updated drupal core to 7.43

modules/aggregator/aggregator.info

@@ -7,8 +7,8 @@ files[] = aggregator.test
 configure = admin/config/services/aggregator/settings
 stylesheets[all][] = aggregator.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/aggregator/tests/aggregator_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/block/block.api.php

@@ -363,6 +363,31 @@ function hook_block_list_alter(&$blocks) {
   }
 }
 
+/**
+ * Act on block cache ID (cid) parts before the cid is generated.
+ *
+ * This hook allows you to add, remove or modify the custom keys used to
+ * generate a block cache ID (by default, these keys are set to the block
+ * module and delta). These keys will be combined with the standard ones
+ * provided by drupal_render_cid_parts() to generate the final block cache ID.
+ *
+ * To change the cache granularity used by drupal_render_cid_parts(), this hook
+ * cannot be used; instead, set the 'cache' key in the block's definition in
+ * hook_block_info().
+ *
+ * @params $cid_parts
+ *   An array of elements used to build the cid.
+ * @param $block
+ *   The block object being acted on.
+ *
+ * @see _block_get_cache_id()
+ */
+function hook_block_cid_parts_alter(&$cid_parts, $block) {
+  global $user;
+  // This example shows how to cache a block based on the user's timezone.
+  $cid_parts[] = $user->timezone;
+}
+
 /**
  * @} End of "addtogroup hooks".
  */

modules/block/block.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = block.test
 configure = admin/structure/block
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/block/block.js

@@ -24,7 +24,7 @@ Drupal.behaviors.blockSettingsSummary = {
     $('fieldset#edit-node-type', context).drupalSetSummary(function (context) {
       var vals = [];
       $('input[type="checkbox"]:checked', context).each(function () {
-        vals.push($.trim($(this).next('label').text()));
+        vals.push($.trim($(this).next('label').html()));
       });
       if (!vals.length) {
         vals.push(Drupal.t('Not restricted'));
@@ -35,7 +35,7 @@ Drupal.behaviors.blockSettingsSummary = {
     $('fieldset#edit-role', context).drupalSetSummary(function (context) {
       var vals = [];
       $('input[type="checkbox"]:checked', context).each(function () {
-        vals.push($.trim($(this).next('label').text()));
+        vals.push($.trim($(this).next('label').html()));
       });
       if (!vals.length) {
         vals.push(Drupal.t('Not restricted'));
@@ -49,7 +49,7 @@ Drupal.behaviors.blockSettingsSummary = {
         return Drupal.t('Not customizable');
       }
       else {
-        return $radio.next('label').text();
+        return $radio.next('label').html();
       }
     });
   }

modules/block/block.module

@@ -16,7 +16,7 @@ define('BLOCK_REGION_NONE', -1);
 define('BLOCK_CUSTOM_FIXED', 0);
 
 /**
- *  Shows this block by default, but lets individual users hide it.
+ * Shows this block by default, but lets individual users hide it.
  */
 define('BLOCK_CUSTOM_ENABLED', 1);
 
@@ -59,6 +59,7 @@ function block_help($path, $arg) {
       $output .= '<dd>' . t('Users with the <em>Administer blocks</em> permission can <a href="@block-add">add custom blocks</a>, which are then listed on the <a href="@blocks">Blocks administration page</a>. Once created, custom blocks behave just like default and module-generated blocks.', array('@blocks' => url('admin/structure/block'), '@block-add' => url('admin/structure/block/add'))) . '</dd>';
       $output .= '</dl>';
       return $output;
+
     case 'admin/structure/block/add':
       return '<p>' . t('Use this page to create a new custom block.') . '</p>';
   }
@@ -189,6 +190,7 @@ function _block_themes_access($theme) {
  * @param $theme
  *   The theme whose blocks are being configured. If not set, the default theme
  *   is assumed.
+ *
  * @return
  *   The theme that should be used for the block configuration page, or NULL
  *   to indicate that the default theme should be used.
@@ -343,14 +345,17 @@ function _block_get_renderable_array($list = array()) {
     // to perform contextual actions on the help block, and the links needlessly
     // draw attention on it.
     if ($key != 'system_main' && $key != 'system_help') {
-      $build[$key]['#contextual_links']['block'] = array('admin/structure/block/manage', array($block->module, $block->delta));
+      $build[$key]['#contextual_links']['block'] = array(
+        'admin/structure/block/manage',
+        array($block->module, $block->delta),
+      );
     }
 
     $build[$key] += array(
       '#block' => $block,
       '#weight' => ++$weight,
     );
-    $build[$key]['#theme_wrappers'][] ='block';
+    $build[$key]['#theme_wrappers'][] = 'block';
   }
   $build['#sorted'] = TRUE;
   return $build;
@@ -386,18 +391,20 @@ function _block_rehash($theme = NULL) {
   // Gather the blocks defined by modules.
   foreach (module_implements('block_info') as $module) {
     $module_blocks = module_invoke($module, 'block_info');
+    $delta_list = array();
     foreach ($module_blocks as $delta => $block) {
       // Compile a condition to retrieve this block from the database.
-      $condition = db_and()
-        ->condition('module', $module)
-        ->condition('delta', $delta);
-      $or->condition($condition);
       // Add identifiers.
+      $delta_list[] = $delta;
       $block['module'] = $module;
-      $block['delta']  = $delta;
-      $block['theme']  = $theme;
+      $block['delta'] = $delta;
+      $block['theme'] = $theme;
       $current_blocks[$module][$delta] = $block;
     }
+    if (!empty($delta_list)) {
+      $condition = db_and()->condition('module', $module)->condition('delta', $delta_list);
+      $or->condition($condition);
+    }
   }
   // Save the blocks defined in code for alter context.
   $code_blocks = $current_blocks;
@@ -644,7 +651,8 @@ function block_theme_initialize($theme) {
     $regions = system_region_list($theme, REGIONS_VISIBLE);
     $result = db_query("SELECT * FROM {block} WHERE theme = :theme", array(':theme' => $default_theme), array('fetch' => PDO::FETCH_ASSOC));
     foreach ($result as $block) {
-      // If the region isn't supported by the theme, assign the block to the theme's default region.
+      // If the region isn't supported by the theme, assign the block to the
+      // theme's default region.
       if ($block['status'] && !isset($regions[$block['region']])) {
         $block['region'] = system_default_region($theme);
       }
@@ -812,17 +820,18 @@ function block_block_list_alter(&$blocks) {
       // with different case. Ex: /Page, /page, /PAGE.
       $pages = drupal_strtolower($block->pages);
       if ($block->visibility < BLOCK_VISIBILITY_PHP) {
-        // Convert the Drupal path to lowercase
+        // Convert the Drupal path to lowercase.
         $path = drupal_strtolower(drupal_get_path_alias($_GET['q']));
         // Compare the lowercase internal and lowercase path alias (if any).
         $page_match = drupal_match_path($path, $pages);
         if ($path != $_GET['q']) {
           $page_match = $page_match || drupal_match_path($_GET['q'], $pages);
         }
-        // When $block->visibility has a value of 0 (BLOCK_VISIBILITY_NOTLISTED),
-        // the block is displayed on all pages except those listed in $block->pages.
-        // When set to 1 (BLOCK_VISIBILITY_LISTED), it is displayed only on those
-        // pages listed in $block->pages.
+        // When $block->visibility has a value of 0
+        // (BLOCK_VISIBILITY_NOTLISTED), the block is displayed on all pages
+        // except those listed in $block->pages. When set to 1
+        // (BLOCK_VISIBILITY_LISTED), it is displayed only on those pages
+        // listed in $block->pages.
         $page_match = !($block->visibility xor $page_match);
       }
       elseif (module_exists('php')) {
@@ -845,7 +854,8 @@ function block_block_list_alter(&$blocks) {
  * Render the content and subject for a set of blocks.
  *
  * @param $region_blocks
- *   An array of block objects such as returned for one region by _block_load_blocks().
+ *   An array of block objects such as returned for one region by
+ *   _block_load_blocks().
  *
  * @return
  *   An array of visible blocks as expected by drupal_render().
@@ -953,6 +963,8 @@ function _block_render_blocks($region_blocks) {
  * Theme and language contexts are automatically differentiated.
  *
  * @param $block
+ *   The block to get the cache_id from.
+ *
  * @return
  *   The string used as cache_id for the block.
  */
@@ -967,6 +979,7 @@ function _block_get_cache_id($block) {
     // Start with common sub-patterns: block identification, theme, language.
     $cid_parts[] = $block->module;
     $cid_parts[] = $block->delta;
+    drupal_alter('block_cid_parts', $cid_parts, $block);
     $cid_parts = array_merge($cid_parts, drupal_render_cid_parts($block->cache));
 
     return implode(':', $cid_parts);

modules/block/tests/block_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/block/tests/themes/block_test_theme/block_test_theme.info

@@ -13,8 +13,8 @@ regions[footer] = Footer
 regions[highlighted] = Highlighted
 regions[help] = Help
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/blog/blog.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = blog.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/book/book.info

@@ -7,8 +7,8 @@ files[] = book.test
 configure = admin/content/book/settings
 stylesheets[all][] = book.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/color/color.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = color.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/comment/comment.info

@@ -9,8 +9,8 @@ files[] = comment.test
 configure = admin/content/comment
 stylesheets[all][] = comment.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/contact/contact.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = contact.test
 configure = admin/structure/contact
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/contextual/contextual.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = contextual.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/dashboard/dashboard.info

@@ -7,8 +7,8 @@ files[] = dashboard.test
 dependencies[] = block
 configure = admin/dashboard/customize
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/dblog/dblog.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = dblog.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/dblog/dblog.module

@@ -144,17 +144,20 @@ function _dblog_get_message_types() {
  * Note: Some values may be truncated to meet database column size restrictions.
  */
 function dblog_watchdog(array $log_entry) {
+  if (!function_exists('drupal_substr')) {
+    require_once DRUPAL_ROOT . '/includes/unicode.inc';
+  }
   Database::getConnection('default', 'default')->insert('watchdog')
     ->fields(array(
       'uid' => $log_entry['uid'],
-      'type' => substr($log_entry['type'], 0, 64),
+      'type' => drupal_substr($log_entry['type'], 0, 64),
       'message' => $log_entry['message'],
       'variables' => serialize($log_entry['variables']),
       'severity' => $log_entry['severity'],
-      'link' => substr($log_entry['link'], 0, 255),
+      'link' => drupal_substr($log_entry['link'], 0, 255),
       'location' => $log_entry['request_uri'],
       'referer' => $log_entry['referer'],
-      'hostname' => substr($log_entry['ip'], 0, 128),
+      'hostname' => drupal_substr($log_entry['ip'], 0, 128),
       'timestamp' => $log_entry['timestamp'],
     ))
     ->execute();

modules/dblog/dblog.test

@@ -119,13 +119,16 @@ class DBLogTestCase extends DrupalWebTestCase {
   private function generateLogEntries($count, $type = 'custom', $severity = WATCHDOG_NOTICE) {
     global $base_root;
 
+    // Make it just a little bit harder to pass the link part of the test.
+    $link = urldecode('/content/xo%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A%E9%85%B1%E5%87%89%E6%8B%8C%E7%B4%A0%E9%B8%A1%E7%85%A7%E7%83%A7%E9%B8%A1%E9%BB%84%E7%8E%AB%E7%91%B0-%E7%A7%91%E5%B7%9E%E7%9A%84%E5%B0%8F%E4%B9%9D%E5%AF%A8%E6%B2%9F%E7%BB%9D%E7%BE%8E%E9%AB%98%E5%B1%B1%E6%B9%96%E6%B3%8A-lake-isabelle');
+
     // Prepare the fields to be logged
     $log = array(
       'type'        => $type,
       'message'     => 'Log entry added to test the dblog row limit.',
       'variables'   => array(),
       'severity'    => $severity,
-      'link'        => NULL,
+      'link'        => $link,
       'user'        => $this->big_user,
       'uid'         => isset($this->big_user->uid) ? $this->big_user->uid : 0,
       'request_uri' => $base_root . request_uri(),
@@ -634,4 +637,3 @@ class DBLogTestCase extends DrupalWebTestCase {
     $this->assertLink(html_entity_decode($message_text), 0, $message);
   }
 }
-

modules/field/field.info

@@ -11,8 +11,8 @@ dependencies[] = field_sql_storage
 required = TRUE
 stylesheets[all][] = theme/field.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/field.info.class.inc

@@ -612,10 +612,12 @@ class FieldInfo {
     // Fill in default values.
     $display += array(
       'label' => 'above',
-      'type' => $field_type_info['default_formatter'],
       'settings' => array(),
       'weight' => 0,
     );
+    if (empty($display['type'])) {
+      $display['type'] = $field_type_info['default_formatter'];
+    }
     if ($display['type'] != 'hidden') {
       $formatter_type_info = field_info_formatter_types($display['type']);
       // Fall back to default formatter if formatter type is not available.

modules/field/modules/field_sql_storage/field_sql_storage.info

@@ -7,8 +7,8 @@ dependencies[] = field
 files[] = field_sql_storage.test
 required = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/modules/list/list.info

@@ -7,8 +7,8 @@ dependencies[] = field
 dependencies[] = options
 files[] = tests/list.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/modules/list/tests/list_test.info

@@ -5,8 +5,8 @@ package = Testing
 version = VERSION
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/modules/number/number.info

@@ -6,8 +6,8 @@ core = 7.x
 dependencies[] = field
 files[] = number.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/modules/number/number.module

@@ -188,7 +188,7 @@ function number_field_formatter_info() {
       'label' => t('Default'),
       'field types' => array('number_integer'),
       'settings' =>  array(
-        'thousand_separator' => ' ',
+        'thousand_separator' => '',
         // The 'decimal_separator' and 'scale' settings are not configurable
         // through the UI, and will therefore keep their default values. They
         // are only present so that the 'number_integer' and 'number_decimal'
@@ -202,7 +202,7 @@ function number_field_formatter_info() {
       'label' => t('Default'),
       'field types' => array('number_decimal', 'number_float'),
       'settings' =>  array(
-        'thousand_separator' => ' ',
+        'thousand_separator' => '',
         'decimal_separator' => '.',
         'scale' => 2,
         'prefix_suffix' => TRUE,

modules/field/modules/options/options.info

@@ -6,8 +6,8 @@ core = 7.x
 dependencies[] = field
 files[] = options.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/modules/options/options.module

@@ -185,6 +185,7 @@ function _options_properties($type, $multiple, $required, $has_value) {
   $base = array(
     'filter_xss' => FALSE,
     'strip_tags' => FALSE,
+    'strip_tags_and_unescape' => FALSE,
     'empty_option' => FALSE,
     'optgroups' => FALSE,
   );
@@ -195,7 +196,7 @@ function _options_properties($type, $multiple, $required, $has_value) {
     case 'select':
       $properties = array(
         // Select boxes do not support any HTML tag.
-        'strip_tags' => TRUE,
+        'strip_tags_and_unescape' => TRUE,
         'optgroups' => TRUE,
       );
       if ($multiple) {
@@ -271,9 +272,16 @@ function _options_prepare_options(&$options, $properties) {
       _options_prepare_options($options[$value], $properties);
     }
     else {
+      // The 'strip_tags' option is deprecated. Use 'strip_tags_and_unescape'
+      // when plain text is required (and where the output will be run through
+      // check_plain() before being inserted back into HTML) or 'filter_xss'
+      // when HTML is required.
       if ($properties['strip_tags']) {
         $options[$value] = strip_tags($label);
       }
+      if ($properties['strip_tags_and_unescape']) {
+        $options[$value] = decode_entities(strip_tags($label));
+      }
       if ($properties['filter_xss']) {
         $options[$value] = field_filter_xss($label);
       }

modules/field/modules/options/options.test

@@ -24,7 +24,7 @@ class OptionsWidgetsTestCase extends FieldTestCase {
       'cardinality' => 1,
       'settings' => array(
         // Make sure that 0 works as an option.
-        'allowed_values' => array(0 => 'Zero', 1 => 'One', 2 => 'Some <script>dangerous</script> & unescaped <strong>markup</strong>'),
+        'allowed_values' => array(0 => 'Zero', 1 => 'One', 2 => 'Some <script>dangerous</script> & unescaped <strong>markup</strong>',  3 => 'Some HTML encoded markup with &lt; &amp; &gt;'),
       ),
     );
     $this->card_1 = field_create_field($this->card_1);
@@ -233,6 +233,7 @@ class OptionsWidgetsTestCase extends FieldTestCase {
     $this->assertNoOptionSelected("edit-card-1-$langcode", 1);
     $this->assertNoOptionSelected("edit-card-1-$langcode", 2);
     $this->assertRaw('Some dangerous &amp; unescaped markup', 'Option text was properly filtered.');
+    $this->assertRaw('Some HTML encoded markup with &lt; &amp; &gt;', 'HTML entities in option text were properly handled and not double-encoded');
 
     // Submit form: select invalid 'none' option.
     $edit = array("card_1[$langcode]" => '_none');

modules/field/modules/text/text.info

@@ -7,8 +7,8 @@ dependencies[] = field
 files[] = text.test
 required = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field/modules/text/text.module

@@ -223,11 +223,13 @@ function text_field_formatter_settings_form($field, $instance, $view_mode, $form
 
   if (strpos($display['type'], '_trimmed') !== FALSE) {
     $element['trim_length'] = array(
-      '#title' => t('Trim length'),
+      '#title' => t('Trimmed limit'),
       '#type' => 'textfield',
+      '#field_suffix' => t('characters'),
       '#size' => 10,
       '#default_value' => $settings['trim_length'],
       '#element_validate' => array('element_validate_integer_positive'),
+      '#description' => t('If the summary is not set, the trimmed %label field will be shorter than this character limit.', array('%label' => $instance['label'])),
       '#required' => TRUE,
     );
   }
@@ -245,7 +247,7 @@ function text_field_formatter_settings_summary($field, $instance, $view_mode) {
   $summary = '';
 
   if (strpos($display['type'], '_trimmed') !== FALSE) {
-    $summary = t('Trim length') . ': ' . check_plain($settings['trim_length']);
+    $summary = t('Trimmed limit: @trim_length characters', array('@trim_length' => $settings['trim_length']));
   }
 
   return $summary;

modules/field/tests/field_test.info

@@ -6,8 +6,8 @@ files[] = field_test.entity.inc
 version = VERSION
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/field_ui/field_ui.info

@@ -6,8 +6,8 @@ core = 7.x
 dependencies[] = field
 files[] = field_ui.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/file/file.field.inc

@@ -632,7 +632,7 @@ function file_field_widget_process($element, &$form_state, $form) {
   $element['#theme'] = 'file_widget';
 
   // Add the display field if enabled.
-  if (!empty($field['settings']['display_field']) && $item['fid']) {
+  if (!empty($field['settings']['display_field'])) {
     $element['display'] = array(
       '#type' => empty($item['fid']) ? 'hidden' : 'checkbox',
       '#title' => t('Include file in display'),

modules/file/file.info

@@ -6,8 +6,8 @@ core = 7.x
 dependencies[] = field
 files[] = tests/file.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/file/file.module

@@ -92,7 +92,7 @@ function file_theme() {
       'variables' => array('file' => NULL, 'icon_directory' => NULL),
     ),
     'file_icon' => array(
-      'variables' => array('file' => NULL, 'icon_directory' => NULL),
+      'variables' => array('file' => NULL, 'icon_directory' => NULL, 'alt' => ''),
     ),
     'file_managed_file' => array(
       'render element' => 'element',
@@ -529,14 +529,19 @@ function file_managed_file_value(&$element, $input = FALSE, $form_state = NULL)
         // publicly accessible, with no download restrictions; for security
         // reasons all other schemes must go through the file_download_access()
         // check.
-        if (in_array(file_uri_scheme($file->uri), variable_get('file_public_schema', array('public'))) || file_download_access($file->uri)) {
-          $fid = $file->fid;
-        }
-        // If the current user doesn't have access, don't let the file be
-        // changed.
-        else {
+        if (!in_array(file_uri_scheme($file->uri), variable_get('file_public_schema', array('public'))) && !file_download_access($file->uri)) {
           $force_default = TRUE;
         }
+        // Temporary files that belong to other users should never be allowed.
+        // Since file ownership can't be determined for anonymous users, they
+        // are not allowed to reuse temporary files at all.
+        elseif ($file->status != FILE_STATUS_PERMANENT && (!$GLOBALS['user']->uid || $file->uid != $GLOBALS['user']->uid)) {
+          $force_default = TRUE;
+        }
+        // If all checks pass, allow the file to be changed.
+        else {
+          $fid = $file->fid;
+        }
       }
     }
   }
@@ -749,7 +754,32 @@ function theme_file_link($variables) {
   $icon_directory = $variables['icon_directory'];
 
   $url = file_create_url($file->uri);
-  $icon = theme('file_icon', array('file' => $file, 'icon_directory' => $icon_directory));
+
+  // Human-readable names, for use as text-alternatives to icons.
+  $mime_name = array(
+    'application/msword' => t('Microsoft Office document icon'),
+    'application/vnd.ms-excel' => t('Office spreadsheet icon'),
+    'application/vnd.ms-powerpoint' => t('Office presentation icon'),
+    'application/pdf' => t('PDF icon'),
+    'video/quicktime' => t('Movie icon'),
+    'audio/mpeg' => t('Audio icon'),
+    'audio/wav' => t('Audio icon'),
+    'image/jpeg' => t('Image icon'),
+    'image/png' => t('Image icon'),
+    'image/gif' => t('Image icon'),
+    'application/zip' => t('Package icon'),
+    'text/html' => t('HTML icon'),
+    'text/plain' => t('Plain text icon'),
+    'application/octet-stream' => t('Binary Data'),
+  );
+
+  $mimetype = file_get_mimetype($file->uri);
+
+  $icon = theme('file_icon', array(
+    'file' => $file,
+    'icon_directory' => $icon_directory,
+    'alt' => !empty($mime_name[$mimetype]) ? $mime_name[$mimetype] : t('File'),
+  ));
 
   // Set options as per anchor format described at
   // http://microformats.org/wiki/file-format-examples
@@ -779,16 +809,19 @@ function theme_file_link($variables) {
  *   - file: A file object for which to make an icon.
  *   - icon_directory: (optional) A path to a directory of icons to be used for
  *     files. Defaults to the value of the "file_icon_directory" variable.
+ *   - alt: (optional) The alternative text to represent the icon in text-based
+ *     browsers. Defaults to an empty string.
  *
  * @ingroup themeable
  */
 function theme_file_icon($variables) {
   $file = $variables['file'];
+  $alt = $variables['alt'];
   $icon_directory = $variables['icon_directory'];
 
   $mime = check_plain($file->filemime);
   $icon_url = file_icon_url($file, $icon_directory);
-  return '<img class="file-icon" alt="" title="' . $mime . '" src="' . $icon_url . '" />';
+  return '<img class="file-icon" alt="' . check_plain($alt) . '" title="' . $mime . '" src="' . $icon_url . '" />';
 }
 
 /**

modules/file/tests/file.test

@@ -218,6 +218,30 @@ class FileFieldTestCase extends DrupalWebTestCase {
     $message = isset($message) ? $message : format_string('File %file is permanent.', array('%file' => $file->uri));
     $this->assertTrue($file->status == FILE_STATUS_PERMANENT, $message);
   }
+
+  /**
+   * Creates a temporary file, for a specific user.
+   *
+   * @param string $data
+   *   A string containing the contents of the file.
+   * @param int $uid
+   *   The user ID of the file owner.
+   *
+   * @return object
+   *   A file object, or FALSE on error.
+   */
+  function createTemporaryFile($data, $uid = NULL) {
+    $file = file_save_data($data, NULL, NULL);
+
+    if ($file) {
+      $file->uid = isset($uid) ? $uid : $this->admin_user->uid;
+      // Change the file status to be temporary.
+      $file->status = NULL;
+      return file_save($file);
+    }
+
+    return $file;
+  }
 }
 
 /**
@@ -526,6 +550,120 @@ class FileFieldWidgetTestCase extends FileFieldTestCase {
     }
   }
 
+  /**
+   * Tests exploiting the temporary file removal of another user using fid.
+   */
+  function testTemporaryFileRemovalExploit() {
+    // Create a victim user.
+    $victim_user = $this->drupalCreateUser();
+
+    // Create an attacker user.
+    $attacker_user = $this->drupalCreateUser(array(
+      'access content',
+      'create page content',
+      'edit any page content',
+    ));
+
+    // Log in as the attacker user.
+    $this->drupalLogin($attacker_user);
+
+    // Perform tests using the newly created users.
+    $this->doTestTemporaryFileRemovalExploit($victim_user->uid, $attacker_user->uid);
+  }
+
+  /**
+   * Tests exploiting the temporary file removal for anonymous users using fid.
+   */
+  public function testTemporaryFileRemovalExploitAnonymous() {
+    // Set up an anonymous victim user.
+    $victim_uid = 0;
+
+    // Set up an anonymous attacker user.
+    $attacker_uid = 0;
+
+    // Set up permissions for anonymous attacker user.
+    user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(
+      'access content' => TRUE,
+      'create page content' => TRUE,
+      'edit any page content' => TRUE,
+    ));
+
+    // In order to simulate being the anonymous attacker user, we need to log
+    // out here since setUp() has logged in the admin.
+    $this->drupalLogout();
+
+    // Perform tests using the newly set up users.
+    $this->doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid);
+  }
+
+  /**
+   * Helper for testing exploiting the temporary file removal using fid.
+   *
+   * @param int $victim_uid
+   *   The victim user ID.
+   * @param int $attacker_uid
+   *   The attacker user ID.
+   */
+  protected function doTestTemporaryFileRemovalExploit($victim_uid, $attacker_uid) {
+    // Use 'page' instead of 'article', so that the 'article' image field does
+    // not conflict with this test. If in the future the 'page' type gets its
+    // own default file or image field, this test can be made more robust by
+    // using a custom node type.
+    $type_name = 'page';
+    $field_name = 'test_file_field';
+    $this->createFileField($field_name, $type_name);
+
+    $test_file = $this->getTestFile('text');
+    foreach (array('nojs', 'js') as $type) {
+      // Create a temporary file owned by the anonymous victim user. This will be
+      // as if they had uploaded the file, but not saved the node they were
+      // editing or creating.
+      $victim_tmp_file = $this->createTemporaryFile('some text', $victim_uid);
+      $victim_tmp_file = file_load($victim_tmp_file->fid);
+      $this->assertTrue($victim_tmp_file->status != FILE_STATUS_PERMANENT, 'New file saved to disk is temporary.');
+      $this->assertFalse(empty($victim_tmp_file->fid), 'New file has a fid');
+      $this->assertEqual($victim_uid, $victim_tmp_file->uid, 'New file belongs to the victim user');
+
+      // Have attacker create a new node with a different uploaded file and
+      // ensure it got uploaded successfully.
+      // @todo Can we test AJAX? See https://www.drupal.org/node/2538260
+      $edit = array(
+        'title' => $type . '-title',
+      );
+
+      // Attach a file to a node.
+      $langcode = LANGUAGE_NONE;
+      $edit['files[' . $field_name . '_' . $langcode . '_0]'] = drupal_realpath($test_file->uri);
+      $this->drupalPost("node/add/$type_name", $edit, 'Save');
+      $node = $this->drupalGetNodeByTitle($edit['title']);
+      $node_file = file_load($node->{$field_name}[$langcode][0]['fid']);
+      $this->assertFileExists($node_file, 'New file saved to disk on node creation.');
+      $this->assertEqual($attacker_uid, $node_file->uid, 'New file belongs to the attacker.');
+
+      // Ensure the file can be downloaded.
+      $this->drupalGet(file_create_url($node_file->uri));
+      $this->assertResponse(200, 'Confirmed that the generated URL is correct by downloading the shipped file.');
+
+      // "Click" the remove button (emulating either a nojs or js submission).
+      // In this POST request, the attacker "guesses" the fid of the victim's
+      // temporary file and uses that to remove this file.
+      $this->drupalGet('node/' . $node->nid . '/edit');
+      switch ($type) {
+        case 'nojs':
+          $this->drupalPost(NULL, array("{$field_name}[$langcode][0][fid]" => (string) $victim_tmp_file->fid), 'Remove');
+          break;
+        case 'js':
+          $button = $this->xpath('//input[@type="submit" and @value="Remove"]');
+          $this->drupalPostAJAX(NULL, array("{$field_name}[$langcode][0][fid]" => (string) $victim_tmp_file->fid), array((string) $button[0]['name'] => (string) $button[0]['value']));
+          break;
+      }
+
+      // The victim's temporary file should not be removed by the attacker's
+      // POST request.
+      $this->assertFileExists($victim_tmp_file);
+    }
+  }
+
   /**
    * Tests upload and remove buttons for multiple multi-valued File fields.
    */
@@ -951,6 +1089,34 @@ class FileFieldDisplayTestCase extends FileFieldTestCase {
     $this->assertRaw($field_name . '[' . LANGUAGE_NONE . '][0][display]', 'First file appears as expected.');
     $this->assertRaw($field_name . '[' . LANGUAGE_NONE . '][1][display]', 'Second file appears as expected.');
   }
+
+  /**
+   * Tests default display of File Field.
+   */
+  function testDefaultFileFieldDisplay() {
+    $field_name = strtolower($this->randomName());
+    $type_name = 'article';
+    $field_settings = array(
+      'display_field' => '1',
+      'display_default' => '0',
+    );
+    $instance_settings = array(
+      'description_field' => '1',
+    );
+    $widget_settings = array();
+    $this->createFileField($field_name, $type_name, $field_settings, $instance_settings, $widget_settings);
+    $field = field_info_field($field_name);
+    $instance = field_info_instance('node', $field_name, $type_name);
+
+    $test_file = $this->getTestFile('text');
+
+    // Create a new node with the uploaded file.
+    $nid = $this->uploadNodeFile($test_file, $field_name, $type_name);
+
+    $this->drupalGet('node/' . $nid . '/edit');
+    $this->assertFieldByXPath('//input[@type="checkbox" and @name="' . $field_name . '[und][0][display]"]', NULL, 'Default file display checkbox field exists.');
+    $this->assertFieldByXPath('//input[@type="checkbox" and @name="' . $field_name . '[und][0][display]" and not(@checked)]', NULL, 'Default file display is off.');
+  }
 }
 
 /**

modules/file/tests/file_module_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/filter/filter.info

@@ -7,8 +7,8 @@ files[] = filter.test
 required = TRUE
 configure = admin/config/content/formats
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/filter/filter.module

@@ -93,6 +93,14 @@ function filter_menu() {
     'type' => MENU_SUGGESTED_ITEM,
     'file' => 'filter.pages.inc',
   );
+  $items['filter/tips/%filter_format'] = array(
+    'title' => 'Compose tips',
+    'page callback' => 'filter_tips_long',
+    'page arguments' => array(2),
+    'access callback' => 'filter_access',
+    'access arguments' => array(2),
+    'file' => 'filter.pages.inc',
+  );
   $items['admin/config/content/formats'] = array(
     'title' => 'Text formats',
     'description' => 'Configure how content input by users is filtered, including allowed HTML tags. Also allows enabling of module-provided filters.',
@@ -1119,18 +1127,23 @@ function filter_dom_serialize($dom_document) {
   $body_node = $dom_document->getElementsByTagName('body')->item(0);
   $body_content = '';
 
-  foreach ($body_node->getElementsByTagName('script') as $node) {
-    filter_dom_serialize_escape_cdata_element($dom_document, $node);
-  }
+  if ($body_node !== NULL) {
+    foreach ($body_node->getElementsByTagName('script') as $node) {
+      filter_dom_serialize_escape_cdata_element($dom_document, $node);
+    }
 
-  foreach ($body_node->getElementsByTagName('style') as $node) {
-    filter_dom_serialize_escape_cdata_element($dom_document, $node, '/*', '*/');
-  }
+    foreach ($body_node->getElementsByTagName('style') as $node) {
+      filter_dom_serialize_escape_cdata_element($dom_document, $node, '/*', '*/');
+    }
 
-  foreach ($body_node->childNodes as $child_node) {
-    $body_content .= $dom_document->saveXML($child_node);
+    foreach ($body_node->childNodes as $child_node) {
+      $body_content .= $dom_document->saveXML($child_node);
+    }
+    return preg_replace('|<([^> ]*)/>|i', '<$1 />', $body_content);
+  }
+  else {
+    return $body_content;
   }
-  return preg_replace('|<([^> ]*)/>|i', '<$1 />', $body_content);
 }
 
 /**
@@ -1484,7 +1497,7 @@ function _filter_url($text, $filter) {
   $tasks['_filter_url_parse_full_links'] = $pattern;
 
   // Match e-mail addresses.
-  $url_pattern = "[A-Za-z0-9._-]{1,254}@(?:$domain)";
+  $url_pattern = "[A-Za-z0-9._+-]{1,254}@(?:$domain)";
   $pattern = "`($url_pattern)`";
   $tasks['_filter_url_parse_email_links'] = $pattern;
 

modules/filter/filter.pages.inc

@@ -14,10 +14,9 @@
  * @see filter_menu()
  * @see theme_filter_tips()
  */
-function filter_tips_long() {
-  $format_id = arg(2);
-  if ($format_id) {
-    $output = theme('filter_tips', array('tips' => _filter_tips($format_id, TRUE), 'long' => TRUE));
+function filter_tips_long($format = NULL) {
+  if (!empty($format)) {
+    $output = theme('filter_tips', array('tips' => _filter_tips($format->format, TRUE), 'long' => TRUE));
   }
   else {
     $output = theme('filter_tips', array('tips' => _filter_tips(-1, TRUE), 'long' => TRUE));

modules/filter/filter.test

@@ -555,6 +555,27 @@ class FilterFormatAccessTestCase extends DrupalWebTestCase {
     $this->assertTrue(isset($options[$this->allowed_format->format]), 'The allowed text format appears as an option when adding a new node.');
     $this->assertFalse(isset($options[$this->disallowed_format->format]), 'The disallowed text format does not appear as an option when adding a new node.');
     $this->assertTrue(isset($options[filter_fallback_format()]), 'The fallback format appears as an option when adding a new node.');
+
+    // Check regular user access to the filter tips pages.
+    $this->drupalGet('filter/tips/' . $this->allowed_format->format);
+    $this->assertResponse(200);
+    $this->drupalGet('filter/tips/' . $this->disallowed_format->format);
+    $this->assertResponse(403);
+    $this->drupalGet('filter/tips/' . filter_fallback_format());
+    $this->assertResponse(200);
+    $this->drupalGet('filter/tips/invalid-format');
+    $this->assertResponse(404);
+
+    // Check admin user access to the filter tips pages.
+    $this->drupalLogin($this->admin_user);
+    $this->drupalGet('filter/tips/' . $this->allowed_format->format);
+    $this->assertResponse(200);
+    $this->drupalGet('filter/tips/' . $this->disallowed_format->format);
+    $this->assertResponse(200);
+    $this->drupalGet('filter/tips/' . filter_fallback_format());
+    $this->assertResponse(200);
+    $this->drupalGet('filter/tips/invalid-format');
+    $this->assertResponse(404);
   }
 
   /**
@@ -1273,6 +1294,7 @@ class FilterUnitTestCase extends DrupalUnitTestCase {
     // Create a e-mail that is too long.
     $long_email = str_repeat('a', 254) . '@example.com';
     $too_long_email = str_repeat('b', 255) . '@example.com';
+    $email_with_plus_sign = 'one+two@example.com';
 
 
     // Filter selection/pattern matching.
@@ -1286,12 +1308,13 @@ http://example.com or www.example.com
       ),
       // MAILTO URLs.
       '
-person@example.com or mailto:person2@example.com or ' . $long_email . ' but not ' . $too_long_email . '
+person@example.com or mailto:person2@example.com or ' . $email_with_plus_sign . ' or ' . $long_email . ' but not ' . $too_long_email . '
 ' => array(
         '<a href="mailto:person@example.com">person@example.com</a>' => TRUE,
         '<a href="mailto:person2@example.com">mailto:person2@example.com</a>' => TRUE,
         '<a href="mailto:' . $long_email . '">' . $long_email . '</a>' => TRUE,
         '<a href="mailto:' . $too_long_email . '">' . $too_long_email . '</a>' => FALSE,
+        '<a href="mailto:' . $email_with_plus_sign . '">' . $email_with_plus_sign . '</a>' => TRUE,
       ),
       // URI parts and special characters.
       '
@@ -1983,3 +2006,26 @@ class FilterSettingsTestCase extends DrupalWebTestCase {
     }
   }
 }
+
+/**
+ * Tests DOMDocument serialization.
+ */
+class FilterDOMSerializeTestCase extends DrupalWebTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Serialization',
+      'description' => 'Test serialization of DOMDocument objects.',
+      'group' => 'Filter',
+    );
+  }
+
+  /**
+   * Tests empty DOMDocument object.
+   */
+  function testFilterEmptyDOMSerialization() {
+    $document = new DOMDocument();
+    $result = filter_dom_serialize($document);
+    $this->assertEqual('', $result);
+  }
+}

modules/forum/forum.info

@@ -9,8 +9,8 @@ files[] = forum.test
 configure = admin/structure/forum
 stylesheets[all][] = forum.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/help/help.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = help.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/image/image.info

@@ -7,8 +7,8 @@ dependencies[] = file
 files[] = image.test
 configure = admin/config/media/image-styles
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/image/image.module

@@ -64,7 +64,7 @@ function image_help($path, $arg) {
       $effect = image_effect_definition_load($arg[7]);
       return isset($effect['help']) ? ('<p>' . $effect['help'] . '</p>') : NULL;
     case 'admin/config/media/image-styles/edit/%/effects/%':
-      $effect = ($arg[5] == 'add') ? image_effect_definition_load($arg[6]) : image_effect_load($arg[6], $arg[4]);
+      $effect = ($arg[5] == 'add') ? image_effect_definition_load($arg[6]) : image_effect_load($arg[7], $arg[5]);
       return isset($effect['help']) ? ('<p>' . $effect['help'] . '</p>') : NULL;
   }
 }
@@ -801,6 +801,8 @@ function image_style_options($include_empty = TRUE, $output = CHECK_PLAIN) {
  *
  * @param $style
  *   The image style
+ * @param $scheme
+ *   The file scheme, for example 'public' for public files.
  */
 function image_style_deliver($style, $scheme) {
   $args = func_get_args();
@@ -833,8 +835,8 @@ function image_style_deliver($style, $scheme) {
       file_download($scheme, file_uri_target($derivative_uri));
     }
     else {
-      $headers = module_invoke_all('file_download', $image_uri);
-      if (in_array(-1, $headers) || empty($headers)) {
+      $headers = file_download_headers($image_uri);
+      if (empty($headers)) {
         return MENU_ACCESS_DENIED;
       }
       if (count($headers)) {

modules/image/image.test

@@ -77,6 +77,24 @@ class ImageFieldTestCase extends DrupalWebTestCase {
     return field_create_instance($instance);
   }
 
+  /**
+   * Create a random style.
+   *
+   * @return array
+   *  A list containing the details of the generated image style.
+   */
+  function createRandomStyle() {
+    $style_name = strtolower($this->randomName(10));
+    $style_label = $this->randomString();
+    image_style_save(array('name' => $style_name, 'label' => $style_label));
+    $style_path = 'admin/config/media/image-styles/edit/' . $style_name;
+    return array(
+      'name' => $style_name,
+      'label' => $style_label,
+      'path' => $style_path,
+    );
+  }
+
   /**
    * Upload an image to a node.
    *
@@ -183,6 +201,22 @@ class ImageStylesPathAndUrlTestCase extends DrupalWebTestCase {
     $this->assertResponse(404, 'Accessing an image style URL with a source image that does not exist provides a 404 error response.');
   }
 
+  /**
+   * Test that we do not pass an array to drupal_add_http_header.
+   */
+  function testImageContentTypeHeaders() {
+    $files = $this->drupalGetTestFiles('image');
+    $file = array_shift($files);
+    // Copy the test file to private folder.
+    $private_file = file_copy($file, 'private://', FILE_EXISTS_RENAME);
+    // Tell image_module_test module to return the headers we want to test.
+    variable_set('image_module_test_invalid_headers', $private_file->uri);
+    // Invoke image_style_deliver so it will try to set headers.
+    $generated_url = image_style_url($this->style_name, $private_file->uri);
+    $this->drupalGet($generated_url);
+    variable_del('image_module_test_invalid_headers');
+  }
+
   /**
    * Test image_style_url().
    */
@@ -469,6 +503,58 @@ class ImageEffectsUnitTest extends ImageToolkitTestCase {
   }
 }
 
+/**
+ * Tests the administrative user interface.
+ */
+class ImageAdminUiTestCase extends ImageFieldTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => 'Administrative user interface',
+      'description' => 'Tests the forms used in the administrative user interface.',
+      'group' => 'Image',
+    );
+  }
+
+  function setUp() {
+    parent::setUp(array('image'));
+  }
+
+  /**
+   * Test if the help text is available on the add effect form.
+   */
+  function testAddEffectHelpText() {
+    // Create a random image style.
+    $style = $this->createRandomStyle();
+
+    // Open the add effect form and check for the help text.
+    $this->drupalGet($style['path'] . '/add/image_crop');
+    $this->assertText(t('Cropping will remove portions of an image to make it the specified dimensions.'), 'The image style effect help text was displayed on the add effect page.');
+  }
+
+  /**
+   * Test if the help text is available on the edit effect form.
+   */
+  function testEditEffectHelpText() {
+    // Create a random image style.
+    $random_style = $this->createRandomStyle();
+
+    // Add the crop effect to the image style.
+    $edit = array();
+    $edit['data[width]'] = 20;
+    $edit['data[height]'] = 20;
+    $this->drupalPost($random_style['path'] . '/add/image_crop', $edit, t('Add effect'));
+
+    // Open the edit effect form and check for the help text.
+    drupal_static_reset('image_styles');
+    $style = image_style_load($random_style['name']);
+
+    foreach ($style['effects'] as $ieid => $effect) {
+      $this->drupalGet($random_style['path'] . '/effects/' . $ieid);
+      $this->assertText(t('Cropping will remove portions of an image to make it the specified dimensions.'), 'The image style effect help text was displayed on the edit effect page.');
+    }
+  }
+}
+
 /**
  * Tests creation, deletion, and editing of image styles and effects.
  */

modules/image/tests/image_module_test.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = image_module_test.module
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/image/tests/image_module_test.module

@@ -9,6 +9,9 @@ function image_module_test_file_download($uri) {
   if (variable_get('image_module_test_file_download', FALSE) == $uri) {
     return array('X-Image-Owned-By' => 'image_module_test');
   }
+  if (variable_get('image_module_test_invalid_headers', FALSE) == $uri) {
+    return array('Content-Type' => 'image/png');
+  }
 }
 
 /**

modules/locale/locale.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = locale.test
 configure = admin/config/regional/language
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/locale/tests/locale_test.info

@@ -5,8 +5,8 @@ package = Testing
 version = VERSION
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/menu/menu.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = menu.test
 configure = admin/structure/menu
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/menu/menu.test

@@ -72,6 +72,17 @@ class MenuTestCase extends DrupalWebTestCase {
     $saved_item = menu_link_load($item['mlid']);
     $this->assertEqual($description, $saved_item['options']['attributes']['title'], 'Saving an existing link updates the description (title attribute)');
     $this->resetMenuLink($item, $old_title);
+
+    // Test that the page title is correct when a local task appears in a
+    // top-level menu item. See https://www.drupal.org/node/1973262.
+    $item = $this->addMenuLink(0, 'user/register', 'user-menu');
+    $this->drupalGet('user/password');
+    $this->assertNoTitle('Home | Drupal');
+    $this->drupalLogout();
+    $this->drupalGet('user/register');
+    $this->assertTitle($item['link_title'] . ' | Drupal');
+    $this->drupalGet('user');
+    $this->assertNoTitle('Home | Drupal');
   }
 
   /**

modules/node/node.admin.inc

@@ -329,6 +329,8 @@ function _node_mass_update_helper($nid, $updates) {
 }
 
 /**
+ * Implements callback_batch_operation().
+ *
  * Executes a batch operation for node_mass_update().
  *
  * @param array $nodes
@@ -367,7 +369,9 @@ function _node_mass_update_batch_process($nodes, $updates, &$context) {
 }
 
 /**
- * Menu callback: Reports the status of batch operation for node_mass_update().
+ * Implements callback_batch_finished().
+ *
+ * Reports the status of batch operation for node_mass_update().
  *
  * @param bool $success
  *   A boolean indicating whether the batch mass update operation successfully
@@ -504,14 +508,17 @@ function node_admin_nodes() {
   $options = array();
   foreach ($nodes as $node) {
     $langcode = entity_language('node', $node);
-    $l_options = $langcode != LANGUAGE_NONE && isset($languages[$langcode]) ? array('language' => $languages[$langcode]) : array();
+    $uri = entity_uri('node', $node);
+    if ($langcode != LANGUAGE_NONE && isset($languages[$langcode])) {
+      $uri['options']['language'] = $languages[$langcode];
+    }
     $options[$node->nid] = array(
       'title' => array(
         'data' => array(
           '#type' => 'link',
           '#title' => $node->title,
-          '#href' => 'node/' . $node->nid,
-          '#options' => $l_options,
+          '#href' => $uri['path'],
+          '#options' => $uri['options'],
           '#suffix' => ' ' . theme('mark', array('type' => node_mark($node->nid, $node->changed))),
         ),
       ),

modules/node/node.api.php

@@ -950,7 +950,7 @@ function hook_node_info() {
  *   'recent', or 'comments'. The values should be arrays themselves, with the
  *   following keys available:
  *   - title: (required) The human readable name of the ranking mechanism.
- *   - join: (optional) The part of a query string to join to any additional
+ *   - join: (optional) An array with information to join any additional
  *     necessary table. This is not necessary if the table required is already
  *     joined to by the base query, such as for the {node} table. Other tables
  *     should use the full table name as an alias to avoid naming collisions.
@@ -974,7 +974,12 @@ function hook_ranking() {
         'title' => t('Average vote'),
         // Note that we use i.sid, the search index's search item id, rather than
         // n.nid.
-        'join' => 'LEFT JOIN {vote_node_data} vote_node_data ON vote_node_data.nid = i.sid',
+        'join' => array(
+          'type' => 'LEFT',
+          'table' => 'vote_node_data',
+          'alias' => 'vote_node_data',
+          'on' => 'vote_node_data.nid = i.sid',
+        ),
         // The highest possible score should be 1, and the lowest possible score,
         // always 0, should be 0.
         'score' => 'vote_node_data.average / CAST(%f AS DECIMAL)',
@@ -1079,19 +1084,9 @@ function hook_delete($node) {
  * @ingroup node_api_hooks
  */
 function hook_prepare($node) {
-  $file = file_save_upload($field_name, _image_filename($file->filename, NULL, TRUE));
-  if ($file) {
-    if (!image_get_info($file->uri)) {
-      form_set_error($field_name, t('Uploaded file is not a valid image'));
-      return;
-    }
+  if (!isset($node->mymodule_value)) {
+    $node->mymodule_value = 'foo';
   }
-  else {
-    return;
-  }
-  $node->images['_original'] = $file->uri;
-  _image_build_derivatives($node, TRUE);
-  $node->new_file = TRUE;
 }
 
 /**

modules/node/node.info

@@ -9,8 +9,8 @@ required = TRUE
 configure = admin/structure/types
 stylesheets[all][] = node.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/node/node.module

@@ -2953,7 +2953,10 @@ function node_search_validate($form, &$form_state) {
  * system. When adding a node listing to your module, be sure to use a dynamic
  * query created by db_select() and add a tag of "node_access". This will allow
  * modules dealing with node access to ensure only nodes to which the user has
- * access are retrieved, through the use of hook_query_TAG_alter().
+ * access are retrieved, through the use of hook_query_TAG_alter(). Tagging a
+ * query with "node_access" does not check the published/unpublished status of
+ * nodes, so the base query is responsible for ensuring that unpublished nodes
+ * are not displayed to inappropriate users.
  *
  * Note: Even a single module returning NODE_ACCESS_DENY from hook_node_access()
  * will block access to the node. Therefore, implementers should take care to
@@ -3669,6 +3672,8 @@ function node_access_rebuild($batch_mode = FALSE) {
 }
 
 /**
+ * Implements callback_batch_operation().
+ *
  * Performs batch operation for node_access_rebuild().
  *
  * This is a multistep operation: we go through all nodes by packs of 20. The
@@ -3683,7 +3688,7 @@ function _node_access_rebuild_batch_operation(&$context) {
     // Initiate multistep processing.
     $context['sandbox']['progress'] = 0;
     $context['sandbox']['current_node'] = 0;
-    $context['sandbox']['max'] = db_query('SELECT COUNT(DISTINCT nid) FROM {node}')->fetchField();
+    $context['sandbox']['max'] = db_query('SELECT COUNT(nid) FROM {node}')->fetchField();
   }
 
   // Process the next 20 nodes.
@@ -3707,6 +3712,8 @@ function _node_access_rebuild_batch_operation(&$context) {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * Performs post-processing for node_access_rebuild().
  *
  * @param bool $success

modules/node/node.pages.inc

@@ -396,7 +396,6 @@ function node_preview($node) {
 
     $cloned_node->changed = REQUEST_TIME;
     $nodes = array($cloned_node->nid => $cloned_node);
-    field_attach_prepare_view('node', $nodes, 'full');
 
     // Display a preview of the node.
     if (!form_get_errors()) {

modules/node/node.test

@@ -457,10 +457,70 @@ class PagePreviewTestCase extends DrupalWebTestCase {
   }
 
   function setUp() {
-    parent::setUp();
+    parent::setUp(array('taxonomy', 'node'));
 
     $web_user = $this->drupalCreateUser(array('edit own page content', 'create page content'));
     $this->drupalLogin($web_user);
+
+    // Add a vocabulary so we can test different view modes.
+    $vocabulary = (object) array(
+      'name' => $this->randomName(),
+      'description' => $this->randomName(),
+      'machine_name' => drupal_strtolower($this->randomName()),
+      'help' => '',
+      'nodes' => array('page' => 'page'),
+    );
+    taxonomy_vocabulary_save($vocabulary);
+
+    $this->vocabulary = $vocabulary;
+
+    // Add a term to the vocabulary.
+    $term = (object) array(
+      'name' => $this->randomName(),
+      'description' => $this->randomName(),
+      // Use the first available text format.
+      'format' => db_query_range('SELECT format FROM {filter_format}', 0, 1)->fetchField(),
+      'vid' => $this->vocabulary->vid,
+      'vocabulary_machine_name' => $vocabulary->machine_name,
+    );
+    taxonomy_term_save($term);
+
+    $this->term = $term;
+
+    // Set up a field and instance.
+    $this->field_name = drupal_strtolower($this->randomName());
+    $this->field = array(
+      'field_name' => $this->field_name,
+      'type' => 'taxonomy_term_reference',
+      'settings' => array(
+        'allowed_values' => array(
+          array(
+            'vocabulary' => $this->vocabulary->machine_name,
+            'parent' => '0',
+          ),
+        ),
+      )
+    );
+
+    field_create_field($this->field);
+    $this->instance = array(
+      'field_name' => $this->field_name,
+      'entity_type' => 'node',
+      'bundle' => 'page',
+      'widget' => array(
+        'type' => 'options_select',
+      ),
+      // Hide on full display but render on teaser.
+      'display' => array(
+        'default' => array(
+          'type' => 'hidden',
+        ),
+        'teaser' => array(
+          'type' => 'taxonomy_term_reference_link',
+        ),
+      ),
+    );
+    field_create_instance($this->instance);
   }
 
   /**
@@ -470,21 +530,26 @@ class PagePreviewTestCase extends DrupalWebTestCase {
     $langcode = LANGUAGE_NONE;
     $title_key = "title";
     $body_key = "body[$langcode][0][value]";
+    $term_key = "{$this->field_name}[$langcode]";
 
     // Fill in node creation form and preview node.
     $edit = array();
     $edit[$title_key] = $this->randomName(8);
     $edit[$body_key] = $this->randomName(16);
+    $edit[$term_key] = $this->term->tid;
     $this->drupalPost('node/add/page', $edit, t('Preview'));
 
-    // Check that the preview is displaying the title and body.
+    // Check that the preview is displaying the title, body, and term.
     $this->assertTitle(t('Preview | Drupal'), 'Basic page title is preview.');
     $this->assertText($edit[$title_key], 'Title displayed.');
     $this->assertText($edit[$body_key], 'Body displayed.');
+    $this->assertText($this->term->name, 'Term displayed.');
 
-    // Check that the title and body fields are displayed with the correct values.
+    // Check that the title, body, and term fields are displayed with the
+    // correct values.
     $this->assertFieldByName($title_key, $edit[$title_key], 'Title field displayed.');
     $this->assertFieldByName($body_key, $edit[$body_key], 'Body field displayed.');
+    $this->assertFieldByName($term_key, $edit[$term_key], 'Term field displayed.');
   }
 
   /**
@@ -494,6 +559,7 @@ class PagePreviewTestCase extends DrupalWebTestCase {
     $langcode = LANGUAGE_NONE;
     $title_key = "title";
     $body_key = "body[$langcode][0][value]";
+    $term_key = "{$this->field_name}[$langcode]";
     // Force revision on "Basic page" content.
     variable_set('node_options_page', array('status', 'revision'));
 
@@ -501,17 +567,21 @@ class PagePreviewTestCase extends DrupalWebTestCase {
     $edit = array();
     $edit[$title_key] = $this->randomName(8);
     $edit[$body_key] = $this->randomName(16);
+    $edit[$term_key] = $this->term->tid;
     $edit['log'] = $this->randomName(32);
     $this->drupalPost('node/add/page', $edit, t('Preview'));
 
-    // Check that the preview is displaying the title and body.
+    // Check that the preview is displaying the title, body, and term.
     $this->assertTitle(t('Preview | Drupal'), 'Basic page title is preview.');
     $this->assertText($edit[$title_key], 'Title displayed.');
     $this->assertText($edit[$body_key], 'Body displayed.');
+    $this->assertText($this->term->name, 'Term displayed.');
 
-    // Check that the title and body fields are displayed with the correct values.
+    // Check that the title, body, and term fields are displayed with the
+    // correct values.
     $this->assertFieldByName($title_key, $edit[$title_key], 'Title field displayed.');
     $this->assertFieldByName($body_key, $edit[$body_key], 'Body field displayed.');
+    $this->assertFieldByName($term_key, $edit[$term_key], 'Term field displayed.');
 
     // Check that the log field has the correct value.
     $this->assertFieldByName('log', $edit['log'], 'Log field displayed.');

modules/node/tests/node_access_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/node/tests/node_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/node/tests/node_test_exception.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/openid/openid.info

@@ -5,8 +5,8 @@ package = Core
 core = 7.x
 files[] = openid.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/openid/tests/openid_test.info

@@ -6,8 +6,8 @@ core = 7.x
 dependencies[] = openid
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/overlay/overlay-parent.js

@@ -350,7 +350,7 @@ Drupal.overlay.setFocusBefore = function ($element, document) {
  *   TRUE if the URL represents an administrative link, FALSE otherwise.
  */
 Drupal.overlay.isAdminLink = function (url) {
-  if (Drupal.overlay.isExternalLink(url)) {
+  if (!Drupal.urlIsLocal(url)) {
     return false;
   }
 
@@ -378,6 +378,8 @@ Drupal.overlay.isAdminLink = function (url) {
 /**
  * Determine whether a link is external to the site.
  *
+ * Deprecated. Use Drupal.urlIsLocal() instead.
+ *
  * @param url
  *   The URL to be tested.
  *
@@ -385,8 +387,7 @@ Drupal.overlay.isAdminLink = function (url) {
  *   TRUE if the URL is external to the site, FALSE otherwise.
  */
 Drupal.overlay.isExternalLink = function (url) {
-  var re = RegExp('^((f|ht)tps?:)?//(?!' + window.location.host + ')');
-  return re.test(url);
+  return !Drupal.urlIsLocal(url);
 };
 
 /**
@@ -405,7 +406,7 @@ Drupal.overlay.isExternalLink = function (url) {
  */
 Drupal.overlay.getInternalUrl = function (path) {
   var url = Drupal.settings.basePath + path;
-  if (!this.isExternalLink(url)) {
+  if (Drupal.urlIsLocal(url)) {
     return url;
   }
 };

modules/overlay/overlay.info

@@ -4,8 +4,8 @@ package = Core
 version = VERSION
 core = 7.x
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/path/path.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = path.test
 configure = admin/config/search/path
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/path/path.module

@@ -185,7 +185,7 @@ function path_form_element_validate($element, &$form_state, $complete_form) {
  * Implements hook_node_insert().
  */
 function path_node_insert($node) {
-  if (isset($node->path)) {
+  if (isset($node->path) && isset($node->path['alias'])) {
     $path = $node->path;
     $path['alias'] = trim($path['alias']);
     // Only save a non-empty alias.
@@ -205,9 +205,9 @@ function path_node_insert($node) {
 function path_node_update($node) {
   if (isset($node->path)) {
     $path = $node->path;
-    $path['alias'] = trim($path['alias']);
+    $path['alias'] = isset($path['alias']) ? trim($path['alias']) : '';
     // Delete old alias if user erased it.
-    if (!empty($path['pid']) && empty($path['alias'])) {
+    if (!empty($path['pid']) && !$path['alias']) {
       path_delete($path['pid']);
     }
     path_node_insert($node);

modules/php/php.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = php.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/poll/poll.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = poll.test
 stylesheets[all][] = poll.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/poll/poll.module

@@ -631,9 +631,6 @@ function poll_delete($node) {
  *   The node object to load.
  */
 function poll_block_latest_poll_view($node) {
-  global $user;
-  $output = '';
-
   // This is necessary for shared objects because PHP doesn't copy objects, but
   // passes them by reference.  So when the objects are cached it can result in
   // the wrong output being displayed on subsequent calls.  The cloning and
@@ -674,9 +671,6 @@ function poll_block_latest_poll_view($node) {
  * Implements hook_view().
  */
 function poll_view($node, $view_mode) {
-  global $user;
-  $output = '';
-
   if (!empty($node->allowvotes) && empty($node->show_results)) {
     $node->content['poll_view_voting'] = drupal_get_form('poll_view_voting', $node);
   }
@@ -694,7 +688,7 @@ function poll_view($node, $view_mode) {
 function poll_teaser($node) {
   $teaser = NULL;
   if (is_array($node->choice)) {
-    foreach ($node->choice as $k => $choice) {
+    foreach ($node->choice as $choice) {
       if ($choice['chtext'] != '') {
         $teaser .= '* ' . check_plain($choice['chtext']) . "\n";
       }

modules/profile/profile.info

@@ -11,8 +11,8 @@ configure = admin/config/people/profile
 ; See user_system_info_alter().
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/profile/profile.test

@@ -342,7 +342,7 @@ class ProfileTestAutocomplete extends ProfileTestCase {
     // Autocomplete always uses non-clean URLs.
     $current_clean_url = isset($GLOBALS['conf']['clean_url']) ? $GLOBALS['conf']['clean_url'] : NULL;
     $GLOBALS['conf']['clean_url'] = 0;
-    $autocomplete_url = url('profile/autocomplete/' . $field['fid'], array('absolute' => TRUE));
+    $autocomplete_url = url('profile/autocomplete/' . $field['fid'], array('absolute' => TRUE, 'script' => 'index.php'));
     $GLOBALS['conf']['clean_url'] = $current_clean_url;
     $autocomplete_id = drupal_html_id('edit-' . $field['form_name'] . '-autocomplete');
     $autocomplete_html = '<input type="hidden" id="' . $autocomplete_id . '" value="' . $autocomplete_url . '" disabled="disabled" class="autocomplete" />';

modules/rdf/rdf.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 files[] = rdf.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/rdf/tests/rdf_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/search/search.extender.inc

@@ -409,10 +409,10 @@ class SearchQuery extends SelectQueryExtender {
    * used. However, if at least one call to addScore() has taken place, the
    * keyword relevance score is not automatically added.
    *
-   * Also note that if you call orderBy() directly on the query, search scores
-   * will not automatically be used to order search results. Your orderBy()
-   * expression can reference 'calculated_score', which will be the total
-   * calculated score value.
+   * Note that you must use this method to add ordering to your searches, and
+   * not call orderBy() directly, when using the SearchQuery extender. This is
+   * because of the two-pass system the SearchQuery class uses to normalize
+   * scores.
    *
    * @param $score
    *   The score expression, which should evaluate to a number between 0 and 1.

modules/search/search.info

@@ -8,8 +8,8 @@ files[] = search.test
 configure = admin/config/search/settings
 stylesheets[all][] = search.css
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/search/search.pages.inc

@@ -49,7 +49,7 @@ function search_view($module = NULL, $keys = '') {
   // which will get us back to this page callback. In other words, the search
   // form submits with POST but redirects to GET. This way we can keep
   // the search query URL clean as a whistle.
-  if (empty($_POST['form_id']) || $_POST['form_id'] != 'search_form') {
+  if (empty($_POST['form_id']) || ($_POST['form_id'] != 'search_form' && $_POST['form_id'] != 'search_block_form')) {
     $conditions =  NULL;
     if (isset($info['conditions_callback']) && function_exists($info['conditions_callback'])) {
       // Build an optional array of more search conditions.

modules/search/search.test

@@ -666,6 +666,24 @@ class SearchBlockTestCase extends DrupalWebTestCase {
       url('search/node/', array('absolute' => TRUE)),
       'Redirected to correct url.'
     );
+
+    // Test that after entering a too-short keyword in the form, you can then
+    // search again with a longer keyword. First test using the block form.
+    $terms = array('search_block_form' => 'a');
+    $this->drupalPost('node', $terms, t('Search'));
+    $this->assertText('You must include at least one positive keyword with 3 characters or more');
+    $terms = array('search_block_form' => 'foo');
+    $this->drupalPost(NULL, $terms, t('Search'));
+    $this->assertNoText('You must include at least one positive keyword with 3 characters or more');
+    $this->assertText('Your search yielded no results');
+
+    // Same test again, using the search page form for the second search this time.
+    $terms = array('search_block_form' => 'a');
+    $this->drupalPost('node', $terms, t('Search'));
+    $terms = array('keys' => 'foo');
+    $this->drupalPost(NULL, $terms, t('Search'));
+    $this->assertNoText('You must include at least one positive keyword with 3 characters or more');
+    $this->assertText('Your search yielded no results');
   }
 }
 
@@ -2029,10 +2047,11 @@ class SearchNodeAccessTest extends DrupalWebTestCase {
   }
 
   /**
-   * Tests that search returns results with punctuation in the search phrase.
+   * Tests that search works with punctuation and HTML entities.
    */
   function testPhraseSearchPunctuation() {
     $node = $this->drupalCreateNode(array('body' => array(LANGUAGE_NONE => array(array('value' => "The bunny's ears were fuzzy.")))));
+    $node2 = $this->drupalCreateNode(array('body' => array(LANGUAGE_NONE => array(array('value' => 'Dignissim Aliquam & Quieligo meus natu quae quia te. Damnum© erat— neo pneum. Facilisi feugiat ibidem ratis.')))));
 
     // Update the search index.
     module_invoke_all('update_index');
@@ -2045,6 +2064,17 @@ class SearchNodeAccessTest extends DrupalWebTestCase {
     $edit = array('keys' => '"bunny\'s"');
     $this->drupalPost('search/node', $edit, t('Search'));
     $this->assertText($node->title);
+
+    // Search for "&" and verify entities are not broken up in the output.
+    $edit = array('keys' => '&');
+    $this->drupalPost('search/node', $edit, t('Search'));
+    $this->assertNoRaw('<strong>&</strong>amp;');
+    $this->assertText('You must include at least one positive keyword');
+
+    $edit = array('keys' => '&amp;');
+    $this->drupalPost('search/node', $edit, t('Search'));
+    $this->assertNoRaw('<strong>&</strong>amp;');
+    $this->assertText('You must include at least one positive keyword');
   }
 }
 

modules/search/tests/search_embedded_form.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/search/tests/search_extra_type.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/search/tests/search_node_tags.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/shortcut/shortcut.info

@@ -6,8 +6,8 @@ core = 7.x
 files[] = shortcut.test
 configure = admin/config/user-interface/shortcut
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/drupal_web_test_case.php

@@ -1015,9 +1015,7 @@ class DrupalWebTestCase extends DrupalTestCase {
       'description' => '',
       'help' => '',
       'title_label' => 'Title',
-      'body_label' => 'Body',
       'has_title' => 1,
-      'has_body' => 1,
     );
     // Imposed values for a custom type.
     $forced = array(
@@ -1067,7 +1065,7 @@ class DrupalWebTestCase extends DrupalTestCase {
       $lines = array(16, 256, 1024, 2048, 20480);
       $count = 0;
       foreach ($lines as $line) {
-        simpletest_generate_file('text-' . $count++, 64, $line);
+        simpletest_generate_file('text-' . $count++, 64, $line, 'text');
       }
 
       // Copy other test files from simpletest.
@@ -2586,6 +2584,11 @@ class DrupalWebTestCase extends DrupalTestCase {
    *
    * @param $xpath
    *   The xpath string to use in the search.
+   * @param array $arguments
+   *   An array of arguments with keys in the form ':name' matching the
+   *   placeholders in the query. The values may be either strings or numeric
+   *   values.
+   *
    * @return
    *   The return value of the xpath search. For details on the xpath string
    *   format and return values see the SimpleXML documentation,

modules/simpletest/simpletest.info

@@ -11,6 +11,7 @@ configure = admin/config/development/testing/settings
 files[] = tests/actions.test
 files[] = tests/ajax.test
 files[] = tests/batch.test
+files[] = tests/boot.test
 files[] = tests/bootstrap.test
 files[] = tests/cache.test
 files[] = tests/common.test
@@ -56,8 +57,8 @@ files[] = tests/upgrade/update.trigger.test
 files[] = tests/upgrade/update.field.test
 files[] = tests/upgrade/update.user.test
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/simpletest.module

@@ -154,7 +154,7 @@ function simpletest_run_tests($test_list, $reporter = 'drupal') {
 }
 
 /**
- * Batch operation callback.
+ * Implements callback_batch_operation().
  */
 function _simpletest_batch_operation($test_list_init, $test_id, &$context) {
   simpletest_classloader_register();
@@ -205,6 +205,9 @@ function _simpletest_batch_operation($test_list_init, $test_id, &$context) {
   $context['finished'] = 1 - $size / $max;
 }
 
+/**
+ * Implements callback_batch_finished().
+ */
 function _simpletest_batch_finished($success, $results, $operations, $elapsed) {
   if ($success) {
     drupal_set_message(t('The test run finished in @elapsed.', array('@elapsed' => $elapsed)));
@@ -509,25 +512,25 @@ function simpletest_registry_files_alter(&$files, $modules) {
  * Generate test file.
  */
 function simpletest_generate_file($filename, $width, $lines, $type = 'binary-text') {
-  $size = $width * $lines - $lines;
-
-  // Generate random text
   $text = '';
-  for ($i = 0; $i < $size; $i++) {
-    switch ($type) {
-      case 'text':
-        $text .= chr(rand(32, 126));
-        break;
-      case 'binary':
-        $text .= chr(rand(0, 31));
-        break;
-      case 'binary-text':
-      default:
-        $text .= rand(0, 1);
-        break;
+  for ($i = 0; $i < $lines; $i++) {
+    // Generate $width - 1 characters to leave space for the "\n" character.
+    for ($j = 0; $j < $width - 1; $j++) {
+      switch ($type) {
+        case 'text':
+          $text .= chr(rand(32, 126));
+          break;
+        case 'binary':
+          $text .= chr(rand(0, 31));
+          break;
+        case 'binary-text':
+        default:
+          $text .= rand(0, 1);
+          break;
+      }
     }
+    $text .= "\n";
   }
-  $text = wordwrap($text, $width - 1, "\n", TRUE) . "\n"; // Add \n for symmetrical file.
 
   // Create filename.
   file_put_contents('public://' . $filename . '.txt', $text);

modules/simpletest/tests/actions_loop_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/tests/ajax_forms_test.info

@@ -5,8 +5,8 @@ package = Testing
 version = VERSION
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/tests/ajax_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/tests/batch_test.callbacks.inc

@@ -7,6 +7,8 @@
  */
 
 /**
+ * Implements callback_batch_operation().
+ *
  * Simple batch operation.
  */
 function _batch_test_callback_1($id, $sleep, &$context) {
@@ -20,6 +22,8 @@ function _batch_test_callback_1($id, $sleep, &$context) {
 }
 
 /**
+ * Implements callback_batch_operation().
+ *
  * Multistep batch operation.
  */
 function _batch_test_callback_2($start, $total, $sleep, &$context) {
@@ -53,6 +57,8 @@ function _batch_test_callback_2($start, $total, $sleep, &$context) {
 }
 
 /**
+ * Implements callback_batch_operation().
+ *
  * Simple batch operation.
  */
 function _batch_test_callback_5($id, $sleep, &$context) {
@@ -68,6 +74,8 @@ function _batch_test_callback_5($id, $sleep, &$context) {
 }
 
 /**
+ * Implements callback_batch_operation().
+ *
  * Batch operation setting up its own batch.
  */
 function _batch_test_nested_batch_callback() {
@@ -76,6 +84,8 @@ function _batch_test_nested_batch_callback() {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * Common 'finished' callbacks for batches 1 to 4.
  */
 function _batch_test_finished_helper($batch_id, $success, $results, $operations) {
@@ -99,6 +109,8 @@ function _batch_test_finished_helper($batch_id, $success, $results, $operations)
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * 'finished' callback for batch 0.
  */
 function _batch_test_finished_0($success, $results, $operations) {
@@ -106,6 +118,8 @@ function _batch_test_finished_0($success, $results, $operations) {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * 'finished' callback for batch 1.
  */
 function _batch_test_finished_1($success, $results, $operations) {
@@ -113,6 +127,8 @@ function _batch_test_finished_1($success, $results, $operations) {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * 'finished' callback for batch 2.
  */
 function _batch_test_finished_2($success, $results, $operations) {
@@ -120,6 +136,8 @@ function _batch_test_finished_2($success, $results, $operations) {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * 'finished' callback for batch 3.
  */
 function _batch_test_finished_3($success, $results, $operations) {
@@ -127,6 +145,8 @@ function _batch_test_finished_3($success, $results, $operations) {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * 'finished' callback for batch 4.
  */
 function _batch_test_finished_4($success, $results, $operations) {
@@ -134,6 +154,8 @@ function _batch_test_finished_4($success, $results, $operations) {
 }
 
 /**
+ * Implements callback_batch_finished().
+ *
  * 'finished' callback for batch 5.
  */
 function _batch_test_finished_5($success, $results, $operations) {

modules/simpletest/tests/batch_test.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/tests/boot.test

@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * Perform early bootstrap tests.
+ */
+class EarlyBootstrapTestCase extends DrupalWebTestCase {
+  public static function getInfo() {
+    return array(
+      'name'  => 'Early bootstrap test',
+      'description'  => 'Confirm that calling module_implements() during early bootstrap does not pollute the module_implements() cache.',
+      'group' => 'System',
+    );
+  }
+
+  function setUp() {
+    parent::setUp('boot_test_1', 'boot_test_2');
+  }
+
+  /**
+   * Test hook_boot() on both regular and "early exit" pages.
+   */
+  public function testHookBoot() {
+    $paths = array('', 'early_exit');
+    foreach ($paths as $path) {
+      // Empty the module_implements() caches.
+      module_implements(NULL, FALSE, TRUE);
+      // Do a request to the front page, which will call module_implements()
+      // during hook_boot().
+      $this->drupalGet($path);
+      // Reset the static cache so we get implementation data from the persistent
+      // cache.
+      drupal_static_reset();
+      // Make sure we get a full list of all modules implementing hook_help().
+      $modules = module_implements('help');
+      $this->assertTrue(in_array('boot_test_2', $modules));
+    }
+  }
+}

modules/simpletest/tests/boot_test_1.info

@@ -0,0 +1,12 @@
+name = Early bootstrap tests
+description = A support module for hook_boot testing.
+core = 7.x
+package = Testing
+version = VERSION
+hidden = TRUE
+
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
+project = "drupal"
+datestamp = "1456343506"
+

modules/simpletest/tests/boot_test_1.module

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * @file
+ * Tests calling module_implements() during hook_boot() invocation.
+ */
+
+/**
+ * Implements hook_boot().
+ */
+function boot_test_1_boot() {
+  // Calling module_implements during hook_boot() will return "vital" modules
+  // only, and this list of modules will be statically cached.
+  module_implements('help');
+  // Define a special path to test that the static cache isn't written away
+  // if we exit before having completed the bootstrap.
+  if ($_GET['q'] == 'early_exit') {
+    module_implements_write_cache();
+    exit();
+  }
+}

modules/simpletest/tests/boot_test_2.info

@@ -0,0 +1,12 @@
+name = Early bootstrap tests
+description = A support module for hook_boot hook testing.
+core = 7.x
+package = Testing
+version = VERSION
+hidden = TRUE
+
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
+project = "drupal"
+datestamp = "1456343506"
+

modules/simpletest/tests/boot_test_2.module

@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @file
+ * Defines a hook_help() implementation in a non-"bootstrap" module.
+ */
+
+/**
+ * Implements hook_help().
+ */
+function boot_test_2_help($path, $arg) {
+  // Empty hook.
+}

modules/simpletest/tests/bootstrap.test

@@ -152,7 +152,7 @@ class BootstrapPageCacheTestCase extends DrupalWebTestCase {
     $this->drupalLogin($user);
     $this->drupalGet('', array(), array('If-Modified-Since: ' . $last_modified, 'If-None-Match: ' . $etag));
     $this->assertResponse(200, 'Conditional request returned 200 OK for authenticated user.');
-    $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absense of Page was not cached.');
+    $this->assertFalse($this->drupalGetHeader('X-Drupal-Cache'), 'Absence of Page was not cached.');
     $this->assertFalse($this->drupalGetHeader('ETag'), 'ETag HTTP headers are not present for logged in users.');
     $this->assertFalse($this->drupalGetHeader('Last-Modified'), 'Last-Modified HTTP headers are not present for logged in users.');
   }
@@ -313,6 +313,10 @@ class BootstrapAutoloadTestCase extends DrupalWebTestCase {
     $this->assertTrue(drupal_autoload_interface('drupalautoloadtestinterface'), 'drupal_autoload_interface() recognizes <em>DrupalAutoloadTestInterface</em> in lower case.');
     // Test class autoloader.
     $this->assertTrue(drupal_autoload_class('drupalautoloadtestclass'), 'drupal_autoload_class() recognizes <em>DrupalAutoloadTestClass</em> in lower case.');
+    // Test trait autoloader.
+    if (version_compare(PHP_VERSION, '5.4') >= 0) {
+      $this->assertTrue(drupal_autoload_trait('drupalautoloadtesttrait'), 'drupal_autoload_trait() recognizes <em>DrupalAutoloadTestTrait</em> in lower case.');
+    }
   }
 
 }

modules/simpletest/tests/common.test

@@ -372,6 +372,65 @@ class CommonURLUnitTest extends DrupalWebTestCase {
   }
 }
 
+/**
+ * Tests url_is_external().
+ */
+class UrlIsExternalUnitTest extends DrupalUnitTestCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'External URL checking',
+      'description' => 'Performs tests on url_is_external().',
+      'group' => 'System',
+    );
+  }
+
+  /**
+   * Tests if each URL is external or not.
+   */
+  function testUrlIsExternal() {
+    foreach ($this->examples() as $path => $expected) {
+      $this->assertIdentical(url_is_external($path), $expected, $path);
+    }
+  }
+
+  /**
+   * Provides data for testUrlIsExternal().
+   *
+   * @return array
+   *   An array of test data, keyed by a path, with the expected value where
+   *   TRUE is external, and FALSE is not external.
+   */
+  protected function examples() {
+    return array(
+      // Simple external URLs.
+      'http://example.com' => TRUE,
+      'https://example.com' => TRUE,
+      'http://drupal.org/foo/bar?foo=bar&bar=baz&baz#foo' => TRUE,
+      '//drupal.org' => TRUE,
+      // Some browsers ignore or strip leading control characters.
+      "\x00//www.example.com" => TRUE,
+      "\x08//www.example.com" => TRUE,
+      "\x1F//www.example.com" => TRUE,
+      "\n//www.example.com" => TRUE,
+      // JSON supports decoding directly from UTF-8 code points.
+      json_decode('"\u00AD"') . "//www.example.com" => TRUE,
+      json_decode('"\u200E"') . "//www.example.com" => TRUE,
+      json_decode('"\uE0020"') . "//www.example.com" => TRUE,
+      json_decode('"\uE000"')  . "//www.example.com" => TRUE,
+      // Backslashes should be normalized to forward.
+      '\\\\example.com' => TRUE,
+      // Local URLs.
+      'node' => FALSE,
+      '/system/ajax' => FALSE,
+      '?q=foo:bar' => FALSE,
+      'node/edit:me' => FALSE,
+      '/drupal.org' => FALSE,
+      '<front>' => FALSE,
+    );
+  }
+}
+
 /**
  * Tests for check_plain(), filter_xss(), format_string(), and check_url().
  */
@@ -1256,6 +1315,15 @@ class DrupalGotoTest extends DrupalWebTestCase {
     $this->assertText('drupal_goto', 'Drupal goto redirect succeeded.');
     $this->assertEqual($this->getUrl(), url('common-test/drupal_goto', array('query' => array('foo' => '123'), 'absolute' => TRUE)), 'Drupal goto redirected to expected URL.');
 
+    // Test that calling drupal_goto() on the current path is not dangerous.
+    variable_set('common_test_redirect_current_path', TRUE);
+    $this->drupalGet('', array('query' => array('q' => 'http://www.example.com/')));
+    $headers = $this->drupalGetHeaders(TRUE);
+    list(, $status) = explode(' ', $headers[0][':status'], 3);
+    $this->assertEqual($status, 302, 'Expected response code was sent.');
+    $this->assertNotEqual($this->getUrl(), 'http://www.example.com/', 'Drupal goto did not redirect to external URL.');
+    $this->assertTrue(strpos($this->getUrl(), url('<front>', array('absolute' => TRUE))) === 0, 'Drupal redirected to itself.');
+    variable_del('common_test_redirect_current_path');
     // Test that drupal_goto() respects ?destination=xxx. Use an complicated URL
     // to test that the path is encoded and decoded properly.
     $destination = 'common-test/drupal_goto/destination?foo=%2525&bar=123';

modules/simpletest/tests/common_test.info

@@ -7,8 +7,8 @@ stylesheets[all][] = common_test.css
 stylesheets[print][] = common_test.print.css
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"
 

modules/simpletest/tests/common_test.module

@@ -92,6 +92,15 @@ function common_test_drupal_goto_alter(&$path, &$options, &$http_response_code)
   }
 }
 
+/**
+ * Implements hook_init().
+ */
+function common_test_init() {
+  if (variable_get('common_test_redirect_current_path', FALSE)) {
+    drupal_goto(current_path());
+  }
+}
+
 /**
  * Print destination query parameter.
  */

modules/simpletest/tests/common_test_cron_helper.info

@@ -5,8 +5,8 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2015-08-19
-version = "7.39"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "7.43"
 project = "drupal"
-datestamp = "1440020197"
+datestamp = "1456343506"