This patch worked for me and is critically needed. Hopefully it gets merged soon!
Here's a quick version of the patch for 1.0.0
This is still an issue I'm encountering with D9.5.9 and Seven 1.0.0 and only started when I switched to the new contrib version Seven. The carat icons are replicated as shown in the description or the carat/down arrows are simply missing. The CSS solution in patch #21 works when applied directly. I don't know if the actual patch will apply. The changes could easily be incorporated into a new release.
@nojj, here is the current state of things:
- v1.6 and 8.x-1.x-dev have the Drupal security update
- Patch in #38 updates the patch in #24 for the latest dev version
- Patch in #39 updates the patch in #38 with the fix for the issue in #34, which I think is necessary to address, and is for the latest dev version
I'm using #39 with the latest dev successfully on my projects
@nojj, yes it looks like the security issue is addressed in both 1.6 and the latest dev.
@nojj, I haven't looked at V1.6, but I'd be surprised if these changes made it in unannounced. In any case, the latest patches - 38 & 39 - work with the latest dev version only.
This is an updated version of #36, based on my comment in #34.
I made some changes based on the test failures, so here's an updated patch for the latest dev based on #24. I'm not familiar with writing tests so you're on your own there.
And here's a version based on my comment in #34, it adds a new function to the patch in #35 for listing the Protected Pages vs loading them.
Here's a patch for the latest dev based on #24
I don't know the state of this patch currently (we've continued to successfully use #24 on D9.5) and I have my doubts, given the maintenance of this project, that it will make it into production. However, I've discovered a worrisome bug when using the patch.
When you have more than 20 passwords set up, the interface becomes paged, which is normal. However, any wildcard page passwords you have setup that are on the second page are NO LONGER password restricted.
Looking through the code of the patch, one of the first additions is pulling from loadAllProtectedPages:
// Check all protected pages entries for path match including wildcards.
$all_protected_pages = $protected_pages_storage->loadAllProtectedPages();
foreach ($all_protected_pages as $protected_page) {
if ($path_matcher->matchPath($file_path, $protected_page->path)) {
$pid = $protected_page->pid;
break;
}
}
Unfortunately, the loadAllProtectedPages function contains a pager/limit for 20 items. Fine for listing the pages, bad for checking all of the passwords:
public function loadAllProtectedPages() {
$results = $this->connection->select('protected_pages', 'p')
->extend('Drupal\Core\Database\Query\PagerSelectExtender')
->fields('p')
->orderBy('p.pid', 'DESC')
->limit(20)
->execute()
->fetchAll();
A quick fix for this, and you need one if your pages are now unprotected, is to just up the limit or even drop the pager completely. I ended up duplicating the loadAllProtectedPages function, calling it listAllProtectedPages, and using it where the results are called. I left alone all the references to loadAllProtectedPages in the patch and just removed the pager from that function.
I would add this to the patch, but again, I'm not sure where it stands given the merge request, etc.