Skip to content
Snippets Groups Projects
Verified Commit a154fe87 authored by quietone's avatar quietone
Browse files

Issue #2944421 by sathish.redcrackle, ressa, Lendude, ankithashetty,... 

Issue #2944421 by sathish.redcrackle, ressa, Lendude, ankithashetty, udayraj123, smustgrave, DuaelFr, JeroenT, alexpott: Double exposed filter field when trying to use "q" as identifier
parent 58ce7d4e
No related branches found
No related tags found
44 merge requests!12227Issue #3181946 by jonmcl, mglaman,!54479.5.x SF update,!5014Issue #3071143: Table Render Array Example Is Incorrect,!4868Issue #1428520: Improve menu parent link selection,!3878Removed unused condition head title for views,!38582585169-10.1.x,!3818Issue #2140179: $entity->original gets stale between updates,!3742Issue #3328429: Create item list field formatter for displaying ordered and unordered lists,!3731Claro: role=button on status report items,!3668Resolve #3347842 "Deprecate the trusted",!3651Issue #3347736: Create new SDC component for Olivero (header-search),!3546refactored dialog.pcss file,!3531Issue #3336994: StringFormatter always displays links to entity even if the user in context does not have access,!3502Issue #3335308: Confusing behavior with FormState::setFormState and FormState::setMethod,!3478Issue #3337882: Deleted menus are not removed from content type config,!3452Issue #3332701: Refactor Claro's tablesort-indicator stylesheet,!3451Issue #2410579: Allows setting the current language programmatically.,!3355Issue #3209129: Scrolling problems when adding a block via layout builder,!3226Issue #2987537: Custom menu link entity type should not declare "bundle" entity key,!3154Fixes #2987987 - CSRF token validation broken on routes with optional parameters.,!3147Issue #3328457: Replace most substr($a, $i) where $i is negative with str_ends_with(),!3146Issue #3328456: Replace substr($a, 0, $i) with str_starts_with(),!3133core/modules/system/css/components/hidden.module.css,!31312878513-10.1.x,!2964Issue #2865710 : Dependencies from only one instance of a widget are used in display modes,!2812Issue #3312049: [Followup] Fix Drupal.Commenting.FunctionComment.MissingReturnType returns for NULL,!2614Issue #2981326: Replace non-test usages of \Drupal::logger() with IoC injection,!2378Issue #2875033: Optimize joins and table selection in SQL entity query implementation,!2334Issue #3228209: Add hasRole() method to AccountInterface,!2062Issue #3246454: Add weekly granularity to views date sort,!1591Issue #3199697: Add JSON:API Translation experimental module,!1255Issue #3238922: Refactor (if feasible) uses of the jQuery serialize function to use vanillaJS,!1105Issue #3025039: New non translatable field on translatable content throws error,!1073issue #3191727: Focus states on mobile second level navigation items fixed,!10223132456: Fix issue where views instances are emptied before an ajax request is complete,!877Issue #2708101: Default value for link text is not saved,!844Resolve #3036010 "Updaters",!673Issue #3214208: FinishResponseSubscriber could create duplicate headers,!617Issue #3043725: Provide a Entity Handler for user cancelation,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493,!485Sets the autocomplete attribute for username/password input field on login form.,!30Issue #3182188: Updates composer usage to point at ./vendor/bin/composer
Hide whitespace changes
Inline Side-by-side
core/modules/views/src/Plugin/views/filter/FilterPluginBase.php
+ 24
4
View file @ a154fe87
......@@ -46,6 +46,23 @@
*/
abstract class FilterPluginBase extends HandlerBase implements CacheableDependencyInterface {
/**
* A list of restricted identifiers.
*
* This list contains strings that could cause clashes with other site
* operations when used as a filter identifier.
*
* @var array
*/
const RESTRICTED_IDENTIFIERS = [
'value',
'q',
'destination',
'_format',
'_wrapper_format',
'token',
];
/**
* The value.
*
......@@ -660,7 +677,8 @@ public function buildExposeForm(&$form, FormStateInterface $form_state) {
'#default_value' => $this->options['expose']['identifier'],
'#title' => $this->t('Filter identifier'),
'#size' => 40,
'#description' => $this->t('This will appear in the URL after the ? to identify this filter. Cannot be blank. Only letters, digits and the dot ("."), hyphen ("-"), underscore ("_"), and tilde ("~") characters are allowed.'),
'#description' => $this->t('This will appear in the URL after the ? to identify this filter. Cannot be blank. Only letters, digits and the dot ("."), hyphen ("-"), underscore ("_"), and tilde ("~") characters are allowed. @reserved_identifiers are reserved words and cannot be used.',
['@reserved_identifiers' => '"' . implode('", "', self::RESTRICTED_IDENTIFIERS) . '"']),
];
}
......@@ -771,7 +789,7 @@ protected function validateIdentifier($identifier, FormStateInterface $form_stat
if (empty($identifier)) {
$error = $this->t('The identifier is required if the filter is exposed.');
}
elseif ($identifier == 'value') {
elseif (in_array($identifier, self::RESTRICTED_IDENTIFIERS)) {
$error = $this->t('This identifier is not allowed.');
}
elseif (preg_match('/[^a-zA-Z0-9_~\.\-]+/', $identifier)) {
......@@ -1029,7 +1047,8 @@ protected function buildExposedFiltersGroupForm(&$form, FormStateInterface $form
'#default_value' => $identifier,
'#title' => $this->t('Filter identifier'),
'#size' => 40,
'#description' => $this->t('This will appear in the URL after the ? to identify this filter. Cannot be blank. Only letters, digits and the dot ("."), hyphen ("-"), underscore ("_"), and tilde ("~") characters are allowed.'),
'#description' => $this->t('This will appear in the URL after the ? to identify this filter. Cannot be blank. Only letters, digits and the dot ("."), hyphen ("-"), underscore ("_"), and tilde ("~") characters are allowed. @reserved_identifiers are reserved words and cannot be used.',
['@reserved_identifiers' => '"' . implode('", "', self::RESTRICTED_IDENTIFIERS) . '"']),
];
$form['group_info']['label'] = [
'#type' => 'textfield',
......@@ -1083,7 +1102,8 @@ protected function buildExposedFiltersGroupForm(&$form, FormStateInterface $form
'#default_value' => $identifier,
'#title' => $this->t('Filter identifier'),
'#size' => 40,
'#description' => $this->t('This will appear in the URL after the ? to identify this filter. Cannot be blank. Only letters, digits and the dot ("."), hyphen ("-"), underscore ("_"), and tilde ("~") characters are allowed.'),
'#description' => $this->t('This will appear in the URL after the ? to identify this filter. Cannot be blank. Only letters, digits and the dot ("."), hyphen ("-"), underscore ("_"), and tilde ("~") characters are allowed. @reserved_identifiers are reserved words and cannot be used.',
['@reserved_identifiers' => '"' . implode('", "', self::RESTRICTED_IDENTIFIERS) . '"']),
];
$form['group_info']['label'] = [
'#type' => 'textfield',
......
core/modules/views/tests/src/Functional/Plugin/ExposedFormTest.php
+ 32
0
View file @ a154fe87
......@@ -9,6 +9,7 @@
use Drupal\views\ViewExecutable;
use Drupal\views\Views;
use Drupal\views\Entity\View;
use Drupal\views\Plugin\views\filter\FilterPluginBase;
/**
* Tests exposed forms functionality.
......@@ -161,6 +162,37 @@ public function testExposedIdentifier() {
'page_1' => ['This identifier has illegal characters.'],
];
$this->assertEquals($expected, $errors);
foreach (FilterPluginBase::RESTRICTED_IDENTIFIERS as $restricted_identifier) {
$view = Views::getView('test_exposed_form_buttons');
$view->setDisplay();
$view->displayHandlers->get('default')->overrideOption('filters', [
'type' => [
'exposed' => TRUE,
'field' => 'type',
'id' => 'type',
'table' => 'node_field_data',
'plugin_id' => 'in_operator',
'entity_type' => 'node',
'entity_field' => 'type',
'expose' => [
'identifier' => $restricted_identifier,
'label' => 'Content: Type',
'operator_id' => 'type_op',
'reduce' => FALSE,
'description' => 'Exposed overridden description',
],
],
]);
$this->executeView($view);
$errors = $view->validate();
$expected = [
'default' => ['This identifier is not allowed.'],
'page_1' => ['This identifier is not allowed.'],
];
$this->assertEquals($expected, $errors);
}
}
/**
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment