From 7401e2ade3602125b244b6cbe082d555adf6d263 Mon Sep 17 00:00:00 2001 From: xjm Date: Tue, 15 Feb 2022 14:26:31 -0600 Subject: [PATCH 1/3] SA-CORE-2022-003 by ciss, xjm, larowlan, benjy, mcdruid, jenlampton, quicksketch, Fabianx, effulgentsia --- core/lib/Drupal/Core/Form/FormBuilder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/lib/Drupal/Core/Form/FormBuilder.php b/core/lib/Drupal/Core/Form/FormBuilder.php index 1d92afc45d8..7459814f890 100644 --- a/core/lib/Drupal/Core/Form/FormBuilder.php +++ b/core/lib/Drupal/Core/Form/FormBuilder.php @@ -1218,7 +1218,7 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS // #access=FALSE on an element usually allow access for some users, so forms // submitted with self::submitForm() may bypass access restriction and be // treated as high-privilege users instead. - $process_input = empty($element['#disabled']) && (($form_state->isProgrammed() && $form_state->isBypassingProgrammedAccessChecks()) || ($form_state->isProcessingInput() && (!isset($element['#access']) || $element['#access']))); + $process_input = empty($element['#disabled']) && ($element['#type'] !== 'value') && (($form_state->isProgrammed() && $form_state->isBypassingProgrammedAccessChecks()) || ($form_state->isProcessingInput() && (!isset($element['#access']) || $element['#access']))); // Set the element's #value property. if (!isset($element['#value']) && !array_key_exists('#value', $element)) { From c3996ef56c53f34bf432e35f53a75a1954a58e67 Mon Sep 17 00:00:00 2001 From: xjm Date: Tue, 15 Feb 2022 14:26:31 -0600 Subject: [PATCH 2/3] SA-CORE-2022-004 by samuel.mortenson, xjm, nod_, effulgentsia, phenaproxima, mcdruid, Wim Leers, tedbow, longwave, dww, larowlan, pandaski --- core/modules/quickedit/src/MetadataGenerator.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/core/modules/quickedit/src/MetadataGenerator.php b/core/modules/quickedit/src/MetadataGenerator.php index 174726fe132..a071512b5d6 100644 --- a/core/modules/quickedit/src/MetadataGenerator.php +++ b/core/modules/quickedit/src/MetadataGenerator.php @@ -5,6 +5,7 @@ namespace Drupal\quickedit; use Drupal\Component\Plugin\PluginManagerInterface; use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Field\FieldItemListInterface; +use Drupal\Core\StringTranslation\TranslatableMarkup; use Drupal\quickedit\Access\QuickEditEntityFieldAccessCheckInterface; use Drupal\Core\Entity\Entity\EntityViewDisplay; @@ -55,7 +56,10 @@ class MetadataGenerator implements MetadataGeneratorInterface { */ public function generateEntityMetadata(EntityInterface $entity) { return [ - 'label' => $entity->label(), + 'label' => $entity->access('view label') ? $entity->label() : new TranslatableMarkup('@label @id', [ + '@label' => $entity->getEntityType()->getSingularLabel(), + '@id' => $entity->id() + ]) ]; } From 7c620f0d179eee168b27509f3902f99e9fa52703 Mon Sep 17 00:00:00 2001 From: xjm Date: Tue, 15 Feb 2022 14:26:35 -0600 Subject: [PATCH 3/3] Drupal 9.2.13 --- composer.lock | 6 +++--- composer/Metapackage/CoreRecommended/composer.json | 2 +- composer/Metapackage/PinnedDevDependencies/composer.json | 2 +- core/lib/Drupal.php | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/composer.lock b/composer.lock index 03b6b511113..4a75e6512e1 100644 --- a/composer.lock +++ b/composer.lock @@ -530,7 +530,7 @@ }, { "name": "drupal/core", - "version": "9.2.12", + "version": "9.2.13", "dist": { "type": "path", "url": "core", @@ -784,7 +784,7 @@ }, { "name": "drupal/core-project-message", - "version": "9.2.12", + "version": "9.2.13", "dist": { "type": "path", "url": "composer/Plugin/ProjectMessage", @@ -817,7 +817,7 @@ }, { "name": "drupal/core-vendor-hardening", - "version": "9.2.12", + "version": "9.2.13", "dist": { "type": "path", "url": "composer/Plugin/VendorHardening", diff --git a/composer/Metapackage/CoreRecommended/composer.json b/composer/Metapackage/CoreRecommended/composer.json index e63444b7e46..84578d8396f 100644 --- a/composer/Metapackage/CoreRecommended/composer.json +++ b/composer/Metapackage/CoreRecommended/composer.json @@ -7,7 +7,7 @@ "webflo/drupal-core-strict": "*" }, "require": { - "drupal/core": "9.2.12", + "drupal/core": "9.2.13", "asm89/stack-cors": "1.3.0", "composer/semver": "3.2.5", "doctrine/annotations": "1.13.1", diff --git a/composer/Metapackage/PinnedDevDependencies/composer.json b/composer/Metapackage/PinnedDevDependencies/composer.json index d612e1d86cf..11ce50b2653 100644 --- a/composer/Metapackage/PinnedDevDependencies/composer.json +++ b/composer/Metapackage/PinnedDevDependencies/composer.json @@ -7,7 +7,7 @@ "webflo/drupal-core-require-dev": "*" }, "require": { - "drupal/core": "9.2.12", + "drupal/core": "9.2.13", "behat/mink": "v1.8.1", "behat/mink-goutte-driver": "v1.2.1", "behat/mink-selenium2-driver": "v1.4.0", diff --git a/core/lib/Drupal.php b/core/lib/Drupal.php index 1f87a6cae66..11c15891a60 100644 --- a/core/lib/Drupal.php +++ b/core/lib/Drupal.php @@ -75,7 +75,7 @@ class Drupal { /** * The current system version. */ - const VERSION = '9.2.12'; + const VERSION = '9.2.13'; /** * Core API compatibility.