From 29ae0b68fd08689906fc9c8ac5961b4c734da362 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Tue, 28 Jun 2022 17:18:18 +0100
Subject: [PATCH] Issue #3293077 by longwave: Enforce TrustedCallbackInterface
 in #date_date_callbacks

---
 .../Drupal/Core/Datetime/Element/Datelist.php  |  5 ++---
 .../Drupal/Core/Datetime/Element/Datetime.php  |  9 ++++-----
 .../Core/Datetime/DatelistElementFormTest.php  |  9 ++++-----
 .../Core/Datetime/DatetimeElementFormTest.php  | 18 ++++++++++--------
 4 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/core/lib/Drupal/Core/Datetime/Element/Datelist.php b/core/lib/Drupal/Core/Datetime/Element/Datelist.php
index 610c2d48dfe2..6ce98c13dee7 100644
--- a/core/lib/Drupal/Core/Datetime/Element/Datelist.php
+++ b/core/lib/Drupal/Core/Datetime/Element/Datelist.php
@@ -9,7 +9,6 @@
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Security\DoTrustedCallbackTrait;
 use Drupal\Core\Security\StaticTrustedCallbackHelper;
-use Drupal\Core\Security\TrustedCallbackInterface;
 
 /**
  * Provides a datelist element.
@@ -267,8 +266,8 @@ public static function processDatelist(&$element, FormStateInterface $form_state
     // Allows custom callbacks to alter the element.
     if (!empty($element['#date_date_callbacks'])) {
       foreach ($element['#date_date_callbacks'] as $callback) {
-        $message = sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
-        StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message, TrustedCallbackInterface::TRIGGER_SILENCED_DEPRECATION);
+        $message = sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
+        StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message);
       }
     }
 
diff --git a/core/lib/Drupal/Core/Datetime/Element/Datetime.php b/core/lib/Drupal/Core/Datetime/Element/Datetime.php
index 845fe259b45e..0a7bceb808c7 100644
--- a/core/lib/Drupal/Core/Datetime/Element/Datetime.php
+++ b/core/lib/Drupal/Core/Datetime/Element/Datetime.php
@@ -9,7 +9,6 @@
 use Drupal\Core\Datetime\Entity\DateFormat;
 use Drupal\Core\Security\DoTrustedCallbackTrait;
 use Drupal\Core\Security\StaticTrustedCallbackHelper;
-use Drupal\Core\Security\TrustedCallbackInterface;
 
 /**
  * Provides a datetime element.
@@ -273,8 +272,8 @@ public static function processDatetime(&$element, FormStateInterface $form_state
       // Allows custom callbacks to alter the element.
       if (!empty($element['#date_date_callbacks'])) {
         foreach ($element['#date_date_callbacks'] as $callback) {
-          $message = sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
-          StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message, TrustedCallbackInterface::TRIGGER_SILENCED_DEPRECATION);
+          $message = sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
+          StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message);
         }
       }
     }
@@ -304,8 +303,8 @@ public static function processDatetime(&$element, FormStateInterface $form_state
       // Allows custom callbacks to alter the element.
       if (!empty($element['#date_time_callbacks'])) {
         foreach ($element['#date_time_callbacks'] as $callback) {
-          $message = sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
-          StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message, TrustedCallbackInterface::TRIGGER_SILENCED_DEPRECATION);
+          $message = sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
+          StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message);
         }
       }
     }
diff --git a/core/tests/Drupal/KernelTests/Core/Datetime/DatelistElementFormTest.php b/core/tests/Drupal/KernelTests/Core/Datetime/DatelistElementFormTest.php
index 2b8eaa561f43..63db70745fc9 100644
--- a/core/tests/Drupal/KernelTests/Core/Datetime/DatelistElementFormTest.php
+++ b/core/tests/Drupal/KernelTests/Core/Datetime/DatelistElementFormTest.php
@@ -8,6 +8,7 @@
 use Drupal\Core\Form\FormState;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Security\TrustedCallbackInterface;
+use Drupal\Core\Security\UntrustedCallbackException;
 use Drupal\KernelTests\KernelTestBase;
 
 /**
@@ -116,16 +117,14 @@ public function testDatelistElement() {
   }
 
   /**
-   * Tests that deprecations are raised if untrusted callbacks are used.
+   * Tests that exceptions are raised if untrusted callbacks are used.
    *
    * @group legacy
    */
   public function testDatelistElementUntrustedCallbacks() : void {
+    $this->expectException(UntrustedCallbackException::class);
+    $this->expectExceptionMessage(sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datelistDateCallback'])));
     $form = \Drupal::formBuilder()->getForm($this, 'datelistDateCallback');
-    $this->expectDeprecation(sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datelistDateCallback'])));
-    $this->render($form);
-
-    $this->assertTrue($form['datelist_element']['datelistDateCallbackExecuted']['#value']);
   }
 
   /**
diff --git a/core/tests/Drupal/KernelTests/Core/Datetime/DatetimeElementFormTest.php b/core/tests/Drupal/KernelTests/Core/Datetime/DatetimeElementFormTest.php
index 524c57570158..3a474f3d8e89 100644
--- a/core/tests/Drupal/KernelTests/Core/Datetime/DatetimeElementFormTest.php
+++ b/core/tests/Drupal/KernelTests/Core/Datetime/DatetimeElementFormTest.php
@@ -8,6 +8,7 @@
 use Drupal\Core\Form\FormState;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Security\TrustedCallbackInterface;
+use Drupal\Core\Security\UntrustedCallbackException;
 use Drupal\KernelTests\KernelTestBase;
 
 /**
@@ -149,18 +150,19 @@ public function testDatetimeElement() {
    *   Name of the callback to use for the date-time date callback.
    * @param string $time_callback
    *   Name of the callback to use for the date-time time callback.
-   * @param string|null $expected_deprecation
-   *   The expected deprecation message if a deprecation should be raised, or
+   * @param string|null $expected_exception
+   *   The expected exception message if an exception should be thrown, or
    *   NULL if otherwise.
    *
    * @dataProvider providerUntrusted
    * @group legacy
    */
-  public function testDatetimeElementUntrustedCallbacks(string $date_callback = 'datetimeDateCallbackTrusted', string $time_callback = 'datetimeTimeCallbackTrusted', string $expected_deprecation = NULL) : void {
-    $form = \Drupal::formBuilder()->getForm($this, $date_callback, $time_callback);
-    if ($expected_deprecation) {
-      $this->expectDeprecation($expected_deprecation);
+  public function testDatetimeElementUntrustedCallbacks(string $date_callback = 'datetimeDateCallbackTrusted', string $time_callback = 'datetimeTimeCallbackTrusted', string $expected_exception = NULL) : void {
+    if ($expected_exception) {
+      $this->expectException(UntrustedCallbackException::class);
+      $this->expectExceptionMessage($expected_exception);
     }
+    $form = \Drupal::formBuilder()->getForm($this, $date_callback, $time_callback);
     $this->render($form);
 
     $this->assertTrue($form['datetime_element']['datetimeDateCallbackExecuted']['#value']);
@@ -178,12 +180,12 @@ public function providerUntrusted() : array {
       'untrusted date' => [
         'datetimeDateCallback',
         'datetimeTimeCallbackTrusted',
-        sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeDateCallback'])),
+        sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeDateCallback'])),
       ],
       'untrusted time' => [
         'datetimeDateCallbackTrusted',
         'datetimeTimeCallback',
-        sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeTimeCallback'])),
+        sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeTimeCallback'])),
       ],
     ];
   }
-- 
GitLab