Contrib.social

Risk of assigning the wrong entity to the token data

Open on Drupal.org →
Created on 9 June 2025, about 1 month ago

Problem/Motivation

The following code below found at https://git.drupalcode.org/project/notificationswidget/-/blob/2.0.x/src/...

<?php
      $messageItems = $this->token->replace(
        $messageItems, [
          'user' => $this->currentUser,
          'node' => $entity,
          'term' => $entity,
          'comment' => $entity,
        ]
      );
?>

This code assign the same entity to the node, term and comment. I believe no entity can be a node and a term and a comment at the same time. In some cases when creating another entity that has the same bundle machine as a node type or vocabulary it will cause a wsod.

Steps to reproduce

  1. Install and enable the drupal.org/project/group
  2. Create a group type called "forum"
  3. Create a node type called "forum"
  4. Try to create a group of type "forum"

You will get WSOD at https://git.drupalcode.org/project/drupal/-/blob/11.x/core/modules/node/... because this module send a group entity as a node entity for token replacement.

Proposed resolution

Update the code to check the entity type. and set the token data accordingly.

Remaining tasks

MR

User interface changes

N/A

API changes

N/A

Data model changes

N/A

🐛 Bug report
Status

Active

Version

2.0

Component

Code

Created by

🇨🇦Canada nikathone Ontario

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024