- Issue created by @kreynen
- First commit to issue fork.
- Merge request !14Simplify anonymous settings form validation, update user_login_path form element description β (Open) created by ad0z
- last update
about 1 year ago 47 pass, 2 fail - last update
about 1 year ago 49 pass - π΅π±Poland ad0z
I think validation condition is overcomplicated:
// Check the path validity // and whether the anonymous user can access the entered path. if (!UrlHelper::isExternal($r4032loginUserLoginPath) && (($r4032loginUserLoginPath != '<front>') || ($r4032loginUserLoginPath = Url::fromRoute($r4032loginUserLoginPath)->toString())) && (!$this->pathValidator->getUrlIfValidWithoutAccessCheck($r4032loginUserLoginPath) || !($url = Url::fromUserInput($r4032loginUserLoginPath)) || !$url->access(User::getAnonymousUser())) ) {
The mentioned exception is throw by
UrlHelper::isExternal
, to check if url is external we could use:$url = $this->pathValidator->getUrlIfValidWithoutAccessCheck($r4032loginUserLoginPath); $url->isExternal();
I've created fork and merge request to 2.x which simplify this condition and update form element description which is outdated after this change. Updated test as well, as it was failing.
- Status changed to Needs review
about 1 year ago 7:49pm 18 November 2023 - Status changed to Needs work
5 months ago 10:02pm 10 August 2024 - πΊπΈUnited States nmangold United States
Although this fixes the exception, it allows for the path to be entered without the leading slash, which results in a fatal error when the user is redirected.
Also, the steps to reproduce as written requires the path saml_login to exist. The issue can be reproduced by simply removing the leading slash from the default value, /user/login path, and submitting the form.
- Status changed to Needs review
4 months ago 10:12pm 14 August 2024 - π΅π±Poland ad0z
Updated MR to add leading zero for internal urls if not available, added mentioned scenario to tests cases as well.