Contrib.social

Incompatibility with media_entity_download

Open on Drupal.org β†’
Created on 20 December 2023, over 1 year ago

Problem/Motivation

When using media_entity_download, you are allowed to try to force the disposition of the download.

But reverse_proxy_header adds

$event->getRequest()->overrideGlobals();

which will convert any query args like "inline => NULL" to "inline -> ''(empty string)".
That will convert any link like media/2/download?inline to media/2/download?inline=(see equals), which causes an unnecessary redirect (and might lead to unexpected bugs).

I wonder why this is needed at all, given that we set the values that we need (HTTPS and REMOTE_ADDR).

Steps to reproduce

TBD

Proposed resolution

TBD

Remaining tasks

TBD

User interface changes

TBD

API changes

TBD

Data model changes

TBD

πŸ› Bug report
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡ͺπŸ‡ΈSpain penyaskito Seville πŸ’ƒ, Spain πŸ‡ͺπŸ‡Έ, UTC+2 πŸ‡ͺπŸ‡Ί

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @penyaskito
  • Status changed to Postponed: needs info 3 months ago
  • Comment 3 months ago β†’
    πŸ‡ΊπŸ‡¦Ukraine bohart Lutsk, Ukraine

    Hi @penyaskito,

    It sounds a bit strange to me, as overrideGlobals() is called during form builds and other modules routines, etc.
    So (maybe) it is more of an issue with the media_entity_download module itself.

    Still, I have installed the media_entity_download module and cannot reproduce the issue.
    Either for inline or attachment GET parameters for media download links, no additional redirects occur.

    overrideGlobals() does not change either $_GET["inline"] or $_REQUEST["inline"].
    As well, as $event->getRequest()->request->get("inline"); returns null before and after overrideGlobals().

    Could you please provide a few more steps to reproduce?
    Or, maybe the issue is gone on the latest Drupal 11 + reverse_proxy_header / media_entity_download versions?

    Looking forward,

  • Comment 3 months ago β†’
    πŸ‡ͺπŸ‡ΈSpain penyaskito Seville πŸ’ƒ, Spain πŸ‡ͺπŸ‡Έ, UTC+2 πŸ‡ͺπŸ‡Ί

    This is similar to https://www.drupal.org/project/linkit/issues/3399995 πŸ› If a suggestion has a NULL in query string, LinkitFilter replaces with an empty string Needs review .

    OverrideGlobals normalizes the query string:
    https://github.com/symfony/symfony/blob/7.2/src/Symfony/Component/HttpFo...

    Which transforms any null query argument to an empty string. But those aren't the same!

  • Comment 3 months ago β†’
    πŸ‡ΊπŸ‡¦Ukraine bohart Lutsk, Ukraine

    Christian, it normalizeQueryString for $_SERVER and $_REQUEST superglobals variables. We can just debug before and after overrideGlobals() to validate this (a quote from the previous comment):

    overrideGlobals() does NOT change either $_GET["inline"] or $_REQUEST["inline"].

    I have additionally run this code before and after overrideGlobals() executions:

            $values = [
          $event->getRequest()->query->all(),
          $event->getRequest()->query->get("inline"),
          $_GET["inline"],
          $_REQUEST["inline"],
          $_SERVER["REQUEST_URI"],
        ];

    All variables are intact and unchanged. The code was run at clear Drupal11+reverse_proxy_header+media_entity_download (without any other modules).

    At this point, there is no understanding of what exactly is changing by overrideGlobals().
    Could you please provide:
    - the exact variable / superglobal path / request object property which is changing?
    - steps to reproduce the mentioned unnecessary redirect?

    Thanks.

  • Comment 3 months ago β†’
    πŸ‡ͺπŸ‡ΈSpain penyaskito Seville πŸ’ƒ, Spain πŸ‡ͺπŸ‡Έ, UTC+2 πŸ‡ͺπŸ‡Ί

    Don't think I'll be able to test this soon-ish.

    If you are using a git checkout of 11.x for testing, this might explain why you can't reproduce, as it might have been fixed in https://github.com/symfony/symfony/pull/59134/files

    πŸ“Œ Update Composer dependencies for 11.1.0-RC1 Active

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024