Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Having this warning when I clear the cache.
Warning: hash_equals(): Expected user_string to be a string, null given in Drupal\Component\Utility\Crypt::hashEquals() (line 126 of core/lib/Drupal/Component/Utility/Crypt.php).
Drupal\Component\Utility\Crypt::hashEquals('2C83gsjbW0D2se61UOgXvzmc-giagWfV6mcQPh2ipxY', NULL) (Line: 90)
Drupal\Core\Access\CsrfTokenGenerator->validate(NULL, 'focal_point_preview') (Line: 239)
Drupal\focal_point\Plugin\Field\FieldWidget\FocalPointImageWidget::validatePreviewToken(NULL) (Line: 204)
Drupal\focal_point\Controller\FocalPointPreviewController->validTokenProvided() (Line: 122)
Drupal\focal_point\Controller\FocalPointPreviewController->access(Object, '531')
call_user_func_array(Array, Array) (Line: 68)
Drupal\Core\Access\CustomAccessCheck->access(Object, Object, Object)
call_user_func_array(Array, Array) (Line: 159)
Drupal\Core\Access\AccessManager->performCheck('access_check.custom', Object) (Line: 135)
Drupal\Core\Access\AccessManager->check(Object, Object, Object, 1) (Line: 112)
Drupal\Core\Access\AccessManager->checkRequest(Object, Object, 1) (Line: 107)
Drupal\Core\Routing\AccessAwareRouter->checkAccess(Object) (Line: 92)
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object) (Line: 115)
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object, 'kernel.request', Object)
call_user_func(Array, Object, 'kernel.request', Object) (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.request', Object) (Line: 127)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 666)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
I have a fix. I will post a patch here.
Comment | File | Size | Author |
---|---|---|---|
#15 | beta-6.png | 37.92 KB | esod |
#4 | validTokenProvided-warning-no-param-2881280-3.patch | 857 bytes | Nikolay Borisov |
Comments
Comment #2
Nikolay Borisov CreditAttribution: Nikolay Borisov commentedComment #3
Nikolay Borisov CreditAttribution: Nikolay Borisov commentedUps. This one should work :)
Comment #4
Nikolay Borisov CreditAttribution: Nikolay Borisov commentedThis should work.
Comment #5
bleen CreditAttribution: bleen at NBCUniversal commentedThis looks fine to me ... but I'm curious as to the steps to reproduce. Under what circumstance does this happen exactly?
Comment #6
Nikolay Borisov CreditAttribution: Nikolay Borisov commentedI tried to reproduce it on a freshly installed Drupal instance but was not quite able to reproduce it. On my setup with quite some modules - it is showing the warning every time I clear the cache and is also filling the Drupal logs.
Not quite sure why because the warning appears when I clear the cache. It registers the route for the preview and since there is no focal_point_token parameter - it tries to verify it without it being present, which results in the warning.
Cheers and thanks for the response!
Comment #7
bleen CreditAttribution: bleen at NBCUniversal commentedIt's especially strange because the tokens are only checked as part of the access checks to the preview page. That said ... this is an entirely valid improvement to the validTokenProvided method.
My biggest hesitation is that (ideally) the drupal request object could be passed in using dependency injection... thoughts?
Comment #8
Nikolay Borisov CreditAttribution: Nikolay Borisov commentedOoh, I found out ... someone had a shortcut to a preview page of a focal point.
Something like this:
http://domain/en/admin/focal_point/preview/FID/FOCAL_POINT_VALUE
And it was without the parameter. But the patch still makes sense if someone removes the parameter and opens the page.
Cheers!
Comment #9
bleen CreditAttribution: bleen at NBCUniversal commentedComment #11
bleen CreditAttribution: bleen at NBCUniversal commentedIts a pretty edge-y edge case, but it makes sense
Comment #13
esod CreditAttribution: esod at Memorial Sloan Kettering Cancer Center commentedWe are seeing what looks like the same error on every page load:
The patch fixes it.
Comment #14
bleen CreditAttribution: bleen at NBCUniversal commentedI'm confused ... the patch has been committed. What version of the module are you using?
Comment #15
esod CreditAttribution: esod at Memorial Sloan Kettering Cancer Center commented8.x-1.0-beta6.
In a composer based build
"drupal/focal_point": "1.0-beta6"
The patch is in the dev branch.