Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29933

Admin UI REST API listener considers 3rd party routes as REST routes

    Details

      Description

      https://github.com/ezsystems/ezplatform-admin-ui/pull/691 added a request listener that matches on request path info and evaluates if the request is an eZ Platform REST API request.

      The regex used is too broad and takes into account routes that have nothing to do with eZ Platform REST API, for example:

      https://example.com/netgen/api/some/path
      https://example.com/admin/netgen/api/some/path
      https://example.com/cro/netgen/api/some/path

      Two issues exist with the pattern:

      1) It doesn't start with a slash, matching any part of the path info
      2) It doesn't validate that the part before `/api/` is a valid siteaccess

        Activity

        Edi Modrić created issue -
        Edi Modrić made changes -
        Field Original Value New Value
        Priority High [ 3 ] Blocker [ 1 ]
        Dawid Parafiński made changes -
        Assignee Dawid Parafiński [ david.parafinski@ez.no ]
        Dawid Parafiński made changes -
        Status Open [ 1 ] Confirmed [ 10037 ]
        Dawid Parafiński made changes -
        Status Confirmed [ 10037 ] InputQ [ 10001 ]
        Dawid Parafiński made changes -
        Status InputQ [ 10001 ] Development [ 3 ]
        Dawid Parafiński made changes -
        Status Development [ 3 ] Backlog [ 10000 ]
        Dawid Parafiński made changes -
        Status Backlog [ 10000 ] Development [ 3 ]
        Dawid Parafiński made changes -
        Status Development [ 3 ] Development Review [ 10006 ]
        Dawid Parafiński made changes -
        Assignee Dawid Parafiński [ david.parafinski@ez.no ]
        Status Development Review [ 10006 ] Closed [ 6 ]
        Fix Version/s 2.4.0 [ 15091 ]
        Resolution Fixed [ 1 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Confirmed Confirmed
        24m 7s 1 david.parafinski@ez.no 19/Dec/18 12:21 PM
        Confirmed Confirmed InputQ InputQ
        5s 1 david.parafinski@ez.no 19/Dec/18 12:22 PM
        InputQ InputQ Development Development
        3s 1 david.parafinski@ez.no 19/Dec/18 12:22 PM
        Development Development Backlog Backlog
        35s 1 david.parafinski@ez.no 19/Dec/18 12:22 PM
        Backlog Backlog Development Development
        7s 1 david.parafinski@ez.no 19/Dec/18 12:22 PM
        Development Development Development Review Development Review
        47d 7m 1 david.parafinski@ez.no 04/Feb/19 12:30 PM
        Development Review Development Review Closed Closed
        43s 1 david.parafinski@ez.no 04/Feb/19 12:30 PM

          People

          • Assignee:
            Unassigned
            Reporter:
            Edi Modrić
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: