Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Child of #2124749: [meta] Stop using $request->attributes->get(MAGIC_KEY) as a public API. Any ideas what to replace it with?
Comment | File | Size | Author |
---|---|---|---|
#2 | menu_admin-2239001-2.patch | 7.22 KB | dawehner |
Comments
Comment #1
dawehnerThis variable is used currently that links in admin/structure/menu also appear, even the admin don't have access. /user/register or user/login are the basic examples in core for that. Once we have the route match object we somehow could add an additional metadata to that.
In general we though cannot drop all access checking on there.
Comment #2
dawehnerI really wonder how crazy this idea can get.
Comment #3
dawehnerThis is solved properly by #2323721: [sechole] Link field item and menu link information leakage already.