You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current method of displaying groupby criteria is to use the IGroupByCriteria utility. This is a global utility that caches its results. However, as it is a global utility it is caching results across the instance and there is no separation of sites. So if you have an instance with multiple sites, the cache will be whichever one gets processed first meaning it will break collection filters for other sites. It is also then sharing information about the indexes between sites which is a security concern.
instification
changed the title
groupbycriteria widget cache spills information across sites
groupbycriteria utility cache spills information across sites
Sep 5, 2019
The current method of displaying groupby criteria is to use the
IGroupByCriteria
utility. This is a global utility that caches its results. However, as it is a global utility it is caching results across the instance and there is no separation of sites. So if you have an instance with multiple sites, the cache will be whichever one gets processed first meaning it will break collection filters for other sites. It is also then sharing information about the indexes between sites which is a security concern.The code in question:
collective.collectionfilter/src/collective/collectionfilter/vocabularies.py
Lines 72 to 76 in 581caf9
Possible solution:
Instead of caching on the utility, use memoize with the site path as the key.
I'm currently working on a PR for this, but any other input/ideas are welcome @petschki, @thet
The text was updated successfully, but these errors were encountered: