- Issue created by @prudloff
- Status changed to Needs review
10 months ago 10:23am 26 August 2024 - π«π·France prudloff Lille
Not sure why but it seems I can't create a merge request here : https://git.drupalcode.org/issue/drupal-3465041/-/compare/10.3.x...34650...
- Status changed to Needs work
10 months ago 1:34pm 26 August 2024 - πΊπΈUnited States smustgrave
Opened MR for ya but I think the branch was opened against 10.3 vs 11.x as there are a lot of changes.
- Status changed to Needs review
10 months ago 6:02pm 26 August 2024 - Status changed to Needs work
10 months ago 12:22pm 27 August 2024 - πΊπΈUnited States smustgrave
Thanks!
Appears to have a test failure so without digging into the test may need to consider that scenario to make sure we aren't breaking existing stuff. That said probably would need a test case or additional assertion somewhere.
- Status changed to Needs review
4 months ago 8:29pm 5 March 2025 - π«π·France prudloff Lille
I added a test.
Failing tests seem to be unrelated, they were passing previously and I did not change the code since: https://git.drupalcode.org/issue/drupal-3465041/-/pipelines/265276
It seems the tests are unusually slow and it causes some timeouts? - π«π·France prudloff Lille
I noticed the fork branch was quite old so I merged the latest 11.x and now tests are passing.
The Needs Review Queue Bot β tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".
This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide β to find step-by-step guides for working with issues.
- Status changed to RTBC
about 2 months ago 6:07pm 11 May 2025 - πΊπΈUnited States smustgrave
Fixed the comment format but rest seems to be addressed
- π¦πΊAustralia larowlan π¦πΊπ.au GMT+10
xjm β credited larowlan β .
- πΊπΈUnited States xjm
Added a note to the IS that this was approved for public handling already, and crediting @larowlan who dug out the private issue.
- πΊπΈUnited States xjm
Bumping priority given the captcha access bypass/bypassed validation.
- πΊπΈUnited States xjm
So this is a deceptively simple change. I thought about it for awhile and think the route we've taken is the best one, but I also think it merits subsytem maintainer feedback. Conveniently, one of the form subsystem maintainers is online right now, so I shall ping.
- π¦πΊAustralia larowlan π¦πΊπ.au GMT+10
Bounced around to find what is going on with that test form and found that procedural form builder. Opened π Remove form_base_test.inc and move test_form_id into \Drupal\Tests\Core\Form\TestForm::buildForm Active as a follow-up to clean it up.
- π¦πΊAustralia larowlan π¦πΊπ.au GMT+10
Left one minor comment on the MR
- πΊπΈUnited States xjm
Thanks @larowlan!
I waffled about whether to backport this. On the one hand, contrib and custom code have an almost endless capacity to do very strange things with form handling due to the vast exposed data structures hooking into executable code every which way. On the other, this is a security fix, albeit not one bad enough to merit an SA. Given those things, I decided to choose the security hardening, and to backport all the way to the production maintenance minor. Time will tell if this was the right decision. π
Committed to 11.x, and therefrom cherry-picked to 11.2.x, 10.6.x, and 10.5.x. Mahalo nui loa!
