Incorrect format in remote video field variables causes access denied

Created on 15 July 2019, over 5 years ago
Updated 4 November 2022, about 2 years ago

When setting width and/or height to null in remote video media field (in one of display mode with custom values), the two hash in function render() are not equal. This occurs because the getter $request->query->getInt('max_width', NULL) returns the value 0 instead of null (line 122 in /core/modules/media/src/Controller/OEmbedIframeController.php).

When the two hash are not equal the system returns Access Denied message and the media is not showed.

This do not occurs in a vanilla based installation (I don't know why...).

🐛 Bug report
Status

Needs work

Version

9.5

Component
Media 

Last updated 1 day ago

Created by

🇮🇹Italy charly71

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇨🇿Czech Republic honyik

    Also having this issue on D10, the field for max-width is now a number field, so no potential for filling it wrong, it's gotta be an issue in the code itself.

Production build 0.71.5 2024