Access denied by inserting a media image

Created on 9 July 2024, 5 months ago
Updated 8 September 2024, 3 months ago

Problem/Motivation

I use Spammaster, the Media library, module Media Directories, module Insert and the Drupal Media button in Ckeditor 5 in Drupal 10.3.1. All modules have the last version.
When I try to insert a media image in my text in a node I get the overlay to chose the image. When I select an other directory I get the message I don't have the right permission (being user 1!). In the logging I get this access denied message:
Location: https://example.com/admin/content/media-widget/image?directory=1&name=&s...
Message: Path: /admin/content/media-widget/image?directory=1&name=&sort_by=created&spammaster_extra_field_1=&spammaster_extra_field_2=. Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: The opener ID parameter is required and must be a string. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 115 of /xxx/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

After disabling spammaster I don't have any problem inserting an image.

🐛 Bug report
Status

Fixed

Version

2.49

Component

Code

Created by

🇳🇱Netherlands promes

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @promes
  • Assigned to pedro-alves
  • Status changed to Needs work 5 months ago
  • 🇵🇹Portugal pedro-alves

    Hi Promes,

    We are going to take a look. If you don't change the directory does it work?

  • Issue was unassigned.
  • Status changed to Active 5 months ago
  • 🇳🇱Netherlands promes

    Inserting an image from the default directory gives a errormessage on my page: Oops, something went wrong. Check your browser's developer console for more details.
    And 2 php messages in the log:

    1. location: https://example.com/media-library?_wrapper_format=drupal_ajax&ajax_form=...

    with message:
    Warning: array_flip(): Can only flip string and integer values, entry skipped in Drupal\Core\Entity\EntityStorageBase->loadMultiple() (liine 278 of /xxx/core/lib/Drupal/Core/Entity/EntityStorageBase.php)

    #0 /xxx/core/includes/bootstrap.inc(166): _drupal_error_handler_real()
    #1 [internal function]: _drupal_error_handler()
    #2 /xxx/core/lib/Drupal/Core/Entity/EntityStorageBase.php(278): array_flip()
    #3 /xxx/core/lib/Drupal/Core/Entity/EntityStorageBase.php(262): Drupal\Core\Entity\EntityStorageBase->loadMultiple()
    #4 /xxx/core/modules/media_library/src/MediaLibraryEditorOpener.php(64): Drupal\Core\Entity\EntityStorageBase->load()
    #5 /xxx/core/modules/media_library/src/Plugin/views/field/MediaLibrarySelectForm.php(177): Drupal\media_library\MediaLibraryEditorOpener->getSelectionResponse()
    #6 [internal function]: Drupal\media_library\Plugin\views\field\MediaLibrarySelectForm::updateWidget()
    #7 /xxx/core/lib/Drupal/Core/Form/FormAjaxResponseBuilder.php(69): call_user_func_array()
    #8 /xxx/core/lib/Drupal/Core/Form/EventSubscriber/FormAjaxSubscriber.php(112): Drupal\Core\Form\FormAjaxResponseBuilder->buildResponse()
    #9 [internal function]: Drupal\Core\Form\EventSubscriber\FormAjaxSubscriber->onException()
    #10 /xxx/core/lib/Drupal/Component/EventDispatcher/ContainerAwareEventDispatcher.php(111): call_user_func()
    #11 /home/alkcstg/domains/steunstichtingalkcare.nl/drupal/vendor/symfony/http-kernel/HttpKernel.php(239): Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch()
    #12 /home/alkcstg/domains/steunstichtingalkcare.nl/drupal/vendor/symfony/http-kernel/HttpKernel.php(91): Symfony\Component\HttpKernel\HttpKernel->handleThrowable()
    #13 /xxx/core/lib/Drupal/Core/StackMiddleware/Session.php(53): Symfony\Component\HttpKernel\HttpKernel->handle()
    #14 /xxx/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(48): Drupal\Core\StackMiddleware\Session->handle()
    #15 /xxx/core/lib/Drupal/Core/StackMiddleware/ContentLength.php(28): Drupal\Core\StackMiddleware\KernelPreHandle->handle()
    #16 /xxx/core/modules/big_pipe/src/StackMiddleware/ContentLength.php(32): Drupal\Core\StackMiddleware\ContentLength->handle()
    #17 /xxx/core/modules/page_cache/src/StackMiddleware/PageCache.php(106): Drupal\big_pipe\StackMiddleware\ContentLength->handle()
    #18 /xxx/core/modules/page_cache/src/StackMiddleware/PageCache.php(85): Drupal\page_cache\StackMiddleware\PageCache->pass()
    #19 /xxx/core/modules/ban/src/BanMiddleware.php(50): Drupal\page_cache\StackMiddleware\PageCache->handle()
    #20 /xxx/modules/contrib/crowdsec/src/Middleware.php(96): Drupal\ban\BanMiddleware->handle()
    #21 /xxx/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(48): Drupal\crowdsec\Middleware->handle()
    #22 /xxx/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(51): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle()
    #23 /xxx/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php(36): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle()
    #24 /xxx/core/lib/Drupal/Core/StackMiddleware/StackedHttpKernel.php(51): Drupal\Core\StackMiddleware\AjaxPageState->handle()
    #25 /xxx/core/lib/Drupal/Core/DrupalKernel.php(741): Drupal\Core\StackMiddleware\StackedHttpKernel->handle()
    #26 /xxxxx/index.php(19): Drupal\Core\DrupalKernel->handle()
    #27 {main}

    2. location: https://example.com/media-library?_wrapper_format=drupal_ajax&ajax_form=...

    with message:
    Error: Call to a member function uuid() on null in Drupal\media_library\MediaLibraryEditorOpener->getSelectionResponse() (line 70 of /xxx/core/modules/media_library/src/MediaLibraryEditorOpener.php)

    #0 /xxx/core/modules/media_library/src/Plugin/views/field/MediaLibrarySelectForm.php(177): Drupal\media_library\MediaLibraryEditorOpener->getSelectionResponse()
    #1 [internal function]: Drupal\media_library\Plugin\views\field\MediaLibrarySelectForm::updateWidget()
    #2 /xxx/core/lib/Drupal/Core/Form/FormAjaxResponseBuilder.php(69): call_user_func_array()
    #3 /xxx/core/lib/Drupal/Core/Form/EventSubscriber/FormAjaxSubscriber.php(112): Drupal\Core\Form\FormAjaxResponseBuilder->buildResponse()
    #4 [internal function]: Drupal\Core\Form\EventSubscriber\FormAjaxSubscriber->onException()
    #5 /xxx/core/lib/Drupal/Component/EventDispatcher/ContainerAwareEventDispatcher.php(111): call_user_func()
    #6 /home/alkcstg/domains/steunstichtingalkcare.nl/drupal/vendor/symfony/http-kernel/HttpKernel.php(239): Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch()
    #7 /home/alkcstg/domains/steunstichtingalkcare.nl/drupal/vendor/symfony/http-kernel/HttpKernel.php(91): Symfony\Component\HttpKernel\HttpKernel->handleThrowable()
    #8 /xxx/core/lib/Drupal/Core/StackMiddleware/Session.php(53): Symfony\Component\HttpKernel\HttpKernel->handle()
    #9 /xxx/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(48): Drupal\Core\StackMiddleware\Session->handle()
    #10 /xxx/core/lib/Drupal/Core/StackMiddleware/ContentLength.php(28): Drupal\Core\StackMiddleware\KernelPreHandle->handle()
    #11 /xxx/core/modules/big_pipe/src/StackMiddleware/ContentLength.php(32): Drupal\Core\StackMiddleware\ContentLength->handle()
    #12 /xxx/core/modules/page_cache/src/StackMiddleware/PageCache.php(106): Drupal\big_pipe\StackMiddleware\ContentLength->handle()
    #13 /xxx/core/modules/page_cache/src/StackMiddleware/PageCache.php(85): Drupal\page_cache\StackMiddleware\PageCache->pass()
    #14 /xxx/core/modules/ban/src/BanMiddleware.php(50): Drupal\page_cache\StackMiddleware\PageCache->handle()
    #15 /xxx/modules/contrib/crowdsec/src/Middleware.php(96): Drupal\ban\BanMiddleware->handle()
    #16 /xxx/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(48): Drupal\crowdsec\Middleware->handle()
    #17 /xxx/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(51): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle()
    #18 /xxx/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php(36): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle()
    #19 /xxx/core/lib/Drupal/Core/StackMiddleware/StackedHttpKernel.php(51): Drupal\Core\StackMiddleware\AjaxPageState->handle()
    #20 /xxx/core/lib/Drupal/Core/DrupalKernel.php(741): Drupal\Core\StackMiddleware\StackedHttpKernel->handle()
    #21 /xxx/index.php(19): Drupal\Core\DrupalKernel->handle()
    #22 {main}

  • Assigned to pedro-alves
  • Status changed to Needs work 5 months ago
  • 🇵🇹Portugal pedro-alves

    Thx for testing.
    The last 2 errors are related to media library.
    The original post looks related to Ckeditor and if I recall they had issues in the past with checkAccess.

    We will soon launch version 2.50 that might bypass these issues... but we can't really test using a setup exactely like yours. If you have a dev machine and some free time... maybe you can test by uninstalling spam master and install honeypot or antibot (there's an high probability to generate the same errors).

  • 🇳🇱Netherlands promes

    The last 2 errors: they occur only when spammaster is enabled.
    I don't use checkAccess.
    After next version I will test it again.

  • Status changed to Fixed 3 months ago
  • Status changed to Fixed 3 months ago
Production build 0.71.5 2024