Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Module names on the uninstall page are double-encoded:
<label for="edit-uninstall-block" class="module-name table-filter-text-source">Block</label>
Comment | File | Size | Author |
---|---|---|---|
#44 | 2305831-44.patch | 595 bytes | marcus7777 |
#43 | Screenshot from 2014-09-29 12:07:52.png | 833.51 KB | marcus7777 |
#37 | interdiff.txt | 882 bytes | star-szr |
#37 | 2305831-37.patch | 2.64 KB | star-szr |
#35 | 2305831_35.patch | 2.65 KB | chx |
Comments
Comment #1
jbrown CreditAttribution: jbrown commentedHere's the patch - is there a better way?
Comment #2
jbrown CreditAttribution: jbrown commentedComment #4
Damien Tournoud CreditAttribution: Damien Tournoud commentedSafeMarkup::set(drupal_render(...))
^ The output of
drupal_render()
is already a SafeMarkup, no?Comment #5
jbrown CreditAttribution: jbrown commentedWhen you perform string concatenation the object is converted to a string and is therefore no longer marked as safe.
Comment #8
jbrown CreditAttribution: jbrown commentedWhy is this patch failing?
Comment #9
LinL CreditAttribution: LinL commentedNeeds to be diff'd against the new 8.0.x branch instead of the old 8.x branch?
https://groups.drupal.org/node/434068
Comment #10
aneek CreditAttribution: aneek commentedDiff'd against the new dev branch 8.0.x (https://www.drupal.org/node/2311847). Code is still the same but suggestions are made in issue queue to use SafeMarkup::implode or its suggested to use
from class SafeMarkup.
Comment #11
aneek CreditAttribution: aneek commentedPatch submitted against the current dev branch for D8.
Comment #12
m.stentaThe patch in #10 fixes the issue.
@Damien, regarding comment #4: it's worth noting that the main module list page (/admin/modules) uses a drupal_render() inside SafeMarkup::set(), as well. I'm not sure if that's the proper usage, but perhaps we can still commit this and then fix both of those in another issue,if necessary.
Marking RTBC since this solves the main issue.
Comment #13
chx CreditAttribution: chx commentedWe are not adding more SafeMarkup::set calls to core. We will fix these based on #2289999: Add an easy way to create HTML on the fly without having to create a theme function / template
Comment #14
vijaycs85#2289999: Add an easy way to create HTML on the fly without having to create a theme function / template is in
Comment #15
aneek CreditAttribution: aneek commentedBased on #2289999 issue and the newly introduced element "inline_template" this page is created. Needs a logical review as well. :)
Comment #16
aneek CreditAttribution: aneek commentedComment #17
aneek CreditAttribution: aneek commentedThe checkboxes in the uninstall page doesn't require the inline templates. So removing the logic to add the template in the checkboxes row. Patch prepared with the new changes.
Comment #18
chx CreditAttribution: chx commentedThanks so much for patching this! I am really glad it worked out. Could we please add a test? Or, I guess, amend an existing one.
Comment #19
aneek CreditAttribution: aneek commentedWelcome chx. :)
About the testcase, is it regarding the #type introduced? If then I guess its already in place Commit @ 76608ff. If its not about the theme system then it will be really helpful for me to know your thoughts in details, so I can make a automated test case.
Thanks!
Comment #20
chx CreditAttribution: chx commentedSomething like
$this->assertNoRaw('<label')
to make sure there's no double escaped HTML. Please post a test only , failing patch and the patch with the test to show before/after. Thanks!Comment #21
aneek CreditAttribution: aneek commented@chx,
Got your point. Since this will again be related to the theme implementation I think I'll amend test cases in
core/modules/system/src/Tests/Theme/TwigEnvironmentTest.php
file.Thanks!
Comment #22
chx CreditAttribution: chx commentedNo, there should be an uninstall test -- you are testing the implementation of this twig functionality on the uninstall page.
Comment #23
aneek CreditAttribution: aneek commentedThanks for the info. I'll start working on it.
Comment #24
jbrown CreditAttribution: jbrown commentedComment #25
aneek CreditAttribution: aneek commentedComment #26
aneek CreditAttribution: aneek commented@chx,
While developing the test case I ran into one issue,
Once the page "admin/modules/uninstall" is loaded and its status 200, I added a code to check if the page has any multiple HTML escapes. Following is the code,
The page has the following RAW HTML,
While I ran the test case, isn't that the method should give me a failed error as the page has multiple HTML escapes? But I am getting a success result as the given input to
$this->assertNoRaw
is not found. Same happens for the$this->assertNoPattern
method.Am I missing something? It will be really helpful if you can have a look at this and help me out.
Further found that, using the test code the RAW HTML output is not the same as I gave earlier. Its like,
This explains one thing as why the asserts were not working. But now how can we reproduce the page HTML output of
theme_system_modules_uninstall
theme function to this test case?Thanks!
Comment #27
CharuAg CreditAttribution: CharuAg commentedIs this issue duplicate of #2310241: Uninstall page showing raw HTML output
Comment #28
chx CreditAttribution: chx commentedThat's really odd. Try $this->assertNoRaw('&<label') ... I know, ridiculous but I wonder what escaping / de-escaping goes on with SimpleXML.
Comment #29
aneek CreditAttribution: aneek commentedI'll try as you mentioned chx. But still I think its due to the
'#empty' => t('No modules are available to uninstall.')
code present in the table theme.I think if I could get the
system_modules_uninstall
form to my test case viaOnce done, hopefully I can either use
$this->assertThemeOutput()
or just can use thestrpos
the same way used inDrupal\system\Tests\Form\CheckboxTest
Thanks again chx :)
Comment #30
aneek CreditAttribution: aneek commentedchx, I just tested with the snippet you gave me but still no success. Then I tried to use the getForm option to load the form and then tried to render it via
drupal_render
. The form loaded but with some missing parts as,$form['modules']
&$form['uninstall']
.So again I am getting,
No modules are available to uninstall.
message.For this testing purpose we do need these arrays to be generated as the faulty HTML resides over here.
The code is as follows,
The output I pasted in pastebin
Any ideas how to load the proper form array over in the test method? It will not be a good idea to use the hardcoded form array in the test case as an input to
assertThemeOutput()
method. So it's needed to have a proper dynamic way to load all the modules and then finally call the theme functionsystem_modules_uninstall
from thesystem.admin.inc
page.Is it desired that when I call
$this->drupalGet('admin/modules/uninstall');
it will load a blank page with no module listed?Comment #31
aneek CreditAttribution: aneek commented@chx,
I had a look at the other testcase files and saw that I was missing a part where some modules were assigned to an array to enable while the test ran. The "Verbose message" generated the faulty HTML and from there I got a simple fix to use my test scenario.
Uploading the fail patch and the pass patch. Also marking this issue for review.
Comment #32
aneek CreditAttribution: aneek commentedComment #34
jbrown CreditAttribution: jbrown commentedWorks for me!
Comment #35
chx CreditAttribution: chx commentedaneek, thanks for your tenacity and fixing this properly. I am really happy it worked out. I have attached a minor wording fix -- and I do not think we need a comment repeating the assert message.
Comment #36
star-szrI'm curious, why is the default filter used here?
Comment #37
star-szrTalked to @chx in IRC and we agreed that rolling a patch would be good to 1. try it to see if there is a difference (not sure if the tests go this far) and 2. show what I mean :)
The only other change besides removing the |default filter (I don't know what it would do if not given an argument, http://twig.sensiolabs.org/doc/filters/default.html doesn't mention that) is getting rid of whitespace inside the
<div>
that wasn't there before.Edited to add missing code tags.
Comment #38
wylbur CreditAttribution: wylbur commentedReviewed patch #37
Installed Drupal 8.0.0-dev
mysql 5.5
PHP 5.5
Ran install script
Visited /admin/modules/uninstall
Uninstall listings showed escaped html in name and description columns
Applied 2305831-37.patch
Patch applied changes without any errors.
Visited /admin/modules/uninstall
Uninstall listings contained no escaped html in name and description columns
Searched for >< in the page code - not found
Searched for <label - not found
Uninstalled all modules
The markeup around the resulting "No modules are available to uninstall." also did not contain any escaped html
Comment #39
cosmicdreams CreditAttribution: cosmicdreams commentedsame as above.
Comment #40
alexpottCommitted 1a8367c and pushed to 8.0.x. Thanks!
Comment #43
marcus7777 CreditAttribution: marcus7777 commentedon core/install.php?langcode=en&profile=standard still getting double escaping.
tracking it down:
on line 403 of core/modules/system/system.install :
$error .= t('The directory %directory does not exist.', array('%directory' => $directory)) . ' ';
and
$directory
issites/default/files
so t is outputing
<em class="placeholder">sites/default/files</em>
forsites/default/files
Comment #44
marcus7777 CreditAttribution: marcus7777 commentedfixed output. this is my first patch. Thanks to asplicious
Comment #45
marcus7777 CreditAttribution: marcus7777 commentedComment #46
jbrown CreditAttribution: jbrown commentedThanks for the patch, but this is the wrong issue.
Please use this issue: #2346287: Installer requirements errors escaped HTML in variables..
Comment #47
jibran