- πΊπΈUnited States smustgrave
Is this a duplicate of π Remove $form_state immutability Needs review ?
$form_state['build_info']['immutable']
defined as: * - immutable: If this flag is set to TRUE, a new form build id is
* generated when the form is loaded from the cache. If it is subsequently
* saved to the cache again, it will have another cache id and therefore
* the original form and form-state will remain unaltered.
#2421503: SA-CORE-2014-002 forward port only checks internal cache β is an open critical issue for making sure the flag is set in all cases that it needs to be.
Change $form_build_id from a randomly generated string to the hash of the $form and $form_state being persisted.
Discuss, patch, review, commit.
None.
$form_state['build_info']['immutable']
removed, since immutability would be baked in.Postponed: needs info
11.0 π₯
Last updated
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Is this a duplicate of π Remove $form_state immutability Needs review ?