bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security updates

Browse Source 
have to check views and entityreference for custom patches
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-19 20:45:16 +02:00
parent 802ec0c6f3
commit b3221c71e2
516 changed files with 14267 additions and 7349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
sites/all/modules/contrib/dev/entity/includes/entity.controller.inc
View File

@@ -171,7 +171,7 @@ class EntityAPIController extends DrupalDefaultEntityController implements Entit
if ($this->revisionKey) {
// Compare revision id of the base and revision table, if equal then this
// is the default revision.
$query->addExpression('base.' . $this->revisionKey . ' = revision.' . $this->revisionKey, $this->defaultRevisionKey);
$query->addExpression('CASE WHEN base.' . $this->revisionKey . ' = revision.' . $this->revisionKey . ' THEN 1 ELSE 0 END', $this->defaultRevisionKey);
}
return $query;
}
@@ -373,10 +373,7 @@ class EntityAPIController extends DrupalDefaultEntityController implements Entit
// Do nothing, in case invalid or no ids have been passed.
return;
}
// This transaction causes troubles on MySQL, see
// http://drupal.org/node/1007830. So we deactivate this by default until
// is shipped in a point release.
// $transaction = isset($transaction) ? $transaction : db_transaction();
$transaction = isset($transaction) ? $transaction : db_transaction();
try {
$ids = array_keys($entities);
@@ -400,9 +397,7 @@ class EntityAPIController extends DrupalDefaultEntityController implements Entit
db_ignore_slave();
}
catch (Exception $e) {
if (isset($transaction)) {
$transaction->rollback();
}
$transaction->rollback();
watchdog_exception($this->entityType, $e);
throw $e;
}
@@ -587,6 +582,16 @@ class EntityAPIController extends DrupalDefaultEntityController implements Entit
$entity->content = $content;
$langcode = isset($langcode) ? $langcode : $GLOBALS['language_content']->language;
// Allow modules to change the view mode.
$context = array(
'entity_type' => $this->entityType,
'entity' => $entity,
'langcode' => $langcode,
);
drupal_alter('entity_view_mode', $view_mode, $context);
// Make sure the used view-mode gets stored.
$entity->content += array('#view_mode' => $view_mode);
// By default add in properties for all defined extra fields.
if ($extra_field_controller = entity_get_extra_fields_controller($this->entityType)) {
$wrapper = entity_metadata_wrapper($this->entityType, $entity);

20
sites/all/modules/contrib/dev/entity/includes/entity.inc
View File

@@ -31,6 +31,7 @@ class Entity {
protected $entityInfo;
protected $idKey, $nameKey, $statusKey;
protected $defaultLabel = FALSE;
protected $wrapper;
/**
* Creates a new entity.
@@ -56,7 +57,7 @@ class Entity {
$this->entityInfo = entity_get_info($this->entityType);
$this->idKey = $this->entityInfo['entity keys']['id'];
$this->nameKey = isset($this->entityInfo['entity keys']['name']) ? $this->entityInfo['entity keys']['name'] : $this->idKey;
$this->statusKey = empty($info['entity keys']['status']) ? 'status' : $info['entity keys']['status'];
$this->statusKey = empty($this->entityInfo['entity keys']['status']) ? 'status' : $this->entityInfo['entity keys']['status'];
}
/**
@@ -111,6 +112,23 @@ class Entity {
return !empty($this->entityInfo['entity keys']['bundle']) ? $this->{$this->entityInfo['entity keys']['bundle']} : $this->entityType;
}
/**
* Returns the EntityMetadataWrapper of the entity.
*
* @return EntityDrupalWrapper
* An EntityMetadataWrapper containing the entity.
*/
public function wrapper() {
if (empty($this->wrapper)) {
$this->wrapper = entity_metadata_wrapper($this->entityType, $this);
}
elseif ($this->wrapper->value() !== $this) {
// Wrapper has been modified outside, so let's better create a new one.
$this->wrapper = entity_metadata_wrapper($this->entityType, $this);
}
return $this->wrapper;
}
/**
* Returns the label of the entity.
*

9
sites/all/modules/contrib/dev/entity/includes/entity.property.inc
View File

@@ -396,7 +396,12 @@ function entity_property_verbatim_get($data, array $options, $name, $type, $info
*/
function entity_property_verbatim_date_get($data, array $options, $name, $type, $info) {
$name = isset($info['schema field']) ? $info['schema field'] : $name;
return is_numeric($data[$name]) ? $data[$name] : strtotime($data[$name], REQUEST_TIME);
if (is_array($data) || (is_object($data) && $data instanceof ArrayAccess)) {
return is_numeric($data[$name]) ? $data[$name] : strtotime($data[$name], REQUEST_TIME);
}
elseif (is_object($data)) {
return is_numeric($data->$name) ? $data->$name : strtotime($data->$name, REQUEST_TIME);
}
}
/**
@@ -507,6 +512,8 @@ function entity_property_text_formatted_info() {
'label' => t('Text format'),
'options list' => 'entity_metadata_field_text_formats',
'getter callback' => 'entity_property_verbatim_get',
'setter callback' => 'entity_property_verbatim_set',
'setter permissions' => 'administer filters',
),
);
}

67
sites/all/modules/contrib/dev/entity/includes/entity.ui.inc
View File

@@ -724,61 +724,6 @@ function entity_ui_controller_form_submit($form, &$form_state) {
entity_ui_controller($form_state['entity_type'])->$method($form, $form_state);
}
/**
* Gets the page title for the passed operation.
*/
function entity_ui_get_page_title($op, $entity_type, $entity = NULL) {
$label = entity_label($entity_type, $entity);
switch ($op) {
case 'view':
return $label;
case 'edit':
return t('Edit @label', array('@label' => $label));
case 'clone':
return t('Clone @label', array('@label' => $label));
case 'revert':
return t('Revert @label', array('@label' => $label));
case 'delete':
return t('Delete @label', array('@label' => $label));
case 'export':
return t('Export @label', array('@label' => $label));
}
if (isset($entity)) {
list(, , $bundle) = entity_extract_ids($entity_type, $entity);
}
return entity_ui_get_action_title($op, $entity_type, $bundle);
}
/**
* Gets the page/menu title for local action operations.
*
* @param $op
* The current operation. One of 'add' or 'import'.
* @param $entity_type
* The entity type.
* @param $bundle_name
* (Optional) The name of the bundle. May be NULL if the bundle name is not
* relevant to the current page. If the entity type has only one bundle, or no
* bundles, this will be the same as the entity type.
*/
function entity_ui_get_action_title($op, $entity_type, $bundle_name = NULL) {
$info = entity_get_info($entity_type);
switch ($op) {
case 'add':
if (isset($bundle_name) && $bundle_name != $entity_type) {
return t('Add @bundle_name @entity_type', array(
'@bundle_name' => drupal_strtolower($info['bundles'][$bundle_name]['label']),
'@entity_type' => drupal_strtolower($info['label']),
));
}
else {
return t('Add @entity_type', array('@entity_type' => drupal_strtolower($info['label'])));
}
case 'import':
return t('Import @entity_type', array('@entity_type' => drupal_strtolower($info['label'])));
}
}
/**
* Submit builder for the main entity form, which extracts the form values and updates the entity.
*
@@ -820,15 +765,3 @@ function theme_entity_ui_overview_item($variables) {
return $output;
}
/**
* Page callback for viewing an entity.
*
* @param Entity $entity
* The entity to be rendered.
*
* @return array
* A renderable array of the entity in full view mode.
*/
function entity_ui_entity_page_view($entity) {
return $entity->view('full', NULL, TRUE);
}

60
sites/all/modules/contrib/dev/entity/includes/entity.wrapper.inc
View File

@@ -228,10 +228,6 @@ abstract class EntityMetadataWrapper {
* If there is no access information for this property, TRUE is returned.
*/
public function access($op, $account = NULL) {
if (empty($this->info['parent']) && $this instanceof EntityDrupalWrapper) {
// If there is no parent just incorporate entity based access.
return $this->entityAccess($op == 'edit' ? 'update' : 'view', $account);
}
return !empty($this->info['parent']) ? $this->info['parent']->propertyAccess($this->info['name'], $op, $account) : TRUE;
}
@@ -500,19 +496,15 @@ class EntityStructureWrapper extends EntityMetadataWrapper implements IteratorAg
protected function propertyAccess($name, $op, $account = NULL) {
$info = $this->getPropertyInfo($name);
// If the property should be accessed and it's an entity, make sure the user
// is allowed to view that entity.
if ($op == 'view' && $this->$name instanceof EntityDrupalWrapper && !$this->$name->entityAccess($op, $account)) {
return FALSE;
}
// If a property should be edited and this is an entity, make sure the user
// has update access for this entity.
// If a property should be edited and this is part of an entity, make sure
// the user has update access for this entity.
if ($op == 'edit') {
$entity = $this;
while (!($entity instanceof EntityDrupalWrapper) && isset($entity->info['parent'])) {
$entity = $entity->info['parent'];
}
if ($entity instanceof EntityDrupalWrapper && !$entity->entityAccess('update', $account)) {
if ($entity instanceof EntityDrupalWrapper && $entity->entityAccess('update', $account) === FALSE) {
return FALSE;
}
}
@@ -523,6 +515,7 @@ class EntityStructureWrapper extends EntityMetadataWrapper implements IteratorAg
elseif ($op == 'edit' && isset($info['setter permission'])) {
return user_access($info['setter permission'], $account);
}
// If access is unknown, we return TRUE.
return TRUE;
}
@@ -766,7 +759,7 @@ class EntityDrupalWrapper extends EntityStructureWrapper {
elseif ($this->id === FALSE && !$this->data) {
$this->updateParent(NULL);
}
elseif ($previous_id != $this->id) {
elseif ($previous_id !== $this->id) {
$this->updateParent($this->id);
}
return $this;
@@ -804,6 +797,34 @@ class EntityDrupalWrapper extends EntityStructureWrapper {
return $this->type;
}
/**
* {@inheritdoc}
*
* Note that this method checks property access, but can be used for checking
* entity access *only* if the wrapper is not a property (i.e. has no parent
* wrapper).
* To be safe, better use EntityDrupalWrapper::entityAccess() for checking
* entity access.
*/
public function access($op, $account = NULL) {
if (!empty($this->info['parent'])) {
// If this is a property, make sure the user is able to view the
// currently referenced entity also.
if ($this->entityAccess('view', $account) === FALSE) {
return FALSE;
}
if (parent::access($op, $account) === FALSE) {
return FALSE;
}
// If access is unknown, we return TRUE.
return TRUE;
}
else {
// This is not a property, so fallback on entity access.
return $this->entityAccess($op == 'edit' ? 'update' : 'view', $account);
}
}
/**
* Checks whether the operation $op is allowed on the entity.
*
@@ -811,6 +832,12 @@ class EntityDrupalWrapper extends EntityStructureWrapper {
*/
public function entityAccess($op, $account = NULL) {
$entity = $this->dataAvailable() ? $this->value() : NULL;
// The value() method could return FALSE on entities such as user 0, so we
// need to use NULL instead to conform to the expectations of
// entity_access().
if ($entity === FALSE) {
$entity = NULL;
}
return entity_access($op, $this->type, $entity, $account);
}
@@ -1025,8 +1052,11 @@ class EntityListWrapper extends EntityMetadataWrapper implements IteratorAggrega
// Support setting lists of fully loaded entities.
if ($this->isEntityList && $values && is_object(reset($values))) {
foreach ($values as $key => $value) {
list($id, $vid, $bundle) = entity_extract_ids($this->itemType, $value);
$values[$key] = $id;
// Ignore outdated NULL value references in lists of entities.
if (isset($value)) {
list($id, $vid, $bundle) = entity_extract_ids($this->itemType, $value);
$values[$key] = $id;
}
}
}
return parent::set($values);