bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security updates

Browse Source 
have to check views and entityreference for custom patches
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-19 20:45:16 +02:00
parent 802ec0c6f3
commit b3221c71e2
516 changed files with 14267 additions and 7349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sites/all/modules/contrib/dev/entity/views/handlers/entity_views_field_handler_helper.inc
View File

@@ -196,8 +196,14 @@ class EntityFieldHandlerHelper {
if ($handler->relationship) {
$current_handler = $handler;
$view = $current_handler->view;
while (!empty($current_handler->relationship) && !empty($view->relationship[$current_handler->relationship])) {
$current_handler = $view->relationship[$current_handler->relationship];
$relationships = array();
// Collect all relationships, keyed by alias.
foreach ($view->relationship as $key => $relationship) {
$key = $relationship->alias ? $relationship->alias : $key;
$relationships[$key] = $relationship;
}
while (!empty($current_handler->relationship) && !empty($relationships[$current_handler->relationship])) {
$current_handler = $relationships[$current_handler->relationship];
$return = $current_handler->real_field . ($return ? ":$return" : '');
}
}
@@ -337,7 +343,7 @@ class EntityFieldHandlerHelper {
$values->_entity_properties[$selector] = $wrapper->value();
}
else {
$values->_entity_properties[$selector] = isset($wrapper->$field) ? $wrapper->$field->value(array('identifier' => TRUE)) : $default;
$values->_entity_properties[$selector] = isset($wrapper->$field) ? $wrapper->$field->value(array('identifier' => TRUE, 'sanitize' => TRUE)) : $default;
}
}
catch (EntityMetadataWrapperException $e) {

4
sites/all/modules/contrib/dev/entity/views/handlers/entity_views_handler_field_duration.inc
View File

@@ -122,8 +122,10 @@ class entity_views_handler_field_duration extends views_handler_field {
if ($this->options['format_interval']) {
$value = format_interval($value, (int) $this->options['granularity']);
}
// Value sanitization is handled by the wrapper, see
// EntityFieldHandlerHelper::get_value().
return $this->sanitize_value($this->options['prefix'], 'xss') .
$this->sanitize_value($value) .
$value .
$this->sanitize_value($this->options['suffix'], 'xss');
}

5
sites/all/modules/contrib/dev/entity/views/handlers/entity_views_handler_field_options.inc
View File

@@ -112,8 +112,9 @@ class entity_views_handler_field_options extends views_handler_field {
if ($this->options['format_name'] && isset($this->option_list[$value])) {
$value = $this->option_list[$value];
}
return $this->sanitize_value($value);
// Sanitization is handled by the wrapper, see
// EntityFieldHandlerHelper::get_value().
return $value;
}
}

4
sites/all/modules/contrib/dev/entity/views/handlers/entity_views_handler_field_text.inc
View File

@@ -93,7 +93,9 @@ class entity_views_handler_field_text extends views_handler_field {
* Render a single field value.
*/
public function render_single_value($value, $values) {
return $this->sanitize_value($value, 'xss');
// Sanitization is handled by the wrapper, see
// EntityFieldHandlerHelper::get_value().
return $value;
}
}

2
sites/all/modules/contrib/dev/entity/views/handlers/entity_views_handler_relationship_by_bundle.inc
View File

@@ -93,7 +93,7 @@ class entity_views_handler_relationship_by_bundle extends views_handler_relation
$def['extra'] = array(
array(
// The table and the IN operator are implicit.
'field' => $entity_info['bundle keys']['bundle'],
'field' => $entity_info['entity keys']['bundle'],
'value' => $this->options['bundle_types'],
),
);