Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
The requirements errors are escaped in installer. Check screenshots:
Before
After
Proposed resolution
Fix them using inline template
SafeMarkup::set()
function. Also cleaned up a bit the code to make it more readable.
Comment | File | Size | Author |
---|---|---|---|
#32 | after_patch.JPG | 19.68 KB | veerasekar89 |
#32 | before_patch.JPG | 26.08 KB | veerasekar89 |
#30 | 2346287-30.patch | 8.52 KB | Zekvyrin |
#30 | interdiff_25_30.txt | 1.6 KB | Zekvyrin |
#26 | screencapture-192-168-139-128-8082-core-install-php.jpg | 148.75 KB | Zekvyrin |
Comments
Comment #1
rteijeiro CreditAttribution: rteijeiro commentedComment #3
rteijeiro CreditAttribution: rteijeiro commentedA few fixes and nitpicks discussed with @joelpittet. Thanks man!
Comment #4
rteijeiro CreditAttribution: rteijeiro commentedTagging...
Comment #5
joelpittetThe error presumably get's built up separately from the description for some reason. There is a code path where the error could be added to but not trigger the description to be displayed.
Maybe go with $error = [];
And build that up separately and prepend it on to your $description?
Comment #6
bserem CreditAttribution: bserem commentedAbove patch uses "SafeMarkupSet" which is to be avoided based on the discussion on [#2311123]
Comment #7
bserem CreditAttribution: bserem commentedAttached patch solves double escaping for:
It doesn't use SafeMarkup but uses 'inline_template'.
Patch was created together with Zekvyrin (https://www.drupal.org/u/zekvyrin) at Drupalcon Amsterdam.
Comment #8
Zekvyrin CreditAttribution: Zekvyrin commentedConfirming that #7 patch solved the issues
Comment #9
kostask CreditAttribution: kostask commentedVariable names need to follow the coding standards. I would also use an array, $description[] with keys (ex $description['phase'], $description['memory'] ) rather than $desc_first and $desc_second.
Comment #10
bserem CreditAttribution: bserem commentedGood point, makes sense.
Attached patch is properly naming variables :)
Comment #11
Zekvyrin CreditAttribution: Zekvyrin commentedBefore patch
After
Comment #12
rteijeiro CreditAttribution: rteijeiro commentedOk, great job! A few little nitpicks. Sorry :)
Why don't use directly
'var' => drupal_render($item_list),
here?It seems that the indentation is wrong from here.
Comment #13
bserem CreditAttribution: bserem commentedGood catch! Attaching new patch, don't really know how to make an interdiff :|
Comment #14
bserem CreditAttribution: bserem commentedComment #15
rteijeiro CreditAttribution: rteijeiro commentedPing me in IRC and I'll help you to make the interdiff. I'm at the Novotel lobby if you want to do it live!
Also assign the issue to you if you are going to fix it ;)
Comment #16
bserem CreditAttribution: bserem commentedI'll do my best to fix it. I think I'm on a good track!
update: I was at the hackerspace, I don't see you online atm so I'll ping tomorrow (unless I find the answer myself first)
Comment #17
bserem CreditAttribution: bserem commentedComment #18
marcus7777 CreditAttribution: marcus7777 commentedTested and working as expected.
I was trying to fix this issue. And it looks like you fixed it in a lot better way than i had. I think this is a good patch
Comment #19
JKingsnorth CreditAttribution: JKingsnorth commentedMarked #2348431: Requirements review box showing code instead of rendering text as a duplicate
Comment #20
ChristianAdamski CreditAttribution: ChristianAdamski commented@akoe and me just encountred this one as well. Specifically the missing files/ directory one is also showing up in the status report page.
We approached this with SafeMarkup as well, before stumpling on this issue.
We tested and reviewed this patch and it works fine on install as well as status page.
It was hard to find this issue, though I have not better title proposal.
Comment #21
marcus7777 CreditAttribution: marcus7777 commentedCan we add a test to test for double escaped html?
Comment #22
bserem CreditAttribution: bserem commentedWhile I was working on the patch, Zekvyrin created an installation environment that would fail on all requirements (!) so as to test all situations.
I can't really tell if we can add a test
Comment #23
marcus7777 CreditAttribution: marcus7777 commentedso we would need a add new environment to the test we can do that. I was thinking can we test for double escaped looking at the output for the tests?
We have it all over D8
Comment #24
marcus7777 CreditAttribution: marcus7777 commentedlike on error on the module page
Comment #25
alexpottThere is no need to do the rendering here - we are returning one big render array. Which means we can do something like the patch attached.
Comment #26
Zekvyrin CreditAttribution: Zekvyrin commentedI can confirm that alexpott's modification works perfectly to my enviroment:
Comment #27
joelpittetSome nitpicks a but some possible caveats still to take care of as well in this iteration:
Thanks for keeping on top of this issue!
We are avoiding "escaping", not "double escaping".
Description is being treated as an array and probably should be initialized as one.
Where is the $error initialized before for this concatenation, we may need more work here...
just needs one more space of indent to make it 2 spaces.
Comment #28
joelpittetComment #29
joelpittetComment #30
Zekvyrin CreditAttribution: Zekvyrin commentedFixed 1,2 & 4 from comment #26.
About 3 ($error's concat), I don't think that this should change.
After $error is initialized, and might or might not be overridden once. It's no longer concatenated with description the way is was.
Comment #31
karthikkumarbodu CreditAttribution: karthikkumarbodu commentedGood Work :)
I agree with your comments, description cannot be initialized as an array as it was treated as string in the previous statements.
Comment #32
veerasekar89 CreditAttribution: veerasekar89 commentedIts working.
Comment #33
veerasekar89 CreditAttribution: veerasekar89 commentedTested #30 working fine refer screenshot #32
Comment #34
veerasekar89 CreditAttribution: veerasekar89 commentedTested #30 working fine refer screenshot #32
Comment #35
joelpittetThanks @Zekvyrin for the fixes and I agree with you on the #27.3 regarding the $error variable. It's weird because it looks like it could be collecting the $errors but the likelihood of that ever happening is 0 I believe because the $phase won't change in the loop.
RTBC++
Comment #36
lauriiiComment #37
jibranComment #38
catchIs it worth an actual template for this rather than an inline one?
Comment #39
bserem CreditAttribution: bserem commented@catch what do you mean by actual template? None of the patches introduced a template file.
Comment #40
catch@bserem yes that's the question - would it be better to introduce an actual template file.
Comment #41
bserem CreditAttribution: bserem commentedUnderstood now.
I can't really answer that. The issue seems resolved with the patches provided, and it is not a bad solution either I believe.
A template file would definitely postpone this more, not that we are in a hurry :)
Plus I don't get what the benefits of a template file would be (I really don't, I'm not that up to date with D8 yet).
Can you please share some intel on the subject?
Comment #42
Zekvyrin CreditAttribution: Zekvyrin commented@catch: I don't think we can answer that properly in this issue. Maybe a more 'global' answer is needed.
We thought this issue is in "small snippets of HTML" category, so we implemented 2nd option and not 1st from instructions:
https://www.drupal.org/node/2311123
As I saw, parent issue #2297711: Fix HTML escaping due to Twig autoescape is postponed for now.. so I guess this one has to wait.
I guess other issues like #2273925: Ensure #markup is XSS escaped in Renderer::doRender() should be resolved first and then we'll review these issues.
Comment #43
heddnThis one doesn't need to wait. The parent was postponed while all the children issues are gone through. Which is what we are doing here.
catch, fixes of #2297711: Fix HTML escaping due to Twig autoescape have tended to be in the "getting things fixed" category. Not introducing new functionality. To convert to a template, let's do that in a follow-up.
Comment #44
Zekvyrin CreditAttribution: Zekvyrin commentedOk then, I'm setting it to RTBC as it was before questioning about making it a template.
And we might revisit this issue as a follow up.
Comment #45
ifrikThis patch works for me. The html tags are displayed correctly.
However, I noticed several other issues: the links should be https instead http, we are not using the phrase "handbook" anymore but "online documentation", and the link should rather go to the installation guide and not to info about webhosting.
Since these issues are also relevant for some of the other messages in the system.install file: Should I wait until this patch is committed, and then make a new patch for all of them?
Comment #46
bserem CreditAttribution: bserem commentedThe issues you are mentioning are not exactly relevant to what we are trying to solve here.
Valid as they are, they should probably be solved on another issue.
Just my opinion :)
Comment #48
catchOK thanks for the answers.
@ifrik well spotted - please open a new issue for the things you found!
Committed/pushed to 8.0.x, thanks!