Disable access checking in EntityReferenceIntegrityEntityHandler::referentialEntityQuery()

Created on 27 February 2025, about 1 month ago

Problem/Motivation

πŸ“Œ Automated Drupal 10 compatibility fixes Fixed introduced accessCheck(TRUE) to the entity query in EntityReferenceIntegrityEntityHandler::referentialEntityQuery(). This means that only entities that the user has access to will be returned by the query, which means it is theoretically possible to delete an entity that has references to it.

I haven't tested this to confirm, but it seems to be the case looking at the code.

Steps to reproduce

TBD

Proposed resolution

Change accessCheck(TRUE) to accessCheck(FALSE).

Remaining tasks

TBD

User interface changes

None.

API changes

None.

Data model changes

None.

πŸ› Bug report
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States m.stenta

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024