When you are in admin and using secret keys, the key in the request
has to match up with the controller + action + salt. If not you are
bounced to the dashboard. When you call _forward to get sent to a new
URL, the new dispatch loop call checks the secret key a second time.
The 'problem' at this stage is the secret key doesn't match up with
the controller and/or action portion. The 'fix' that currently is in
place is to grab the the original PATH_INFO from the request, split
that on '/', grab indexes 1 and 2, and use those as the
controller and action.
Keep in mind, this only happens if the controller and/or action are
not passed directly to the getSecretKey call. Additionally, if
either of these is empty then it has a second try of getting the
controller or action name stored in the request object directly.
Ok, that's the background. Here's the 'bug':
If you have code in place that handles routing differently than the
standard routers, the getSecretKey method erroneously making
assumptions about the translation of a PATH_INFO string into a
module/controller/action array. And, as luck would have it, the
request object has a MUCH better method of working around the issue.
The is a getBeforeForwardInfo method that can give the original
request module/controller/action that was made. That info would
correspond to what getSecretKey expects.
This patch was also submitted as MCACE-144 to the Magento 184.108.40.206
MCA-CE contributor repository in Mage_Adminhtml_Model_Url.
Thanks to Lee Saferite for this one.
* Implemented inheritance of locales. Inheritance is declared in `app/locale/<locale_name>/config.xml`
* Moved declaration of modules from `app/etc/modules/<module>.xml` to `app/code/<pool>/<namespace>/<module>/config.xml`
* Implemented ability to match URLs in format `protocol://base_url/area/module/controller/action` (as opposite to only `module/controller/action`), utilized this feature in backend (admin) area
* Added product attribute set "Minimal Attributes", which consists of required system attributes only
* Improved customers import:
* Implemented "Delete" behavior for importing customers, customer addresses and financial data
* Implemented "Custom" behavior, which allows to specify behavior for each item directly from the imported file
* Updated performance tests:
* Enabled Product View, Category View, Add to Cart, Quick Search and Advanced Search scenarios
* Added ability to specify configuration parameters per scenario and refactored bootstrap of performance tests
* Added jQuery plugins: Cookie, Metadata, Validation, Head JS
* Fixed issues:
* Impossible to add configurable product to the cart
* Impossible to apply Shopping Cart Price Rule with any conditions to cart with simple and virtual product
* Memory leak in email templates
* Impossible to place order with Multiple Addresses using 3D Secure
* Required product attributes are not exported
* "Forgot Your Password" link on checkout page inactive after captcha reloading
* Validation of "Number of Symbols" field in Captcha configuration doesn't work
* Other small fixes
* GitHub requests:
* [#37](#37) -- fixed particular case of "HEADERS ALREADY SENT" error in WYSIWYG thumbnail
* [#39](#39) -- added `composer.json`
* [#40](#40) -- fixed generation of "secret key" in backend URLs to honor `_forward` in controllers