Security update for Core, with self-updated composer

[yaffs-website] / web / core / modules / system / src / MenuAccessControlHandler.php

diff --git a/web/core/modules/system/src/MenuAccessControlHandler.php b/web/core/modules/system/src/MenuAccessControlHandler.php
index 034f45a062fad3318335b5dfbd0ecbaaa8eb1376..86d7db135e00f237444e887ef9ee45b200c2092d 100644 (file)
--- a/web/core/modules/system/src/MenuAccessControlHandler.php
+++ b/web/core/modules/system/src/MenuAccessControlHandler.php
@@ -14,17 +14,23 @@ use Drupal\Core\Session\AccountInterface;
  */
 class MenuAccessControlHandler extends EntityAccessControlHandler {
 
+  /**
+   * {@inheritdoc}
+   */
+  protected $viewLabelOperation = TRUE;
+
   /**
    * {@inheritdoc}
    */
   protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
-    if ($operation === 'view') {
+    // There are no restrictions on viewing the label of a date format.
+    if ($operation === 'view label') {
       return AccessResult::allowed();
     }
     // Locked menus could not be deleted.
-    elseif ($operation == 'delete') {
+    elseif ($operation === 'delete') {
       if ($entity->isLocked()) {
-        return AccessResult::forbidden()->addCacheableDependency($entity);
+        return AccessResult::forbidden('The Menu config entity is locked.')->addCacheableDependency($entity);
       }
       else {
         return parent::checkAccess($entity, $operation, $account)->addCacheableDependency($entity);