Contrib.social

Images do not work if their location is in the theme or module directory, resulting in broken images.

Open on Drupal.org β†’
Created on 25 July 2024, 4 months ago

Problem/Motivation

If you have the images in the theme or modules path, then the image embed does not work.

Steps to reproduce

- We have the Twig templates in the theme to override the default design UI.
- In the Twig templates, we are using the logo, and the logo is in the theme directory.
- When we receive the email, the image is broken because the logo file is in the theme directory instead of sites/default/files.

Proposed resolution

We don't need to force the image to be in the public file directory path.

Remaining tasks

Need to create the patch

πŸ› Bug report
Status

Closed: won't fix

Version

2.0

Component

Code

Created by

πŸ‡΅πŸ‡°Pakistan asghar

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @asghar
  • Comment 4 months ago β†’
    πŸ‡΅πŸ‡°Pakistan asghar
  • Status changed to Closed: won't fix 4 months ago
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States zengenuity

    This would introduce a security vulnerability similar to https://www.drupal.org/sa-contrib-2024-006 β†’ , so I can't accept the patch as it's provided.

    When I wrote this check, I broke this functionality into a service so that sites that want to do something different can override it. So, if you want to allow images to be embedded from a theme folder, you can do that by decorating or replacing the EmbeddedImageValidator service in a custom module. I still would advise against removing the folder check entirely in your service, to avoid introducing a vulnerability to your site. Just allow the specific folders you want to allow.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024