security update for entity_reference

sites/all/modules/contrib/fields/entityreference/tests/entityreference.admin.test

@@ -21,7 +21,7 @@ class EntityReferenceAdminTestCase extends DrupalWebTestCase {
     parent::setUp(array('field_ui', 'entity', 'ctools', 'entityreference'));
 
     // Create test user.
-    $this->admin_user = $this->drupalCreateUser(array('access content', 'administer content types'));
+    $this->admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'administer fields'));
     $this->drupalLogin($this->admin_user);
 
     // Create content type, with underscores.

sites/all/modules/contrib/fields/entityreference/tests/entityreference.feeds.test

@@ -17,6 +17,7 @@ class FeedsMapperFieldTestCase extends DrupalWebTestCase{
       'name' => 'Feeds integration (field mapper)',
       'description' => 'Test Feeds Mapper support for fields.',
       'group' => 'Entity Reference',
+      'dependencies' => array('feeds'),
     );
   }
 
@@ -28,10 +29,6 @@ class FeedsMapperFieldTestCase extends DrupalWebTestCase{
     module_enable(array('entityreference_feeds_test'), TRUE);
     $this->resetAll();
 
-    if (!module_exists('feeds')) {
-      return;
-    }
-
     $permissions[] = 'access content';
     $permissions[] = 'administer site configuration';
     $permissions[] = 'administer content types';
@@ -157,10 +154,6 @@ class FeedsMapperFieldTestCase extends DrupalWebTestCase{
    * Basic test loading a double entry CSV file.
    */
   public function test() {
-    if (!module_exists('feeds')) {
-      return;
-    }
-
     $this->drupalLogin($this->admin_user);
     $this->drupalGet('admin/structure/types/manage/article/fields');
     $this->assertText('Ref - entity ID', t('Found Entity reference field %field.', array('%field' => 'field_er_id')));

sites/all/modules/contrib/fields/entityreference/tests/entityreference.handlers.test

@@ -194,6 +194,21 @@ class EntityReferenceHandlersTestCase extends DrupalWebTestCase {
       ),
     );
     $this->assertReferencable($field, $referencable_tests, 'Node handler (admin)');
+
+    // Verify autocomplete input validation.
+    $handler = entityreference_get_selection_handler($field);
+    $element = array(
+      '#parents' => array('element_name'),
+    );
+    $form_state = array();
+    $form = array();
+    $value = $handler->validateAutocompleteInput($nodes['published1']->title, $element, $form_state, $form);
+    $this->assertEqual($value, $nodes['published1']->nid);
+
+    $invalid_input = $this->randomName();
+    $value = $handler->validateAutocompleteInput($invalid_input, $element, $form_state, $form);
+    $this->assertNull($value);
+    $this->assertEqual(form_get_error($element), t('There are no entities matching "%value"', array('%value' => $invalid_input)));
   }
 
   /**
@@ -256,7 +271,7 @@ class EntityReferenceHandlersTestCase extends DrupalWebTestCase {
         ),
         'result' => array(
           'user' => array(
-            $users['admin']->uid => '- Restricted access -',
+            $users['admin']->uid => ENTITYREFERENCE_DENIED,
             $users['non_admin']->uid => $user_labels['non_admin'],
           ),
         ),

sites/all/modules/contrib/fields/entityreference/tests/entityreference.taxonomy.test

@@ -112,4 +112,52 @@ class EntityReferenceTaxonomyTestCase extends DrupalWebTestCase {
     $this->assertFalse(taxonomy_select_nodes(1));
   }
 
+  /**
+   * Add a second ER field from node/article to taxonomy.
+   *
+   * This should not cause {taxonomy_index} to receive duplicate entries.
+   */
+  protected function setupForIndexDuplicates() {
+    // Create an entity reference field.
+    $field = array(
+      'entity_types' => array('node'),
+      'settings' => array(
+        'handler' => 'base',
+        'target_type' => 'taxonomy_term',
+        'handler_settings' => array(
+          'target_bundles' => array(),
+        ),
+      ),
+      'field_name' => 'field_entityreference_term2',
+      'type' => 'entityreference',
+    );
+    $field = field_create_field($field);
+    $instance = array(
+      'field_name' => 'field_entityreference_term2',
+      'bundle' => 'article',
+      'entity_type' => 'node',
+    );
+
+    // Enable the taxonomy-index behavior.
+    $instance['settings']['behaviors']['taxonomy-index']['status'] = TRUE;
+    field_create_instance($instance);
+  }
+
+  /**
+   * Make sure the index only contains one entry for a given node->term
+   * reference, even when multiple ER fields link from the node bundle to terms.
+   */
+  public function testIndexDuplicates() {
+    // Extra setup for this test: add another ER field on this content type.
+    $this->setupForIndexDuplicates();
+
+    // Assert node insert with reference to term in first field.
+    $tid = 1;
+    $settings = array();
+    $settings['type'] = 'article';
+    $settings['field_entityreference_term'][LANGUAGE_NONE][0]['target_id'] = $tid;
+    $node = $this->drupalCreateNode($settings);
+
+    $this->assertEqual(taxonomy_select_nodes($tid), array($node->nid));
+  }
 }

sites/all/modules/contrib/fields/entityreference/tests/modules/entityreference_feeds_test/entityreference_feeds_test.info

@@ -8,9 +8,9 @@ dependencies[] = feeds
 dependencies[] = feeds_ui
 dependencies[] = entityreference
 
-; Information added by  packaging script on 2013-11-20
-version = "7.x-1.1"
+; Information added by Drupal.org packaging script on 2017-08-16
+version = "7.x-1.5"
 core = "7.x"
 project = "entityreference"
-datestamp = "1384973110"
+datestamp = "1502895850"