ISTWCMS-5866: don't allow any string of only slashes, and fix the admin check...

ISTWCMS-5866: don't allow any string of only slashes, and fix the admin check so paths like admin-meeting are still allowed.

uw_cfg_common.module

@@ -962,23 +962,24 @@ function _uw_cfg_common_alias_validate(array &$form, FormStateInterface $form_st
 
   // Trim any surrounding slashes from the alias to
   // ensure that we are getting exact matches for the
-  // predefined alias from above.  Some users will add
+  // predefined alias from above. Some users will add
   // slashes before and after the alias, so just
   // easier to check without slashes.
   $alias = trim($alias, '/');
 
   // Check if the alias exists if yes, sets error.
   // We are checking three cases, the first is if
-  // the alias is in the predefined list.  The second
-  // is if the alias is directly /, we have to check here
-  // because we removed all the slashes with the alias
-  // variable.  The last is to check if the alias has
-  // any form of strictly admin, so /admin/, /admin, admin/,
-  // and admin/something are not allowed.
+  // the alias is in the predefined list. The second
+  // is if the alias is just /, or just a series of slashes,
+  // we have to check here because we removed all the
+  // slashes with the alias variable. The last is to check
+  // if the alias has any form of strictly admin, so /admin/,
+  // admin, admin/, and admin/something are not allowed,
+  // but something like admin-meeting would be.
   if (
     in_array($alias, $urls) ||
-    $values['path'][0]['alias'] == '/' ||
-    preg_match('/^\/?admin\/?.*/', $values['path'][0]['alias'])
+    preg_match('/^\/+$/', $orig_alias) ||
+    preg_match('/^admin(?:\/.*)?$/', $alias)
   ) {
 
     // Set an error message if alias exists.