I received the following error while setting up a multilingual website:

Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it.

Here is the sequence to create this error:

• Install new 8.0.1 website using English
• Enable Language Translation and Language Modules
• Allow Trusted Hosts: localhost, www.localhost& es.localhost in settings.php
• Add Spanish language
• Set Detection & selection > Domain to www for English and es for Spanish & Save Configuration

I've done this several times in beta.

As a side note. On the "Detection & selection" screen, the user is entering "sub-domains" not "Domains" as the screen says. In this example: Example: Specifying "de.example.com" as language domain for German will result in an URL like "http://de.example.com/contact"., de is a sub-domain of example.com/. This screen should likely be changed.

VocabularyListBuilder::buildRobuildRow doesn't use the available translations:

    $row['label'] = $entity->label();

This results in the source language being displayed.

We probably need to check if the entity has a translation first and load that one.

Problem/Motivation

1. Install Drupal
2. Edit a view - e.g. /admin/structure/views/view/content
3. 'Advanced' section ('.details-wrapper') is always collapsed/hidden on initial page load, regardless of whether advanced settings have been made, and if the user has just expanded and edited something in that section, e.g. adding a contextual links or relationship, when the modal window is closed the Advanced div is always collapsed again

Motivation:

UX/DX, timesaving, specifically:

• I find myself wasting a lot of clicks when editing views.
• Avoid active settings being missed because they're not immediately visible
• Is there real reason it needs to be collapsible at all? On desktop it saves no space, you just get an empty column area, and the content is always loaded in background.
• Are the "advanced" settings really"advanced", i.e. more complicated than those in the first two columns. I'd argue relationships, contextual filters, machine name, admin comment and CSS class perhaps aren't. e.g The first two would work well in column two, and machine name and admin comment could go in (Page|Block|..) Settings. I'm wondering if the page has grown over time and the "advanced" column has turned more into "miscellaneous"?

Proposed resolution

• Lose disclosure triangle and always show or remember previous setting.
• Move some items in advanced column to better locations.

Remaining tasks

Preemptively tagged for subsystem review as it'll require sign-off.

Discuss to see likelihood of approval, then work on patch.

User interface changes

Depends on outcome.

API changes

None.

Data model changes

None.

it's similar with
Row->setSourceProperty()

The scene:
I extend ProcessPluginBase as a ConstantMap, Plugin name is constant_map, I override a transform function in this class, code as below:

    $new_value = $value;
    if (is_array($value)) {
      if (!$value) {
        throw new MigrateException('Can not lookup without a value.');
      }
    }
    else {
      $new_value = [$value];
    }
    $new_value = NestedArray::getValue($this->configuration['map'], $new_value, $key_exists);
    if ($key_exists) {
      $row->setFreezeSource(FALSE);
      $row->setSourceProperty($this->configuration['constant'], $new_value);
      throw new MigrateSkipRowException();
    }
    else {
      return $value;
    }

I want to change source value with this $row->setSourceProperty function, but core module Migrate is frozen this action, so here, I can't change any source value, and it report a bug for this.

      $row->setSourceProperty($this->configuration['constant'], $new_value);
      throw new MigrateSkipRowException();

error message reported: The source is frozen to set and can't be changed any more.
I think it is necessary to add a method to achieve this action.

We have quite some special behavior for uid #1. This tends to confuse the user, and will do so even more now we have an admin role in core. Do all the special cases we designed around uid #1 really make sense?

Problems with special casing uid 1

• People are confused whether they should be sharing credentials of this user (bad) or just using a user with the Administrator role.
• The lack of permission check on user 1 means that uid 1 can take actions on a site even if they do not have a role that grants them the permission. This makes it hard to completely disable unwanted features on a site unless you block uid 1 and never use it.
• The lack of permission check on user 1 makes them a particularly valuable account for an attacker to take over in some way. Any time there is a focus point for an attack it makes the system weaker.

Potential problems with *not* special casing

If someone is playing around and removes all roles or removes all permissions from all their admin users it could be possible to have no users with administrator permissions on a site. While is is a problem it is easily solved with a FAQ page and some database instructions just like we do with WSOD.

Also, because of the long legacy of this in core, both contrib modules and custom code in individual sites might (will, in some cases, see #175) have adopted similar code to grant uid=1 special privileges. When core no longer makes any assumptions about the specialness of uid=1, site maintainers may now strip uid=1 from its admin role, thinking it is now a normal user, only to have hard-coded god-funcitonality lingering around their site.

Proposed resolution

The special behaviour of uid 1 should be removed. Instead there is an admin role that always has all permissions. All special treatment for uid 1 should be converted to proper permissions, and as the admin role always has all permissions, any member of this role would have the same access as uid 1 has now. The following steps need to be taken:

1. Create an admin role by default, just like the anonymous and authenticated role, in the user module, and also make it undeletable, and make it the admin role.
2. Assign user 1 the admin role on install. (do this in the user module, not the chosen install profile).
3. Document the steps to take in case you want to grant the admin role to a user when no-one has it. This should include instructions for drush, drupal console or for using a simple insert/update query.
4. Create a change record and raise awareness. We want to make sure contrib modules are ready by 8.5.x so that their tests won't break all of the sudden or, god forbid, they have a security vulnerability. Modules can already adapt their code now because, in essence, nothing changes. We're just enforcing good practice of not relying on a god-mode user account in our code.

Remaining tasks

1. Create patch (see #169
2. Review patch
3. Commit #2917584: Some tests only go green because they happen to run as UID1
4. Turn scan for uid=1 in contrib into script (see #175)?
5. Involve security team for modules found by script and/or #175
6. Change record (work has started)
7. Create issue for Coder module
8. Commit
9. Appropriate amount of publicity about the change and make sure people understand the implications of removing the admin role from uid=1 and the risks involved with third-party code still assigning special privileges.

API changes

None. Just need to raise awareness that UID 1 no longer has an all-access pass.

I get HTTP ERROR 500 when clear cache. Any possibilities will cause this ?

Live site on shared hosting, with Drupal 8.5.3, PHP 7.2, in Safari, Firefox, and Chrome the above-mentioned error appears when users try to register and/or try to reset their password, and/or try to login.

Users do receive a confirmation email, but after clicking on link in email the above mentioned error appears again.

I changed PHP to version 5.6, as well as version 7.1, but error stays.

In Chrome registered user after refreshing page has logged in.
In Firefox refreshing page does not help. Same error appears.

----------------------------------------------------

The recent log messages shows the following:
Type: php
Date: Thursday, 24 mei 2018
User: Visitor
Locatie: http://sjulleksounds.nl/user/password
Doorverwijzer: http://sjulleksounds.nl/user/password

In the log is the following message:

Message User error: Redirects to external URLs are not allowed by default, use \Drupal\Core\Routing\TrustedRedirectResponse for it. in Drupal\Core\EventSubscriber\RedirectResponseSubscriber->checkRedirectUrl() (regel 85 van /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php) #0 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/includes/bootstrap.inc(582): _drupal_error_handler_real(256, 'Redirects to ex...', '/home/sjullekso...', 85, Array) #1 [internal function]: _drupal_error_handler(256, 'Redirects to ex...', '/home/sjullekso...', 85, Array) #2 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php(85): trigger_error('Redirects to ex...', 256) #3 [internal function]: Drupal\Core\EventSubscriber\RedirectResponseSubscriber->checkRedirectUrl(Object(Symfony\Component\HttpKernel\Event\FilterResponseEvent), 'kernel.response', Object(Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher)) #4 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Component/EventDispatcher/ContainerAwareEventDispatcher.php(111): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\FilterResponseEvent), 'kernel.response', Object(Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher)) #5 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/vendor/symfony/http-kernel/HttpKernel.php(191): Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.response', Object(Symfony\Component\HttpKernel\Event\FilterResponseEvent)) #6 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/vendor/symfony/http-kernel/HttpKernel.php(260): Symfony\Component\HttpKernel\HttpKernel->filterResponse(Object(Drupal\Core\Form\EnforcedResponse), Object(Symfony\Component\HttpFoundation\Request), 1) #7 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/vendor/symfony/http-kernel/HttpKernel.php(79): Symfony\Component\HttpKernel\HttpKernel->handleException(Object(Drupal\Core\Form\EnforcedResponseException), Object(Symfony\Component\HttpFoundation\Request), 1) #8 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/StackMiddleware/Session.php(57): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #9 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(47): Drupal\Core\StackMiddleware\Session->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #10 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/modules/page_cache/src/StackMiddleware/PageCache.php(99): Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #11 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/modules/page_cache/src/StackMiddleware/PageCache.php(78): Drupal\page_cache\StackMiddleware\PageCache->pass(Object(Symfony\Component\HttpFoundation\Request), 1, true) #12 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(47): Drupal\page_cache\StackMiddleware\PageCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #13 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(50): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #14 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/vendor/stack/builder/src/Stack/StackedHttpKernel.php(23): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #15 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/core/lib/Drupal/Core/DrupalKernel.php(664): Stack\StackedHttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #16 /home/sjulleksounds.nl/public_html/sjulleksounds.nl/index.php(19): Drupal\Core\DrupalKernel->handle(Object(Symfony\Component\HttpFoundation\Request)) #17 {main}.

Problem/Motivation

If the module defines few queue workers, there are no possibilities to manage an order of executing of queue workers during cron run. An order of executions may differ between different Drupal sites.

Proposed resolution

Add weight key in the queue worker annotation and handle it in the queue worker manager.

Remaining tasks

1. Update annotation definition
2. Update queue worker plugin manager
3. Add tests

User interface changes

No changes

API changes

New key in annotation for QueueWorker definition.

Data model changes

no changes

The conversion of DialogTest is becoming too complex to be described as a simple conversion.

There are a few issues that need to be discussed.

Problem/Motivation

There are might be use cases in custom/contrib where we have to take a different decision depending on if we are comparing a field item list from within ContentEntityStorageBase::hasFieldValueChanged, ContentEntityStorageBase::populateAffectedRevisionTranslations or from within ContentEntityBase::hasTranslationChanges.

ContentEntityStorageBase::hasFieldValueChanged needs to compare only the values that are saved to the storage that would be target_id only in case of entity references.

ContentEntityStorageBase::populateAffectedRevisionTranslations and ContentEntityBase::hasTranslationChanges on the other side might need much more complicated decisions to be made e.g. in our system we have translation changes on a entity reference field if the referenced entities have been changed which we are mainly using for inline editing. In this case FieldItemList::equals is not sufficient because of two reasons:
1. We are not able differentiate wherefrom the function is called.
2. We do not know the language for which it is called in case of not-translatable field but ContentEntityBase::hasTranslationChanges might still wanna compute differences only for entities of a specific language as when the parent is rendered its references are retrieved in the current language of parent.

Proposed resolution

To solve the problem we introduce a new method FieldItemListInterface::hasTranslationChanges which has two parameters - one for the list to compare against and one for the language to consider. This new method will by default just call ::equals, but to give more developer possibilities the new method will be called to compare the lists from within ContentEntityBase::hasTranslationChanges instead the equals.

Remaining tasks

Review, Change Record, Commit.

User interface changes

None.

API changes

New method FieldItemListInterface::hasTranslationChanges.

Data model changes

None.

combine patches
#2885610: [PHP 7.2] Avoid count() calls on uncountable variables
with
#2925449: [PHP 7] Function each() is deprecated since PHP 7.2; D7
and also
#2946045: Unable to update modules due to Archive_Tar incompatibility with PHP 7.2

see what happens when testbot runs php 7.2 tests

Latest test results show that when combined the 3 above issue patches into one, php 7.2 now passes all 7.x core tests.

A time service was added to 8.3.x in #2717207: Add a time service to provide consistent interaction with time()/microtime() and superglobals.

Core code should be updated to remove deprecated uses of REQUEST_TIME and time() and others.

For more informations, see the change record.

1. Login to Drupal Site
2. Click on "User" icon toggles the user Menu with link

- View Profile
- Edit Profile
- Logout

3. Click on Username takes the user to the page user/[user-id]

So this is very confusing when user want to view his profile or Logout because he has to precisely click on the Icon and not on the username which is very frustrating sometimes that you want to logout and it is redirecting you to user page.

This is a usability issue which should be fixed.

PFA

Problem/Motivation

Create an exposed filter, and set 'q' as the identifier for this field. The field will appear duplicated in the exposed form.

Note: In this case, the exposed form works in the Ajax preview in the Views UI, but do not works at all on the view page.

Proposed resolution

Validate the option form and prevent 'q' to be use as the identifier.

Problem/Motivation

We would like to add support for deleting items that are no longer present in the incoming data when a migration is run. This was a feature of Feeds in D7 and seems like a common need.

Proposed resolution

From @mikeryan in #15:

I really think this should be a distinct "purge" operation that gathers the currently-available source IDs from the source plugin, and scans the map table for any which aren't in that list to invoke the destination rollback on them. Now that I think about it, maybe it could even be an option on rollback - drush migrate-rollback --missing-from-source my_migration.

Remaining tasks

Add tests.

User interface changes

API changes

Data model changes

i have been using drupal 8.4 version to create a multilingual website ( english and malayalam), Malayalam content was working in this version and when i updated it to latest drupal 8.5.x, and cleared cache after updating script, the malayalam font in menu area and content changed and showing irregular charactors as below:

Ó┤ñÓÁüÓ┤│Ó┤©Ó┤┐ Ó┤╣Ó┤┐ÓÁ¢Ó┤©ÓÁì, Ó┤¬Ó┤ƒÓÁìÓ┤ƒÓ┤é Ó┤òÓÁèÓ┤ƒÓÁìÓ┤ƒÓ┤¥Ó┤░Ó┤é Ó┤¬Ó┤┐.Ó┤Æ.,

But font in page page block showing rightly.

This problem was only with the windows 10 PC, it was working fine in ubuntu.

I am using xampp 5.6.28 and checked in xampp 7.2

1. Login as Admin user
2. Go to any admin modules page/admin/modules
3. You will see the link in the Top menu bar is "Back to site" with Tooltip as "Return to site content" and URL as user/1

So ideally "Back to site" link should take user to homepage and Tooltip should also be "Return to homepage"

When editing a Views Global: Text area (Global: Text area), the text formats integrate with it, but the ckeditor module doesn't plug into the text area to provide, for example Full HTML, editing within the Global: Text area (Global: Text area) being used within the view, for example to create a (Full HTML) header or footer for a view.

Problem/Motivation

SchemaTest::testSchema fails if a driver implements Sqlite support but is not the Drupal core driver, 'cause

      case 'sqlite':
        // For SQLite we need access to the protected
        // \Drupal\Core\Database\Driver\sqlite\Schema::introspectSchema() method
        // because we have no other way of getting the table prefixes needed for
        // running a straight PRAGMA query.
        $schema_object = Database::getConnection()->schema();
        $reflection = new \ReflectionMethod($schema_object, 'introspectSchema');
        $reflection->setAccessible(TRUE);

assumes an introspectSchema method exists, but it may not be the case.

Also, per parent issue #2877583: [Meta] Remove database specific logic from core it is desirable not to have database specific conditionals in core code.

Proposed resolution

Add a Schema::findPrimaryKeyColumns in the abstract class and its driver implementations, and call that method from the relevant test.

Remaining tasks

Review.

User interface changes

None

API changes

An additional abstract method in the abstract Schema class + driver level implementations.

Data model changes

None

Drupal installer will fail when using Percona XtraDB Cluster if pxc_strict_mode is set to enforced.

If pxc_strict_mode is set to enforced (which is the default and wanted value in most case), Percona XtraDB Cluster will deny a request if an operation is performed on a table without an explicit primary key. See https://www.percona.com/doc/percona-xtradb-cluster/5.7/features/pxc-stri...

The Drupal install test table created by the install process is created without a primary key. In this case, the installer fails because Percona XtraDB Cluster deny the request.