Ticket #648 (new defect)

Opened 15 years ago

Last modified 14 years ago

Side effects and ZODB writes for GETs

Reported by: sfermigier Owned by: fguillaume
Priority: P2 Milestone: CPS 3.5.7
Component: CPS (global) Version: CPS 3.3 branch
Severity: normal Keywords:

Description (last modified by fguillaume) (diff)

GETs should not cause side effect nor ZODB writes.

To test it:

  1. Instanciate a cps as manager/manager from zope, so the cps manager is admin/admin.
  2. Launch this command from /tmp ou ~/tmp:
    httrack -K4 http://admin:admin@localhost:8080/cps/
  3. Go have a cup of coffee, come back in 10 minutes or more (or less) and stop httrack (control-C).
  4. Look at the CPS: many things have disappeared.
  5. Try to login as the admin: impossible (the account disappeared).
  6. Go to Undo at the root of CPS: many transactions are undoable.

Conclusion: There are two (types of) problems:

  1. Destructive actions (deletion of the admin account, for instance, or destruction of boxes) or actions with side effects (ex: /cps/addtoFavorites) that are accessible from a simple GET.
  2. Action that are simple visualizations but that have side effects in the ZODB, like /cps/content_status_history, /cps/cpsdocument_view, /cps/subscription_edit_form, /cps/treebox_edit_form, /cps/folder_view, etc.

Change History

comment:1 Changed 15 years ago by fguillaume

  • Description modified (diff)

comment:2 Changed 14 years ago by fguillaume

We must document below all urls that are problematic.

comment:3 Changed 14 years ago by fguillaume

#1079 was a duplicate of this bug.

comment:4 Changed 14 years ago by fguillaume

  • Milestone changed from CPS 3.4.0 to CPS 3.4.1

comment:5 Changed 14 years ago by gracinet

A first one is cpsdirectory_entry_delete, because it's an action.

Currently, there is a an attempt of JS confirmation (onclick attribute on the action) and that's it. btw it doesn't work for me.

comment:6 Changed 14 years ago by sfermigier

  • Milestone changed from CPS 3.4.1 to CPS 3.4.2
Note: See TracTickets for help on using tickets.