View Versions feature is missing content/behaving as if I'm not logged in

Permalink
Hey, all.

I'm encountering a strange issue where the View Versions functionality is behaving in a strange manner. Using any login (including the admin login), I can update any page, but when I attempt to view versions, the page doesn't display properly. It displays as if I'm not logged in at all.

In the attached screenshots, you can see that when I'm seeing the page in edit mode, I've got some page attributes and a content block along with a navigation bar across the top of the page with 5 elements. However, when I go to Versions and view a version, the navigation bar reduces to 3 elements (the only elements visible to guests) and the content block and intro block with the page attributes disappear.

I've got View Versions enabled for all registered users, so I'm not sure what's going on with this. Does this issue sound familiar to anyone? For the record, I'm using 5.7.5.2.

campbell
 
MrKDilkington replied on at Permalink Reply
MrKDilkington
HI campbell,

There are no attached screenshots with your post.
campbell replied on at Permalink Reply 2 Attachments
campbell
Haha, well, that's embarrassing. I'll chalk it up to a busy day. The screenshots are attached to THIS message.
MrKDilkington replied on at Permalink Reply
MrKDilkington
@campbell

To better understand what you are describing, can you provide more details about your setup.
campbell replied on at Permalink Reply
campbell
We are using c5 as a knowledge base for our Technical Operations group. It's housed on a Linux server in our production environment, accessed via HTTPS, and uses the LDAP authentication add-on to allow our users to login with their Active Directory credentials.

Most of our permissions are wide open, meaning we're allowing members of the Technical Operations group to view, edit, and publish most pages and blocks. We did add some restrictions around the footer, navigation, and a couple of other global blocks to prevent users from modifying certain page elements we wanted to maintain.

It seems that this issue occurs on several different types of pages. I've been able to add a "Blank Page" that showed differences in content blocks, but the navigation still appeared as three elements rather than five.

Here's my environment info:

# concrete5 Version
Core Version - 5.7.5.2
Version Installed - 5.7.5.2
Database Version - 20150731000000

# concrete5 Packages
Accordion Menu (3.0), Block Designer (1.2.8), C5DK TwentyTwenty Image (1.0.1), Call to Action (1.0.0), Call to Action Pro (1.0.0), Easy Rate (1.0.0), Easy Weather (0.9.1), Editor Comment (7.0.1), ExchangeCore LDAP Authentication (1.1.0), Honest Websites Back To Top (0.9.4), HonestWebsites Store location (1.2.4), HTML+PHP Code Block (1.0.1), Icons for Redactor (0.9.1), List Designer (0.9.5), List files from set (1.0.10), Login/Logout Link (1.0), Login Page Background (0.9), Magic Tabs (7.0), Page Activity (0.9.2), Page List+ (1.2.5), Page Selector Attribute (2.0), PDF Viewer (1.0.1), Pending Pages (0.9.2), ProEvents (2.7.1), Quick Tabs (1.0), Raptorize (2.0), Spacer (0.9.2), Stack Popover (1.2.2), Supermint Theme (3.3.1.3), Tokens (1.0.0), Up Down Vote Lister (2.0.8).

# concrete5 Overrides
languages/da_DK/LC_MESSAGES/messages.mo, languages/da_DK/LC_MESSAGES, languages/da_DK, languages/de_DE/LC_MESSAGES/messages.mo, languages/de_DE/LC_MESSAGES, languages/de_DE, languages/el_GR/LC_MESSAGES/messages.mo, languages/el_GR/LC_MESSAGES, languages/el_GR, languages/fi_FI/LC_MESSAGES/messages.mo, languages/fi_FI/LC_MESSAGES, languages/fi_FI, languages/fr_FR/LC_MESSAGES/messages.mo, languages/fr_FR/LC_MESSAGES, languages/fr_FR, languages/it_IT/LC_MESSAGES/messages.mo, languages/it_IT/LC_MESSAGES, languages/it_IT, languages/ja_JP/LC_MESSAGES/messages.mo, languages/ja_JP/LC_MESSAGES, languages/ja_JP, languages/nb_NO/LC_MESSAGES/messages.mo, languages/nb_NO/LC_MESSAGES, languages/nb_NO, languages/nl_NL/LC_MESSAGES/messages.mo, languages/nl_NL/LC_MESSAGES, languages/nl_NL, languages/pl_PL/LC_MESSAGES/messages.mo, languages/pl_PL/LC_MESSAGES, languages/pl_PL, languages/pt_BR/LC_MESSAGES/messages.mo, languages/pt_BR/LC_MESSAGES, languages/pt_BR, languages/ru_RU/LC_MESSAGES/messages.mo, languages/ru_RU/LC_MESSAGES, languages/ru_RU, languages/sv_SE/LC_MESSAGES/messages.mo, languages/sv_SE/LC_MESSAGES, languages/sv_SE, languages/tr_TR/LC_MESSAGES/messages.mo, languages/tr_TR/LC_MESSAGES, languages/tr_TR, languages/da_DK/LC_MESSAGES/messages.mo, languages/da_DK/LC_MESSAGES, languages/da_DK, languages/de_DE/LC_MESSAGES/messages.mo, languages/de_DE/LC_MESSAGES, languages/de_DE, languages/el_GR/LC_MESSAGES/messages.mo, languages/el_GR/LC_MESSAGES, languages/el_GR, languages/fi_FI/LC_MESSAGES/messages.mo, languages/fi_FI/LC_MESSAGES, languages/fi_FI, languages/fr_FR/LC_MESSAGES/messages.mo, languages/fr_FR/LC_MESSAGES, languages/fr_FR, languages/it_IT/LC_MESSAGES/messages.mo, languages/it_IT/LC_MESSAGES, languages/it_IT, languages/ja_JP/LC_MESSAGES/messages.mo, languages/ja_JP/LC_MESSAGES, languages/ja_JP, languages/nb_NO/LC_MESSAGES/messages.mo, languages/nb_NO/LC_MESSAGES, languages/nb_NO, languages/nl_NL/LC_MESSAGES/messages.mo, languages/nl_NL/LC_MESSAGES, languages/nl_NL, languages/pl_PL/LC_MESSAGES/messages.mo, languages/pl_PL/LC_MESSAGES, languages/pl_PL, languages/pt_BR/LC_MESSAGES/messages.mo, languages/pt_BR/LC_MESSAGES, languages/pt_BR, languages/ru_RU/LC_MESSAGES/messages.mo, languages/ru_RU/LC_MESSAGES, languages/ru_RU, languages/sv_SE/LC_MESSAGES/messages.mo, languages/sv_SE/LC_MESSAGES, languages/sv_SE, languages/tr_TR/LC_MESSAGES/messages.mo, languages/tr_TR/LC_MESSAGES, languages/tr_TR

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - Off
Full Page Cache Lifetime - Every 6 hours (default setting).

# Server Software
Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips PHP/5.4.16

# Server API
apache2handler

# PHP Version
5.4.16

# PHP Extensions
apache2handler, bcmath, bz2, calendar, Core, ctype, curl, date, dom, ereg, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, json, ldap, libxml, mbstring, mcrypt, mhash, mysql, mysqli, openssl, pcre, PDO, pdo_mysql, pdo_sqlite, Phar, posix, Reflection, session, shmop, SimpleXML, sockets, SPL, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, wddx, xml, xmlreader, xmlwriter, xsl, zip, zlib.

# PHP Settings
max_execution_time - 180
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 1000
memory_limit - 512M
post_max_size - 100M
sql.safe_mode - Off
upload_max_filesize - 100M
ldap.max_links - Unlimited
mysql.max_links - Unlimited
mysql.max_persistent - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - <i>no value</i>
session.gc_maxlifetime - 1440
campbell replied on at Permalink Reply
campbell
I inspected the Version window that was missing content to see if there were any error messages indicated, and I saw the following message on a line that pointed to [my site]/concrete/js/jquery.js:

Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, checkhttp://xhr.spec.whatwg.org/.

I noticed that this site has a note that says "XMLHttpRequest
Living Standard — Last Updated 21 January 2016." I'm wondering if an update made to this is impacting my site somehow?
MrKDilkington replied on at Permalink Reply
MrKDilkington
@campbell

Was everything working normally up until recently?
campbell replied on at Permalink Reply
campbell
I honestly can't say. When we were building the site, we didn't notice any issues, but our development environment had all pages open to guests. It was only when we began wrapping permissions around certain directories/blocks to remove guest view access that we noticed the behavior; we actually discovered it when we were in the process of training personnel on how to add pages and view previous versions.

However, it looks like Exchangecore below has found some useful information. I was able to go back to our development environment and replicate the issue on a page. I was able to see differences on a page where guests had permissions to view the page and view it in the sitemap. When I removed the guest permissions, the blocks on the page disappeared in the Versions view.

My next step is to test Exchangecore's fix in my development environment.

Thanks to all for the assistance.
exchangecore replied on at Permalink Reply
exchangecore
It should be noted that modifications to the core files are NEVER a permanent fix, when you update concrete5 they won't still be there. For testing it's certainly reasonable in some scenarios, but you should still make sure to open a github issue for it if that's something you think the core should include.
campbell replied on at Permalink Reply
campbell
Thanks for the reminder. I've added a preview_version.php file to the /application/tools/pages directory to ensure that I'm not tweaking the core, and it works perfectly.
exchangecore replied on at Permalink Reply
exchangecore
If you log in using the super admin account (Usually the "admin" user), do you still see this behavior?

EDIT: I see you did try this, my apologies for glossing over that.
exchangecore replied on at Permalink Reply
exchangecore
I can confirm this on a stock install.

To reproduce:
1) Enable Advanced Permissions
2) Go to the Portfolio Page and remove "View" permissions from Guest, Grant "View" permissions to "Administrators".
3) Go to the services page and make a change, Publish the page
4) Go to the versions section on the services page, note that if you select version 1, the "Portfolio" link no longer shows in the autonav block
exchangecore replied on at Permalink Best Answer Reply
exchangecore
Ok some more digging. This looks to be the intended behavior.

If you take a look at /concrete/tools/pages/preview_version.php you'll see the line of code which is:
$req->setCustomRequestUser(-1);

https://github.com/concrete5/concrete5/blob/develop/web/concrete/too...

If you comment out this line, then clear your cache, everything shows as the currently logged in user. I think if you want this functionality changed you should open an issue on githubhttps://github.com/concrete5/concrete5/issues/new...

It's pretty clear that this was done intentionally, but I'm not sure as to the reason why, it certainly seems reasonable for at the very least to have a method to view the page version as the currently logged in user somehow.
campbell replied on at Permalink Reply
campbell
As a follow-up, Exchangecore's fix worked perfectly for me. I'll also log an issue on GitHub bringing the behavior up for the c5 folks to review.

Thanks for all your help!