- 🇨🇦Canada Liam Morland Ontario, CA 🇨🇦
Drupal 7 is no longer supported. If this issue applies to a supported version, please re-open.
Hitting a URL like /fillpdf?fid=1&sample=1 will create a sample PDF that isn't populated with any live entity.
So will /fillpdf?fid=1&entity_ids[0]=node:2&sample=1. With &sample being set, entity data is ignored anyway, so the PDF won't be populated by anything else than the original PDF field names.
Still, in both cases (!) the FillPdfFileContext record created will contain route:fillpdf.populate_pdf?fid=1&sample=1&entity_ids[0]=node:2, node:2 being the default entity in this example.
Only if no default entity is set, in the case of /fillpdf?fid=1&sample=1 we will see the expected plain FillPdfFileContext record containing route:fillpdf.populate_pdf?fid=1&sample=1.
While this isn't a big issue and no access check seems to be enforced, it adds avoidable clutter to FillPdfFileContext records.
So unless we'd be adding a feature to combine sample data with actual entity data (which we probably won't do), we're ignoring live entity data if &sample=1 is set, so the created FillPdfFileContext should do so as well.
Closed: outdated
1.0
Code
After being applied to the 8.x branch, it should be considered for backport to the 7.x branch. Note: This tag should generally remain even after the backport has been written, approved, and committed.
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Drupal 7 is no longer supported. If this issue applies to a supported version, please re-open.