Canonical routes for collection items don't ensure that the collection id is correct [#3203906]

Collection items have canonical routes like /collection/1/item/1, but we don't have anything that verifies that collection_item 1 belongs in collection 1. So /collection/2/item/1 would return the same collection_item, even though it isn't in collection 2.

Not sure how to implement this. Perhaps an additional _custom_access requirement on the route?

Comments

Comment #1

16 March 2021 at 17:33

jeffam created an issue. See original summary.

Comment #2

22 March 2021 at 19:23

jeffam committed b622b4c on 2.x

Issue #3203906: Canonical routes for collection items don't ensure that...

Comment #3

jeffam

English

commented 22 March 2021 at 19:25

Status:

Active

» Fixed

Comment #4

26 March 2021 at 21:23

jeffam committed 9d9686d on 2.x

Revert "Issue #3203906: Canonical routes for collection items don't...

jeffam committed e01486c on 2.x

Issue #3203906: Restrict routes to collection items when collection and...

Comment #5

9 April 2021 at 21:24

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Canonical routes for collection items don't ensure that the collection id is correct

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community