The URL for adding a new action requires that you pass a base-64 encoded sha-256 hash of the plugin ID.
No other UI using plugin IDs (blocks, views, fields) does this extra step.
Digging back, the original patch to add the actions module used an md5 hash.
In the docs, it said:
Hashes are used to prevent actual function names from going out into HTML forms and coming back.
This was when the action ID corresponded with an actual PHP function name.
This is no longer true, and is an added complexity that can be removed.
Remove Crypt::hashBase64() calls for the action UI.
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | 2911806-action-6.patch | 6.13 KB | tim.plunkett |
| #6 | 2911806-action-6-interdiff.txt | 1.54 KB | tim.plunkett |
| #5 | 2911806-action-5-interdiff.txt | 2.07 KB | tim.plunkett |
| #5 | 2911806-action-5.patch | 6.14 KB | tim.plunkett |
| #2 | 2911806-action-2.patch | 5.05 KB | tim.plunkett |
Comments
Comment #2
tim.plunkettPatch written while discussing with @jibran
Comment #3
tim.plunkettComment #4
dawehnerSuch a nice 👏 improvement!
Comment #5
tim.plunkettSimplifying this further.
Comment #6
tim.plunkettNitpicking myself. Sorry, I'm done now :)
Comment #7
jibranSorry, I missed the link in slack. Thanks, for looking into it. Patch looks straightforward and it is green so RTBC.
Comment #9
catchNice find.
Committed 19fa2eb and pushed to 8.5.x. Thanks!