The LegalLogin form does not perform any checks on the values retrieved from cookies. If the cookie values get tampered with this can cause a fatal PHP error.
Setup the module and log in with a user who's required to accept legal terms. When viewing the terms, go to the inspector and find the cookie values. Edit the Drupal.visitor.legal_id value to be a non-existing user ID integer. Submit the form and notice the PHP error.
Add some more checks to exit gracefully if the cookie value is not a valid ID.
n/a
n/a
n/a
n/a
Fixed
3.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
@alecsmrekar could you reroll this against 3.0.x as MR perhaps?
Why do we need to "exit gracefully" if someone tampers with the cookie value?
Added in https://www.drupal.org/project/legal/issues/3376194 📌 Make user ID validation logic more defensive Fixed .
Automatically closed - issue fixed for 2 weeks with no activity.