Experimental project
This is a sandbox project, which contains experimental code for developer use only.
Users can wreak havoc on a site by accidentally (or intentionally) creating a URL aliases which correspond to administrative or otherwise important URLs. (For example 'admin', 'sites', etc).
See, for example:
#121362: Do not allow existing or reserved paths as aliases
#366275: 403 on alias 'sites'
#757732: Overriding Drupal paths
#803382: Manually entered path can override another Drupal internal path
#1018960: Add hook_path_validate() API
Path restrict adds a simple validate handler to the alias element on the node add form to prevent users from hijacking restricted paths.
By default, Path restrict protects:
node
node/*
user
user/*
admin
admin/*
Contributed modules can define their own restricted paths by implementing hook_reserved_paths()
. See path_restrict.api.php
.
Administrators may bypass the URL alias validation by using the administrative interface.
Project information
- Seeking co-maintainer(s)
Maintainers are looking for help reviewing issues. - Module categories: Administration Tools
- Created by bfroehle on , updated