This was reported as a security issue for revealing the path in messages about the warnings and notices, but our policy says that should be handled in public without an advisory.
Steps to reproduce:
1. with a standard install, create a node with a term, on a site with php set to show all warnings/notices
2. visit taxonomy/term/1 and see the term listing page
3. visit taxonomy/term/1. (with the period) and see warnings and notices before seeing the normal page content
Expected results:
* As in 3, but without the warnings and notices.
Credit for finding this bug is to https://www.drupal.org/user/1472106
Comment | File | Size | Author |
---|---|---|---|
#2 | 2641940_avoid_notices_on_floats.patch | 473 bytes | greggles |
Comments
Comment #2
gregglesComment #3
gregglesForgot to set Needs Review.
Comment #4
gregglesAlso, I did a small amount of testing on Drupal 8 and did not find a similar issue, though my test wasn't exhaustive. It's likely this only needs to be fixed in Drupal 7 (and perhaps 6).
Comment #5
poker10 CreditAttribution: poker10 at ActivIT s.r.o. commentedThis was fixed for entities by #2830428: Fix behaviour of entity_load when passed ids with a trailing dot.