Skip to content
Snippets Groups Projects
Commit 3fc5c8af authored by catch's avatar catch
Browse files

Issue #3293077 by longwave: Enforce TrustedCallbackInterface in #date_date_callbacks 

(cherry picked from commit 29ae0b68)
parent 3527513c
No related branches found
No related tags found
24 merge requests!8506Draft: Issue #3456536 by ibrahim tameme,!5646Issue #3350972 by nod_: [random test failure]...,!5600Issue #3350972 by nod_: [random test failure]...,!5343Issue #3305066 by quietone, Rename RedirectLeadingSlashesSubscriber,!4350Issue #3307718: Implement xxHash for non-cryptographic use-cases,!3603#ISSUE 3346218 Add a different message on edit comment,!3555Issue #2473873: Views entity operations lack cacheability support, resulting in incorrect dropbuttons,!3494Issue #3327018 by Spokje, longwave, xjm, mondrake: Update PHPStan to 1.9.3 and...,!3410Issue #3340128: UserLoginForm::submitForm has some dead code,!3389Issue #3325184 by Spokje, andypost, xjm, smustgrave: $this->configFactory is...,!3381Issue #3332363: Refactor Claro's menus-and-lists stylesheet,!3307Issue #3326193: CKEditor 5 can grow past the viewport when there is a lot of content,!3236Issue #3332419: Refactor Claro's messages stylesheet,!3231Draft: Issue #3049525 by longwave, fougere, larowlan, kim.pepper, AaronBauman, Wim...,!3212Issue #3294003: Refactor Claro's entity-meta stylesheet,!3194Issue #3330981: Fix PHPStan L1 error "Relying on entity queries to check access by default is deprecated...",!3143Issue #3313342: [PHP 8.1] Deprecated function: strpos(): Passing null to parameter #1 LayoutBuilderUiCacheContext.php on line 28,!3024Issue #3307509: Empty option for views bulk form,!2972Issue #1845004: Replace custom password hashing library with PHP 5.5 password_hash(),!2719Issue #3110137: Remove Classy from core.,!2688Issue #3261452: [PP-1] Remove tracker module from core,!2437Issue #3238257 by hooroomoo, Wim Leers: Fragment link pointing to <textarea>...,!2296Issue #3100732: Allow specifying `meta` data on JSON:API objects,!1626Issue #3256642: Make life better for database drivers that extend another database driver
Hide whitespace changes
Inline Side-by-side
core/lib/Drupal/Core/Datetime/Element/Datelist.php
+ 2
3
View file @ 3fc5c8af
......@@ -9,7 +9,6 @@
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Security\DoTrustedCallbackTrait;
use Drupal\Core\Security\StaticTrustedCallbackHelper;
use Drupal\Core\Security\TrustedCallbackInterface;
/**
* Provides a datelist element.
......@@ -267,8 +266,8 @@ public static function processDatelist(&$element, FormStateInterface $form_state
// Allows custom callbacks to alter the element.
if (!empty($element['#date_date_callbacks'])) {
foreach ($element['#date_date_callbacks'] as $callback) {
$message = sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message, TrustedCallbackInterface::TRIGGER_SILENCED_DEPRECATION);
$message = sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message);
}
}
......
core/lib/Drupal/Core/Datetime/Element/Datetime.php
+ 4
5
View file @ 3fc5c8af
......@@ -9,7 +9,6 @@
use Drupal\Core\Datetime\Entity\DateFormat;
use Drupal\Core\Security\DoTrustedCallbackTrait;
use Drupal\Core\Security\StaticTrustedCallbackHelper;
use Drupal\Core\Security\TrustedCallbackInterface;
/**
* Provides a datetime element.
......@@ -273,8 +272,8 @@ public static function processDatetime(&$element, FormStateInterface $form_state
// Allows custom callbacks to alter the element.
if (!empty($element['#date_date_callbacks'])) {
foreach ($element['#date_date_callbacks'] as $callback) {
$message = sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message, TrustedCallbackInterface::TRIGGER_SILENCED_DEPRECATION);
$message = sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message);
}
}
}
......@@ -304,8 +303,8 @@ public static function processDatetime(&$element, FormStateInterface $form_state
// Allows custom callbacks to alter the element.
if (!empty($element['#date_time_callbacks'])) {
foreach ($element['#date_time_callbacks'] as $callback) {
$message = sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message, TrustedCallbackInterface::TRIGGER_SILENCED_DEPRECATION);
$message = sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString($callback));
StaticTrustedCallbackHelper::callback($callback, [&$element, $form_state, $date], $message);
}
}
}
......
core/tests/Drupal/KernelTests/Core/Datetime/DatelistElementFormTest.php
+ 4
5
View file @ 3fc5c8af
......@@ -8,6 +8,7 @@
use Drupal\Core\Form\FormState;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Security\TrustedCallbackInterface;
use Drupal\Core\Security\UntrustedCallbackException;
use Drupal\KernelTests\KernelTestBase;
/**
......@@ -116,16 +117,14 @@ public function testDatelistElement() {
}
/**
* Tests that deprecations are raised if untrusted callbacks are used.
* Tests that exceptions are raised if untrusted callbacks are used.
*
* @group legacy
*/
public function testDatelistElementUntrustedCallbacks() : void {
$this->expectException(UntrustedCallbackException::class);
$this->expectExceptionMessage(sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datelistDateCallback'])));
$form = \Drupal::formBuilder()->getForm($this, 'datelistDateCallback');
$this->expectDeprecation(sprintf('Datelist element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datelistDateCallback'])));
$this->render($form);
$this->assertTrue($form['datelist_element']['datelistDateCallbackExecuted']['#value']);
}
/**
......
core/tests/Drupal/KernelTests/Core/Datetime/DatetimeElementFormTest.php
+ 10
8
View file @ 3fc5c8af
......@@ -8,6 +8,7 @@
use Drupal\Core\Form\FormState;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Security\TrustedCallbackInterface;
use Drupal\Core\Security\UntrustedCallbackException;
use Drupal\KernelTests\KernelTestBase;
/**
......@@ -149,18 +150,19 @@ public function testDatetimeElement() {
* Name of the callback to use for the date-time date callback.
* @param string $time_callback
* Name of the callback to use for the date-time time callback.
* @param string|null $expected_deprecation
* The expected deprecation message if a deprecation should be raised, or
* @param string|null $expected_exception
* The expected exception message if an exception should be thrown, or
* NULL if otherwise.
*
* @dataProvider providerUntrusted
* @group legacy
*/
public function testDatetimeElementUntrustedCallbacks(string $date_callback = 'datetimeDateCallbackTrusted', string $time_callback = 'datetimeTimeCallbackTrusted', string $expected_deprecation = NULL) : void {
$form = \Drupal::formBuilder()->getForm($this, $date_callback, $time_callback);
if ($expected_deprecation) {
$this->expectDeprecation($expected_deprecation);
public function testDatetimeElementUntrustedCallbacks(string $date_callback = 'datetimeDateCallbackTrusted', string $time_callback = 'datetimeTimeCallbackTrusted', string $expected_exception = NULL) : void {
if ($expected_exception) {
$this->expectException(UntrustedCallbackException::class);
$this->expectExceptionMessage($expected_exception);
}
$form = \Drupal::formBuilder()->getForm($this, $date_callback, $time_callback);
$this->render($form);
$this->assertTrue($form['datetime_element']['datetimeDateCallbackExecuted']['#value']);
......@@ -178,12 +180,12 @@ public function providerUntrusted() : array {
'untrusted date' => [
'datetimeDateCallback',
'datetimeTimeCallbackTrusted',
sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeDateCallback'])),
sprintf('DateTime element #date_date_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeDateCallback'])),
],
'untrusted time' => [
'datetimeDateCallbackTrusted',
'datetimeTimeCallback',
sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. Support for this callback implementation is deprecated in drupal:9.3.0 and will be removed in drupal:10.0.0. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeTimeCallback'])),
sprintf('DateTime element #date_time_callbacks callbacks must be methods of a class that implements \Drupal\Core\Security\TrustedCallbackInterface or be an anonymous function. The callback was %s. See https://www.drupal.org/node/3217966', Variable::callableToString([$this, 'datetimeTimeCallback'])),
],
];
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment