See discussion in #2529514-38: Replace system.filter::protocols with container parameters and below

The patch that got committed did :

+++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -466,8 +466,8 @@ public function preHandle(Request $request) {
     // Set the allowed protocols once we have the config available.
-    $allowed_protocols = $this->container->get('config.factory')->get('system.filter')->get('protocols');
-    if (!isset($allowed_protocols)) {
+    $allowed_protocols = $this->container->getParameter('filter_protocols');
+    if (!$allowed_protocols) {
       // \Drupal\Component\Utility\UrlHelper::filterBadProtocol() is called by
       // the installer and update.php, in which case the configuration may not
       // exist (yet). Provide a minimal default set of allowed protocols for
       $allowed_protocols = array('http', 'https');
     }
     UrlHelper::setAllowedProtocols($allowed_protocols);

- The code comment still talks about the *config* possibly not existing yet.
- As @Fabianx points, the parameter not existing in the container would throw an Exception, so the only case when the if() code runs is if 'filter_protocols' exists and is an explicit NULL or FALSE or '' in the container, which seems unlikely (and not the kind of things we babysit ?)

It looks like that snippet had a straighforward conversion from "if (!config->get())" to "if (!container->getParameter())", but :
- both sources don't behave the same on "doesn't exist"
- the "doesn't exist" case actually seems to be dead code, since an exception would be thrown one line above, which doesn't seem to happen since we're currently green.

Thus, looks like we can simplifying this ? Patch coming up

CommentFileSizeAuthor
#9 interdiff.txt551 bytesyched
#9 2541560_filter_protocols_simplify-9.patch1.91 KByched
#1 2541560_filter_protocols_simplify-1.patch1.83 KByched

Comments

yched’s picture

yched commented
Status: Active » Needs review
StatusFileSize
new 2541560_filter_protocols_simplify-1.patch1.83 KB

Patch.

yched’s picture

yched commented
Parent issue: » #2529514: Replace system.filter::protocols with container parameters
fabianx’s picture

fabianx commented 
  1. +++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -466,15 +466,7 @@ public function preHandle(Request $request) {
     // Set the allowed protocols once we have the config available.

    That comment needs work, too. 

  2. +++ b/core/modules/filter/filter.module
@@ -501,7 +501,7 @@ function _filter_url($text, $filter) {
-  $protocols = \Drupal::getContainer()->getParameter('filter_protocols') ?: ['http', 'https'];
+  $protocols = \Drupal::getContainer()->getParameter('filter_protocols');

    dawehner had one failing test here, lets see if this still passes without.

yched’s picture

yched commented
Issue summary: View changes
dawehner’s picture

dawehner
Primary language German
commented

This issue feels a bit dangerous now, given that we might need to rebuild the container in order to be able to generate URLs again ...

+++ b/core/lib/Drupal/Core/DrupalKernel.php
@@ -466,15 +466,7 @@ public function preHandle(Request $request) {
-    UrlHelper::setAllowedProtocols($allowed_protocols);
+    UrlHelper::setAllowedProtocols($this->container->getParameter('filter_protocols'));

+++ b/core/modules/filter/filter.module
@@ -501,7 +501,7 @@ function _filter_url($text, $filter) {
-  $protocols = \Drupal::getContainer()->getParameter('filter_protocols') ?: ['http', 'https'];
+  $protocols = \Drupal::getContainer()->getParameter('filter_protocols');
   $protocols = implode(':(?://)?|', $protocols) . ':(?://)?';

I'm actually understand now why it didn't passed for me for a while ... this was the case because core.services.yml was not patched at some point.

yched’s picture

yched commented

@dawehner : not sure I follow exactly, but do you think we should keep some safeguard code in DrupalKernel::preHandle() ?

Like : 

$filter_protocols = $this->container->hasParameter('filter_protocols') ? $this->container->getParameter('filter_protocols') : ['http', 'https'];
UrlHelper::setAllowedProtocols($filter_protocols);

I mean, I guess we could, but I'm not sure why we'd do this for 'filter_protocols' specifically, as opposed to all the other parameters / services that could go missing in a somehow incomplete container ? Especially if we don't seem to have a specific case of how such an incomplete container might happen (doesn't seem to be the case on installer ?)

yched’s picture

yched commented

As a side note, that's way outside the scope of that followup, but setting those "allowed protocols" in a global static in UrlHelper feels... very D7 ? :-)

fabianx’s picture

fabianx commented
Status: Needs review » Needs work

CNW for the comment change - that refers to config objects still.

Patch itself looks good.

yched’s picture

yched commented
Status: Needs work » Needs review
StatusFileSize
new 2541560_filter_protocols_simplify-9.patch1.91 KB
new interdiff.txt551 bytes

Comment fixed.

fabianx’s picture

fabianx commented
Status: Needs review » Reviewed & tested by the community

Thanks, RTBC.

dawehner’s picture

dawehner
Primary language German
commented

As a side note, that's way outside the scope of that followup, but setting those "allowed protocols" in a global static in UrlHelper feels... very D7 ? :-)

I totally agree it does but do you have a better idea without changing these APIs? The url generator is not the first place where we might need it.

yched’s picture

yched commented

I totally agree it does but do you have a better idea without changing these APIs?

Not really ;-) Looks like cleaning this would mean refactoring UrlHelper::stripDangerousProtocols() (and the other UrlHelper methods that rely on it : isExternal(), filterBadProtocol()) from static methods to a service that gets the protocols injected, can hardly be called non-intrusive.

I guess this stands out more now that the protocols are in the container, ready for injection, whereas it was more "meh, procedural legacy in a low-level API" when they were still in config. I guess we can live with it :-)

dawehner’s picture

dawehner
Primary language German
commented

Yeah not sure where else beside Url generation you would actually use it though.

yched’s picture

yched commented

@dawehner : not sure I understand what you're hinting - you mean the existing UrlGenerator might be that service where stripDangerousProtocols() could live ?

dawehner’s picture

dawehner
Primary language German
commented

Well yeah I was wondering, which places do actually need this functionality, just by looking at core, it is certainly not a lot.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Fixed

Dead code is permitted to be removed in the beta evaluation. Committed e50271a and pushed to 8.0.x. Thanks!

  • alexpott committed e50271a on 8.0.x 
    Issue #2541560 by yched, dawehner, Fabianx: Followup for [#2529514] -...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.