Full disclosure: I originally reported this as an SI, but I got word back from Greg that it's more a configuration issue than a security issue. I agree, but I'm opening up discussion here to avoid headaches in the future.
I recently ran into an issue on a site where it was being mirrored from a junk domain via a CNAME record. Because of some subtle interplay between Views Cache and Page Cache (and the global $base_root not being set in settings.php), the primary RSS feed (run via Views), for a short time, pointed all links back to the junk domain rather than the real domain. (See scenario 2 here.)
I think this could be avoided by adding the base_url to the serialized portion of Views CIDs.
Again, I don't think this is crucial, but definitely worth discussing.
Patch attached. Would want something similar applied to the 6.x branch too.
Comment | File | Size | Author |
---|---|---|---|
#10 | views-add_base_url_to_cid_6x3x-1458504-10.patch | 996 bytes | iamEAP |
Comments
Comment #1
gregglesOne alternative would be to use relative paths.
Comment #2
dawehnerWell relative paths for a rss feed isn't always what you want, maybe feed readers don't get that.
In general a view could depend on any kind of variable, and for very custom behaviors you might should better write a small cache plugin extension, thought for this problem is seems to make more sense to add this to views itself.
Comment #3
tim.plunkettTriggering the testbot.
Comment #5
iamEAP CreditAttribution: iamEAP commentedRe-roll against latest dev.
Comment #6
tim.plunkettmissing trailing comma
Comment #7
iamEAP CreditAttribution: iamEAP commentedJust caught it. Thanks, Tim.
Comment #8
tim.plunkettUnless there is a good reason NOT to include this, I agree with dereine in #2.
Comment #9
dawehnerThanks for adding this, it really makes sense in your cases.
Comment #10
iamEAP CreditAttribution: iamEAP commentedAttached patches for both 6.x-3.x and 6.x-2.x branches.
Comment #11
tim.plunkettThere aren't any tests for either 6.x branch anymore, but nice usage of the do-not-test suffix!
Comment #12
DamienMcKennaComment #13
DamienMcKennaThis should be added to 6.x-2.x too.
Comment #14
izmeez CreditAttribution: izmeez commentedPatch in comment #10 applies to latest views-6.x-2.26 without difficulty and is already RTBC.
Comment #15
Chris Matthews CreditAttribution: Chris Matthews as a volunteer commentedThe Drupal 6 branch is no longer supported, please check with the D6LTS project if you need further support. For more information as to why this issue was closed, please see issue #3030347: Plan to clean process issue queue