This bug comes down to a few key areas. In the settings form, anything which is not checked is assigned to false and cast then saved as "0". This is fine, however when it comes to gather the available tokens the following comparison is made to determine if the token is allowed:

$allowed_options[$token] === $token

When we are building the form, the checkboxes widget is populated with settings like so:

foreach ($tokens as $token => $description) {
  $options[$token] = $category . ' : [' . $token . '] : ' . t($description['description']);
}

Here lies out bug. If the token's key is "0" which also happens to be the default option for a disabled token state, it will be considered "enabled' erroneously. The "Entity Token" module has several tokens whose keys are 0, which can clutter up the token selection form when admins with to lock it down.

CommentFileSizeAuthor
#1 2273673-token-disable-bug.patch702 bytessam152

Comments

sam152’s picture

sam152 commented
StatusFileSize
new 2273673-token-disable-bug.patch702 bytes

My fix for this issue was the key the checkboxes with a prefix, instead of passing the token's key directly into the form API. This ensures the options will never have a "0" key, ensuring all tokens can be disabled.

jelle_s’s picture

jelle_s
Primary language Dutch
Location Antwerp, Belgium
commented
Status: Active » Fixed

Thank you for the report, and the patch. There are some changes in 2.2 that fix this issue

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.