Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21050

Treemenu broken after EZPESU-2013-011 on IE7-8

    Details

      Description

      After installing EZPESU-2013-011-KERNEL4.7 and clearing the caches, the content structure menu in administration interface disappears.

      1. EZP-21050_ezp47.diff
        0.6 kB
        Joao Inacio
      1. screenshot.jpg
        222 kB

        Issue Links

          Activity

          Hide
          Joao Inacio (Inactive) added a comment -

          I had some trouble reproducing this again, so additional steps follow:

          1) Apply EZPESU-2013-011-KERNEL4.7 patch
          2) Run ezcache --clear-all
          3) Access the Content Structure menu
          4) Verify that the menu is gone.

          However, if the page is refreshed, the menu seems to reappear again.

          The reverse also happens:
          1) Revert EZPESU-2013-011-KERNEL4.7 patch
          2) Run ezcache --clear-all
          3) Access the Content Structure menu
          4) Verify that the menu is gone.

          Refresh page, menu is back once more.

          Show
          Joao Inacio (Inactive) added a comment - I had some trouble reproducing this again, so additional steps follow: 1) Apply EZPESU-2013-011-KERNEL4.7 patch 2) Run ezcache --clear-all 3) Access the Content Structure menu 4) Verify that the menu is gone. However, if the page is refreshed, the menu seems to reappear again. The reverse also happens: 1) Revert EZPESU-2013-011-KERNEL4.7 patch 2) Run ezcache --clear-all 3) Access the Content Structure menu 4) Verify that the menu is gone. Refresh page, menu is back once more.
          Hide
          Joao Pingo (Inactive) added a comment - - edited

          Tested on 4.5, 4.6, 4.7 with all Service Packs, test passed
          Tested on 5.0 with all Service Packs and the patch from https://jira.ez.no/browse/EZP-20202, test passed
          Tested on 5.1, test passed
          Used tc-1704
          QA Approved

          Show
          Joao Pingo (Inactive) added a comment - - edited Tested on 4.5, 4.6, 4.7 with all Service Packs, test passed Tested on 5.0 with all Service Packs and the patch from https://jira.ez.no/browse/EZP-20202 , test passed Tested on 5.1, test passed Used tc-1704 QA Approved
          Show
          André Rømcke added a comment - Mentioned as part of http://share.ez.no/community-project/security-advisories/ezsa-2013-010-xss-attack-possible-in-content-treemenu-object-names-not-sanitized
          Hide
          Gunnstein Lye added a comment -

          Reopen to change issue type

          Show
          Gunnstein Lye added a comment - Reopen to change issue type
          Hide
          Yannick Roger (Inactive) added a comment - - edited
          Show
          Yannick Roger (Inactive) added a comment - - edited Fixed in master (before 5.2 came out): https://github.com/ezsystems/ezpublish-legacy/commit/1010cafa1a938472bf4f58c9cb2208aac1a9c828

            People

            • Assignee:
              Unassigned
              Reporter:
              Joao Inacio (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 3 hours
                2d 3h