#Security

I'm not sure this is a duplicate of 🐛 Media library allows adding videos from providers other than Youtube/Vimeo using Media embed Needs work .

If I understand correctly, this is about restricting allowed providers on existing media.
Whereas 🐛 Media library allows adding videos from providers other than Youtube/Vimeo using Media embed Needs work is about core failing to restrict providers on new media created in the media library.

Hello @pramodganore, thanks for taking the time to look at it.
The code in the comment #3459227-7: Potential risks using "Direct query" parse mode with views? → was just a proof of concept with very basic code (be aware of it and read carefully some implications in the issue's description). There is no further code, although I am still improving it but not sure when will be ready for posting it here.
Also a lot of testing will need to be done and probably, as @mkalkbrenner mentioned, Search API processors will not fully work (I am thinking for example about the Highlight.
That being said, maybe the best solution could be just customizing your search form by adding some kind of tips for the final user about how they should use it, since solr is very picky about the syntax (not only case sensitive, but also some user may forget to close the single quotes, double quotes, parenthesis...).
I am also working in the other approach by using the "Simple Query Parser", but first try yield some unexpected results, I come with something useful I'll update this issue.

@chris burge Thanks, it does seem like a duplicate.

Duplicate? 🐛 Media library allows adding videos from providers other than Youtube/Vimeo using Media embed Needs work

I did notice however the Solr searches are case sensitive for the operator
Example -“and”, “AND”, “And”

Unlike power users, general users would not be aware of the subtle differences.

Is there an existing solution, a checkbox away already built into search ?

Thank you, this solution was very helpful.

Created ✨ [PP-1] Add $entity->uuid() methods to allowed methods list in Twig sandbox policy Postponed .

@sabrina.liman , patches are no longer preferred, please use existing MR to contribute or create a different MR if you have an alternative solution than the existing one.

@mvonfrie, re #45: Feel free to open another postponed child issue about that, much like ✨ Add $entity->toUrl() and $entity->toLink() methods to allowed methods list in Twig sandbox policy Needs work . Once this issue is merged and fixed, it'll be much easier and safer to expand the allowed methods and target specific interfaces where we want to allow other methods.

Thanks,
-Derek

Not directly related to the topic of this issue, but related:

Why is ::uuid not allowed as well for the types where ::id is allowed? At least this would make sense in relation to #1726734: Replace serial entity IDs with UUIDs in URLs, or even globally? → , ✨ Make it possible to link to an entity by UUID Active and related issues.

Error occurred with #139

PHP Deprecated: Optional parameter $requestStack declared before required parameter $session_configuration is implicitly treated as a required parameter in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php on line 28

Deprecated: Optional parameter $requestStack declared before required parameter $session_configuration is implicitly treated as a required parameter in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php on line 28
PHP Fatal error: Uncaught TypeError: Drupal\Core\Access\RouteProcessorCsrf::__construct(): Argument #2 ($requestStack) must be of type ?Symf
ony\Component\HttpFoundation\RequestStack, Drupal\Core\Session\SessionConfiguration given, called in /var/www/html/docroot/core/lib/Drupal/Co
mponent/DependencyInjection/Container.php on line 261 and defined in /var/www/html/docroot/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php:28

@sabrina.liman Please do not change the version or the category. Core development is currently on 11.x.