Contrib.social

Add further sanitation when receiving config data in code

Open on Drupal.org →
Created on 17 May 2023, almost 2 years ago

Problem/Motivation

Currently, in the "Search404Controller" config values are not sanitized enough. This is especially the case for "search404_ignore_extensions" and "search404_ignore_query".

Steps to reproduce

Proposed resolution

Taken from @Anybody inside https://git.drupalcode.org/project/search404/-/merge_requests/12:

We might be so kind here to

  1. Trim the string first - always a good thing in such a case
  2. Remove dots (str_replace)
  3. Also split by "," which isn't untypical
  4. Trim the exploded results and check them to be not empty (if someone adds two spaced for example)

Alternatively, we could NOT do that and instead add a validation which checks for:

  1. dots
  2. two spaces
  3. or simply any non a-z characters?

Same validation helper should be used for search404_ignore_query.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task
Status

Active

Version

2.0

Component

Code

Created by

🇩🇪Germany Grevil

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024