Problem/Motivation

Getting Warning: Undefined array key 0 in Drupal\Core\Database\Query\Condition->condition() (line 114 of core/lib/Drupal/Core/Database/Query/Condition.php) when we add Language Interface filter on the view

Steps to reproduce

1. Create a view.
2. Add fields.
3. Filter the view using Content: Translation language then select Is one of select as operator and Interface text language selected for page

4. Save the view as a page.
5. View the created view using anonymous user.
6. Get the error message.

Proposed resolution

As per D10 update we saw that condition checks $value[0], the problem is that when adding Content: Translation language filter and used nterface text language selected for page as value the array key passed to the condition is ***LANGUAGE_language_interface***. We must update the value to use the correct array key to correct the issue.

Problem/Motivation

Currently the test checks that text is not present on the page, however it does this as the anonymous user which gets an access denied on this page anyway.

    $this->drupalGet('admin/content/block/' . $loaded->id());
    $this->assertSession()->pageTextNotContains($loaded->body->value);

pageTextNotContains() doesn't make sense here because the page is not available for anonymous user.

Steps to reproduce

NA

Proposed resolution

Login as $this->adminUser in the test.
per @xjm in #22 extend test coverage

Remaining tasks

Implement
Review

User interface changes

NA

API changes

NA

Data model changes

NA

Release notes snippet

NA

Problem/Motivation

On Dec 30, #3391990: Automated report on core config validatability landed. That now generates an up-to-date visualization of core config validatability daily:

It is currently underestimating (the brown and pink lines) because #3364109: Configuration schema & required values: add test coverage for `nullable: true` validation support did not update the ones listed/surfaced by #35. This issue does that.

Steps to reproduce

N/A

Proposed resolution

Mark the following as fully validatable

1. comment.settings
2. menu_ui.settings
3. node.settings
4. system.maintenance
5. system.feature_flags
6. taxonomy.settings

Most of these contain only type: boolean key-value pairs. The last one contains one type: integer with an explicit validation constraint (added in #3395563: Add validation constraints to taxonomy.settings). Another one contains only a type: text which already has validation constraints (since #3379102: Add validation constraint to `type: label` + `type: text`: disallow control characters)

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

See parents.

This issue is for:

• adding explicit (string), (int) and (bool) casts
• fixing incorrect type declarations
• fixing incorrect hardcoded values (floats to ints, ints to bools, etc)

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

In order to be able to cache the rendered output of views result rows, we need support for it when we render entity operation links, see the https://qa.drupal.org/pifr/test/1022293 test failure.

Steps to reproduce

• I added a new content type.
• Role X has "edit own" permissions for this content type, but no other node permissions except view published content.
• User A and User B both have Role X.
• Admin user creates two nodes of the new content type, and makes User A the author of one node, and User B the author of the other node.
• View is created to display all nodes of the new content type; the view includes the Operations Links field.
• When Admin is logged in, the operations links (Edit, Delete) are available in the view for both nodes (which is the expected behavior).
• User A logs in, and the Edit link is available in the view only for the node that has User A as author (which is the expected behavior).
• User B logs in, and the Edit link is available in the view only for the node that has User A as author, when it should be for User B as author.

Taken from #2653690: Operations links field in Views fails between users with "edit own" user permissions

Proposed resolution

Add an access key to each entity operation which contains an AccessResult object to determine whether the user has access to the operation. Use this to apply access to the rendered link, and bubble cacheability from the AccessResult object to the link.

Remaining tasks

Patch review

Problem/Motivation

Draft mode returns wrong revision of includes. I get default revision of second level paragraph instead of latest revision.

Technical problem:
When trying to access the working revision entity data with resourceVersion=rel:working-copy and using includes, the current revision of the referenced entities is being returned by the method "resolveIncludeTree" in IncludeResolver class. This method should return the data as per the revision being passed in the API query or the working revision.

Steps to reproduce

Install Content moderation;
Add support version negotiation for any entity type: "https://git.drupalcode.org/project/drupal/-/merge_requests/1365.patch"
Create paragraph type A;
Create paragraph type B;
Add paragraph reference field to paragraph A;
Create node with paragraph A (+ paragraph B inside A)
Publish node;
Create draft with changed B;
Check node json data with resourceVersion=rel:working-copy. Returned wrong revision of includes.

Proposed resolution

web/core/modules/jsonapi/src/IncludeResolver.php
loads included entity by id
$targeted_entities = $entity_storage->loadMultiple(array_unique($ids));

I suggest to load entities by revision id:
$targeted_entities = $entity_storage->loadMultipleRevisions(array_unique($revision_ids));

Problem/Motivation

Problem/Motivation

#3394741: BlockContentAccessControlHandler requires access block library permission for update, delete and revisions operations solved block access for update and delete but not create. The title left out "create" but several comments say that it works. Why as create left out? Hopefully this was just an oversight :)

Steps to reproduce

1. Install Drupal
2. Add a role that has create any basic block content permission
3. Try to create a block
4. Get a 403

Proposed resolution

Change checkCreateAccess() to only check for 'create' and not 'access block library'.

Remaining tasks

• See if the bot complains about the change
• Write a test

Problem/Motivation

Follow-up from #2659940: Extension System, Part III: ThemeExtensionList and ThemeEngineExtensionList

Steps to reproduce

NA

Proposed resolution

NA

Remaining tasks

Review

User interface changes

NA

API changes

Deprecate \Drupal\Core\Extension\ThemeHandlerInterface::getBaseThemes()

The \Drupal\KernelTests\AssertConfigTrait::assertConfigDiff() method doesn't properly handle diffs in which _core.default_config_hash was added in the middle of a config in database storage.

Problem/Motivation

Distribution maintainers are encouraged to use \Drupal\KernelTests\AssertConfigTrait::assertConfigDiff() in an install test so that they can catch when the on-disk copy of config for their installation profile needs to be updated to account for changes in database config storage (e.g., after schema upgrades, core upgrades, etc.). For example, Umami does this in \Drupal\Tests\demo_umami\Functional\DemoUmamiProfileTest::testConfig(). It appears that the method is designed to disregard diffs for the _core and uuid keys, but it only does this for Drupal\Component\Diff\Engine\DiffOpAdd -- if the config installer adds these values toward the middle of a config, the diff can flag them as a change, resulting in an assertion failure during tests.

Steps to reproduce

1. Using Composer, pull in the Crop API contrib module into your project.
2. Modify the Testing installation profile (testing.info.yml) so that it depends on crop as an install dependency.
3. Add the following to web/core/profiles/testing/config/optional/crop.type.free_crop.yml:
   

   langcode: en
   status: true
   dependencies: {}
   label: 'Free crop'
   id: free_crop
   description: 'A crop preset that is not constrained by aspect ratio. This is used on the homepage for the hero image and section dividers.'
   aspect_ratio: ''
   soft_limit_width: null
   soft_limit_height: null
   hard_limit_width: null
   hard_limit_height: null
   

4. Put the following code into web/core/profiles/testing/tests/src/Functional/TestingProfileTest.php:
   

   
   namespace Drupal\Tests\testing\Functional;
   
   use Drupal\Core\Config\FileStorage;
   use Drupal\Core\Config\InstallStorage;
   use Drupal\Core\Config\StorageInterface;
   use Drupal\KernelTests\AssertConfigTrait;
   use Drupal\Tests\BrowserTestBase;
   use Drupal\Core\Session\AccountInterface;
   use Drupal\Component\Render\FormattableMarkup;
   
   /**
    * Tests testing profile.
    *
    * @group testing
    */
   class TestingProfileTest extends BrowserTestBase {
     use AssertConfigTrait;
   
     /**
      * Tests the profile supplied configuration is the same after installation.
      */
     public function testConfig() {
       // Just connect directly to the config table so we don't need to worry about
       // the cache layer.
       $active_config_storage = $this->container->get('config.storage');
   
       $default_config_storage = new FileStorage($this->container->get('extension.list.profile')->getPath('testing') . '/' . InstallStorage::CONFIG_OPTIONAL_DIRECTORY, InstallStorage::DEFAULT_COLLECTION);
       $this->assertDefaultConfig($default_config_storage, $active_config_storage);
     }
   
     /**
      * Asserts that the default configuration matches active configuration.
      *
      * @param \Drupal\Core\Config\StorageInterface $default_config_storage
      *   The default configuration storage to check.
      * @param \Drupal\Core\Config\StorageInterface $active_config_storage
      *   The active configuration storage.
      */
     protected function assertDefaultConfig(StorageInterface $default_config_storage, StorageInterface $active_config_storage): void {
       /** @var \Drupal\Core\Config\ConfigManagerInterface $config_manager */
       $config_manager = $this->container->get('config.manager');
   
       foreach ($default_config_storage->listAll() as $config_name) {
         if ($active_config_storage->exists($config_name)) {
           $result = $config_manager->diff($default_config_storage, $active_config_storage, $config_name);
           $this->assertConfigDiff($result, $config_name, []);
         }
         else {
           $this->fail("$config_name has not been installed");
         }
       }
     }
   
   }
   

5. Run \Drupal\Tests\testing\Functional\TestingProfileTest using the test runner (for example, with a command line like /usr/local/bin/php ./web/core/scripts/run-tests.sh --php /usr/local/bin/php --sqlite ../results/test.sqlite --dburl mysql://pantheon:pantheon@database/pantheon --url http://testserver_1 --types PHPUnit-Functional --xml ../results --verbose --color --non-html --class '\Drupal\Tests\testing\Functional\TestingProfileTest').

The test will fail with the following error:

There was 1 error:

    1) Drupal\Tests\testing\Functional\TestingProfileTest::testConfig
    Exception: crop.type.free_crop:
    Drupal\Component\Diff\Engine\DiffOpChange::__set_state(array(
       'type' => 'change',
       'orig' =>
      array (
        0 => 'label: \'Free crop\'',
      ),
       'closing' =>
      array (
        0 => '_core:',
        1 => '  default_config_hash:
    rHGTFvM-sBD6K7VXD1NgB5PX99Da68jpqRPIEqlCo6M',
      ),
    ))

    /app/web/core/tests/Drupal/KernelTests/AssertConfigTrait.php:39
    /app/web/core/profiles/testing/tests/src/Functional/TestingProfileTest.php:48
    /app/web/core/profiles/testing/tests/src/Functional/TestingProfileTest.php:30
    /app/vendor/phpunit/phpunit/src/Framework/TestResult.php:726

    ERRORS!
    Tests: 1, Assertions: 1, Errors: 1.

If you modify \Drupal\Core\Config\ConfigManager::diff() to print out both of the files, the file in the database will look something like this:

uuid: 225e9acd-9970-4171-8baf-b637b452cdd9
langcode: en
status: true
dependencies: {  }
_core:
  default_config_hash: rHGTFvM-sBD6K7VXD1NgB5PX99Da68jpqRPIEqlCo6M
id: free_crop
label: 'Free crop'
description: 'A crop preset that is not constrained by aspect ratio. This
is used on the homepage for the hero image and section dividers.'
aspect_ratio: ''
soft_limit_width: null
soft_limit_height: null
hard_limit_width: null
hard_limit_height: null

If you diff that with the original config on the command-line, you get:

--- ./before.yaml       2022-08-03 00:43:49.881393000 -0400
+++ ./after.yaml        2022-08-03 00:44:03.802892000 -0400
@@ -1,8 +1,11 @@
+uuid: 225e9acd-9970-4171-8baf-b637b452cdd9
 langcode: en
 status: true
 dependencies: {  }
-label: 'Free crop'
+_core:
+  default_config_hash: rHGTFvM-sBD6K7VXD1NgB5PX99Da68jpqRPIEqlCo6M
 id: free_crop
+label: 'Free crop'
 description: 'A crop preset that is not constrained by aspect ratio. This
 is used on the homepage for the hero image and section dividers.'
 aspect_ratio: ''

The issue is that diff algorithms like the one in \Drupal\Component\Diff\Engine\DiffEngine flag the label key as having changed to _core.default_config_hash. The switch statement in \Drupal\KernelTests\AssertConfigTrait::assertConfigDiff() only takes these keys into account when it encounters a
Drupal\Component\Diff\Engine\DiffOpAdd result, but we can't just make the code apply to Drupal\Component\Diff\Engine\DiffOpChange in the switch because then we'd be skipping over other parts of the config that might also have changed in the same diff hunk.

Proposed resolution

Both of the configs being diffed should be sorted before being diffed, especially after #2852557: Config export key order is not predictable, use config schema to order keys for maps.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

When using PHP 8.1 the following warnings are displayed/logged.

Deprecated function: strnatcasecmp(): Passing null to parameter #2 ($string2) of type string is deprecated in Drupal\Core\Block\BlockManager->Drupal\Core\Plugin\{closure}() (line 97 of core/lib/Drupal/Core/Plugin/CategorizingPluginManagerTrait.php).

Steps to reproduce

Edit layout of any page

Proposed resolution

Prevent passing in NULL by converting it to string.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

dww discovered that the link in the deprecation message in module_load_include directs to the issue instead of the CR.

function module_load_include($type, $module, $name = NULL) {
  @trigger_error("module_load_include() is deprecated in drupal:9.4.0 and is removed from drupal:11.0.0. Instead, you should use \Drupal::moduleHandler()->loadInclude(). Note that including code from uninstalled extensions is no longer supported. See https://www.drupal.org/project/drupal/issues/697946", E_USER_DEPRECATED);

Steps to reproduce

grep -ir '@trigger_error.*drupal/i' core

Proposed resolution

Change the link from https://www.drupal.org/project/drupal/issues/697946 to https://www.drupal.org/node/2948698

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

Now that Symfony sessions are in place and available from $request->getSession(), the form and batch subsystems should be updated to use that instead of accessing $_SESSION directly.

Note that FormBuilder::buildForm() is used in many BrowserTestBase test cases. Both forms and batches are also used in the installer.

This issue is was extracted from #2473875: Convert uses of $_SESSION to symfony session retrieved from the request to improve reviewability.

Proposed resolution

Remaining tasks

User interface changes

None

API changes

None

Problem/Motivation

Trying to create a phpunit test (any type) that uses the "entity_test_mul_with_bundle" entity type, has the following problem: when it is tried to generate its URL it throws the following error:

Symfony\Component\Routing\Exception\MissingMandatoryParametersException: Some mandatory parameters are missing ("entity_test_mul") to generate a URL for route "entity.entity_test_mul_with_bundle.canonical"

It would be nice to have this problem fixed so that contributed modules can make tests using a translatable entity type with bundles.

Steps to reproduce

1. Create a phpunit test of any type
2. Create a entity of type "entity_test_mul_with_bundle"
3. Go to the entity

After following these steps, the error will be fired.

Proposed resolution

Change EntityTestMulWithBundle annotation links so instead of using entity_test_mul uses entity_test_mul_with_bundle.

Problem/Motivation

No json.zip file is served anymore at the page http://cldr.unicode.org/index/downloads in contrast to the usage text inside the core/scripts/update-countries.sh file. The patch aims to address this discrepancy.

Steps to reproduce

1. Visit http://cldr.unicode.org/index/downloads.
2. Observe that no json.zip file is available for download.
3. Review the usage text in core/scripts/update-countries.sh.

Proposed resolution

Update the text updating the list of files to download and the instructions in core/scripts/update-countries.sh.

Remaining tasks

None.

User interface changes

None.

API changes

None.

Data model changes

None.

Release notes snippet

This patch corrects the data retrieval process in core/scripts/update-countries.sh to reflect the changes in CLDR data availability. Users are now instructed to download territories.json from the main branch of the repository https://github.com/unicode-org/cldr-json.

Problem/Motivation

See parent(s).

This issue is for simple conversions of FormattableMarkup into regular double-quoted strings with the same variables used in the arguments embedded directly inside the quoted string. Anything more complex will happen in other issues.

The scope here is the core Functional tests.

Steps to reproduce

Proposed resolution

Convert all test assertion methods in functional tests from using FormattableMarkup into double-quoted strings with the same variables inside where the "simple conversion" is possible.

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

This is a child issue of #3376057: [META] Add declare(strict_types=1) to all tests. After adding enabling strict types to all tests there were around 3000 errors. Fixing them all in one issue will lead to an enormous merge request that's difficult to review, as per the issue scope guidelines.

Steps to reproduce

See #3400334: Add declare(strict_types=1) to all test modules

Proposed resolution

• Fix all strict type issues in test modules in this issue
• Follow up #3400334: Add declare(strict_types=1) to all test modules

Remaining tasks

Review MR !5843

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

This is a child issue of #3376057: [META] Add declare(strict_types=1) to all tests. After adding enabling strict types to all tests there were around 3000 errors. Fixing them all in one issue will lead to an enormous merge request that's difficult to review, as per the issue scope guidelines.

Steps to reproduce

See #3399746: Add declare(strict_types=1) to all Functional tests

Run the test suite:

./vendor/bin/phpunit -c core/phpunit.xml.dist --bootstrap=core/tests/bootstrap.php --testsuite=functional

Proposed resolution

Remaining tasks

• #3404273: Fix strict type errors: Convert FormattableMarkup to strings (simple replacement) in core Functional tests
• #3412464: Fix strict type errors: Convert FormattableMarkup to strings (complex replacement) in core Functional tests
• #3404508: Fix strict type errors in Functional tests: Add casts and fix types where needed
• #3399746: Add declare(strict_types=1) to all Functional tests

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

Claro's --font-size-xs is too small for me to use comfortably on my high-resolution screen. However, if I use the browser feature to zoom text, some other text becomes too large for me to use comfortably and, if I zoom enough times, it changes the layout. It would be good to allow users the option to always override --font-size-xs with --font-size-s. I recognize this can be used in user style sheets, however, Chrome and Edge do not support user style sheets, and I would prefer not to use browser plug-ins to accomplish this for security reasons.

Similarly, while I could zoom in, that affects all pages on the website, so would affect my view of our website pages, not just the administrative user interface, and also makes all content larger - including headings, which become excessively large.

Actually, some users may even find --font-size-s too small, so it would be good to be able to choose whatever the regular font size as the minimum size for all content. I don't understand the rationale for making instructions smaller, since if someone needs them it's important that they be able to understand them without barriers to comprehension such as having to make out tiny type.

Steps to reproduce

1. Go to simplytest.me
2. In the field, type core
3. Choose Drupal core
4. Press the button to create the website
5. Login as admin
6. Go to /admin/structure/types/manage/page/fields/node.page.body

Desired result:
"Instructions to present to the user below this field on the editing form.
Allowed HTML tags: <a> <b> <big> <code> <del> <em> <i> <ins> <pre> <q> <small> <span> <strong> <sub> <sup> <tt> <ol> <ul> <li> <p> <br> <img>
This field supports tokens."
is the same size as "Required field", without making other content larger.

Current result:
"Instructions to present to the user below this field on the editing form.
Allowed HTML tags: <a> <b> <big> <code> <del> <em> <i> <ins> <pre> <q> <small> <span> <strong> <sub> <sup> <tt> <ol> <ul> <li> <p> <br> <img>
This field supports tokens."
is noticeably smaller than other content such as "Required field".

I don't have any examples of where --font-size-xxs is used, but if --font-size-xs causes me a problem then I expect --font-size-xxs certainly will. Shrinking text below the base size is generally problematic for me.

Proposed resolution

Add a preference for minimum size to the user page /user/[userNumber]/edit

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

This was originally logged as a private issue to the security team, but was cleared to be moved to the public queue
Drupal Core's Layout Builder module has a mild CSRF vulnerability.

This is only a mild nuisance because it would require someone to save changes for the layout and commit the 'tempstore'. The action for that is behind a form, and hence not vulnerable to CSRF.

Steps to reproduce

1. Enabling the layout builder module
2. As a malicious user, craft a url that matches the layout_builder.move_block route, i.e '/layout_builder/move/block/{section_storage_type}/{section_storage}/{delta_from}/{delta_to}/{region_to}/{block_uuid}/{preceding_block_uuid}
3. Trick a user with the ability to view layout builder for the given storage type (defaults, or overrides) and storage (a view display or a specific entity)
4. Note that the block is moved in the temp store for the given layout
5. The route layout_builder.add_section has the same issue

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Problem/Motivation

I was exploring the workspaces module trying to switch multiple workspaces I saw that below the 768px screen when we click on any workspace the modal content text is not completely visible it is hidden because some inline CSS is coming which is - max-height: 0px;

Steps to reproduce

1. Enable the workspace module.
2. Switch the screen below 768px
3. Click on workspace to the right side.
4. See the modal content text.

Proposed resolution

Need to remove max-height: 0px;

Remaining tasks

User interface changes

API changes

None

Data model changes

Release notes snippet