- Issue created by @Ruuds
- Status changed to Needs review
over 1 year ago 11:17am 24 January 2023 - Status changed to RTBC
over 1 year ago 10:21am 25 January 2023 - 🇮🇳India nidhi27
I have tested this patch on 10.1.x-dev version.
At the time of creating file field default value is selected as private for file uploading folder.
I have attached the screenshot as well.
- Status changed to Needs work
over 1 year ago 10:32am 25 January 2023 - 🇫🇮Finland lauriii Finland
Seems sensible to me that contact form files would be considered as private by default.
+++ b/core/modules/contact/contact.module @@ -248,3 +249,20 @@ function contact_form_user_admin_settings_submit($form, FormStateInterface $form + if ($field->getTargetEntityTypeId() === 'contact_message' && $field->getType() === 'file') {Should we also check if the stream wrapper for private files exists? It seems like now we could be configuring an option by default which is not available for all sites.
We should also add tests for this, just to confirm it works (and continues to do so).
- 🇺🇸United States cilefen
Should we also check if the stream wrapper for private files exists?
Correct. You cannot assume that wrapper exists. Webform module has the same idea and probably the code to borrow.
- Status changed to Needs review
over 1 year ago 5:30pm 22 March 2023 - 🇮🇳India mehul.gada Mumbai
Here is the patch to check if the private files exists or not and accordingly set the default value.
- Status changed to Needs work
about 1 year ago 12:07am 30 March 2023 - 🇦🇺Australia larowlan 🇦🇺🏝.au GMT+10
I think this is a good addition, however how about instead of forcing it, we target the field storage form with a form alter hook.
Otherwise with this approach, the user could submit the form with 'public' and then go back to edit and see private and be confused.
If we use a form alter, we can show a message as to why public isn't available as an option or similar.
Also, we need some tests here.
Great idea, love security by default!
- Merge request !8244File upload fields added to contact forms should upload to private:// by default → (Open) created by Ruuds
- Status changed to Needs review
13 days ago 8:26am 13 June 2024 - 🇳🇱Netherlands Ruuds
I've implemented the suggestion of @larowlan and also added a test for it. If the private stream wrapper is not available a warning is shown it is advised to store file uploads for contact forms as private files.
- First commit to issue fork.
- Status changed to RTBC
7 days ago 12:14am 20 June 2024 - 🇺🇸United States smustgrave
Hiding patches for clarity
Removing tests tag as coverage was added
1) Drupal\Tests\contact\FunctionalJavascript\ContactFileFieldTest::testFileFieldHasPrivateSchemeByDefault Failed asserting that false is true. /builds/issue/drupal-3336081/core/modules/contact/tests/src/FunctionalJavascript/ContactFileFieldTest.php:72 2) Drupal\Tests\contact\FunctionalJavascript\ContactFileFieldTest::testFileFieldHasPublicSchemeByDefaultWhenPrivateSchemeNotConfigured Behat\Mink\Exception\ResponseTextException: The text "It is advised to store file uploads for contact forms as private files. You can configure this in settings.php" was not found anywhere in the text of the current page. /builds/issue/drupal-3336081/vendor/behat/mink/src/WebAssert.php:907 /builds/issue/drupal-3336081/vendor/behat/mink/src/WebAssert.php:293 /builds/issue/drupal-3336081/core/tests/Drupal/Tests/WebAssert.php:975 /builds/issue/drupal-3336081/core/modules/contact/tests/src/FunctionalJavascript/ContactFileFieldTest.php:115 FAILURES! Tests: 2, Assertions: 20, Failures: 2.Applied some formatting changes to the hook and tests but appears @larowlan feedback from #7 has been addressed.
