This was reported as a security issue for revealing the path in messages about the warnings and notices, but our policy says that should be handled in public without an advisory.

Steps to reproduce:
1. with a standard install, create a node with a term, on a site with php set to show all warnings/notices
2. visit taxonomy/term/1 and see the term listing page
3. visit taxonomy/term/1. (with the period) and see warnings and notices before seeing the normal page content

Expected results:
* As in 3, but without the warnings and notices.

Credit for finding this bug is to https://www.drupal.org/user/1472106

CommentFileSizeAuthor
#2 2641940_avoid_notices_on_floats.patch473 bytesgreggles
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

greggles created an issue. See original summary.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
CreditAttribution: greggles at CARD.com commented
Issue summary: View changes
FileSize
2641940_avoid_notices_on_floats.patch473 bytes
greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
CreditAttribution: greggles at CARD.com commented
Status: Active » Needs review

Forgot to set Needs Review.

greggles’s picture

greggles
he/him
Primary language English
Location Denver, Colorado, USA
CreditAttribution: greggles at CARD.com commented

Also, I did a small amount of testing on Drupal 8 and did not find a similar issue, though my test wasn't exhaustive. It's likely this only needs to be fixed in Drupal 7 (and perhaps 6).

poker10’s picture

poker10 CreditAttribution: poker10 at ActivIT s.r.o. commented
Status: Needs review » Closed (outdated)

This was fixed for entities by #2830428: Fix behaviour of entity_load when passed ids with a trailing dot.