Security update for Core, with self-updated composer

[yaffs-website] / web / core / modules / system / src / Plugin / Block / SystemMenuBlock.php

diff --git a/web/core/modules/system/src/Plugin/Block/SystemMenuBlock.php b/web/core/modules/system/src/Plugin/Block/SystemMenuBlock.php
index c142c86c8ee83116a6dca9a36d3360ce69591e3a..849dee92fe52621f23252fd86d915cb5cc37ab66 100644 (file)
--- a/web/core/modules/system/src/Plugin/Block/SystemMenuBlock.php
+++ b/web/core/modules/system/src/Plugin/Block/SystemMenuBlock.php
@@ -147,6 +147,25 @@ class SystemMenuBlock extends BlockBase implements ContainerFactoryPluginInterfa
       $parameters->setMaxDepth(min($level + $depth - 1, $this->menuTree->maxDepth()));
     }
 
+    // For menu blocks with start level greater than 1, only show menu items
+    // from the current active trail. Adjust the root according to the current
+    // position in the menu in order to determine if we can show the subtree.
+    if ($level > 1) {
+      if (count($parameters->activeTrail) >= $level) {
+        // Active trail array is child-first. Reverse it, and pull the new menu
+        // root based on the parent of the configured start level.
+        $menu_trail_ids = array_reverse(array_values($parameters->activeTrail));
+        $menu_root = $menu_trail_ids[$level - 1];
+        $parameters->setRoot($menu_root)->setMinDepth(1);
+        if ($depth > 0) {
+          $parameters->setMaxDepth(min($level - 1 + $depth - 1, $this->menuTree->maxDepth()));
+        }
+      }
+      else {
+        return [];
+      }
+    }
+
     $tree = $this->menuTree->load($menu_name, $parameters);
     $manipulators = [
       ['callable' => 'menu.default_tree_manipulators:checkAccess'],