Issue #2982307 by seanB, alexpott, marcoscano: Misnamed template can cause...

Issue #2982307 by seanB, alexpott, marcoscano: Misnamed template can cause fatal error in themes that do not extend Stable

Issue #2982307 by seanB, alexpott, marcoscano: Misnamed template can cause...
2dc41c87 · catch · e3843009 · 2dc41c87 · 2dc41c87 · 2dc41c87
Commit 2dc41c87 authored 6 years ago by catch
--- a/core/modules/media/src/Controller/OEmbedIframeController.php
+++ b/core/modules/media/src/Controller/OEmbedIframeController.php
@@ -3,6 +3,7 @@
 namespace Drupal\media\Controller;

 use Drupal\Component\Utility\Crypt;
+use Drupal\Core\Cache\CacheableMetadata;
 use Drupal\Core\Cache\CacheableResponse;
 use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
 use Drupal\Core\Logger\LoggerChannelInterface;
@@ -140,19 +141,26 @@ public function render(Request $request) {

      // Render the content in a new render context so that the cacheability
      // metadata of the rendered HTML will be captured correctly.
-      $content = $this->renderer->executeInRenderContext(new RenderContext(), function () use ($resource) {
-        $element = [
-          '#theme' => 'media_oembed_iframe',
-          // Even though the resource HTML is untrusted, IFrameMarkup::create()
-          // will create a trusted string. The only reason this is okay is
-          // because we are serving it in an iframe, which will mitigate the
-          // potential dangers of displaying third-party markup.
-          '#media' => IFrameMarkup::create($resource->getHtml()),
-        ];
+      $element = [
+        '#theme' => 'media_oembed_iframe',
+        // Even though the resource HTML is untrusted, IFrameMarkup::create()
+        // will create a trusted string. The only reason this is okay is
+        // because we are serving it in an iframe, which will mitigate the
+        // potential dangers of displaying third-party markup.
+        '#media' => IFrameMarkup::create($resource->getHtml()),
+        '#cache' => [
+          // Add the 'rendered' cache tag as this response is not processed by
+          // \Drupal\Core\Render\MainContent\HtmlRenderer::renderResponse().
+          'tags' => ['rendered'],
+        ],
+      ];
+      $content = $this->renderer->executeInRenderContext(new RenderContext(), function () use ($resource, $element) {
        return $this->renderer->render($element);
      });
-
-      $response->setContent($content)->addCacheableDependency($resource);
+      $response
+        ->setContent($content)
+        ->addCacheableDependency($resource)
+        ->addCacheableDependency(CacheableMetadata::createFromRenderArray($element));
    }
    catch (ResourceException $e) {
      // Prevent the response from being cached.

--- a/core/modules/media/templates/media-oembed-frame.html.twig
+++ b/core/modules/media/templates/media-oembed-frame.html.twig
--- a/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php
+++ b/core/modules/media/tests/src/FunctionalJavascript/MediaSourceOEmbedVideoTest.php
@@ -7,6 +7,7 @@
 use Drupal\media_test_oembed\Controller\ResourceController;
 use Drupal\Tests\media\Traits\OEmbedTestTrait;
 use Drupal\user\Entity\Role;
+use Symfony\Component\DependencyInjection\ContainerInterface;

 /**
 * Tests the oembed:video media source.
@@ -30,6 +31,18 @@ protected function setUp() {
    $this->lockHttpClientToFixtures();
  }

+  /**
+   * {@inheritdoc}
+   */
+  protected function initConfig(ContainerInterface $container) {
+    parent::initConfig($container);
+
+    // Enable twig debugging to make testing template usage easy.
+    $parameters = $container->getParameter('twig.config');
+    $parameters['debug'] = TRUE;
+    $this->setContainerParameter('twig.config', $parameters);
+  }
+
  /**
   * Tests the oembed media source.
   */
@@ -135,6 +148,16 @@ public function testMediaOEmbedVideoSource() {
    // 'view media' permission.
    $this->drupalGet('media/oembed', ['query' => $query]);
    $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
+    $this->assertRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
+    $this->assertNoRaw('core/modules/media/templates/media-oembed-iframe.html.twig');
+
+    // Test themes not inheriting from stable.
+    \Drupal::service('theme_handler')->install(['stark']);
+    $this->config('system.theme')->set('default', 'stark')->save();
+    $this->drupalGet('media/oembed', ['query' => $query]);
+    $assert_session->pageTextContains('By the power of Greyskull, Vimeo works!');
+    $this->assertNoRaw('core/themes/stable/templates/content/media-oembed-iframe.html.twig');
+    $this->assertRaw('core/modules/media/templates/media-oembed-iframe.html.twig');

    // Remove the 'view media' permission to test that this restricts access.
    $role = Role::load(AccountInterface::ANONYMOUS_ROLE);