Upgraded drupal core with security updates

[yaffs-website] / web / core / lib / Drupal / Core / Entity / EntityAccessControlHandler.php

diff --git a/web/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php b/web/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
index 3b16d1cddbc30021f65a7e433f4132a13bfe899b..ac364115ebd6a2dd1637bea9f77a8bb7e1e583fb 100644 (file)
--- a/web/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
+++ b/web/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
@@ -66,7 +66,19 @@ class EntityAccessControlHandler extends EntityHandlerBase implements EntityAcce
       $operation = 'view';
     }
 
-    if (($return = $this->getCache($entity->uuid(), $operation, $langcode, $account)) !== NULL) {
+    // If an entity does not have a UUID, either from not being set or from not
+    // having them, use the 'entity type:ID' pattern as the cache $cid.
+    $cid = $entity->uuid() ?: $entity->getEntityTypeId() . ':' . $entity->id();
+
+    // If the entity is revisionable, then append the revision ID to allow
+    // individual revisions to have specific access control and be cached
+    // separately.
+    if ($entity instanceof RevisionableInterface) {
+      /** @var $entity \Drupal\Core\Entity\RevisionableInterface */
+      $cid .= ':' . $entity->getRevisionId();
+    }
+
+    if (($return = $this->getCache($cid, $operation, $langcode, $account)) !== NULL) {
       // Cache hit, no work necessary.
       return $return_as_object ? $return : $return->isAllowed();
     }
@@ -92,7 +104,7 @@ class EntityAccessControlHandler extends EntityHandlerBase implements EntityAcce
     if (!$return->isForbidden()) {
       $return = $return->orIf($this->checkAccess($entity, $operation, $account));
     }
-    $result = $this->setCache($return, $entity->uuid(), $operation, $langcode, $account);
+    $result = $this->setCache($return, $cid, $operation, $langcode, $account);
     return $return_as_object ? $result : $result->isAllowed();
   }