Ticket #648 (new defect)

Opened 4 years ago

Last modified 3 years ago

Side effects and ZODB writes for GETs

Reported by: sfermigier Assigned to: fguillaume
Priority: P2 Milestone: CPS 3.5.0
Component: CPS (global) Version: CPS 3.3 branch
Severity: normal Keywords:
Cc:

Description (Last modified by fguillaume)

GETs should not cause side effect nor ZODB writes.

To test it:

  1. Instanciate a cps as manager/manager from zope, so the cps manager is admin/admin.
  2. Launch this command from /tmp ou ~/tmp: 
        httrack -K4 http://admin:admin@localhost:8080/cps/
  3. Go have a cup of coffee, come back in 10 minutes or more (or less) and stop httrack (control-C).
  4. Look at the CPS: many things have disappeared.
  5. Try to login as the admin: impossible (the account disappeared).
  6. Go to Undo at the root of CPS: many transactions are undoable.

Conclusion: There are two (types of) problems:

  1. Destructive actions (deletion of the admin account, for instance, or destruction of boxes) or actions with side effects (ex: /cps/addtoFavorites) that are accessible from a simple GET.
  2. Action that are simple visualizations but that have side effects in the ZODB, like /cps/content_status_history, /cps/cpsdocument_view, /cps/subscription_edit_form, /cps/treebox_edit_form, /cps/folder_view, etc.

Change History

05/12/05 12:27:22 changed by fguillaume

  • description changed.

10/27/05 18:08:46 changed by fguillaume

We must document below all urls that are problematic.

10/28/05 12:36:16 changed by fguillaume

#1079 was a duplicate of this bug.

01/12/06 18:54:38 changed by fguillaume

  • milestone changed from CPS 3.4.0 to CPS 3.4.1.

01/17/06 11:52:57 changed by gracinet

A first one is cpsdirectory_entry_delete, because it's an action.

Currently, there is a an attempt of JS confirmation (onclick attribute on the action) and that's it. btw it doesn't work for me.

05/16/06 15:02:33 changed by sfermigier

  • milestone changed from CPS 3.4.1 to CPS 3.4.2.