[fixed] Locking timeout corrupted
Posted: Mon May 26, 2014 9:16 am
I noticed an issue with the locking mechanism when editing content, templates and stylesheets. The locking itself works as expected (prevents multiple users to edit one particular item simultanously) but there is an error with the settings of the locking time-out. (especially when using ajax)
When editing content of a module - e.g. content pages of CMSContentManager - the locking is done after the page has loaded using an ajax request. But the value of the module setting "locktimeout" is not passed to the file "/admin/ajax_lock.php". Anyway the file "ajax_lock.php" does not look for a post/get param of the timeout and so it does never pass a timeout to the CmsLock class either.
See "/admin/ajax_lock.php" line 70:
and line 74:
If a lock is created and no time-out is passed the core looks for a sitepref called "lock_timeout".
See line 131 of "/lib/classes.CmsLock.php":
But this preference does not exist and is not adjustable in the admin panel. Therefore locks of whatever type (modules content/core stuff) does always have the default time-out of 60 minutes if the lock is created using ajax.
(This also affects the DesignManager when editing templates/stylesheets)
So the locking timeout settings of the modules doesn't have any effect.
Another locking timeout issue is in the module CMSContentManager in "class.CmsContentManagerUtils.php" in method "locking_enabled()". This method always returns false since it is looking for a sitepref called "locktimeout" instead of a module preference.
See line 84-89 of /modules/CMSContentManager/lib/class.CmsContentManagerUtils.php:
So lines 217-229 of "/modules/CmsContentManager/action.admin_editcontent.php" will never be executed:
So the method "CmsContentManagerUtils::locking_enabled()" (lines 84-89 of "/modules/CMSContentManager/lib/class.CmsContentManagerUtils.php") shoud be:
Cheers
PS:
Anyway locking seems pointless to me if the lock is not checked when a page is edited or (more important) actually saved. It is only checked when displaying the list of pages. So you still can edit locked pages entering the url to the admin panel in the adress bar. You will get a confusing alert box wich you just can click away and save the content anyway. I know: no trustfull backenduser would do this, but it can also happen accidently if you hit the back-button of your browser or whatever.
Locking means to me no other user can write to that content unless it is saved/unlocked by myself or locking is timed out.
When editing content of a module - e.g. content pages of CMSContentManager - the locking is done after the page has loaded using an ajax request. But the value of the module setting "locktimeout" is not passed to the file "/admin/ajax_lock.php". Anyway the file "ajax_lock.php" does not look for a post/get param of the timeout and so it does never pass a timeout to the CmsLock class either.
See "/admin/ajax_lock.php" line 70:
Code: Select all
$lock = CmsLock::load($type,$oid,$uid);
Code: Select all
$lock = new CmsLock($type,$oid);
See line 131 of "/lib/classes.CmsLock.php":
Code: Select all
if( $lifetime == null ) $lifetime = cms_siteprefs::get('lock_timeout',60);
(This also affects the DesignManager when editing templates/stylesheets)
So the locking timeout settings of the modules doesn't have any effect.
Another locking timeout issue is in the module CMSContentManager in "class.CmsContentManagerUtils.php" in method "locking_enabled()". This method always returns false since it is looking for a sitepref called "locktimeout" instead of a module preference.
See line 84-89 of /modules/CMSContentManager/lib/class.CmsContentManagerUtils.php:
Code: Select all
public static function locking_enabled()
{
$timeout = cms_siteprefs::get('locktimeout');
if( $timeout > 0 ) return TRUE;
return FALSE;
}
Code: Select all
//
// BUILD THE DISPLAY
//
if( $content_id && CmsContentManagerUtils::locking_enabled() ) {
try {
// here we are attempting to steal a lock.
$lock_id = CmsLockOperations::is_locked('content',$content_id);
if( $lock_id > 0 ) CmsLockOperations::unlock($lock_id,'content',$content_id);
$lock = new CmsLock('content',$content_id);
$smarty->assign('lock',$lock);
}
catch( CmsException $e ) {
$this->SetError($e->getMessage());
$this->RedirectToAdminTab();
}
}Code: Select all
public static function locking_enabled()
{
$mod = cms_utils::get_module('CMSContentManager');
$timeout = $mod->GetPreference('locktimeout');
if( $timeout > 0 ) return TRUE;
return FALSE;
}PS:
Anyway locking seems pointless to me if the lock is not checked when a page is edited or (more important) actually saved. It is only checked when displaying the list of pages. So you still can edit locked pages entering the url to the admin panel in the adress bar. You will get a confusing alert box wich you just can click away and save the content anyway. I know: no trustfull backenduser would do this, but it can also happen accidently if you hit the back-button of your browser or whatever.
Locking means to me no other user can write to that content unless it is saved/unlocked by myself or locking is timed out.