🇦🇺Australia @jannakha

@octaviosch
patch is on MR - https://git.drupalcode.org/project/simplify/-/merge_requests/8.diff

please review docs on git workflow:
- https://www.drupal.org/docs/develop/git/using-gitlab-to-contribute-to-dr... →
- https://www.drupal.org/docs/develop/git/using-gitlab-to-contribute-to-dr... →

After you install patch, please update status of this issue

Changes look good.
Tested.
Ready for release.

Thanks for your contribution!

- error goes away after "Term Merge" module is enabled
- cleaned up taxonomy manager merge library

jannakha → made their first commit to this issue’s fork.

Please don't put multiple issues into a same ticket - it makes it hard to test and review:
- new permissions structure
- add pagination on 'admin/structure/taxonomy_manager/voc' page

When status of ticket goes into "needs review" please provide screenshots and pages to be reviewed

see comments on MR

basically:
config has Editor has create permissions:

Running debug shows different values for different ways of testing permissions:

$taxonomy_vocabulary->access('create') is buggy
see https://www.drupal.org/project/drupal/issues/2886800 🐛 EntityAccessControlHandler::createAccess() and EntityAccessControlHandler::access() return false positive cache hits because it ignores context Needs work

- added extra library to JS from CDN
- requires https://www.drupal.org/project/taxonomy_manager/issues/3046752 🐛 AJAX error when editing term content Postponed: needs info patch #31 (MR49) to work correctly (which includes https://www.drupal.org/project/taxonomy_manager/issues/3474919 🐛 Form element taxonomy_manager_tree broken RTBC )

jannakha → made their first commit to this issue’s fork.

https://www.drupal.org/project/taxonomy_manager/issues/3046752 🐛 AJAX error when editing term content Postponed: needs info is required for any ajax requests to work

created a patch from MR (it's merged with #3474919)
make sure library/jquery.fancytree contains all JS - see #3467549 ✨ Change require custom libraries to suggestions as a better method with more options Needs work

jannakha → made their first commit to this issue’s fork.

tested MR2 - issue is fixed.

thanks for your work!

tested.
thanks for your work!

check your config has been updated by re-running block_class_update_20017()
this update transformed config from string to json and if your config is old block_class will keep crashing

+1 for patch #13 works on 10.3.10

thanks for the patch!

can someone review?
it'll be nice to get a release with this feature

created patch out of MR4 @ c3e20aa2

just for future, let's not scope creep issues: add to wish list is totally independent from add to cart AJAX and could've been its own MR

@anas_maw - can you expand on your comments on your patch? what should be done with it?
@luksak can you please add documentation about "Add to wish list" to readme.md?

tested

good to go!

tested
good to go

MR8 is ready for review

jannakha → created an issue.

+1 for #10 comment

reviewed

reviewed

cool logo

reviewed

reviewed and tested

Tested

thanks for the fix!

@smustgrave can you comment in GitLab on the line corresponding to your comment?

new maintainer is on the project.

stay tuned for new releases!

same as 3458794

thanks for the patch

thank you for your contribution!
patch applies, issue is fixed.

RTBC

If exception is to be thrown, consider:
where the exception should be thrown:
- at DB level
- at config level
- at entity level
- at routing level

where exception should be handled:
- at config level
- at entity level
- at routing level
- at request processing level

In the end, exception would be visible to the client as 404 (as route is not found)

@stefan.korn - thanks for your work!

Before patch application:

After patch application:

Tasks to do:

#1

Add description_display variable to twig comment (like in stable9):

 * Available variables:
 * - attributes: HTML attributes for the fieldset element.
 * - description_display: Description display setting. It can have these values:
 *   - before: The description is output before the element.
 *   - after: The description is output after the element (default).
 *   - invisible: The description is output after the element, hidden visually
 *     but available to screen readers.

#2

Looks like this issue exists in the core as well (templates are being created from StarterKit theme)
Create an issue for Starterkit theme → .

MR !72 is merging into 4.0.x?
Are you seeking D11 support for v3 or v4 (is D11 compatible already)

Please resolve conflicts or update MR to merge to appropriate branch

@stefan.korn thanks for your contribution!

After application of patch:
+ HTML has required classes:

+ removed margin on description:
before:

after:

Unfortunately, css/components is a volatile folder and can be overwritten by updates coming from web/core/themes/starterkit_theme/css/components (see Starterkit theme - Tracking upstream changes → )

Please make update to scss in web/themes/contrib/bootstrap5/scss/drupal/_forms.scss

Here's screenshots of the patch application:

Media - modal - mobile

- Grid on mobile requires appropriate spacing:

Media - modal

+ Edit/delete buttons are visible and keyboard accessible
+ Card style is applied
- Media card layout requires further fixes (alignment/spacing):

Media - table

No changes on the table layout:

Media - grid

+ card style applied
- spacing/alignment not applied

Media - Widget

+ Delete button is visible
- Visible outline is missing when buttons is in focus

added screenshots of media screens which need fixes

+1 RTBC
cool logo

thanks bot!

patch of MR9542 @ 265e30ba9c9e65396211044895ec0c1e50c52449 for temporary fix

@stefan.korn
can you please provide screenshots before/after of the MR, and Claro example you've described in the issue.
This will make it easier and faster to confirm the issue and review solution.

thank you!

before I start writing tests - please review/comment/provide suggestions to the solution - MR!9544
Thanks!

jannakha → created an issue.

so I've added the exception at Drupal\Core\Config\DatabaseStorage->readMultiple() level, but it's not being caught anywhere in the stack and each stack trace is different for different config types (see below).

Please advise/recommend where/how exception should be thrown/caught.

IMHO handling it on Drupal\Core\Config\DatabaseStorage->readMultiple() without additional exceptions is sufficient as it's such an edge case which is used for exploitation/attack only (there's already check for if (empty($names)) which doesn't throw any exceptions).

Here's a stack trace for: /node/add/тест

The website encountered an unexpected error. Try again later.

InvalidArgumentException: The array contains invalid values. in Drupal\Core\Config\DatabaseStorage->readMultiple() (line 116 of core/lib/Drupal/Core/Config/DatabaseStorage.php).
Drupal\Core\Config\CachedStorage->readMultiple(Array) (Line: 165)
Drupal\Core\Config\ConfigFactory->doLoadMultiple(Array) (Line: 136)
Drupal\Core\Config\ConfigFactory->loadMultiple(Array) (Line: 181)
Drupal\Core\Config\Entity\ConfigEntityStorage->doLoadMultiple(Array) (Line: 312)
Drupal\Core\Entity\EntityStorageBase->loadMultiple(Array) (Line: 183)
Drupal\Core\Entity\EntityRepository->getCanonicalMultiple('node_type', Array, Array) (Line: 175)
Drupal\Core\Entity\EntityRepository->getCanonical('node_type', 'тест', Array) (Line: 134)
Drupal\Core\ParamConverter\EntityConverter->convert('тест', Array, 'node_type', Array) (Line: 100)
Drupal\Core\ParamConverter\ParamConverterManager->convert(Array) (Line: 45)
Drupal\Core\Routing\Enhancer\ParamConversionEnhancer->enhance(Array, Object) (Line: 270)
Drupal\Core\Routing\Router->applyRouteEnhancers(Array, Object) (Line: 150)
Drupal\Core\Routing\Router->matchRequest(Object) (Line: 90)
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object) (Line: 105)
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object, 'kernel.request', Object)
call_user_func(Array, Object, 'kernel.request', Object) (Line: 111)

here's a stack for: /admin/structure/views/view/тест

The website encountered an unexpected error. Try again later.

InvalidArgumentException: The array contains invalid values. in Drupal\Core\Config\DatabaseStorage->readMultiple() (line 116 of core/lib/Drupal/Core/Config/DatabaseStorage.php).
Drupal\Core\Config\CachedStorage->readMultiple(Array) (Line: 165)
Drupal\Core\Config\ConfigFactory->doLoadMultiple(Array) (Line: 136)
Drupal\Core\Config\ConfigFactory->loadMultiple(Array) (Line: 181)
Drupal\Core\Config\Entity\ConfigEntityStorage->doLoadMultiple(Array) (Line: 312)
Drupal\Core\Entity\EntityStorageBase->loadMultiple(Array) (Line: 487)
Drupal\Core\Config\Entity\ConfigEntityStorage->loadMultipleOverrideFree(Array) (Line: 478)
Drupal\Core\Config\Entity\ConfigEntityStorage->loadOverrideFree('тест') (Line: 80)
Drupal\Core\ParamConverter\AdminPathConfigEntityConverter->convert('тест', Array, 'view', Array) (Line: 64)
Drupal\views_ui\ParamConverter\ViewUIConverter->convert('тест', Array, 'view', Array) (Line: 100)
Drupal\Core\ParamConverter\ParamConverterManager->convert(Array) (Line: 45)
Drupal\Core\Routing\Enhancer\ParamConversionEnhancer->enhance(Array, Object) (Line: 270)
Drupal\Core\Routing\Router->applyRouteEnhancers(Array, Object) (Line: 150)
Drupal\Core\Routing\Router->matchRequest(Object) (Line: 90)
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object) (Line: 105)
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object, 'kernel.request', Object)
call_user_func(Array, Object, 'kernel.request', Object) (Line: 111)

Here's stack trace for a contrib module: /webform/тест:

The website encountered an unexpected error. Try again later.

InvalidArgumentException: The array contains invalid values. in Drupal\Core\Config\DatabaseStorage->readMultiple() (line 116 of core/lib/Drupal/Core/Config/DatabaseStorage.php).
Drupal\Core\Config\CachedStorage->readMultiple(Array) (Line: 165)
Drupal\Core\Config\ConfigFactory->doLoadMultiple(Array) (Line: 136)
Drupal\Core\Config\ConfigFactory->loadMultiple(Array) (Line: 181)
Drupal\Core\Config\Entity\ConfigEntityStorage->doLoadMultiple(Array) (Line: 312)
Drupal\Core\Entity\EntityStorageBase->loadMultiple(Array) (Line: 183)
Drupal\Core\Entity\EntityRepository->getCanonicalMultiple('webform', Array, Array) (Line: 175)
Drupal\Core\Entity\EntityRepository->getCanonical('webform', 'тест', Array) (Line: 134)
Drupal\Core\ParamConverter\EntityConverter->convert('тест', Array, 'webform', Array) (Line: 100)
Drupal\Core\ParamConverter\ParamConverterManager->convert(Array) (Line: 45)
Drupal\Core\Routing\Enhancer\ParamConversionEnhancer->enhance(Array, Object) (Line: 270)
Drupal\Core\Routing\Router->applyRouteEnhancers(Array, Object) (Line: 150)
Drupal\Core\Routing\Router->matchRequest(Object) (Line: 90)
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object) (Line: 105)
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object, 'kernel.request', Object)
call_user_func(Array, Object, 'kernel.request', Object) (Line: 111)

@cilefen
Re: "caller's responsibility to filter input" - it's a lookup into config database which doesn't validate non-ascii input, there are levels of abstractions between config object and node/webform/view/or other caller which will make it quite hard to validate it on per-caller basis.

* there's a case-by-case fix which doesn't fix much: https://www.drupal.org/project/drupal/issues/3457963 🐛 Validate view_name in ajaxView() Needs work

It was discovered during a pen test and flagged as a potential security issue since:
- This leads to unnecessary hits of database which can lead to server outage.
- The error message is not handled and white screen of death is displayed.

examples:
https://events.drupal.org/node/add/тест
https://www.cyber.gov.au/node/add/тест

Stack trace of node/add/{node_type} and each other config has its own trace:

#0 /web/core/lib/Drupal/Core/Database/Connection.php(883): Drupal\mysql\Driver\Database\mysql\ExceptionHandler->handleExecutionException(Object(PDOException), Object(Drupal\Core\Database\StatementWrapperIterator), Array, Array)
#1 /web/core/lib/Drupal/Core/Config/DatabaseStorage.php(119): Drupal\Core\Database\Connection->query('SELECT [name], ...', Array, Array)
#2 /web/core/lib/Drupal/Core/Config/CachedStorage.php(95): Drupal\Core\Config\DatabaseStorage->readMultiple(Array)
#3 /web/core/lib/Drupal/Core/Config/ConfigFactory.php(165): Drupal\Core\Config\CachedStorage->readMultiple(Array)
#4 /web/core/lib/Drupal/Core/Config/ConfigFactory.php(136): Drupal\Core\Config\ConfigFactory->doLoadMultiple(Array)
#5 /web/core/lib/Drupal/Core/Config/Entity/ConfigEntityStorage.php(181): Drupal\Core\Config\ConfigFactory->loadMultiple(Array)
#6 /web/core/lib/Drupal/Core/Entity/EntityStorageBase.php(312): Drupal\Core\Config\Entity\ConfigEntityStorage->doLoadMultiple(Array)
#7 /web/core/lib/Drupal/Core/Entity/EntityRepository.php(183): Drupal\Core\Entity\EntityStorageBase->loadMultiple(Array)
#8 /web/core/lib/Drupal/Core/Entity/EntityRepository.php(175): Drupal\Core\Entity\EntityRepository->getCanonicalMultiple('node_type', Array, Array)
#9 /web/core/lib/Drupal/Core/ParamConverter/EntityConverter.php(134): Drupal\Core\Entity\EntityRepository->getCanonical('node_type', '\xD0\xB4\xD1\x8B\xD0\xBB\xD0\xB2\xD0\xBE\xD0\xB0\xD0\xB4\xD1...', Array)
#10 /web/core/lib/Drupal/Core/ParamConverter/ParamConverterManager.php(100): Drupal\Core\ParamConverter\EntityConverter->convert('\xD0\xB4\xD1\x8B\xD0\xBB\xD0\xB2\xD0\xBE\xD0\xB0\xD0\xB4\xD1...', Array, 'node_type', Array)
#11 /web/core/lib/Drupal/Core/Routing/Enhancer/ParamConversionEnhancer.php(45): Drupal\Core\ParamConverter\ParamConverterManager->convert(Array)
#12 /web/core/lib/Drupal/Core/Routing/Router.php(270): Drupal\Core\Routing\Enhancer\ParamConversionEnhancer->enhance(Array, Object(Symfony\Component\HttpFoundation\Request))
#13 /web/core/lib/Drupal/Core/Routing/Router.php(150): Drupal\Core\Routing\Router->applyRouteEnhancers(Array, Object(Symfony\Component\HttpFoundation\Request))
#14 /web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php(90): Drupal\Core\Routing\Router->matchRequest(Object(Symfony\Component\HttpFoundation\Request))
#15 /vendor/symfony/http-kernel/EventListener/RouterListener.php(105): Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object(Symfony\Component\HttpFoundation\Request))
#16 [internal function]: Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\RequestEvent), 'kernel.request', Object(Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher))

here's a solution to the underlying problem

https://www.drupal.org/project/drupal/issues/3475540 📌 Throw an understandable exception when there is an attempt to load config entities with disallowed characters Needs work

here's a solution to the underlying problem (which also solves #14)

https://www.drupal.org/project/drupal/issues/3475540 📌 Throw an understandable exception when there is an attempt to load config entities with disallowed characters Needs work

before I start writing tests - please review/comment/provide suggestions to the solution!
Thanks!

jannakha → changed the visibility of the branch 3475540-unhandled-exception-ascii to hidden.

jannakha → created an issue.

thank you bot!

patch #4 tested and running in D11

Thanks bot!

CI is running!
thanks for your contribution

any movement on this issue?
any replies from the original maintainers?

tested, works as expected.
thanks for your contribution.

thanks for the fix

thank you bot!

gargsuchi → credited jannakha → .

gargsuchi → credited jannakha → .

gargsuchi → credited jannakha → .

is this issue moving anywhere?
there were so many offers to co-maintain but no action?

is that the same issue as https://www.drupal.org/project/inline_responsive_images/issues/3458794 🐛 unable to choose image style after download RTBC ?

installed and tested.

thanks for your contribution!

@flyke - can you please create an issue fork with your fix for D10.3?

to get this RTBC from core team these things are required:
- fix for D11 (as this issue's version is 11.x-dev)
- add tests

installed, tested, it works on D11!
RTBC +1
thanks for your contribution!

installed, tested, works.
thanks for your contribution!

installed, tested, fixed!
thanks for your contribution.
RTBC.

RTBC +1

php stan is fixed!

Patch #90 works on 10.3

Filter config:

SQL query without patch:

AND ("node__field_part_product"."field_part_product_value" = '0'))

SQL query with patch:

AND (("node__field_part_product"."field_part_product_value" = '0') OR ("node__field_part_product"."field_part_product_value" IS NULL)))

what has to be done to push this issue further?
it's a long term issue and still hasn't been committed to core!

patch applied, error is fixed.
please release!

Thank you for your contribution.

updb didn't run properly update hook block_class_update_20017() which updates config structure

MR#12 doesn't work in my case where configuration is not stored as expected:

bloc_class_settings.yml contains:
block_classes_stored: '{"social-icons-inline":"social-icons-inline","container":"container","block-below":"block-below","popup-services-browser":"popup-services-browser","popup-buildings-browser":"popup-buildings-browser","pull-right":"pull-right","block-blog-tags":"block-blog-tags","block-banner-banner":"block-banner-banner","block-solutions-back-button":"block-solutions-back-button","col-md-6":"col-md-6","col-lg-60":"col-lg-60","clear-xs":"clear-xs","clear-sm":"clear-sm","floating-links-2":"floating-links-2","padding-large-md-right":"padding-large-md-right","padding-none-xs-right":"padding-none-xs-right","padding-none-xs-left":"padding-none-xs-left","block-small-margin":"block-small-margin","search-form-block":"search-form-block","col-xs-5":"col-xs-5","col-sm-3":"col-sm-3","col-lg-20":"col-lg-20","padding-lg-right":"padding-lg-right","view-keyword-search-filters":"view-keyword-search-filters","block-covid-19-message":"block-covid-19-message","block-front-cta":"block-front-cta","col-sm-5":"col-sm-5","col-md-4":"col-md-4","block-360-solutions-video-popup":"block-360-solutions-video-popup","destroy-on-close":"destroy-on-close","":"","request-quote-link":"request-quote-link","d-md-inline-block":"d-md-inline-block","w-md-50":"w-md-50"}'

is my config old or wrong?

jannakha → created an issue.

@Hritick the patch couldn't be applied because the branch was really old.
I have updated this fork to the latest 3.0.x - try to apply patch now?

got it!
thank you!

#2 idea

@jsacksick thanks for reply!
I can see OrderReceiptSubscriber is handling that specific event:

public static function getSubscribedEvents() {
    $events = ['commerce_order.place.post_transition' => ['sendOrderReceipt', -100]];
    return $events;
  }

a quick question, if I need to update an order field within the this context - how do I prevent this event firing again?
at the moment if I update a field on the order and save the order - `commerce_order.place.post_transition` fires again which triggers sendOrderReceipt again and potentially any other handlers.

jannakha → created an issue.

Video Embed WYSIWYG doesn't support CKEditor5.
CKEditor 4 is removed from D10.

Just use media, it's a core module.

This is a very important fix!

I've got lots of products with max 1 variation and updating product title doesn't update product variation title.
It creates issues with views and messes up all the data.

If title of the variations is not autogenerated - they are not going to be updated.

Patch #39 fixes the issue.
Old way of running tests is no longer supported.

Should info.yml include only supported versions?
eg
core_version_requirement: ^10.1 || ^11
should be
core_version_requirement: ^10.2 || ^11?

Comment in gitlab

Merge conflicts must be resolved.

Hurray for D11!

thanks for your fixes!

CKEditor5 have resolved the original issue (configurable labels of editors):
- https://github.com/ckeditor/ckeditor5/issues/15208

Once the new version of CKEditor5 (v42.0.3?) is released with Drupal:
- update label of the editor as per example

I guess I had an old version of Drupal, now I have help text too.