update core to 7.36

modules/image/image.info

@@ -7,8 +7,8 @@ dependencies[] = file
 files[] = image.test
 configure = admin/config/media/image-styles
 
-; Information added by Drupal.org packaging script on 2014-05-08
-version = "7.28"
+; Information added by Drupal.org packaging script on 2015-04-02
+version = "7.36"
 project = "drupal"
-datestamp = "1399522731"
+datestamp = "1427943826"
 

modules/image/image.module

@@ -845,6 +845,12 @@ function image_style_deliver($style, $scheme) {
     }
   }
 
+  // Confirm that the original source image exists before trying to process it.
+  if (!is_file($image_uri)) {
+    watchdog('image', 'Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.',  array('%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri));
+    return MENU_NOT_FOUND;
+  }
+
   // Don't start generating the image if the derivative already exists or if
   // generation is in progress in another thread.
   $lock_name = 'image_style_deliver:' . $style['name'] . ':' . drupal_hash_base64($image_uri);
@@ -854,6 +860,7 @@ function image_style_deliver($style, $scheme) {
       // Tell client to retry again in 3 seconds. Currently no browsers are known
       // to support Retry-After.
       drupal_add_http_header('Status', '503 Service Unavailable');
+      drupal_add_http_header('Content-Type', 'text/html; charset=utf-8');
       drupal_add_http_header('Retry-After', 3);
       print t('Image generation in progress. Try again shortly.');
       drupal_exit();
@@ -875,6 +882,7 @@ function image_style_deliver($style, $scheme) {
   else {
     watchdog('image', 'Unable to generate the derived image located at %path.', array('%path' => $derivative_uri));
     drupal_add_http_header('Status', '500 Internal Server Error');
+    drupal_add_http_header('Content-Type', 'text/html; charset=utf-8');
     print t('Error generating image.');
     drupal_exit();
   }
@@ -1019,7 +1027,15 @@ function image_style_url($style_name, $path) {
   // The token query is added even if the 'image_allow_insecure_derivatives'
   // variable is TRUE, so that the emitted links remain valid if it is changed
   // back to the default FALSE.
-  $token_query = array(IMAGE_DERIVATIVE_TOKEN => image_style_path_token($style_name, $original_uri));
+  // However, sites which need to prevent the token query from being emitted at
+  // all can additionally set the 'image_suppress_itok_output' variable to TRUE
+  // to achieve that (if both are set, the security token will neither be
+  // emitted in the image derivative URL nor checked for in
+  // image_style_deliver()).
+  $token_query = array();
+  if (!variable_get('image_suppress_itok_output', FALSE)) {
+    $token_query = array(IMAGE_DERIVATIVE_TOKEN => image_style_path_token($style_name, $original_uri));
+  }
 
   // If not using clean URLs, the image derivative callback is only available
   // with the query string. If the file does not exist, use url() to ensure
@@ -1031,8 +1047,12 @@ function image_style_url($style_name, $path) {
   }
 
   $file_url = file_create_url($uri);
-  // Append the query string with the token.
-  return $file_url . (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
+  // Append the query string with the token, if necessary.
+  if ($token_query) {
+    $file_url .= (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
+  }
+
+  return $file_url;
 }
 
 /**

modules/image/image.test

@@ -173,6 +173,16 @@ class ImageStylesPathAndUrlTestCase extends DrupalWebTestCase {
     $this->_testImageStyleUrlAndPath('public', TRUE, TRUE);
   }
 
+  /**
+   * Test that an invalid source image returns a 404.
+   */
+  function testImageStyleUrlForMissingSourceImage() {
+    $non_existent_uri = 'public://foo.png';
+    $generated_url = image_style_url($this->style_name, $non_existent_uri);
+    $this->drupalGet($generated_url);
+    $this->assertResponse(404, 'Accessing an image style URL with a source image that does not exist provides a 404 error response.');
+  }
+
   /**
    * Test image_style_url().
    */
@@ -320,6 +330,15 @@ class ImageStylesPathAndUrlTestCase extends DrupalWebTestCase {
     $this->drupalGet($nested_url);
     $this->assertResponse(200, 'Image was accessible when a correct token was provided in the URL.');
 
+    // Suppress the security token in the URL, then get the URL of a file. Check
+    // that the security token is not present in the URL but that the image is
+    // still accessible.
+    variable_set('image_suppress_itok_output', TRUE);
+    $generate_url = image_style_url($this->style_name, $original_uri);
+    $this->assertIdentical(strpos($generate_url, IMAGE_DERIVATIVE_TOKEN . '='), FALSE, 'The security token does not appear in the image style URL.');
+    $this->drupalGet($generate_url);
+    $this->assertResponse(200, 'Image was accessible at the URL with a missing token.');
+
     // Check that requesting a nonexistent image does not create any new
     // directories in the file system.
     $directory = $scheme . '://styles/' . $this->style_name . '/' . $scheme . '/' . $this->randomName();

modules/image/tests/image_module_test.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = image_module_test.module
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2014-05-08
-version = "7.28"
+; Information added by Drupal.org packaging script on 2015-04-02
+version = "7.36"
 project = "drupal"
-datestamp = "1399522731"
+datestamp = "1427943826"