security updates
have to check views and entityreference for custom patches
This commit is contained in:
Bachir Soussi Chiadmi
@@ -411,7 +411,7 @@ function rules_link_form_submit(&$form, &$form_state) {
|
||||
/**
|
||||
* Form function for the rules link components.
|
||||
*/
|
||||
function rules_link_component_form($form, $form_state, $entity_type, $rules_link) {
|
||||
function rules_link_component_form($form, &$form_state, $entity_type, $rules_link) {
|
||||
$form = array();
|
||||
$form_state['rules_link'] = $rules_link;
|
||||
|
||||
@@ -428,10 +428,16 @@ function rules_link_component_form($form, $form_state, $entity_type, $rules_link
|
||||
unset($form['condition_set']['negate']);
|
||||
$form['condition_set']['#tree'] = TRUE;
|
||||
|
||||
|
||||
$rule_set = rules_link_load_rules_set($rules_link);
|
||||
$rule_set->form($form['rule_set'], $form_state, array('show settings' => TRUE));
|
||||
|
||||
// Correct the state setup - default ruleset form doesn't expect this structure
|
||||
$form['rule_set']['settings']['access']['permissions']['#states'] = array(
|
||||
'visible' => array(
|
||||
':input[name="rule_set[settings][access][access_exposed]"]' => array('checked' => TRUE),
|
||||
),
|
||||
);
|
||||
|
||||
$form['rule_set']['elements']['#caption'] = '';
|
||||
$form['rule_set']['#tree'] = TRUE;
|
||||
|
||||
@@ -492,6 +498,14 @@ function rules_link_component_form_submit(&$form, &$form_state) {
|
||||
$form_state['rules_link_rules_set']->save(rules_link_get_rules_set_name($form_state['rules_link']), 'rules_link');
|
||||
}
|
||||
|
||||
// Save the permission matrix if access is exposed
|
||||
if (isset($form_state['values']['rule_set']['settings']['access']) && !empty($form_state['values']['rule_set']['settings']['access']['access_exposed'])) {
|
||||
// Save the permission matrix.
|
||||
foreach ($form_state['values']['rule_set']['settings']['access']['permissions']['matrix']['checkboxes'] as $rid => $value) {
|
||||
user_role_change_permissions($rid, $value);
|
||||
}
|
||||
}
|
||||
|
||||
// If an additional variable was added, then disable 'show link in entity'.
|
||||
if (count($rules_set_vars) > 1) {
|
||||
$form_state['rules_link']->settings['entity_link'] = FALSE;
|
||||
|
||||
@@ -8,9 +8,9 @@ files[] = rules_link.views.inc
|
||||
files[] = rules_link.admin.inc
|
||||
files[] = rules_link.test
|
||||
|
||||
; Information added by drupal.org packaging script on 2013-10-01
|
||||
version = "7.x-1.0-beta5+0-dev"
|
||||
; Information added by Drupal.org packaging script on 2014-08-27
|
||||
version = "7.x-1.1"
|
||||
core = "7.x"
|
||||
project = "rules_link"
|
||||
datestamp = "1380626278"
|
||||
datestamp = "1409148229"
|
||||
|
||||
|
||||
@@ -282,14 +282,14 @@ function rules_link_rules_link_delete($link) {
|
||||
function rules_link_get_token($content_id) {
|
||||
// Anonymous users get a less secure token, since it must be the same for all
|
||||
// anonymous users on the entire site to work with page caching.
|
||||
return ($GLOBALS['user']->uid) ? drupal_get_token($content_id) : md5(drupal_get_private_key() . $content_id);
|
||||
return ($GLOBALS['user']->uid) ? drupal_get_token($content_id) : drupal_hmac_base64($content_id, drupal_get_private_key() . drupal_get_hash_salt());
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the given token is correct.
|
||||
*/
|
||||
function rules_link_check_token($token, $content_id) {
|
||||
return rules_link_get_token($content_id) == $token;
|
||||
return rules_link_get_token($content_id) === $token;
|
||||
}
|
||||
|
||||
function rules_link_get_paramters($rules_link) {
|
||||
@@ -351,7 +351,7 @@ function rules_link_trigger_form($form, &$form_state, $rules_link, $entity_id) {
|
||||
'#type' => 'hidden',
|
||||
'#value' => $entity_id,
|
||||
);
|
||||
return confirm_form($form, $rules_link->getSettingTranslation('confirm_question'), '', $rules_link->getSettingTranslation('confirm_description'));
|
||||
return confirm_form($form, filter_xss_admin($rules_link->getSettingTranslation('confirm_question')), '', filter_xss_admin($rules_link->getSettingTranslation('confirm_description')));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -470,7 +470,6 @@ function template_preprocess_rules_link(&$variables) {
|
||||
}
|
||||
|
||||
$variables['href'] = check_plain(url($variables['href'], $variables['options']));
|
||||
$variables['title'] = check_plain($variables['title']);
|
||||
$variables['attr'] = drupal_attributes($variables['attr']);
|
||||
}
|
||||
|
||||
|
||||
@@ -5,9 +5,9 @@ dependencies[] = i18n_string
|
||||
package = Multilingual - Internationalization
|
||||
core = 7.x
|
||||
|
||||
; Information added by drupal.org packaging script on 2013-10-01
|
||||
version = "7.x-1.0-beta5+0-dev"
|
||||
; Information added by Drupal.org packaging script on 2014-08-27
|
||||
version = "7.x-1.1"
|
||||
core = "7.x"
|
||||
project = "rules_link"
|
||||
datestamp = "1380626278"
|
||||
datestamp = "1409148229"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user