security update for views

2018-04-20 23:59:18 +02:00
parent 57376251fa
commit 85772b4ca7
398 changed files with 11239 additions and 6207 deletions
--- a/sites/all/modules/contrib/views/views/help/alter-exposed-filter.html
+++ b/sites/all/modules/contrib/views/views/help/alter-exposed-filter.html
@@ -4,8 +4,9 @@ As a consequence, it *always* thinks the value was submitted, even if it was not

 <pre>
 &lt;?php
-if (empty($form_state['view']->exposed_input[$identifier])) .
-		{ $form_state['input'][$identifier] = $default_value; }
+if (empty($form_state['view']->exposed_input[$identifier])) {
+  $form_state['input'][$identifier] = $default_value;
+}
 ?&gt;
 </pre>

@@ -18,10 +19,10 @@ To do this, I used the following function, where geoip_redirect_get_tid() loads
 <pre>
 &lt;?php
 function MODULENAME_form_views_exposed_form_alter(&$form, $form_state) {
-  if(strpos($form['#id'], 'volunteer-directory') !== FALSE) {
+  if (strpos($form['#id'], 'volunteer-directory') !== FALSE) {
    $city_tid = geoip_redirect_get_tid();
-    if(is_numeric($city_tid) && $city_tid != 7660) {
-      if (empty($form_state['view']->exposed_input['tid']))  {
+    if (is_numeric($city_tid) && $city_tid != 7660) {
+      if (empty($form_state['view']->exposed_input['tid'])) {
        $form_state['input']['tid'] = $city_tid;
      }
    }
--- a/sites/all/modules/contrib/views/views/help/api-example.html
+++ b/sites/all/modules/contrib/views/views/help/api-example.html
@@ -40,7 +40,7 @@ Below is the contents of a simple node_example.views.inc file that allows you to
 * @endcode
 */

-function node_example_views_data()  {
+function node_example_views_data() {
  // Basic table information.

  // ----------------------------------------------------------------
--- a/sites/all/modules/contrib/views/views/help/api-tables.html
+++ b/sites/all/modules/contrib/views/views/help/api-tables.html
@@ -169,8 +169,10 @@ Each field is described in the view data with an array, keyed to the database na

 <pre>
 $data['node']['nid'] = array(
+  // The item it appears as on the UI,
  'title' =&gt; t('Nid'),
-  'help' =&gt; t('The node ID of the node.'), // The help that appears on the UI,
+  // The help that appears on the UI,
+  'help' =&gt; t('The node ID of the node.'),
  // Information for displaying the nid
  'field' =&gt; array(
    'handler' =&gt; 'views_handler_field_node',
@@ -179,7 +181,8 @@ $data['node']['nid'] = array(
  // Information for accepting a nid as an argument
  'argument' =&gt; array(
    'handler' =&gt; 'views_handler_argument_node_nid',
-    'name field' =&gt; 'title', // the field to display in the summary.
+    // The field to display in the summary.
+    'name field' =&gt; 'title',
    'numeric' =&gt; TRUE,
    'validate type' =&gt; 'nid',
  ),
--- a/sites/all/modules/contrib/views/views/help/api-upgrading.html
+++ b/sites/all/modules/contrib/views/views/help/api-upgrading.html
@@ -113,9 +113,9 @@ The views_handler class got two new functions:
 /**
 * Get the value that's supposed to be rendered.
 *
- * @param $values
+ * @param object $values
 *   An object containing all retrieved values.
- * @param $field
+ * @param string $field
 *   Optional name of the field where the value is stored.
 */
 function get_value($values, $field = NULL) {
@@ -128,9 +128,9 @@ function get_value($values, $field = NULL) {
 /**
 * Sanitize the value for output.
 *
- * @param $value
+ * @param string $value
 *   The value being rendered.
- * @param $type
+ * @param string $type
 *   The type of sanitization needed. If not provided, check_plain() is used.
 */
 function sanitize_value($value, $type = NULL) {
@@ -138,9 +138,11 @@ function sanitize_value($value, $type = NULL) {
    case 'xss':
      $value = filter_xss($value);
      break;
+
    case 'url':
      $value = check_url($value);
      break;
+
    default:
      $value = check_plain($value);
      break;
--- a/sites/all/modules/contrib/views/views/help/embed.html
+++ b/sites/all/modules/contrib/views/views/help/embed.html
@@ -10,9 +10,9 @@ easiest way is to use the function <strong>views_embed_view()</strong>:
 * solution and doesn't really offer a lot of options, but breaking the function
 * apart is pretty easy, and this provides a worthwhile guide to doing so.
 *
- * @param $name
+ * @param string $name
 *   The name of the view to embed.
- * @param $display_id
+ * @param string $display_id
 *   The display id to embed. If unsure, use 'default', as it will always be
 *   valid. But things like 'page' or 'block' should work here.
 * @param ...
--- a/sites/all/modules/contrib/views/views/help/ui-crashes.html
+++ b/sites/all/modules/contrib/views/views/help/ui-crashes.html
@@ -13,7 +13,7 @@ This section originally stems from <a href="http://drupal.org/node/346662">this
 Some modules may add PHP improperly, disrupting normal jQuery operation. Errors may look like

 <code>
-<? session_module_name("files"); ?>{ "default": "default" }
+<?php session_module_name("files"); ?>{ "default": "default" }
 </code>

 This can also be a server configuration issue. In one case, this was solved by commenting out