Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
URL: .../book/export/html/[node-ID]
Exception: v Drupal\book\BookExport->bookExportHtml() (line 72 file /core/modules/book/src/BookExport.php).
Steps to reproduce
1. Install drupal with standard profile
2. Enable book module
3. Create a node (any type, just don't add it to a book), expected to be node 1.
4. Visit /book/export/html/1
Comment | File | Size | Author |
---|---|---|---|
#22 | 2901143-after_patch.png | 38.57 KB | Abhijith S |
#22 | 2901143-before_patch.png | 30.71 KB | Abhijith S |
#21 | interdiff_19_21.txt | 591 bytes | anmolgoyal74 |
#21 | book-2901143-21-error_on_export.patch | 1.91 KB | anmolgoyal74 |
| |||
#19 | interdiff_12-19.txt | 2 KB | mindbet |
Comments
Comment #2
cilefen CreditAttribution: cilefen commentedIs that the entire exception message?
Comment #3
hop CreditAttribution: hop commentedYes, it is.
Comment #4
cilefen CreditAttribution: cilefen commentedThe comment for this generic exception is: "Thrown when the node was not attached to a book."
Comment #5
swentel CreditAttribution: swentel as a volunteer commentedBeen bitten by this too.
I wonder why we throw such a hard exception here, can't we just simply return an empty array (or whatever we need there), it's so harsh for users.
Comment #6
swentel CreditAttribution: swentel as a volunteer commentedI would be nice if the exception would say which node is throwing the exception too, or logging it at least.
Another option would be to harden the access check to check on $node->book and if it doesn't exist return access denied for example.
The way I could reproduce it was because I was printing the export link manually without checking if $node->book existed. The user was then presented with a 500, but this could be nicer.
Comment #7
ptmkenny CreditAttribution: ptmkenny commentedComment #8
simeAdded steps to reproduce which requires knowing the route
book/export/html
. I do not believe this is accessible via any UI links.Comment #9
simeTests only. (there is some excess lines in there, ignore the last two new lines)
Comment #10
simeComment #11
simeComment #12
simeAdd assertion to confirm the warning message.
Comment #13
simeComment #14
anu.a_95 CreditAttribution: anu.a_95 commentedApplied patch #12 successfully
Before applying the patch, when we create any content type other than Book (Book module is enabled) and try to export that node by going to url like /book/export/html/[node-ID] the website will encounter an error. We can check the error by looking in the log messages.
Exception error before patch
After the patch, we won't get an error like "Website encountered an error". The exception is handled and we will get a "Page not found" warning message.
Page not found warning after the patch
Logged warning message after the patch
Comment #15
tanubansal CreditAttribution: tanubansal at Salsa Digital commentedAfter adding patch #12, its showing me that the content cannot be exported.
'New Updated Test article title is not in a book and cannot be exported. '
Comment #16
anu.a_95 CreditAttribution: anu.a_95 commentedComment #17
larowlanThis is looking good
I looked into whether outputting the node title is a security issue here, but the route already does access checking for the node.
I'm wondering if we should instead be adding an access callback that checks the node is book-enabled, and let it be handled higher up the stack?
should this be 'any nodes' or 'a node'?
this looks to duplicate the previous test - if so - we don't need two tests for the same thing
Comment #19
mindbet CreditAttribution: mindbet as a volunteer commentedThe attached patch makes tiny changes to address 17.1 and 17.2
To try to answer the thought:
I'm wondering if we should instead be adding an access callback...
For simplicity's sake, I think it is better to do the node type check here in the book module
rather trying to insert it into the routing system.
/book/export/html/[nid]
calls BookController::bookExport
calls the book.export service
calls BookExport
The current patch does the check in BookController.
Comment #20
mindbet CreditAttribution: mindbet as a volunteer commentedchange to 'needs review' for testing
Comment #21
anmolgoyal74 CreditAttribution: anmolgoyal74 at OpenSense Labs for DrupalFit commentedFixed minor CS error message.
Comment #22
Abhijith S CreditAttribution: Abhijith S as a volunteer and at Zyxware Technologies commentedApplied patch #21 and it works fine.
Before patch:
After patch:
RTBC +1
Comment #27
smustgrave CreditAttribution: smustgrave at Mobomo commentedThis issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request as a guide.
Verified this issue exists on D10
On Drupal 10.1.x with a standard install
Follow the steps in the IS and confirm I get the fatal error
Apply fix and follow steps again and I get a 404
Code looks fine. Triggered for D10 tests.
Comment #28
smustgrave CreditAttribution: smustgrave at Mobomo commentedPatch #21 passed 10.1 tests and review was done in #27
Good job!
Comment #29
quietone CreditAttribution: quietone at PreviousNext commentedThis Issue Summary does not have a proposed resolution. How is the error handling being improved? It really helps the reviewer/committer to know what it expected.
I see that patch is being re-tested on a unsupported version of Drupal. Let's get that updated.
Finally, I looked at the patch I don't think that #17.2 has been addressed. We are testing twice that a non book node results in a 404. It would also be easier to read if the arrays were on multiple lines.
Comment #31
quietone CreditAttribution: quietone at PreviousNext commentedThis extension is being deprecated, see #3376070: [Meta] Tasks to deprecate Book module. It will be removed from core and moved to a contrib project, #3376101: [11.x] [Meta] Tasks to remove Book.
This is now Postponed. The status is set according to two policies. The Remove a core extension and move it to a contributed project and the Extensions approved for removal policies.
This issue may be re-opened if it can be considered critical, If unsure, re-open the issue and ask in a comment.