EntityConverter can fail with an exception when passing an invalid entity type

Created on 30 December 2019, almost 5 years ago
Updated 8 February 2023, almost 2 years ago

Problem/Motivation

Both EntityConverter and AdminPathConfigEntityConverter call getDefinition()/getStorage on a dynamic $entity_type_id without verifying that it does exist.

Somehow a bot visited URL's like this: /editor/jscripts/tiny_mce/plugins/advimage/image.asp, resulting in a bunch of errors and a monitoring alert for us over the holidays ;)

Proposed resolution

Check that the entity type is valid with hasDefinition(), possibly in \Drupal\Core\ParamConverter\DynamicEntityTypeParamConverterTrait::getEntityTypeFromDefaults(), display a 404 instead.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Needs work

Version

10.1

Component
Entity 

Last updated 15 minutes ago

Created by

🇨🇭Switzerland berdir Switzerland

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024