FormState:setRedirect() should check access to the route

Created on 15 April 2015, about 10 years ago

Updated 3 August 2023, almost 2 years ago

Problem/Motivation

FormState::setRedirect() takes a route name, params, and options, and FormState::setRedirectUrl() takes a Url object.
At this point we have enough information to check access to that route.

Proposed resolution

Throw an exception if access is denied, instead of redirecting the user to a 403

Remaining tasks

Decide what exception class to use.

User interface changes

N/A

API changes

FormState::setRedirect()/setRedirectUrl() will throw an exception instead of allowing the user to be redirected to a 403

🐛 Bug report

Status

Needs work

Version

11.0 🔥

Component

Form →

Last updated 2 days ago

Maintained by
🇺🇸United States @effulgentsia
🇺🇸United States @tim.plunkett

Created by

🇺🇸United States tim.plunkett Philadelphia

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

!11039FormState:setRedirect() should check access to the route
Open
🇺🇸United States tim.plunkett
updated 5 months ago

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇺🇸United States tim.plunkett Philadelphia
Open in Jenkins → Open on Drupal.org →
Environment: PHP 8.2 & MySQL 8
last update almost 2 years ago
Custom Commands Failed
Comment almost 2 years ago →
🇮🇳India _utsavsharma
Ran the test for 11.x.
It has custom command failures.
tried to fix it.
Please review.
Open in Jenkins → Open on Drupal.org →
Environment: PHP 8.2 & MySQL 8
last update almost 2 years ago
29,844 pass, 34 fail
Merge request !11039Issue #2471613: FormState:setRedirect() should check access to the route → (Open) created by tim.plunkett
Pipeline finished with Failed
5 months ago
Total: 396s
#409567

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024