Path Restrict

Experimental project

This is a sandbox project, which contains experimental code for developer use only.

Users can wreak havoc on a site by accidentally (or intentionally) creating a URL aliases which correspond to administrative or otherwise important URLs. (For example 'admin', 'sites', etc).

See, for example:
#121362: Require dedicated permission(s) to set aliases pointing to existing or reserved paths
#366275: 403 on alias 'sites'
#757732: Overriding Drupal paths
#803382: Manually entered path can override another Drupal internal path
#1018960: Add hook_path_validate() API

Path restrict adds a simple validate handler to the alias element on the node add form to prevent users from hijacking restricted paths.

By default, Path restrict protects:

node
node/*
user
user/*
admin
admin/*

Contributed modules can define their own restricted paths by implementing hook_reserved_paths(). See path_restrict.api.php.

Administrators may bypass the URL alias validation by using the administrative interface.

Project information

Seeking co-maintainer(s)
Maintainers are looking for help reviewing issues.
Project categories: Administration tools
Created by bfroehle on 28 March 2011, updated 13 February 2024

bfroehle's sandbox: Path Restrict

Primary tabs

Experimental project

Project information

Maintainers

Issues for Path Restrict

All issues

Bug report

Statistics

Resources

Development

News items

Our community

Documentation

Drupal code base

Governance of community