Contrib.social

Wrong content can be returned for a path

Open on Drupal.org β†’
Created on 17 March 2025, 23 days ago

Problem/Motivation

If you have 3 pages, and each page has the same path for different domains, the bug is not visible. However, if you delete two of those nodes, you will incorrectly retrieve content from the first returned record in the database.

Steps to reproduce

Create a few pages for different domains with the same URL. See that their contents are different. Now delete one and try to access it on that domain - you will see content from another domain.

Proposed resolution

Rework the DomainUniquePathAliasManager::getPathByAlias method to do the following:

  • Remove the call to $this->inner->getPathByAlias().
  • If no paths were found, load the domain configuration for that domain id, and return its configured 404 page and return that path.
  • If no domain config was found, load and return the 404 page for All Domains.
  • If that doesn't exist, consider an exception or some other means of handling it.

When no domain path is found, it calls the inner service which is what returns the first thing it finds by path even for a domain it is not assigned to.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ› Bug report
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States kevinquillen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @kevinquillen
  • Comment 23 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States kevinquillen
  • Comment 23 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States kevinquillen

    This is a bit more challenging than I thought. So far, I came up with

        $global_config = $this->configFactory->get('system.site');
    $domain_config = $this->configFactory->get('domain.config.' . $domain_id . '.system.site');

    if ($domain_config) {
      $path = $domain_config->get('page.404');

      if (!empty($path)) {
        return $this->getAliasByPath($path, $langcode);
      }
    }

    if ($global_config) {
      $path = $global_config->get('page.404');

      if (!empty($path)) {
        return $this->getAliasByPath($path, $langcode);
      }
    }

    return $this->inner->getPathByAlias($alias, $langcode);

    But this breaks valid, non-content paths (like /admin paths) and returns a 404. Attempts to load the route by path or alias seems to result in recursion errors.

  • Comment 23 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States kevinquillen

    I could be wrong but this seems like a big issue. The module appears to assign a domain_id record - but I think in order to adequately have this enforced and checked, you need to override the core AliasManager and AliasRepository to have their lookups respect the domain_id key. Otherwise it seems like you can enter any path for a Domain and if it matches a path assigned to another domain, Drupal will return that and route it to the user.

    I am kind of stumped at how to get the desired behavior.

  • Comment 23 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States kevinquillen

    Rebuilding node permissions seems to fix this issue, but I am not sure how it got into that state to begin with.

  • Comment 17 days ago β†’
    πŸ‡«πŸ‡·France jenue1933 Bordeaux

    s1933 β†’ made their first commit to this issue’s fork.

  • Merge request !13Draft: Issue #3470631 - Managed 404 page after alias deletion. β†’ (Open) created by jenue1933
  • Comment 17 days ago β†’
    πŸ‡«πŸ‡·France jenue1933 Bordeaux

    Thanks for this report. I agree with you that it’s a critical issue.

    Here is my first contribution. If no path alias entity is found in getPathByAlias(), load and return the 404 page if it exists.
    To be sure that non-content aliases checked (like /admin), I added a function to determine whether the current alias exists on db.
    I also updated the functional test to cover this use case.

  • Comment 17 days ago β†’
    πŸ‡«πŸ‡·France jenue1933 Bordeaux
  • Comment 16 days ago β†’
    πŸ‡ΊπŸ‡ΈUnited States kevinquillen

    Test failure appears to be in the base Domain module.

  • Comment 16 days ago β†’
    πŸ‡«πŸ‡·France jenue1933 Bordeaux
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024