Invalid paths are accepted

Created on 29 November 2021, over 2 years ago

Updated 3 August 2023, 11 months ago

Problem/Motivation

When an administrator adds a redirect url that does not start with a protocol, slash or token they get no error on form submission.
When the redirect is triggered, the user logging in gets an error "InvalidArgumentException: The user-entered string 'node/1' must begin with a '/', '?', or '#'. in Drupal\Core\Url::fromUserInput() (line 214 of core/lib/Drupal/Core/Url.php)."

Steps to reproduce

- Create a node. Assume it's nid is 1.
- Enter 'node/1' as redirect path for a role.
- Log in as a user with that role.
- See error

Proposed resolution

- Add test-case for adding relative urls that do not start with a slash
- Improve form validation to alert user to invalid path when saving settings form.
- Add update hook to fix existing wrong urls.

Remaining tasks

None

User interface changes

None, existing form error handling can be used.

API changes

None

Data model changes

None

🐛 Bug report

Status

Needs review

Version

1.0

Component

Code

Created by

🇳🇱Netherlands JvE

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 11 months ago →
🇨🇦Canada alireza.tayari Ontario
alireza.tayari → made their first commit to this issue’s fork.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024