You are here: Foswiki>Tasks Web>Item14061 (31 Jan 2018, GeorgeClark)Edit Attach

Item14061: Non-admin users are unable to refresh the page cache using the refresh query param. It's silently ignored.

pencil
Priority: Urgent
Current State: Closed
Released In: 2.1.2
Target Release: patch
Applies To: Engine
Component: PageCache
Branches: Item14061 master Release02x01 Item14033 Item13897 Item14380 Item14537
Reported By: PhilippeKehl
Waiting For:
Last Change By: GeorgeClark
The PageCaching mechanism for force-refreshing the cache of a page (query parameter refresh=cache) doesn't work anymore.

It seems that commit distro:753517244683e36d6358bba0989dba2900bbe9b9 broke it (change line 226 and/or removed line 338 and/or something else).

The query parameter refresh=fire however seems to have a similar behaviour now.

So maybe we only need to change the documentation (and the link at the bottom of every page)?

See here for a few more details discussed in the chat.

-- PhilippeKehl - 01 May 2016

The unit tests have a number of issues:
  • The assertion for cached, or not cached, never actually asserts. So that particular check always passes. Fix that, and now:
  • The core code fails to add the X-Foswiki-Cached header in most circumstances, so it still fails. So add the Cached header and:
  • Foswiki::Cache::getPage doesn't process any refresh variation except for refresh=all. So the cache doesn't get reset.
  • There is no test to verify the oops when a non-admin attempts to clear the global cache.
  • Even removing the admin check above doesn't seem to be the complete fix.

-- GeorgeClark - 01 May 2016

MichaelDaum, I've checked in a number of fixes into the Item14061 branch. Could you please review them in some depth and we'll have to build a Foswiki 2.1.2 sooner than later unfortunately. (I'm wondering if we should hold off on announcing 2.1.1 for now.)

-- GeorgeClark - 01 May 2016

Everything looks fine ... except one: refresh=all is an admin-only maintenance operation. I can't see where this check has gone looking at the patches. Am I blind?

This is an important one as it nukes all of the page cache. WikiGuests and even non-admins shall not be allowed to perform such a critical operation. Invalidating the cache of a single page is fine as a normal save would do that anyway. However global operations like refresh=all must remain an admin-only thing.

-- MichaelDaum - 02 May 2016

Foswiki::PageCache::getPage() line 317 It's there and the new unit test verifies that it works.

-- GeorgeClark - 02 May 2016
 
Topic revision: r17 - 31 Jan 2018, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy