diff --git a/sites/all/modules/contrib/localisation/l10n_update/includes/gettext/PoStreamReader.php b/sites/all/modules/contrib/localisation/l10n_update/includes/gettext/PoStreamReader.php index a5b27a2f..95048628 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/includes/gettext/PoStreamReader.php +++ b/sites/all/modules/contrib/localisation/l10n_update/includes/gettext/PoStreamReader.php @@ -257,6 +257,12 @@ class PoStreamReader implements PoStreamInterface, PoReaderInterface { $line = fgets($this->_fd); $this->_finished = ($line === FALSE); + // Initialize common values for error logging. + $log_vars = array( + '%uri' => $this->getURI(), + '%line' => &$this->_line_number, + ); + if (!$this->_finished) { if ($this->_line_number == 0) { @@ -269,12 +275,6 @@ class PoStreamReader implements PoStreamInterface, PoReaderInterface { // Track the line number for error reporting. $this->_line_number++; - // Initialize common values for error logging. - $log_vars = array( - '%uri' => $this->getURI(), - '%line' => $this->_line_number, - ); - // Trim away the linefeed. \\n might appear at the end of the string if // another line continuing the same string follows. We can remove that. $line = trim(strtr($line, array("\\\n" => ""))); diff --git a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.admin.inc b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.admin.inc index f9f92ddb..94e45480 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.admin.inc +++ b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.admin.inc @@ -294,8 +294,10 @@ function l10n_update_admin_settings_form($form, &$form_state) { '#description' => t('The selected languages will not receive interface translation updates.'), ); + $form = system_settings_form($form); $form['#submit'][] = 'l10n_update_admin_settings_form_submit'; - return system_settings_form($form); + + return $form; } /** @@ -336,6 +338,9 @@ function l10n_update_admin_settings_form_submit($form, &$form_state) { $input = strtr($input, array("\r" => '', ' ' => '')); $values = array_filter(explode("\n", $input)); variable_set('l10n_update_disabled_projects', $values); + + // Add .htaccess file to the translations directory. + l10n_update_ensure_htaccess(); } /** diff --git a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.fetch.inc b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.fetch.inc index dd1376b4..49ba99b0 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.fetch.inc +++ b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.fetch.inc @@ -106,6 +106,7 @@ function _l10n_update_fetch_operations(array $projects, array $langcodes, array watchdog('file system', 'The directory %directory does not exist or is not writable.', array('%directory' => $directory), WATCHDOG_ERROR); return $operations; } + l10n_update_ensure_htaccess(); } foreach ($projects as $project) { diff --git a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.info b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.info index c426da6f..fdb891f3 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.info +++ b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.info @@ -33,9 +33,8 @@ files[] = tests/L10nUpdateInterfaceTest.test files[] = tests/L10nUpdateTest.test files[] = tests/L10nUpdateTestBase.test -; Information added by Drupal.org packaging script on 2017-09-18 -version = "7.x-2.2" +; Information added by Drupal.org packaging script on 2019-10-01 +version = "7.x-2.3" core = "7.x" project = "l10n_update" -datestamp = "1505717347" - +datestamp = "1569963490" diff --git a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.install b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.install index dbe17016..ca5a3403 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.install +++ b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.install @@ -165,6 +165,7 @@ function l10n_update_install() { foreach ($directories as $directory) { if (file_prepare_directory($directory, FILE_CREATE_DIRECTORY | FILE_MODIFY_PERMISSIONS)) { variable_set('l10n_update_download_store', $directory); + l10n_update_ensure_htaccess($directory); return; } } @@ -255,6 +256,21 @@ function l10n_update_requirements($phase) { ); } } + + // Test the contents of the .htaccess file in the translations directory. + l10n_update_ensure_htaccess(); + $htaccess_file = 'translations://.htaccess'; + $directory = variable_get('l10n_update_download_store', L10N_UPDATE_DEFAULT_TRANSLATION_PATH); + // Check for the string which was added to the recommended .htaccess file + // in the latest security update. + if (!file_exists($htaccess_file) || !($contents = @file_get_contents($htaccess_file)) || strpos($contents, 'Drupal_Security_Do_Not_Remove_See_SA_2013_003') === FALSE) { + $requirements['l10n_update_htaccess'] = array( + 'title' => t('Translations directory'), + 'value' => t('Not fully protected'), + 'severity' => REQUIREMENT_ERROR, + 'description' => t('See @url for information about the recommended .htaccess file which should be added to the %directory directory to help protect against arbitrary code execution.', array('@url' => 'http://drupal.org/SA-CORE-2013-003', '%directory' => $directory)), + ); + } } if ($phase == 'update') { // Make sure the 'translations' stream wrapper class gets registered. @@ -626,3 +642,10 @@ function l10n_update_update_7209() { variable_set('l10n_update_default_update_url', L10N_UPDATE_DEFAULT_SERVER_PATTERN); } } + +/** + * Add a .htaccess file to the translations directory. + */ +function l10n_update_update_7210() { + l10n_update_ensure_htaccess(); +} diff --git a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.module b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.module index 037d33c9..a824a2d7 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/l10n_update.module +++ b/sites/all/modules/contrib/localisation/l10n_update/l10n_update.module @@ -802,3 +802,15 @@ function l10n_update_clear_status() { function l10n_update_use_remote_source() { return variable_get('l10n_update_check_mode', L10N_UPDATE_USE_SOURCE_REMOTE_AND_LOCAL) == L10N_UPDATE_USE_SOURCE_REMOTE_AND_LOCAL; } + +/** + * Creates a .htaccess file in the translations directory if it is missing. + * + * @param string $directory + * The translations directory to create the file in. Defaults to the directory + * of the 'translations://' wrapper. + */ +function l10n_update_ensure_htaccess($directory = '') { + $directory = empty($directory) ? 'translations://' : $directory; + file_create_htaccess($directory, FALSE); +} diff --git a/sites/all/modules/contrib/localisation/l10n_update/tests/L10nUpdateTest.test b/sites/all/modules/contrib/localisation/l10n_update/tests/L10nUpdateTest.test index 1e780d64..33c7ffcb 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/tests/L10nUpdateTest.test +++ b/sites/all/modules/contrib/localisation/l10n_update/tests/L10nUpdateTest.test @@ -33,7 +33,7 @@ class L10nUpdateTest extends L10nUpdateTestBase { // Exclude drupal core and nl10n_update so no remote translations are // fetched. $edit = array( - 'disabled_projects' => 'drupal\nl10n_update', + 'disabled_projects' => "drupal\nl10n_update", ); $this->drupalPost('admin/config/regional/language/update', $edit, t('Save configuration')); diff --git a/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test/l10n_update_test.info b/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test/l10n_update_test.info index f4a82766..17edd3d9 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test/l10n_update_test.info +++ b/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test/l10n_update_test.info @@ -6,9 +6,8 @@ version = '1.2' core = 7.x hidden = true -; Information added by Drupal.org packaging script on 2017-09-18 -version = "7.x-2.2" +; Information added by Drupal.org packaging script on 2019-10-01 +version = "7.x-2.3" core = "7.x" project = "l10n_update" -datestamp = "1505717347" - +datestamp = "1569963490" diff --git a/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test_translate/l10n_update_test_translate.info b/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test_translate/l10n_update_test_translate.info index 445f89eb..01f88b8f 100644 --- a/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test_translate/l10n_update_test_translate.info +++ b/sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test_translate/l10n_update_test_translate.info @@ -8,9 +8,8 @@ hidden = true interface translation project = l10n_update_test_translate l10n path = sites/all/modules/contrib/l10n_update/tests/modules/l10n_update_test_translate/translations/l10n_update_test_translate.%language.po -; Information added by Drupal.org packaging script on 2017-09-18 -version = "7.x-2.2" +; Information added by Drupal.org packaging script on 2019-10-01 +version = "7.x-2.3" core = "7.x" project = "l10n_update" -datestamp = "1505717347" - +datestamp = "1569963490"