Skip to content
Snippets Groups Projects
Commit 60c37b27 authored by catch's avatar catch
Browse files

Issue #3264050 by neclimdul, andypost: Fuzzed tag values to... 

Issue #3264050 by neclimdul, andypost: Fuzzed tag values to EntityAutocompleteController::handleAutocomplete can cause deprecation warning

(cherry picked from commit 3ddc2e03)
parent d901d684
No related branches found
No related tags found
55 merge requests!10107Issue #2797141 by Driskell, daffie, andypost, Charlie ChX Negyesi,...,!10082Issue #3267754 by lauriii: AjaxTest is failing,!9277Issue #3262500 by catch, andypost: Mark drupal_find_theme_functions() @internal in Drupal 9,!85673265330-fix-missing-hyphens: Create patch to MR and fix remaining words,!8394[warning] array_flip(): Can only flip STRING and INTEGER values, when saving a non-revisionable custom content entity,!8357Issue #2994000 by Lendude, Pasqualle, quietone, pameeela: Notice in logs when...,!7780issue 3443822: fix for 'No route found for the specified format html. Supported formats: json, xml.',!7416Simplify the HTML of field.html.twig,!7150Revert "Issue #3137119 by munish.kumar, johnwebdev, Jaypan, jungle, xjm,...,!6445Issue #3034692: Renamed the getHandler function which return the configuration of a handler instance on given display,!5013Issue #3071143: Table Render Array Example Is Incorrect,!4848Issue #1566662: Update module should send notifications on Thursdays,!4792Issue #2230689: Remove redundant "Italic" style,!4782Issue #2662898: "Links" field not displaying on custom view modes,!4488Issue #3376281: Random machine names no longer need to be wrapped in strtolower(),!4220Issue #3368223: Link field > Access to internal links is not checked on display.,!4173Issue #2123543: Add string context and location filters to the translate interface,!3884Issue #3356842,!3870Issue #3087868,!3812Draft: Issue #3339373 by alexpott, andypost, mondrake:...,!3736Issue #3294005: Refactor Claro's form--password-confirm stylesheet,!3686Issue #3219967 against 9.5.x,!3683Issue #2939397: Clearing AliasManager cache with root path raises warning,!3543Issue #3344259: Allow ajax dialog to have focus configurable,!3437Issue #3106205: Length of menu_tree.url and menu_tree.route_param_key are too short (255 characters),!3356Issue #3209129: Scrolling problems when adding a block via layout builder,!3000Issue #793660: Check for failure of hook_install,!2982Issue #3301562: Translate the default settings for this plugin (TimestampAgoFormatter),!2940Issue #3320240: Entity count query returns a string instead of int,!2921Issue #1383696: Allow a custom HTML element to be selected for a grouping field,!2920Issue #3260175: Saving media entity without an owner crashes,!2857Issue #3314541: Remove unnecessary fill from SVG icon for the "Media Library" CKEditor 5 button — enabling dark mode support in contrib,!2841Resolve #3296811 "Resourceresponsetrait needs a",!2733Issue #3293855: Update the outdated user_help text for user.admin_permissions and the description of the select box on the role settings page,!2447Issue #3293135: shouldUpdateThumbnail does not update thumbnail is source field changed,!2280Issue #3280415: Metapackage Generator Breaks Under Composer --no-dev,!2205Quote all names in the regions section.,!2050Issue #3272969: Remove UnqiueField constraint.,!1956Issue #3268872: hook_views_invalidate_cache not called when a view is deleted,!1935Issue #3114887: Error responses are stored when using the Download migration process,!1896Issue #2940605: Can only intentionally re-render an entity with references 20 times,!1627Issue #3082958: Add gitignore(s) to composer-ready project templates,!1459Issue #3087632: menu_name max length is too long,!1428Issue #2576927: Grouped exposed filters fails validation for autocomplete widget,!1283Issue #2922435: "Add new comment" and "@count comments" links are not following accessibility good practices,!1213Issue #3236497: Allow other modules to opt out of security release message from update_page_top,!1014Issue #3226806: Move filter implementations from filter.module to plugin classes,!939Issue #2971209: Allow the MediaLibraryUiBuilder service to use an alternative view display,!878Issue #3221534: throw an exception when IDs passed to loadMultiple() are badly formed,!866Issue #2845319: The highlighting of the 'Home' menu-link does not respect query strings and fragment identifiers,!8293023322 - Contextual Links Style Update,!695Issue #2817657: Add methods to assert that a sequence of strings appears on the page in a given order,!449Issue #2784233: Allow multiple vocabularies in the taxonomy filter,!204Issue #3040556: It is not possible to react to an entity being duplicated,!88Issue #3163299: Ajax exposed filters not working for multiple instances of the same Views block placed on one page
Hide whitespace changes
Inline Side-by-side
core/modules/system/src/Controller/EntityAutocompleteController.php
+ 20
18
View file @ 60c37b27
...@@ -79,27 +79,29 @@ public function handleAutocomplete(Request $request, $target_type, $selection_ha ...@@ -79,27 +79,29 @@ public function handleAutocomplete(Request $request, $target_type, $selection_ha
$matches = []; $matches = [];
// Get the typed string from the URL, if it exists. // Get the typed string from the URL, if it exists.
if ($input = $request->query->get('q')) { if ($input = $request->query->get('q')) {
$typed_string = Tags::explode($input); $tag_list = Tags::explode($input);
$typed_string = mb_strtolower(array_pop($typed_string)); if (!empty($tag_list)) {
$typed_string = mb_strtolower(array_pop($tag_list));
// Selection settings are passed in as a hashed key of a serialized array // Selection settings are passed in as a hashed key of a serialized array
// stored in the key/value store. // stored in the key/value store.
$selection_settings = $this->keyValue->get($selection_settings_key, FALSE); $selection_settings = $this->keyValue->get($selection_settings_key, FALSE);
if ($selection_settings !== FALSE) { if ($selection_settings !== FALSE) {
$selection_settings_hash = Crypt::hmacBase64(serialize($selection_settings) . $target_type . $selection_handler, Settings::getHashSalt()); $selection_settings_hash = Crypt::hmacBase64(serialize($selection_settings) . $target_type . $selection_handler, Settings::getHashSalt());
if (!hash_equals($selection_settings_hash, $selection_settings_key)) { if (!hash_equals($selection_settings_hash, $selection_settings_key)) {
// Disallow access when the selection settings hash does not match the // Disallow access when the selection settings hash does not match the
// passed-in key. // passed-in key.
throw new AccessDeniedHttpException('Invalid selection settings key.'); throw new AccessDeniedHttpException('Invalid selection settings key.');
}
}
else {
// Disallow access when the selection settings key is not found in the
// key/value store.
throw new AccessDeniedHttpException();
} }
}
else {
// Disallow access when the selection settings key is not found in the
// key/value store.
throw new AccessDeniedHttpException();
}
$matches = $this->matcher->getMatches($target_type, $selection_handler, $selection_settings, $typed_string); $matches = $this->matcher->getMatches($target_type, $selection_handler, $selection_settings, $typed_string);
}
} }
return new JsonResponse($matches); return new JsonResponse($matches);
......
core/tests/Drupal/KernelTests/Core/Entity/EntityAutocompleteTest.php
+ 4
0
View file @ 60c37b27
...@@ -88,6 +88,10 @@ public function testEntityReferenceAutocompletion() { ...@@ -88,6 +88,10 @@ public function testEntityReferenceAutocompletion() {
'label' => Html::escape($entity_3->name->value), 'label' => Html::escape($entity_3->name->value),
]; ];
$this->assertSame($target, reset($data), 'Autocomplete returns an entity label containing a comma and a slash.'); $this->assertSame($target, reset($data), 'Autocomplete returns an entity label containing a comma and a slash.');
$input = '"l!J>&Tw';
$data = $this->getAutocompleteResult($input);
$this->assertSame([], $data, 'Autocomplete of invalid string returns empty result');
} }
/** /**
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment