Closed (cannot reproduce)
Project:
Drupal core
Version:
7.x-dev
Component:
base system
Priority:
Major
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
17 Sep 2010 at 05:17 UTC
Updated:
19 Sep 2010 at 19:55 UTC
Splitting this from the accursed #556022: When a text format is deleted, some modules (like text.module) don't update their data, even though we say they do.
The last patch that attempts to deal with this was Sun's update to Barry's patch at http://drupal.org/node/556022#comment-3362346
This is a controversial patch, and it's a separate issue from #914306: Create a batched framework for entity updates. I also think the priority should be 'major', since this only affects you if:
1. You disable a module which stores data in a text format
2. You delete the text format
3. You re-enable the module.
And we show empty data in that case, not insecure data. The fix for that particular site would be to run a manual query to do the replacement. However I'm leaving it as critical for now so people know what happened to the other one.
| Comment | File | Size | Author |
|---|---|---|---|
| drupal.kill-sanity.135.patch | 12.75 KB | catch |
Comments
Comment #1
catchOne other option here. Once EntityFieldQuery is in, we'd have a method to do the bulk update, the problem is that it's not available when a module is disabled. Rather than just-in-time replacement, in hook_modules_enabled() filter.module could check for implementations of hook_filter_format_delete(), then run it on all the formats that have been deleted (however they might be stored). Not tied to this idea but it's a possible option.
Comment #2
chx commentedThis is a freakin' edge case, who does anything like that? On a living site, if you have data by a module which you accidentally disable you reenable immediately. This is not critical, far from it.
Comment #3
sunFor me, this is a simple won't fix - unless we broaden the topic and discuss "Some (maintenance) hooks needs to be invoked in disabled (but installed) modules, too".
Comment #4
damien tournoud commentedI think this one has been overridden by #914458: Remove the format delete reassignment "feature".
Comment #5
David_Rothstein commented@catch, thanks. My argument for this being critical was that (a) it's a regression from Drupal 6, and (b) it leaves your site in a broken state (content missing) with no obvious way to recover from it. It's true that it's something of an edge case - however, people do temporarily disable modules all the time, when the needs of their site have changed. Websites evolve over time, and Drupal has to allow for that.
In any case, it's not "minor".
The suggestion in #1 is interesting. The only problem is that hook_filter_format_delete() takes full format objects as parameters, rather than format IDs. Passing a long-ago deleted format object into the hook would therefore require keeping that info around in the meantime. One could argue, perhaps, that there is no reason to send anything but format IDs to that hook anyway (and if people are considering removing that hook entirely in other issues, then we can certainly consider changing its parameters here). Anyway, #1 sounds like it's hopefully less controversial of a solution.
Barry's approach, though, was also intended to address field storage engines that are unable to perform the update. I am not sure where we are with that, in actually understanding all possible field storage engines (not just SQL and MongoDB).
While in the long term we would like to solve this more generically (for other maintenance-style hooks as well) I am not sure there is a need to do that here, unless we have enough examples of other hooks that have similarly dire consequences when they are not invoked in a disabled module and whose behavior is a regression from Drupal 6. If not, I think we could safely focus just on the filter module here. If contrib modules have the same needs for their hooks, they could always implement something in parallel (and then wait until Drupal 8 to generalize the approaches).
Comment #6
catchAccording to http://drupal.org/node/45111 I'm putting this as 'normal'. It's not a regression from D6, because the D6 behaviour was insecure and deemed enough of a bug to fix it in D7.
I think #3 is a good subject for a D8 issue.
Comment #7
David_Rothstein commentedOK, reading the priorities carefully, I believe we can settle on major:
"For issues which have significant repercussions, but do not render the whole system unusable. For example a PHP error which is only triggered under rare circumstances or which affects only a small percentage of all users."
I think that accurately describes this bug.
The D6 behavior was not insecure (rather the other way around, it was actually introduced to fix a security issue and as a side effect fixed this too). D6 was just somewhat nonsensical, in that when you deleted a text format it never gave you the chance to convert it to something besides the default text format, which in some cases makes no sense. But once you did choose to delete the format, D6 behaved like it said it would, including for disabled modules. Barry's patch is simply the logical extension of the code that is already in Drupal 6.
Comment #8
damien tournoud commentedThis issue is taken care of by #914458: Remove the format delete reassignment "feature".
Comment #9
David_Rothstein commentedIf that issue ever gets committed, we can close this then.
Comment #10
catchPossible filters (which would be attached to the deleted format but not the replacement) which could cause a disclosure or security issue, or some other unwanted behaviour:
http://drupal.org/project/restricted_text
http://drupal.org/project/spamspan
http://drupal.org/project/wordfilter
http://drupal.org/project/reptag
http://drupal.org/project/spoiler
http://drupal.org/project/gtspam
http://drupal.org/project/hidden_content
PHP module
any format which does sanitization if the default format doesn't for some reason. This is why automated bulk updates (or just in time replacement) of text formats really doesn't make sense (not to mention all the filters which might just leave tag soup in your content like bbcode).
Comment #11
sun@David: You keep on telling that we'd have a regression from D6, but that is not true. D6 invalidly filters text using the default format if the actually assigned format does not exist. This bug has been fixed for D7, by giving modules a chance to react on text format updates and deletions.
This issue seems to be all about handling text formats that we have been stored by disabled modules. The problem is not limited at all to text formats. It applies to everything, since no API hooks are invoked for disabled modules. Therefore, this issue is a duplicate of #734710: API functions that invoke hooks don't work as expected when a disabled module is being uninstalled
Comment #12
David_Rothstein commentedThat issue is for Drupal 8, is more general, and also focuses on update.php. So it can't be a duplicate.
I understand that the backend has changed between Drupal 6 and Drupal 7, but the sense in which this is a regression is from the site administrator's perspective. They don't know how it all works necessarily underneath - all they see is this:
Comment #13
David_Rothstein commentedComment #14
sun@David: Your last comment on #914458: Remove the format delete reassignment "feature" sounds like you'd agree with everyone else that it is viable solution for D7. With that patch, text formats are no longer deleted, but disabled only. Your particular use-case of assuming that content of a disabled module still works after removing a format is therefore covered -- although it is insane to assume data integrity for any disabled module in the first place.
Comment #15
David_Rothstein commentedAt least for now.