updated core to 7.56, secutity update
This commit is contained in:
Bachir Soussi Chiadmi
@@ -1088,13 +1088,16 @@ function user_account_form(&$form, &$form_state) {
|
||||
'#description' => t('To change the current user password, enter the new password in both fields.'),
|
||||
);
|
||||
// To skip the current password field, the user must have logged in via a
|
||||
// one-time link and have the token in the URL.
|
||||
$pass_reset = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
|
||||
// one-time link and have the token in the URL. Store this in $form_state
|
||||
// so it persists even on subsequent Ajax requests.
|
||||
if (!isset($form_state['user_pass_reset'])) {
|
||||
$form_state['user_pass_reset'] = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
|
||||
}
|
||||
$protected_values = array();
|
||||
$current_pass_description = '';
|
||||
// The user may only change their own password without their current
|
||||
// password if they logged in via a one-time login link.
|
||||
if (!$pass_reset) {
|
||||
if (!$form_state['user_pass_reset']) {
|
||||
$protected_values['mail'] = $form['account']['mail']['#title'];
|
||||
$protected_values['pass'] = t('Password');
|
||||
$request_new = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
|
||||
@@ -2356,26 +2359,14 @@ function user_external_login_register($name, $module) {
|
||||
* following properties:
|
||||
* - uid: The user ID number.
|
||||
* - login: The UNIX timestamp of the user's last login.
|
||||
* @param array $options
|
||||
* (optional) A keyed array of settings. Supported options are:
|
||||
* - langcode: A language code to be used when generating locale-sensitive
|
||||
* urls. If langcode is NULL the users preferred language is used.
|
||||
*
|
||||
* @return
|
||||
* A unique URL that provides a one-time log in for the user, from which
|
||||
* they can change their password.
|
||||
*/
|
||||
function user_pass_reset_url($account, $options = array()) {
|
||||
function user_pass_reset_url($account) {
|
||||
$timestamp = REQUEST_TIME;
|
||||
$url_options = array('absolute' => TRUE);
|
||||
if (isset($options['langcode'])) {
|
||||
$languages = language_list();
|
||||
$url_options['language'] = $languages[$options['langcode']];
|
||||
}
|
||||
else {
|
||||
$url_options['language'] = user_preferred_language($account);
|
||||
}
|
||||
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options);
|
||||
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -2387,10 +2378,6 @@ function user_pass_reset_url($account, $options = array()) {
|
||||
* - uid: The user ID number.
|
||||
* - pass: The hashed user password string.
|
||||
* - login: The UNIX timestamp of the user's last login.
|
||||
* @param array $options
|
||||
* (optional) A keyed array of settings. Supported options are:
|
||||
* - langcode: A language code to be used when generating locale-sensitive
|
||||
* urls. If langcode is NULL the users preferred language is used.
|
||||
*
|
||||
* @return
|
||||
* A unique URL that may be used to confirm the cancellation of the user
|
||||
@@ -2399,17 +2386,9 @@ function user_pass_reset_url($account, $options = array()) {
|
||||
* @see user_mail_tokens()
|
||||
* @see user_cancel_confirm()
|
||||
*/
|
||||
function user_cancel_url($account, $options = array()) {
|
||||
function user_cancel_url($account) {
|
||||
$timestamp = REQUEST_TIME;
|
||||
$url_options = array('absolute' => TRUE);
|
||||
if (isset($options['langcode'])) {
|
||||
$languages = language_list();
|
||||
$url_options['language'] = $languages[$options['langcode']];
|
||||
}
|
||||
else {
|
||||
$url_options['language'] = user_preferred_language($account);
|
||||
}
|
||||
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options);
|
||||
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -2899,7 +2878,7 @@ Your account on [site:name] has been canceled.
|
||||
if ($replace) {
|
||||
// We do not sanitize the token replacement, since the output of this
|
||||
// replacement is intended for an e-mail message, not a web browser.
|
||||
return token_replace($text, $variables, array('language' => $language, 'langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
|
||||
}
|
||||
|
||||
return $text;
|
||||
@@ -2926,8 +2905,8 @@ Your account on [site:name] has been canceled.
|
||||
*/
|
||||
function user_mail_tokens(&$replacements, $data, $options) {
|
||||
if (isset($data['user'])) {
|
||||
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options);
|
||||
$replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options);
|
||||
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']);
|
||||
$replacements['[user:cancel-url]'] = user_cancel_url($data['user']);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user