Critical bug in Grid Export. Data port of this type cannot be loaded and destroys the session.

[sevarozh]

Pimcore 11.2.3 Datadirector 3.6.19

To reproduce:

• create new data port
• Source data type: Pimcore Grid Configuration
• Target class: Export
• Grid Configuration: choose any grid configuration
• save data port

After that, the session is completely destroyed and admin can no longer be opened, so far the session cookie has been deleted:

Data port itself is saved, but could not be opened because the session is destroyed again when it is opened.

I've tried it on different systems and it always happens like this. I also did a bit of debugging and it happens with both mappingconfig/get-config and importconfig/get-demo-data requests.

The request mappingconfig/get-config is processed without errors, but the session is then broken. If I escape this request in PHP and send back empty JSON, the session will be broken afterimportconfig/get-demo-data. If I do the same for importconfig/get-demo-data, the session remains fine and the data port can be opened.

In the ImportconfigController it happens directly by $demoItem = (array)$parser->current(); After that session will be broken.

[BlackbitDevs]

Thanks for notifying and analyzing. Problem is fixed in 3.6.26. Token / Firewall management changed a bit in Pimcore 11.