Link field > Access to internal links is not checked on display.

Created on 21 June 2023, almost 2 years ago

Problem/Motivation

When a link field is displayed, the current user's access to the linked content isn't checked, so links to unpublished content are displayed to anonymous users. When they try to access this content, they get a 403 error.

Steps to reproduce

Create a node with a link field.
Insert an unpublished internal link
Navigate through the page as an anonymous user. You'll see the link. When you click on it, you'll get a 403 error.

Proposed resolution

Hide all links where the linked entity is unpublished.

✨ Feature request

Status

Needs work

Version

11.0 🔥

Component

Link →

Last updated 10 days ago

Maintained by
🇧🇷Brazil @Mac_Weber

Created by

🇪🇸Spain orodicio

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @orodicio
Comment almost 2 years ago →
cilefen
Open on Drupal.org →
Environment: PHP 8.2 & MySQL 8
34:06
34:06
Queueing
@orodicio opened merge request.
Open in Jenkins → Open on Drupal.org →
Environment: PHP 8.2 & MySQL 8
last update almost 2 years ago
29,502 pass, 2 fail
@orodicio opened merge request.
Comment almost 2 years ago →
🇪🇸Spain orodicio
I have been forced to create a new MR and branch because 9.5.x had many conflicts to resolve with 11.x.
Status changed to Needs work almost 2 years ago12:23pm 21 June 2023
Comment almost 2 years ago →
cilefen
11.x is the feature branch until they set up a "main" branch.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024