update Drupal 7.19

Signed-off-by: bachy <git@g-u-i.net>

modules/user/tests/user_form_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by drupal.org packaging script on 2012-11-07
-version = "7.17"
+; Information added by drupal.org packaging script on 2013-01-16
+version = "7.19"
 project = "drupal"
-datestamp = "1352325357"
+datestamp = "1358374870"
 

modules/user/user.info

@@ -9,8 +9,8 @@ required = TRUE
 configure = admin/config/people
 stylesheets[all][] = user.css
 
-; Information added by drupal.org packaging script on 2012-11-07
-version = "7.17"
+; Information added by drupal.org packaging script on 2013-01-16
+version = "7.19"
 project = "drupal"
-datestamp = "1352325357"
+datestamp = "1358374870"
 

modules/user/user.module

@@ -933,14 +933,18 @@ function user_search_execute($keys = NULL, $conditions = NULL) {
   $query = db_select('users')->extend('PagerDefault');
   $query->fields('users', array('uid'));
   if (user_access('administer users')) {
-    // Administrators can also search in the otherwise private email field.
+    // Administrators can also search in the otherwise private email field,
+    // and they don't need to be restricted to only active users.
     $query->fields('users', array('mail'));
     $query->condition(db_or()->
       condition('name', '%' . db_like($keys) . '%', 'LIKE')->
       condition('mail', '%' . db_like($keys) . '%', 'LIKE'));
   }
   else {
-    $query->condition('name', '%' . db_like($keys) . '%', 'LIKE');
+    // Regular users can only search via usernames, and we do not show them
+    // blocked accounts.
+    $query->condition('name', '%' . db_like($keys) . '%', 'LIKE')
+      ->condition('status', 1);
   }
   $uids = $query
     ->limit(15)
@@ -2285,26 +2289,14 @@ function user_external_login_register($name, $module) {
  *
  * @param object $account
  *   An object containing the user account.
- * @param array $options
- *   (optional) A keyed array of settings. Supported options are:
- *   - langcode: A language code to be used when generating locale-sensitive
- *    urls. If langcode is NULL the users preferred language is used.
  *
  * @return
  *   A unique URL that provides a one-time log in for the user, from which
  *   they can change their password.
  */
-function user_pass_reset_url($account, $options = array()) {
+function user_pass_reset_url($account) {
   $timestamp = REQUEST_TIME;
-  $url_options = array('absolute' => TRUE);
-  if (isset($options['langcode'])) {
-    $languages = language_list();
-    $url_options['language'] = $languages[$options['langcode']];
-  }
-  else {
-    $url_options['language'] = user_preferred_language($account);
-  }
-  return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), $url_options);
+  return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
 }
 
 /**
@@ -2316,10 +2308,6 @@ function user_pass_reset_url($account, $options = array()) {
  *   - uid: The user uid number.
  *   - pass: The hashed user password string.
  *   - login: The user login name.
- * @param array $options
- *   (optional) A keyed array of settings. Supported options are:
- *   - langcode: A language code to be used when generating locale-sensitive
-  *    urls. If langcode is NULL the users preferred language is used.
  *
  * @return
  *   A unique URL that may be used to confirm the cancellation of the user
@@ -2328,17 +2316,9 @@ function user_pass_reset_url($account, $options = array()) {
  * @see user_mail_tokens()
  * @see user_cancel_confirm()
  */
-function user_cancel_url($account, $options = array()) {
+function user_cancel_url($account) {
   $timestamp = REQUEST_TIME;
-  $url_options = array('absolute' => TRUE);
-  if (isset($options['langcode'])) {
-    $languages = language_list();
-    $url_options['language'] = $languages[$options['langcode']];
-  }
-  else {
-    $url_options['language'] = user_preferred_language($account);
-  }
-  return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), $url_options);
+  return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
 }
 
 /**
@@ -2787,7 +2767,7 @@ Your account on [site:name] has been canceled.
   if ($replace) {
     // We do not sanitize the token replacement, since the output of this
     // replacement is intended for an e-mail message, not a web browser.
-    return token_replace($text, $variables, array('langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
+    return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
   }
 
   return $text;
@@ -2814,8 +2794,8 @@ Your account on [site:name] has been canceled.
  */
 function user_mail_tokens(&$replacements, $data, $options) {
   if (isset($data['user'])) {
-    $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options);
-    $replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options);
+    $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']);
+    $replacements['[user:cancel-url]'] = user_cancel_url($data['user']);
   }
 }
 

modules/user/user.test

@@ -2046,26 +2046,6 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
     );
   }
 
-  public function setUp() {
-    parent::setUp('locale');
-
-    $account = $this->drupalCreateUser(array('access administration pages', 'administer languages'));
-    $this->drupalLogin($account);
-
-    // Add language.
-    $edit = array('langcode' => 'de');
-    $this->drupalPost('admin/config/regional/language/add', $edit, t('Add language'));
-
-    // Enable URL language detection and selection.
-    $edit = array('language[enabled][locale-url]' => 1);
-    $this->drupalPost('admin/config/regional/language/configure', $edit, t('Save settings'));
-
-    // Reset static caching.
-    drupal_static_reset('language_list');
-    drupal_static_reset('locale_url_outbound_alter');
-    drupal_static_reset('locale_language_url_rewrite_url');
-  }
-
   /**
    * Creates a user, then tests the tokens generated from it.
    */
@@ -2116,39 +2096,6 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
       $output = token_replace($input, array('user' => $account), array('language' => $language, 'sanitize' => FALSE));
       $this->assertEqual($output, $expected, t('Unsanitized user token %token replaced.', array('%token' => $input)));
     }
-
-    $languages = language_list();
-
-    // Generate login and cancel link.
-    $tests = array();
-    $tests['[user:one-time-login-url]'] = user_pass_reset_url($account);
-    $tests['[user:cancel-url]'] = user_cancel_url($account);
-
-    // Generate tokens with interface language.
-    $link = url('user', array('absolute' => TRUE));
-    foreach ($tests as $input => $expected) {
-      $output = token_replace($input, array('user' => $account), array('langcode' => $language->language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
-      $this->assertTrue(strpos($output, $link) === 0, 'Generated URL is in interface language.');
-    }
-
-    // Generate tokens with the user's preferred language.
-    $edit['language'] = 'de';
-    $account = user_save($account, $edit);
-    $link = url('user', array('language' => $languages[$account->language], 'absolute' => TRUE));
-    foreach ($tests as $input => $expected) {
-      $output = token_replace($input, array('user' => $account), array('callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
-      $this->assertTrue(strpos($output, $link) === 0, "Generated URL is in the user's preferred language.");
-    }
-
-    // Generate tokens with one specific language.
-    $link = url('user', array('language' => $languages['de'], 'absolute' => TRUE));
-    foreach ($tests as $input => $expected) {
-      foreach (array($user1, $user2) as $account) {
-        $output = token_replace($input, array('user' => $account), array('langcode' => 'de', 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
-        $this->assertTrue(strpos($output, $link) === 0, "Generated URL in in the requested language.");
-      }
-    }
-
   }
 }
 
@@ -2159,7 +2106,7 @@ class UserUserSearchTestCase extends DrupalWebTestCase {
   public static function getInfo() {
     return array(
       'name' => 'User search',
-      'description' => 'Testing that only user with the right permission can see the email address in the user search.',
+      'description' => 'Tests the user search page and verifies that sensitive information is hidden from unauthorized users.',
       'group' => 'User',
     );
   }
@@ -2179,11 +2126,29 @@ class UserUserSearchTestCase extends DrupalWebTestCase {
     $edit = array('keys' => $keys);
     $this->drupalPost('search/user/', $edit, t('Search'));
     $this->assertText($keys);
+
+    // Create a blocked user.
+    $blocked_user = $this->drupalCreateUser();
+    $edit = array('status' => 0);
+    $blocked_user = user_save($blocked_user, $edit);
+
+    // Verify that users with "administer users" permissions can see blocked
+    // accounts in search results.
+    $edit = array('keys' => $blocked_user->name);
+    $this->drupalPost('search/user/', $edit, t('Search'));
+    $this->assertText($blocked_user->name, 'Blocked users are listed on the user search results for users with the "administer users" permission.');
+
+    // Verify that users without "administer users" permissions do not see
+    // blocked accounts in search results.
+    $this->drupalLogin($user1);
+    $edit = array('keys' => $blocked_user->name);
+    $this->drupalPost('search/user/', $edit, t('Search'));
+    $this->assertNoText($blocked_user->name, 'Blocked users are hidden from the user search results.');
+
     $this->drupalLogout();
   }
 }
 
-
 /**
  * Test role assignment.
  */