Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 UTC on 18 March 2024, to get $100 off your ticket.
Currently the file_field_widget_uri() function calls token_replace() on the upload directory path, but it improperly duplicates the 'current-user' token by injecting it with $data['user']. And the function also has a mystery $account parameter that is not used at all in core, and so I changed it to $data as an empty array which is passed into token_replace().
Comment | File | Size | Author |
---|---|---|---|
#8 | 984456-7.patch | 2.11 KB | bfroehle |
#4 | 984456-file-field-widget-uri-token-cleanup.patch | 2.89 KB | Dave Reid |
#2 | 984456-file-field-widget-uri-token-cleanup.patch | 1.38 KB | Dave Reid |
#1 | 984456-file-field-widget-uri-token-cleanup-D7.patch | 1.38 KB | Dave Reid |
Comments
Comment #1
Dave ReidComment #2
Dave ReidGrr, are patches with '-D7' still being ignored??
Comment #4
Dave ReidComment #6
moshe weitzman CreditAttribution: moshe weitzman commentedSeems like a useful patch. Can we fix the test failure? Migrate is starting to use this function.
Comment #7
bfroehle CreditAttribution: bfroehle commentedThis breaks the test, as we compare the token for the file (uploaded by uid = 2), with the token replacement for the current-user (uid = 1).
Powered by Dreditor.
Comment #8
bfroehle CreditAttribution: bfroehle commentedImplemented.
Comment #9
Dave ReidThanks for fixing the test failure. Looks good.
Comment #10
dawehnerComment #11
Dries CreditAttribution: Dries commentedCommitted to 7.x and 8.x. Thanks!
Comment #12
aspilicious CreditAttribution: aspilicious commenteduntagging