Insufficient validation of the max upload file size field
Problem/MotivationMaximum upload size is always passing validation. Values entered to "maximum upload size" must be able to be parsed by Bytes::toInt() Values larger than the "max_post_size" setting in...
View ArticleBetter privacy for youtube videos
My suggestion:It would be great if we can select a nocookie-checkbox in the video_oembed media entity. With this, all youtube urls change automatic to youtube-nocookie.com urls.Why automatically?...
View ArticleDatabase settings writes to settings.php should use [] instead of arrary()
Problem/Motivation$databases['default']['default'] = array ( 'database' => 'sites/default/files/.sqlite', 'prefix' => '', 'namespace' => 'Drupal\\Core\\Database\\Driver\\sqlite', 'driver'...
View ArticleClik here to view.
Configured actions created by User module cannot be edited
Problem/MotivationThe User module has some code that creates configured actions to add/remove a role from a user, when a new role is created.The machine name (configuration entity ID) chosen for these...
View ArticleIncorrect example of adding Cache metadata in hook_menu_local_tasks_alter()
Problem/MotivationIn hook_menu_local_tasks_alter() there is an example of adding a local task, depending on the user's access:function hook_menu_local_tasks_alter(&$data, $route_name,...
View ArticleConvert forum module hook_help() to topic(s)
Problem/Motivation#3041924: [META] Convert hook_help() module overview text to topics for the forum module(s).Proposed resolutionTake the information that is currently in the hook_help module overview...
View ArticleAbility to Customize Core Error Message
In /core/includes/errors.inc the error message is hard coded. A slight change will allow users to customize this in their settings.php file, if they wish.
View ArticleHide rewrite if empty is not working
Steps to reproduceSet up a content type with two optional text fields (text1 and text2).Make content with content in only text1.Configure view: Show fieldsAdd text1 and text2 fieldsConfigure text1 and...
View ArticleCannot save translated nodes after upgrading to 8.8 due to invalid path
Hm. Perhaps I'm doing sth. wrong, but after upgrading a few sites to Drupal 8.8 I found that I cannot save newly translated nodes anymore. The error message is "Either the path '/node/[nid]' is invalid...
View ArticleDerivative plugin definitions contain base plugin IDs instead of derivative IDs
Problem/MotivationMost, if not all derivers do not set plugin IDs for derivative definitions explicitly, but provide it by merging in the base field definition for defaults. This means that for any...
View ArticleCreate views filter plugin for date range fields
Problem/Motivation#2786577: The Views integration Datetime Range fields should extend the views integration for regular Datetime fields will add proper support for date plugins for data range fields,...
View ArticleEncourage all sites to use a tool like roave/security-advisories to help...
Over in this wiki there's some documentation about monitoring composer libraries for security.I think the roave/security-advisories project is a great solution to that problem. What if we just relied...
View ArticleClik here to view.
Improve indentation in hierarchical select lists
Punctuation is cool, we should use it and improve legibility of interfaces.BeforeAfterAffected Taxonomy select Menu parent select Book outline select
View ArticleAllow deletion of multiple terms
Problem/MotivationWe need a way of deleting multiple terms. The list builder for taxonomy terms is special, as there is no "collection" route but they are listed on the vocabulary itself. However, we...
View ArticleUpdate core modules to use the new batch builder
Problem/MotivationA batch builder object was added in #2401797: Introduce a batch builder class to make the batch API easier to use. The Drupal core should be updated to use the batch builder.The code...
View Article[backport] Add funding info in composer.lock
Problem/MotivationComposer 1.10 ships with a new feature which matters a lot to us as open-source project maintainers: Information on funding open-source projects and the new command composer fund. See...
View ArticleClik here to view.
Use email verification when changing user email addresses
Problem/MotivationCurrently, when a new user registers for a Drupal account the details are sent to the users supplied email address. This provides a basic mechanism that confirms the user is at that...
View ArticleProvide an option to hide X-Generator header
Problem/MotivationX-Generator header provides a way to know whether a site is Drupal or not and version. While this is useful for search engine other auditing purposes, this could be used by attackers...
View ArticleClik here to view.
Toolbar Menu with Javascript disabled should be static
Pre-requisite- 1. Go to browser setting: chrome://settings/content/javascript?search=content 2. Disable the javascript.Steps to Replicate - 1. Go to the admin site. 2. Go to...
View ArticleAjaxError «response failed verification» on modals when e.g. placing blocks
Apologies but I'm not sure how to reproduce this bug. It occurs on a Composer based Drupal 8.9 dev instance on Pantheon. I cannot reproduce these errors in my local environment.The errors occur when I...
View Article