SKU allows characters that are invalid for Varnish ESI loading #7513
Description
Preconditions
- Magento version 2.1.2 CE / EE
- PHP 5.6
- MySQL 5.7
Steps to reproduce
- Configure Magento to use Varnish for the full page cache
- Create a product with an apostrophe in the SKU
- Browse to the product on the front-end
Expected result
- Page loads without any problems
Actual result
- Result will depend on your level of error reporting. (Either there will be blank areas on the page where specific pieces of content being loaded via ESI should appear, with the PHP warning written to the error log, or the PHP warning will be output directly on the page:
Warning: SimpleXMLElement::xpath(): Invalid predicate in /server/sites/strancommerce.dev/vendor/magento/framework/View/Model/Layout/Merge.php on line 523
Cause
The apostrophe in the SKU is also included in the resulting layout update handle. When using Varnish, blocks being loaded via ESI result in requests like the following being issued from Varnish to the web server:
In \Magento\Framework\View\Model\Layout\Merge::_fetchPackageLayoutUpdates, the update handle containing the SKU is passed straight to an xpath expression, where the special character results in the error.
If special characters like apostrophes are considered valid in a SKU, the ESI/layout processing should be modified accordingly to avoid the error. If they are not considered valid, sanitation should be done on SKUs to remove them when saving a product.
The same issue described here, but ticket has been closed due to missing information: #5032
The same issue has been resolved in the Pull Request #874 but seems like it has never been merged into Core.
Hope you can include the fix into upcoming release (2.1.3)