Problem/Motivation

Currently the JS module tries to take care of possible cache poisoning of the module_implements cache e.g. in js_deliver(). Unfortunately this has no control over what's happening in $delivery_callback function.
A call to module_implements() with a not yet cached hook will re-enable the cache write for the module_implements cache.
Unfortunately there are modules e.g. Admin Menu - which trigger module_implements_write_cache() without actually invoking other hooks e.h. hook_exit().
This leads to cache poisoning - especially together with js_custom_theme() which adjusts the implementations of hook_init() to avoid double invocation.

Proposed resolution

Implement hook_module_implements_alter() and ensure it unsets the #write_cache flag whenever the hook is invoked during a JS callback.
hook_module_implements_alter() will always be invoked after $implementations['#write_cache'] is set - which should provide a more reliable way of unsetting it.
I think with the new hook we can remove the handling in js_deliver() and just rely on the new hook implementation.

The only thing I'm not completely sure yet is if this covers all scenarios in which elseif (!isset($verified[$hook])) { is entered in module_implements().

Remaining tasks

reviews needed.

CommentFileSizeAuthor
js-cache-poisoning-of-module_implements.patch1.43 KBdas-peter
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

das-peter created an issue. See original summary.

plach’s picture

plach
he/him
Primary language Italian
Location Venezia
CreditAttribution: plach at Tag1 Consulting commented
Status: Needs review » Postponed (maintainer needs more info)

Mark asked me to have a look at this issue, since I worked on skipping double hook_init() invocation. The patch looks reasonable to me, but I could not reproduce the issue you are mentioning with Admin Menu. Can you post the exact steps to see the issue you are reporting, ideally on a clean installation?

Also, I find it a bit concerning that the elseif branch of module_implements() would be skipping the logic to clear the #write_cache flag. However, I wasn't able to reproduce the issue and I couldn't tell whether actually problematic conditions can arise.

markhalliwell’s picture

markhalliwell
Primary language English
CreditAttribution: markhalliwell at Tag1 Consulting commented
Status: Postponed (maintainer needs more info) » Fixed

The patch looks reasonable to me

Same. Seeing how this issue is old, I'll just go ahead and commit as I trust @das-peter's work and this doesn't seem like it would adversely affect anything.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.