Child of #2124749: [meta] Stop using $request->attributes->get(MAGIC_KEY) as a public API. Any ideas what to replace it with?

CommentFileSizeAuthor
#2 menu_admin-2239001-2.patch7.22 KBdawehner
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner commented

This variable is used currently that links in admin/structure/menu also appear, even the admin don't have access. /user/register or user/login are the basic examples in core for that. Once we have the route match object we somehow could add an additional metadata to that.

In general we though cannot drop all access checking on there.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner commented
Status: Active » Needs review
FileSize
menu_admin-2239001-2.patch7.22 KB

I really wonder how crazy this idea can get.

dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner commented
Status: Needs review » Closed (duplicate)
Related issues: +#2323721: [sechole] Link field item and menu link information leakage

This is solved properly by #2323721: [sechole] Link field item and menu link information leakage already.