bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update core to 7.36

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-19 19:33:23 +02:00
parent 6de56c702c
commit 802ec0c6f3
271 changed files with 4111 additions and 1227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/user/tests/user_form_test.info
View File

@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-05-08
version = "7.28"
; Information added by Drupal.org packaging script on 2015-04-02
version = "7.36"
project = "drupal"
datestamp = "1399522731"
datestamp = "1427943826"

16
modules/user/user.api.php
View File

@@ -327,14 +327,6 @@ function hook_user_logout($account) {
* The module should format its custom additions for display and add them to the
* $account->content array.
*
* Note that when this hook is invoked, the changes have not yet been written to
* the database, because a database transaction is still in progress. The
* transaction is not finalized until the save operation is entirely completed
* and user_save() goes out of scope. You should not rely on data in the
* database at this time as it is not updated yet. You should also note that any
* write/update database queries executed from this hook are also not committed
* immediately. Check user_save() and db_transaction() for more info.
*
* @param $account
* The user object on which the operation is being performed.
* @param $view_mode
@@ -386,7 +378,7 @@ function hook_user_view_alter(&$build) {
}
/**
* Inform other modules that a user role is about to be saved.
* Act on a user role being inserted or updated.
*
* Modules implementing this hook can act on the user role object before
* it has been saved to the database.
@@ -405,7 +397,7 @@ function hook_user_role_presave($role) {
}
/**
* Inform other modules that a user role has been added.
* Respond to creation of a new user role.
*
* Modules implementing this hook can act on the user role object when saved to
* the database. It's recommended that you implement this hook if your module
@@ -426,7 +418,7 @@ function hook_user_role_insert($role) {
}
/**
* Inform other modules that a user role has been updated.
* Respond to updates to a user role.
*
* Modules implementing this hook can act on the user role object when updated.
* It's recommended that you implement this hook if your module adds additional
@@ -447,7 +439,7 @@ function hook_user_role_update($role) {
}
/**
* Inform other modules that a user role has been deleted.
* Respond to user role deletion.
*
* This hook allows you act when a user role has been deleted.
* If your module stores references to roles, it's recommended that you

6
modules/user/user.info
View File

@@ -9,8 +9,8 @@ required = TRUE
configure = admin/config/people
stylesheets[all][] = user.css
; Information added by Drupal.org packaging script on 2014-05-08
version = "7.28"
; Information added by Drupal.org packaging script on 2015-04-02
version = "7.36"
project = "drupal"
datestamp = "1399522731"
datestamp = "1427943826"

14
modules/user/user.install
View File

@@ -81,7 +81,7 @@ function user_schema() {
),
'foreign keys' => array(
'role' => array(
'table' => 'roles',
'table' => 'role',
'columns' => array('rid' => 'rid'),
),
),
@@ -278,7 +278,7 @@ function user_schema() {
'columns' => array('uid' => 'uid'),
),
'role' => array(
'table' => 'roles',
'table' => 'role',
'columns' => array('rid' => 'rid'),
),
),
@@ -356,11 +356,13 @@ function user_update_dependencies() {
'filter' => 7000,
);
// user_update_7012() uses the file API, which relies on the {file_managed}
// table, so it must run after system_update_7034(), which creates that
// table.
// user_update_7012() uses the file API and inserts records into the
// {file_managed} table, so it therefore must run after system_update_7061(),
// which inserts files with specific IDs into the table and therefore relies
// on the table being empty (otherwise it would accidentally overwrite
// existing records).
$dependencies['user'][7012] = array(
'system' => 7034,
'system' => 7061,
);
// user_update_7013() uses the file usage API, which relies on the

121
modules/user/user.module
View File

@@ -32,7 +32,7 @@ define('USER_REGISTER_VISITORS', 1);
define('USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL', 2);
/**
* Implement hook_help().
* Implements hook_help().
*/
function user_help($path, $arg) {
global $user;
@@ -501,12 +501,17 @@ function user_save($account, $edit = array(), $category = 'account') {
file_usage_delete($account->original->picture, 'user', 'user', $account->uid);
file_delete($account->original->picture);
}
// Save the picture object, if it is set. drupal_write_record() expects
// $account->picture to be a FID.
$picture = empty($account->picture) ? NULL : $account->picture;
$account->picture = empty($account->picture->fid) ? 0 : $account->picture->fid;
// Do not allow 'uid' to be changed.
$account->uid = $account->original->uid;
// Save changes to the user table.
$success = drupal_write_record('users', $account, 'uid');
// Restore the picture object.
$account->picture = $picture;
if ($success === FALSE) {
// The query failed - better to abort the save than risk further
// data loss.
@@ -589,16 +594,16 @@ function user_save($account, $edit = array(), $category = 'account') {
user_module_invoke('insert', $edit, $account, $category);
module_invoke_all('entity_insert', $account, 'user');
// Save user roles.
if (count($account->roles) > 1) {
// Save user roles. Skip built-in roles, and ones that were already saved
// to the database during hook calls.
$rids_to_skip = array_merge(array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID), db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid))->fetchCol());
if ($rids_to_save = array_diff(array_keys($account->roles), $rids_to_skip)) {
$query = db_insert('users_roles')->fields(array('uid', 'rid'));
foreach (array_keys($account->roles) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
$query->values(array(
'uid' => $account->uid,
'rid' => $rid,
));
}
foreach ($rids_to_save as $rid) {
$query->values(array(
'uid' => $account->uid,
'rid' => $rid,
));
}
$query->execute();
}
@@ -843,6 +848,26 @@ function user_is_blocked($name) {
->execute()->fetchObject();
}
/**
* Checks if a user has a role.
*
* @param int $rid
* A role ID.
*
* @param object|null $account
* (optional) A user account. Defaults to the current user.
*
* @return bool
* TRUE if the user has the role, or FALSE if not.
*/
function user_has_role($rid, $account = NULL) {
if (!$account) {
$account = $GLOBALS['user'];
}
return isset($account->roles[$rid]);
}
/**
* Implements hook_permission().
*/
@@ -2323,27 +2348,14 @@ function user_external_login_register($name, $module) {
* following properties:
* - uid: The user ID number.
* - login: The UNIX timestamp of the user's last login.
* @param array $options
* (optional) A keyed array of settings. Supported options are:
* - langcode: A language code to be used when generating locale-sensitive
* urls. If langcode is NULL the users preferred language is used.
*
*
* @return
* A unique URL that provides a one-time log in for the user, from which
* they can change their password.
*/
function user_pass_reset_url($account, $options = array()) {
function user_pass_reset_url($account) {
$timestamp = REQUEST_TIME;
$url_options = array('absolute' => TRUE);
if (isset($options['langcode'])) {
$languages = language_list();
$url_options['language'] = $languages[$options['langcode']];
}
else {
$url_options['language'] = user_preferred_language($account);
}
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), $url_options);
return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
}
/**
@@ -2355,11 +2367,6 @@ function user_pass_reset_url($account, $options = array()) {
* - uid: The user ID number.
* - pass: The hashed user password string.
* - login: The UNIX timestamp of the user's last login.
* @param array $options
* (optional) A keyed array of settings. Supported options are:
* - langcode: A language code to be used when generating locale-sensitive
* urls. If langcode is NULL the users preferred language is used.
*
*
* @return
* A unique URL that may be used to confirm the cancellation of the user
@@ -2368,17 +2375,9 @@ function user_pass_reset_url($account, $options = array()) {
* @see user_mail_tokens()
* @see user_cancel_confirm()
*/
function user_cancel_url($account, $options = array()) {
function user_cancel_url($account) {
$timestamp = REQUEST_TIME;
$url_options = array('absolute' => TRUE);
if (isset($options['langcode'])) {
$languages = language_list();
$url_options['language'] = $languages[$options['langcode']];
}
else {
$url_options['language'] = user_preferred_language($account);
}
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login), $url_options);
return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
}
/**
@@ -2398,12 +2397,33 @@ function user_cancel_url($account, $options = array()) {
* A UNIX timestamp, typically REQUEST_TIME.
* @param int $login
* The UNIX timestamp of the user's last login.
* @param int $uid
* The user ID of the user account.
*
* @return
* A string that is safe for use in URLs and SQL statements.
*/
function user_pass_rehash($password, $timestamp, $login) {
return drupal_hmac_base64($timestamp . $login, drupal_get_hash_salt() . $password);
function user_pass_rehash($password, $timestamp, $login, $uid) {
// Backwards compatibility: Try to determine a $uid if one was not passed.
// (Since $uid is a required parameter to this function, a PHP warning will
// be generated if it's not provided, which is an indication that the calling
// code should be updated. But the code below will try to generate a correct
// hash in the meantime.)
if (!isset($uid)) {
$uids = db_query_range('SELECT uid FROM {users} WHERE pass = :password AND login = :login AND uid > 0', 0, 2, array(':password' => $password, ':login' => $login))->fetchCol();
// If exactly one user account matches the provided password and login
// timestamp, proceed with that $uid.
if (count($uids) == 1) {
$uid = reset($uids);
}
// Otherwise there is no safe hash to return, so return a random string
// that will never be treated as a valid token.
else {
return drupal_random_key();
}
}
return drupal_hmac_base64($timestamp . $login . $uid, drupal_get_hash_salt() . $password);
}
/**
@@ -2659,12 +2679,7 @@ function user_build_content($account, $view_mode = 'full', $langcode = NULL) {
$account->content = array();
// Allow modules to change the view mode.
$context = array(
'entity_type' => 'user',
'entity' => $account,
'langcode' => $langcode,
);
drupal_alter('entity_view_mode', $view_mode, $context);
$view_mode = key(entity_view_mode_prepare('user', array($account->uid => $account), $view_mode, $langcode));
// Build fields content.
field_attach_prepare_view('user', array($account->uid => $account), $view_mode, $langcode);
@@ -2848,7 +2863,7 @@ Your account on [site:name] has been canceled.
if ($replace) {
// We do not sanitize the token replacement, since the output of this
// replacement is intended for an e-mail message, not a web browser.
return token_replace($text, $variables, array('langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
}
return $text;
@@ -2875,8 +2890,8 @@ Your account on [site:name] has been canceled.
*/
function user_mail_tokens(&$replacements, $data, $options) {
if (isset($data['user'])) {
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options);
$replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options);
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']);
$replacements['[user:cancel-url]'] = user_cancel_url($data['user']);
}
}
@@ -3799,8 +3814,8 @@ function user_register_form($form, &$form_state) {
// inside the submit function interferes with form processing and breaks
// hook_form_alter().
$form['administer_users'] = array(
'#type' => 'value',
'#value' => $admin,
'#type' => 'value',
'#value' => $admin,
);
// If we aren't admin but already logged on, go to the user page instead.

12
modules/user/user.pages.inc
View File

@@ -126,7 +126,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
drupal_goto('user/password');
}
elseif ($account->uid && $timestamp >= $account->login && $timestamp <= $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
elseif ($account->uid && $timestamp >= $account->login && $timestamp <= $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid)) {
// First stage is a confirmation form, then login
if ($action == 'login') {
// Set the new user.
@@ -183,8 +183,11 @@ function user_logout() {
/**
* Process variables for user-profile.tpl.php.
*
* The $variables array contains the following arguments:
* - $account
* @param array $variables
* An associative array containing:
* - elements: An associative array containing the user information and any
* fields attached to the user. Properties used:
* - #account: The user account of the profile being viewed.
*
* @see user-profile.tpl.php
*/
@@ -356,7 +359,6 @@ function user_cancel_confirm_form($form, &$form_state, $account) {
$form['_account'] = array('#type' => 'value', '#value' => $account);
// Display account cancellation method selection, if allowed.
$default_method = variable_get('user_cancel_method', 'user_cancel_block');
$admin_access = user_access('administer users');
$can_select_method = $admin_access || user_access('select account cancellation method');
$form['user_cancel_method'] = array(
@@ -520,7 +522,7 @@ function user_cancel_confirm($account, $timestamp = 0, $hashed_pass = '') {
// Basic validation of arguments.
if (isset($account->data['user_cancel_method']) && !empty($timestamp) && !empty($hashed_pass)) {
// Validate expiration and hashed password/login.
if ($timestamp <= $current && $current - $timestamp < $timeout && $account->uid && $timestamp >= $account->login && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
if ($timestamp <= $current && $current - $timestamp < $timeout && $account->uid && $timestamp >= $account->login && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid)) {
$edit = array(
'user_cancel_notify' => isset($account->data['user_cancel_notify']) ? $account->data['user_cancel_notify'] : variable_get('user_mail_status_canceled_notify', FALSE),
);

148
modules/user/user.test
View File

@@ -498,7 +498,7 @@ class UserPasswordResetTestCase extends DrupalWebTestCase {
// To attempt an expired password reset, create a password reset link as if
// its request time was 60 seconds older than the allowed limit of timeout.
$bogus_timestamp = REQUEST_TIME - variable_get('user_password_reset_timeout', 86400) - 60;
$this->drupalGet("user/reset/$account->uid/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login));
$this->drupalGet("user/reset/$account->uid/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login, $account->uid));
$this->assertText(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'), 'Expired password reset request rejected.');
}
@@ -519,6 +519,74 @@ class UserPasswordResetTestCase extends DrupalWebTestCase {
$this->assertFieldByName('name', $edit['name'], 'User name found.');
}
/**
* Make sure that users cannot forge password reset URLs of other users.
*/
function testResetImpersonation() {
// Make sure user 1 has a valid password, so it does not interfere with the
// test user accounts that are created below.
$account = user_load(1);
user_save($account, array('pass' => user_password()));
// Create two identical user accounts except for the user name. They must
// have the same empty password, so we can't use $this->drupalCreateUser().
$edit = array();
$edit['name'] = $this->randomName();
$edit['mail'] = $edit['name'] . '@example.com';
$edit['status'] = 1;
$user1 = user_save(drupal_anonymous_user(), $edit);
$edit['name'] = $this->randomName();
$user2 = user_save(drupal_anonymous_user(), $edit);
// The password reset URL must not be valid for the second user when only
// the user ID is changed in the URL.
$reset_url = user_pass_reset_url($user1);
$attack_reset_url = str_replace("user/reset/$user1->uid", "user/reset/$user2->uid", $reset_url);
$this->drupalGet($attack_reset_url);
$this->assertNoText($user2->name, 'The invalid password reset page does not show the user name.');
$this->assertUrl('user/password', array(), 'The user is redirected to the password reset request page.');
$this->assertText('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
// When legacy code calls user_pass_rehash() without providing the $uid
// parameter, neither password reset URL should be valid since it is
// impossible for the system to determine which user account the token was
// intended for.
$timestamp = REQUEST_TIME;
// Pass an explicit NULL for the $uid parameter of user_pass_rehash()
// rather than not passing it at all, to avoid triggering PHP warnings in
// the test.
$reset_url_token = user_pass_rehash($user1->pass, $timestamp, $user1->login, NULL);
$reset_url = url("user/reset/$user1->uid/$timestamp/$reset_url_token", array('absolute' => TRUE));
$this->drupalGet($reset_url);
$this->assertNoText($user1->name, 'The invalid password reset page does not show the user name.');
$this->assertUrl('user/password', array(), 'The user is redirected to the password reset request page.');
$this->assertText('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
$attack_reset_url = str_replace("user/reset/$user1->uid", "user/reset/$user2->uid", $reset_url);
$this->drupalGet($attack_reset_url);
$this->assertNoText($user2->name, 'The invalid password reset page does not show the user name.');
$this->assertUrl('user/password', array(), 'The user is redirected to the password reset request page.');
$this->assertText('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
// To verify that user_pass_rehash() never returns a valid result in the
// above situation (even if legacy code also called it to attempt to
// validate the token, rather than just to generate the URL), check that a
// second call with the same parameters produces a different result.
$new_reset_url_token = user_pass_rehash($user1->pass, $timestamp, $user1->login, NULL);
$this->assertNotEqual($reset_url_token, $new_reset_url_token);
// However, when the duplicate account is removed, the password reset URL
// should be valid.
user_delete($user2->uid);
$reset_url_token = user_pass_rehash($user1->pass, $timestamp, $user1->login, NULL);
$reset_url = url("user/reset/$user1->uid/$timestamp/$reset_url_token", array('absolute' => TRUE));
$this->drupalGet($reset_url);
$this->assertText($user1->name, 'The valid password reset page shows the user name.');
$this->assertUrl($reset_url, array(), 'The user remains on the password reset login page.');
$this->assertNoText('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.');
}
}
/**
@@ -558,7 +626,7 @@ class UserCancelTestCase extends DrupalWebTestCase {
// Attempt bogus account cancellation request confirmation.
$timestamp = $account->login;
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid));
$this->assertResponse(403, 'Bogus cancelling request rejected.');
$account = user_load($account->uid);
$this->assertTrue($account->status == 1, 'User account was not canceled.');
@@ -631,14 +699,14 @@ class UserCancelTestCase extends DrupalWebTestCase {
// Attempt bogus account cancellation request confirmation.
$bogus_timestamp = $timestamp + 60;
$this->drupalGet("user/$account->uid/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login, $account->uid));
$this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Bogus cancelling request rejected.');
$account = user_load($account->uid);
$this->assertTrue($account->status == 1, 'User account was not canceled.');
// Attempt expired account cancellation request confirmation.
$bogus_timestamp = $timestamp - 86400 - 60;
$this->drupalGet("user/$account->uid/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$bogus_timestamp/" . user_pass_rehash($account->pass, $bogus_timestamp, $account->login, $account->uid));
$this->assertText(t('You have tried to use an account cancellation link that has expired. Please request a new one using the form below.'), 'Expired cancel account request rejected.');
$accounts = user_load_multiple(array($account->uid), array('status' => 1));
$this->assertTrue(reset($accounts), 'User account was not canceled.');
@@ -675,7 +743,7 @@ class UserCancelTestCase extends DrupalWebTestCase {
$this->assertText(t('A confirmation request to cancel your account has been sent to your e-mail address.'), 'Account cancellation request mailed message displayed.');
// Confirm account cancellation request.
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid));
$account = user_load($account->uid, TRUE);
$this->assertTrue($account->status == 0, 'User has been blocked.');
@@ -713,7 +781,7 @@ class UserCancelTestCase extends DrupalWebTestCase {
$this->assertText(t('A confirmation request to cancel your account has been sent to your e-mail address.'), 'Account cancellation request mailed message displayed.');
// Confirm account cancellation request.
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid));
$account = user_load($account->uid, TRUE);
$this->assertTrue($account->status == 0, 'User has been blocked.');
@@ -763,7 +831,7 @@ class UserCancelTestCase extends DrupalWebTestCase {
$this->assertText(t('A confirmation request to cancel your account has been sent to your e-mail address.'), 'Account cancellation request mailed message displayed.');
// Confirm account cancellation request.
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid));
$this->assertFalse(user_load($account->uid, TRUE), 'User is not found in the database.');
// Confirm that user's content has been attributed to anonymous user.
@@ -827,7 +895,7 @@ class UserCancelTestCase extends DrupalWebTestCase {
$this->assertText(t('A confirmation request to cancel your account has been sent to your e-mail address.'), 'Account cancellation request mailed message displayed.');
// Confirm account cancellation request.
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login));
$this->drupalGet("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid));
$this->assertFalse(user_load($account->uid, TRUE), 'User is not found in the database.');
// Confirm that user's content has been deleted.
@@ -1127,6 +1195,17 @@ class UserPictureTestCase extends DrupalWebTestCase {
$pic_path2 = $this->saveUserPicture($image);
$this->assertNotEqual($pic_path, $pic_path2, 'Filename of second picture is different.');
// Check if user picture has a valid file ID after saving the user.
$account = user_load($this->user->uid, TRUE);
$this->assertTrue(is_object($account->picture), 'User picture object is valid after user load.');
$this->assertNotNull($account->picture->fid, 'User picture object has a FID after user load.');
$this->assertTrue(is_file($account->picture->uri), 'File is located in proper directory after user load.');
user_save($account);
// Verify that the user save does not destroy the user picture object.
$this->assertTrue(is_object($account->picture), 'User picture object is valid after user save.');
$this->assertNotNull($account->picture->fid, 'User picture object has a FID after user save.');
$this->assertTrue(is_file($account->picture->uri), 'File is located in proper directory after user save.');
}
}
@@ -2066,26 +2145,6 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
);
}
public function setUp() {
parent::setUp('locale');
$account = $this->drupalCreateUser(array('access administration pages', 'administer languages'));
$this->drupalLogin($account);
// Add language.
$edit = array('langcode' => 'de');
$this->drupalPost('admin/config/regional/language/add', $edit, t('Add language'));
// Enable URL language detection and selection.
$edit = array('language[enabled][locale-url]' => 1);
$this->drupalPost('admin/config/regional/language/configure', $edit, t('Save settings'));
// Reset static caching.
drupal_static_reset('language_list');
drupal_static_reset('locale_url_outbound_alter');
drupal_static_reset('locale_language_url_rewrite_url');
}
/**
* Creates a user, then tests the tokens generated from it.
*/
@@ -2136,39 +2195,6 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase {
$output = token_replace($input, array('user' => $account), array('language' => $language, 'sanitize' => FALSE));
$this->assertEqual($output, $expected, format_string('Unsanitized user token %token replaced.', array('%token' => $input)));
}
$languages = language_list();
// Generate login and cancel link.
$tests = array();
$tests['[user:one-time-login-url]'] = user_pass_reset_url($account);
$tests['[user:cancel-url]'] = user_cancel_url($account);
// Generate tokens with interface language.
$link = url('user', array('absolute' => TRUE));
foreach ($tests as $input => $expected) {
$output = token_replace($input, array('user' => $account), array('langcode' => $language->language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
$this->assertTrue(strpos($output, $link) === 0, 'Generated URL is in interface language.');
}
// Generate tokens with the user's preferred language.
$edit['language'] = 'de';
$account = user_save($account, $edit);
$link = url('user', array('language' => $languages[$account->language], 'absolute' => TRUE));
foreach ($tests as $input => $expected) {
$output = token_replace($input, array('user' => $account), array('callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
$this->assertTrue(strpos($output, $link) === 0, "Generated URL is in the user's preferred language.");
}
// Generate tokens with one specific language.
$link = url('user', array('language' => $languages['de'], 'absolute' => TRUE));
foreach ($tests as $input => $expected) {
foreach (array($user1, $user2) as $account) {
$output = token_replace($input, array('user' => $account), array('langcode' => 'de', 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE));
$this->assertTrue(strpos($output, $link) === 0, "Generated URL in in the requested language.");
}
}
}
}