Extend the File EntityAccessHandler - Security Hardening

Created on 20 April 2022, over 2 years ago

Updated 28 December 2024, 11 days ago

This is a public hardening issue.

We want the file_delete path to consider entity access via the _entity_access requirement

This requires the module to swap the access handler for the File entity and extend the existing handler to include a check for this permission.

📌 Task

Status

Active

Version

1.0

Component

Code

Created by

jonnyeom

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

smustgrave → committed df27b707 on 3.0.x

Issue #3276333: Remove un-needed/unused code now that functionality is...

Production build 0.71.5 2024