removal confirmation msg is uncompilable with cache
avior - November 4, 2009 - 22:34
| Project: | Simplenews |
| Version: | 5.x-1.5 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | won't fix |
Jump to:
Description
Hi
i have drupal 5, simplenews 5.x-1.5 version ,
cache enabled for 5 mins
when the user clicks on the remove link (send in the mail) he is redirect to a url that asks him to confirm the remove (/newsletter/confirm/remove/NNNN)
when the user confirm and click remove button , he is redirected to the home page and the message is displayed "email@email.com has been removed..."
i guess because this page is displayed as anonymous drupal caches this page so when another user request the frontpage he gets a cached version with the msg revealing the other user email
#1
Hi
am i the only one that see this ?
if so , a lead to help me solve this problem will be welcomed
Avior
#2
I have also encountered this problem recently, and consider it very serious. An anonymous user brings up our site and immediately sees, on our home page, someone's email address. This could lead to law suites. I don't understand why this message is put onto the home page.
#3
This is not a simplenews issue but caused by a core bug. A solution seems to be available for 7. x.
#4
Hi
@Sutharsan , thanks - can you give me a lead , so i will try to patch this in the current versions (5) ,
this is very critical for my client
#5
I have not found the patch in that went into Drupal 7, but I found this comment on the same problem: http://drupal.org/node/7465#comment-11293
The problem seems to be caused by the combination of a message and a redirect. This opens up another possible solution:
<?phpfunction simplenews_confirm_add_form_submit($form_id, $form_values) {
simplenews_subscribe_user($form_values['mail'], $form_values['newsletter']->tid, FALSE);
//drupal_set_message(t('%user was successfully added to the %newsletter subscription list.', array('%user' => $form_values['mail'], '%newsletter' => $form_values['newsletter']->name)));
return 'node/26';
}
?>
Comment out the drupal_set_message() and redirect to a page (node/26 in this example) containing a thank you message. Do the same with the simplenews_confirm_removal_form_submit() function.
#6
#168909: Drupal messages (status/error) are cached along with nodes
#201122: Drupal should support disabling anonymous sessions
#284271: Tests for drupal_set_messages are cached for anonymous users
Perhaps these issues will help you find how this is solved in D7.
#7
Hi
Thank you very much for the information
i dont understand why this is happening because i can see in api http://api.drupal.org/api/function/page_get_cache/6
so all this was not supposes to happen at all
but what if instead of redirecting the user to the hompage ,after setting the msg , redirect the user to a special and unique url
so make a unique url
example.com/newsletter/notify-remove/UID
example.com/newsletter/notify-add/UID
this will solve the issue
Avior