security updates

have to check views and entityreference for custom patches
2015-04-19 20:45:16 +02:00
parent 802ec0c6f3
commit b3221c71e2
516 changed files with 14267 additions and 7349 deletions
--- a/sites/all/modules/contrib/admin/context/context_ui/context_ui.info
+++ b/sites/all/modules/contrib/admin/context/context_ui/context_ui.info
@@ -8,9 +8,9 @@ configure = admin/structure/context
 files[] = context.module
 files[] = tests/context_ui.test

-; Information added by drupal.org packaging script on 2013-07-29
-version = "7.x-3.0-beta7"
+; Information added by Drupal.org packaging script on 2015-01-06
+version = "7.x-3.6"
 core = "7.x"
 project = "context"
-datestamp = "1375065368"
+datestamp = "1420573188"

--- a/sites/all/modules/contrib/admin/context/context_ui/context_ui.module
+++ b/sites/all/modules/contrib/admin/context/context_ui/context_ui.module
@@ -80,6 +80,10 @@ function context_ui_permission() {
    'title' => 'Administer contexts',
    'description' => 'Associate menus, views, blocks, etc. with different contexts to structure your site.'
  );
+  $permissions['context ajax block access'] = array(
+    'title' => t('Access All Blocks'),
+    'description' => t('Allows users to access all rendered blocks via an AJAX callback. If you have some blocks that should not be rendered for some users but need those users to be able to use context UI, then implement hook_context_allow_ajax_block_access with the necessary logic.'),
+  );
  return $permissions;
 }

@@ -383,8 +387,10 @@ function context_ui_menu_contextual_links_alter(&$links, $router_item, $root_pat
 * A page call back to activate the context_ui inline editor dialog.
 */
 function context_ui_activate() {
-  $_SESSION['context_ui_active'] = $_GET['destination'];
-  drupal_goto($_GET['destination']);
+  if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
+    $_SESSION['context_ui_active'] = $_GET['destination'];
+    drupal_goto($_GET['destination']);
+  }
 }

 /**
@@ -394,8 +400,10 @@ function context_ui_activate() {
 * to navigate to when deactivating context_ui_editor
 */
 function context_ui_deactivate() {
-  $_SESSION['context_ui_active'] = FALSE;
-  drupal_goto($_GET['destination']);
+  if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
+    $_SESSION['context_ui_active'] = FALSE;
+    drupal_goto($_GET['destination']);
+  }
 }

 /**
--- a/sites/all/modules/contrib/admin/context/context_ui/export_ui/context_export_ui.class.php
+++ b/sites/all/modules/contrib/admin/context/context_ui/export_ui/context_export_ui.class.php
@@ -73,6 +73,7 @@ class context_export_ui extends ctools_export_ui {
    if (!empty($this->plugin['form']['submit'])) {
      $this->plugin['form']['submit']($form, $form_state);
    }
+    context_invalidate_cache();
  }

  /**
--- a/sites/all/modules/contrib/admin/context/context_ui/tests/context_ui.test
+++ b/sites/all/modules/contrib/admin/context/context_ui/tests/context_ui.test
@@ -24,6 +24,7 @@ class ContextUiTestCase extends DrupalWebTestCase {
    $admin_user = $this->drupalCreateUser(array(
      'access administration pages',
      'administer site configuration',
+      'administer contexts',
      'access content',
      'create blog content'
    ));