summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathaniel Catchpole2018-07-03 15:36:06 (GMT)
committerNathaniel Catchpole2018-07-03 15:36:06 (GMT)
commit2dc41c872ef4410cce9d40d85a22e008c47b2df6 (patch)
treeb9a2cd9014ce090a756367deae7afd2e88cd3249
parente3843009841f1f066016a0e3688921512d9a899f (diff)
Issue #2982307 by seanB, alexpott, marcoscano: Misnamed template can cause fatal error in themes that do not extend Stable
-rw-r--r--core/modules/media/src/Controller/OEmbedIframeController.php30
-rw-r--r--core/modules/media/templates/media-oembed-iframe.html.twig (renamed from core/modules/media/templates/media-oembed-frame.html.twig)0
-rw-r--r--core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php23
3 files changed, 42 insertions, 11 deletions
diff --git a/core/modules/media/src/Controller/OEmbedIframeController.php b/core/modules/media/src/Controller/OEmbedIframeController.php
index 0e45d72..72f2831 100644
--- a/core/modules/media/src/Controller/OEmbedIframeController.php
+++ b/core/modules/media/src/Controller/OEmbedIframeController.php
@@ -3,6 +3,7 @@
namespace Drupal\media\Controller;
use Drupal\Component\Utility\Crypt;
+use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Cache\CacheableResponse;
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
use Drupal\Core\Logger\LoggerChannelInterface;
@@ -140,19 +141,26 @@ class OEmbedIframeController implements ContainerInjectionInterface {
// Render the content in a new render context so that the cacheability
// metadata of the rendered HTML will be captured correctly.
- $content = $this->renderer->executeInRenderContext(new RenderContext(), function () use ($resource) {
- $element = [
- '#theme' => 'media_oembed_iframe',
- // Even though the resource HTML is untrusted, IFrameMarkup::create()
- // will create a trusted string. The only reason this is okay is
- // because we are serving it in an iframe, which will mitigate the
- // potential dangers of displaying third-party markup.
- '#media' => IFrameMarkup::create($resource->getHtml()),
- ];
+ $element = [
+ '#theme' => 'media_oembed_iframe',
+ // Even though the resource HTML is untrusted, IFrameMarkup::create()
+ // will create a trusted string. The only reason this is okay is
+ // because we are serving it in an iframe, which will mitigate the
+ // potential dangers of displaying third-party markup.
+ '#media' => IFrameMarkup::create($resource->getHtml()),
+ '#cache' => [
+ // Add the 'rendered' cache tag as this response is not processed by
+ // \Drupal\Core\Render\MainContent\HtmlRenderer::renderResponse().
+ 'tags' => ['rendered'],
+ ],
+ ];
+ $content = $this->renderer->executeInRenderContext(new RenderContext(), function () use ($resource, $element) {
return $this->renderer->render($element);
});
-
- $response->setContent($content)->addCacheableDependency($resource);
+ $response
+ ->setContent($content)
+ ->addCacheableDependency($resource)
+ ->addCacheableDependency(CacheableMetadata::createFromRenderArray($element));
}
catch (ResourceException $e) {
// Prevent the response from being cached.
diff --git a/core/modules/media/templates/media-oembed-frame.html.twig b/core/modules/media/templates/media-oembed-iframe.html.twig
index 96de5df..96de5df 100644
--- a/core/modules/media/templates/media-oembed-frame.html.twig
+++ b/core/modules/media/templates/media-oembed-iframe.html.twig
diff --git a/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php b/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php
index dbffaf0..fbdfe6d 100644
--- a/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php
+++ b/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php
@@ -7,6 +7,7 @@ use Drupal\media\Entity\Media;
use Drupal\media_test_oembed\Controller\ResourceController;
use Drupal\Tests\media\Traits\OEmbedTestTrait;
use Drupal\user\Entity\Role;
+use Symfony\Component\DependencyInjection\ContainerInterface;
/**
* Tests the oembed:video media source.
@@ -31,6 +32,18 @@ class MediaSourceOEmbedVideoTest extends MediaSourceTestBase {
}
/**
+ * {@inheritdoc}
+ */
+ protected function initConfig(ContainerInterface $container) {
+ parent::initConfig($container);
+
+ // Enable twig debugging to make testing template usage easy.
+ $parameters = $container->getParameter('twig.config');
+ $parameters['debug'] = TRUE;
+ $this->setContainerParameter('twig.config', $parameters);
+ }
+
+ /**
* Tests the oembed media source.
*/
public function testMediaOEmbedVideoSource() {
@@ -135,6 +148,16 @@ class MediaSourceOEmbedVideoTest extends MediaSourceTestBase {
// 'view media' permission.
$this->drupalGet('media/oembed', ['query' => $query]);
$assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
+ $this->assertRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
+ $this->assertNoRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
+
+ // Test themes not inheriting from stable.
+ \Drupal::service('theme_handler')->install(['stark']);
+ $this->config('system.theme')->set('default', 'stark')->save();
+ $this->drupalGet('media/oembed', ['query' => $query]);
+ $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
+ $this->assertNoRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
+ $this->assertRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
// Remove the 'view media' permission to test that this restricts access.
$role = Role::load(AccountInterface::ANONYMOUS_ROLE);