Marked as critical because this could completely break websites' layout and potentially disclose data that should not be disclosed. (Security issue?)

Steps to reproduce:

  • Create a new website with one dummy Article node
  • Add a view which displays Article nodes as a block on a node page
  • Add a template named node--view--view-name.tpl.php to your theme (not node--view--view-name--block.tpl.php)
  • Add the block to any region
  • Go to /node/1 and watch how your main node is also displayed in the view template instead of node.tpl.php or node--article.tpl.php or whatever.
  • Same goes for users

Reasoning behind the bug:

  • views_plugin_row_node_view:render() sets $node->view to the view so node_view() on the next line will have the correct data for views_preprocess_node()
  • However, it does not respect the fact that any entity comes from an internal cache, thus leaving the $node polluted with the 'view' property
  • This in turn causes the node that should make up the page content to also trigger alterations in views_preprocess_node()

Plausible fixes to the bug:

  • Unset the 'view' property right after calling node_view() (patch a)
  • Load all nodes for the plugin using $reset = TRUE (patch b)
CommentFileSizeAuthor
#1 views-2359955-1b.patch1.67 KBkristiaanvandeneynde
#1 views-2359955-1a.patch1.58 KBkristiaanvandeneynde
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

kristiaanvandeneynde’s picture

kristiaanvandeneynde
Primary language Dutch
Location Antwerp, Belgium
CreditAttribution: kristiaanvandeneynde commented
FileSize
views-2359955-1a.patch1.58 KB
views-2359955-1b.patch1.67 KB

Attached are both patches, I've successfully implemented patch b on my website.

kristiaanvandeneynde’s picture

kristiaanvandeneynde
Primary language Dutch
Location Antwerp, Belgium
CreditAttribution: kristiaanvandeneynde commented
Status: Active » Needs review
MonsterCache’s picture

MonsterCache CreditAttribution: MonsterCache commented

I am facing the same problem now wit the latest Drupal 8.2.7 version.

To reproduce the problem :

  1. Consider two page a front page and a category page
  2. I have some nodes in the output on this pages. For example node with ids 1,2,3 for the front page and 1,2,3,4 for the cateogory page
  3. Open the front page and if nodes are rendered correctly, using a proper template, go to the category page
  4. On the category page I also have nodes with ids 1,2,3 in the output, but in addition I have a node with id 4 on the page
  5. Go to the category page, and now I can see that nodes 1,2,3 are rendered using the template used on the front page, but the node with id 4 rendered correctly
  6. Stay on the category page, clear the site cache reload the page - rendered correctly
  7. Go to the front page and now I can see that nodes 1,2,3 are rendered using the template for the category page
DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Issue tags: +Needs tests

This needs tests to clearly document the issue, and might have to move to a core issue first.

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Status: Needs review » Needs work
andeersg’s picture

andeersg CreditAttribution: andeersg at Bouvet commented

I believe at least the Drupal 8 problem from comment #3 is related to this: https://www.drupal.org/node/2728419