Remove the '_menu_admin' request attribute [#2239001]

Child of #2124749: [meta] Stop using $request->attributes->get(MAGIC_KEY) as a public API. Any ideas what to replace it with?

Comment	File	Size	Author
#2	menu_admin-2239001-2.patch	7.22 KB	dawehner

Comments

Comment #1

dawehner

German

commented 14 April 2014 at 10:44

This variable is used currently that links in admin/structure/menu also appear, even the admin don't have access. /user/register or user/login are the basic examples in core for that. Once we have the route match object we somehow could add an additional metadata to that.

In general we though cannot drop all access checking on there.

Comment #2

dawehner

German

commented 16 April 2014 at 18:01

Status:

Active

» Needs review

Status	File	Size
new	menu_admin-2239001-2.patch	7.22 KB

I really wonder how crazy this idea can get.

Comment #3

dawehner

German

commented 25 August 2014 at 20:25

Status:	Needs review	» Closed (duplicate)
Related issues:		+#2323721: [sechole] Link field item and menu link information leakage

This is solved properly by #2323721: [sechole] Link field item and menu link information leakage already.

Remove the '_menu_admin' request attribute

Comments

Comment #1

Comment #2

Comment #3

Parent issue

Related issues

News items

Our community

Documentation

Drupal code base

Governance of community