Path alias can be set to an internal file path

Created on 14 August 2024, 5 months ago

Updated 10 September 2024, 4 months ago

Problem/Motivation

When creating a custom path alias, users currently can set the alias to an internal path, eg. /modules/custom/my_custom_module/custom.js .

When a users visit a node with this path alias, instead of showing the actual node data it will try to access the file instead.

Steps to reproduce

1. Create a new topic
2. Set the path alias to /modules/custom/my_custom_module/custom.js
3. Make sure that the actual path exist and that the file is actually there.
4. Try to visit this URL
5. You should be prompted to download this file.

Proposed resolution

Add a custom validation function that disallow to set path alias that starts with a reserved Drupal path or a path that points to an actual file on the server itself.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Fixed

Version

13.0

Component

Code (back-end)

Created by

🇸🇮Slovenia nkoporec Slovenia

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @nkoporec
Status changed to Needs review 5 months ago6:35pm 14 August 2024
Comment 5 months ago →
🇸🇮Slovenia nkoporec Slovenia
PR: https://github.com/goalgorilla/open_social/pull/4028
Status changed to Fixed 4 months ago3:53pm 27 August 2024
Comment 4 months ago →
🇳🇱Netherlands robertragas
Landing in alpha10
Comment 4 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024