Commit f0ea8767 authored by gbyte.co's avatar gbyte.co

Remove access checks from custom link generator and form

parent fb1c15b1
......@@ -34,9 +34,7 @@ function simple_sitemap_help($route_name, RouteMatchInterface $route_match) {
*/
function simple_sitemap_form_alter(&$form, FormStateInterface $form_state, $form_id) {
/**
* @var Drupal\simple_sitemap\Form\FormHelper $f
*/
/** @var Drupal\simple_sitemap\Form\FormHelper $f */
$f = \Drupal::service('simple_sitemap.form_helper');
if (!$f->processForm($form_state)) {
return;
......@@ -88,9 +86,7 @@ function simple_sitemap_form_alter(&$form, FormStateInterface $form_state, $form
*/
function simple_sitemap_entity_form_submit($form, FormStateInterface &$form_state) {
/**
* @var Drupal\simple_sitemap\Form\FormHelper $f
*/
/** @var Drupal\simple_sitemap\Form\FormHelper $f */
$f = \Drupal::service('simple_sitemap.form_helper');
if (!$f->processForm($form_state)) {
return;
......@@ -104,9 +100,7 @@ function simple_sitemap_entity_form_submit($form, FormStateInterface &$form_stat
// Only make changes in DB if sitemap settings actually changed.
if ($f->valuesChanged($form, $values)) {
/**
* @var \Drupal\simple_sitemap\Simplesitemap $generator
*/
/** @var \Drupal\simple_sitemap\Simplesitemap $generator */
$generator = \Drupal::service('simple_sitemap.generator');
$settings = [
......@@ -147,9 +141,7 @@ function simple_sitemap_entity_form_submit($form, FormStateInterface &$form_stat
*/
function simple_sitemap_cron() {
/**
* @var \Drupal\simple_sitemap\Simplesitemap $generator
*/
/** @var \Drupal\simple_sitemap\Simplesitemap $generator */
$generator = \Drupal::service('simple_sitemap.generator');
if ($generator->getSetting('cron_generate')) {
$interval = (int) $generator->getSetting('cron_generate_interval', 0) * 60 * 60;
......@@ -168,9 +160,7 @@ function simple_sitemap_cron() {
*/
function simple_sitemap_configurable_language_delete(ConfigurableLanguageInterface $language) {
/**
* @var \Drupal\simple_sitemap\Simplesitemap $generator
*/
/** @var \Drupal\simple_sitemap\Simplesitemap $generator */
$generator = \Drupal::service('simple_sitemap.generator');
$excluded_languages = $generator->getSetting('excluded_languages');
if (isset($excluded_languages[$language->id()])) {
......@@ -188,9 +178,7 @@ function simple_sitemap_configurable_language_delete(ConfigurableLanguageInterfa
*/
function simple_sitemap_entity_delete(EntityInterface $entity) {
/**
* @var \Drupal\simple_sitemap\Simplesitemap $generator
*/
/** @var \Drupal\simple_sitemap\Simplesitemap $generator */
$generator = \Drupal::service('simple_sitemap.generator');
$generator->removeEntityInstanceSettings(
$entity->getEntityTypeId(), $entity->id()
......@@ -230,12 +218,10 @@ function simple_sitemap_menu_delete(MenuInterface $menu) {
*/
function simple_sitemap_delete_bundle_config($entity_type_id, $bundle) {
/**
* @var \Drupal\simple_sitemap\Simplesitemap $generator
*/
/** @var \Drupal\simple_sitemap\Simplesitemap $generator */
$generator = \Drupal::service('simple_sitemap.generator');
$deleted_bundle_settings = $generator->getBundleSettings($entity_type_id, $bundle);
if ($deleted_bundle_settings !== FALSE) {
if (!empty($deleted_bundle_settings['index'])) {
// Delete bundle settings.
\Drupal::service('config.factory')->getEditable("simple_sitemap.bundle_settings.$entity_type_id.$bundle")->delete();
......
......@@ -63,8 +63,7 @@ class SimplesitemapCustomLinksForm extends SimplesitemapFormBase {
];
// Checking if internal path exists.
if (!$this->pathValidator->isValid($link_config['path'])
// if (!$this->pathValidator->getUrlIfValidWithoutAccessCheck($link_config['path']) //todo
if (!(bool) $this->pathValidator->getUrlIfValidWithoutAccessCheck($link_config['path'])
// Path validator does not see a double slash as an error. Catching this to prevent breaking path generation.
|| strpos($link_config['path'], '//') !== FALSE) {
$form_state->setErrorByName('', $this->t('<strong>Line @line</strong>: The path <em>@path</em> does not exist.', $placeholders));
......
......@@ -28,7 +28,7 @@ use Symfony\Component\DependencyInjection\ContainerInterface;
*/
class CustomUrlGenerator extends UrlGeneratorBase {
const PATH_DOES_NOT_EXIST_OR_NO_ACCESS_MESSAGE = 'The custom path @path has been omitted from the XML sitemaps as it either does not exist, or it is not accessible to anonymous users. You can review custom paths <a href="@custom_paths_url">here</a>.';
const PATH_DOES_NOT_EXIST_MESSAGE = 'The custom path @path has been omitted from the XML sitemaps as it does not exist. You can review custom paths <a href="@custom_paths_url">here</a>.';
/**
......@@ -110,49 +110,46 @@ class CustomUrlGenerator extends UrlGeneratorBase {
* @inheritdoc
*/
protected function processDataSet($data_set) {
// todo: Change to different function, as this also checks if current user has access. The user however varies depending if process was started from the web interface or via cron/drush. Use getUrlIfValidWithoutAccessCheck()?
if (!$this->pathValidator->isValid($data_set['path'])) {
// if (!(bool) $this->pathValidator->getUrlIfValidWithoutAccessCheck($data['path'])) {
$this->logger->m(self::PATH_DOES_NOT_EXIST_OR_NO_ACCESS_MESSAGE,
['@path' => $data_set['path'], '@custom_paths_url' => $GLOBALS['base_url'] . '/admin/config/search/simplesitemap/custom'])
->display('warning', 'administer sitemap settings')
->log('warning');
return FALSE;
}
$url_object = Url::fromUserInput($data_set['path'], ['absolute' => TRUE]);
$path = $url_object->getInternalPath();
if ($this->settings['remove_duplicates'] && $this->pathProcessed($path)) {
return FALSE;
}
$entity = $this->entityHelper->getEntityFromUrlObject($url_object);
$path_data = [
'url' => $url_object,
'lastmod' => method_exists($entity, 'getChangedTime')
? date_iso8601($entity->getChangedTime()) : NULL,
'priority' => isset($data_set['priority']) ? $data_set['priority'] : NULL,
'changefreq' => !empty($data_set['changefreq']) ? $data_set['changefreq'] : NULL,
'images' => $this->includeImages && method_exists($entity, 'getEntityTypeId')
? $this->getImages($entity->getEntityTypeId(), $entity->id())
: [],
'meta' => [
'path' => $path,
'sitemap_generator' => $this->getPluginDefinition()['settings']['default_sitemap_generator']
]
if (!(bool) $this->pathValidator->getUrlIfValidWithoutAccessCheck($data_set['path'])) {
$this->logger->m(self::PATH_DOES_NOT_EXIST_MESSAGE,
['@path' => $data_set['path'], '@custom_paths_url' => $GLOBALS['base_url'] . '/admin/config/search/simplesitemap/custom'])
->display('warning', 'administer sitemap settings')
->log('warning');
return FALSE;
}
$url_object = Url::fromUserInput($data_set['path'], ['absolute' => TRUE]);
$path = $url_object->getInternalPath();
if ($this->settings['remove_duplicates'] && $this->pathProcessed($path)) {
return FALSE;
}
$entity = $this->entityHelper->getEntityFromUrlObject($url_object);
$path_data = [
'url' => $url_object,
'lastmod' => method_exists($entity, 'getChangedTime')
? date_iso8601($entity->getChangedTime()) : NULL,
'priority' => isset($data_set['priority']) ? $data_set['priority'] : NULL,
'changefreq' => !empty($data_set['changefreq']) ? $data_set['changefreq'] : NULL,
'images' => $this->includeImages && method_exists($entity, 'getEntityTypeId')
? $this->getImages($entity->getEntityTypeId(), $entity->id())
: [],
'meta' => [
'path' => $path,
'sitemap_generator' => $this->getPluginDefinition()['settings']['default_sitemap_generator']
]
];
// Additional info useful in hooks.
if (NULL !== $entity) {
$path_data['meta']['entity_info'] = [
'entity_type' => $entity->getEntityTypeId(),
'id' => $entity->id(),
];
}
// Additional info useful in hooks.
if (NULL !== $entity) {
$path_data['meta']['entity_info'] = [
'entity_type' => $entity->getEntityTypeId(),
'id' => $entity->id(),
];
}
return $path_data;
return $path_data;
}
}
......@@ -14,6 +14,7 @@ use Drupal\simple_sitemap\Plugin\simple_sitemap\SitemapGenerator\SitemapGenerato
use Drupal\Core\Language\LanguageManagerInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Language\Language;
use Drupal\simple_sitemap\Plugin\simple_sitemap\SitemapGenerator\SitemapGeneratorBase;
/**
* Class UrlGeneratorBase
......@@ -277,9 +278,12 @@ abstract class UrlGeneratorBase extends SimplesitemapPluginBase implements UrlGe
}
elseif ($this->settings['skip_untranslated']
&& ($entity = $this->entityHelper->getEntityFromUrlObject($url_object)) instanceof ContentEntityBase) {
/** @var ContentEntityBase $entity */
$translation_languages = $entity->getTranslationLanguages();
if (isset($translation_languages[Language::LANGCODE_NOT_SPECIFIED])
|| isset($translation_languages[Language::LANGCODE_NOT_APPLICABLE])) {
// Content entity's language is unknown, including only default variant.
$alternate_urls = $this->getAlternateUrlsForDefaultLanguage($url_object);
}
......@@ -302,7 +306,7 @@ abstract class UrlGeneratorBase extends SimplesitemapPluginBase implements UrlGe
}
}
protected function getAlternateUrlsForDefaultLanguage($url_object) {
protected function getAlternateUrlsForDefaultLanguage(Url $url_object) {
$alternate_urls = [];
if ($url_object->access($this->anonUser)) {
$url_object->setOption('language', $this->languages[$this->defaultLanguageId]);
......@@ -311,9 +315,11 @@ abstract class UrlGeneratorBase extends SimplesitemapPluginBase implements UrlGe
return $alternate_urls;
}
protected function getAlternateUrlsForTranslatedLanguages($entity, $url_object) {
protected function getAlternateUrlsForTranslatedLanguages(ContentEntityBase $entity, Url $url_object) {
$alternate_urls = [];
foreach ($entity->getTranslationLanguages() as $language) {
/** @var Language $language */
if (!isset($this->settings['excluded_languages'][$language->getId()]) || $language->isDefault()) {
$translation = $entity->getTranslation($language->getId());
if ($translation->access('view', $this->anonUser)) {
......@@ -325,7 +331,7 @@ abstract class UrlGeneratorBase extends SimplesitemapPluginBase implements UrlGe
return $alternate_urls;
}
protected function getAlternateUrlsForAllLanguages($url_object) {
protected function getAlternateUrlsForAllLanguages(Url $url_object) {
$alternate_urls = [];
if ($url_object->access($this->anonUser)) {
foreach ($this->languages as $language) {
......@@ -349,6 +355,7 @@ abstract class UrlGeneratorBase extends SimplesitemapPluginBase implements UrlGe
== $this->batchMeta['last_generate_sitemap_operation_no']) {
foreach ($this->getBatchResultQueue() as $sitemap_type => $queued_sitemap_links) {
/** @var SitemapGeneratorBase $sitemap_generator */
$sitemap_generator = $this->sitemapGeneratorManager
->createInstance($sitemap_type)
->setSettings(['excluded_languages' => $this->settings['excluded_languages']]);
......@@ -408,7 +415,7 @@ abstract class UrlGeneratorBase extends SimplesitemapPluginBase implements UrlGe
$this->context['message'] = $this->t(self::PROCESSING_PATH_MESSAGE, [
'@current' => $this->context['sandbox']['progress'],
'@max' => $this->context['sandbox']['max'],
'@path' => HTML::escape($path),
'@path' => Html::escape($path),
]);
}
}
......
......@@ -245,7 +245,7 @@ class Simplesitemap {
* Can be 'form', 'backend', 'drush' or 'nobatch'.
* This decides how the batch process is to be run.
*
* @param array|null $sitemap_types
* @param array|string|null $sitemap_types
*
* @return bool|\Drupal\simple_sitemap\Simplesitemap
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment