Problem/Motivation

Pathologic is using scheme_allow_list to avoid processing some urls (previously known as scheme_whitelist and pathologic_schema_whitelist in D7). Under some circumstances the setting can be null (for example when it is config ignored). This has been already reported and mitigated at #3216344: \Drupal::config returns null if the config isn't set. In that case, there's no error, but pathologic does not replace absolute urls.

Steps to reproduce

Import any pathologic.settings.yml without the scheme_allow_list. Create some content with a formatted text field and the pathologic filter applied in that text format. Enter in the formatted text field a link with an absolute url with a base_url included in the pathologic configuration (the base_url of the link should be different to the current site/environment base_url). The base_url of the link won't be replaced as expected.

Proposed resolution

Use ['http', 'https', 'files', 'internal'] as fallback instead of empty array, as it was in D7: #1834308: Configurable white-list for $parts['scheme'], which will allow schema links to be passed to hook_pathologic_alter()

Remaining tasks

- Patch
- Review
- Test

User interface changes

None

API changes

None

Data model changes

None

Issue fork pathologic-3571666

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

akalam created an issue. See original summary.

akalam’s picture

akalam commented
Status: Active » Needs review

I've created a MR with the proposed fix: https://git.drupalcode.org/project/pathologic/-/merge_requests/18

akalam opened merge request !18

dww made their first commit to this issue’s fork.

  • dww committed 03013db4 on 2.0.x authored by akalam 
    fix: #3571666 Provide a default value for scheme_allow_list

By: akalam...
dww’s picture

dww
we/he/they
commented
Status: Needs review » Fixed

I was somewhat reluctant to merge this. In theory, whatever we ship in config/install/pathologic.settings.yml should be installed. There's a post_update to convert sites with older config to use the new setting name. We're not supposed to need defensive code like this, and it's up to sites to ensure they have valid config.

However, the tech debt/bloat is not that much, and especially since this is a text filter, better to "fail safe" in situations where the config isn't defined. So I went ahead and merged.

Thanks!
-Derek

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.