InvalidArgumentException: The user-entered string 'portal' must begin with a '/', '?', or '#'. in Drupal\Core\Url::fromUserInput()

Created on 29 November 2021, about 3 years ago
Updated 2 June 2024, 7 months ago

Problem/Motivation

When an anonymous user wants to open a URL which is only accessible to authenticated users, e.g. https://www.example.com/intranet, then they get redirected to the login form and after that probably to the legal_confirm page. That redirect to legal_confirm contains the url argument destination=intranet/ which then leads to this error:

InvalidArgumentException: The user-entered string 'intranet/' must begin with a '/', '?', or '#'. in Drupal\Core\Url::fromUserInput() (Zeile 214 in /var/www/drupal/wohnen/develop/web/core/lib/Drupal/Core/Url.php).

When a user had accepted the T&C before already, the above scenario also redirects to the user login form with the same url argument destination=intranet/, which then redirects correctly.

Not sure yet, why the same destination argument works in one but not the other scenario.

πŸ› Bug report
Status

Fixed

Version

3.0

Component

Code

Created by

πŸ‡©πŸ‡ͺGermany jurgenhaas Gottmadingen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

    @alecsmrekar please don't use patches on an issue where a MR was used. Please incorporate the (only issue related!!) changes into the MR so we can see the interdiff. All other changes should go into separate issues please.

  • πŸ‡¨πŸ‡¦Canada JayDarnell Guelph, Ontario

    This no longer appears to be an issue. As mentioned above, the initial patch supplied here: https://git.drupalcode.org/project/legal/-/merge_requests/3.patch actually breaks the redirect altogether (in the 3.x branch at least). After I removed this patch I attempted to recreate the initial bug reported in this issue but cannot. I suspect the problem was fixed elsewhere and this issue merely needs to be closed.

  • πŸ‡ΊπŸ‡ΈUnited States frob US

    I have not tried any of the patches, however, I can confirm that this issue is still present on 3.0.1

  • πŸ‡©πŸ‡ͺGermany Anybody Porta Westfalica

    So do we need a new stable release or is this also still happening in 3.0.x @frob?

  • πŸ‡ΊπŸ‡ΈUnited States frob US

    I am unable to test the new version at the moment. However, the test is pretty simple. If you visit `/user/login?destination=internet` then it should break with the OP's error.

    To fix this ourselves we patched the `public/modules/contrib/legal/src/Form/LegalLogin.php` file to ensure the destination is valid. It looks like you where leaning toward a solution which involved the redirection service so I didn't submit my patch.

    Replace

          $redirect = $_GET['destination'];
    

    with

          $destination_path = $_GET['destination'];
          if (strpos($destination_path, '/') !== 0) {
            $destination_path = '/' . $destination_path;
          }
          $redirect = $destination_path;
    
    
  • Status changed to Fixed 7 months ago
  • πŸ‡¬πŸ‡§United Kingdom robert castelo
  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024