Skip to content
This repository was archived by the owner on Apr 29, 2019. It is now read-only.

Incorrect Request URL with Form Key on the product import. #58

Closed
piotrekkaminski opened this issue Nov 6, 2017 · 8 comments
Closed

Incorrect Request URL with Form Key on the product import. #58

piotrekkaminski opened this issue Nov 6, 2017 · 8 comments
Assignees
@dmanners

Comments

@piotrekkaminski
Copy link
Contributor

From @radio on June 22, 2016 8:57

Steps to reproduce

  1. Install Magento from develop branch.
  2. Go to Admin Panel
  3. Go to System -> Import.
  4. Select "Products" in Entity Type field.
  5. Set: Import Behavior: "Add/Update", select valid file to import.
  6. Click "Check Data", wait for validation to complete.
  7. Click "Import".

Expected result

  1. The request is sent to http://obo-demo.testing.cgi-labs.de/admin/admin/import/start/key/[some-key]/?form_key=[form-key] OR
  2. The request URL doesn't contain form key as form key is present in the POST payload.

Actual result

  1. Request URL is: http://obo-demo.testing.cgi-labs.de/admin/admin/import/start/key/[some_key]/&form_key=[form-key] (note the "&" instead of "?"). Form key is also in the payload.

Copied from original issue: magento/magento2#5154
@piotrekkaminski
Copy link
Contributor Author

From @shiftedreality on September 9, 2016 14:45

Hi @radio

Thank you for your submission.
We've created internal ticket MAGETWO-58250 to fix this issue.

@piotrekkaminski
Copy link
Contributor Author

From @magento-engcom-team on October 13, 2017 8:3

@radio, thank you for your report.
We've created internal ticket(s) MAGETWO-58250 to track progress on the issue.

@piotrekkaminski piotrekkaminski mentioned this issue Nov 6, 2017
Closed
@TomashKhamlai
Copy link
Contributor

Reproduced on 2.3-develop from http://github.com/magento/magento2.git

POST /admin/admin/import/start/key/e84342c7b3fed817cc0ea38dc72b929073d0cfae0b422534346346719b46c5ca/&form_key=DEipnHjS7e8MQWJr HTTP/1.1
...

...
Connection: close

------WebKitFormBoundarym3bVvVxB6UkkYxWZ
Content-Disposition: form-data; name="form_key"

DEipnHjS7e8MQWJr
...

...
sku,store_view_code,attribute_set_code,product_type,categories,product_websites,name,description,short_description,weight,product_online,tax_class_name,visibility,price,special_price,special_price_from_date,special_price_to_date,url_key,meta_title,meta_keywords,meta_description,created_at,updated_at,new_from_date,new_to_date,display_product_options_in,map_price,msrp_price,map_enabled,gift_message_available,custom_design,custom_design_from,custom_design_to,custom_layout_update,page_layout,product_options_container,msrp_display_actual_price_type,country_of_manufacture,additional_attributes,qty,out_of_stock_qty,use_config_min_qty,is_qty_decimal,allow_backorders,use_config_backorders,min_cart_qty,use_config_min_sale_qty,max_cart_qty,use_config_max_sale_qty,is_in_stock,notify_on_stock_below,use_config_notify_stock_qty,manage_stock,use_config_manage_stock,use_config_qty_increments,qty_increments,use_config_enable_qty_inc,enable_qty_increments,is_decimal_divided,website_id,deferred_stock_update,use_config_deferred_stock_update,related_skus,crosssell_skus,upsell_skus,hide_from_product_page,custom_options,bundle_price_type,bundle_sku_type,bundle_price_view,bundle_weight_type,bundle_values,associated_skus
...

@TomashKhamlai
Copy link
Contributor

TomashKhamlai commented Dec 20, 2017
edited
Loading

@dmanners do I have to do something more with this issue? I tested in Burp Suite.

@dmanners
Copy link
Contributor

@TomashKhamlai nope just let me know it is reproduced an remove the label needs reevaluation if you can reproduce the issue.

@alexishughes
Copy link

I have the same issue with Magento CE 2.3. Exactly the same, Magento makes an invalid URL request and then just spins out. I think if your server is slow then the second key request is triggered after ~30s and this is why not so many people have this issue. Is there a patch?

@dmanners
Copy link
Contributor

Hi @alexishughes thank you for the feedback. Currently there is no patch though I cannot imagine it being too hard to sort it and provide a pull request.

dmanners added a commit to dmanners/import-export-improvements that referenced this issue Jun 16, 2018
@dmanners
magento-engcom#58: Fix generation of import url
10ce88b 
 - update the building of import url in before.phtml
 - check that we do not already have the form_key in our url,
 - build the newActionUrl first so that we always are using the same url to build the url
@dmanners dmanners self-assigned this Jun 16, 2018
@dmanners dmanners mentioned this issue Jun 16, 2018
Merged
4 tasks
magento-engcom-team pushed a commit that referenced this issue Aug 27, 2018
@nikshostko
Merge pull request #58 from magento-epam/2.3-develop
377df19 
Merge 2.3-develop to EPAM-PR-2
magento-engcom-team pushed a commit that referenced this issue Oct 8, 2018
@KevinBKozan
MQE-1033: Validate duplicate element names in the same file (Section,…
3336bca 
… Data, Metadata, Page) (#58)

- fixed dupes
@dmanners
Copy link
Contributor

This has been covered in 2.3-develop via https://github.com/magento-engcom/import-export-improvements/pull/111/files

magento-engcom-team pushed a commit that referenced this issue Dec 5, 2018
@KevinBKozan
MQE-1033: Validate duplicate element names in the same file (Section,…
1b15b5c 
… Data, Metadata, Page) (#58)

- fixed dupes
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dmanners dmanners

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexishughes @dmanners @piotrekkaminski @TomashKhamlai