Revealed via #1373142: Use the Testing profile. Speed up testbot by 50%
Problem
- The theme settings form allows to configure an absolute local filesystem path for the site logo and favicon, but such a path cannot be resolved into a web-accessible URL afterwards and thus can't be supported.
- The related tests manifest the bug by explicitly asserting that an entirely bogus URL is output for the logo.
Goal
- Fix this utter mess.
Details
- Currently, the theme settings form supports stream wrapper URIs (
public://mylogo.png
), relative paths within the public file system (mylogo.png
), and lastly (but this is bogus) absolute paths to local files (/var/www/example.com/mylogo.png
). - While absolute paths to local files are reported as valid, Drupal is not able to reliably figure out the web-accessible URL to such a file. Because this is actually unsupported in every way, you get what you deserve:
http://example.com/drupal/%2Fvar%2Fwww%2Fexample.com%2Fsites%2Fdefault%2Ffiles%2Fmylogo.png
However, you can successfully submit the theme settings form.
Thus, absolute paths never worked. And support for that can be safely dropped.
- The functional test for theme settings actually verifies that aforementioned, utterly bogus URL is output in the theme. (Victory!...)
- Users are highly confused about what kind of path can actually be entered for the custom logo and favicon, because pretty much everything that isn't a stream wrapper URI is rejected as invalid.
User interface changes
- The fix committed to D8 includes the following string changes:
- Several descriptions removed
- "Use the default logo" changed to "Use the default logo supplied by the theme"
- "Use the default shortcut icon" changed to "Use the default shortcut icon supplied by the theme"
- Automatically generated example paths added.
- The current backport in #43 removes these string changes.
- We need to decide if the string changes are backportable.
Before patch
After patch
Related issues
#1209314: "Path to custom logo" needs to clarify and give some examples
#901724: After uploading custom logo for theme the path points to root
#924396: _system_theme_settings_validate_path() fails on PHP 5.2
#1087250: Custom logo and favicon stored in private filesystem if it is the default
Original report:
SystemThemeFunctionalTest::testThemeSettings() submits a drupal_realpath() to configure the site logo in theme settings. That should not and cannot work, but does, for some unknown reason, with the Standard profile.
Comment | File | Size | Author |
---|---|---|---|
#62 | drupal-1376166-62.patch | 6.11 KB | sheise |
#55 | drupal-1376166-55.patch | 5.91 KB | tim.plunkett |
#50 | logo_before.png | 38.61 KB | xjm |
#43 | interdiff.txt | 5.97 KB | tim.plunkett |
#43 | drupal-1376166-43.patch | 8.37 KB | tim.plunkett |
Comments
Comment #1
sunWitness:
1) http://drupalcode.org/project/drupal.git/blob/refs/heads/8.x:/core/modul...
2) http://api.drupal.org/api/drupal/includes--file.inc/function/file_uri_ta...
This means you can actually submit a full local absolute file path there.
In turn, this pretty much circles back into #1376122: Stream wrappers of parent site are leaking into all tests:
public://
is a different location in the filesystem when properly initializing the testing environment.Since it is not properly initialized, the file path that is submitted cannot be found, because
public://
is translated to a different location in the parent site vs. the child site.Comment #2
sunAttached patch proves that the test fails and that there is a functional bug.
Comment #4
sunSo this is actually a pure functional bug.
Users may input an absolute local file path to the logo, and that is even explicitly supported by the form validation.
However, when $logo is prepared for theming, the value is directly passed into file_create_url(), without checking whether it is an absolute local file path, so this results in an image 'src' attribute of:
Witness user confusion: #1209314: "Path to custom logo" needs to clarify and give some examples ;)
And of course, more:
#901724: After uploading custom logo for theme the path points to root
#924396: _system_theme_settings_validate_path() fails on PHP 5.2
Comment #5
sunThis is totally busted.
Comment #7
sunFixed pretty much everything.
Not only the tests are bogus, the entire functionality is bogus.
Horrible.
Comment #8
sunComment #8.0
sunUpdated issue summary.
Comment #8.1
sunUpdated issue summary.
Comment #9
sunFixed the value for the @implicit-public-file example in the description.
Comment #10
sunHarmonized the #description for both form elements.
Comment #11
sunUsage of base_path() for the local file paths was bogus; must always be semi-absolute; i.e., absolute within the document root.
Comment #12
sun$friendly_path needs to be reset to NULL due to the foreach loop.
Comment #13
sunFWIW, this is how the form looks:
Comment #14
droplet CreditAttribution: droplet commentedThanks. ref from #1209314: "Path to custom logo" needs to clarify and give some examples
previews and example URL broken
Comment #15
agentrickardRelative paths work for for me in both D7 and D8. I don't understand this part of the OP:
[EDIT: Redacted after re-reading queue.] This still needs a UX fix at least.
Comment #16
sunThanks @agentrickard, that was very very very helpful! :)
In the end, it's a lil' less broken than stated here, and I've to fully admit that my revised test was hella broken, too.
Comment #16.0
sunUpdated issue summary.
Comment #17
sunUpdated the summary; also adjusting title.
The test-only patch failed as expected (most but not all failures caused by the missing additional description), the full patch passed.
This looks RTBC to me.
Except, perhaps, the change to DrupalLocalStreamWrapper, which I'm not 100% sure of. I assumed it would fix the bogus file_exists() result for a stream wrapper URI of
'public://'
, but that wasn't the case - which is why the form validation function explicitly checks for that and also contains a @todo for it.Comment #18
droplet CreditAttribution: droplet commentedTWO issues:
First:
1. Upload an exists image
2. change custom path to "/sites/default/files/mama3.jpg" and SAVE
Can we change the texts to static strings, may like this:
possible make it same to admin/config/media/file-system?
2nd:
When drupal installed on Sub-dir, eg. http://example.com/drupal
"/sites/default/files/mama3.jpg" refer to "http://example.com/sites/default/files/mama3.jpg"
same @#14 errors happened.
EDIT:
doesn't it suppport '../filename.png' ??
Comment #19
sun@droplet: The examples and steps you've provided still seem to be based on the second to last patch. That patch attempted to introduce "semi-absolute" paths (starting with '/' to point to a file within Drupal's root), but this was bogus and has been removed in the latest patch.
Comment #20
droplet CreditAttribution: droplet commented@sun,
You right. Working now :). The latest stuff I seen is drupal will produce an ugly URL:
<img src="http://192.168.56.108/drupal8x/../test2/logo.png" alt="Home" />
Comment #21
sunThanks for confirming!
I'm not sure whether we need to care for a path like
../logo.png
- I don't think that's really supported; though I can imagine the theme settings form allows you to submit such a value.Comment #22
sunAny other feedback/reviews? This looks good to go for me.
Comment #23
sunI'm really not sure about this, so I'm going to back it out of this patch.
Actually, a simple change to is_file() should yield the proper result here.
As you know, file_exists() does not care for whether the file path is a directory or file.
Comment #24
sunExcellent.
Comment #25
xjmI asked sun about this bit. This change seems somewhat out of scope to me. The assertion is used once in testThemeSettings(). It's a fairly simple cleanup and I'm not opposed to it being added here or anything, but I thought I'd point it out.
Changing the theme tests from standard/bartik to testing/stark also isn't part of the scope in the title, but sun explained that it's what exposes the bug and makes it testable.
Comment #26
xjmHmmm, "An arbitrary local file within the site" seems pretty confusing. What does it mean?
Another unrelated cleanup?
Comment #27
sunAlthough I'm a bit torn about the rigid amount of issues this causes, extracted those two fixes into:
#1397890: DrupalWebTestCase::assertFieldByName() outputs bogus assertion message when no $value is passed
#1397882: system_theme_settings_submit() does not properly clean up submitted form values
Comment #28
sunRevised the description after discussion with @xjm in IRC.
Screenshot:
Comment #30
sunFatal error is caused by #1397954: Temporarily add Node module to Testing profile
Comment #31
sunFixed the fatal error by adding Node module to the list of modules to install in setUp().
This patch really looks ready to fly for me now.
Comment #32
SilverBallz CreditAttribution: SilverBallz commentedComment #33
sun#31: drupal8.system-theme-settings.31.patch queued for re-testing.
Comment #34
sun#31: drupal8.system-theme-settings.31.patch queued for re-testing.
Comment #35
tim.plunkett#31: drupal8.system-theme-settings.31.patch queued for re-testing.
Comment #36
tim.plunkettLooks good to me. The string changes are nice clarifications, but they'll have to come out for the D7 patch.
Comment #37
catchYes this looks good to me too. Committed/pushed to 8.x, moving to 7.x for backport.
Comment #38
xjmI'll pull out the string changes for a backport.
Comment #39
xjmRemoving the bits to change the
#title
and#description
, but leaving the rest.Comment #41
xjmThis is what happens when people don't include the final serial comma in multi-line arrays. :P
Comment #43
tim.plunkettThere was a whole section of the test for the D8 strings, because they have dynamic examples.
Removing that, and also removing the 'core/' prefix on the files, made it all pass locally for me.
Also, removing the hunks about switching the default theme, since #1181776: Change theme_default variable to Stark was D8 only.
Comment #45
tim.plunkettComment #46
xjmYeah, so that's actually a Drupal 7 patch, huh? Thanks Tim!
I was concerned that there are fewer test failures than in #16, but I double-checked and (of course) these were related to the dynamic strings (as stated in #44).
Comment #47
sunWe need to ask @webchick whether the string changes can be backported.
IMHO, they are an essential part of the fix, since site admins don't really have a clue of what values can actually be configured. The string changes are administrative only.
Comment #47.0
sunUpdated issue summary.
Comment #47.1
xjmUpdated issue summary.
Comment #47.2
xjmUpdated issue summary.
Comment #47.3
xjmUpdated issue summary.
Comment #47.4
xjmUpdated issue summary.
Comment #49
xjmI added the before/after screenshots to the summary, listed the string changes, and tried to clarify the current status of the patch.
Comment #50
xjmComment #50.0
xjmDocument string changes
Comment #51
webchickreally awesome work on this fix. i think the string breakage is acceptable and agree it's part of the fix.
committed and pushed to 7.x. thanks!
Comment #52
webchickalso tagging for release notes
Comment #53
pillarsdotnet CreditAttribution: pillarsdotnet commentedIf the string changes are part of the fix, then we need a 7.x patch for the string changes.
Comment #54
xjm@pillarsdotnet is correct. Bumping to major since we'll want that followup ASAP. The task is to create a backport more like #31. It might be easiest to revert this commit and apply the complete fix after.
Comment #55
tim.plunkettHere are the changes.
I got a weird failure locally that I hope doesn't fail here. The same assertion works in D8.
Comment #57
tim.plunkettDamn, those are the failures I saw locally. For some reason path_to_theme() is picking up 'seven' and not 'stark' in D7 but not in D8.
Comment #58
webchickShould I roll this back?
Comment #59
webchickOk, I'm up to speed now. The patch I committed was the stripped down version, without the string fixes to make it more palatable for backport.
Since the revised patch adds / changes a lot of strings, I'd prefer to hold it to the beginning of next release to give translators a bit more time to catch up.
And since it's just string fixes, I think we can degrade to normal, too. But happy to discuss it more. I'd really prefer not to change the code base at this point if at all possible, in order to give folks sufficient time to test a non-moving target.
Comment #60
tim.plunkettI would agree with this not being major. As sun explained, the string changes are part of the fix in that they convey that a fix happened at all. But it can definitely wait til after 7.13.
Comment #61
sunThanks for the commit.
The interdiff in #43 contained some more changes/reverts for D7, which we should try to incorporate in the follow-up patch.
That will also resolve the test failures, since the Standard profile sets up Bartik/Seven as default/admin themes and the test attempts to assert proper logo/favicon path examples.
Thus, we stripped away too much from the backport and should re-inject that code. Ideally, the test code in D7 should look identical to D8.
Only affects the test and string changes. The bug fix and functionality seems to be identical.
Comment #62
sheise CreditAttribution: sheise commentedHere's an update to the patch in #55 which is the D7 version.
There were 2 reasons for the previous fails.
1. The "human-friendly values and form element descriptions for the logo" were not getting set correctly for a relative file path.
2. In the test, the relative file paths were never getting a $local_file reset, and were therefore always looking to equal the default $local_file we had set of themes/stark/logo.png. I added a fix for this but there may be a better way to go about it than what I've done.
Also I attempted to add some of the additional changes from the D8 patch as suggested in #61 but this introduced more fails so I have not included them.
Comment #63
sunCan someone manually check the difference in actual resulting code between D7 + #62 and D8?
It looks correct to me, but unfortunately, the D7 backport got split in a weird way.
Comment #64
webchickPlease don't remove tags for historic reference.
Comment #65
tim.plunkettThis conditional isn't in D8.
This is also not in D8.
Comment #66
tim.plunkettRestoring tag/status
Comment #67
webchickAlso, I don't think you want this issue assigned to me anymore. :)
Comment #68
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedMarked #658386: Reduce repetitive wording on image and shortcut icon appearance settings as a duplicate.
Comment #69
drupal_was_my_past CreditAttribution: drupal_was_my_past commentedMarked #822524: "Use the default shortcut icon" is ambiguous. as a duplicate.
Comment #70
sunLooks like we still need to incorporate #65
Comment #71
cheese_monkey CreditAttribution: cheese_monkey commentedPlease, add to the descriptions a line noting that the file must be in place before trying to enter that path into Drupal, otherwise the test comes back with "invalid file path".
I was wrestling with my site installation trying to find a path that Drupal would accept, thinking "first I'll figure out what bizarre combination of files+sites will pass its test, THEN I'll move the file to that place on the local filesystem". Turns out that a probe for file existence is part of its test.
I suppose it's all fine and well for Drupal to try and save the user from themselves, but it would be even more useful to have explicit descriptions of what exactly we can type into those fields.
Comment #71.0
cheese_monkey CreditAttribution: cheese_monkey commentedUpdated issue summary.
Comment #72
Richard Buchanan CreditAttribution: Richard Buchanan as a volunteer commentedMarked #756500: Remove form element descriptions that are equal to their titles at themes settings page as duplicate of this issue. It only pertained to the logo and favicon descriptions, which will be taken care of once the backport to Drupal 7 here is complete.