Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2884171 by mcdruid, Seth Snyder: The drupal_render() function could use a bit more protection

merge-requests/3045/head
Juraj Nemec 2022-09-03 14:48:07 +02:00
parent 40d1dbb9f4
commit 6d7d36463c
No known key found for this signature in database
GPG Key ID: 01EC3E1EECB5B2CA
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/common.inc
View File

@ -6088,7 +6088,7 @@ function drupal_render_page($page) {
*/
function drupal_render(&$elements) {
// Early-return nothing if user does not have access.
if (empty($elements) || (isset($elements['#access']) && !$elements['#access'])) {
if (empty($elements) || !is_array($elements) || (isset($elements['#access']) && !$elements['#access'])) {
return '';
}

5
modules/simpletest/tests/common.test
View File

@ -1989,6 +1989,11 @@ class DrupalRenderTestCase extends DrupalWebTestCase {
'value' => '',
'expected' => '',
),
array(
'name' => 'not a render array',
'value' => 'this is not an array',
'expected' => '',
),
array(
'name' => 'no access',
'value' => array(