Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Aggregator module allows deletion of feed without confirmation. To reproduce this bug
1. Go to feed admin page admin/config/services/aggregator
2. Edit one of the feed
3. Click Delete button, the feed get deleted without any confirmation.
Comment | File | Size | Author |
---|---|---|---|
#26 | 767894-aggregator-confirm-form-26.patch | 6 KB | kim.pepper |
#26 | interdiff.txt | 720 bytes | kim.pepper |
#24 | 767894-aggregator-confirm-form-24.patch | 6 KB | kim.pepper |
#23 | 767894-aggregator-confirm-form-23.patch | 153.53 KB | kim.pepper |
#23 | interdiff.txt | 876 bytes | kim.pepper |
Comments
Comment #1
Sivaji_Ganesh_Jojodae CreditAttribution: Sivaji_Ganesh_Jojodae commentedAttached patch adds confirm form and it works same as #750290: Add a confirm form for role deletion
Comment #2
Georg CreditAttribution: Georg commentedIndeed, without the patch it's possible to simply click the wrong button on the edit page and the feed is gone.
After applying the patch, nothing happens at all, when I click on "Delete". I only return to the Feed aggregator controllpanel and the feed is still there.
Comment #3
Sivaji_Ganesh_Jojodae CreditAttribution: Sivaji_Ganesh_Jojodae commentedThis patch adds a new menu item so you need to clear the cache to see the effect of this patch.
Comment #4
Georg CreditAttribution: Georg commentedthank you, sivaji. You'r right, clearing cache helps.
Patch works for me.
Comment #5
Georg CreditAttribution: Georg commented#1: 767894_feed_delete_confirm_1.patch queued for re-testing.
Comment #6
sunLooks mostly good.
There's more delete-related code in the submit handler.
We should default to the administrative path here, and pass the 'destination' query parameter in the other (front-end) case.
Can we write the confirm_form() function arguments on multiple lines, like elsewhere?
Second NULL should be array().
Powered by Dreditor.
Comment #7
Sivaji_Ganesh_Jojodae CreditAttribution: Sivaji_Ganesh_Jojodae commented@sun, thank you for reviewing the patch.
Attached patch introduces the changes mentioned above, except
which is not clear for me.
Additionally it replaces
(arg(0) == 'admin')
check withuser_access('administer news feeds')
.Comment #8
Jody LynnComment #9
Sivaji_Ganesh_Jojodae CreditAttribution: Sivaji_Ganesh_Jojodae commented#7: 767894_feed_delete_confirm_form_7.patch queued for re-testing.
Comment #11
bfroehle CreditAttribution: bfroehle commented#7: 767894_feed_delete_confirm_form_7.patch queued for re-testing.
Comment #12
paranojik CreditAttribution: paranojik commentedRerolled.
Comment #13
sascher CreditAttribution: sascher commentedWhen trying to apply this patch I get an error
I tested this on the build from 3/28/13. The problem still exists
Comment #14
tim.plunkett#1946324: Convert confirm_form() in aggregator.admin.inc to the new form interface just completely redid aggregator confirm_forms(). Please use that as a guide, with routes and ConfirmFormBase
Comment #15
ParisLiakos CreditAttribution: ParisLiakos commentedComment #16
kim.pepperI'm happy to push this ahead.
I propose to:
ConfirmFormBase
Comment #17
ParisLiakos CreditAttribution: ParisLiakos commentedwhy remove delete button? we should keep it and just redirect to confirm page deletion route, like in most places in core
Comment #18
kim.pepper@rootatwc Much better idea!
Looking through the EntityFormController to work out where this link gets rendered, and how to change it...
Comment #19
kim.pepperChanges as per #16. except did not remove delete link from edit form as per #17.
Note, this mostly a rewrite from #12 as it uses the new
FormInterface
.Kim
Comment #20
ParisLiakos CreditAttribution: ParisLiakos commentedgood job! just two things and i think this is ready
this does not have to be array since you are not passing additional stuff like query.
Also preceding slash should be removed
you forgot use-ing the Feed object, typehint will fail
Comment #21
kim.pepperFixes as per #20
Comment #23
kim.pepperUpdated tests to use new delete path.
Comment #24
kim.pepperWoah. That last patch included stuff it wasn't supposed to. Probably because it wasn't rebased of the latest 8.x branch. Let's try this one. Interdiff is the same.
Comment #25
ParisLiakos CreditAttribution: ParisLiakos commentedthis should be
'admin/config/services/aggregator/delete/feed/' . $feed->id()
:)
Comment #26
kim.pepperFix for #25
Comment #28
ParisLiakos CreditAttribution: ParisLiakos commented#26: 767894-aggregator-confirm-form-26.patch queued for re-testing.
Comment #29
ParisLiakos CreditAttribution: ParisLiakos commentedlooks good to go now, failure was random
thanks!
Comment #30
webchickLooks great, thanks!
Committed and pushed to 8.x.