I am trying to make Smart Date work with FullCalendar View. Currently I am trying to make the drag and resize features of FullCalendar work with Smart Date (#3117690: Provide drag and resize editing support for Fullcalendar View).
Therefore I am extending from CalendarEventController. To make this work succesfully I would need to access the $csrftoken member property in the extended class. But this property is set to "private".
Would it be possible to change this to "protected"?
For reference: I am seeing a few places in Drupal core where csrftoken is used and none of that places seems to use "private" on the member. For example: https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Form%21Fo...
So it seems that "protected" access is somewhat standard here and should not impose a security problem here.
I am providing a small patch for this.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | make_csrftoken_protected_class_member-3117745-002.patch | 454 bytes | stefan.korn |
Comments
Comment #2
stefan.kornComment #3
mingsongHi Stefan,
Agree with you.
The PHP OOP access modifiers are used to control the visibility for maintaining data integrity.
I don't think we can rely on them as a security approach.
Comment #6
mingsong