Contrib.social

options_allowed_values() cache pollution

Open on Drupal.org →
Created on 24 July 2020, over 4 years ago
Updated 23 January 2025, about 1 month ago

Problem/Motivation

Under certain circumstances, it is relatively easy to cause cache polution for options_allowed_values's drupal_static.

Steps to reproduce

In custom entity:

  public static function baseFieldDefinitions(EntityTypeInterface $entity_type) {
    $fields = parent::baseFieldDefinitions($entity_type);

    $fields['options_list'] = BaseFieldDefinition::create('list_string')
      ->setLabel(t('Options'))
      ->setSettings([
        'allowed_values' => ['foo' => t('Foo'), 'bar' => t('Bar')],
      ]);

  }

  public static function bundleFieldDefinitions(EntityTypeInterface $entity_type, $bundle, array $base_field_definitions) {
    if ($bundle === 'baz') {
      $fields['options_list'] = clone $base_field_definitions['options_list'];
      $fields['options_list']->setSettings([
        'allowed_values' => ['baz' => t('Baz')],
      ]);
      return $fields;
    }

    return [];
  }

Then bulk insert a bunch of entities where some have a bundle of baz and the rest are foobar. Once the foobar bundled entities are validated/saved, any attempts to perform entity validation on baz bundle entities will fail because they are passing an option value of 'baz' and the previous list of ['foo', 'bar'] was already statically cached by drupal_static().

Proposed resolution

Add the target bundle to the cache keys.

Remaining tasks

Tests

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report
Status

Needs work

Version

11.0 🔥

Component

options.module

Created by

heddn Nicaragua

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024