bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security update link,module_filters,search_api_solr,ubercart,views

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2019-04-24 16:39:12 +02:00
parent 0aea7a0db1
commit 514f3bd89e
497 changed files with 9038 additions and 3662 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sites/all/modules/contrib/views/views/handlers/views_handler_argument_null.inc
View File

@@ -44,7 +44,7 @@ class views_handler_argument_null extends views_handler_argument {
*/
public function default_actions($which = NULL) {
if ($which) {
if (in_array($which, array('ignore', 'not found', 'empty', 'default'))) {
if (in_array($which, array('ignore', 'not found', 'empty', 'default', 'access denied'))) {
return parent::default_actions($which);
}
return;

3
sites/all/modules/contrib/views/views/handlers/views_handler_field.inc
View File

@@ -390,8 +390,7 @@ class views_handler_field extends views_handler {
* Optional name of the field where the value is stored.
*/
public function get_value($values, $field = NULL) {
// $alias = isset($field) ? $this->aliases[$field] : $this->field_alias;
$alias = isset($field) && isset($this->aliases[$field]) ? $this->aliases[$field] : $this->field_alias;
$alias = isset($field) ? $this->aliases[$field] : $this->field_alias;
if (isset($values->{$alias})) {
return $values->{$alias};
}

2
sites/all/modules/contrib/views/views/handlers/views_handler_field_serialized.inc
View File

@@ -71,7 +71,7 @@ class views_handler_field_serialized extends views_handler_field {
return check_plain($value[$this->options['key']]);
}
return $value;
return check_plain($value);
}
}

77
sites/all/modules/contrib/views/views/includes/handlers.inc
View File

@@ -996,58 +996,39 @@ class views_many_to_one_helper {
return $this->handler->table_alias;
}
// Case 2: it's an 'and' or an 'or'.
// Case 2: it's anything but an 'or'.
// We do one join per selected value.
if ($this->handler->operator != 'not') {
// Clone the join for each table.
$this->handler->table_aliases = array();
foreach ($this->handler->value as $value) {
$join = $this->get_join();
if ($this->handler->operator == 'and') {
$join->type = 'INNER';
}
$join->extra = array(
array(
'field' => $this->handler->real_field,
'value' => $value,
'numeric' => !empty($this->handler->definition['numeric']),
),
);
// The table alias needs to be unique to this value across the
// multiple times the filter or argument is called by the view.
if (!isset($this->handler->view->many_to_one_aliases[$field][$value])) {
if (!isset($this->handler->view->many_to_one_count[$this->handler->table])) {
$this->handler->view->many_to_one_count[$this->handler->table] = 0;
}
$this->handler->view->many_to_one_aliases[$field][$value] = $this->handler->table . '_value_' . ($this->handler->view->many_to_one_count[$this->handler->table]++);
// Clone the join for each table:
$this->handler->table_aliases = array();
foreach ($this->handler->value as $value) {
$join = $this->get_join();
if ($this->handler->operator == 'and') {
$join->type = 'INNER';
}
if (empty($join->extra)) {
$join->extra = array();
}
$join->extra[] = array(
'field' => $this->handler->real_field,
'value' => $value,
'numeric' => !empty($this->handler->definition['numeric']),
);
// The table alias needs to be unique to this value across the
// multiple times the filter or argument is called by the view.
if (!isset($this->handler->view->many_to_one_aliases[$field][$value])) {
if (!isset($this->handler->view->many_to_one_count[$this->handler->table])) {
$this->handler->view->many_to_one_count[$this->handler->table] = 0;
}
$alias = $this->handler->table_aliases[$value] = $this->add_table($join, $this->handler->view->many_to_one_aliases[$field][$value]);
$this->handler->view->many_to_one_aliases[$field][$value] = $this->handler->table . '_value_' . ($this->handler->view->many_to_one_count[$this->handler->table]++);
$alias = $this->handler->table_aliases[$value] = $this->add_table($join,
$this->handler->view->many_to_one_aliases[$field][$value]);
// and set table_alias to the first of these.
if (empty($this->handler->table_alias)) {
$this->handler->table_alias = $alias;
}
}
}
// Case 3: it's a 'not'.
// We just do one join. We'll add a where clause during the query phase
// to ensure that $table.$field IS NULL.
else {
$join = $this->get_join();
$join->type = 'LEFT';
$join->extra = array();
$join->extra_type = 'OR';
foreach ($this->handler->value as $value) {
$join->extra[] = array(
'field' => $this->handler->real_field,
'value' => $value,
'numeric' => !empty($this->handler->definition['numeric']),
);
}
$this->handler->table_alias = $this->add_table($join);
}
}
return $this->handler->table_alias;
}
@@ -1081,12 +1062,7 @@ class views_many_to_one_helper {
// Determine whether a single expression is enough(FALSE) or the conditions
// should be added via an db_or()/db_and() (TRUE).
$add_condition = TRUE;
if ($operator == 'not') {
$value = NULL;
$operator = 'IS NULL';
$add_condition = FALSE;
}
elseif ($operator == 'or' && empty($options['reduce_duplicates'])) {
if ($operator == 'or' && empty($options['reduce_duplicates'])) {
if (count($value) > 1) {
$operator = 'IN';
}
@@ -1120,6 +1096,9 @@ class views_many_to_one_helper {
$field = $this->handler->real_field;
$clause = $operator == 'or' ? db_or() : db_and();
foreach ($this->handler->table_aliases as $value => $alias) {
if ($operator == 'not') {
$value = NULL;
}
$clause->condition("$alias.$field", $value);
}

2
sites/all/modules/contrib/views/views/includes/view.inc
View File

@@ -1236,7 +1236,7 @@ class view extends views_db_object {
if (!empty($this->build_info['fail'])) {
return;
}
if (!empty($this->view->build_info['denied'])) {
if (!empty($this->build_info['denied'])) {
return;
}

3
sites/all/modules/contrib/views/views/plugins/views_plugin_display_feed.inc
View File

@@ -51,6 +51,9 @@ class views_plugin_display_feed extends views_plugin_display_page {
*/
public function execute() {
$output = $this->view->render();
if (!empty($this->view->build_info['denied'])) {
return MENU_ACCESS_DENIED;
}
if (empty($output)) {
return MENU_NOT_FOUND;
}

83
sites/all/modules/contrib/views/views/tests/views_argument_validator.test
View File

@@ -40,10 +40,27 @@ class ViewsArgumentValidatorTest extends ViewsSqlTest {
$this->assertTrue($view->argument['null']->validate_arg(12));
}
/**
* Make sure argument validation works properly.
*/
function testArgumentValidatePhpFailure() {
$view = $this->view_test_argument_validate_php_failure();
$view->save();
$this->drupalGet('test-php-failure');
// This should return a 403, indicating that the arguments validation fails.
$this->assertResponse(403);
$this->drupalGet('test-php-failure-feed');
// This should return a 403, indicating that the arguments validation fails.
$this->assertResponse(403);
}
function view_test_argument_validate_php($string) {
$code = 'return $argument == \'' . $string . '\';';
$view = new view();
$view->name = 'view_argument_validate_numeric';
$view->name = 'view_argument_validate_php';
$view->description = '';
$view->tag = '';
$view->view_php = '';
@@ -104,4 +121,68 @@ class ViewsArgumentValidatorTest extends ViewsSqlTest {
return $view;
}
/**
*
*
* @return view $view
* The required view object.
*/
function view_test_argument_validate_php_failure() {
$view = new view();
$view->name = 'view_argument_validate_php_failure';
$view->description = '';
$view->tag = '';
$view->base_table = 'node';
$view->human_name = '';
$view->core = 0;
$view->api_version = '3.0';
$view->disabled = FALSE; /* Edit this to true to make a default view disabled initially */
/* Display: Master */
$handler = $view->new_display('default', 'Master', 'default');
$handler->display->display_options['use_more_always'] = FALSE;
$handler->display->display_options['access']['type'] = 'none';
$handler->display->display_options['cache']['type'] = 'none';
$handler->display->display_options['query']['type'] = 'views_query';
$handler->display->display_options['exposed_form']['type'] = 'basic';
$handler->display->display_options['pager']['type'] = 'none';
$handler->display->display_options['style_plugin'] = 'default';
$handler->display->display_options['row_plugin'] = 'fields';
/* Field: Content: Title */
$handler->display->display_options['fields']['title']['id'] = 'title';
$handler->display->display_options['fields']['title']['table'] = 'node';
$handler->display->display_options['fields']['title']['field'] = 'title';
$handler->display->display_options['fields']['title']['label'] = '';
$handler->display->display_options['fields']['title']['element_label_colon'] = FALSE;
$handler->display->display_options['fields']['title']['link_to_node'] = FALSE;
/* Contextual filter: Global: Null */
$handler->display->display_options['arguments']['null']['id'] = 'null';
$handler->display->display_options['arguments']['null']['table'] = 'views';
$handler->display->display_options['arguments']['null']['field'] = 'null';
$handler->display->display_options['arguments']['null']['default_action'] = 'default';
$handler->display->display_options['arguments']['null']['default_argument_type'] = 'fixed';
$handler->display->display_options['arguments']['null']['default_argument_options']['argument'] = 'No filter';
$handler->display->display_options['arguments']['null']['summary']['number_of_records'] = '0';
$handler->display->display_options['arguments']['null']['summary']['format'] = 'default_summary';
$handler->display->display_options['arguments']['null']['summary_options']['items_per_page'] = '25';
$handler->display->display_options['arguments']['null']['specify_validation'] = TRUE;
$handler->display->display_options['arguments']['null']['validate']['type'] = 'php';
$handler->display->display_options['arguments']['null']['validate_options']['code'] = 'return FALSE;';
$handler->display->display_options['arguments']['null']['validate']['fail'] = 'access denied';
/* Display: Page */
$handler = $view->new_display('page', 'Page', 'page_1');
$handler->display->display_options['path'] = 'test-php-failure';
/* Display: Feed */
$handler = $view->new_display('feed', 'Feed', 'feed_1');
$handler->display->display_options['path'] = 'test-php-failure-feed';
$handler->display->display_options['pager']['type'] = 'none';
$handler->display->display_options['pager']['options']['offset'] = '0';
$handler->display->display_options['style_plugin'] = 'rss';
$handler->display->display_options['row_plugin'] = 'node_rss';
return $view;
}
}

161
sites/all/modules/contrib/views/views/tests/views_handler_filter.test Normal file
View File

@@ -0,0 +1,161 @@
<?php
/**
* @file
* Definition of ViewsHandlerFilterTest.
*/
/**
* Tests filter handler.
*/
class ViewsHandlerFilterTest extends ViewsSqlTest {
/**
* {@inheritdoc}
*/
public static function getInfo() {
return array(
'name' => 'Handler filter test',
'description' => 'test filter handler definitions',
'group' => 'Views',
);
}
/**
* {@inheritdoc}
*/
protected function setUp() {
// The Views and Views UI modules will be enabled with this.
parent::setUp();
// Assign vocabulary 'tag' to user entity.
$field_definition = field_read_field('field_tags');
$instance_definition = array(
'field_name' => $field_definition['field_name'],
'entity_type' => 'user',
'bundle' => 'user',
'widget' => array(
'type' => 'taxonomy_autocomplete',
),
'display' => array(
'default' => array(
'type' => 'taxonomy_term_reference_link',
'weight' => 10,
),
'teaser' => array(
'type' => 'taxonomy_term_reference_link',
'weight' => 10,
),
),
);
field_create_instance($instance_definition);
}
/**
* Tests "is all of" of filter operation.
*/
function testFilterInOperatorUi() {
$term = $this->drupalCreateTerm(1);
$node1 = $this->drupalCreateNode(array('type' => 'article','field_tags_tid' => $term->tid, 'created' => REQUEST_TIME));
$node2 = $this->drupalCreateNode(array('type' => 'article', 'created' => REQUEST_TIME + 1));
$user2 = $this->drupalCreateUser(array('access content'));
// $this->drupalLogin($this->drupalCreateUser(array('administer users'));
$this->drupalLogin($this->drupalCreateUser(array('administer users', 'access administration pages', 'administer site configuration', 'administer nodes', 'bypass node access')));
$this->drupalGet('node/1/edit');
$edit['field_tags' . '[' . LANGUAGE_NONE . ']'] = $term->name;
$this->drupalPost('node/' . $node1->nid . '/edit', $edit, t('Save'));
$edit['field_tags' . '[' . LANGUAGE_NONE . ']'] = $term->name;
$this->drupalPost('user/' . $user2->uid . '/edit', $edit, t('Save'));
$result[] = array('nid' => $node1->nid);
$view = $this->get_sample_view();
$this->executeView($view);
$this->assertIdenticalResultset($view, $result);
}
/**
* Sample view.
*
* @return \view
*/
protected function get_sample_view() {
$view = new view();
$view->name = 'article';
$view->description = '';
$view->tag = 'default';
$view->base_table = 'node';
$view->human_name = 'Article';
$view->core = 7;
$view->api_version = '3.0';
$view->disabled = FALSE; /* Edit this to true to make a default view disabled initially */
/* Display: Master */
$handler = $view->new_display('default', 'Master', 'default');
$handler->display->display_options['title'] = 'Article';
$handler->display->display_options['use_more_always'] = FALSE;
$handler->display->display_options['access']['type'] = 'perm';
$handler->display->display_options['cache']['type'] = 'none';
$handler->display->display_options['query']['type'] = 'views_query';
$handler->display->display_options['exposed_form']['type'] = 'basic';
$handler->display->display_options['pager']['type'] = 'full';
$handler->display->display_options['pager']['options']['items_per_page'] = '10';
$handler->display->display_options['style_plugin'] = 'table';
$handler->display->display_options['style_options']['columns'] = array(
'title' => 'title',
);
$handler->display->display_options['style_options']['default'] = '-1';
$handler->display->display_options['style_options']['info'] = array(
'title' => array(
'sortable' => 0,
'default_sort_order' => 'asc',
'align' => '',
'separator' => '',
'empty_column' => 0,
),
);
/* Field: Content: Nid */
$handler->display->display_options['fields']['nid']['id'] = 'nid';
$handler->display->display_options['fields']['nid']['table'] = 'node';
$handler->display->display_options['fields']['nid']['field'] = 'nid';
$handler->display->display_options['fields']['nid']['label'] = '';
$handler->display->display_options['fields']['nid']['element_label_colon'] = FALSE;
/* Sort criterion: Content: Post date */
$handler->display->display_options['sorts']['created']['id'] = 'created';
$handler->display->display_options['sorts']['created']['table'] = 'node';
$handler->display->display_options['sorts']['created']['field'] = 'created';
$handler->display->display_options['sorts']['created']['order'] = 'DESC';
/* Filter criterion: Content: Published */
$handler->display->display_options['filters']['status']['id'] = 'status';
$handler->display->display_options['filters']['status']['table'] = 'node';
$handler->display->display_options['filters']['status']['field'] = 'status';
$handler->display->display_options['filters']['status']['value'] = 1;
$handler->display->display_options['filters']['status']['group'] = 1;
$handler->display->display_options['filters']['status']['expose']['operator'] = FALSE;
/* Filter criterion: Field: Tags (field_tags) */
$handler->display->display_options['filters']['field_tags_tid']['id'] = 'field_tags_tid';
$handler->display->display_options['filters']['field_tags_tid']['table'] = 'field_data_field_tags';
$handler->display->display_options['filters']['field_tags_tid']['field'] = 'field_tags_tid';
$handler->display->display_options['filters']['field_tags_tid']['operator'] = 'and';
$handler->display->display_options['filters']['field_tags_tid']['value'] = array(
0 => '1',
);
$handler->display->display_options['filters']['field_tags_tid']['expose']['operator_id'] = 'field_tags_tid_op';
$handler->display->display_options['filters']['field_tags_tid']['expose']['label'] = 'Tags (field_tags)';
$handler->display->display_options['filters']['field_tags_tid']['expose']['operator'] = 'field_tags_tid_op';
$handler->display->display_options['filters']['field_tags_tid']['expose']['identifier'] = 'field_tags_tid';
$handler->display->display_options['filters']['field_tags_tid']['expose']['remember_roles'] = array(
2 => '2',
);
$handler->display->display_options['filters']['field_tags_tid']['vocabulary'] = 'tags';
/* Display: Page */
$handler = $view->new_display('page', 'Page', 'page');
$handler->display->display_options['path'] = 'article';
return $view;
}
}

35
sites/all/modules/contrib/views/views/tests/views_query.test
View File

@@ -135,6 +135,23 @@ abstract class ViewsTestCase extends DrupalWebTestCase {
$this->verbose('<pre>Executed view: ' . ((string) $view->build_info['query']) . '</pre>');
}
/**
* Log in as user 1.
*/
protected function loginUser1() {
$password = user_password();
// Reset the user 1 password.
$account = user_load(1);
$edit = array(
'pass' => $password,
);
$account = user_save($account, $edit);
$account->pass_raw = $password;
// Log in as user 1.
$this->drupalLogin($account);
}
}
/**
@@ -167,6 +184,24 @@ abstract class ViewsSqlTest extends ViewsTestCase {
$this->checkPermissions(array(), TRUE);
}
/**
* Create a term.
*
* @param int $vid
* The vocabulary ID that the term is to be added to.
*
* @return object
* A full term object with a random name.
*/
protected function drupalCreateTerm($vid) {
$term = new stdClass();
$term->name = $this->randomName();
$term->description = $this->randomName();
$term->vid = $vid;
taxonomy_term_save($term);
return $term;
}
/**
* This function allows to enable views ui from a higher class which can't
* change the setup function anymore.

6
sites/all/modules/contrib/views/views/tests/views_test.info
View File

@@ -5,8 +5,8 @@ core = 7.x
dependencies[] = views
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-04-14
version = "7.x-3.20"
; Information added by Drupal.org packaging script on 2019-04-03
version = "7.x-3.22"
core = "7.x"
project = "views"
datestamp = "1523668093"
datestamp = "1554307093"

7
sites/all/modules/contrib/views/views/views.info
View File

@@ -308,6 +308,7 @@ files[] = tests/views_exposed_form.test
files[] = tests/field/views_fieldapi.test
files[] = tests/views_glossary.test
files[] = tests/views_groupby.test
files[] = tests/views_handler_filter.test
files[] = tests/views_handlers.test
files[] = tests/views_module.test
files[] = tests/views_pager.test
@@ -328,8 +329,8 @@ files[] = tests/views_cache.test
files[] = tests/views_view.test
files[] = tests/views_ui.test
; Information added by Drupal.org packaging script on 2018-04-14
version = "7.x-3.20"
; Information added by Drupal.org packaging script on 2019-04-03
version = "7.x-3.22"
core = "7.x"
project = "views"
datestamp = "1523668093"
datestamp = "1554307093"

6
sites/all/modules/contrib/views/views/views_ui.info
View File

@@ -8,8 +8,8 @@ dependencies[] = views
files[] = views_ui.module
files[] = plugins/views_wizard/views_ui_base_views_wizard.class.php
; Information added by Drupal.org packaging script on 2018-04-14
version = "7.x-3.20"
; Information added by Drupal.org packaging script on 2019-04-03
version = "7.x-3.22"
core = "7.x"
project = "views"
datestamp = "1523668093"
datestamp = "1554307093"