1. LDAP filter hardening and safer LDAP connection handling in custom…#24
Open
bertrama wants to merge 1 commit into
Open
1. LDAP filter hardening and safer LDAP connection handling in custom…#24bertrama wants to merge 1 commit into
bertrama wants to merge 1 commit into
Conversation
…_blogs.module:110, custom_blogs.module:127, custom_blogs.module:136. 2. Safer username normalization from email (avoids brittle split/index access) in custom_blogs.module:79. 3. Removed render-time content mutation risk by stopping delete behavior in render hook and introducing explicit empty-check helper in custom_blogs.module:217, custom_blogs.module:249. 4. Escaped dynamic exposed form strings and links to mitigate XSS vectors in custom_blogs.module:413, custom_blogs.module:414, custom_blogs.module:478. 5. Fixed path logic edge case by replacing loose strpos checks with strict comparison in custom_blogs.module:443. 6. Removed HTML emphasis injection in view titles in custom_blogs.module:665, custom_blogs.module:675. 7. Enforced OpenID deny-by-default for non-authorized users and cleaned userinfo normalization in custom_openid.module:12, custom_openid.module:48, custom_openid.module:67. 8. Added OG membership null guards and safer defaults to prevent runtime notices/fatals in custom_blogs_og.module:34, custom_blogs_og.module:66, custom_blogs_og.module:480, custom_blogs_og.module:537. 9. Hardened outbound mail alter flow with entity guards, email validation, deduped BCC, and safer header setup in custom_uml_blogs_mail.module:31, custom_uml_blogs_mail.module:40, custom_uml_blogs_mail.module:50. 10. Removed unsafe raw Twig filter usage in aria-label context in colorbox-formatter.html.twig:17. 11. Hardened docker settings by gating error display behind explicit dev mode and safer hash salt fallback in docker.settings.php:773, docker.settings.php:786. 12. Replaced hardcoded compose secrets with environment-driven values in docker-compose.yml:10, docker-compose.yml:28. 13. Removed duplicate composer repository key for Drupal in composer.json:6, composer.json:45. * PHP syntax lint passed for all edited PHP/module files and docker settings. * Editor diagnostics report no errors in all edited files. * Git changes are limited to the intended eight files. * Global dependency policy still uses dev stability in composer.json:225. I left this untouched because tightening it can impact dependency resolution and lockfile behavior across the project. * Some HTML message construction remains in lower-priority paths like custom_drush.module:8 and custom_blogs_og.module:512. These were not part of the highest-severity set but can be hardened next. If you want, I can do a second pass to harden the remaining Markup-based message paths. I can also propose a safe plan to reduce composer dev-stability risk without breaking current installs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What Copilot fixed
PHP syntax lint passed for all edited PHP/module files and docker settings.
Editor diagnostics report no errors in all edited files.
Git changes are limited to the intended eight files.
Global dependency policy still uses dev stability in composer.json:225. I left this untouched because tightening it can impact dependency resolution and lockfile behavior across the project.
Some HTML message construction remains in lower-priority paths like custom_drush.module:8 and custom_blogs_og.module:512. These were not part of the highest-severity set but can be hardened next.
If you want, I can do a second pass to harden the remaining Markup-based message paths.
I can also propose a safe plan to reduce composer dev-stability risk without breaking current installs.