bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated core to 7.63

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2019-01-27 14:26:06 +01:00
parent ccab226e12
commit 31cfa90501
172 changed files with 2256 additions and 624 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
modules/system/system.admin.inc
View File

@@ -572,9 +572,10 @@ function system_theme_settings($form, &$form_state, $key = '') {
// Process the theme and all its base themes.
foreach ($theme_keys as $theme) {
// Include the theme-settings.php file.
$filename = DRUPAL_ROOT . '/' . str_replace("/$theme.info", '', $themes[$theme]->filename) . '/theme-settings.php';
if (file_exists($filename)) {
require_once $filename;
$theme_settings_path = drupal_get_path('theme', $theme) . '/theme-settings.php';
if (file_exists(DRUPAL_ROOT . '/' . $theme_settings_path)) {
require_once DRUPAL_ROOT . '/' . $theme_settings_path;
$form_state['build_info']['files'][] = $theme_settings_path;
}
// Call theme-specific settings.
@@ -1812,7 +1813,7 @@ function system_file_system_settings() {
'#title' => t('Private file system path'),
'#default_value' => variable_get('file_private_path', ''),
'#maxlength' => 255,
'#description' => t('An existing local file system path for storing private files. It should be writable by Drupal and not accessible over the web. See the online handbook for <a href="@handbook">more information about securing private files</a>.', array('@handbook' => 'http://drupal.org/documentation/modules/file')),
'#description' => t('An existing local file system path for storing private files. It should be writable by Drupal and not accessible over the web. See the online handbook for <a href="@handbook">more information about securing private files</a>.', array('@handbook' => 'https://www.drupal.org/docs/7/core/modules/file/overview')),
'#after_build' => array('system_check_directory'),
);
@@ -2565,9 +2566,21 @@ function theme_system_admin_index($variables) {
/**
* Returns HTML for the status report.
*
* This theme function is dependent on install.inc being loaded, because
* that's where the constants are defined.
*
* @param $variables
* An associative array containing:
* - requirements: An array of requirements.
* - requirements: An array of requirements/status items. Each requirement
* is an associative array containing the following elements:
* - title: The name of the requirement.
* - value: (optional) The current value (version, time, level, etc).
* - description: (optional) The description of the requirement.
* - severity: (optional) The requirement's result/severity level, one of:
* - REQUIREMENT_INFO: Status information.
* - REQUIREMENT_OK: The requirement is satisfied.
* - REQUIREMENT_WARNING: The requirement failed with a warning.
* - REQUIREMENT_ERROR: The requirement failed with an error.
*
* @ingroup themeable
*/

4
modules/system/system.api.php
View File

@@ -1888,8 +1888,8 @@ function hook_boot() {
*
* This hook is not run on cached pages.
*
* To add CSS or JS that should be present on all pages, modules should not
* implement this hook, but declare these files in their .info file.
* To add CSS or JS files that should be present on all pages, modules should
* not implement this hook, but declare these files in their .info file.
*
* @see hook_boot()
*/

6
modules/system/system.info
View File

@@ -12,7 +12,7 @@ files[] = system.test
required = TRUE
configure = admin/config/system
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
; Information added by Drupal.org packaging script on 2019-01-16
version = "7.63"
project = "drupal"
datestamp = "1524673284"
datestamp = "1547681965"

34
modules/system/system.mail.inc
View File

@@ -70,7 +70,9 @@ class DefaultMailSystem implements MailSystemInterface {
// hosts. The return value of this method will still indicate whether mail
// was sent successfully.
if (!isset($_SERVER['WINDIR']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') === FALSE) {
if (isset($message['Return-Path']) && !ini_get('safe_mode')) {
// We validate the return path, unless it is equal to the site mail, which
// we assume to be safe.
if (isset($message['Return-Path']) && !ini_get('safe_mode') && (variable_get('site_mail', ini_get('sendmail_from')) === $message['Return-Path'] || self::_isShellSafe($message['Return-Path']))) {
// On most non-Windows systems, the "-f" option to the sendmail command
// is used to set the Return-Path. There is no space between -f and
// the value of the return path.
@@ -109,6 +111,36 @@ class DefaultMailSystem implements MailSystemInterface {
}
return $mail_result;
}
/**
* Disallows potentially unsafe shell characters.
*
* Functionally similar to PHPMailer::isShellSafe() which resulted from
* CVE-2016-10045. Note that escapeshellarg and escapeshellcmd are inadequate
* for this purpose.
*
* @param string $string
* The string to be validated.
*
* @return bool
* True if the string is shell-safe.
*
* @see https://github.com/PHPMailer/PHPMailer/issues/924
* @see https://github.com/PHPMailer/PHPMailer/blob/v5.2.21/class.phpmailer.php#L1430
*
* @todo Rename to ::isShellSafe() and/or discuss whether this is the correct
* location for this helper.
*/
protected static function _isShellSafe($string) {
if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) {
return FALSE;
}
if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {
return FALSE;
}
return TRUE;
}
}
/**

196
modules/system/system.tar.inc
View File

@@ -41,8 +41,8 @@
/**
* Note on Drupal 8 porting.
* This file origin is Tar.php, release 1.4.0 (stable) with some code
* from PEAR.php, release 1.9.5 (stable) both at http://pear.php.net.
* This file origin is Tar.php, release 1.4.5 (stable) with some code
* from PEAR.php, release 1.10.5 (stable) both at http://pear.php.net.
* To simplify future porting from pear of this file, you should not
* do cosmetic or other non significant changes to this file.
* The following changes have been done:
@@ -259,6 +259,19 @@ class Archive_Tar
return false;
}
}
if (version_compare(PHP_VERSION, "5.5.0-dev") < 0) {
$this->_fmt = "a100filename/a8mode/a8uid/a8gid/a12size/a12mtime/" .
"a8checksum/a1typeflag/a100link/a6magic/a2version/" .
"a32uname/a32gname/a8devmajor/a8devminor/a131prefix";
} else {
$this->_fmt = "Z100filename/Z8mode/Z8uid/Z8gid/Z12size/Z12mtime/" .
"Z8checksum/Z1typeflag/Z100link/Z6magic/Z2version/" .
"Z32uname/Z32gname/Z8devmajor/Z8devminor/Z131prefix";
}
}
public function __destruct()
@@ -278,7 +291,7 @@ class Archive_Tar
* @param string $ext The extension name
* @return bool Success or not on the dl() call
*/
function loadExtension($ext)
public static function loadExtension($ext)
{
if (extension_loaded($ext)) {
return true;
@@ -287,8 +300,7 @@ class Archive_Tar
// if either returns true dl() will produce a FATAL error, stop that
if (
function_exists('dl') === false ||
ini_get('enable_dl') != 1 ||
ini_get('safe_mode') == 1
ini_get('enable_dl') != 1
) {
return false;
}
@@ -714,7 +726,7 @@ class Archive_Tar
}
// ----- Get the arguments
$v_att_list = & func_get_args();
$v_att_list = func_get_args();
// ----- Read the attributes
$i = 0;
@@ -1394,10 +1406,22 @@ class Archive_Tar
if ($p_stored_filename == '') {
$p_stored_filename = $p_filename;
}
$v_reduce_filename = $this->_pathReduction($p_stored_filename);
if (strlen($v_reduce_filename) > 99) {
if (!$this->_writeLongHeader($v_reduce_filename)) {
$v_reduced_filename = $this->_pathReduction($p_stored_filename);
if (strlen($v_reduced_filename) > 99) {
if (!$this->_writeLongHeader($v_reduced_filename, false)) {
return false;
}
}
$v_linkname = '';
if (@is_link($p_filename)) {
$v_linkname = readlink($p_filename);
}
if (strlen($v_linkname) > 99) {
if (!$this->_writeLongHeader($v_linkname, true)) {
return false;
}
}
@@ -1406,14 +1430,10 @@ class Archive_Tar
$v_uid = sprintf("%07s", DecOct($v_info[4]));
$v_gid = sprintf("%07s", DecOct($v_info[5]));
$v_perms = sprintf("%07s", DecOct($v_info['mode'] & 000777));
$v_mtime = sprintf("%011s", DecOct($v_info['mtime']));
$v_linkname = '';
if (@is_link($p_filename)) {
$v_typeflag = '2';
$v_linkname = readlink($p_filename);
$v_size = sprintf("%011s", DecOct(0));
} elseif (@is_dir($p_filename)) {
$v_typeflag = "5";
@@ -1425,7 +1445,6 @@ class Archive_Tar
}
$v_magic = 'ustar ';
$v_version = ' ';
if (function_exists('posix_getpwuid')) {
@@ -1440,14 +1459,12 @@ class Archive_Tar
}
$v_devmajor = '';
$v_devminor = '';
$v_prefix = '';
$v_binary_data_first = pack(
"a100a8a8a8a12a12",
$v_reduce_filename,
$v_reduced_filename,
$v_perms,
$v_uid,
$v_gid,
@@ -1487,7 +1504,7 @@ class Archive_Tar
$this->_writeBlock($v_binary_data_first, 148);
// ----- Write the calculated checksum
$v_checksum = sprintf("%06s ", DecOct($v_checksum));
$v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
$v_binary_data = pack("a8", $v_checksum);
$this->_writeBlock($v_binary_data, 8);
@@ -1519,7 +1536,7 @@ class Archive_Tar
$p_filename = $this->_pathReduction($p_filename);
if (strlen($p_filename) > 99) {
if (!$this->_writeLongHeader($p_filename)) {
if (!$this->_writeLongHeader($p_filename, false)) {
return false;
}
}
@@ -1615,36 +1632,31 @@ class Archive_Tar
* @param string $p_filename
* @return bool
*/
public function _writeLongHeader($p_filename)
public function _writeLongHeader($p_filename, $is_link = false)
{
$v_size = sprintf("%11s ", DecOct(strlen($p_filename)));
$v_typeflag = 'L';
$v_uid = sprintf("%07s", 0);
$v_gid = sprintf("%07s", 0);
$v_perms = sprintf("%07s", 0);
$v_size = sprintf("%'011s", DecOct(strlen($p_filename)));
$v_mtime = sprintf("%011s", 0);
$v_typeflag = ($is_link ? 'K' : 'L');
$v_linkname = '';
$v_magic = '';
$v_version = '';
$v_magic = 'ustar ';
$v_version = ' ';
$v_uname = '';
$v_gname = '';
$v_devmajor = '';
$v_devminor = '';
$v_prefix = '';
$v_binary_data_first = pack(
"a100a8a8a8a12a12",
'././@LongLink',
0,
0,
0,
$v_perms,
$v_uid,
$v_gid,
$v_size,
0
$v_mtime
);
$v_binary_data_last = pack(
"a1a100a6a2a32a32a8a8a155a12",
@@ -1679,7 +1691,7 @@ class Archive_Tar
$this->_writeBlock($v_binary_data_first, 148);
// ----- Write the calculated checksum
$v_checksum = sprintf("%06s ", DecOct($v_checksum));
$v_checksum = sprintf("%06s\0 ", DecOct($v_checksum));
$v_binary_data = pack("a8", $v_checksum);
$this->_writeBlock($v_binary_data, 8);
@@ -1720,28 +1732,13 @@ class Archive_Tar
// ----- Calculate the checksum
$v_checksum = 0;
// ..... First part of the header
for ($i = 0; $i < 148; $i++) {
$v_checksum += ord(substr($v_binary_data, $i, 1));
}
// ..... Ignore the checksum value and replace it by ' ' (space)
for ($i = 148; $i < 156; $i++) {
$v_checksum += ord(' ');
}
// ..... Last part of the header
for ($i = 156; $i < 512; $i++) {
$v_checksum += ord(substr($v_binary_data, $i, 1));
}
$v_binary_split = str_split($v_binary_data);
$v_checksum += array_sum(array_map('ord', array_slice($v_binary_split, 0, 148)));
$v_checksum += array_sum(array_map('ord', array(' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',)));
$v_checksum += array_sum(array_map('ord', array_slice($v_binary_split, 156, 512)));
if (version_compare(PHP_VERSION, "5.5.0-dev") < 0) {
$fmt = "a100filename/a8mode/a8uid/a8gid/a12size/a12mtime/" .
"a8checksum/a1typeflag/a100link/a6magic/a2version/" .
"a32uname/a32gname/a8devmajor/a8devminor/a131prefix";
} else {
$fmt = "Z100filename/Z8mode/Z8uid/Z8gid/Z12size/Z12mtime/" .
"Z8checksum/Z1typeflag/Z100link/Z6magic/Z2version/" .
"Z32uname/Z32gname/Z8devmajor/Z8devminor/Z131prefix";
}
$v_data = unpack($fmt, $v_binary_data);
$v_data = unpack($this->_fmt, $v_binary_data);
if (strlen($v_data["prefix"]) > 0) {
$v_data["filename"] = "$v_data[prefix]/$v_data[filename]";
@@ -1777,7 +1774,7 @@ class Archive_Tar
$v_header['mode'] = OctDec(trim($v_data['mode']));
$v_header['uid'] = OctDec(trim($v_data['uid']));
$v_header['gid'] = OctDec(trim($v_data['gid']));
$v_header['size'] = OctDec(trim($v_data['size']));
$v_header['size'] = $this->_tarRecToSize($v_data['size']);
$v_header['mtime'] = OctDec(trim($v_data['mtime']));
if (($v_header['typeflag'] = $v_data['typeflag']) == "5") {
$v_header['size'] = 0;
@@ -1796,6 +1793,40 @@ class Archive_Tar
return true;
}
/**
* Convert Tar record size to actual size
*
* @param string $tar_size
* @return size of tar record in bytes
*/
private function _tarRecToSize($tar_size)
{
/*
* First byte of size has a special meaning if bit 7 is set.
*
* Bit 7 indicates base-256 encoding if set.
* Bit 6 is the sign bit.
* Bits 5:0 are most significant value bits.
*/
$ch = ord($tar_size[0]);
if ($ch & 0x80) {
// Full 12-bytes record is required.
$rec_str = $tar_size . "\x00";
$size = ($ch & 0x40) ? -1 : 0;
$size = ($size << 6) | ($ch & 0x3f);
for ($num_ch = 1; $num_ch < 12; ++$num_ch) {
$size = ($size * 256) + ord($rec_str[$num_ch]);
}
return $size;
} else {
return OctDec(trim($tar_size));
}
}
/**
* Detect and report a malicious file name
*
@@ -1805,10 +1836,13 @@ class Archive_Tar
*/
private function _maliciousFilename($file)
{
if (strpos($file, '/../') !== false) {
if (strpos($file, 'phar://') === 0) {
return true;
}
if (strpos($file, '../') === 0) {
if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
return true;
}
if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
return true;
}
return false;
@@ -1873,11 +1907,20 @@ class Archive_Tar
continue;
}
// ----- Look for long filename
if ($v_header['typeflag'] == 'L') {
if (!$this->_readLongHeader($v_header)) {
return null;
}
switch ($v_header['typeflag']) {
case 'L': {
if (!$this->_readLongHeader($v_header)) {
return null;
}
} break;
case 'K': {
$v_link_header = $v_header;
if (!$this->_readLongHeader($v_link_header)) {
return null;
}
$v_header['link'] = $v_link_header['filename'];
} break;
}
if ($v_header['filename'] == $p_filename) {
@@ -1978,11 +2021,20 @@ class Archive_Tar
continue;
}
// ----- Look for long filename
if ($v_header['typeflag'] == 'L') {
if (!$this->_readLongHeader($v_header)) {
return false;
}
switch ($v_header['typeflag']) {
case 'L': {
if (!$this->_readLongHeader($v_header)) {
return null;
}
} break;
case 'K': {
$v_link_header = $v_header;
if (!$this->_readLongHeader($v_link_header)) {
return null;
}
$v_header['link'] = $v_link_header['filename'];
} break;
}
// ignore extended / pax headers

24
modules/system/system.test
View File

@@ -1944,6 +1944,30 @@ class SystemThemeFunctionalTest extends DrupalWebTestCase {
$this->assertEqual($elements[0]['src'], file_create_url($uploaded_filename));
}
/**
* Test the individual per-theme settings form.
*/
function testPerThemeSettings() {
// Enable the test theme and the module that controls it. Clear caches in
// between so that the module's hook_system_theme_info() implementation is
// correctly registered.
module_enable(array('theme_test'));
drupal_flush_all_caches();
theme_enable(array('test_theme'));
// Test that the theme-specific settings form can be saved and that the
// theme-specific checkbox is checked and unchecked as appropriate.
$this->drupalGet('admin/appearance/settings/test_theme');
$this->assertNoFieldChecked('edit-test-theme-checkbox', 'The test_theme_checkbox setting is unchecked.');
$this->drupalPost(NULL, array('test_theme_checkbox' => TRUE), t('Save configuration'));
$this->assertText('The test theme setting was saved.');
$this->assertFieldChecked('edit-test-theme-checkbox', 'The test_theme_checkbox setting is checked.');
$this->drupalPost(NULL, array('test_theme_checkbox' => FALSE), t('Save configuration'));
$this->assertText('The test theme setting was saved.');
$this->assertNoFieldChecked('edit-test-theme-checkbox', 'The test_theme_checkbox setting is unchecked.');
}
/**
* Test the administration theme functionality.
*/

6
modules/system/tests/cron_queue_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
; Information added by Drupal.org packaging script on 2019-01-16
version = "7.63"
project = "drupal"
datestamp = "1524673284"
datestamp = "1547681965"

6
modules/system/tests/system_cron_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
; Information added by Drupal.org packaging script on 2019-01-16
version = "7.63"
project = "drupal"
datestamp = "1524673284"
datestamp = "1547681965"