Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
D
drupal
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Custom Issue Tracker
Custom Issue Tracker
Labels
Merge Requests
310
Merge Requests
310
Requirements
Requirements
List
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Analytics
Analytics
Code Review
Insights
Issue
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
project
drupal
Commits
55845022
Commit
55845022
authored
Apr 19, 2017
by
xjm
Browse files
Options
Browse Files
Download
Plain Diff
Back to dev.
parents
52e19481
75fde1e4
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
17 additions
and
0 deletions
+17
-0
core/CHANGELOG.txt
core/CHANGELOG.txt
+4
-0
core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
+13
-0
No files found.
core/CHANGELOG.txt
View file @
55845022
Drupal 8.2.8, 2017-04-19
------------------------
- Fixed security issues. See SA-CORE-2017-002.
Drupal 8.2.7, 2017-03-15
------------------------
- Fixed security issues. See SA-CORE-2017-001.
...
...
core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
View file @
55845022
...
...
@@ -303,6 +303,19 @@ public function fieldAccess($operation, FieldDefinitionInterface $field_definiti
// Get the default access restriction that lives within this field.
$default
=
$items
?
$items
->
defaultAccess
(
$operation
,
$account
)
:
AccessResult
::
allowed
();
// Explicitly disallow changing the entity ID and entity UUID.
if
(
$operation
===
'edit'
)
{
if
(
$field_definition
->
getName
()
===
$this
->
entityType
->
getKey
(
'id'
))
{
return
$return_as_object
?
AccessResult
::
forbidden
(
'The entity ID cannot be changed'
)
:
FALSE
;
}
elseif
(
$field_definition
->
getName
()
===
$this
->
entityType
->
getKey
(
'uuid'
))
{
// UUIDs can be set when creating an entity.
if
(
$items
&&
(
$entity
=
$items
->
getEntity
())
&&
!
$entity
->
isNew
())
{
return
$return_as_object
?
AccessResult
::
forbidden
(
'The entity UUID cannot be changed'
)
->
addCacheableDependency
(
$entity
)
:
FALSE
;
}
}
}
// Get the default access restriction as specified by the access control
// handler.
$entity_default
=
$this
->
checkFieldAccess
(
$operation
,
$field_definition
,
$account
,
$items
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment