Invalid paths are accepted

Created on 29 November 2021, over 3 years ago
Updated 3 August 2023, almost 2 years ago

Problem/Motivation

When an administrator adds a redirect url that does not start with a protocol, slash or token they get no error on form submission.
When the redirect is triggered, the user logging in gets an error "InvalidArgumentException: The user-entered string 'node/1' must begin with a '/', '?', or '#'. in Drupal\Core\Url::fromUserInput() (line 214 of core/lib/Drupal/Core/Url.php)."

Steps to reproduce

- Create a node. Assume it's nid is 1.
- Enter 'node/1' as redirect path for a role.
- Log in as a user with that role.
- See error

Proposed resolution

- Add test-case for adding relative urls that do not start with a slash
- Improve form validation to alert user to invalid path when saving settings form.
- Add update hook to fix existing wrong urls.

Remaining tasks

None

User interface changes

None, existing form error handling can be used.

API changes

None

Data model changes

None

๐Ÿ› Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

๐Ÿ‡ณ๐Ÿ‡ฑNetherlands JvE

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024