Problem/Motivation

Overlay's javascript automatically opens administrative paths in an overlay, but does not check whether these paths are actually on the current domain.

Steps to reproduce

  1. Log into a local Drupal site as a user who may use overlay.
  2. Add a link to a node body: <a href="http://drupal.org/node/add">Add content on Drupal.org</a>
  3. Save the node and click the link. It will open in overlay.

Note: this is not reproducible if the site is in a subdirectory. The site in question should be at the domain root to reproduce, e.g. http://mysite.com or http://localhost.

Expected result

The browser loads http://drupal.org/node/add.

Actual result

The browser opens the current site's node/add page in an overlay.

Proposed resolution

In the overlay javascript function that checks for administrative links, skip external links.

Remaining tasks

None. The patch is approved by the overlay maintainer and has been confirmed to resolve the issue.

User interface changes

None.

API changes

None.

Original report by @thekevinday

Overlay is enabled for current user for some website, lets call it http://my.website/.

The user is currently on an arbitrary page with the following link, and is currently not in an overlay:
<a href="http://drupal.org/node/add/page">Add A Page on Drupal.org</a>

The link above is an external link to an arbitrary url that has /node/add somewhere in its path.
When the url is external and explicitly has /node/add somewhere in its url, the overlay javascript mistakenly thinks that it should open up: http://my.website/node/add/page instead of the external page http://drupal.org/node/add/page.

CommentFileSizeAuthor
#2 1174686-2.external-admin-links.patch1.08 KBksenzee
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ksenzee’s picture

Version: 7.2 » 8.x-dev
Assigned: Unassigned » ksenzee

Ouch! Confirmed this does indeed happen. I'll take a look at it.

ksenzee’s picture

Status: Active » Needs review
FileSize
1.08 KB

Attaching a patch that checks whether a link is external to the site before deciding whether it's administrative or not.

thekevinday’s picture

Status: Needs review » Reviewed & tested by the community

Solves the problem.
I have not noticed anything break as a result of this patch.

Rob C’s picture

Subscribe

catch’s picture

Issue tags: +Needs backport to D7

Tagging for backport.

xjm’s picture

xjm’s picture

Summary added.

ksenzee’s picture

That's a lovely summary. Although I also liked xjm's summary in IRC: "I AM HELPFUL OVERLAY. I HELP YOU WITH OVERLAY. OTHER SITE, MY SITE. HELPING!"

Dries’s picture

Status: Reviewed & tested by the community » Fixed

Committed to 7.x and 8.x. Thanks -- these issue summaries are awesome! :)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Pocketpain’s picture

Sub

Pocketpain’s picture

Issue summary: View changes

Updated issue summary.