magento2 icon indicating copy to clipboard operation
magento2 copied to clipboard

Published 20 hours ago verified publisher icon magento

Fix DynamicStorage entity_type filtering to prevent CMS/product ID collision (#39996)

Open rbouma opened this issue 5 months ago • 2 comments

Description (*)

This pull request fixes a critical bug in DynamicStorage::findProductRewriteByRequestPath() where the method lacks proper entity_type filtering when querying URL rewrites.

Root Cause: The method extracts the last URL segment (e.g., privacy-policy-cookie-restriction-mode from /category/privacy-policy-cookie-restriction-mode) and queries the url_rewrite table without filtering by entity_type. This causes CMS page URL rewrites to be incorrectly treated as product URL rewrites.

The Problem: When a CMS page and product have coincidental matching entity IDs, and the product exists in the target category, malformed URLs like /category/cms-page-identifier incorrectly resolve to /cms/page/view/page_id/X/category/Y instead of returning a 404.

The Fix: Added $data[UrlRewrite::ENTITY_TYPE] = 'product'; before the database query to ensure only product URL rewrites are processed by this method.

Related Pull Requests

Fixed Issues (if relevant)

  1. Fixes magento/magento2#39996

Manual testing scenarios (*)

  1. Setup Prerequisites:

    • Create a category with URL key test-category (note the category entity_id, e.g., ID=48)
    • Create a CMS page with identifier test-cms-page (note the CMS page entity_id, e.g., ID=4)
    • Create a product with entity_id=4 (matching the CMS page ID) and assign it to the test-category
    • Run bin/magento indexer:reindex && bin/magento cache:flush

  2. Test the Bug (Before Fix):

    • Navigate to /test-category/test-cms-page
    • Expected: HTTP 404 (malformed URL)
    • Actual (before fix): HTTP 200 with CMS page content

  3. Test the Fix (After Fix):

    • Apply the patch
    • Clear cache: bin/magento cache:flush
    • Navigate to /test-category/test-cms-page
    • Expected: HTTP 404 (correct behavior)
    • Actual (after fix): HTTP 404 ✅

  4. Verify Normal Product URLs Still Work:

    • Navigate to valid product URLs like /test-category/actual-product-url
    • Expected: Product page loads correctly
    • Result: Should work normally ✅

  5. Verify CMS Pages Still Work:

    • Navigate to /test-cms-page (direct CMS page URL)
    • Expected: CMS page loads correctly
    • Result: Should work normally ✅

Questions or comments

This is a minimal, surgical fix that addresses the root cause without affecting any other functionality. The change only adds proper entity_type filtering where it was missing, ensuring DynamicStorage only processes actual product URL rewrites as intended.

The fix has been tested extensively and resolves the issue while maintaining backward compatibility for all legitimate URL patterns.

Contribution checklist (*)

  • [x] Pull request has a meaningful description of its purpose
  • [x] All commits are accompanied by meaningful commit messages
  • [ ] All new or changed code is covered with unit/integration tests (if applicable)
  • [ ] README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • [ ] All automated tests passed successfully (all builds are green)

rbouma avatar Jun 13 '25 21:06 rbouma

Hi @rbouma. Thank you for your contribution! Here are some useful tips on how you can test your changes using Magento test environment. :exclamation: Automated tests can be triggered manually with an appropriate comment:

  • @magento run all tests - run or re-run all required tests against the PR changes
  • @magento run <test-build(s)> - run or re-run specific test build(s) For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:
  1. Database Compare
  2. Functional Tests CE
  3. Functional Tests EE
  4. Functional Tests B2B
  5. Integration Tests
  6. Magento Health Index
  7. Sample Data Tests CE
  8. Sample Data Tests EE
  9. Sample Data Tests B2B
  10. Static Tests
  11. Unit Tests
  12. WebAPI Tests
  13. Semantic Version Checker

You can find more information about the builds here :information_source: Run only required test builds during development. Run all test builds before sending your pull request for review.

For more details, review the Code Contributions documentation. Join Magento Community Engineering Slack and ask your questions in #github channel.

m2-assistant[bot] avatar Jun 13 '25 21:06 m2-assistant[bot]

@magento run all tests

rbouma avatar Jun 13 '25 21:06 rbouma