From b9f2b16d24bba56af28357582ca302856517f39f Mon Sep 17 00:00:00 2001 From: Bachir Soussi Chiadmi Date: Mon, 19 Dec 2016 18:10:13 +0100 Subject: [PATCH] modules security update views_send, elysia_cron --- .../dev/elysia_cron/elysia_cron.drush.inc | 7 ++--- .../contrib/dev/elysia_cron/elysia_cron.info | 6 ++--- .../dev/elysia_cron/elysia_cron.module | 26 ++++++++++++++----- .../contrib/mail/views_send/views_send.info | 6 ++--- .../contrib/mail/views_send/views_send.module | 8 +++--- 5 files changed, 34 insertions(+), 19 deletions(-) diff --git a/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.drush.inc b/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.drush.inc index cf1d26e9..f162552e 100644 --- a/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.drush.inc +++ b/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.drush.inc @@ -26,12 +26,13 @@ function elysia_cron_drush_die() { /** * Wrapper for drush_invoke(). */ -function elysia_cron_drush_invoke($replace_core_cron = FALSE) { +function elysia_cron_drush_invoke() { $args = drush_get_arguments(); array_shift($args); - // If invoked like 'core-cron' I do the same as that: execute 'run'. - if ($replace_core_cron && empty($args)) { + // If drush command has no arguments or the first argument is not in the + // list of allowed operations then we assume the cron execution. + if (empty($args) || !in_array($args[0], array('list', 'run', 'enable', 'disable'))) { $args = array('run'); } diff --git a/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.info b/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.info index 70db406c..6d9457da 100644 --- a/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.info +++ b/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.info @@ -4,9 +4,9 @@ core = 7.x configure = admin/config/system/cron -; Information added by Drupal.org packaging script on 2016-10-10 -version = "7.x-2.3" +; Information added by Drupal.org packaging script on 2016-11-23 +version = "7.x-2.4" core = "7.x" project = "elysia_cron" -datestamp = "1476088169" +datestamp = "1479877741" diff --git a/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.module b/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.module index 4e321a18..d245ac34 100644 --- a/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.module +++ b/sites/all/modules/contrib/dev/elysia_cron/elysia_cron.module @@ -113,6 +113,7 @@ function elysia_cron_permission() { 'administer elysia_cron' => array( 'title' => t('Administer elysia cron'), 'description' => t('Perform changes to cron jobs timings, disable cron or single jobs and access cron execution statistics'), + 'restrict access' => TRUE, ), 'execute elysia_cron' => array( 'title' => t('Execute elysia cron jobs'), @@ -142,9 +143,11 @@ function elysia_cron_exit() { function elysia_cron_cron() { global $_elysia_cron_exit_phase, $_elysia_cron_drush; - // If invoked "core-cron" via drush i'll redirect to elysia-cron handler. + // If cron has been executed via "drush core-cron" or any other custom drush + // command then we run internal cron handler which is designed to handle + // cron executions from drush. if (function_exists('elysia_cron_drush_detect') && elysia_cron_drush_detect()) { - elysia_cron_drush_invoke(TRUE); + elysia_cron_drush_invoke(); } // First cron run is executed in standard drupal way. @@ -1039,8 +1042,8 @@ function elysia_cron_module_jobs() { $jobs[$job] = $jobs[$job] + array( 'module' => $module, - 'callback' => is_callable($job) ? $job : $function, - 'arguments' => is_callable($job) ? array() : array('execute', $job), + 'callback' => $job, + 'arguments' => array(), ); } } @@ -1445,8 +1448,11 @@ function elysia_cron_internal_execute_job($job) { try { if (!empty($_elysia_cron_settings[$job]['file'])) { - include_once((!empty($_elysia_cron_settings[$job]['file path']) ? $_elysia_cron_settings[$job]['file path'] : drupal_get_path('module', $_elysia_cron_settings[$job]['module'])) . DIRECTORY_SEPARATOR . $_elysia_cron_settings[$job]['file']); + $file_path = !empty($_elysia_cron_settings[$job]['file path']) ? $_elysia_cron_settings[$job]['file path'] : drupal_get_path('module', $_elysia_cron_settings[$job]['module']); + $file_path .= DIRECTORY_SEPARATOR . $_elysia_cron_settings[$job]['file']; + include_once $file_path; } + if (!empty($_elysia_cron_settings[$job]['expression'])) { eval($_elysia_cron_settings[$job]['expression']); } @@ -1454,7 +1460,15 @@ function elysia_cron_internal_execute_job($job) { call_user_func_array($_elysia_cron_settings[$job]['callback'], $_elysia_cron_settings[$job]['arguments']); } else { - elysia_cron_error('Execution of ' . $job . ' failed, can\'t find function!', array(), TRUE); + $function = $_elysia_cron_settings[$job]['module'] . '_cronapi'; + $arguments = array('execute', $job); + + if (is_callable($function)) { + call_user_func_array($function, $arguments); + } + else { + elysia_cron_error('Execution of ' . $job . ' failed, can\'t find function!', array(), TRUE); + } } } catch (Exception $e) { diff --git a/sites/all/modules/contrib/mail/views_send/views_send.info b/sites/all/modules/contrib/mail/views_send/views_send.info index 8ce0fe91..bcaa73aa 100644 --- a/sites/all/modules/contrib/mail/views_send/views_send.info +++ b/sites/all/modules/contrib/mail/views_send/views_send.info @@ -8,9 +8,9 @@ core = 7.x files[] = views_send.rules.inc files[] = views/views_send_handler_field_selector.inc -; Information added by Drupal.org packaging script on 2016-03-29 -version = "7.x-1.2" +; Information added by Drupal.org packaging script on 2016-11-09 +version = "7.x-1.3" core = "7.x" project = "views_send" -datestamp = "1459239847" +datestamp = "1478685242" diff --git a/sites/all/modules/contrib/mail/views_send/views_send.module b/sites/all/modules/contrib/mail/views_send/views_send.module index 5f419805..01bb4e38 100644 --- a/sites/all/modules/contrib/mail/views_send/views_send.module +++ b/sites/all/modules/contrib/mail/views_send/views_send.module @@ -497,7 +497,7 @@ function views_send_confirm_form($form, &$form_state, $view, $output) { '#type' => 'item', '#title' => t('From'), '#markup' => '
' . - (empty($from_name) ? $from_mail : $from_name . check_plain(' <' . $from_mail . '>')) . + check_plain(_views_send_format_address($from_mail, $from_name, FALSE)) . '
', ); @@ -517,7 +517,7 @@ function views_send_confirm_form($form, &$form_state, $view, $output) { } $mail_addresses = _views_send_get_field_value_from_views_row($view, $row_id, $to_mail_field, 'mail'); foreach ($mail_addresses as $mail_address) { - $recipients[] = check_plain(empty($to_name) ? $mail_address : trim($to_name) . ' <' . $mail_address . '>'); + $recipients[] = check_plain(_views_send_format_address($mail_address, $to_name, FALSE)); } } @@ -529,7 +529,7 @@ function views_send_confirm_form($form, &$form_state, $view, $output) { $form['subject'] = array( '#type' => 'item', '#title' => t('Subject'), - '#markup' => '
' . $configuration['views_send_subject'] . '
', + '#markup' => '
' . check_plain($configuration['views_send_subject']) . '
', ); $form['message'] = array( '#type' => 'item', @@ -539,7 +539,7 @@ function views_send_confirm_form($form, &$form_state, $view, $output) { $headers = array(); foreach (_views_send_headers($configuration['views_send_receipt'], $configuration['views_send_priority'], $configuration['views_send_from_mail'], $configuration['views_send_headers']) as $key => $value) { - $headers[] = $key . ': ' . $value; + $headers[] = check_plain($key . ': ' . $value); } $form['headers'] = array(