid Debug View from being cached")
I cannot reproduce problem with Fluid debug output (in 9.5.22).
I can still reproduce problem with hidden elements (in 9.5.22).
- Status changed from New to Under Review
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
I added a comment to patch https://review.typo3.org/c/Packages/TYPO3.CMS/+/66156 and raised issue in Slack. So I would recommend to wait patiently for now, until someone responds or it is backported.
There might have been problems backporting (sometimes there are conflicts and things done differently).
- Status changed from Resolved to Under Review
- Status changed from Under Review to Resolved
- Related to Bug #92746: Undefined references to AdminPanel in Frontend extension added
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by