Problem/Motivation

#1830588: [META] remove drupal_set_title() and drupal_get_title() removed drupal_set_title(). However the solution of adding #title in controllers missing the sanity check that drupal_set_title provided.So all #title taking care of String::checkPlain, if no 2nd param passed in drupal_set_title.

Proposed resolution

This can be fixed by a static method in Drupal, say Drupal::formatTitle() (may be with) below functionality.

public static function formatTitle($title = NULL, $output = CHECK_PLAIN) {
 $stored_title = &drupal_static(__FUNCTION__);
  if (isset($title)) {
    $stored_title = ($output == PASS_THROUGH) ? $title : String::checkPlain($title);
  }

  return $stored_title;
}

Remaining tasks

Discuss
patch
test

User interface changes

No

API changes

No

#1830588: [META] remove drupal_set_title() and drupal_get_title()

Comments

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna commented
Issue summary: View changes
Issue tags: +metatag, +Contributed project blocker

This is a dependency for the Metatag port to D8: #2052441: Port Metatag to Drupal 8

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna commented

It seems that the final page title is output by \Drupal\Core\Render\MainContent\HtmlRenderer::renderResponse(), if the method's first argument contains an element '#title' it is used, otherwise it looks for a TitleResolver object.

Berdir’s picture

Berdir
Primary language German
Location Switzerland
CreditAttribution: Berdir commented

I don't think this issue is really related to your problem, this is about checkPlain/security, which has been solved differently now I think.

I guess we need a new issue, agreed that it is a problem, there might be already one, we should check with @dawehner.

Personally, I thought for a while that there should be a hook or even that allows to alter the response returned by the controller, when it is a render array at least. That would allow me to remove some tricky route alters as well.

Looking a bit closer, it might be possible, the interesting part is actually MainContentViewSubscriber, which then calls the responsible renderer based on the format. And that itself is a KernelEvents::VIEW event, but without an explicit priority. We should be able to add an event listener for that that runs first, does the same check (whether getControllerResult() is an array) and then you can change #title there. Or anything else.

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna commented
Issue tags: -metatag, -Contributed project blocker

OK, ISWYM. I opened #2472011: Provide module/controller-independent method of changing a page's title so I can dig into it.

vijaycs85’s picture

vijaycs85
Location London, UK
CreditAttribution: vijaycs85 as a volunteer and at Capgemini commented
Status: Active » Closed (won't fix)

Just had a word with @dawehner and looks like we are doing a check at output level and I don't see a reason why we should not check markup.