Problem/Motivation

In #3236497: Allow other modules to opt out or use verbose security release message from update_page_top we are going remove the hard-coded list of routes that update security messages should NOT be displayed on and replace it with a route option.

for modules the update module does not provide it will be set the option in UpdateRouteSubscriber

Right now the update module only excludes 2 paths besides its own system.theme_install, system.status.

It should also exclude system.batch_page.html as the messages are never displayed on the batch pages but if the hook is still called on this rout. This means that pages after batch may have the message even if they are excluded in update_page_top() because the message service will display the message from the previous request.

I can't think of a reason why the we need to set the message during batch.

We have to exclude it here #3236405: After update old message about security update is still displayed in the Automatic Updates module but it should be the Update module's responsibility to exclude this path.

Proposed resolution

Exclude system.batch_page.html in update_page_top() or after #3236497: Allow other modules to opt out or use verbose security release message from update_page_top exclude it in UpdateRouteSubscriber

Remaining tasks

Issue fork drupal-3238311

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

tedbow created an issue. See original summary.

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Active » Reviewed & tested by the community

Looks good!

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Reviewed & tested by the community » Active

whoops wrong tab

phenaproxima’s picture

phenaproxima
he/him
Primary language English
Location Massachusetts
commented
Title: Exlude system.batch_page.html from setting update security message » Exclude system.batch_page.html from setting update security message

tedbow opened merge request !1219

dww’s picture

dww
we/he/they
commented
Status: Active » Needs review

Looks like this needs review, updating status. No time right now to closely review it, doing some informal update.module issue queue triage...

Thanks,
-Derek

dww’s picture

dww
we/he/they
commented

p.s. I'm tempted to call this a bug. We almost certainly shouldn't be setting this message while processing batches. I think that was 100% an oversight in the original implementation.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

joachim’s picture

joachim commented
Status: Needs review » Reviewed & tested by the community

LGTM.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Version: 9.4.x-dev » 9.3.x-dev
Category: Task » Bug report
Status: Reviewed & tested by the community » Fixed

I agree with @dww - this is a bug.

Committed and pushed f37eaca35b8 to 10.0.x and 75edbaebbff to 9.4.x and 61a12bcdb52 to 9.3.x. Thanks!

  • alexpott committed f37eaca on 10.0.x 
    Issue #3238311 by tedbow: Exclude system.batch_page.html from setting...

  • alexpott committed 75edbae on 9.4.x 
    Issue #3238311 by tedbow: Exclude system.batch_page.html from setting...

  • alexpott committed 61a12bc on 9.3.x 
    Issue #3238311 by tedbow: Exclude system.batch_page.html from setting...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.