updated drupal core to 7.51
This commit is contained in:
Bachir Soussi Chiadmi
@@ -294,11 +294,18 @@ function theme_dblog_message($variables) {
|
||||
else {
|
||||
$output = t($event->message, unserialize($event->variables));
|
||||
}
|
||||
// If the output is expected to be a link, strip all the tags and
|
||||
// special characters by using filter_xss() without any allowed tags.
|
||||
// If not, use filter_xss_admin() to allow some tags.
|
||||
if ($variables['link'] && isset($event->wid)) {
|
||||
// Truncate message to 56 chars.
|
||||
// Truncate message to 56 chars after stripping all the tags.
|
||||
$output = truncate_utf8(filter_xss($output, array()), 56, TRUE, TRUE);
|
||||
$output = l($output, 'admin/reports/event/' . $event->wid, array('html' => TRUE));
|
||||
}
|
||||
else {
|
||||
// Prevent XSS in log detail pages.
|
||||
$output = filter_xss_admin($output);
|
||||
}
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@ version = VERSION
|
||||
core = 7.x
|
||||
files[] = dblog.test
|
||||
|
||||
; Information added by Drupal.org packaging script on 2016-02-24
|
||||
version = "7.43"
|
||||
; Information added by Drupal.org packaging script on 2016-10-05
|
||||
version = "7.51"
|
||||
project = "drupal"
|
||||
datestamp = "1456343506"
|
||||
datestamp = "1475694174"
|
||||
|
||||
|
||||
@@ -154,6 +154,15 @@ function dblog_update_7002() {
|
||||
db_add_index('watchdog', 'severity', array('severity'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Account for possible legacy systems where dblog was not installed.
|
||||
*/
|
||||
function dblog_update_7003() {
|
||||
if (!db_table_exists('watchdog')) {
|
||||
db_create_table('watchdog', drupal_get_schema_unprocessed('dblog', 'watchdog'));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @} End of "addtogroup updates-7.x-extra".
|
||||
*/
|
||||
|
||||
@@ -147,20 +147,27 @@ function dblog_watchdog(array $log_entry) {
|
||||
if (!function_exists('drupal_substr')) {
|
||||
require_once DRUPAL_ROOT . '/includes/unicode.inc';
|
||||
}
|
||||
Database::getConnection('default', 'default')->insert('watchdog')
|
||||
->fields(array(
|
||||
'uid' => $log_entry['uid'],
|
||||
'type' => drupal_substr($log_entry['type'], 0, 64),
|
||||
'message' => $log_entry['message'],
|
||||
'variables' => serialize($log_entry['variables']),
|
||||
'severity' => $log_entry['severity'],
|
||||
'link' => drupal_substr($log_entry['link'], 0, 255),
|
||||
'location' => $log_entry['request_uri'],
|
||||
'referer' => $log_entry['referer'],
|
||||
'hostname' => drupal_substr($log_entry['ip'], 0, 128),
|
||||
'timestamp' => $log_entry['timestamp'],
|
||||
))
|
||||
->execute();
|
||||
try {
|
||||
Database::getConnection('default', 'default')->insert('watchdog')
|
||||
->fields(array(
|
||||
'uid' => $log_entry['uid'],
|
||||
'type' => drupal_substr($log_entry['type'], 0, 64),
|
||||
'message' => $log_entry['message'],
|
||||
'variables' => serialize($log_entry['variables']),
|
||||
'severity' => $log_entry['severity'],
|
||||
'link' => drupal_substr($log_entry['link'], 0, 255),
|
||||
'location' => $log_entry['request_uri'],
|
||||
'referer' => $log_entry['referer'],
|
||||
'hostname' => drupal_substr($log_entry['ip'], 0, 128),
|
||||
'timestamp' => $log_entry['timestamp'],
|
||||
))
|
||||
->execute();
|
||||
}
|
||||
catch (Exception $e) {
|
||||
// Exception is ignored so that watchdog does not break pages during the
|
||||
// installation process or is not able to create the watchdog table during
|
||||
// installation.
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -119,7 +119,9 @@ class DBLogTestCase extends DrupalWebTestCase {
|
||||
private function generateLogEntries($count, $type = 'custom', $severity = WATCHDOG_NOTICE) {
|
||||
global $base_root;
|
||||
|
||||
// Make it just a little bit harder to pass the link part of the test.
|
||||
// This long URL makes it just a little bit harder to pass the link part of
|
||||
// the test with a mix of English words and a repeating series of random
|
||||
// percent-encoded Chinese characters.
|
||||
$link = urldecode('/content/xo%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A-lake-isabelle');
|
||||
|
||||
// Prepare the fields to be logged
|
||||
@@ -518,6 +520,33 @@ class DBLogTestCase extends DrupalWebTestCase {
|
||||
$this->assertText(t('Database log cleared.'), 'Confirmation message found');
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies that exceptions are caught in dblog_watchdog().
|
||||
*/
|
||||
protected function testDBLogException() {
|
||||
$log = array(
|
||||
'type' => 'custom',
|
||||
'message' => 'Log entry added to test watchdog handling of Exceptions.',
|
||||
'variables' => array(),
|
||||
'severity' => WATCHDOG_NOTICE,
|
||||
'link' => NULL,
|
||||
'user' => $this->big_user,
|
||||
'uid' => isset($this->big_user->uid) ? $this->big_user->uid : 0,
|
||||
'request_uri' => request_uri(),
|
||||
'referer' => $_SERVER['HTTP_REFERER'],
|
||||
'ip' => ip_address(),
|
||||
'timestamp' => REQUEST_TIME,
|
||||
);
|
||||
|
||||
// Remove watchdog table temporarily to simulate it missing during
|
||||
// installation.
|
||||
db_query("DROP TABLE {watchdog}");
|
||||
|
||||
// Add a watchdog entry.
|
||||
// This should not throw an Exception, but fail silently.
|
||||
dblog_watchdog($log);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the database log event information from the browser page.
|
||||
*
|
||||
@@ -636,4 +665,32 @@ class DBLogTestCase extends DrupalWebTestCase {
|
||||
// Document Object Model (DOM).
|
||||
$this->assertLink(html_entity_decode($message_text), 0, $message);
|
||||
}
|
||||
|
||||
/**
|
||||
* Make sure HTML tags are filtered out in the log detail page.
|
||||
*/
|
||||
public function testLogMessageSanitized() {
|
||||
$this->drupalLogin($this->big_user);
|
||||
|
||||
// Make sure dangerous HTML tags are filtered out in log detail page.
|
||||
$log = array(
|
||||
'uid' => 0,
|
||||
'type' => 'custom',
|
||||
'message' => "<script>alert('foo');</script> <strong>Lorem ipsum</strong>",
|
||||
'variables' => NULL,
|
||||
'severity' => WATCHDOG_NOTICE,
|
||||
'link' => 'foo/bar',
|
||||
'request_uri' => 'http://example.com?dblog=1',
|
||||
'referer' => 'http://example.org?dblog=2',
|
||||
'ip' => '0.0.1.0',
|
||||
'timestamp' => REQUEST_TIME,
|
||||
);
|
||||
dblog_watchdog($log);
|
||||
|
||||
$wid = db_query('SELECT MAX(wid) FROM {watchdog}')->fetchField();
|
||||
$this->drupalGet('admin/reports/event/' . $wid);
|
||||
$this->assertResponse(200);
|
||||
$this->assertNoRaw("<script>alert('foo');</script>");
|
||||
$this->assertRaw("alert('foo'); <strong>Lorem ipsum</strong>");
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user