If I try to use any url token in an email handler while a webform is configured to not save results, then an exception is thrown:
Drupal\Core\Entity\EntityMalformedException: The "webform_submission" entity cannot have a URI as it does not have an ID in Drupal\Core\Entity\EntityBase->toUrl() (line 161 of /var/www/html/web/core/lib/Drupal/Core/Entity/EntityBase.php).
Use a token such as [webform_workflow:transition-url:?:unaliased] on a handler on a form which is configured not to save submissions and submit the form.
I know this is not a real life situation because workflows cannot be used if the submissions are not saved, but it was mentioned in a security audit and provides (in theory) an attack vector for a malicious user. Simple check and silently failing will prevent the exception to be thrown. Added logging will help the site-builder to solve the problem.
Needs review
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
No activities found.