You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When errors happen upon importing a Rule, some errors messages include literal HTML in the error message, such as in this example (try importing the attached Rule to see this in action):
This happens because the form uses this call to form_set_error() to display the message, using the % placeholder to italicize the message.
The message is set when the RulesIntegityException is constructed, passing the message in the constructor, and the documentation for RulesIntegrityException says that the message must be translated, i.e., passed through t(). In this case, the message comes from function RulesAbstractPlugin::integrityCheck(), which makes this call:
So this call, using the %name placeholder, already wraps the name in the <em...> tags, which means that the second call to t() from within form_set_error() adds a second later of <em>-wrapping, but more importantly, sanitizes the HTML that was included in the message; hence the ugly error message.
There are lots of exception messages that use % placeholders. There are only two cases of form_set_error() passing an exception message as part of the output (searching for array('%message' => $e->getMessage())), so we can fix the issue simply by changing those placeholders from %message to @message. Or perhaps, since all of those RulesIntegrityException constructors are initialized via t() and its associated sanitization, the error message has already been sanitized; we could just use a !message placeholder and skip the extra sanitization.
When errors happen upon importing a Rule, some errors messages include literal HTML in the error message, such as in this example (try importing the attached Rule to see this in action):
This happens because the form uses this call to
form_set_error()
to display the message, using the%
placeholder to italicize the message.The message is set when the
RulesIntegityException
is constructed, passing the message in the constructor, and the documentation forRulesIntegrityException
says that the message must be translated, i.e., passed throught()
. In this case, the message comes from functionRulesAbstractPlugin::integrityCheck()
, which makes this call:So this call, using the
%name
placeholder, already wraps the name in the<em...>
tags, which means that the second call tot()
from withinform_set_error()
adds a second later of<em>
-wrapping, but more importantly, sanitizes the HTML that was included in the message; hence the ugly error message.There are lots of exception messages that use
%
placeholders. There are only two cases ofform_set_error()
passing an exception message as part of the output (searching forarray('%message' => $e->getMessage())
), so we can fix the issue simply by changing those placeholders from%message
to@message
. Or perhaps, since all of thoseRulesIntegrityException
constructors are initialized viat()
and its associated sanitization, the error message has already been sanitized; we could just use a!message
placeholder and skip the extra sanitization.rules_test_demo.json
The text was updated successfully, but these errors were encountered: