I was really confused to see this being worked on but I see its replacing the multiple providers with dependencies which does seem like a good move. Not an actual review, just the approach makes a lot more sense.
Updating title to clarify the new approach and match updated IS.
Knew there was an issue about using buttons for more elements. Here's at least two
- 📌 Use form element type instead of Needs work
- 🐛 There is no way to make a button element that can use the AJAX functionality Needs review
Probably worth considering how those interact with this and can solve issues like what you're describing the right way rather than putting in another half measure in place.
I'm not sure announcing it in a changelog is enough.
First, its deprecated, not changed and 4.0 isn't out. So the expectation would be that deprecated code would continue to function issuing the warning to users.
`Not providing the "$view_mode" parameter is deprecated in flag:8.x-4.0-beta4 and will throw an error from flag:8.x-4.0. See
https://www.drupal.org/node/3458551 →
.`
Since it didn't, I just got a fatal error never having seen a deprecation. No chance to fix I i missed the changelog.
Second, the default code for generating links doesn't require a view mode and defaults to null.
/**
* Get the action link as a Link object.
*
* @param \Drupal\flag\FlagInterface $flag
* The flag entity.
* @param \Drupal\Core\Entity\EntityInterface $entity
* The flaggable entity.
* @param string|null $view_mode
* The flaggable entity view mode.
*
* @return \Drupal\Core\Link
* The action Link.
*/
public function getAsLink(FlagInterface $flag, EntityInterface $entity, ?string $view_mode = NULL);
I haven't tested it yet but this would seem to trigger a fatal error when using the function as documented.
oh... right... I'm certain there's a bug formapi kinda always using the input element for buttons/submit. I have always had a "is_real_button" element hacks to work around this on sites.
I don't see how the mouse up actually solves it since a right mouse button should also trigger a mouse up event.
rebased. Doubt back porting to d7 tag means much now so removing.
I suspect we need to fix media's buttons then. Without looking at the interface, I suspect they shouldn't be submit and just buttons since what your describing sounds like an interactive action, not a form submission.
What you're describing of triggering the first submit button is expected HTML behavior outlined in the HTML spec and I believe required by WCAG?
"The default assertion message provided by PHPUnit is sufficient for most situations."
Still strongly disagree with this.
Something like "Failed asserting that false is not equal to false." is entirely insufficient and such assertion failures are most situations.
poker10 → credited neclimdul → .
poker10 → credited neclimdul → .
Sorry for the late response. Not sure how related this is to the parent unless the scope of that issue is different then the title.
Technically we're already using the … entity so which is probably better then the UTF8 character. This is issue adds information to the pager to explain what an ellipsis means in the context of the pager list. Specifically explaining what the missing information is.
This came out of the original Drupal 8 initiatives. We where using sandboxes as a place to experiment and prep and collaborate around merge requests. There was no "merge" process at the time only patch acceptance so the idea here was to come up with a way someone making a complex change with multiple commits could get those merged instead of just committing a patch.
In a lot of ways this is resolved with issue forks, I wonder if there's a similar problem with squash commits vs preserving the history but I haven't run into the problem yet.
neclimdul → created an issue.
greggles → credited neclimdul → .
As I read your comment I think "Yes, the second example is much harder to read and gets worse as it gets longer because it becomes harder and harder to parse the groupings of the assignments at a glance." but clearly that's not what you means so I don't think we agree.
But lets take your points and address them.
- "The added burden of handling updates when something changes."
This has been pointed out repeatedly and refuted as not be a big burden, and these lists seldom change and the change isn't hard. As an example, the sqlite code actually needs to be updated, it took me about a minute to make the patch. Half of that was remembering if it was ctrl-shift for multi-line select in jetbrains because I switch editors a lot. Most of the time you're going to be adding the smaller value and its trivial. - "The longer the longest assignment is the further your eyes have to travel whitespace to find the assignment."
The longest gap in the updated sqlite it 13 characters. Previously it was 8. But that misses the point. The formatting means you don't have to scan back and forth, it lays it out in a big table so you can skim it and understand it at a glance. - "If the longest pushes it passed 80 characters, all would be beyond 80 characters."
The sqlite example maxes at 43 characters long.
The color example sited repeatedly is now quite a bit longer with language features, a long name, and a big arrayprotected const ROTATE_TRANSPARENT = [255, 255, 255, 127];. That reaches a max of 61. At least the examples in core this doesn't seem likely to be a problem unless its some _deeply_ nested code and we should probably refactor that anyways. - "Diffs for fixes space columns can be messy and hard to read, changing one requires all lines to update rather than just showing the addition or deletion."
This is a general problem for all white-space heavy changes. As the last couple comments pointed out these are not commonly changing so this is an edge case change but in the case you do find yourself having to make or review one of these changes, all git platforms have a wonderful solution that highlights exactly the changes you're looking for. Its going to save you a ton the next time you have to wrap some code in an if.- In Gitlab, on the top of changes tab in the preferences on the right you'll see hide whitespace changes. On commits its a "hide whitespaces changes" button.
- Github has is too its just in the gear drop down.
- Git locally you can provide -w to the diff and show commands.
Not really sure what the supporting user section is for but just also its been years just to be clear, still -1 for stricter rule. +1 for maintaining readability.
Morbus' recent example and the other examples in this thread are succinct for discussion but in reality most use is like the below code from our SQLite driver where the tabular format is useful for comprehension.
$magic_map_or_list = [
'varchar_ascii:normal' => 'VARCHAR',
'varchar:normal' => 'VARCHAR',
'char:normal' => 'CHAR',
'text:tiny' => 'TEXT',
'text:small' => 'TEXT',
'text:medium' => 'TEXT',
'text:big' => 'TEXT',
'text:normal' => 'TEXT',
// another like 20 lines mapping data types.
];
To joachim's point, these uses are often read and slowly changing.
For clarification of anyone catching up, Squiz.WhiteSpace.OperatorSpacing is actually in core today. We added it in #3099583: Update coder to 8.3.7 → replacing the Coder WhiteSpace checker, we just don't use the property related to this issue.
Fix is basically the same as the lazy builder. The check was already in place this just avoids the array key doesn't exist error by using ?? same as the lazy issue
neclimdul → created an issue.
neclimdul → created an issue.
Skimming the failures I see some interesting things including a lot of tests asserting relative url's in places I would have expected the API to want an absolute URL so my gut tells me this is maybe kinda needed by other places in core.
And while search_api could fix it, I feel like this is a common problem I run into so I'd like to push the fix to the source rather then having a ton of hacks.
But also that's just a ton of systems affected by failures and its going to take a long time to audit and review just the test changes that would be involved let alone documenting how this would help site developers and contrib.
So rather then just leaving this to clog up the queue I'm going to go ahead and close it as suggested and I'll revist it as I have time to review all that code and document why this is needed better.
Works for me. Back to RTBC?
Yeah I don't disagree with classifying search_index as not strictly a frontend view.
I think what I was trying to convey in the summary was that while Drupal we called the preview interface "Preview in live environment" in the original issue, but that is in no way conveyed to the site user. To a developer and content editor its just "Preview" so seeing how something will be pushed into a search index can provide a lot of valuable information.
So limiting the interface to strictly frontend displays doesn't always meet user expectations. At least it didn't meet mine.
Pushed a simple implementation. Testing still needed but its "reviewable"
neclimdul → created an issue.
Sorry I never followed up on those answers. I've been thinking about this and the general asset delivery problems datalayer, CSP, attach inline, as well as some personal issues I'm trying to solve. But, other than "core doesn't seem to be providing enough" I've not been able to come up with the best way to dig in to it yet.
also... been busy.
Should be a simple fix in the merge request
neclimdul → created an issue.
Didn't mean to change the title. I started to take a stab and didn't have enough caffeine in my system yet to have a good suggestion.
I think this is stalled pretty hard since the discussion is getting close to 5 years. However, I feel like there was pretty strong consensus around settings some guidance at least that messages should be positive/"confirmative"/affirmative additional messages, letting the assertion show the negative/failure information and the message provide the context for what the failure means.
In the interest of closing issues, could we more forward with just that and if there's apatite for removing or suggesting the removal that could be handled separately? I'm biased because I had strong feelings but I feel like that was always the part we where aggressively agreeing over.
benjifisher → credited neclimdul → .
This needs to be re-built now that symfony's listener is out of the mix and we're on phpunit 10. Its likely less complicated but I need to look at it.
Looks good for the straightforward fix.
Will leave questions of the not strictly camelcacse code and possible code removal to committer review and RTBC this.
poker10 → credited neclimdul → .
This actually shows up in the phpstan report as well.
I think this might actually be a dead method as well so removing it might also be an option. It just proxies through to the storage method of the similar name(different capitalization) and using that might be the correct way of accomplishing this.
neclimdul → created an issue.
longwave → credited neclimdul → .
Fix in the MR.
One bonus benefit of checking the display_id like this is we can completely delay loading the view executable until the lazy builder, further optimizing the lazy path and only loading it once.
neclimdul → created an issue.
Ran into one of the instances of this today and went "what is that word?!" and now I find myself here. So I guess I support converting to just "cast" I guess :-D
I was confused why we hadn't changed default.settings.php and the answer is that its not currently there. This is one of those power user settings we don't document and only set if you're running into an edge case.
I suspect that will continue and changing that would be its own issue but I understand how its tied up in this. I think we can mitigate this by linking to the documentation in the changelog and maybe release notes so in the unlikely case this does push someone into the edge case they know how to resolve it.
Also conflicted with 🐛 Performance Degraded after update to twig 3.14.2 Active
merge request made and passing so back to NR.
The performance regression changes where a bit disruptive. They make this change kinda BC breaking because now the settings are directly exposed in the less secure expression format. Which is really frustrating and I don't really know how to resolve it.
broken by 📌 Remove misc usage of whitelist in tests and comments Fixed . reroll soon.
Technically I think it was added in 8.3 or 8.4 so its pretty recent even in the SB8 releases. We're using the --no-open workaround.
Fixed
working on logging and tests to make this a better long terms solution.
larowlan → credited neclimdul → .
Can't really provide steps to reproduce, had an environment with some broken out of sync config in the db that included the stable theme. Applied a similar patch to the merge request and it worked to get us out of a jam to where we could run drush and fix the site and get the config in sync.
This also fixed the tabledrag in 10.3 for us as well.
It seems to revert the previous issue but I thought the centering was an improvement so that's fine with me.
quietone → credited neclimdul → .
Guess eslint is EOLing this weekend(tomorrow)?
https://eslint.org/blog/2024/09/eslint-v8-eol-version-support/
plugin-import rushed an update out this week.
No update on airbnb and comments asking for an update have just been marked as spam...
benjifisher → credited neclimdul → .
neclimdul → created an issue.
Yeah, digging into it, its a pretty hard problem and current Drupal asset and script attachment is working against this module at every step so I see how the module ended up where it is.
As time allows I'm playing with some solutions. drupalSettings with attached javascript, attachinline.module, etc.
Likely something with drupalSettings is the only solution to get something at the top and not cached because Drupal has special allowances to make the settings play well with cached. But it also turns out it is very difficult to target specific orders to place this before the tag manager script and after the settings script.
📌 Replace custom weights with dependencies in library declarations; introduce "before" and "after" for conditional ordering Needs work aims to improve this but it isn't committed yet so it is probably a ways out from being adoptable as a real solultion for this module.
I'm leaning toward a best effort with drupalSettings and a javascript behavior with documentation on how to read from drupalSettings in tag manager using variables as a fallback for sites that run into trouble. This also improves CSP stuff by getting rid of unsafe inline scripts so it should be a win/win if I can get it working.
Extended this fix to the access control class which has the same logic and ported the patch to a merge request.
neclimdul → made their first commit to this issue’s fork.
I think technically this being at the bottom works but being in the footer does make using the datalayer much more complicated. The values aren't available for early hooks meaning if you're trying to pass them to something like the page view event they aren't available.
Additionally, since they only push the values on, not triggering any events, there isn't a way to trigger pushing any values into a tag.
It seems like it would cause fewer problems for developers if it was in the header somewhere. even better if it could go _before_ tag manager.
Doing a reroll I tried to understand the subquery changes Charly was trying to do. They weren't working for me and the previous code is pretty obtuses and admits its fixing confusing edge cases so I made a branch without it since I believe it was working for us as is. Split his changes into a separate branch if anyone wants to view and compare.
Sorry, about the branch noise. I forgot to request access and before you do the branch names get mangled and I didn't notice until after I pushed them.
neclimdul → changed the visibility of the branch 2379423-representative-node-views to hidden.
benjifisher → credited neclimdul → .
Oh wow, this is an old one. Thanks!
I realized this only works if you've already updated to 10.3. If this was released and you applied it to a 10.2 site prior to upgrading you'd be in the same position. Not sure how to address that though...
Looks like this worked for us as well.
Forgot about this. Thanks, committed.
I think this is documented and reviewed to death at this point. Its actually needs work because it needs tests as the tag suggests.
I keep forgetting Drupal even provides commands. They aren't quite at the point the can replace any drush workflows for me though I guess.
Maybe we should start moving this in front of people more. The Drupal console isn't active these days so since it won't conflict could we start pushing core/scripts/drupal into vendor/bin/
Then maybe we could start looking at using a discovery mechanism of some sort for auto discovering commands instead of hard coding them.
Then we could encourage people could start tinkering with this, testing real world use cases, without hacking on core as directly?
longwave → credited neclimdul → .
Oof. So the alias validation is tied to the site language in the admin interface? That sounds complicated.
Checking GL, it does say "Merge conflicts must be resolved." so think this needs another rebase.
No worries! Thanks!
That's... interesting. It sounds like we're on the right track though so I'll take another pass at improving this.
Clearly relying on that live region isn't working out well. It looks like it doesn't announce anything if the removal is at the end and I suspect it doesn't behave all that well when the change is at the beginning and there are multiple items. That might be connected to the "oblivious" example as well, live regions and lists have been a source of frustration and I think nvda explicitly documents they might not work.
I'll poke around this time with direct announcements where we can control the behavior better. That will make things easier anyways since I can use devel_a11y to review things quicker.
Thanks, yeah adding that link would be a simple way someone could see it.
Anyone could update issue summaries.
Some initial testing and it looks good to me. As expected, fixes some bugs I was seeing as well.
Would be great if someone could take a look at this and see if its on the right track before I spend too much time trying to polish it.
I was on alpha but it seems this is fixed in the latest dev release. Should have checked that first :-D
Branches seem a bit confusing. Switching to the branch with code.
neclimdul → created an issue.
Not the decision maker but just going to re-iterate, I think this is a bad idea. The hacks I see for uninstalled modules seem like just the tip of the iceberg. What about removed modules. removed libraries. uninstalled themed. profiles.... it seems like a loosing battle for little benefit.
The new config format is kind of confusing but it looks like it might be useful.
Playing around with the compat layer and eslint-config-drupal I found a couple things to keep an eye one that are kinda blocking.
- airbnb config isn't ready. Think this is the right issue tracking it. https://github.com/airbnb/javascript/issues/2804
- plugin-import isn't ready https://github.com/import-js/eslint-plugin-import/issues/2948
- valid-jsdoc was removed which will require some changes. https://github.com/eslint/eslint/issues/15820
Seems like things are still catching up in the community so don't know if the other plugins need changes to support v9 but that could be a problem.
@xjm with the exception of my concern the link generated from the code in the changelog might store csrf links in caches, yes that addresses it.
I see how my comment was misunderstood. It was technically in the sites themes but we have several form designs so a new form has to be assigned to a specific look or it just ends up "unthemed". On our site, unthemed was quite ugly.
More my point was more that any form isn't desirable and a fair few years of building Drupal sites has made me lazy about dropping a menu link in a template.
While we're discussing it, I haven't don't much testing but I think I echo some concerns from 14 years ago about caching. I haven't tested yet but is the CSRF token going to end up cached in templates using the code in the change log? Should core provide a lazy builder?
left rtbc because this isn't a change this merge makes just something it highlights so could be a follow up.
I think I understand the reason of the change and it makes sense. Previously you'd have to return true from applies if you _might_ apply and then builder would have to do the actual check and apply the cache-ability. Yeah, that's a pretty big gotcha when building these builders.
Looking at the merge, there's a lot of duplicate adding of the route to the cache-ability. I guess maybe this is a dumb question and probably well understood in the building of BreadcrumbManager but isn't varying by route kinda a baseline implied functionality for breadcrumb builders? That's why we pass the route_manager in right? Should the manager just include that by default and this change would only be used for more exotic cases?
If it helps the discussion, and example where it doesn't cache by route in core is PathBasedBreadcrumbBuilder. I found that's broken on our site and actually decorate the core version with one that adds the route to the cache-ability of the path breadcrumb builder.
Don't see it in the gdoc but 🐛 User logout is vulnerable to CSRF Fixed might be a disruptive change for sites. Had some hard coded /user/logout links in some templates which lead to a pretty ugly unthemed confirmation form.
Notable change is the adding of the session to the ajax response as I was getting "Session has not been set." for both anon+auth users as I have cookies for all users in use.
Failed to load resource: the server responded with a status of 400 (Bad Request): /facets-block-ajax?_wrapper_format=drupal_ajax:1
Uncaught Drupal.AjaxError: ajax.js?v=10.1.6:1194
StatusText: Bad Request
ResponseText: {"message":"Session has not been set."}
Adding it to the request not the response but this is a good find. I ran into this testing 10.3 and my ajax facet blocks where suddenly broken. The block in FacetBlockAjaxController that does this solved the problem for us.
I'm not sure I understand why we're not using standard methods for attaching things to the footer.
Not sure of a common real case but I was able recreate this just now like this.
1. Install Drupal site.
2. Ensure registration is allowed.
3. Log out and visit the registration url with a complex url fragment. e.g. https://d10.lndo.site/en/user/register/#badfragment/broken
xjm → credited neclimdul → .
Took a stab at laying down some ground work for the suggestions. This actually is pretty cool because a lot of the hardcoded things that made it impossible to really theme or extend the password strength region are tied to the strength indicator so focusing on the suggestions allows it to be more extensible which can sort of be seen in the latest updates.
I don't claim this is a "good" implementation but it hopefully keeps things moving forward.
Nice!
Yeah, probably not measurable from a wall clock perspective with current PHP performance hence the title. However, it removes one assignment, one function call to implode, and the admittedly trivial string concats implode is doing from every twig_render. This means on a stock Drupal install it saves 54 function calls and assignments on an uncached request to the frontpage so its at least measurable from that metric. Since most sites are probably more complex then that and as you said its actually a bit cleaner it seemed worth while.
Makes sense. I remember browser instrumentation generally not working so I've never run it though so I've got some questions for people that do use it:
1. Are there possibly additional problems with caching with how manual adds adds code? Specifically, is the "header" being added unique to the request? I see the settings tag but should this be a lazy callback or have additional tags to avoid page/render caches?
2. In the post update, should it take the Drupal version into account and migrate to manual instead of migrating to a auto that behaves like manual with a not immediately obvious warning? Or maybe it should warn the user during the update? Unsure.
reroll in MR
Quick reroll on MR
Its not a "problem" per say. It seems the way the code gets run now the output isn't being captured but is instead ending up being output.
From memory, { "command":"buildAll"} is the response from solr saying "I recieved the buildAll command from you and ran it."
I actually agree and disable phpinfo in production systems entirely. I think in previous discussions some people wanted phpinfo to be available in production so people could check modules and other php configuration which is what lead to the current approach and why I suggested the more target hardening. But also not trying to blow the scope, just wanted to be mindful of an impact.
Core has some protections in place to avoid these sorts of sites leaking critical information after https://www.drupal.org/sa-core-2023-004 →
But if we're making this a core feature we'll be encouraging people to do even more, a good thing imho. But since this means it expands the places and levels of experience using the feature, it does have me wondering if when adding the core feature, we should also harden it to it warns people if they have their system configured in a way that could be unsafe. Maybe a requirement check that detects environment variables would be available through core's phpinfo and this DB auto-configuration is being used it throws a warning like we do with settings directory permissions or allow_updates.