updated core to 7.63
This commit is contained in:
@@ -8,7 +8,7 @@
|
||||
/**
|
||||
* The current system version.
|
||||
*/
|
||||
define('VERSION', '7.59');
|
||||
define('VERSION', '7.63');
|
||||
|
||||
/**
|
||||
* Core API compatibility.
|
||||
@@ -704,6 +704,19 @@ function drupal_environment_initialize() {
|
||||
// Set sane locale settings, to ensure consistent string, dates, times and
|
||||
// numbers handling.
|
||||
setlocale(LC_ALL, 'C');
|
||||
|
||||
// PHP's built-in phar:// stream wrapper is not sufficiently secure. Override
|
||||
// it with a more secure one, which requires PHP 5.3.3. For lower versions,
|
||||
// unregister the built-in one without replacing it. Sites needing phar
|
||||
// support for lower PHP versions must implement hook_stream_wrappers() to
|
||||
// register their desired implementation.
|
||||
if (in_array('phar', stream_get_wrappers(), TRUE)) {
|
||||
stream_wrapper_unregister('phar');
|
||||
if (version_compare(PHP_VERSION, '5.3.3', '>=')) {
|
||||
include_once DRUPAL_ROOT . '/includes/file.phar.inc';
|
||||
file_register_phar_wrapper();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -3785,8 +3798,12 @@ function _drupal_shutdown_function() {
|
||||
chdir(DRUPAL_ROOT);
|
||||
|
||||
try {
|
||||
while (list($key, $callback) = each($callbacks)) {
|
||||
// Manually iterate over the array instead of using a foreach loop.
|
||||
// A foreach operates on a copy of the array, so any shutdown functions that
|
||||
// were added from other shutdown functions would never be called.
|
||||
while ($callback = current($callbacks)) {
|
||||
call_user_func_array($callback['callback'], $callback['arguments']);
|
||||
next($callbacks);
|
||||
}
|
||||
}
|
||||
catch (Exception $exception) {
|
||||
|
||||
@@ -867,8 +867,10 @@ function drupal_http_request($url, array $options = array()) {
|
||||
// Make the socket connection to a proxy server.
|
||||
$socket = 'tcp://' . $proxy_server . ':' . variable_get('proxy_port', 8080);
|
||||
// The Host header still needs to match the real request.
|
||||
$options['headers']['Host'] = $uri['host'];
|
||||
$options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : '';
|
||||
if (!isset($options['headers']['Host'])) {
|
||||
$options['headers']['Host'] = $uri['host'];
|
||||
$options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : '';
|
||||
}
|
||||
break;
|
||||
|
||||
case 'http':
|
||||
@@ -878,14 +880,18 @@ function drupal_http_request($url, array $options = array()) {
|
||||
// RFC 2616: "non-standard ports MUST, default ports MAY be included".
|
||||
// We don't add the standard port to prevent from breaking rewrite rules
|
||||
// checking the host that do not take into account the port number.
|
||||
$options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : '');
|
||||
if (!isset($options['headers']['Host'])) {
|
||||
$options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : '');
|
||||
}
|
||||
break;
|
||||
|
||||
case 'https':
|
||||
// Note: Only works when PHP is compiled with OpenSSL support.
|
||||
$port = isset($uri['port']) ? $uri['port'] : 443;
|
||||
$socket = 'ssl://' . $uri['host'] . ':' . $port;
|
||||
$options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : '');
|
||||
if (!isset($options['headers']['Host'])) {
|
||||
$options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : '');
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -2311,7 +2317,10 @@ function url($path = NULL, array $options = array()) {
|
||||
$language = isset($options['language']) && isset($options['language']->language) ? $options['language']->language : '';
|
||||
$alias = drupal_get_path_alias($original_path, $language);
|
||||
if ($alias != $original_path) {
|
||||
$path = $alias;
|
||||
// Strip leading slashes from internal path aliases to prevent them
|
||||
// becoming external URLs without protocol. /example.com should not be
|
||||
// turned into //example.com.
|
||||
$path = ltrim($alias, '/');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1534,9 +1534,9 @@ function file_save_upload($form_field_name, $validators = array(), $destination
|
||||
// rename filename.php.foo and filename.php to filename.php.foo.txt and
|
||||
// filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads'
|
||||
// evaluates to TRUE.
|
||||
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
|
||||
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
|
||||
$file->filemime = 'text/plain';
|
||||
$file->uri .= '.txt';
|
||||
// The destination filename will also later be used to create the URI.
|
||||
$file->filename .= '.txt';
|
||||
// The .txt extension may not be in the allowed list of extensions. We have
|
||||
// to add it here or else the file upload will fail.
|
||||
|
||||
41
includes/file.phar.inc
Normal file
41
includes/file.phar.inc
Normal file
@@ -0,0 +1,41 @@
|
||||
<?php
|
||||
|
||||
use Drupal\Core\Security\PharExtensionInterceptor;
|
||||
use TYPO3\PharStreamWrapper\Manager as PharStreamWrapperManager;
|
||||
use TYPO3\PharStreamWrapper\Behavior as PharStreamWrapperBehavior;
|
||||
use TYPO3\PharStreamWrapper\PharStreamWrapper;
|
||||
|
||||
/**
|
||||
* Registers a phar stream wrapper that is more secure than PHP's built-in one.
|
||||
*
|
||||
* @see file_get_stream_wrappers()
|
||||
*/
|
||||
function file_register_phar_wrapper() {
|
||||
$directory = DRUPAL_ROOT . '/misc/typo3/phar-stream-wrapper/src';
|
||||
include_once $directory . '/Assertable.php';
|
||||
include_once $directory . '/Behavior.php';
|
||||
include_once $directory . '/Exception.php';
|
||||
include_once $directory . '/Helper.php';
|
||||
include_once $directory . '/Manager.php';
|
||||
include_once $directory . '/PharStreamWrapper.php';
|
||||
include_once DRUPAL_ROOT . '/misc/typo3/drupal-security/PharExtensionInterceptor.php';
|
||||
|
||||
// Set up a stream wrapper to handle insecurities due to PHP's built-in
|
||||
// phar stream wrapper.
|
||||
try {
|
||||
$behavior = new PharStreamWrapperBehavior();
|
||||
PharStreamWrapperManager::initialize(
|
||||
$behavior->withAssertion(new PharExtensionInterceptor())
|
||||
);
|
||||
}
|
||||
catch (\LogicException $e) {
|
||||
// Continue if the PharStreamWrapperManager is already initialized.
|
||||
// For example, this occurs following a drupal_static_reset(), such
|
||||
// as during tests.
|
||||
};
|
||||
|
||||
// To prevent file_stream_wrapper_valid_scheme() treating "phar" as a valid
|
||||
// scheme, this is registered with PHP only, not with hook_stream_wrappers()
|
||||
// or the internal storage of file_get_stream_wrappers().
|
||||
stream_wrapper_register('phar', '\\TYPO3\\PharStreamWrapper\\PharStreamWrapper');
|
||||
}
|
||||
@@ -555,8 +555,10 @@ function form_get_cache($form_build_id, &$form_state) {
|
||||
* Stores a form in the cache.
|
||||
*/
|
||||
function form_set_cache($form_build_id, $form, $form_state) {
|
||||
// 6 hours cache life time for forms should be plenty.
|
||||
$expire = 21600;
|
||||
// The default cache_form expiration is 6 hours. On busy sites, the cache_form
|
||||
// table can become very large. A shorter cache lifetime can help to keep the
|
||||
// table's size under control.
|
||||
$expire = variable_get('form_cache_expiration', 21600);
|
||||
|
||||
// Ensure that the form build_id embedded in the form structure is the same as
|
||||
// the one passed in as a parameter. This is an additional safety measure to
|
||||
@@ -1438,10 +1440,12 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) {
|
||||
// length if it's a string, and the item count if it's an array.
|
||||
// An unchecked checkbox has a #value of integer 0, different than string
|
||||
// '0', which could be a valid value.
|
||||
$is_empty_multiple = (!count($elements['#value']));
|
||||
$is_countable = is_array($elements['#value']) || $elements['#value'] instanceof Countable;
|
||||
$is_empty_multiple = $is_countable && count($elements['#value']) == 0;
|
||||
$is_empty_string = (is_string($elements['#value']) && drupal_strlen(trim($elements['#value'])) == 0);
|
||||
$is_empty_value = ($elements['#value'] === 0);
|
||||
if ($is_empty_multiple || $is_empty_string || $is_empty_value) {
|
||||
$is_empty_null = is_null($elements['#value']);
|
||||
if ($is_empty_multiple || $is_empty_string || $is_empty_value || $is_empty_null) {
|
||||
// Although discouraged, a #title is not mandatory for form elements. In
|
||||
// case there is no #title, we cannot set a form error message.
|
||||
// Instead of setting no #title, form constructors are encouraged to set
|
||||
|
||||
@@ -779,7 +779,7 @@ function drupal_uninstall_modules($module_list = array(), $uninstall_dependents
|
||||
$module_list = array_flip(array_values($module_list));
|
||||
|
||||
$profile = drupal_get_profile();
|
||||
while (list($module) = each($module_list)) {
|
||||
foreach (array_keys($module_list) as $module) {
|
||||
if (!isset($module_data[$module]) || drupal_get_installed_schema_version($module) == SCHEMA_UNINSTALLED) {
|
||||
// This module doesn't exist or is already uninstalled. Skip it.
|
||||
unset($module_list[$module]);
|
||||
|
||||
@@ -576,7 +576,8 @@ function _menu_load_objects(&$item, &$map) {
|
||||
// 'load arguments' in the hook_menu() entry, but they need
|
||||
// some processing. In this case the $function is the key to the
|
||||
// load_function array, and the value is the list of arguments.
|
||||
list($function, $args) = each($function);
|
||||
$args = current($function);
|
||||
$function = key($function);
|
||||
$load_functions[$index] = $function;
|
||||
|
||||
// Some arguments are placeholders for dynamic items to process.
|
||||
@@ -2402,7 +2403,8 @@ function menu_set_active_trail($new_trail = NULL) {
|
||||
// a stripped down menu tree containing the active trail only, in case
|
||||
// the given menu has not been built in this request yet.
|
||||
$tree = menu_tree_page_data($preferred_link['menu_name'], NULL, TRUE);
|
||||
list($key, $curr) = each($tree);
|
||||
$curr = current($tree);
|
||||
next($tree);
|
||||
}
|
||||
// There is no link for the current path.
|
||||
else {
|
||||
@@ -2432,7 +2434,8 @@ function menu_set_active_trail($new_trail = NULL) {
|
||||
}
|
||||
$tree = $curr['below'] ? $curr['below'] : array();
|
||||
}
|
||||
list($key, $curr) = each($tree);
|
||||
$curr = current($tree);
|
||||
next($tree);
|
||||
}
|
||||
// Make sure the current page is in the trail to build the page title, by
|
||||
// appending either the preferred link or the menu router item for the
|
||||
|
||||
@@ -404,7 +404,11 @@ function module_enable($module_list, $enable_dependencies = TRUE) {
|
||||
// Create an associative array with weights as values.
|
||||
$module_list = array_flip(array_values($module_list));
|
||||
|
||||
while (list($module) = each($module_list)) {
|
||||
// The array is iterated over manually (instead of using a foreach) because
|
||||
// modules may be added to the list within the loop and we need to process
|
||||
// them.
|
||||
while ($module = key($module_list)) {
|
||||
next($module_list);
|
||||
if (!isset($module_data[$module])) {
|
||||
// This module is not found in the filesystem, abort.
|
||||
return FALSE;
|
||||
@@ -540,7 +544,11 @@ function module_disable($module_list, $disable_dependents = TRUE) {
|
||||
$module_list = array_flip(array_values($module_list));
|
||||
|
||||
$profile = drupal_get_profile();
|
||||
while (list($module) = each($module_list)) {
|
||||
// The array is iterated over manually (instead of using a foreach) because
|
||||
// modules may be added to the list within the loop and we need to process
|
||||
// them.
|
||||
while ($module = key($module_list)) {
|
||||
next($module_list);
|
||||
if (!isset($module_data[$module]) || !$module_data[$module]->status) {
|
||||
// This module doesn't exist or is already disabled, skip it.
|
||||
unset($module_list[$module]);
|
||||
|
||||
@@ -1776,13 +1776,13 @@ function theme_link($variables) {
|
||||
* http://www.w3.org/TR/WCAG-TECHS/H42.html for more information.
|
||||
*/
|
||||
function theme_links($variables) {
|
||||
$links = $variables['links'];
|
||||
$attributes = $variables['attributes'];
|
||||
$links = (array) $variables['links'];
|
||||
$attributes = (array) $variables['attributes'];
|
||||
$heading = $variables['heading'];
|
||||
global $language_url;
|
||||
$output = '';
|
||||
|
||||
if (count($links) > 0) {
|
||||
if (!empty($links)) {
|
||||
// Treat the heading first if it is present to prepend it to the
|
||||
// list of links.
|
||||
if (!empty($heading)) {
|
||||
@@ -1995,7 +1995,7 @@ function theme_table($variables) {
|
||||
$empty = $variables['empty'];
|
||||
|
||||
// Add sticky headers, if applicable.
|
||||
if (count($header) && $sticky) {
|
||||
if (!empty($header) && $sticky) {
|
||||
drupal_add_js('misc/tableheader.js');
|
||||
// Add 'sticky-enabled' class to the table to identify it for JS.
|
||||
// This is needed to target tables constructed by this function.
|
||||
@@ -2009,7 +2009,7 @@ function theme_table($variables) {
|
||||
}
|
||||
|
||||
// Format the table columns:
|
||||
if (count($colgroups)) {
|
||||
if (!empty($colgroups)) {
|
||||
foreach ($colgroups as $number => $colgroup) {
|
||||
$attributes = array();
|
||||
|
||||
@@ -2044,38 +2044,40 @@ function theme_table($variables) {
|
||||
}
|
||||
|
||||
// Add the 'empty' row message if available.
|
||||
if (!count($rows) && $empty) {
|
||||
if (empty($rows) && $empty) {
|
||||
$header_count = 0;
|
||||
foreach ($header as $header_cell) {
|
||||
if (is_array($header_cell)) {
|
||||
$header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
|
||||
}
|
||||
else {
|
||||
$header_count++;
|
||||
if (!empty($header)) {
|
||||
foreach ($header as $header_cell) {
|
||||
if (is_array($header_cell)) {
|
||||
$header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
|
||||
}
|
||||
else {
|
||||
$header_count++;
|
||||
}
|
||||
}
|
||||
}
|
||||
$rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message')));
|
||||
}
|
||||
|
||||
// Format the table header:
|
||||
if (count($header)) {
|
||||
if (!empty($header)) {
|
||||
$ts = tablesort_init($header);
|
||||
// HTML requires that the thead tag has tr tags in it followed by tbody
|
||||
// tags. Using ternary operator to check and see if we have any rows.
|
||||
$output .= (count($rows) ? ' <thead><tr>' : ' <tr>');
|
||||
$output .= (!empty($rows) ? ' <thead><tr>' : ' <tr>');
|
||||
foreach ($header as $cell) {
|
||||
$cell = tablesort_header($cell, $header, $ts);
|
||||
$output .= _theme_table_cell($cell, TRUE);
|
||||
}
|
||||
// Using ternary operator to close the tags based on whether or not there are rows
|
||||
$output .= (count($rows) ? " </tr></thead>\n" : "</tr>\n");
|
||||
$output .= (!empty($rows) ? " </tr></thead>\n" : "</tr>\n");
|
||||
}
|
||||
else {
|
||||
$ts = array();
|
||||
}
|
||||
|
||||
// Format the table rows:
|
||||
if (count($rows)) {
|
||||
if (!empty($rows)) {
|
||||
$output .= "<tbody>\n";
|
||||
$flip = array('even' => 'odd', 'odd' => 'even');
|
||||
$class = 'even';
|
||||
@@ -2095,7 +2097,7 @@ function theme_table($variables) {
|
||||
$attributes = array();
|
||||
$no_striping = FALSE;
|
||||
}
|
||||
if (count($cells)) {
|
||||
if (!empty($cells)) {
|
||||
// Add odd/even class
|
||||
if (!$no_striping) {
|
||||
$class = $flip[$class];
|
||||
|
||||
Reference in New Issue
Block a user