drupal core updated to 7.28
This commit is contained in:
Bachir Soussi Chiadmi
@@ -8,7 +8,7 @@
|
||||
/**
|
||||
* The current system version.
|
||||
*/
|
||||
define('VERSION', '7.23');
|
||||
define('VERSION', '7.28');
|
||||
|
||||
/**
|
||||
* Core API compatibility.
|
||||
@@ -244,7 +244,7 @@ define('REGISTRY_WRITE_LOOKUP_CACHE', 2);
|
||||
/**
|
||||
* Regular expression to match PHP function names.
|
||||
*
|
||||
* @see http://php.net/manual/en/language.functions.php
|
||||
* @see http://php.net/manual/language.functions.php
|
||||
*/
|
||||
define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*');
|
||||
|
||||
@@ -278,7 +278,7 @@ define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*'
|
||||
* error, and $var will be populated with the contents of $object['foo'], but
|
||||
* that data will be passed by value, not reference. For more information on
|
||||
* the PHP limitation, see the note in the official PHP documentation at·
|
||||
* http://php.net/manual/en/arrayaccess.offsetget.php on
|
||||
* http://php.net/manual/arrayaccess.offsetget.php on
|
||||
* ArrayAccess::offsetGet().
|
||||
*
|
||||
* By default, the class accounts for caches where calling functions might
|
||||
@@ -683,7 +683,8 @@ function drupal_environment_initialize() {
|
||||
ini_set('session.use_only_cookies', '1');
|
||||
ini_set('session.use_trans_sid', '0');
|
||||
// Don't send HTTP headers using PHP's session handler.
|
||||
ini_set('session.cache_limiter', 'none');
|
||||
// An empty string is used here to disable the cache limiter.
|
||||
ini_set('session.cache_limiter', '');
|
||||
// Use httponly session cookies.
|
||||
ini_set('session.cookie_httponly', '1');
|
||||
|
||||
@@ -1278,7 +1279,7 @@ function drupal_page_header() {
|
||||
*/
|
||||
function drupal_serve_page_from_cache(stdClass $cache) {
|
||||
// Negotiate whether to use compression.
|
||||
$page_compression = variable_get('page_compression', TRUE) && extension_loaded('zlib');
|
||||
$page_compression = !empty($cache->data['page_compressed']);
|
||||
$return_compressed = $page_compression && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE;
|
||||
|
||||
// Get headers set in hook_boot(). Keys are lower-case.
|
||||
@@ -1932,6 +1933,33 @@ function drupal_block_denied($ip) {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a URL-safe, base64 encoded string of highly randomized bytes (over the full 8-bit range).
|
||||
*
|
||||
* @param $byte_count
|
||||
* The number of random bytes to fetch and base64 encode.
|
||||
*
|
||||
* @return string
|
||||
* The base64 encoded result will have a length of up to 4 * $byte_count.
|
||||
*/
|
||||
function drupal_random_key($byte_count = 32) {
|
||||
return drupal_base64_encode(drupal_random_bytes($byte_count));
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a URL-safe, base64 encoded version of the supplied string.
|
||||
*
|
||||
* @param $string
|
||||
* The string to convert to base64.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function drupal_base64_encode($string) {
|
||||
$data = base64_encode($string);
|
||||
// Modify the output so it's safe to use in URLs.
|
||||
return strtr($data, array('+' => '-', '/' => '_', '=' => ''));
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a string of highly randomized bytes (over the full 8-bit range).
|
||||
*
|
||||
@@ -1945,38 +1973,34 @@ function drupal_block_denied($ip) {
|
||||
*/
|
||||
function drupal_random_bytes($count) {
|
||||
// $random_state does not use drupal_static as it stores random bytes.
|
||||
static $random_state, $bytes, $php_compatible;
|
||||
// Initialize on the first call. The contents of $_SERVER includes a mix of
|
||||
// user-specific and system information that varies a little with each page.
|
||||
if (!isset($random_state)) {
|
||||
$random_state = print_r($_SERVER, TRUE);
|
||||
if (function_exists('getmypid')) {
|
||||
// Further initialize with the somewhat random PHP process ID.
|
||||
$random_state .= getmypid();
|
||||
}
|
||||
$bytes = '';
|
||||
}
|
||||
if (strlen($bytes) < $count) {
|
||||
static $random_state, $bytes, $has_openssl;
|
||||
|
||||
$missing_bytes = $count - strlen($bytes);
|
||||
|
||||
if ($missing_bytes > 0) {
|
||||
// PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes()
|
||||
// locking on Windows and rendered it unusable.
|
||||
if (!isset($php_compatible)) {
|
||||
$php_compatible = version_compare(PHP_VERSION, '5.3.4', '>=');
|
||||
if (!isset($has_openssl)) {
|
||||
$has_openssl = version_compare(PHP_VERSION, '5.3.4', '>=') && function_exists('openssl_random_pseudo_bytes');
|
||||
}
|
||||
// /dev/urandom is available on many *nix systems and is considered the
|
||||
// best commonly available pseudo-random source.
|
||||
if ($fh = @fopen('/dev/urandom', 'rb')) {
|
||||
|
||||
// openssl_random_pseudo_bytes() will find entropy in a system-dependent
|
||||
// way.
|
||||
if ($has_openssl) {
|
||||
$bytes .= openssl_random_pseudo_bytes($missing_bytes);
|
||||
}
|
||||
|
||||
// Else, read directly from /dev/urandom, which is available on many *nix
|
||||
// systems and is considered cryptographically secure.
|
||||
elseif ($fh = @fopen('/dev/urandom', 'rb')) {
|
||||
// PHP only performs buffered reads, so in reality it will always read
|
||||
// at least 4096 bytes. Thus, it costs nothing extra to read and store
|
||||
// that much so as to speed any additional invocations.
|
||||
$bytes .= fread($fh, max(4096, $count));
|
||||
$bytes .= fread($fh, max(4096, $missing_bytes));
|
||||
fclose($fh);
|
||||
}
|
||||
// openssl_random_pseudo_bytes() will find entropy in a system-dependent
|
||||
// way.
|
||||
elseif ($php_compatible && function_exists('openssl_random_pseudo_bytes')) {
|
||||
$bytes .= openssl_random_pseudo_bytes($count - strlen($bytes));
|
||||
}
|
||||
// If /dev/urandom is not available or returns no bytes, this loop will
|
||||
|
||||
// If we couldn't get enough entropy, this simple hash-based PRNG will
|
||||
// generate a good set of pseudo-random bytes on any system.
|
||||
// Note that it may be important that our $random_state is passed
|
||||
// through hash() prior to being rolled into $output, that the two hash()
|
||||
@@ -1984,9 +2008,23 @@ function drupal_random_bytes($count) {
|
||||
// the microtime() - is prepended rather than appended. This is to avoid
|
||||
// directly leaking $random_state via the $output stream, which could
|
||||
// allow for trivial prediction of further "random" numbers.
|
||||
while (strlen($bytes) < $count) {
|
||||
$random_state = hash('sha256', microtime() . mt_rand() . $random_state);
|
||||
$bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
|
||||
if (strlen($bytes) < $count) {
|
||||
// Initialize on the first call. The contents of $_SERVER includes a mix of
|
||||
// user-specific and system information that varies a little with each page.
|
||||
if (!isset($random_state)) {
|
||||
$random_state = print_r($_SERVER, TRUE);
|
||||
if (function_exists('getmypid')) {
|
||||
// Further initialize with the somewhat random PHP process ID.
|
||||
$random_state .= getmypid();
|
||||
}
|
||||
$bytes = '';
|
||||
}
|
||||
|
||||
do {
|
||||
$random_state = hash('sha256', microtime() . mt_rand() . $random_state);
|
||||
$bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
|
||||
}
|
||||
while (strlen($bytes) < $count);
|
||||
}
|
||||
}
|
||||
$output = substr($bytes, 0, $count);
|
||||
@@ -1997,17 +2035,21 @@ function drupal_random_bytes($count) {
|
||||
/**
|
||||
* Calculates a base-64 encoded, URL-safe sha-256 hmac.
|
||||
*
|
||||
* @param $data
|
||||
* @param string $data
|
||||
* String to be validated with the hmac.
|
||||
* @param $key
|
||||
* @param string $key
|
||||
* A secret string key.
|
||||
*
|
||||
* @return
|
||||
* @return string
|
||||
* A base-64 encoded sha-256 hmac, with + replaced with -, / with _ and
|
||||
* any = padding characters removed.
|
||||
*/
|
||||
function drupal_hmac_base64($data, $key) {
|
||||
$hmac = base64_encode(hash_hmac('sha256', $data, $key, TRUE));
|
||||
// Casting $data and $key to strings here is necessary to avoid empty string
|
||||
// results of the hash function if they are not scalar values. As this
|
||||
// function is used in security-critical contexts like token validation it is
|
||||
// important that it never returns an empty string.
|
||||
$hmac = base64_encode(hash_hmac('sha256', (string) $data, (string) $key, TRUE));
|
||||
// Modify the hmac so it's safe to use in URLs.
|
||||
return strtr($hmac, array('+' => '-', '/' => '_', '=' => ''));
|
||||
}
|
||||
@@ -2108,7 +2150,7 @@ function drupal_array_merge_deep_array($arrays) {
|
||||
* @return Object - the user object.
|
||||
*/
|
||||
function drupal_anonymous_user() {
|
||||
$user = new stdClass();
|
||||
$user = variable_get('drupal_anonymous_user_object', new stdClass);
|
||||
$user->uid = 0;
|
||||
$user->hostname = ip_address();
|
||||
$user->roles = array();
|
||||
@@ -3253,8 +3295,8 @@ function registry_update() {
|
||||
* However, the above line of code does not work, because PHP only allows static
|
||||
* variables to be initializied by literal values, and does not allow static
|
||||
* variables to be assigned to references.
|
||||
* - http://php.net/manual/en/language.variables.scope.php#language.variables.scope.static
|
||||
* - http://php.net/manual/en/language.variables.scope.php#language.variables.scope.references
|
||||
* - http://php.net/manual/language.variables.scope.php#language.variables.scope.static
|
||||
* - http://php.net/manual/language.variables.scope.php#language.variables.scope.references
|
||||
* The example below shows the syntax needed to work around both limitations.
|
||||
* For benchmarks and more information, see http://drupal.org/node/619666.
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user