Contrib.social

User role action labels get double-escaped and out of sync with the corresponding user role label

Open on Drupal.org β†’
Created on 20 October 2015, about 9 years ago
Updated 30 January 2023, almost 2 years ago

Problem/Motivation

In user_user_role_insert we create actions per user role being created. We do this like this:

    $action = entity_create('action', array(
      'id' => $add_id,
      'type' => 'user',
      'label' => t('Add the @label role to the selected users', array('@label' => $role->label())),
      'configuration' => array(
        'rid' => $role->id(),
      ),
      'plugin' => 'user_add_role_action',
    ));
    $action->trustData()->save();

At first sight the t() looks wrong because it means config will be saved with the translated text - but actually I think this is fine since the configuration entity will have the language that the user has when they create the role. But what is more problematic is saving the escaped role label. This causes two problems - double escaping on admin/people if the role label contains an & and also potentially getting out of sync with the role label if that changes.

Proposed resolution

no idea yet

Remaining tasks

Find a solution.

User interface changes

None

API changes

?

Data model changes

?

Why is this an RC target?

  • Escaping the role label during the creation of the action label leads to double escaping. This patch fixes 27 out of the 32 fails found by #2571065-14: Find escaping due to Twig autoescape β†’ . Without this patch going in we can't implement some sort of generic double escaping test for all of our WebTestBase tests.
  • Not keeping the action label in sync with the action label could result in a very confusing UI experience (image if role labels are swapped - yes that would be dumb but we all do dumb things sometimes)
  • The fix creates a generic solution for actions to add arguments for it's labels. Given how actions are created based on other config entities this is likely to be needed again
πŸ› Bug report
Status

Needs work

Version

9.5

Component
User moduleΒ  β†’

Last updated 7 days ago

Created by

πŸ‡¬πŸ‡§United Kingdom alexpott πŸ‡ͺπŸ‡ΊπŸŒ

Live updates comments and jobs are added and updated live.
  • D8MI

    (Drupal 8 Multilingual Initiative) is the tag used by the multilingual initiative to mark core issues (and some contributed module issues). For versions other than Drupal 8, use the i18n (Internationalization) tag on issues which involve or affect multilingual / multinational support. That is preferred over Translation.

  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    needs-review-queue-bot

    The Needs Review Queue Bot β†’ tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

    Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

    Consult the Drupal Contributor Guide β†’ to find step-by-step guides for working with issues.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024