Upload of tall image moves html directory

Created on 12 April 2024, 9 months ago

Problem/Motivation

When uploading a tall image on a new topic something goes wrong and the entire html directory is moved to a directory with the uploaded file name. This can be triggered by any user that has upload capability on a new topic.

Steps to reproduce

1) Create a new topic
2) Upload the attached jpeg file to the image field
3) The html directory has now been moved to "private/inline-images/limburger.jpeg"

Please keep in mind with trying to reproduce this that the user used a tall image with the filename "Screenshot_20240412_055152_De Limburger Krant.jpg" (in case the file name is also important to trigger this bug).

I didn't notice anything in the Drupal or server logs that can be traced to the upload of this image. I only noticed errors about missing php files after the html directory was moved.

Proposed resolution

Extra checks on the image upload to see if an image is available and checks to prevent accidental moves of the html directory.

🐛 Bug report
Status

Active

Version

12.3

Component

Groups

Created by

🇳🇱Netherlands collinm

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @collinm
  • 🇩🇪Germany slowflyer

    I can not reproduce this error. (Using original filename).

    OS 12.3.3, Drupal 12.2.5, PHP 8.3.3

  • 🇳🇱Netherlands collinm

    We had this with OS 12.3.0, Drupal 10.2.4, PHP 8.1.2.

  • 🇳🇱Netherlands collinm

    This morning I had the opportunity to do a test on the production environment with the images the client sent me. I cannot reproduce the issue the client could reproduce consistently with one of those images. I've asked them to send them to me via a file transfer service so I'm 100% certain I have the exact same files as they used.

  • 🇳🇱Netherlands collinm

    Today I could run the image upload test on the production environment and with the original image and with the current version of modules used I cannot reproduce it anymore.

    Now when I try to upload the image the client could reproduce the issue with I get a file too large error (2MB limit). And the site is still fully functional afterwards. I've attached the image "Screenshot_20240412_055152_De Limburger Krant.jpg" to this issue.

    Either something is still different with how the client is attempting this and I am. But I have the suspicion the emergency updates rollout that we did resolved the issue. I've included the composer output below so Open Social can check what the previous versions of modules and Drupal core were and to what they upgraded.

    Gathering patches for root package.
    Removing package drupal/core so that it can be re-installed and re-patched.
      - Removing drupal/core (10.2.4)
    Deleting html/core - deleted
    Loading composer repositories with package information
    Updating dependencies
    Lock file operations: 0 installs, 43 updates, 0 removals
      - Upgrading chi-teck/drupal-code-generator (3.4.0 => 3.5.0)
      - Upgrading consolidation/annotated-command (4.9.2 => 4.10.0)
      - Upgrading consolidation/log (3.0.0 => 3.1.0)
      - Upgrading consolidation/output-formatters (4.3.2 => 4.5.0)
      - Upgrading consolidation/site-alias (4.0.1 => 4.1.0)
      - Upgrading consolidation/site-process (5.2.0 => 5.4.0)
      - Upgrading drupal/core (10.2.4 => 10.2.5)
      - Upgrading drupal/core-composer-scaffold (10.2.4 => 10.2.5)
      - Upgrading drupal/social_pwa (2.1.2 => 2.1.3)
      - Upgrading drupal/socialblue (2.5.6 => 2.5.7)
      - Upgrading goalgorilla/open_social (12.3.0 => 12.3.3)
      - Upgrading league/uri (7.4.0 => 7.4.1)
      - Upgrading league/uri-interfaces (7.4.0 => 7.4.1)
      - Upgrading masterminds/html5 (2.8.1 => 2.9.0)
      - Upgrading mglaman/phpstan-drupal (1.2.7 => 1.2.10)
      - Upgrading npm-asset/emoji-picker-element (1.21.1 => 1.21.2)
      - Upgrading paragonie/sodium_compat (v1.20.0 => v1.20.1)
      - Upgrading phpstan/phpstan (1.10.64 => 1.10.66)
      - Upgrading psy/psysh (v0.12.2 => v0.12.3)
      - Upgrading spomky-labs/pki-framework (1.1.1 => 1.2.1)
      - Upgrading symfony/console (v6.4.4 => v6.4.6)
      - Upgrading symfony/dependency-injection (v6.4.4 => v6.4.6)
      - Upgrading symfony/error-handler (v6.4.4 => v6.4.6)
      - Upgrading symfony/event-dispatcher-contracts (v3.4.0 => v3.4.2)
      - Upgrading symfony/filesystem (v6.4.3 => v6.4.6)
      - Upgrading symfony/http-client (v6.4.5 => v6.4.6)
      - Upgrading symfony/http-client-contracts (v3.4.0 => v3.4.2)
      - Upgrading symfony/http-kernel (v6.4.5 => v6.4.6)
      - Upgrading symfony/mailer (v6.4.4 => v6.4.6)
      - Upgrading symfony/mime (v6.4.3 => v6.4.6)
      - Upgrading symfony/psr-http-message-bridge (v6.4.3 => v6.4.6)
      - Upgrading symfony/routing (v6.4.5 => v6.4.6)
      - Upgrading symfony/serializer (v6.4.4 => v6.4.6)
      - Upgrading symfony/service-contracts (v3.4.1 => v3.4.2)
      - Upgrading symfony/translation-contracts (v3.4.1 => v3.4.2)
      - Upgrading symfony/validator (v6.4.4 => v6.4.6)
      - Upgrading symfony/var-dumper (v6.4.4 => v6.4.6)
      - Upgrading symfony/var-exporter (v6.4.4 => v6.4.6)
      - Upgrading web-token/jwt-key-mgmt (3.3.0 => 3.4.0)
      - Upgrading web-token/jwt-library (3.3.1 => 3.4.1)
      - Upgrading web-token/jwt-signature (3.3.0 => 3.4.0)
      - Upgrading web-token/jwt-signature-algorithm-ecdsa (3.3.0 => 3.4.0)
      - Upgrading web-token/jwt-util-ecc (3.3.0 => 3.4.0)
    Writing lock file
    Installing dependencies from lock file (including require-dev)
    Package operations: 1 install, 42 updates, 0 removals
      - Downloading consolidation/log (3.1.0)
      - Downloading symfony/filesystem (v6.4.6)
      - Downloading symfony/validator (v6.4.6)
      - Downloading symfony/serializer (v6.4.6)
      - Downloading symfony/psr-http-message-bridge (v6.4.6)
      - Downloading symfony/var-exporter (v6.4.6)
      - Downloading symfony/dependency-injection (v6.4.6)
      - Downloading masterminds/html5 (2.9.0)
      - Downloading drupal/core (10.2.5)
      - Downloading league/uri-interfaces (7.4.1)
      - Downloading league/uri (7.4.1)
      - Downloading spomky-labs/pki-framework (1.2.1)
      - Downloading paragonie/sodium_compat (v1.20.1)
      - Downloading web-token/jwt-library (3.4.1)
      - Downloading npm-asset/emoji-picker-element (1.21.2)
      - Downloading chi-teck/drupal-code-generator (3.5.0)
      - Downloading drupal/socialblue (2.5.7)
      - Downloading goalgorilla/open_social (12.3.3)
      - Downloading drupal/social_pwa (2.1.3)
      - Downloading phpstan/phpstan (1.10.66)
      - Downloading mglaman/phpstan-drupal (1.2.10)
      - Downloading consolidation/site-alias (4.1.0)
      - Downloading consolidation/site-process (5.4.0)
      - Downloading consolidation/output-formatters (4.5.0)
      - Downloading consolidation/annotated-command (4.10.0)
    Gathering patches for root package.
    Gathering patches for dependencies. This might take a minute.
      - Upgrading drupal/core-composer-scaffold (10.2.4 => 10.2.5): Extracting archive
      - Upgrading symfony/event-dispatcher-contracts (v3.4.0 => v3.4.2): Extracting archive
      - Upgrading symfony/var-dumper (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading symfony/error-handler (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading symfony/http-kernel (v6.4.5 => v6.4.6): Extracting archive
      - Upgrading symfony/service-contracts (v3.4.1 => v3.4.2): Extracting archive
      - Upgrading symfony/console (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading consolidation/log (3.0.0 => 3.1.0): Extracting archive
      - Upgrading symfony/filesystem (v6.4.3 => v6.4.6): Extracting archive
      - Upgrading symfony/translation-contracts (v3.4.1 => v3.4.2): Extracting archive
      - Upgrading symfony/validator (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading symfony/serializer (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading symfony/routing (v6.4.5 => v6.4.6): Extracting archive
      - Upgrading symfony/psr-http-message-bridge (v6.4.3 => v6.4.6): Extracting archive
      - Upgrading symfony/mime (v6.4.3 => v6.4.6): Extracting archive
      - Upgrading symfony/mailer (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading symfony/var-exporter (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading symfony/dependency-injection (v6.4.4 => v6.4.6): Extracting archive
      - Upgrading masterminds/html5 (2.8.1 => 2.9.0): Extracting archive
      - Installing drupal/core (10.2.5): Extracting archive
      - Upgrading league/uri-interfaces (7.4.0 => 7.4.1): Extracting archive
      - Upgrading league/uri (7.4.0 => 7.4.1): Extracting archive
      - Upgrading symfony/http-client-contracts (v3.4.0 => v3.4.2): Extracting archive
      - Upgrading symfony/http-client (v6.4.5 => v6.4.6): Extracting archive
      - Upgrading spomky-labs/pki-framework (1.1.1 => 1.2.1): Extracting archive
      - Upgrading paragonie/sodium_compat (v1.20.0 => v1.20.1): Extracting archive
      - Upgrading web-token/jwt-library (3.3.1 => 3.4.1): Extracting archive
      - Upgrading web-token/jwt-util-ecc (3.3.0 => 3.4.0): Extracting archive
      - Upgrading web-token/jwt-signature-algorithm-ecdsa (3.3.0 => 3.4.0): Extracting archive
      - Upgrading web-token/jwt-signature (3.3.0 => 3.4.0): Extracting archive
      - Upgrading web-token/jwt-key-mgmt (3.3.0 => 3.4.0): Extracting archive
      - Upgrading npm-asset/emoji-picker-element (1.21.1 => 1.21.2): Extracting archive
      - Upgrading chi-teck/drupal-code-generator (3.4.0 => 3.5.0): Extracting archive
      - Upgrading drupal/socialblue (2.5.6 => 2.5.7): Extracting archive
      - Upgrading goalgorilla/open_social (12.3.0 => 12.3.3): Extracting archive
      - Upgrading drupal/social_pwa (2.1.2 => 2.1.3): Extracting archive
      - Upgrading phpstan/phpstan (1.10.64 => 1.10.66): Extracting archive
      - Upgrading mglaman/phpstan-drupal (1.2.7 => 1.2.10): Extracting archive
      - Upgrading psy/psysh (v0.12.2 => v0.12.3): Extracting archive
      - Upgrading consolidation/site-alias (4.0.1 => 4.1.0): Extracting archive
      - Upgrading consolidation/site-process (5.2.0 => 5.4.0): Extracting archive
      - Upgrading consolidation/output-formatters (4.3.2 => 4.5.0): Extracting archive
      - Upgrading consolidation/annotated-command (4.9.2 => 4.10.0): Extracting archive
      - Applying patches for drupal/core
        https://www.drupal.org/files/issues/2022-05-18/layout_builder_at-massageFormValues-argument-null-3281124-2.patch (Fix drupal 10 https://www.drupal.org/project/drupal/issues/3405115)
       Could not apply patch! Skipping. The error was: Cannot apply patch https://www.drupal.org/files/issues/2022-05-18/layout_builder_at-massageFormValues-argument-null-3281124-2.patch
        https://www.drupal.org/files/issues/2019-05-10/2528214-54.patch (Restrict images to this site blocks image style derivatives)
        https://www.drupal.org/files/issues/2018-12-28/2580551-72.patch (Optimize getCommentedEntity())
        https://www.drupal.org/files/issues/2018-05-24/2974925-default-rid-config-causes-illegal-error.patch (Default role id causes issues with validation on VBO)
        https://www.drupal.org/files/issues/2020-06-17/views-exposed-form-block-args-2821962-39-8.9-notest.patch (Ensure views exposed form in a form block keeps contextual arguments (Updated))
        https://www.drupal.org/files/issues/2023-12-18/1091852-186.patch (10.x Display Bug when using #states (Forms API) with Ajax Request)
        https://www.drupal.org/files/issues/2022-06-01/drupal-termstorage-loadTree-lang-3123561-13_0.patch (Can't specify the language in TermStorage::loadTree)
        https://www.drupal.org/files/issues/2020-12-18/drupal-3188258-aggregation-across-entity-reference-fail-2.patch (Issue #3188258: Aggregation queries fail across entity references)
        https://www.drupal.org/files/issues/2020-12-22/pagination-does-not-work-with-lazy-builder-3189538-2.patch (Pagination does not work correctly for comment fields that are rendered using #lazy_builder)
        https://www.drupal.org/files/issues/2020-12-29/2921093-18.patch (Providing default route value for entity forms is not possible)
        https://www.drupal.org/files/issues/2020-07-06/2842409-15.patch (Selecting the same day in a date between filter returns no results)
        https://www.drupal.org/files/issues/2019-10-21/2663316-76.drupal.Broken-title-in-modal-dialog-when-title-is-a-render-array.patch (Broken title in modal dialog when title is a render array)
        https://www.drupal.org/files/issues/2023-04-07/2910000-mr-1451-d95--floodmemorybackend-time-local_0.diff (Flood MemoryBackend::events[] key of micro time cannot guarantee uniqueness)
        https://www.drupal.org/files/issues/2022-02-07/2998390-8.patch (Issue #2998390: Cache is not invalidated when comment deleted)
        https://www.drupal.org/files/issues/2024-03-06/2786735-64.patch (Image derivative generation does not work if effect "Convert" in use and file stored in private filesystem)
        https://www.drupal.org/files/issues/2024-01-14/2107455-94.10.2.patch (Issue #2107455: Image field default value not shown when upload destination set to private file storage)
        https://www.drupal.org/files/issues/2021-04-18/2924783-18.patch (2924783 - Fatal error on entity autocomplete widget if entity label contains parentheses)
        https://www.drupal.org/files/issues/2023-10-29/3397494-revert-runtimeexception-untill-permissions-fixed.patch (Issue #3397494: Revert the runtime exception for permissions until we have fixed them all correctly)
        https://www.drupal.org/files/issues/2023-10-19/drupal-redirect-disable-validation-on-delete-entity-3395358-2.patch (Issue #3395358 - Redirecting a request during delete an entity when the redirect are disabled)
        https://www.drupal.org/files/issues/2024-01-22/3416251-3-revert-core-entity-delete-modal-changes.patch (Issue #3416251: Drupal 10.1.x revert of modal windows for entity delete operation)
        https://www.drupal.org/files/issues/2023-12-20/fix-toolbarjs-null-handling.patch (Issue #3409505: Uncaught TypeError: Cannot read properties of null (reading 'style') (toolbar.js))
        https://www.drupal.org/files/issues/2018-07-05/2943172-kernel-test-base-3.patch (https://www.drupal.org/project/drupal/issues/2943172)
    
      - Applying patches for drupal/socialblue
        https://www.drupal.org/files/issues/2024-03-12/socialblue-add-hero-css-file-to-be-overwritten-custom-color-3427426-4.patch (Issue #3427426: Custom color being ignored for logged user in Search page)
    
  • 🇩🇪Germany slowflyer

    From my point of view, this is or was never a bug of Open Social itself.

    I would take a closer look in filesystem and webserver fileupload configuration.

  • 🇳🇱Netherlands collinm

    This cannot be a filesystem and webserver issue as nothing was changed there. But now it looks like it's working correctly after rolling out updates. The files were also moved to a location Open Social should have write access to.

    I have a final appointment with the client to see if they can still reproduce this. If it then doesn't happen we know it was something in the updates that fixed this. And then it's up to Open Social to decide if it warrants time to figure out how this could happen, or that they'll close this issue.

  • 🇳🇱Netherlands collinm

    Had an online meeting with the client and we've figured out what I was doing differently (misunderstood where she was uploading the file). The client uploads the file as an inline image in the description field of a new topic. The image then does get displayed in the WYSIWYG editor, but the site also immediately gives a JavaScript pop-up with the message "Couldn't upload the file: ". And at this point the entire html directory is already moved and the site is no longer functional.

    I've updated this issue with the correct steps to reproduce.

  • 🇳🇱Netherlands ronaldtebrake

    Thanks for the update, appreciated!

    Unfortunately I'm having a real hard time reproducing this.
    I have made sure it uses the private file system, set a limit to 2MB, I'm on 12.3.0 of Open Social
    Used the image provided, I get the following:

    The image is then removed, I can't save the topic anymore because the image is gone:

    Also the image isn't ending up in my private file / inline-images, nor does anything happen with the html directory.

    I also have a hard time finding out what in Open Social could be the culprit here. Especially that part should be default editor behavior.

    Does it now happen with both images? From the name of the html directory shown it seems that the smaller image "limburger.jpeg" also triggers this for your client?
    If possible would be good to see which modules are enabled there, running drush pml | grep Enabled could be an easy way for that.

  • 🇳🇱Netherlands collinm

    I know it happens with the "Screenshot_20240412_055152_De Limburger Krant.jpg". I haven't verified if the other image also triggers it on the production environment.

    The only differences I see with how you did it is that "News" is what is checked in my test case (also the only option that is available). And that we're doing it under Dutch, so our path is: /nl/node/add/topic

    I've run the command and this is the output (redacted info that can be traced to the client and marked "CLIENT"):

    Core                              Automated Cron (automated_cron)                                                Enabled    10.2.5          
      Core                              Block (block)                                                                  Enabled    10.2.5          
      Core                              Block Content (block_content)                                                  Enabled    10.2.5          
      Core                              Breakpoint (breakpoint)                                                        Enabled    10.2.5          
      Core                              CKEditor 5 (ckeditor5)                                                         Enabled    10.2.5          
      Core                              Comment (comment)                                                              Enabled    10.2.5          
      Core                              Configuration Manager (config)                                                 Enabled    10.2.5          
      Multilingual                      Configuration Translation (config_translation)                                 Enabled    10.2.5          
      Multilingual                      Content Translation (content_translation)                                      Enabled    10.2.5          
      Field types                       Datetime (datetime)                                                            Enabled    10.2.5          
      Core                              Database Logging (dblog)                                                       Enabled    10.2.5          
      Core                              Internal Dynamic Page Cache (dynamic_page_cache)                               Enabled    10.2.5          
      Core                              Text Editor (editor)                                                           Enabled    10.2.5          
      Core                              Field (field)                                                                  Enabled    10.2.5          
      Core                              Field UI (field_ui)                                                            Enabled    10.2.5          
      Field types                       File (file)                                                                    Enabled    10.2.5          
      Core                              Filter (filter)                                                                Enabled    10.2.5          
      Field types                       Image (image)                                                                  Enabled    10.2.5          
      Core                              Inline Form Errors (inline_form_errors)                                        Enabled    10.2.5          
      Multilingual                      Language (language)                                                            Enabled    10.2.5          
      Field types                       Link (link)                                                                    Enabled    10.2.5          
      Multilingual                      Interface Translation (locale)                                                 Enabled    10.2.5          
      Core                              Custom Menu Links (menu_link_content)                                          Enabled    10.2.5          
      Core                              Menu UI (menu_ui)                                                              Enabled    10.2.5          
      Core                              MySQL (mysql)                                                                  Enabled    10.2.5          
      Core                              Node (node)                                                                    Enabled    10.2.5          
      Field types                       Options (options)                                                              Enabled    10.2.5          
      Core                              Internal Page Cache (page_cache)                                               Enabled    10.2.5          
      Core                              Path (path)                                                                    Enabled    10.2.5          
      Core                              Path alias (path_alias)                                                        Enabled    10.2.5          
      Core                              Password Compatibility (phpass)                                                Enabled    10.2.5          
      Web services                      RESTful Web Services (rest)                                                    Enabled    10.2.5          
      Web services                      Serialization (serialization)                                                  Enabled    10.2.5          
      Core                              System (system)                                                                Enabled    10.2.5          
      Core                              Taxonomy (taxonomy)                                                            Enabled    10.2.5          
      Field types                       Telephone (telephone)                                                          Enabled    10.2.5          
      Field types                       Text (text)                                                                    Enabled    10.2.5          
      Core                              Toolbar (toolbar)                                                              Enabled    10.2.5          
      Core                              Update Manager (update)                                                        Enabled    10.2.5          
      Core                              User (user)                                                                    Enabled    10.2.5          
      Core                              Views (views)                                                                  Enabled    10.2.5          
      Core                              Views UI (views_ui)                                                            Enabled    10.2.5          
      Custom                            Activity Basics (activity_basics)                                              Enabled                    
      Custom                            Activity Creator (activity_creator)                                            Enabled                    
      Social                            Activity Logger (activity_logger)                                              Enabled                    
      Social                            Activity Send (activity_send)                                                  Enabled                    
      Social                            Activity Send Email (activity_send_email)                                      Enabled                    
      Social                            Activity Send Push Notification (activity_send_push_notification)              Enabled                    
      Social                            Activity Viewer (activity_viewer)                                              Enabled                    
      Field types                       Dropdown (dropdown)                                                            Enabled                    
      Custom                            Entity Access By Field (entity_access_by_field)                                Enabled                    
      Group                             Group request (grequest)                                                       Enabled                    
      Group                             Group Core Comments support (group_core_comments)                              Enabled                    
      Group                             Group Views Bulk Operations (gvbo)                                             Enabled    1               
      Custom                            Improved Theme Settings (improved_theme_settings)                              Enabled                    
      Filters                           Mentions (mentions)                                                            Enabled                    
      Social                            Social Advanced Queue (social_advanced_queue)                                  Enabled                    
      Other                             Social File Private (Deprecated) (social_file_private)                         Enabled                    
      Other                             Social Font (social_font)                                                      Enabled                    
      Social                            Social Language (social_language)                                              Enabled                    
      Social (experimental)             Social Queue item Storage (social_queue_storage)                               Enabled                    
      Social                            Social React (social_react)                                                    Enabled                    
      Custom                            template_suggestions_extra (template_suggestions_extra)                        Enabled                    
      Social                            Social Activity (social_activity)                                              Enabled                    
      Social                            Social Comment (social_comment)                                                Enabled                    
      Social                            Social Comment Upload (social_comment_upload)                                  Enabled                    
      Social                            Social Core (social_core)                                                      Enabled                    
      Social                            Social Editor (social_editor)                                                  Enabled                    
      Social (experimental)             Social Emoji (social_emoji)                                                    Enabled                    
      Other                             Social Event Add To Calendar (social_event_addtocal)                           Enabled                    
      Social                            Social Event Invite Enrolments (social_event_invite)                           Enabled                    
      Social                            Social Event Organisers (social_event_managers)                                Enabled                    
      Social                            Social Event Type (social_event_type)                                          Enabled                    
      Social                            Social Event (social_event)                                                    Enabled                    
      Social                            Social Follow Content (social_follow_content)                                  Enabled                    
      Social                            Social Flexible Group (social_group_flexible_group)                            Enabled                    
      Social                            Social Group VBO integration with Groups and Open Social (social_group_gvbo)   Enabled                    
      Social                            Social Group Invite (social_group_invite)                                      Enabled                    
      Social                            Social Group request (social_group_request)                                    Enabled                    
      Social                            Social Secret Group (social_group_secret)                                      Enabled                    
      Social                            Social Group (social_group)                                                    Enabled                    
      Social                            Social Like (social_like)                                                      Enabled                    
      Social                            Social Mentions (social_mentions)                                              Enabled                    
      Social                            Social Node (social_node)                                                      Enabled                    
      Social                            Social Page (social_page)                                                      Enabled                    
      Social                            Social Post Album (social_post_album)                                          Enabled                    
      Social                            Social Post Photo (social_post_photo)                                          Enabled                    
      Social                            Social Post (social_post)                                                      Enabled                    
      Social                            Social Private Message (social_private_message)                                Enabled                    
      Social                            Social Profile Privacy (social_profile_privacy)                                Enabled                    
      Social                            Social Profile (social_profile)                                                Enabled                    
      Social                            Social Search (social_search)                                                  Enabled                    
      Social                            Social Swiftmailer (social_swiftmail)                                          Enabled                    
      Social                            Social Topic (social_topic)                                                    Enabled                    
      Social                            Social User (social_user)                                                      Enabled                    
      Field types                       Address (address)                                                              Enabled    8.x-1.12        
      Administration                    Admin Toolbar (admin_toolbar)                                                  Enabled    3.4.2           
      Other                             Advanced Queue (advancedqueue)                                                 Enabled    8.x-1.0-rc7     
      Views                             Better Exposed Filters (better_exposed_filters)                                Enabled    6.0.3           
      Other                             CKEditor 4 (contrib) (ckeditor)                                                Enabled    1.0.2           
      Core                              Color (color)                                                                  Enabled    1.0.3           
      Configuration                     Configuration Filter (config_filter)                                           Enabled    8.x-1.12        
      Other                             Config Modify (config_modify)                                                  Enabled    1.0.0-rc1       
      Configuration                     Configuration Read-only (config_readonly)                                      Enabled    8.x-1.0-beta5   
      Config                            Configuration Split (config_split)                                             Enabled    8.x-1.9         
      Other                             Configuration Update Base (config_update)                                      Enabled    2.0.0-alpha3    
      Media                             Crop API (crop)                                                                Enabled    8.x-2.3         
      Chaos tool suite                  Chaos Tools (ctools)                                                           Enabled    4.0.4           
      Field types                       Dynamic Entity Reference (dynamic_entity_reference)                            Enabled    3.2.0           
      Other                             Editor Advanced Link (editor_advanced_link)                                    Enabled    2.2.4           
      Other                             Entity (entity)                                                                Enabled    8.x-1.4         
      Media                             EXIF Orientation (exif_orientation)                                            Enabled    8.x-1.4         
      User interface                    External Links (extlink)                                                       Enabled    8.x-1.7         
      Fields                            Field Group (field_group)                                                      Enabled    8.x-3.4         
      File metadata                     File metadata manager (file_mdm)                                               Enabled    8.x-2.6         
      File metadata                     File metadata - EXIF (file_mdm_exif)                                           Enabled    8.x-2.6         
      File metadata                     File metadata - Font (file_mdm_font)                                           Enabled    8.x-2.6         
      Flags                             Flag (flag)                                                                    Enabled    8.x-4.0-beta4   
      Other                             Flexible permissions (flexible_permissions)                                    Enabled    1.1.0           
      Other                             Gin Toolbar (gin_toolbar)                                                      Enabled    8.x-1.0-rc5     
      Group                             Group invite (ginvite)                                                         Enabled    2.2.3           
      Group                             Group (group)                                                                  Enabled    8.x-1.6         
      Group                             Group Node (gnode)                                                             Enabled    8.x-1.6         
      Media                             Image Effects (image_effects)                                                  Enabled    8.x-3.4         
      Media                             ImageWidgetCrop (image_widget_crop)                                            Enabled    8.x-2.4         
      jQuery UI                         jQuery UI (jquery_ui)                                                          Enabled    8.x-1.6         
      jQuery UI                         jQuery UI Autocomplete (jquery_ui_autocomplete)                                Enabled    2.0.0           
      jQuery UI                         jQuery UI Datepicker (jquery_ui_datepicker)                                    Enabled    2.0.0           
      jQuery UI                         jQuery UI Menu (jquery_ui_menu)                                                Enabled    2.0.0           
      jQuery UI                         jQuery UI Slider (jquery_ui_slider)                                            Enabled    2.0.0           
      jQuery UI                         jQuery UI Touch Punch (jquery_ui_touch_punch)                                  Enabled    1.1.0           
      Voting                            Like & Dislike (like_and_dislike)                                              Enabled    8.x-1.0-beta3   
      Message                           Message (message)                                                              Enabled    8.x-1.5         
      Message                           Message Notify (message_notify)                                                Enabled    8.x-1.3         
      Permissions                       Override Node Options (override_node_options)                                  Enabled    8.x-2.7         
      Other                             Pathauto (pathauto)                                                            Enabled    8.x-1.12        
      Private Message                   Private Message Notify (private_message_notify)                                Enabled    3.0.0           
      Private Message                   Private Message (private_message)                                              Enabled    3.0.0           
      Other                             Profile (profile)                                                              Enabled    8.x-1.8         
      Other                             Redirect 403 to User Login (r4032login)                                        Enabled    2.2.1           
      Other                             Redirect (redirect)                                                            Enabled    8.x-1.9         
      Permissions                       Role Delegation (role_delegation)                                              Enabled    8.x-1.2         
      Other                             Scheduler (scheduler)                                                          Enabled    8.x-1.5         
      Search                            Database Search (search_api_db)                                                Enabled    8.x-1.31        
      Search                            Search API (search_api)                                                        Enabled    8.x-1.31        
      User interface                    Select2 (select2)                                                              Enabled    8.x-1.15        
      Social                            Activity Send Web Push (activity_send_push)                                    Enabled    2.1.4           
      Social                            Social PWA (social_pwa)                                                        Enabled    2.1.4           
      Mail                              Drupal Symfony Mailer (symfony_mailer)                                         Enabled    1.4.1           
      Other                             Token (token)                                                                  Enabled    8.x-1.13        
      Other                             Ultimate Cron (ultimate_cron)                                                  Enabled    8.x-2.0-alpha6  
      Configuration                     Update Helper (update_helper)                                                  Enabled    4.0.0           
      Administration                    Upgrade Status (upgrade_status)                                                Enabled                    
      Other                             VariationCache (variationcache)                                                Enabled    8.x-1.5         
      Views                             Views Bulk Operations (views_bulk_operations)                                  Enabled    4.2.6           
      Views                             Views Exposed Form Fieldset (views_ef_fieldset)                                Enabled    8.x-1.7         
      Views                             Views Infinite Scroll (views_infinite_scroll)                                  Enabled    2.0.2           
      Voting                            Voting API (votingapi)                                                         Enabled    8.x-3.0-beta4   
      CLIENT                               CLIENT Module (client)                                         Enabled    1               
      Core                              Claro (claro)                                                                  Enabled    10.2.5          
      Bootstrap                         Bootstrap (bootstrap)                                                          Enabled    8.x-3.29        
                                        Gin (gin)                                                                      Enabled    8.x-3.0-rc8     
                                        Social Base theme (socialbase)                                                 Enabled    2.5.14          
                                        Social Blue theme (socialblue)                                                 Enabled    2.5.7           
                                        Social CLIENT theme (socialCLIENT)                                                   Enabled                    
    
  • 🇳🇱Netherlands collinm

    The client also managed to trigger this bug by uploading a tall inline image in the summary field of a new topic.

  • 🇳🇱Netherlands collinm

    Looks like we have a potential explanation for what the behaviour I've been seeing: https://www.drupal.org/sa-core-2024-002

    This security advisory describes exactly what we've been seeing with this client website. I can't confirm if this is indeed the case as Drupal versions are managed via Open Social. But I'm very interested to see if an Open Social version that uses Drupal 10.3 resolves this.

Production build 0.71.5 2024