Problem/Motivation
Overlay's javascript automatically opens administrative paths in an overlay, but does not check whether these paths are actually on the current domain.
Steps to reproduce
- Log into a local Drupal site as a user who may use overlay.
- Add a link to a node body:
<a href="http://drupal.org/node/add">Add content on Drupal.org</a>
- Save the node and click the link. It will open in overlay.
Note: this is not reproducible if the site is in a subdirectory. The site in question should be at the domain root to reproduce, e.g. http://mysite.com
or http://localhost
.
Expected result
The browser loads http://drupal.org/node/add.
Actual result
The browser opens the current site's node/add
page in an overlay.
Proposed resolution
In the overlay javascript function that checks for administrative links, skip external links.
Remaining tasks
None. The patch is approved by the overlay maintainer and has been confirmed to resolve the issue.
User interface changes
None.
API changes
None.
Original report by @thekevinday
Overlay is enabled for current user for some website, lets call it http://my.website/
.
The user is currently on an arbitrary page with the following link, and is currently not in an overlay:
<a href="http://drupal.org/node/add/page">Add A Page on Drupal.org</a>
The link above is an external link to an arbitrary url that has /node/add
somewhere in its path.
When the url is external and explicitly has /node/add
somewhere in its url, the overlay javascript mistakenly thinks that it should open up: http://my.website/node/add/page
instead of the external page http://drupal.org/node/add/page
.
Comment | File | Size | Author |
---|---|---|---|
#2 | 1174686-2.external-admin-links.patch | 1.08 KB | ksenzee |
Comments
Comment #1
ksenzeeOuch! Confirmed this does indeed happen. I'll take a look at it.
Comment #2
ksenzeeAttaching a patch that checks whether a link is external to the site before deciding whether it's administrative or not.
Comment #3
thekevinday CreditAttribution: thekevinday commentedSolves the problem.
I have not noticed anything break as a result of this patch.
Comment #4
Rob C CreditAttribution: Rob C commentedSubscribe
Comment #5
catchTagging for backport.
Comment #6
xjm#2: 1174686-2.external-admin-links.patch queued for re-testing.
Comment #7
xjmSummary added.
Comment #8
ksenzeeThat's a lovely summary. Although I also liked xjm's summary in IRC: "I AM HELPFUL OVERLAY. I HELP YOU WITH OVERLAY. OTHER SITE, MY SITE. HELPING!"
Comment #9
Dries CreditAttribution: Dries commentedCommitted to 7.x and 8.x. Thanks -- these issue summaries are awesome! :)
Comment #11
Pocketpain CreditAttribution: Pocketpain commentedSub
Comment #11.0
Pocketpain CreditAttribution: Pocketpain commentedUpdated issue summary.