Add PASS_THROUGH argument to drupal_set_message() in dpm() [#2831622]

Since this is just an addition to drupal_set_message(), devel can be preemptive before the following lands in core: #2408955: drupal_set_message should filter output by default.

Comment	File	Size	Author
#3	add_pass_through-2831622-3.patch	1.39 KB	markhalliwell
#3	7.x-1.x: PHP 5.3 & MySQL 5.5, D7 3 pass
#2	add_pass_through-2831622-2.patch	1.22 KB	markhalliwell
#2	7.x-1.x: PHP 5.3 & MySQL 5.5, D7 3 pass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

30 November 2016 at 02:12

markcarver created an issue. See original summary.

Comment #2

markhalliwell

English

CreditAttribution: markhalliwell at Tag1 Consulting commented 30 November 2016 at 02:23

Status:

Active

» Needs review

File	Size
add_pass_through-2831622-2.patch	1.22 KB
7.x-1.x: PHP 5.3 & MySQL 5.5, D7 3 pass

Comment #3

markhalliwell

English

CreditAttribution: markhalliwell at Tag1 Consulting commented 30 November 2016 at 02:29

File	Size
add_pass_through-2831622-3.patch	1.39 KB
7.x-1.x: PHP 5.3 & MySQL 5.5, D7 3 pass

1 file was hidden/shown/deleted

File	Size
add_pass_through-2831622-2.patch	1.22 KB
7.x-1.x: PHP 5.3 & MySQL 5.5, D7 3 pass

Forgot to add some commenting to explain why this is needed.

Also, it should be noted that this isn't an issue in 8.x because Twig auto-escapes.

Comment #4

jvogt CreditAttribution: jvogt commented 30 November 2016 at 23:24

Should this patch address the issue we're experiencing with Devel + Bootstrap 3.8+? I ran the patch (add_pass_through-2831622-3.patch), but the dpm() output is still broken.

I also tested it manually like so:

$export = kprint_r($form_state, TRUE, 'form_state');
drupal_set_message($export, 'status', 'true', PASS_THROUGH);

No luck there either. Is there something I need to do to make PASS_THROUGH function?

Stats:

* Core 7.52
* Devel 7.x-1.5
* Bootstrap 7.x-3.10

Thanks in advance for any advice!

Comment #5

markhalliwell

English

CreditAttribution: markhalliwell at Tag1 Consulting commented 30 November 2016 at 23:58

This issue is preemptive in the sense that it can technically be committed without currently breaking anything.

However, this patch will technically only work if core is patched as well: #2408955: drupal_set_message should filter output by default.

Comment #6

jvogt CreditAttribution: jvogt commented 1 December 2016 at 00:16

I see. Thanks, I'll give that a try.

Comment #7

MustangGB CreditAttribution: MustangGB commented 24 February 2017 at 11:54

Here is an alternative to allow the XSS filter to remain, and instead fix Krumo #2855666: Make Krumo compatible with XSS injection protection to drupal_set_message().

Comment #8

MustangGB CreditAttribution: MustangGB commented 20 October 2017 at 11:33

Category:	Task	» Feature request
Status:	Needs review	» Postponed

There is no indication that #2408955: drupal_set_message should filter output by default will be accepted into core, so postponing for the time being.

Comment #9

MustangGB CreditAttribution: MustangGB commented 16 February 2019 at 22:50

Status:

Postponed

» Closed (won't fix)

Resolved by #2855666: Make Krumo compatible with XSS injection protection to drupal_set_message().

Add PASS_THROUGH argument to drupal_set_message() in dpm()

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Related issues

Referenced by

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community