This is a D7 backport of 🐛 Protect pager against [] for the page Needs work
Backport D11 patch.
Active
7.0 ⚰️
system.module
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Thank you for working on this! The tests are failing because of array to string conversion: https://git.drupalcode.org/issue/drupal-3482184/-/jobs/3111321
I also left a few comments/suggestions in the MR (including the reason for the failure mentioned above). Moving to Needs Work.