Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
The Drupal Security Team and other contributrors wrote some tests for the core issue mitigated in/by https://www.drupal.org/sa-core-2020-009
Now that a few months have passed since that release, we can add the tests to core in public.
Steps to reproduce
n/a
Proposed resolution
Add tests for SA-CORE-2020-009
Remaining tasks
Patch, review, commit...
User interface changes
n/a
API changes
n/a
Data model changes
n/a
Release notes snippet
n/a
Comment | File | Size | Author |
---|---|---|---|
#8 | 3183301-8_d9.patch | 2.97 KB | mcdruid |
#8 | interdiff-3183301-6-8_d9.txt | 485 bytes | mcdruid |
#6 | 3183301-6_d8.patch | 2.95 KB | mcdruid |
#6 | interdiff-3183301-4-6_d8.txt | 773 bytes | mcdruid |
#6 | 3183301-6_d9.patch | 2.94 KB | mcdruid |
Comments
Comment #2
mcdruidD8 an D9 tests.
Comment #3
longwaveIs it safe to rely on the attribute ordering like this? I suppose the action test will fail if it doesn't match, but something like this seems more readable:
Comment #4
mcdruidGood idea, only problem is:
We can do something similar without the getter.
Comment #5
mcdruidOops typo:
Could be fixed on commit or I can do new patches. I'll wait for test results first.
Comment #6
mcdruidNew patches it is then...
Comment #7
longwaveOh, I'm so used to xpath in functional tests I forgot this was only SimpleXML in kernel tests.
Comment #8
mcdruidAdded cspell:ignore for D9.
Comment #9
longwaveLooks good to me now. Also confirmed that this test fails as expected on 9.0.5.
Comment #15
mcdruidAdding credit from the s.d.o issue pt.1
Comment #24
mcdruidAdding credit from the s.d.o issue pt.2
Comment #25
alexpottI tested #8 locally on 8.9.x and it passed. Therefore I'm backporting that one to 8.9.x because the protected $modules is good and the cspell comment doesn't matter and if we make future security related changes to this test later having exactly the same code makes things simpler.
Comment #26
alexpottCommitted and pushed 4f29fd7f6c to 9.2.x and 7bd7fee7e9 to 9.1.x and 77c02d1863 to 8.9.x. Thanks!