Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
When performing in_array() comparisons on strings, especially in security/access components - we should pass TRUE to the third parameter of in_array() to ensure a strict (===) comparison.
Proposed resolution
Do it.
Remaining tasks
Review
User interface changes
None
API changes
None
Comment | File | Size | Author |
---|---|---|---|
#7 | node-access-strict-2337227-7.patch | 1.18 KB | er.pushpinderrana |
#1 | node-access-strict-2337227.1.patch | 1.14 KB | larowlan |
Comments
Comment #1
larowlanComment #2
chx CreditAttribution: chx commentedWhile the chances of calling a field "0" is not high... let's not open that door.
Comment #3
BerdirYeah, field names are *supposed* to be lowercase, but we only validate that for configurable fields at the moment.
I doubt it would work to have a field named Bla and one bla, so doesn't make much difference practically, but fine with me ;)
Comment #4
Wim LeersCould you please delay committing this patch until #2287071: Add cacheability metadata to access checks is committed? That ~300K patch is very, very painful to reroll and this one will conflict. Sorry, and thanks for your consideration. I will help with rerolling this patch if you like.
Comment #6
alexpott#2287071: Add cacheability metadata to access checks landed
Comment #7
er.pushpinderrana CreditAttribution: er.pushpinderrana commentedRerolled #1 patch.
Comment #8
Wim LeersComment #10
alexpottCommitted e07bf5f and pushed to 8.0.x. Thanks!