Bug: Exception When Navigating to a Sitecore Page in Page Editor Editing Mode While Logged Out

Vasiliy Fomichev

In Errors, Sitecore Fix Posted

It seemed as the bug spree was over with, but in my case the third time was not a charm. This next bug was found in Sitecore 7.2 rev 140526 and it is a very interesting one; although it is not a “show stopper”, it can potentially expose some information about your website, and, if you follow the Sitecore best practices and make extensive use of Edit Frames in your components, this issue can drive Content Editors bananas, if not fixed or properly handled.

It took me a while to discover the bug, as most of the time, as a developer I work logged into Sitecore nine times out of 10 as an admin. I have always been a huge proponent of Edit Frames, in fact it is impossible to make a complex website fully support Page Editor without them. Take a look at the Best Practices on using Edit Frames in your solution.

 

Sitecore Throws an Exception on a Page With Edit Frames While Logged Out

Recently I found the following  Sitecore Developer Chrome browser plugin that I find saves me some typing by having a few shortcuts, one of them being Edit Mode. What that feature does is simply append the sc_mode querystring to the current URL with the value set to edit (i.e. sc_mode=edit). Check out some of the other Sitecore querystring shortcuts. Last week I left one of my Sitecore pages open in Page Editor and went to get a quick bite to eat. After getting back I made some changes to one of the components on that page and refreshed the browser. Since I was gone for longer than the session timeout value, the CMS logged me out in the meantime. Unfortunately, upon the page refresh, instead of being redirected to the login, I was given the following exception:

 

buttonRoot isn't set for edit frame
Description: An unhandled exception occurred.
Exception Details: System.InvalidOperationException: buttonRoot isn't set for edit frame

Source Error:
Line 1:  @inherits Glass.Mapper.Sc.Web.Mvc.GlassView<ILink>
Line 2:  @using (BeginEditFrame("/sitecore/content/Applications/WebEdit/Edit Frame Buttons/Path/To/Buttons", Model.Path))
Line 3:  {
Line 4:      @RenderLink(x => x.GenericLink, isEditable: false)
Source File: c:\inetpub\wwwroot\sitecore\website\path\to\view.cshtml    Line: 2

Stack Trace:
[InvalidOperationException: buttonRoot isn't set for edit frame]
Sitecore.Diagnostics.Assert.IsNotNull(Object value, String message) +55
Sitecore.Pipelines.GetChromeData.GetEditFrameChromeData.Process(GetChromeDataArgs args) +487
(Object , Object[] ) +83
Sitecore.Pipelines.CorePipeline.Run(PipelineArgs args) +365
Sitecore.Pipelines.GetChromeData.GetChromeDataPipeline.Run(GetChromeDataArgs args) +312
Sitecore.Web.UI.WebControls.EditFrame.InitializeFromPipeline() +211
Sitecore.Web.UI.WebControls.EditFrame.ExpandParameters() +1260
Sitecore.Web.UI.WebControls.EditFrame.RenderFirstPart(HtmlTextWriter output) +58
Glass.Mapper.Sc.Web.Ui.GlassEditFrame.RenderFirstPart() +72
Glass.Mapper.Sc.Web.Mvc.GlassView`1.BeginEditFrame(String buttons, String dataSource) +119
ASP._Page_component_that_has_an_edit_frame_cshtml.Execute() in c:\inetpub\wwwroot\sitecore\website\path\to\view.cshtml:2
System.Web.WebPages.WebPageBase.ExecutePageHierarchy() +280
System.Web.Mvc.WebViewPage.ExecutePageHierarchy() +125
System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) +110
System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) +380
System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) +109
System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) +890
System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) +890
System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) +97
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +879
nbsp;

 

As you can see this solution was built using MVC with Sitecore Glass Mapper which has become a cornerstone of my Sitecore solutions. The exception also exposes your paths and naming conventions, which can serve as tools to a knowledgeable hacker, which is why it’s important to make sure to set custom errors to RemoteOnly or On in web.config.

Usually at this point a knee-jerk reaction would have been to go into the Core database and make sure that the Edit Frame buttons have been created in the referenced location. I knew they were, because I had just created them, but just as a sanity I made sure I didn’t mess up the path – I did not.

My second troubleshooting step was to remove the component referenced in the exception, which removed the error. After some more testing, I was able to isolate the problem to components with Edit Frames. What I also  noticed was that once I logged into Sitecore to check the buttons in the Core database, I could no longer reproduce the issue.

The exception is thrown when users try to navigate to a web page in the Editing mode of the Page Editor while not being logged into Sitecore. Real world scenarios may include refreshing the page in the Editing mode after being logged out, or switching to the Editing mode using a sc_mode=edit querystring. It seems as something is throwing off the redirect to the login and Sitecore tries using using the extranet\anonymous user to access the button root item and gets a null in return as this user does not have proper permissions to read it (remember, you have to be logged in to Sitecore and have proper authoring permissions to be able to edit).

 

How to Fix The Bug with Sitecore Throwing Exceptions in Page Editor While Logged Out

Once the issue was identified and the source – isolated, I contacted the Sitecore Support. They were very quick with a response, stating that they were able to reproduce the issue and were working on a workaround. Within 24 hours they got back with a path. For your convenience, I have created an archive of the Edit Frame Exception in Page Editor Fix archive that can be extracted directly into the Website root folder of your Sitecore instance.

After installing the patch, users will be properly redirected to the login page instead of seeing a nasty exception. Voila!

 

Hopefully, this post will save many hours of frustration or days of troubleshooting to others, so please share this article, as many developers will thank you. Also remember to comment on this article, especially if you were affected by the same bug and this fix worked for you; please mention the version and revision of Sitecore you experienced the same problem on. Finally, give back by blogging, tweeting, and posting on Sitecore forums about any bugs and fixes you find yourself!

5 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Suman Pandey
    April 10, 2016 at 10:37 am

    Thanks for reply Vasiliy!

    I have downloaded Edit Frame Exception in Page Editor Fix archive which is zip file. May i know how to installing the patch in my application?

    How it will sync with my application?

    Thanks,
    Suman Pandey

  • Vasiliy Fomichev
    March 10, 2016 at 8:10 pm

    Hi @disqus_Ooi0G6n1HL:disqus, feel free to reuse the fix in the archive as is 🙂

  • Suman Pandey
    February 26, 2016 at 10:33 pm

    Thanks for Article!

    I have a question.Can i use same (Edit Frame Exception in Page Editor Fix ) files in my sitecore application OR i have to contact sitecore support for my issue?
    I don’t know whether it is common for all application or not.

    Thanks,
    Suman

  • Vasiliy Fomichev
    September 24, 2014 at 9:51 am

    Hi Pascal, I am glad this article was of help! The ticket number was 420877. Cheers!

  • Pascal Mathys
    September 23, 2014 at 11:44 pm

    Thanks 1000 times! We had exactly the same issue. The error message itself was in our Sitecore solutions since Sitecore 6.4 with different root causes (According to Sitecore Support). I tought that this problem is one of them. But now it’s fixed.