Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Child of #2392823: [meta] Much Views UI input is not validated.
Problem/Motivation
In #2341357: Views entity area config is not deployable and missing dependencies, we identified the fact that no validation is done on the entity ID configuration field. When an invalid value is entered, there is no validation error, and the area is silently empty with no indication of why it's not working.
Beta phase evaluation
Issue category | Bug because we are not validating input and not failing explicitly for invalid configuration. |
---|---|
Issue priority | The parent meta is major because of how widespread the problem is in Views plugins, but this specific issue has limited impact and so is normal. |
Prioritized changes | This is a prioritized change because the main goal of this meta issue is bugfixes and usability improvements. |
Disruption |
|
Proposed resolution
- Implement
\Drupal\views\Plugin\views\area\Entity::validateOptionsForm()
. - The allowed input could be:
- A serial content ID for content entities or a configuration ID for config entities.
- A replacement token like
%1
or!1
, if there is an argument on the view. - Potentially a global token like
[foo:bar]
.
Remaining tasks
- Decide if we should only accept argument replacement tokens when there are arguments on the view.
- Decide if we should only accept existing content or configuration IDs, or whether we should allow entering IDs in the correct format that do not exist. (The latter could result in unexpected behavior, but might also have some edgecase uses.)
- Determine how we should handle validation of the global tokens, which theoretically should have consistent/reused validation everywhere they are supported.
User interface changes
- Users will receive a validation error upon entering invalid values in the entity area handler and other plugins currently missing validation.
API changes
- None; the needed validation method already exists.
- Possibly some API additions if there are methods that would be useful to add for other plugins as well.
Comments
Comment #1
xjmComment #2
xjmComment #3
xjmComment #15
quietone CreditAttribution: quietone at PreviousNext commentedDiscussed at a Bug Smash group triage meeting. lendude and I agree that this is still valid.