Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
ModerationInformation::isLatestRevision()
unconditionally calls isLatestRevision()
on ModerationInformation::getLatestRevision()
, but ModerationInformation::getLatestRevision()
can return NULL
, which causes a fatal error. This is precisely what happens on the node/{nid}/latest
path if you have node access in place. Here are steps to reproduce:
- Install Drupal using the Standard install profile.
- Install
workbench_moderation
. - Create a user role with permission create Articles and permission to perform all the default state transitions.
- Create a user with that role.
- Log out and back into the site as the new user. (User 1 bypasses all access checks and thus won't see the bug.)
- Create an article and save it in the Draft state.
- You should be redirected to
node/1/latest
, and it should display just fine. - Install any node access module. I used
view_unpublished
. (Don't rebuild the node access permissions yet.) - Reload
node/1/latest
, and it should display just fine. - Rebuild node access permissions and reload
node/1/latest
. - Bug: You will get an error like this:
Fatal error: Call to a member function getRevisionId() on null in /var/www/d8/modules/contrib/workbench_moderation/src/ModerationInformation.php on line 177
Comment | File | Size | Author |
---|---|---|---|
#2 | 2665708-2.patch | 740 bytes | TravisCarden |
Comments
Comment #2
TravisCarden CreditAttribution: TravisCarden at Acquia commentedHere's a patch the prevents the fatal error by making
ModerationInformation::isLatestRevision()
returnFALSE
if it doesn't get a valid revision--but that leads to weird semantics and the side effect that thenode/{nid}/latest
page returns a 404 rather than a 403. I'm mostly curious what the testbot will say.Comment #5
Crell CreditAttribution: Crell at Palantir.net for Acquia commented(The test fail was just a botfail, works on second try.)
I hate NULL. I really really do. But yeah, given what entity API itself does this is the best we can do.
I don't know what to do with the 403/404 question. Given Entity API, I don't suspect there's a way we could turn that into a 403. Or rather, not without a huge amount of work.
I've committed this for the time being, because fatals == bad. :-) If someone has a good idea for the error code question later, please open a new issue. Thanks, Travis!