diff --git a/core/modules/node/src/Form/DeleteMultiple.php b/core/modules/node/src/Form/DeleteMultiple.php index a5686dc..68923ac 100644 --- a/core/modules/node/src/Form/DeleteMultiple.php +++ b/core/modules/node/src/Form/DeleteMultiple.php @@ -97,8 +97,11 @@ public function getConfirmText() { * {@inheritdoc} */ public function buildForm(array $form, FormStateInterface $form_state) { - $this->nodes = $this->tempStoreFactory->get('node_multiple_delete_confirm')->get(\Drupal::currentUser()->id()); + $current_user_id = $this->currentUser()->id(); + $node_temp_store = $this->tempStoreFactory->get('node_multiple_delete_confirm'); + $this->nodes = $node_temp_store->get($current_user_id); if (empty($this->nodes)) { + $node_temp_store->delete($current_user_id); throw new AccessDeniedHttpException(); } diff --git a/core/modules/simpletest/src/Form/SimpletestResultsForm.php b/core/modules/simpletest/src/Form/SimpletestResultsForm.php index 7d39496..e2798b1 100644 --- a/core/modules/simpletest/src/Form/SimpletestResultsForm.php +++ b/core/modules/simpletest/src/Form/SimpletestResultsForm.php @@ -15,7 +15,6 @@ use Drupal\Core\Url; use Drupal\simpletest\TestDiscovery; use Symfony\Component\DependencyInjection\ContainerInterface; -use Symfony\Component\HttpFoundation\RedirectResponse; /** * Test results form for $test_id. @@ -114,7 +113,7 @@ public function buildForm(array $form, FormStateInterface $form_state, $test_id if (is_numeric($test_id) && !$results = $this->getResults($test_id)) { drupal_set_message($this->t('No test results to display.'), 'error'); - return new RedirectResponse($this->url('simpletest.test_form', array(), array('absolute' => TRUE))); + return $this->redirect('simpletest.test_form'); } // Load all classes and include CSS. diff --git a/core/modules/simpletest/src/Tests/SimpleTestTest.php b/core/modules/simpletest/src/Tests/SimpleTestTest.php index d2949a6..278e2f1 100644 --- a/core/modules/simpletest/src/Tests/SimpleTestTest.php +++ b/core/modules/simpletest/src/Tests/SimpleTestTest.php @@ -129,6 +129,10 @@ function testWebTestRunner() { // Regression test for #290316. // Check that test_id is incrementing. $this->assertTrue($this->test_ids[0] != $this->test_ids[1], 'Test ID is incrementing.'); + + // Attempt to retrieve results for a non-existent test run ID. + $this->drupalGet('admin/config/development/testing/results/' . ($this->test_ids[1] + 1)); + $this->assertRaw('No test results to display'); } } diff --git a/core/modules/system/src/Form/CronForm.php b/core/modules/system/src/Form/CronForm.php index cfb82fd..5956c34 100644 --- a/core/modules/system/src/Form/CronForm.php +++ b/core/modules/system/src/Form/CronForm.php @@ -14,7 +14,6 @@ use Drupal\Core\State\StateInterface; use Drupal\Core\Form\ConfigFormBase; use Symfony\Component\DependencyInjection\ContainerInterface; -use Symfony\Component\HttpFoundation\RedirectResponse; /** * Configure cron settings for this site. @@ -144,7 +143,7 @@ public function submitCron(array &$form, FormStateInterface $form_state) { drupal_set_message(t('Cron run failed.'), 'error'); } - return new RedirectResponse($this->url('system.cron_settings', array(), array('absolute' => TRUE))); + return $this->redirect('system.cron_settings'); } } diff --git a/core/modules/user/src/Form/UserMultipleCancelConfirm.php b/core/modules/user/src/Form/UserMultipleCancelConfirm.php index 45f340f..17ec9fb 100644 --- a/core/modules/user/src/Form/UserMultipleCancelConfirm.php +++ b/core/modules/user/src/Form/UserMultipleCancelConfirm.php @@ -15,6 +15,7 @@ use Drupal\user\TempStoreFactory; use Drupal\user\UserStorageInterface; use Symfony\Component\DependencyInjection\ContainerInterface; +use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; /** * Provides a confirmation form for cancelling multiple user accounts. @@ -101,12 +102,13 @@ public function getConfirmText() { * {@inheritdoc} */ public function buildForm(array $form, FormStateInterface $form_state) { + $current_user_id = $this->currentUser()->id(); + $user_temp_store = $this->tempStoreFactory->get('user_user_operations_cancel'); // Retrieve the accounts to be canceled from the temp store. - $accounts = $this->tempStoreFactory - ->get('user_user_operations_cancel') - ->get($this->currentUser()->id()); + $accounts = $user_temp_store->get($current_user_id); if (!$accounts) { - return $this->redirect('user.admin_account'); + $user_temp_store->delete($current_user_id); + throw new AccessDeniedHttpException(); } $form['accounts'] = array('#prefix' => '', '#tree' => TRUE); @@ -130,6 +132,7 @@ public function buildForm(array $form, FormStateInterface $form_state) { drupal_set_message($message, $redirect ? 'error' : 'warning'); // If only user 1 was selected, redirect to the overview. if ($redirect) { + $user_temp_store->delete($current_user_id); return $this->redirect('user.admin_account'); } } diff --git a/core/modules/user/src/Tests/UserCancelTest.php b/core/modules/user/src/Tests/UserCancelTest.php index de3d1ae..9f39078 100644 --- a/core/modules/user/src/Tests/UserCancelTest.php +++ b/core/modules/user/src/Tests/UserCancelTest.php @@ -92,9 +92,10 @@ function testUserCancelUid1() { $this->drupalLogin($this->admin_user); $edit = array( 'action' => 'user_cancel_user_action', - 'user_bulk_form[0]' => TRUE, + 'user_bulk_form[1]' => TRUE, ); $this->drupalPostForm('admin/people', $edit, t('Apply')); + $this->assertResponse(200); // Verify that uid 1's account was not cancelled. $user1 = user_load(1, TRUE); @@ -141,6 +142,10 @@ function testUserCancelInvalid() { // Confirm user's content has not been altered. $test_node = node_load($node->id(), TRUE); $this->assertTrue(($test_node->getOwnerId() == $account->id() && $test_node->isPublished()), 'Node of the user has not been altered.'); + + // Attempt to visit the bulk user cancel page without selecting users. + $this->drupalGet('admin/people/cancel'); + $this->assertResponse(403); } /** diff --git a/core/modules/views_ui/src/Form/Ajax/ViewsFormBase.php b/core/modules/views_ui/src/Form/Ajax/ViewsFormBase.php index 6d558cd..809abb7 100644 --- a/core/modules/views_ui/src/Form/Ajax/ViewsFormBase.php +++ b/core/modules/views_ui/src/Form/Ajax/ViewsFormBase.php @@ -15,7 +15,6 @@ use Drupal\views\Ajax; use Drupal\Core\Ajax\AjaxResponse; use Drupal\Core\Ajax\CloseModalDialogCommand; -use Symfony\Component\HttpFoundation\RedirectResponse; /** * Provides a base class for Views UI AJAX forms. @@ -149,7 +148,7 @@ public function getForm(ViewStorageInterface $view, $display_id, $js) { $form_state->setUserInput(array()); $form_path = views_ui_build_form_path($form_state); if (!$form_state->get('ajax')) { - return new RedirectResponse(_url($form_path, array('absolute' => TRUE))); + return $this->redirect(_url($form_path)); } $form_state->set('path', $form_path); $response = views_ajax_form_wrapper($form_class, $form_state); @@ -157,7 +156,7 @@ public function getForm(ViewStorageInterface $view, $display_id, $js) { elseif (!$form_state->get('ajax')) { // if nothing on the stack, non-js forms just go back to the main view editor. $display_id = $form_state->get('display_id'); - return new RedirectResponse($this->url('entity.view.edit_display_form', ['view' => $view->id(), 'display_id' => $display_id], ['absolute' => TRUE])); + return $this->redirect('entity.view.edit_display_form', ['view' => $view->id(), 'display_id' => $display_id]); } else { $response = new AjaxResponse();