New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Arbitrary entities can break the settings form for XMLsitemap module #42
Comments
I've noticed that there are a lot of entities appearing on the xmlsitemap settings form that do not have URLs, and should not have settings for xmlsitemap. Is there a way to tell if an entity has a path, url, or uri, and exclude it if not? I've got both Flaggings and Multifields showing here now (though multifield is the only one causing this problem). Some light reading: |
I'm not entirely sure I know where you are talking about, but if it is... then https://github.com/backdrop-contrib/xmlsitemap/blob/1.x-1.x/xmlsitemap.module#L920 seems like you can alter away any entities you didn't want to have sitemap links for. If you look on line #901 they already explicitly disabled some entities, but I'd hope the alter hook can get you where you need to go. As far as the URI callback, I don't see it mentioned in https://api.backdropcms.org/api/backdrop/core%21modules%21entity%21entity.api.php/function/hook_entity_info/1 as it is in https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_entity_info/7.x. With that URI info, I would think you could ping something to determine if it was a public 200 response and exclude if not. That's about all I can think of for now. |
Okay, how about this: Instead of blindly adding XMLsitemap support for any arbitrary entity, we specifically include those we know are safe. Any contrib module that adds an entity can also add XMLsitemap support for it by implementing I've filed a PR at #48 for review. |
@jenlampton I took a look at this, and it makes sense and seems to function the same as the 1.x branch. The only question I have is about It looks like I don't use this module currently, so I thought you might know more...thoughts? |
Issue #42: Prevent broken settings page by any arbitrary entity.
I merged this in, but I will add a note on the next release. If someone included content of a module that didn't have That can be mitigated by adding a small custom module that implemented |
I know it seems unlikely, but I'm getting a multifield related db error on the xmlsitemap settings form:
However, disabling the multifield module brought the XMLsitemap admin form back to life.
See related: backdrop-contrib/multifield#12
The text was updated successfully, but these errors were encountered: