if (in_array(FilterInterface::TYPE_HTML_RESTRICTOR, $filter_types_to_skip)) {
    $filter_types_to_skip = array_diff($filter_types_to_skip, array(FilterInterface::TYPE_HTML_RESTRICTOR));
  }
// ...
  foreach ($filters as $filter) {
    // If necessary, skip filters of a certain type.
    if (in_array($filter->getType(), $filter_types_to_skip)) {
      continue;
    }
    if ($filter->status) {
      $text = $filter->prepare($text, $langcode);
    }
  }

When someone puts in a $filter->getType == somewhere and I put in FilterInterface::TYPE_HTML_RESTRICTOR . 'foo' to be skipped then things will really go sideways: array_diff compares on (string) $elem1 === (string) $elem2 so "1foo" !== "1" but sure as hell "1foo" == 1! Do you want to audit everything that comes into contact with the html restrictor type to not use the == sign? Let's not bear traps into core, mkay?

  function _filter_needs_applying($filter, $filter_types_to_skip) {
    $type = $filter->getType();
    return $filter->status && ($type == FilterInterface::TYPE_HTML_RESTRICTOR || !in_array($type, $filter_types_to_skip));
  }
  foreach ($filters as $filter) {
    if (_filter_needs_applying($filter)) {
      $text = $filter->prepare($text, $langcode);
    }

Use a closure if you like that better. Same loop for process.

CommentFileSizeAuthor
#6 interdiff.txt972 bytesWim Leers
#6 2274795-6.patch2.16 KBWim Leers
#3 2274795-1.patch2.14 KBWim Leers
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

chx’s picture

chx CreditAttribution: chx commented
Related issues: +#2217877: Text filters should be able to add #attached, #post_render_cache, and cache tags
Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers commented
Assigned: Unassigned » Wim Leers
Related issues: -#2217877: Text filters should be able to add #attached, #post_render_cache, and cache tags

Will get this done. Thanks for the report!

Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers commented
Status: Active » Needs review
FileSize
2274795-1.patch2.14 KB
chx’s picture

chx CreditAttribution: chx commented

+ $skipped_filter_type = $type !== FilterInterface::TYPE_HTML_RESTRICTOR

Again, this will not match 1foo and then all you have left is praying that everything else also does a === when comparing to the TYPE_HTML_RESTRICTOR (Edit: maybe now it does and what about a core patch two years from now...? That's what I meant with bear traps.) . Rather use != the broader match here is very helpful.

chx’s picture

chx CreditAttribution: chx commented

I think that applying De Morgan's laws on this makes it easier to read:

    $skipped_filter_type = $type !== FilterInterface::TYPE_HTML_RESTRICTOR && in_array($type, $filter_types_to_skip);
    return $enabled && !$skipped_filter_type;

becomes:

    $filter_type_needs_processing = $type == FilterInterface::TYPE_HTML_RESTRICTOR || !in_array($type, $filter_types_to_skip);
    return $enabled && $allowed_filter;

You only have one negation so you don't need to reapply the same ruleset in your head.

Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers commented
Assigned: Wim Leers » Unassigned
Issue tags: +Security, +Quick fix
FileSize
2274795-6.patch2.16 KB
interdiff.txt972 bytes

Done.

tstoeckler’s picture

tstoeckler
he/him
Primary language German
Location Essen, Germany
CreditAttribution: tstoeckler commented
Issue tags: +Needs benchmarks

Since this is a couple more function calls, and check_markup() is in the critical path, I think this would need some benchmarks. I don't think there's anything terrible there but we should make sure.

Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers commented
Issue tags: -Needs benchmarks

check_markup() is not in the critical path anymore, and hasn't been for a while (not anymore since #1605290: Enable entity render caching with cache tag support, and especially since #2099131: Use #pre_render pattern for entity render caching).

tstoeckler’s picture

tstoeckler
he/him
Primary language German
Location Essen, Germany
CreditAttribution: tstoeckler commented
Status: Needs review » Reviewed & tested by the community

Hmm... that seems to be true. :-)

I clicked around, created some nodes, etc. pp. and the most often I could get check_markup() to be called on a single request was 8 times. So no point in benchmarking a few function calls here or there.

Awesome!

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott commented
Status: Reviewed & tested by the community » Fixed

Committed fa0641b and pushed to 8.x. Thanks!

  • Commit fa0641b on 8.x by alexpott: 
    Issue #2274795 by Wim Leers | chx: Simplify (and defuse) the filter...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.