Logout confirmation form shows inappropriate confirmation description

Created on 20 August 2024, 2 months ago
Updated 4 September 2024, about 2 months ago

Problem/Motivation

#144538 ๐Ÿ› User logout is vulnerable to CSRF Fixed added a confirm form to the user logout process that is used in certain circumstances. This form uses the base class' getDescription() method, which populates the form with the default warning "This action cannot be undone". This is inappropriate for the process of logging out, which is not a destructive action.

Steps to reproduce

As a logged in user, directly visit user/logout on a site (to trigger the CSRF protection and use the confirm form). The misleading text will be visible above the confirm/cancel buttons.

Before:

After:

Proposed resolution

Override the description in the new confirm form to contain more appropriate text.

Remaining tasks

  1. Add a test
  2. Review
  3. Commit!
๐Ÿ› Bug report
Status

Needs review

Version

11.0 ๐Ÿ”ฅ

Component
User systemย  โ†’

Last updated 6 days ago

Created by

๐Ÿ‡ฌ๐Ÿ‡งUnited Kingdom MrDaleSmith

Live updates comments and jobs are added and updated live.
  • Needs usability review

    Used to alert the usability topic maintainer(s) that an issue significantly affects (or has the potential to affect) the usability of Drupal, and their signoff is needed. When adding this tag, make it easy to review the issue. Make sure the issue summary describes the problem and the proposed solution. Screenshots usually help a lot! To get sign-off on issues with the "Needs usability review" tag, post about them in the #ux channel on Drupal Slack, and/or attend a UX meeting to demo the patch and get direct feedback from designers/UX folks/product management on next steps. If an issue represents a significant new feature, UI change, or change to the general "user experience" of Drupal, use Needs product manager review instead. See the scope of responsibilities for product managers.

Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024