Problem/Motivation

I noticed in my logs that a referrer is using https://www.example.com// to direct users to my site. Notice the double slash. The site seems to get redirected to a single slash which is great, but the following PHP warning still occurs when AliasManager->getAliasByPath('//') is called by a contrib module’s (protected_pages) KernelEvents::RESPONSE event subscriber.

Warning: array_key_exists(): The first argument should be either a string or an integer in Drupal\Core\Path\AliasWhitelist->get() (line 120)

CommentFileSizeAuthor
#3 URL alias.png39.44 KBmitthukumawat
#2 3215098-fix-getAliasByPath-with-multiple-slash-9.2.x-2.patch761 bytesdaniel korte
#2 3215098-fix-getAliasByPath-with-multiple-slash-8.9.x-2.patch753 bytesdaniel korte

Comments

Daniel Korte created an issue. See original summary.

daniel korte’s picture

daniel korte
he/him/his
Primary language English
Location Brooklyn, NY
commented
Assigned: daniel korte » Unassigned
Status: Active » Needs review
StatusFileSize
new 3215098-fix-getAliasByPath-with-multiple-slash-8.9.x-2.patch753 bytes
new 3215098-fix-getAliasByPath-with-multiple-slash-9.2.x-2.patch761 bytes
mitthukumawat’s picture

mitthukumawat commented
StatusFileSize
new URL alias.png39.44 KB

I have applied the patch in drupal 9.3.x-dev version and it is working as expected.
Testing steps:
# Added a new url alias having // in alias to redirect on another existing page.
# Accessed this url and getting Warning: array_key_exists(): The first argument should be either a string or an integer in Drupal\path_alias\AliasWhitelist->get() (line 95 of /var/www/html/Contribution/93dev/codebase/core/modules/path_alias/src/AliasWhitelist.php)
# Applied patch and accessed the page having // in url alias.
# PHP error not appearing now.

Adding screenshot for reference.

Version: 8.9.x-dev » 9.2.x-dev

Drupal 8 is end-of-life as of November 17, 2021. There will not be further changes made to Drupal 8. Bugfixes are now made to the 9.3.x and higher branches only. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.15 was released on June 1st, 2022 and is the final full bugfix release for the Drupal 9.3.x series. Drupal 9.3.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.4.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.9 was released on December 7, 2022 and is the final full bugfix release for the Drupal 9.4.x series. Drupal 9.4.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.5.x-dev branch from now on, and new development or disruptive changes should be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

smustgrave’s picture

smustgrave commented
Status: Needs review » Needs work
Issue tags: +Needs Review Queue Initiative, +Needs tests

This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request as a guide.

Did not test the issue but will need a test case to demonstrate the issue please

Thanks.

douggreen’s picture

douggreen commented

The problem is more pervasive than this. If you visit /index.php5, something takes everything after "index.php" as the path alias, and you end up here with the path part set to "5" which throws an error.

Version: 9.5.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.