Make it harder to have routes vulnerable to CSRF
Problem/MotivationThe security advisories list contains many fixed CSRF vulnerabilities. It proves that it is easy to forget to add CSRF protection on GET routes that do sensitive actions.It is easy to...
View ArticleAllow migrating <none> <button> url special menu items and empty...
Problem/MotivationThe link_uri migrate process plugin provided by the core menu_link_content module provides handling for links referencing the special <front> and <nolink> routes but does...
View ArticleWhen adding a media item via the modal, display form errors inline within the...
Problem/MotivationWhen an editor adds a media item via the modal and encounters an error, for example skipping the required Alternative Text field, the error message displays on the page, behind the...
View ArticleEnable the Navigation Top Bar when Navigation is enabled
Problem/MotivationThe Navigation Top Bar was hidden from the UI as it was is alpha experimental in #3401826: [PLAN] Top contextual bar.Proposed resolutionThe Navigation Top Bar has closed all the...
View Article\Drupal\block_content\Plugin\Derivative\BlockContent::getDerivativeDefinition...
Problem/MotivationSimilar issue as #2940755: block_content block derivatives do not scale to thousands of block_content entities but a different approach to a fixSteps to reproduceHave 1000s of...
View ArticleClik here to view.
Missing schema on views with aggregation
Problem/MotivationConfig inspector report provides error with a missing schema for fields and filters when aggregation in views is on.Steps to reproduce1) Install Drupal 11. 2) Install and enable the...
View ArticleBatch throws JavaScript Error when aggregation is on
Problem/MotivationOn Drupal 10.4.3, when I am using the batch process to process anything, and I have the JavaScript Aggregation on, I get the following JavaScript errors:Uncaught TypeError: Cannot...
View Article[random test failure] Package manager random build failures
Problem/MotivationSee https://git.drupalcode.org/issue/drupal-3426302/-/jobs/4376040 for an example.I think this is packagist/github related which might be a general gitlab issue #3445532: Random HTTP...
View ArticleEntity query alter with cacheable metadata leaks and triggers LogicException
I have an entity query_alter that was adding a cacheable metadata to a jsonapi response and before it was working and now I get: `LogicException: The controller result claims to be providing relevant...
View ArticleUpgrade Request for PHP Dangerous Functions Replacement
Dear Drupal Community,I am writing to request an upgrade or update related to the replacement of certain PHP dangerous functions within the Drupal core and contributed modules. As part of our ongoing...
View ArticleEnable specifying the collation when creating a database table
Can you specify the table collation when creating a table via db_create_table() (or hook_schema())? I didn't find any documentation (or issue) on this, but I hope it is possible? Otherwise, this is...
View ArticleCore security triage 2025-03-06
Problem/MotivationExplanation: Some full and provisional members of the Drupal Security Team meet fortnightly to triage and discuss private core security issues. These meetings are essential to core...
View ArticleDrupal Usability Meeting 2025-02-28
This meeting takes place every Friday at 14:00 UTC (currently 6:00am PT, 9:00am ET). See Time.is to see what that is in your timezone.The meetings are held using Zoom, and a link is posted in the #ux...
View ArticleClik here to view.
CKEditor 5 toolbar overflow can become unusable in Off canvas
Problem/MotivationWhen there are many items in the toolbar of CKEditor5, the buttons are relegated into a drop-down menu. However, depending on how many items there are, this can get clipped in...
View ArticleAdd a class to opt-out of off-canvas resets in contrib
Problem/Motivation#2958588: Off-canvas style resets are overriding styles (especially SVGs) resulting in display issues introduced off-canvas reset#3291797: Refactor Drupal 10 settings tray /...
View ArticleInvalid byte sequence when using PostgreSQL and a language other than English...
I get this error from drupal everytime I access a page with a blog entry:# warning: pg_query() [function.pg-query]: Query failed: ERROR: invalid byte sequence for encoding "UTF8": 0x97 HINT: This error...
View ArticleCore security triage 2025-02-20
Problem/MotivationExplanation: Some full and provisional members of the Drupal Security Team meet fortnightly to triage and discuss private core security issues. These meetings are essential to core...
View ArticleClik here to view.
[META] Views documentation improvements
Posted by xjmProblem/MotivationThere are several deficiencies in Views' API documentation:While views.api.php has been updated to Drupal 8, basic explanations for handler plugin types are missing.The...
View ArticleClik here to view.
Tabledrag misalignment and "Show row weights" link
Problem/MotivationThe items in a tabledrag (menu, taxonomy, etc) are shifted up and not vertically centered with the drag handle.Looking at the HTML, I see that the handle in 11.0.11 went from <a...
View Article[Meta] Fix incorrect Implements hook_*_* docblock in core
Problem/MotivationThis is a meta issue after identifying a problem in issue #2613146: filter_test_filter_format_insert() has the wrong "implements" documentation with docblock of different hooks...
View Article