bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated core to 7.73

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi 2020-11-09 10:18:07 +01:00
parent be549a75f6
commit 91e0ff102e
173 changed files with 1304 additions and 542 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CHANGELOG.txt
View File

@ -1,5 +1,23 @@
Drupal 7.xx, xxxx-xx-xx (development version)
Drupal 7.73, 2020-09-16
-----------------------
- Fixed security issues:
- SA-CORE-2020-007
Drupal 7.72, 2020-06-17
-----------------------
- Fixed security issues:
- SA-CORE-2020-004
Drupal 7.71, 2020-06-03
-----------------------
- Fix for jQuery Form bug in Chromium-based browsers
- Full support for PHP 7.4
Drupal 7.70, 2020-05-19
-----------------------
- Fixed security issues:
- SA-CORE-2020-002
- SA-CORE-2020-003
Drupal 7.69, 2019-12-18
-----------------------

15
includes/batch.inc
View File

@ -478,18 +478,17 @@ function _batch_finished() {
$queue->deleteQueue();
}
}
// Clean-up the session. Not needed for CLI updates.
if (isset($_SESSION)) {
unset($_SESSION['batches'][$batch['id']]);
if (empty($_SESSION['batches'])) {
unset($_SESSION['batches']);
}
}
}
$_batch = $batch;
$batch = NULL;
// Clean-up the session. Not needed for CLI updates.
if (isset($_SESSION)) {
unset($_SESSION['batches'][$batch['id']]);
if (empty($_SESSION['batches'])) {
unset($_SESSION['batches']);
}
}
// Redirect if needed.
if ($_batch['progressive']) {
// Revert the 'destination' that was saved in batch_process().

2
includes/bootstrap.inc
View File

@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.69');
define('VERSION', '7.73');
/**
* Core API compatibility.

11
includes/common.inc
View File

@ -391,7 +391,7 @@ function drupal_add_feed($url = NULL, $title = '') {
*/
function drupal_get_feeds($delimiter = "\n") {
$feeds = drupal_add_feed();
return implode($feeds, $delimiter);
return implode($delimiter, $feeds);
}
/**
@ -684,7 +684,10 @@ function drupal_goto($path = '', array $options = array(), $http_response_code =
// We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
$destination = drupal_parse_url($_GET['destination']);
$path = $destination['path'];
// Double check the path derived by drupal_parse_url() is not external.
if (!url_is_external($destination['path'])) {
$path = $destination['path'];
}
$options['query'] = $destination['query'];
$options['fragment'] = $destination['fragment'];
}
@ -3740,7 +3743,7 @@ function _drupal_build_css_path($matches, $base = NULL) {
}
// Prefix with base and remove '../' segments where possible.
$path = $_base . $matches[1];
$path = $_base . (isset($matches[1]) ? $matches[1] : '');
$last = '';
while ($path != $last) {
$last = $path;
@ -6653,7 +6656,7 @@ function element_children(&$elements, $sort = FALSE) {
$children = array();
$sortable = FALSE;
foreach ($elements as $key => $value) {
if ($key === '' || $key[0] !== '#') {
if (is_int($key) || $key === '' || $key[0] !== '#') {
$children[$key] = $value;
if (is_array($value) && isset($value['#weight'])) {
$sortable = TRUE;

2
includes/filetransfer/filetransfer.inc
View File

@ -301,7 +301,7 @@ abstract class FileTransfer {
$parts = explode('/', $path);
$chroot = '';
while (count($parts)) {
$check = implode($parts, '/');
$check = implode('/', $parts);
if ($this->isFile($check . '/' . drupal_basename(__FILE__))) {
// Remove the trailing slash.
return substr($chroot, 0, -1);

14
includes/form.inc
View File

@ -1135,12 +1135,8 @@ function drupal_prepare_form($form_id, &$form, &$form_state) {
* Helper function to call form_set_error() if there is a token error.
*/
function _drupal_invalid_token_set_form_error() {
$path = current_path();
$query = drupal_get_query_parameters();
$url = url($path, array('query' => $query));
// Setting this error will cause the form to fail validation.
form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));
form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
}
/**
@ -1181,6 +1177,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
if (!empty($form['#token'])) {
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
_drupal_invalid_token_set_form_error();
// Ignore all submitted values.
$form_state['input'] = array();
$_POST = array();
// Make sure file uploads do not get processed.
$_FILES = array();
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
@ -1848,6 +1849,9 @@ function form_builder($form_id, &$element, &$form_state) {
_drupal_invalid_token_set_form_error();
// This value is checked in _form_builder_handle_input_element().
$form_state['invalid_token'] = TRUE;
// Ignore all submitted values.
$form_state['input'] = array();
$_POST = array();
// Make sure file uploads do not get processed.
$_FILES = array();
}

3
includes/menu.inc
View File

@ -2483,6 +2483,9 @@ function menu_link_get_preferred($path = NULL, $selected_menu = NULL) {
// untranslated paths). Afterwards, the most relevant path is picked from
// the menus, ordered by menu preference.
$item = menu_get_item($path);
if ($item === FALSE) {
return FALSE;
}
$path_candidates = array();
// 1. The current item href.
$path_candidates[$item['href']] = $item['href'];

30
includes/pager.inc
View File

@ -324,6 +324,16 @@ function theme_pager($variables) {
$quantity = empty($variables['quantity']) ? 0 : $variables['quantity'];
global $pager_page_array, $pager_total;
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// Nothing to do if there is only one page.
if ($pager_total[$element] <= 1) {
return;
}
// Calculate various markers within this pager piece:
// Middle is used to "center" pages around the current page.
$pager_middle = ceil($quantity / 2);
@ -455,6 +465,11 @@ function theme_pager_first($variables) {
global $pager_page_array;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element])) {
return;
}
// If we are anywhere but the first page
if ($pager_page_array[$element] > 0) {
$output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array(0, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));
@ -485,6 +500,11 @@ function theme_pager_previous($variables) {
global $pager_page_array;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element])) {
return;
}
// If we are anywhere but the first page
if ($pager_page_array[$element] > 0) {
$page_new = pager_load_array($pager_page_array[$element] - $interval, $element, $pager_page_array);
@ -524,6 +544,11 @@ function theme_pager_next($variables) {
global $pager_page_array, $pager_total;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// If we are anywhere but the last page
if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
$page_new = pager_load_array($pager_page_array[$element] + $interval, $element, $pager_page_array);
@ -560,6 +585,11 @@ function theme_pager_last($variables) {
global $pager_page_array, $pager_total;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// If we are anywhere but the last page
if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
$output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array($pager_total[$element] - 1, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));

14
includes/path.inc
View File

@ -466,13 +466,15 @@ function path_delete($criteria) {
$criteria = array('pid' => $criteria);
}
$path = path_load($criteria);
$query = db_delete('url_alias');
foreach ($criteria as $field => $value) {
$query->condition($field, $value);
if (isset($path['source'])) {
$query = db_delete('url_alias');
foreach ($criteria as $field => $value) {
$query->condition($field, $value);
}
$query->execute();
module_invoke_all('path_delete', $path);
drupal_clear_path_cache($path['source']);
}
$query->execute();
module_invoke_all('path_delete', $path);
drupal_clear_path_cache($path['source']);
}
/**

2
includes/request-sanitizer.inc
View File

@ -99,7 +99,7 @@ class DrupalRequestSanitizer {
protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}

22
misc/ajax.js
View File

@ -149,7 +149,7 @@ Drupal.ajax = function (base, element, element_settings) {
// The 'this' variable will not persist inside of the options object.
var ajax = this;
ajax.options = {
url: ajax.url,
url: Drupal.sanitizeAjaxUrl(ajax.url),
data: ajax.submit,
beforeSerialize: function (element_settings, options) {
return ajax.beforeSerialize(element_settings, options);
@ -195,9 +195,29 @@ Drupal.ajax = function (base, element, element_settings) {
}
},
dataType: 'json',
jsonp: false,
type: 'POST'
};
// For multipart forms (e.g., file uploads), jQuery Form targets the form
// submission to an iframe instead of using an XHR object. The initial "src"
// of the iframe, prior to the form submission, is set to options.iframeSrc.
// "about:blank" is the semantically correct, standards-compliant, way to
// initialize a blank iframe; however, some old IE versions (possibly only 6)
// incorrectly report a mixed content warning when iframes with an
// "about:blank" src are added to a parent document with an https:// origin.
// jQuery Form works around this by defaulting to "javascript:false" instead,
// but that breaks on Chrome 83, so here we force the semantically correct
// behavior for all browsers except old IE.
// @see https://www.drupal.org/project/drupal/issues/3143016
// @see https://github.com/jquery-form/form/blob/df9cb101b9c9c085c8d75ad980c7ff1cf62063a1/jquery.form.js#L68
// @see https://bugs.chromium.org/p/chromium/issues/detail?id=1084874
// @see https://html.spec.whatwg.org/multipage/browsers.html#creating-browsing-contexts
// @see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
if (navigator.userAgent.indexOf("MSIE") === -1) {
ajax.options.iframeSrc = 'about:blank';
}
// Bind the ajaxSubmit function to the element event.
$(ajax.element).bind(element_settings.event, function (event) {
if (!Drupal.settings.urlIsAjaxTrusted[ajax.url] && !Drupal.urlIsLocal(ajax.url)) {

3
misc/autocomplete.js
View File

@ -297,8 +297,9 @@ Drupal.ACDB.prototype.search = function (searchString) {
// encodeURIComponent to allow autocomplete search terms to contain slashes.
$.ajax({
type: 'GET',
url: db.uri + '/' + Drupal.encodePath(searchString),
url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)),
dataType: 'json',
jsonp: false,
success: function (matches) {
if (typeof matches.status == 'undefined' || matches.status != 0) {
db.cache[searchString] = matches;

17
misc/drupal.js
View File

@ -424,6 +424,23 @@ Drupal.urlIsLocal = function (url) {
return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0;
};
/**
* Sanitizes a URL for use with jQuery.ajax().
*
* @param url
* The URL string to be sanitized.
*
* @return
* The sanitized URL.
*/
Drupal.sanitizeAjaxUrl = function (url) {
var regex = /\=\?(&|$)/;
while (url.match(regex)) {
url = url.replace(regex, '');
}
return url;
}
/**
* Generate the themed representation of a Drupal object.
*

251
misc/jquery-html-prefilter-3.5.0-backport.js Normal file
View File

@ -0,0 +1,251 @@
/**
* For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter()
* function with one that fixes these security vulnerabilities while also
* retaining the pre-3.5.0 behavior where it's safe to do so.
* - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
* - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
*
* Additionally, for jQuery versions that do not have a jQuery.htmlPrefilter()
* function (1.x prior to 1.12 and 2.x prior to 2.2), this adds it, and
* extends the functions that need to call it to do so.
*
* Drupal core's jQuery version is 1.4.4, but jQuery Update can provide a
* different version, so this covers all versions between 1.4.4 and 3.4.1.
* The GitHub links in the code comments below link to jQuery 1.5 code, because
* 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to
* 1.5.
*/
(function (jQuery) {
// Parts of this backport differ by jQuery version.
var versionParts = jQuery.fn.jquery.split('.');
var majorVersion = parseInt(versionParts[0]);
var minorVersion = parseInt(versionParts[1]);
// No backport is needed if we're already on jQuery 3.5 or higher.
if ( (majorVersion > 3) || (majorVersion === 3 && minorVersion >= 5) ) {
return;
}
// Prior to jQuery 3.5, jQuery converted XHTML-style self-closing tags to
// their XML equivalent: e.g., "<div />" to "<div></div>". This is
// problematic for several reasons, including that it's vulnerable to XSS
// attacks. However, since this was jQuery's behavior for many years, many
// Drupal modules and jQuery plugins may be relying on it. Therefore, we
// preserve that behavior, but for a limited set of tags only, that we believe
// to not be vulnerable. This is the set of HTML tags that satisfy all of the
// following conditions:
// - In DOMPurify's list of HTML tags. If an HTML tag isn't safe enough to
// appear in that list, then we don't want to mess with it here either.
// @see https://github.com/cure53/DOMPurify/blob/2.0.11/dist/purify.js#L128
// - A normal element (not a void, template, text, or foreign element).
// @see https://html.spec.whatwg.org/multipage/syntax.html#elements-2
// - An element that is still defined by the current HTML specification
// (not a deprecated element), because we do not want to rely on how
// browsers parse deprecated elements.
// @see https://developer.mozilla.org/en-US/docs/Web/HTML/Element
// - Not 'html', 'head', or 'body', because this pseudo-XHTML expansion is
// designed for fragments, not entire documents.
// - Not 'colgroup', because due to an idiosyncrasy of jQuery's original
// regular expression, it didn't match on colgroup, and we don't want to
// introduce a behavior change for that.
var selfClosingTagsToReplace = [
'a', 'abbr', 'address', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo',
'blockquote', 'button', 'canvas', 'caption', 'cite', 'code', 'data',
'datalist', 'dd', 'del', 'details', 'dfn', 'div', 'dl', 'dt', 'em',
'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3',
'h4', 'h5', 'h6', 'header', 'hgroup', 'i', 'ins', 'kbd', 'label', 'legend',
'li', 'main', 'map', 'mark', 'menu', 'meter', 'nav', 'ol', 'optgroup',
'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt',
'ruby', 's', 'samp', 'section', 'select', 'small', 'source', 'span',
'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th',
'thead', 'time', 'tr', 'u', 'ul', 'var', 'video'
];
// Define regular expressions for <TAG/> and <TAG ATTRIBUTES/>. Doing this as
// two expressions makes it easier to target <a/> without also targeting
// every tag that starts with "a".
var xhtmlRegExpGroup = '(' + selfClosingTagsToReplace.join('|') + ')';
var whitespace = '[\\x20\\t\\r\\n\\f]';
var rxhtmlTagWithoutSpaceOrAttributes = new RegExp('<' + xhtmlRegExpGroup + '\\/>', 'gi');
var rxhtmlTagWithSpaceAndMaybeAttributes = new RegExp('<' + xhtmlRegExpGroup + '(' + whitespace + '[^>]*)\\/>', 'gi');
// jQuery 3.5 also fixed a vulnerability for when </select> appears within
// an <option> or <optgroup>, but it did that in local code that we can't
// backport directly. Instead, we filter such cases out. To do so, we need to
// determine when jQuery would otherwise invoke the vulnerable code, which it
// uses this regular expression to determine. The regular expression changed
// for version 3.0.0 and changed again for 3.4.0.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4958
// @see https://github.com/jquery/jquery/blob/3.0.0/dist/jquery.js#L4584
// @see https://github.com/jquery/jquery/blob/3.4.0/dist/jquery.js#L4712
var rtagName;
if (majorVersion < 3) {
rtagName = /<([\w:]+)/;
}
else if (minorVersion < 4) {
rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]+)/i;
}
else {
rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i;
}
// The regular expression that jQuery uses to determine which self-closing
// tags to expand to open and close tags. This is vulnerable, because it
// matches all tag names except the few excluded ones. We only use this
// expression for determining vulnerability. The expression changed for
// version 3, but we only need to check for vulnerability in versions 1 and 2,
// so we use the expression from those versions.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4957
var rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi;
jQuery.extend({
htmlPrefilter: function (html) {
// This is how jQuery determines the first tag in the HTML.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5521
var tag = ( rtagName.exec( html ) || [ "", "" ] )[ 1 ].toLowerCase();
// It is not valid HTML for <option> or <optgroup> to have <select> as
// either a descendant or sibling, and attempts to inject one can cause
// XSS on jQuery versions before 3.5. Since this is invalid HTML and a
// possible XSS attack, reject the entire string.
// @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
if ((tag === 'option' || tag === 'optgroup') && html.match(/<\/?select/i)) {
html = '';
}
// Retain jQuery's prior to 3.5 conversion of pseudo-XHTML, but for only
// the tags in the `selfClosingTagsToReplace` list defined above.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5518
// @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
html = html.replace(rxhtmlTagWithoutSpaceOrAttributes, "<$1></$1>");
html = html.replace(rxhtmlTagWithSpaceAndMaybeAttributes, "<$1$2></$1>");
// Prior to jQuery 1.12 and 2.2, this function gets called (via code later
// in this file) in addition to, rather than instead of, the unsafe
// expansion of self-closing tags (including ones not in the list above).
// We can't prevent that unsafe expansion from running, so instead we
// check to make sure that it doesn't affect the DOM returned by the
// browser's parsing logic. If it does affect it, then it's vulnerable to
// XSS, so we reject the entire string.
if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) {
var htmlRisky = html.replace(rxhtmlTag, "<$1></$2>");
if (htmlRisky !== html) {
// Even though htmlRisky and html are different strings, they might
// represent the same HTML structure once parsed, in which case,
// htmlRisky is actually safe. We can ask the browser to parse both
// to find out, but the browser can't parse table fragments (e.g., a
// root-level "<td>"), so we need to wrap them. We just need this
// technique to work on all supported browsers; we don't need to
// copy from the specific jQuery version we're using.
// @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L4939
var wrapMap = {
thead: [ 1, "<table>", "</table>" ],
col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
tr: [ 2, "<table><tbody>", "</tbody></table>" ],
td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
};
wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
wrapMap.th = wrapMap.td;
// Function to wrap HTML into something that a browser can parse.
// @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L5032
var getWrappedHtml = function (html) {
var wrap = wrapMap[tag];
if (wrap) {
html = wrap[1] + html + wrap[2];
}
return html;
};
// Function to return canonical HTML after parsing it. This parses
// only; it doesn't execute scripts.
// @see https://github.com/jquery/jquery-migrate/blob/3.3.0/src/jquery/manipulation.js#L5
var getParsedHtml = function (html) {
var doc = window.document.implementation.createHTMLDocument( "" );
doc.body.innerHTML = html;
return doc.body ? doc.body.innerHTML : '';
};
// If the browser couldn't parse either one successfully, or if
// htmlRisky parses differently than html, then html is vulnerable,
// so reject it.
var htmlParsed = getParsedHtml(getWrappedHtml(html));
var htmlRiskyParsed = getParsedHtml(getWrappedHtml(htmlRisky));
if (htmlRiskyParsed === '' || htmlParsed === '' || (htmlRiskyParsed !== htmlParsed)) {
html = '';
}
}
}
return html;
}
});
// Prior to jQuery 1.12 and 2.2, jQuery.clean(), jQuery.buildFragment(), and
// jQuery.fn.html() did not call jQuery.htmlPrefilter(), so we add that.
if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) {
// Filter the HTML coming into jQuery.fn.html().
var fnOriginalHtml = jQuery.fn.html;
jQuery.fn.extend({
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5147
html: function (value) {
if (typeof value === "string") {
value = jQuery.htmlPrefilter(value);
}
// .html() can be called as a setter (with an argument) or as a getter
// (without an argument), so invoke fnOriginalHtml() the same way that
// we were invoked.
return fnOriginalHtml.apply(this, arguments.length ? [value] : []);
}
});
// The regular expression that jQuery uses to determine if a string is HTML.
// Used by both clean() and buildFragment().
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4960
var rhtml = /<|&#?\w+;/;
// Filter HTML coming into:
// - jQuery.clean() for versions prior to 1.9.
// - jQuery.buildFragment() for 1.9 and above.
//
// The looping constructs in the two functions might be essentially
// identical, but they're each expressed here in the way that most closely
// matches their original expression in jQuery, so that we filter all of
// the items and only the items that jQuery will treat as HTML strings.
if (majorVersion === 1 && minorVersion < 9) {
var originalClean = jQuery.clean;
jQuery.extend({
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5493
'clean': function (elems, context, fragment, scripts) {
for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) {
if ( typeof elem === "string" && rhtml.test( elem ) ) {
elems[i] = elem = jQuery.htmlPrefilter(elem);
}
}
return originalClean.call(this, elems, context, fragment, scripts);
}
});
}
else {
var originalBuildFragment = jQuery.buildFragment;
jQuery.extend({
// @see https://github.com/jquery/jquery/blob/1.9.0/jquery.js#L6419
'buildFragment': function (elems, context, scripts, selection) {
var l = elems.length;
for ( var i = 0; i < l; i++ ) {
var elem = elems[i];
if (elem || elem === 0) {
if ( jQuery.type( elem ) !== "object" && rhtml.test( elem ) ) {
elems[i] = elem = jQuery.htmlPrefilter(elem);
}
}
}
return originalBuildFragment.call(this, elems, context, scripts, selection);
}
});
}
}
})(jQuery);

5
misc/typo3/phar-stream-wrapper/README.md
View File

@ -1,5 +1,6 @@
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/badges/quality-score.png?b=v2)](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/?branch=v2)
[![Travis CI Build Status](https://travis-ci.org/TYPO3/phar-stream-wrapper.svg?branch=v2)](https://travis-ci.org/TYPO3/phar-stream-wrapper)
[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/q4ls5tg4w1d6sf4i/branch/v2?svg=true)](https://ci.appveyor.com/project/ohader/phar-stream-wrapper)
# PHP Phar Stream Wrapper
@ -21,9 +22,11 @@ and has been addressed concerning the specific attack vector and for this generi
`PharStreamWrapper` in TYPO3 versions 7.6.30 LTS, 8.7.17 LTS and 9.3.1 on 12th
July 2018.
* https://typo3.org/security/advisory/typo3-core-sa-2018-002/
* https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are
* https://youtu.be/GePBmsNJw6Y
* https://typo3.org/security/advisory/typo3-psa-2018-001/
* https://typo3.org/security/advisory/typo3-psa-2019-007/
* https://typo3.org/security/advisory/typo3-psa-2019-008/
## License

4
misc/typo3/phar-stream-wrapper/composer.json
View File

@ -7,7 +7,6 @@
"keywords": ["php", "phar", "stream-wrapper", "security"],
"require": {
"php": "^5.3.3|^7.0",
"ext-fileinfo": "*",
"ext-json": "*",
"brumann/polyfill-unserialize": "^1.0"
},
@ -15,6 +14,9 @@
"ext-xdebug": "*",
"phpunit/phpunit": "^4.8.36"
},
"suggest": {
"ext-fileinfo": "For PHP builtin file type guessing, otherwise uses internal processing"
},
"autoload": {
"psr-4": {
"TYPO3\\PharStreamWrapper\\": "src/"

4
misc/typo3/phar-stream-wrapper/src/Helper.php
View File

@ -52,7 +52,7 @@ class Helper
while (count($parts)) {
$currentPath = implode('/', $parts);
if (@is_file($currentPath)) {
if (@is_file($currentPath) && realpath($currentPath) !== false) {
return $currentPath;
}
array_pop($parts);
@ -106,7 +106,7 @@ class Helper
* @param string $path File path to process
* @return string
*/
private static function normalizeWindowsPath($path)
public static function normalizeWindowsPath($path)
{
return str_replace('\\', '/', $path);
}

40
misc/typo3/phar-stream-wrapper/src/Phar/Reader.php
View File

@ -19,6 +19,11 @@ class Reader
private $fileName;
/**
* Mime-type in order to use zlib, bzip2 or no compression.
* In case ext-fileinfo is not present only the relevant types
* 'application/x-gzip' and 'application/x-bzip2' are assigned
* to this class property.
*
* @var string
*/
private $fileType;
@ -139,7 +144,7 @@ class Reader
*/
private function resolveStream()
{
if ($this->fileType === 'application/x-gzip') {
if ($this->fileType === 'application/x-gzip' || $this->fileType === 'application/gzip') {
return 'compress.zlib://';
} elseif ($this->fileType === 'application/x-bzip2') {
return 'compress.bzip2://';
@ -152,8 +157,37 @@ class Reader
*/
private function determineFileType()
{
$fileInfo = new \finfo();
return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);
if (class_exists('\\finfo')) {
$fileInfo = new \finfo();
return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);
}
return $this->determineFileTypeByHeader();
}
/**
* In case ext-fileinfo is not present only the relevant types
* 'application/x-gzip' and 'application/x-bzip2' are resolved.
*
* @return string
*/
private function determineFileTypeByHeader()
{
$resource = fopen($this->fileName, 'r');
if (!is_resource($resource)) {
throw new ReaderException(
sprintf('Resource %s could not be opened', $this->fileName),
1557753055
);
}
$header = fgets($resource, 4);
fclose($resource);
$mimeType = '';
if (strpos($header, "\x42\x5a\x68") === 0) {
$mimeType = 'application/x-bzip2';
} elseif (strpos($header, "\x1f\x8b") === 0) {
$mimeType = 'application/x-gzip';
}
return $mimeType;
}
/**

2
misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php
View File

@ -476,7 +476,7 @@ class PharStreamWrapper
{
$arguments = func_get_args();
array_shift($arguments);
$silentExecution = $functionName{0} === '@';
$silentExecution = $functionName[0] === '@';
$functionName = ltrim($functionName, '@');
$this->restoreInternalSteamWrapper();

18
misc/typo3/phar-stream-wrapper/src/Resolver/PharInvocationResolver.php
View File

@ -14,6 +14,7 @@ namespace TYPO3\PharStreamWrapper\Resolver;
use TYPO3\PharStreamWrapper\Helper;
use TYPO3\PharStreamWrapper\Manager;
use TYPO3\PharStreamWrapper\Phar\Reader;
use TYPO3\PharStreamWrapper\Phar\ReaderException;
use TYPO3\PharStreamWrapper\Resolvable;
class PharInvocationResolver implements Resolvable
@ -59,7 +60,7 @@ class PharInvocationResolver implements Resolvable
{
$hasPharPrefix = Helper::hasPharPrefix($path);
if ($flags === null) {
$flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS | static::ASSERT_INTERNAL_INVOCATION;
$flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS;
}
if ($hasPharPrefix && $flags & static::RESOLVE_ALIAS) {
@ -147,9 +148,14 @@ class PharInvocationResolver implements Resolvable
}
// ensure the possible alias name (how we have been called initially) matches
// the resolved alias name that was retrieved by the current possible base name
$reader = new Reader($currentBaseName);
$currentAlias = $reader->resolveContainer()->getAlias();
if ($currentAlias !== $possibleAlias) {
try {
$reader = new Reader($currentBaseName);
$currentAlias = $reader->resolveContainer()->getAlias();
} catch (ReaderException $exception) {
// most probably that was not a Phar file
continue;
}
if (empty($currentAlias) || $currentAlias !== $possibleAlias) {
continue;
}
$this->addBaseName($currentBaseName);
@ -215,7 +221,9 @@ class PharInvocationResolver implements Resolvable
if (isset($this->baseNames[$baseName])) {
return;
}
$this->baseNames[$baseName] = realpath($baseName);
$this->baseNames[$baseName] = Helper::normalizeWindowsPath(
realpath($baseName)
);
}
/**

6
modules/aggregator/aggregator.info
View File

@ -7,7 +7,7 @@ files[] = aggregator.test
configure = admin/config/services/aggregator/settings
stylesheets[all][] = aggregator.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/aggregator/tests/aggregator_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/block/block.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = block.test
configure = admin/structure/block
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

3
modules/block/block.module
View File

@ -263,7 +263,7 @@ function block_page_build(&$page) {
$all_regions = system_region_list($theme);
$item = menu_get_item();
if ($item['path'] != 'admin/structure/block/demo/' . $theme) {
if ($item === FALSE || $item['path'] != 'admin/structure/block/demo/' . $theme) {
// Load all region content assigned via blocks.
foreach (array_keys($all_regions) as $region) {
// Assign blocks to region.
@ -283,7 +283,6 @@ function block_page_build(&$page) {
}
else {
// Append region description if we are rendering the regions demo page.
$item = menu_get_item();
if ($item['path'] == 'admin/structure/block/demo/' . $theme) {
foreach (system_region_list($theme, REGIONS_VISIBLE, FALSE) as $region) {
$description = '<div class="block-region">' . $all_regions[$region] . '</div>';

6
modules/block/tests/block_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/block/tests/themes/block_test_theme/block_test_theme.info
View File

@ -13,7 +13,7 @@ regions[footer] = Footer
regions[highlighted] = Highlighted
regions[help] = Help
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/blog/blog.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = blog.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/book/book.info
View File

@ -7,7 +7,7 @@ files[] = book.test
configure = admin/content/book/settings
stylesheets[all][] = book.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/color/color.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = color.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

5
modules/color/color.module
View File

@ -734,8 +734,9 @@ function _color_blend($img, $hex1, $hex2, $alpha) {
* Converts a hex color into an RGB triplet.
*/
function _color_unpack($hex, $normalize = FALSE) {
if (strlen($hex) == 4) {
$hex = $hex[1] . $hex[1] . $hex[2] . $hex[2] . $hex[3] . $hex[3];
$hex = substr($hex, 1);
if (strlen($hex) == 3) {
$hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
}
$c = hexdec($hex);
for ($i = 16; $i >= 0; $i -= 8) {

6
modules/comment/comment.info
View File

@ -9,7 +9,7 @@ files[] = comment.test
configure = admin/content/comment
stylesheets[all][] = comment.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

3
modules/comment/comment.install
View File

@ -9,9 +9,6 @@
* Implements hook_uninstall().
*/
function comment_uninstall() {
// Delete comment_body field.
field_delete_field('comment_body');
// Remove variables.
variable_del('comment_block_count');
$node_types = array_keys(node_type_get_types());

55
modules/comment/comment.test
View File

@ -6,6 +6,7 @@
*/
class CommentHelperCase extends DrupalWebTestCase {
protected $super_user;
protected $admin_user;
protected $web_user;
protected $node;
@ -19,6 +20,7 @@ class CommentHelperCase extends DrupalWebTestCase {
parent::setUp($modules);
// Create users and test node.
$this->super_user = $this->drupalCreateUser(array('access administration pages', 'administer modules'));
$this->admin_user = $this->drupalCreateUser(array('administer content types', 'administer comments', 'administer blocks', 'administer actions', 'administer fields'));
$this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content', 'edit own comments'));
$this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'uid' => $this->web_user->uid));
@ -2264,3 +2266,56 @@ class CommentNodeChangesTestCase extends CommentHelperCase {
$this->assertFalse(comment_load($comment->id), 'The comment could not be loaded after the node was deleted.');
}
}
/**
* Tests uninstalling the comment module.
*/
class CommentUninstallTestCase extends CommentHelperCase {
public static function getInfo() {
return array(
'name' => 'Comment module uninstallation',
'description' => 'Tests that the comments module can be properly uninstalled.',
'group' => 'Comment',
);
}
function testCommentUninstall() {
$this->drupalLogin($this->super_user);
// Disable comment module.
$edit['modules[Core][comment][enable]'] = FALSE;
$this->drupalPost('admin/modules', $edit, t('Save configuration'));
$this->assertText(t('The configuration options have been saved.'), 'Comment module was disabled.');
// Uninstall comment module.
$edit = array('uninstall[comment]' => 'comment');
$this->drupalPost('admin/modules/uninstall', $edit, t('Uninstall'));
$this->drupalPost(NULL, NULL, t('Uninstall'));
$this->assertText(t('The selected modules have been uninstalled.'), 'Comment module was uninstalled.');
// Run cron and clear field cache so that comment fields and instances
// marked for deletion are actually removed.
$this->cronRun();
field_cache_clear();
// Verify that comment fields have been removed.
$all_fields = array_keys(field_info_field_map());
$this->assertFalse(in_array('comment_body', $all_fields), 'Comment fields were removed by uninstall.');
// Verify that comment field instances have been removed (or at least marked
// for deletion).
// N.B. field_read_instances does an INNER JOIN on field_config so if the
// comment_body row has been removed successfully from there no instances
// will be returned, but that does not guarantee that no rows are left over
// in the field_config_instance table.
$count = db_select('field_config_instance', 'fci')
->condition('entity_type', 'comment')
->condition('field_name', 'comment_body')
->condition('deleted', 0)
->countQuery()
->execute()
->fetchField();
$this->assertTrue($count == 0, 'Comment field instances were removed by uninstall.');
}
}

6
modules/contact/contact.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = contact.test
configure = admin/structure/contact
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/contextual/contextual.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = contextual.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/dashboard/dashboard.info
View File

@ -7,7 +7,7 @@ files[] = dashboard.test
dependencies[] = block
configure = admin/dashboard/customize
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/dblog/dblog.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = dblog.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/field.info
View File

@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
required = TRUE
stylesheets[all][] = theme/field.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/modules/field_sql_storage/field_sql_storage.info
View File

@ -7,7 +7,7 @@ dependencies[] = field
files[] = field_sql_storage.test
required = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/modules/list/list.info
View File

@ -7,7 +7,7 @@ dependencies[] = field
dependencies[] = options
files[] = tests/list.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/modules/list/tests/list_test.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/modules/number/number.info
View File

@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = number.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

2
modules/field/modules/number/number.test
View File

@ -174,7 +174,7 @@ class NumberFieldTestCase extends DrupalWebTestCase {
),
'display' => array(
'default' => array(
'type' => 'number_float',
'type' => 'number_decimal',
),
),
);

6
modules/field/modules/options/options.info
View File

@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = options.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/modules/text/text.info
View File

@ -7,7 +7,7 @@ dependencies[] = field
files[] = text.test
required = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/tests/field_test.info
View File

@ -6,7 +6,7 @@ files[] = field_test.entity.inc
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/field/tests/field_test.storage.inc
View File

@ -455,13 +455,13 @@ function field_test_field_attach_rename_bundle($bundle_old, $bundle_new) {
function field_test_field_attach_delete_bundle($entity_type, $bundle, $instances) {
$data = _field_test_storage_data();
foreach ($instances as $field_name => $instance) {
$field = field_info_field($field_name);
foreach ($instances as $instance) {
$field = field_info_field_by_id($instance['field_id']);
if ($field['storage']['type'] == 'field_test_storage') {
$field_data = &$data[$field['id']];
foreach (array('current', 'revisions') as $sub_table) {
foreach ($field_data[$sub_table] as &$row) {
if ($row->bundle == $bundle_old) {
if ($row->bundle == $bundle) {
$row->deleted = TRUE;
}
}

4
modules/field_ui/field_ui.admin.inc
View File

@ -1026,6 +1026,10 @@ function field_ui_display_overview_form($form, &$form_state, $entity_type, $bund
$instance['display'][$view_mode]['type'] = $formatter_type;
$formatter = field_info_formatter_types($formatter_type);
// For hidden fields, $formatter will be NULL, but we expect an array later.
// To maintain BC, but avoid PHP 7.4 Notices, ensure $formatter is an array
// with a 'module' element.
$formatter['module'] = isset($formatter['module']) ? $formatter['module'] : '';
$instance['display'][$view_mode]['module'] = $formatter['module'];
$instance['display'][$view_mode]['settings'] = $settings;

6
modules/field_ui/field_ui.info
View File

@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = field_ui.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

7
modules/field_ui/field_ui.module
View File

@ -265,6 +265,12 @@ function field_ui_menu_title($instance) {
* Menu access callback for the 'view mode display settings' pages.
*/
function _field_ui_view_mode_menu_access($entity_type, $bundle, $view_mode, $access_callback) {
// It's good practice to call func_get_args() at the beginning of a function
// to avoid problems with function parameters being modified later. The
// behavior of func_get_args() changed in PHP7.
// @see https://www.php.net/manual/en/migration70.incompatible.php#migration70.incompatible.other.func-parameter-modified
$all_args = func_get_args();
// First, determine visibility according to the 'use custom display'
// setting for the view mode.
$bundle = field_extract_bundle($entity_type, $bundle);
@ -275,7 +281,6 @@ function _field_ui_view_mode_menu_access($entity_type, $bundle, $view_mode, $acc
// part of _menu_check_access().
if ($visibility) {
// Grab the variable 'access arguments' part.
$all_args = func_get_args();
$args = array_slice($all_args, 4);
$callback = empty($access_callback) ? 0 : trim($access_callback);
if (is_numeric($callback)) {

6
modules/file/file.info
View File

@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = tests/file.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

2
modules/file/tests/file.test
View File

@ -409,7 +409,7 @@ class FileManagedFileElementTestCase extends FileFieldTestCase {
'form_token' => 'invalid token',
);
$this->drupalPost($path, $edit, t('Save'));
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertText('The form has become outdated.');
$last_fid = $this->getLastFileId();
$this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');

6
modules/file/tests/file_module_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

4
modules/filter/filter.api.php
View File

@ -202,7 +202,7 @@ function callback_filter_settings($form, &$form_state, $filter, $format, $defaul
*/
function callback_filter_prepare($text, $filter, $format, $langcode, $cache, $cache_id) {
// Escape <code> and </code> tags.
$text = preg_replace('|<code>(.+?)</code>|se', "[codefilter_code]$1[/codefilter_code]", $text);
$text = preg_replace('|<code>(.+?)</code>|s', "[codefilter_code]$1[/codefilter_code]", $text);
return $text;
}
@ -234,7 +234,7 @@ function callback_filter_prepare($text, $filter, $format, $langcode, $cache, $ca
* @ingroup callbacks
*/
function callback_filter_process($text, $filter, $format, $langcode, $cache, $cache_id) {
$text = preg_replace('|\[codefilter_code\](.+?)\[/codefilter_code\]|se', "<pre>$1</pre>", $text);
$text = preg_replace('|\[codefilter_code\](.+?)\[/codefilter_code\]|s', "<pre>$1</pre>", $text);
return $text;
}

6
modules/filter/filter.info
View File

@ -7,7 +7,7 @@ files[] = filter.test
required = TRUE
configure = admin/config/content/formats
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/forum/forum.info
View File

@ -9,7 +9,7 @@ files[] = forum.test
configure = admin/structure/forum
stylesheets[all][] = forum.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

3
modules/forum/forum.module
View File

@ -922,7 +922,8 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
);
$order = _forum_get_topic_order($sortby);
for ($i = 0; $i < count($forum_topic_list_header); $i++) {
// Skip element with index 0 which is NULL.
for ($i = 1; $i < count($forum_topic_list_header); $i++) {
if ($forum_topic_list_header[$i]['field'] == $order['field']) {
$forum_topic_list_header[$i]['sort'] = $order['sort'];
}

6
modules/help/help.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = help.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/image/image.info
View File

@ -7,7 +7,7 @@ dependencies[] = file
files[] = image.test
configure = admin/config/media/image-styles
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/image/tests/image_module_test.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = image_module_test.module
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/locale/locale.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = locale.test
configure = admin/config/regional/language
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/locale/tests/locale_test.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/menu/menu.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = menu.test
configure = admin/structure/menu
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/node/node.info
View File

@ -9,7 +9,7 @@ required = TRUE
configure = admin/structure/types
stylesheets[all][] = node.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/node/tests/node_access_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/node/tests/node_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/node/tests/node_test_exception.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/openid/openid.info
View File

@ -5,7 +5,7 @@ package = Core
core = 7.x
files[] = openid.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/openid/tests/openid_test.info
View File

@ -6,7 +6,7 @@ core = 7.x
dependencies[] = openid
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/overlay/overlay.info
View File

@ -4,7 +4,7 @@ package = Core
version = VERSION
core = 7.x
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/path/path.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = path.test
configure = admin/config/search/path
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/php/php.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = php.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/poll/poll.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = poll.test
stylesheets[all][] = poll.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/profile/profile.info
View File

@ -11,7 +11,7 @@ configure = admin/config/people/profile
; See user_system_info_alter().
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/rdf/rdf.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = rdf.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/rdf/tests/rdf_test.info
View File

@ -6,7 +6,7 @@ core = 7.x
hidden = TRUE
dependencies[] = blog
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

2
modules/search/search.extender.inc
View File

@ -219,7 +219,7 @@ class SearchQuery extends SelectQueryExtender {
}
$phrase = FALSE;
// Strip off phrase quotes.
if ($match[2]{0} == '"') {
if ($match[2][0] == '"') {
$match[2] = substr($match[2], 1, -1);
$phrase = TRUE;
$this->simple = FALSE;

6
modules/search/search.info
View File

@ -8,7 +8,7 @@ files[] = search.test
configure = admin/config/search/settings
stylesheets[all][] = search.css
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

2
modules/search/search.module
View File

@ -1172,7 +1172,7 @@ function search_excerpt($keys, $text) {
}
else {
$info = search_simplify_excerpt_match($key, $text, $included[$key], $boundary);
if ($info['where']) {
if (isset($info['where'])) {
$p = $info['where'];
if ($info['keyword']) {
$foundkeys[] = $info['keyword'];

6
modules/search/tests/search_embedded_form.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/search/tests/search_extra_type.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/search/tests/search_node_tags.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/shortcut/shortcut.info
View File

@ -6,7 +6,7 @@ core = 7.x
files[] = shortcut.test
configure = admin/config/user-interface/shortcut
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

7
modules/simpletest/simpletest.info
View File

@ -33,6 +33,7 @@ files[] = tests/pager.test
files[] = tests/password.test
files[] = tests/path.test
files[] = tests/registry.test
files[] = tests/request_sanitizer.test
files[] = tests/schema.test
files[] = tests/session.test
files[] = tests/tablesort.test
@ -57,7 +58,7 @@ files[] = tests/upgrade/update.trigger.test
files[] = tests/upgrade/update.field.test
files[] = tests/upgrade/update.user.test
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/actions_loop_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/ajax_forms_test.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/ajax_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/batch_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/boot_test_1.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/boot_test_2.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/common_test.info
View File

@ -7,7 +7,7 @@ stylesheets[all][] = common_test.css
stylesheets[print][] = common_test.print.css
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/common_test_cron_helper.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/database_test.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info
View File

@ -7,7 +7,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/entity_cache_test.info
View File

@ -6,7 +6,7 @@ core = 7.x
dependencies[] = entity_cache_test_dependency
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/entity_cache_test_dependency.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/entity_crud_hook_test.info
View File

@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

6
modules/simpletest/tests/entity_query_access_test.info
View File

@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-12-18
version = "7.69"
; Information added by Drupal.org packaging script on 2020-09-16
version = "7.73"
project = "drupal"
datestamp = "1576696221"
datestamp = "1600272641"

Some files were not shown because too many files have changed in this diff Show More