Verified Commit c6b4d6c3 authored by Dave Long's avatar Dave Long
Browse files

SA-CORE-2024-004 by zengenuity, cilefen, kristiaanvandeneynde, mcdruid, larowlan

parent 7f99ea2f
Loading
Loading
Loading
Loading
+10 −0
Original line number Diff line number Diff line
@@ -17,6 +17,16 @@ class UniqueFieldConstraint extends SymfonyConstraint {

  public $message = 'A @entity_type with @field_name %value already exists.';

  /**
   * This constraint is case-insensitive by default.
   *
   * For example "FOO" and "foo" would be considered as equivalent, and
   * validation of the constraint would fail.
   *
   * @var bool
   */
  public $caseSensitive = FALSE;

  /**
   * Returns the name of the class that validates this constraint.
   *
+12 −1
Original line number Diff line number Diff line
@@ -64,12 +64,23 @@ public function validate($items, Constraint $constraint) {
      ->getStorage($entity_type_id)
      ->getAggregateQuery()
      ->accessCheck(FALSE)
      ->condition($field_name, $item_values, 'IN')
      ->groupBy("$field_name.$property_name");
    if (!$is_new) {
      $entity_id = $entity->id();
      $query->condition($id_key, $entity_id, '<>');
    }

    if ($constraint->caseSensitive) {
      $query->condition($field_name, $item_values, 'IN');
    }
    else {
      $or_group = $query->orConditionGroup();
      foreach ($item_values as $item_value) {
        $or_group->condition($field_name, \Drupal::database()->escapeLike($item_value), 'LIKE');
      }
      $query->condition($or_group);
    }

    $results = $query->execute();

    if (!empty($results)) {
+15 −4
Original line number Diff line number Diff line
@@ -4,7 +4,8 @@

use Drupal\Core\StringTranslation\TranslatableMarkup;
use Drupal\Core\Validation\Attribute\Constraint;
use Symfony\Component\Validator\Constraint as SymfonyConstraint;
use Drupal\Core\Validation\Plugin\Validation\Constraint\UniqueFieldConstraint;
use Drupal\Core\Validation\Plugin\Validation\Constraint\UniqueFieldValueValidator;

/**
 * Supports validating file URIs.
@@ -13,15 +14,25 @@
  id: 'FileUriUnique',
  label: new TranslatableMarkup('File URI', [], ['context' => 'Validation'])
)]
class FileUriUnique extends SymfonyConstraint {
class FileUriUnique extends UniqueFieldConstraint {

  public $message = 'The file %value already exists. Enter a unique file URI.';

  /**
   * This constraint is case-sensitive.
   *
   * For example "public://foo.txt" and "public://FOO.txt" are treated as
   * different values, and can co-exist.
   *
   * @var bool
   */
  public $caseSensitive = TRUE;

  /**
   * {@inheritdoc}
   */
  public function validatedBy() {
    return '\Drupal\Core\Validation\Plugin\Validation\Constraint\UniqueFieldValueValidator';
  public function validatedBy(): string {
    return UniqueFieldValueValidator::class;
  }

}
+25 −9
Original line number Diff line number Diff line
@@ -100,6 +100,7 @@ function user_requirements($phase): array {
  if ($phase !== 'runtime') {
    return [];
  }
  $return = [];

  $result = (bool) \Drupal::entityQuery('user')
    ->accessCheck(FALSE)
@@ -108,17 +109,32 @@ function user_requirements($phase): array {
    ->execute();

  if ($result === FALSE) {
    return [
      'anonymous user' => [
    $return['anonymous user'] = [
      'title' => t('Anonymous user'),
      'description' => t('The anonymous user does not exist. See the <a href=":url">restore the anonymous (user ID 0) user record</a> for more information', [
        ':url' => 'https://www.drupal.org/node/1029506',
      ]),
      'severity' => REQUIREMENT_WARNING,
      ],
    ];
  }
  return [];

  $query = \Drupal::database()->select('users_field_data');
  $query->addExpression('LOWER(mail)', 'lower_mail');
  $query->groupBy('lower_mail');
  $query->having('COUNT(uid) > :matches', [':matches' => 1]);
  $conflicts = $query->countQuery()->execute()->fetchField();

  if ($conflicts > 0) {
    $return['conflicting emails'] = [
      'title' => t('Conflicting user emails'),
      'description' => t('Some user accounts have email addresses that differ only by case. For example, one account might have alice@example.com and another might have Alice@Example.com. See <a href=":url">Conflicting User Emails</a> for more information.', [
        ':url' => 'https://www.drupal.org/node/3486109',
      ]),
      'severity' => REQUIREMENT_WARNING,
    ];
  }

  return $return;
}

/**