diff --git a/CHANGELOG.txt b/CHANGELOG.txt index dbe104f9..04cff864 100755 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,4 +1,12 @@ +Drupal 7.39, 2015-08-19 +----------------------- +- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003. + +Drupal 7.38, 2015-06-17 +----------------------- +- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-002. + Drupal 7.37, 2015-05-07 ----------------------- - Fixed a regression in Drupal 7.36 which caused certain kinds of content types diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 00000000..d159169d --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/PATCHE_LIST.txt b/PATCHE_LIST.txt index 3a3f9eec..cb9dddd1 100644 --- a/PATCHE_LIST.txt +++ b/PATCHE_LIST.txt @@ -23,4 +23,4 @@ search_api_solr termreferencetree views wysiwyg - +views_rss_media diff --git a/includes/ajax.inc b/includes/ajax.inc index 6e8e277b..50e8e28a 100755 --- a/includes/ajax.inc +++ b/includes/ajax.inc @@ -230,6 +230,10 @@ * functions. */ function ajax_render($commands = array()) { + // Although ajax_deliver() does this, some contributed and custom modules + // render Ajax responses without using that delivery callback. + ajax_set_verification_header(); + // Ajax responses aren't rendered with html.tpl.php, so we have to call // drupal_get_css() and drupal_get_js() here, in order to have new files added // during this request to be loaded by the page. We only want to send back @@ -487,6 +491,9 @@ function ajax_deliver($page_callback_result) { } } + // Let ajax.js know that this response is safe to process. + ajax_set_verification_header(); + // Print the response. $commands = ajax_prepare_response($page_callback_result); $json = ajax_render($commands); @@ -576,6 +583,29 @@ function ajax_prepare_response($page_callback_result) { return $commands; } +/** + * Sets a response header for ajax.js to trust the response body. + * + * It is not safe to invoke Ajax commands within user-uploaded files, so this + * header protects against those being invoked. + * + * @see Drupal.ajax.options.success() + */ +function ajax_set_verification_header() { + $added = &drupal_static(__FUNCTION__); + + // User-uploaded files cannot set any response headers, so a custom header is + // used to indicate to ajax.js that this response is safe. Note that most + // Ajax requests bound using the Form API will be protected by having the URL + // flagged as trusted in Drupal.settings, so this header is used only for + // things like custom markup that gets Ajax behaviors attached. + if (empty($added)) { + drupal_add_http_header('X-Drupal-Ajax-Token', '1'); + // Avoid sending the header twice. + $added = TRUE; + } +} + /** * Performs end-of-Ajax-request tasks. * @@ -764,7 +794,12 @@ function ajax_pre_render_element($element) { $element['#attached']['js'][] = array( 'type' => 'setting', - 'data' => array('ajax' => array($element['#id'] => $settings)), + 'data' => array( + 'ajax' => array($element['#id'] => $settings), + 'urlIsAjaxTrusted' => array( + $settings['url'] => TRUE, + ), + ), ); // Indicate that Ajax processing was successful. diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index b572cde9..e14626ca 100755 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.37'); +define('VERSION', '7.39'); /** * Core API compatibility. diff --git a/includes/common.inc b/includes/common.inc index cd301455..ceac115a 100755 --- a/includes/common.inc +++ b/includes/common.inc @@ -6329,13 +6329,21 @@ function drupal_render_cid_parts($granularity = NULL) { } if (!empty($granularity)) { + $cache_per_role = $granularity & DRUPAL_CACHE_PER_ROLE; + $cache_per_user = $granularity & DRUPAL_CACHE_PER_USER; + // User 1 has special permissions outside of the role system, so when + // caching per role is requested, it should cache per user instead. + if ($user->uid == 1 && $cache_per_role) { + $cache_per_user = TRUE; + $cache_per_role = FALSE; + } // 'PER_ROLE' and 'PER_USER' are mutually exclusive. 'PER_USER' can be a // resource drag for sites with many users, so when a module is being // equivocal, we favor the less expensive 'PER_ROLE' pattern. - if ($granularity & DRUPAL_CACHE_PER_ROLE) { + if ($cache_per_role) { $cid_parts[] = 'r.' . implode(',', array_keys($user->roles)); } - elseif ($granularity & DRUPAL_CACHE_PER_USER) { + elseif ($cache_per_user) { $cid_parts[] = "u.$user->uid"; } diff --git a/includes/database/database.inc b/includes/database/database.inc index 01b63858..3d776b57 100755 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -626,7 +626,7 @@ abstract class DatabaseConnection extends PDO { * A sanitized version of the query comment string. */ protected function filterComment($comment = '') { - return preg_replace('/(\/\*\s*)|(\s*\*\/)/', '', $comment); + return strtr($comment, array('*' => ' * ')); } /** diff --git a/includes/form.inc b/includes/form.inc index 306747ba..f7671bed 100755 --- a/includes/form.inc +++ b/includes/form.inc @@ -1128,6 +1128,17 @@ function drupal_prepare_form($form_id, &$form, &$form_state) { drupal_alter($hooks, $form, $form_state, $form_id); } +/** + * Helper function to call form_set_error() if there is a token error. + */ +function _drupal_invalid_token_set_form_error() { + $path = current_path(); + $query = drupal_get_query_parameters(); + $url = url($path, array('query' => $query)); + + // Setting this error will cause the form to fail validation. + form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then reload this page.', array('@link' => $url))); +} /** * Validates user-submitted form data in the $form_state array. @@ -1162,16 +1173,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) { } // If the session token was set by drupal_prepare_form(), ensure that it - // matches the current user's session. + // matches the current user's session. This is duplicate to code in + // form_builder() but left to protect any custom form handling code. if (isset($form['#token'])) { - if (!drupal_valid_token($form_state['values']['form_token'], $form['#token'])) { - $path = current_path(); - $query = drupal_get_query_parameters(); - $url = url($path, array('query' => $query)); - - // Setting this error will cause the form to fail validation. - form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then reload this page.', array('@link' => $url))); - + if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) { + _drupal_invalid_token_set_form_error(); // Stop here and don't run any further validation handlers, because they // could invoke non-safe operations which opens the door for CSRF // vulnerabilities. @@ -1827,6 +1833,20 @@ function form_builder($form_id, &$element, &$form_state) { // from the POST data is set and matches the current form_id. if ($form_state['programmed'] || (!empty($form_state['input']) && (isset($form_state['input']['form_id']) && ($form_state['input']['form_id'] == $form_id)))) { $form_state['process_input'] = TRUE; + // If the session token was set by drupal_prepare_form(), ensure that it + // matches the current user's session. + $form_state['invalid_token'] = FALSE; + if (isset($element['#token'])) { + if (empty($form_state['input']['form_token']) || !drupal_valid_token($form_state['input']['form_token'], $element['#token'])) { + // Set an early form error to block certain input processing since that + // opens the door for CSRF vulnerabilities. + _drupal_invalid_token_set_form_error(); + // This value is checked in _form_builder_handle_input_element(). + $form_state['invalid_token'] = TRUE; + // Make sure file uploads do not get processed. + $_FILES = array(); + } + } } else { $form_state['process_input'] = FALSE; @@ -1930,6 +1950,18 @@ function form_builder($form_id, &$element, &$form_state) { $element['#attributes']['enctype'] = 'multipart/form-data'; } + // Allow Ajax submissions to the form action to bypass verification. This is + // especially useful for multipart forms, which cannot be verified via a + // response header. + $element['#attached']['js'][] = array( + 'type' => 'setting', + 'data' => array( + 'urlIsAjaxTrusted' => array( + $element['#action'] => TRUE, + ), + ), + ); + // If a form contains a single textfield, and the ENTER key is pressed // within it, Internet Explorer submits the form with no POST data // identifying any submit button. Other browsers submit POST data as though @@ -1978,6 +2010,19 @@ function form_builder($form_id, &$element, &$form_state) { * Adds the #name and #value properties of an input element before rendering. */ function _form_builder_handle_input_element($form_id, &$element, &$form_state) { + static $safe_core_value_callbacks = array( + 'form_type_token_value', + 'form_type_textarea_value', + 'form_type_textfield_value', + 'form_type_checkbox_value', + 'form_type_checkboxes_value', + 'form_type_radios_value', + 'form_type_password_confirm_value', + 'form_type_select_value', + 'form_type_tableselect_value', + 'list_boolean_allowed_values_callback', + ); + if (!isset($element['#name'])) { $name = array_shift($element['#parents']); $element['#name'] = $name; @@ -2056,7 +2101,14 @@ function _form_builder_handle_input_element($form_id, &$element, &$form_state) { // property, optionally filtered through $value_callback. if ($input_exists) { if (function_exists($value_callback)) { - $element['#value'] = $value_callback($element, $input, $form_state); + // Skip all value callbacks except safe ones like text if the CSRF + // token was invalid. + if (empty($form_state['invalid_token']) || in_array($value_callback, $safe_core_value_callbacks)) { + $element['#value'] = $value_callback($element, $input, $form_state); + } + else { + $input = NULL; + } } if (!isset($element['#value']) && isset($input)) { $element['#value'] = $input; @@ -3910,6 +3962,29 @@ function theme_hidden($variables) { return '\n"; } +/** + * Process function to prepare autocomplete data. + * + * @param $element + * A textfield or other element with a #autocomplete_path. + * + * @return array + * The processed form element. + */ +function form_process_autocomplete($element) { + $element['#autocomplete_input'] = array(); + if ($element['#autocomplete_path'] && drupal_valid_path($element['#autocomplete_path'])) { + $element['#autocomplete_input']['#id'] = $element['#id'] .'-autocomplete'; + // Force autocomplete to use non-clean URLs since this protects against the + // browser interpreting the path plus search string as an actual file. + $current_clean_url = isset($GLOBALS['conf']['clean_url']) ? $GLOBALS['conf']['clean_url'] : NULL; + $GLOBALS['conf']['clean_url'] = 0; + $element['#autocomplete_input']['#url_value'] = url($element['#autocomplete_path'], array('absolute' => TRUE)); + $GLOBALS['conf']['clean_url'] = $current_clean_url; + } + return $element; +} + /** * Returns HTML for a textfield form element. * @@ -3928,14 +4003,14 @@ function theme_textfield($variables) { _form_set_class($element, array('form-text')); $extra = ''; - if ($element['#autocomplete_path'] && drupal_valid_path($element['#autocomplete_path'])) { + if ($element['#autocomplete_path'] && !empty($element['#autocomplete_input'])) { drupal_add_library('system', 'drupal.autocomplete'); $element['#attributes']['class'][] = 'form-autocomplete'; $attributes = array(); $attributes['type'] = 'hidden'; - $attributes['id'] = $element['#attributes']['id'] . '-autocomplete'; - $attributes['value'] = url($element['#autocomplete_path'], array('absolute' => TRUE)); + $attributes['id'] = $element['#autocomplete_input']['#id']; + $attributes['value'] = $element['#autocomplete_input']['#url_value']; $attributes['disabled'] = 'disabled'; $attributes['class'][] = 'autocomplete'; $extra = ''; diff --git a/includes/menu.inc b/includes/menu.inc index 8e26b6de..0e9c977c 100755 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -1487,7 +1487,7 @@ function menu_tree_collect_node_links(&$tree, &$node_links) { * menu_tree_collect_node_links(). */ function menu_tree_check_access(&$tree, $node_links = array()) { - if ($node_links) { + if ($node_links && (user_access('access content') || user_access('bypass node access'))) { $nids = array_keys($node_links); $select = db_select('node', 'n'); $select->addField('n', 'nid'); diff --git a/misc/ajax.js b/misc/ajax.js index 01b894d7..bb4a6e14 100755 --- a/misc/ajax.js +++ b/misc/ajax.js @@ -14,6 +14,8 @@ Drupal.ajax = Drupal.ajax || {}; +Drupal.settings.urlIsAjaxTrusted = Drupal.settings.urlIsAjaxTrusted || {}; + /** * Attaches the Ajax behavior to each Ajax form element. */ @@ -130,6 +132,11 @@ Drupal.ajax = function (base, element, element_settings) { // 5. /nojs# - Followed by a fragment. // E.g.: path/nojs#myfragment this.url = element_settings.url.replace(/\/nojs(\/|$|\?|&|#)/g, '/ajax$1'); + // If the 'nojs' version of the URL is trusted, also trust the 'ajax' version. + if (Drupal.settings.urlIsAjaxTrusted[element_settings.url]) { + Drupal.settings.urlIsAjaxTrusted[this.url] = true; + } + this.wrapper = '#' + element_settings.wrapper; // If there isn't a form, jQuery.ajax() will be used instead, allowing us to @@ -155,18 +162,36 @@ Drupal.ajax = function (base, element, element_settings) { ajax.ajaxing = true; return ajax.beforeSend(xmlhttprequest, options); }, - success: function (response, status) { + success: function (response, status, xmlhttprequest) { // Sanity check for browser support (object expected). // When using iFrame uploads, responses must be returned as a string. if (typeof response == 'string') { response = $.parseJSON(response); } + + // Prior to invoking the response's commands, verify that they can be + // trusted by checking for a response header. See + // ajax_set_verification_header() for details. + // - Empty responses are harmless so can bypass verification. This avoids + // an alert message for server-generated no-op responses that skip Ajax + // rendering. + // - Ajax objects with trusted URLs (e.g., ones defined server-side via + // #ajax) can bypass header verification. This is especially useful for + // Ajax with multipart forms. Because IFRAME transport is used, the + // response headers cannot be accessed for verification. + if (response !== null && !Drupal.settings.urlIsAjaxTrusted[ajax.url]) { + if (xmlhttprequest.getResponseHeader('X-Drupal-Ajax-Token') !== '1') { + var customMessage = Drupal.t("The response failed verification so will not be processed."); + return ajax.error(xmlhttprequest, ajax.url, customMessage); + } + } + return ajax.success(response, status); }, - complete: function (response, status) { + complete: function (xmlhttprequest, status) { ajax.ajaxing = false; if (status == 'error' || status == 'parsererror') { - return ajax.error(response, ajax.url); + return ajax.error(xmlhttprequest, ajax.url); } }, dataType: 'json', @@ -175,6 +200,9 @@ Drupal.ajax = function (base, element, element_settings) { // Bind the ajaxSubmit function to the element event. $(ajax.element).bind(element_settings.event, function (event) { + if (!Drupal.settings.urlIsAjaxTrusted[ajax.url] && !Drupal.urlIsLocal(ajax.url)) { + throw new Error(Drupal.t('The callback URL is not local and not trusted: !url', {'!url': ajax.url})); + } return ajax.eventResponse(this, event); }); @@ -447,8 +475,8 @@ Drupal.ajax.prototype.getEffect = function (response) { /** * Handler for the form redirection error. */ -Drupal.ajax.prototype.error = function (response, uri) { - alert(Drupal.ajaxError(response, uri)); +Drupal.ajax.prototype.error = function (xmlhttprequest, uri, customMessage) { + alert(Drupal.ajaxError(xmlhttprequest, uri, customMessage)); // Remove the progress element. if (this.progress.element) { $(this.progress.element).remove(); @@ -462,7 +490,7 @@ Drupal.ajax.prototype.error = function (response, uri) { $(this.element).removeClass('progress-disabled').removeAttr('disabled'); // Reattach behaviors, if they were detached in beforeSerialize(). if (this.form) { - var settings = response.settings || this.settings || Drupal.settings; + var settings = this.settings || Drupal.settings; Drupal.attachBehaviors(this.form, settings); } }; diff --git a/misc/autocomplete.js b/misc/autocomplete.js index 56790817..d71441b6 100755 --- a/misc/autocomplete.js +++ b/misc/autocomplete.js @@ -271,8 +271,11 @@ Drupal.ACDB.prototype.search = function (searchString) { var db = this; this.searchString = searchString; - // See if this string needs to be searched for anyway. - searchString = searchString.replace(/^\s+|\s+$/, ''); + // See if this string needs to be searched for anyway. The pattern ../ is + // stripped since it may be misinterpreted by the browser. + searchString = searchString.replace(/^\s+|\.{2,}\/|\s+$/g, ''); + // Skip empty search strings, or search strings ending with a comma, since + // that is the separator between search terms. if (searchString.length <= 0 || searchString.charAt(searchString.length - 1) == ',') { return; diff --git a/misc/drupal.js b/misc/drupal.js index 643baa1b..427c4a1e 100755 --- a/misc/drupal.js +++ b/misc/drupal.js @@ -269,6 +269,72 @@ Drupal.formatPlural = function (count, singular, plural, args, options) { } }; +/** + * Returns the passed in URL as an absolute URL. + * + * @param url + * The URL string to be normalized to an absolute URL. + * + * @return + * The normalized, absolute URL. + * + * @see https://github.com/angular/angular.js/blob/v1.4.4/src/ng/urlUtils.js + * @see https://grack.com/blog/2009/11/17/absolutizing-url-in-javascript + * @see https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L53 + */ +Drupal.absoluteUrl = function (url) { + var urlParsingNode = document.createElement('a'); + + // Decode the URL first; this is required by IE <= 6. Decoding non-UTF-8 + // strings may throw an exception. + try { + url = decodeURIComponent(url); + } catch (e) {} + + urlParsingNode.setAttribute('href', url); + + // IE <= 7 normalizes the URL when assigned to the anchor node similar to + // the other browsers. + return urlParsingNode.cloneNode(false).href; +}; + +/** + * Returns true if the URL is within Drupal's base path. + * + * @param url + * The URL string to be tested. + * + * @return + * Boolean true if local. + * + * @see https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L58 + */ +Drupal.urlIsLocal = function (url) { + // Always use browser-derived absolute URLs in the comparison, to avoid + // attempts to break out of the base path using directory traversal. + var absoluteUrl = Drupal.absoluteUrl(url); + var protocol = location.protocol; + + // Consider URLs that match this site's base URL but use HTTPS instead of HTTP + // as local as well. + if (protocol === 'http:' && absoluteUrl.indexOf('https:') === 0) { + protocol = 'https:'; + } + var baseUrl = protocol + '//' + location.host + Drupal.settings.basePath.slice(0, -1); + + // Decoding non-UTF-8 strings may throw an exception. + try { + absoluteUrl = decodeURIComponent(absoluteUrl); + } catch (e) {} + try { + baseUrl = decodeURIComponent(baseUrl); + } catch (e) {} + + // The given URL matches the site's base URL, or has a path under the site's + // base URL. + return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0; +}; + /** * Generate the themed representation of a Drupal object. * @@ -350,7 +416,7 @@ Drupal.getSelection = function (element) { /** * Build an error message from an Ajax response. */ -Drupal.ajaxError = function (xmlhttp, uri) { +Drupal.ajaxError = function (xmlhttp, uri, customMessage) { var statusCode, statusText, pathText, responseText, readyStateText, message; if (xmlhttp.status) { statusCode = "\n" + Drupal.t("An AJAX HTTP error occurred.") + "\n" + Drupal.t("HTTP Result Code: !status", {'!status': xmlhttp.status}); @@ -383,7 +449,10 @@ Drupal.ajaxError = function (xmlhttp, uri) { // We don't need readyState except for status == 0. readyStateText = xmlhttp.status == 0 ? ("\n" + Drupal.t("ReadyState: !readyState", {'!readyState': xmlhttp.readyState})) : ""; - message = statusCode + pathText + statusText + responseText + readyStateText; + // Additional message beyond what the xmlhttp object provides. + customMessage = customMessage ? ("\n" + Drupal.t("CustomMessage: !customMessage", {'!customMessage': customMessage})) : ""; + + message = statusCode + pathText + statusText + customMessage + responseText + readyStateText; return message; }; diff --git a/modules/aggregator/aggregator.info b/modules/aggregator/aggregator.info index 9b58c7ae..e7e8fa55 100755 --- a/modules/aggregator/aggregator.info +++ b/modules/aggregator/aggregator.info @@ -7,8 +7,8 @@ files[] = aggregator.test configure = admin/config/services/aggregator/settings stylesheets[all][] = aggregator.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/aggregator/tests/aggregator_test.info b/modules/aggregator/tests/aggregator_test.info index b280da36..e862225f 100755 --- a/modules/aggregator/tests/aggregator_test.info +++ b/modules/aggregator/tests/aggregator_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/block/block.info b/modules/block/block.info index c74719c6..e5f66a7d 100755 --- a/modules/block/block.info +++ b/modules/block/block.info @@ -6,8 +6,8 @@ core = 7.x files[] = block.test configure = admin/structure/block -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/block/tests/block_test.info b/modules/block/tests/block_test.info index 64567672..59a1c5b8 100755 --- a/modules/block/tests/block_test.info +++ b/modules/block/tests/block_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/block/tests/themes/block_test_theme/block_test_theme.info b/modules/block/tests/themes/block_test_theme/block_test_theme.info index ac051b81..0dc755e5 100755 --- a/modules/block/tests/themes/block_test_theme/block_test_theme.info +++ b/modules/block/tests/themes/block_test_theme/block_test_theme.info @@ -13,8 +13,8 @@ regions[footer] = Footer regions[highlighted] = Highlighted regions[help] = Help -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/blog/blog.info b/modules/blog/blog.info index 9afba060..c876ba60 100755 --- a/modules/blog/blog.info +++ b/modules/blog/blog.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = blog.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/book/book.info b/modules/book/book.info index fc8009f0..fd33b32b 100755 --- a/modules/book/book.info +++ b/modules/book/book.info @@ -7,8 +7,8 @@ files[] = book.test configure = admin/content/book/settings stylesheets[all][] = book.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/color/color.info b/modules/color/color.info index cbfd2f7e..994091b3 100755 --- a/modules/color/color.info +++ b/modules/color/color.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = color.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/comment/comment.info b/modules/comment/comment.info index f4b52d99..77cf16aa 100755 --- a/modules/comment/comment.info +++ b/modules/comment/comment.info @@ -9,8 +9,8 @@ files[] = comment.test configure = admin/content/comment stylesheets[all][] = comment.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/contact/contact.info b/modules/contact/contact.info index 80ce4bda..08e50f99 100755 --- a/modules/contact/contact.info +++ b/modules/contact/contact.info @@ -6,8 +6,8 @@ core = 7.x files[] = contact.test configure = admin/structure/contact -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/contextual/contextual.info b/modules/contextual/contextual.info index 91c9befb..c7df84a0 100755 --- a/modules/contextual/contextual.info +++ b/modules/contextual/contextual.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = contextual.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/dashboard/dashboard.info b/modules/dashboard/dashboard.info index 3f806f8f..201d71eb 100755 --- a/modules/dashboard/dashboard.info +++ b/modules/dashboard/dashboard.info @@ -7,8 +7,8 @@ files[] = dashboard.test dependencies[] = block configure = admin/dashboard/customize -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/dblog/dblog.info b/modules/dblog/dblog.info index f41ed9a5..9b5f5d74 100755 --- a/modules/dblog/dblog.info +++ b/modules/dblog/dblog.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = dblog.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/field.info b/modules/field/field.info index 92a77522..c154828c 100755 --- a/modules/field/field.info +++ b/modules/field/field.info @@ -11,8 +11,8 @@ dependencies[] = field_sql_storage required = TRUE stylesheets[all][] = theme/field.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/modules/field_sql_storage/field_sql_storage.info b/modules/field/modules/field_sql_storage/field_sql_storage.info index 0a63aa89..dc1631f9 100755 --- a/modules/field/modules/field_sql_storage/field_sql_storage.info +++ b/modules/field/modules/field_sql_storage/field_sql_storage.info @@ -7,8 +7,8 @@ dependencies[] = field files[] = field_sql_storage.test required = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/modules/list/list.info b/modules/field/modules/list/list.info index fead58c8..49e7814f 100755 --- a/modules/field/modules/list/list.info +++ b/modules/field/modules/list/list.info @@ -7,8 +7,8 @@ dependencies[] = field dependencies[] = options files[] = tests/list.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/modules/list/tests/list_test.info b/modules/field/modules/list/tests/list_test.info index 2725f23e..912d7bf6 100755 --- a/modules/field/modules/list/tests/list_test.info +++ b/modules/field/modules/list/tests/list_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/modules/number/number.info b/modules/field/modules/number/number.info index b021cd37..ce55ee33 100755 --- a/modules/field/modules/number/number.info +++ b/modules/field/modules/number/number.info @@ -6,8 +6,8 @@ core = 7.x dependencies[] = field files[] = number.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/modules/options/options.info b/modules/field/modules/options/options.info index 78e2ef37..1a5ba124 100755 --- a/modules/field/modules/options/options.info +++ b/modules/field/modules/options/options.info @@ -6,8 +6,8 @@ core = 7.x dependencies[] = field files[] = options.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/modules/text/text.info b/modules/field/modules/text/text.info index e1e702d3..e8db6294 100755 --- a/modules/field/modules/text/text.info +++ b/modules/field/modules/text/text.info @@ -7,8 +7,8 @@ dependencies[] = field files[] = text.test required = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field/tests/field_test.info b/modules/field/tests/field_test.info index 12d5b592..0e66b280 100755 --- a/modules/field/tests/field_test.info +++ b/modules/field/tests/field_test.info @@ -6,8 +6,8 @@ files[] = field_test.entity.inc version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field_ui/field_ui.admin.inc b/modules/field_ui/field_ui.admin.inc index 5d74a5ca..7d09d6f8 100755 --- a/modules/field_ui/field_ui.admin.inc +++ b/modules/field_ui/field_ui.admin.inc @@ -2105,6 +2105,10 @@ function field_ui_next_destination($entity_type, $bundle) { $destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array(); if (!empty($destinations)) { unset($_REQUEST['destinations']); + } + // Remove any external URLs. + $destinations = array_diff($destinations, array_filter($destinations, 'url_is_external')); + if ($destinations) { return field_ui_get_destinations($destinations); } $admin_path = _field_ui_bundle_admin_path($entity_type, $bundle); diff --git a/modules/field_ui/field_ui.info b/modules/field_ui/field_ui.info index 955d6c4b..aa1e46b7 100755 --- a/modules/field_ui/field_ui.info +++ b/modules/field_ui/field_ui.info @@ -6,8 +6,8 @@ core = 7.x dependencies[] = field files[] = field_ui.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/field_ui/field_ui.test b/modules/field_ui/field_ui.test index 21767d64..8c42aa6f 100755 --- a/modules/field_ui/field_ui.test +++ b/modules/field_ui/field_ui.test @@ -445,6 +445,19 @@ class FieldUIManageFieldsTestCase extends FieldUITestCase { $this->assertText(t('The machine-readable name is already in use. It must be unique.')); $this->assertUrl($url, array(), 'Stayed on the same page.'); } + + /** + * Tests that external URLs in the 'destinations' query parameter are blocked. + */ + function testExternalDestinations() { + $path = 'admin/structure/types/manage/article/fields/field_tags/field-settings'; + $options = array( + 'query' => array('destinations' => array('http://example.com')), + ); + $this->drupalPost($path, NULL, t('Save field settings'), $options); + + $this->assertUrl('admin/structure/types/manage/article/fields', array(), 'Stayed on the same site.'); + } } /** diff --git a/modules/file/file.info b/modules/file/file.info index fe19000b..edb2d2de 100755 --- a/modules/file/file.info +++ b/modules/file/file.info @@ -6,8 +6,8 @@ core = 7.x dependencies[] = field files[] = tests/file.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/file/tests/file.test b/modules/file/tests/file.test index 33d7afd1..5c19d001 100755 --- a/modules/file/tests/file.test +++ b/modules/file/tests/file.test @@ -377,6 +377,18 @@ class FileManagedFileElementTestCase extends FileFieldTestCase { $this->drupalPost($path, array(), t('Save')); $this->assertRaw(t('The file id is %fid.', array('%fid' => 0)), 'Submitted without a file.'); + // Submit with a file, but with an invalid form token. Ensure the file + // was not saved. + $last_fid_prior = $this->getLastFileId(); + $edit = array( + 'files[' . $input_base_name . ']' => drupal_realpath($test_file->uri), + 'form_token' => 'invalid token', + ); + $this->drupalPost($path, $edit, t('Save')); + $this->assertText('The form has become outdated. Copy any unsaved work in the form below'); + $last_fid = $this->getLastFileId(); + $this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.'); + // Submit a new file, without using the Upload button. $last_fid_prior = $this->getLastFileId(); $edit = array('files[' . $input_base_name . ']' => drupal_realpath($test_file->uri)); diff --git a/modules/file/tests/file_module_test.info b/modules/file/tests/file_module_test.info index 4e216947..368a7a61 100755 --- a/modules/file/tests/file_module_test.info +++ b/modules/file/tests/file_module_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/filter/filter.info b/modules/filter/filter.info index cad7240b..d0779b50 100755 --- a/modules/filter/filter.info +++ b/modules/filter/filter.info @@ -7,8 +7,8 @@ files[] = filter.test required = TRUE configure = admin/config/content/formats -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/forum/forum.info b/modules/forum/forum.info index f91bc147..5312ec02 100755 --- a/modules/forum/forum.info +++ b/modules/forum/forum.info @@ -9,8 +9,8 @@ files[] = forum.test configure = admin/structure/forum stylesheets[all][] = forum.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/help/help.info b/modules/help/help.info index 140cf870..f51b9062 100755 --- a/modules/help/help.info +++ b/modules/help/help.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = help.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/image/image.info b/modules/image/image.info index 91b15154..3e9ef6be 100755 --- a/modules/image/image.info +++ b/modules/image/image.info @@ -7,8 +7,8 @@ dependencies[] = file files[] = image.test configure = admin/config/media/image-styles -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/image/tests/image_module_test.info b/modules/image/tests/image_module_test.info index b2c6ce68..702e8901 100755 --- a/modules/image/tests/image_module_test.info +++ b/modules/image/tests/image_module_test.info @@ -6,8 +6,8 @@ core = 7.x files[] = image_module_test.module hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/locale/locale.info b/modules/locale/locale.info index ec93d5cc..61abe8a6 100755 --- a/modules/locale/locale.info +++ b/modules/locale/locale.info @@ -6,8 +6,8 @@ core = 7.x files[] = locale.test configure = admin/config/regional/language -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/locale/tests/locale_test.info b/modules/locale/tests/locale_test.info index f8e1b966..5e8d50f7 100755 --- a/modules/locale/tests/locale_test.info +++ b/modules/locale/tests/locale_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/menu/menu.info b/modules/menu/menu.info index fbae5dd9..7212d9ab 100755 --- a/modules/menu/menu.info +++ b/modules/menu/menu.info @@ -6,8 +6,8 @@ core = 7.x files[] = menu.test configure = admin/structure/menu -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/node/node.info b/modules/node/node.info index a7b11451..758179dc 100755 --- a/modules/node/node.info +++ b/modules/node/node.info @@ -9,8 +9,8 @@ required = TRUE configure = admin/structure/types stylesheets[all][] = node.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/node/tests/node_access_test.info b/modules/node/tests/node_access_test.info index 6cc0b6fc..87683bdb 100755 --- a/modules/node/tests/node_access_test.info +++ b/modules/node/tests/node_access_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/node/tests/node_test.info b/modules/node/tests/node_test.info index 93816775..c91df020 100755 --- a/modules/node/tests/node_test.info +++ b/modules/node/tests/node_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/node/tests/node_test_exception.info b/modules/node/tests/node_test_exception.info index 3816caa5..3a805b39 100755 --- a/modules/node/tests/node_test_exception.info +++ b/modules/node/tests/node_test_exception.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/openid/openid.info b/modules/openid/openid.info index 026b257b..62800a65 100755 --- a/modules/openid/openid.info +++ b/modules/openid/openid.info @@ -5,8 +5,8 @@ package = Core core = 7.x files[] = openid.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/openid/openid.module b/modules/openid/openid.module index a28f452a..a52dbc3d 100755 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -365,14 +365,20 @@ function openid_complete($response = array()) { // to the OpenID Provider, we need to do discovery on the returned // identififer to make sure that the provider is authorized to // respond on behalf of this. - if ($response_claimed_id != $claimed_id) { + if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) { $discovery = openid_discovery($response['openid.claimed_id']); + $uris = array(); if ($discovery && !empty($discovery['services'])) { - $uris = array(); foreach ($discovery['services'] as $discovered_service) { - if (in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) || in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { - $uris[] = $discovered_service['uri']; + if (!in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) && !in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { + continue; } + // The OP-Local Identifier (if different than the Claimed + // Identifier) must be present in the XRDS document. + if ($response_claimed_id != $response['openid.identity'] && (!isset($discovered_service['identity']) || $discovered_service['identity'] != $response['openid.identity'])) { + continue; + } + $uris[] = $discovered_service['uri']; } } if (!in_array($service['uri'], $uris)) { diff --git a/modules/openid/openid.test b/modules/openid/openid.test index 41af3f82..5f7493a5 100755 --- a/modules/openid/openid.test +++ b/modules/openid/openid.test @@ -94,7 +94,7 @@ class OpenIDFunctionalTestCase extends OpenIDWebTestCase { $identity = url('openid-test/yadis/xrds/dummy-user', array('absolute' => TRUE, 'fragment' => $this->randomName())); // Tell openid_test.module to respond with this identifier. If the fragment // part is present in the identifier, it should be retained. - variable_set('openid_test_response', array('openid.claimed_id' => $identity)); + variable_set('openid_test_response', array('openid.claimed_id' => $identity, 'openid.identity' => openid_normalize($identity))); $this->addIdentity(url('openid-test/yadis/xrds/server', array('absolute' => TRUE)), 2, 'http://specs.openid.net/auth/2.0/identifier_select', $identity); variable_set('openid_test_response', array()); diff --git a/modules/openid/tests/openid_test.info b/modules/openid/tests/openid_test.info index 5dbba8b3..3c66f075 100755 --- a/modules/openid/tests/openid_test.info +++ b/modules/openid/tests/openid_test.info @@ -6,8 +6,8 @@ core = 7.x dependencies[] = openid hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/openid/tests/openid_test.module b/modules/openid/tests/openid_test.module index bcf9f425..3d6e2926 100755 --- a/modules/openid/tests/openid_test.module +++ b/modules/openid/tests/openid_test.module @@ -150,6 +150,7 @@ function openid_test_yadis_xrds() { http://specs.openid.net/auth/2.0/server ' . url('openid-test/endpoint', array('absolute' => TRUE)) . ' + ' . url('openid-test/yadis/xrds/server', array('absolute' => TRUE)) . ' '; } elseif (arg(3) == 'delegate') { diff --git a/modules/overlay/overlay-parent.js b/modules/overlay/overlay-parent.js index 7452a515..7859821b 100755 --- a/modules/overlay/overlay-parent.js +++ b/modules/overlay/overlay-parent.js @@ -389,6 +389,27 @@ Drupal.overlay.isExternalLink = function (url) { return re.test(url); }; +/** + * Constructs an internal URL (relative to this site) from the provided path. + * + * For example, if the provided path is 'admin' and the site is installed at + * http://example.com/drupal, this function will return '/drupal/admin'. + * + * @param path + * The internal path, without any leading slash. + * + * @return + * The internal URL derived from the provided path, or null if a valid + * internal path cannot be constructed (for example, if an attempt to create + * an external link is detected). + */ +Drupal.overlay.getInternalUrl = function (path) { + var url = Drupal.settings.basePath + path; + if (!this.isExternalLink(url)) { + return url; + } +}; + /** * Event handler: resizes overlay according to the size of the parent window. * @@ -577,7 +598,7 @@ Drupal.overlay.eventhandlerOverrideLink = function (event) { // If the link contains the overlay-restore class and the overlay-context // state is set, also update the parent window's location. var parentLocation = ($target.hasClass('overlay-restore') && typeof $.bbq.getState('overlay-context') == 'string') - ? Drupal.settings.basePath + $.bbq.getState('overlay-context') + ? this.getInternalUrl($.bbq.getState('overlay-context')) : null; href = this.fragmentizeLink($target.get(0), parentLocation); // Only override default behavior when left-clicking and user is not @@ -657,11 +678,15 @@ Drupal.overlay.eventhandlerOperateByURLFragment = function (event) { } // Get the overlay URL from the current URL fragment. + var internalUrl = null; var state = $.bbq.getState('overlay'); if (state) { + internalUrl = this.getInternalUrl(state); + } + if (internalUrl) { // Append render variable, so the server side can choose the right // rendering and add child frame code to the page if needed. - var url = $.param.querystring(Drupal.settings.basePath + state, { render: 'overlay' }); + var url = $.param.querystring(internalUrl, { render: 'overlay' }); this.open(url); this.resetActiveClass(this.getPath(Drupal.settings.basePath + state)); diff --git a/modules/overlay/overlay.info b/modules/overlay/overlay.info index b5993598..ec0cdf4d 100755 --- a/modules/overlay/overlay.info +++ b/modules/overlay/overlay.info @@ -4,8 +4,8 @@ package = Core version = VERSION core = 7.x -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/path/path.info b/modules/path/path.info index c89294e6..a70da447 100755 --- a/modules/path/path.info +++ b/modules/path/path.info @@ -6,8 +6,8 @@ core = 7.x files[] = path.test configure = admin/config/search/path -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/php/php.info b/modules/php/php.info index 0700f9ec..93aed895 100755 --- a/modules/php/php.info +++ b/modules/php/php.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = php.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/poll/poll.info b/modules/poll/poll.info index 4e499364..aa203f9b 100755 --- a/modules/poll/poll.info +++ b/modules/poll/poll.info @@ -6,8 +6,8 @@ core = 7.x files[] = poll.test stylesheets[all][] = poll.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/profile/profile.info b/modules/profile/profile.info index ce353604..4aa11a86 100755 --- a/modules/profile/profile.info +++ b/modules/profile/profile.info @@ -11,8 +11,8 @@ configure = admin/config/people/profile ; See user_system_info_alter(). hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/profile/profile.test b/modules/profile/profile.test index 42a1a42d..6cb07391 100755 --- a/modules/profile/profile.test +++ b/modules/profile/profile.test @@ -339,12 +339,22 @@ class ProfileTestAutocomplete extends ProfileTestCase { $this->setProfileField($field, $field['value']); // Set some html for what we want to see in the page output later. - $autocomplete_html = ''; - $field_html = ''; + // Autocomplete always uses non-clean URLs. + $current_clean_url = isset($GLOBALS['conf']['clean_url']) ? $GLOBALS['conf']['clean_url'] : NULL; + $GLOBALS['conf']['clean_url'] = 0; + $autocomplete_url = url('profile/autocomplete/' . $field['fid'], array('absolute' => TRUE)); + $GLOBALS['conf']['clean_url'] = $current_clean_url; + $autocomplete_id = drupal_html_id('edit-' . $field['form_name'] . '-autocomplete'); + $autocomplete_html = ''; // Check that autocompletion html is found on the user's profile edit page. $this->drupalGet('user/' . $this->admin_user->uid . '/edit/' . $category); $this->assertRaw($autocomplete_html, 'Autocomplete found.'); + $this->assertFieldByXPath( + '//input[@type="text" and @name="' . $field['form_name'] . '" and contains(@class, "form-autocomplete")]', + '', + 'Text input field found' + ); $this->assertRaw('misc/autocomplete.js', 'Autocomplete JavaScript found.'); $this->assertRaw('class="form-text form-autocomplete"', 'Autocomplete form element class found.'); diff --git a/modules/rdf/rdf.info b/modules/rdf/rdf.info index f32d9dc7..af080ce4 100755 --- a/modules/rdf/rdf.info +++ b/modules/rdf/rdf.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x files[] = rdf.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/rdf/tests/rdf_test.info b/modules/rdf/tests/rdf_test.info index 1937aafd..3b80f351 100755 --- a/modules/rdf/tests/rdf_test.info +++ b/modules/rdf/tests/rdf_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/search/search.info b/modules/search/search.info index faf3e4d6..5743fd51 100755 --- a/modules/search/search.info +++ b/modules/search/search.info @@ -8,8 +8,8 @@ files[] = search.test configure = admin/config/search/settings stylesheets[all][] = search.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/search/tests/search_embedded_form.info b/modules/search/tests/search_embedded_form.info index d09408ef..2e671e39 100755 --- a/modules/search/tests/search_embedded_form.info +++ b/modules/search/tests/search_embedded_form.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/search/tests/search_extra_type.info b/modules/search/tests/search_extra_type.info index da028118..e83c32fa 100755 --- a/modules/search/tests/search_extra_type.info +++ b/modules/search/tests/search_extra_type.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/search/tests/search_node_tags.info b/modules/search/tests/search_node_tags.info index 325723f5..266778d6 100644 --- a/modules/search/tests/search_node_tags.info +++ b/modules/search/tests/search_node_tags.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/shortcut/shortcut.info b/modules/shortcut/shortcut.info index 83cf47d6..60aa6ae2 100755 --- a/modules/shortcut/shortcut.info +++ b/modules/shortcut/shortcut.info @@ -6,8 +6,8 @@ core = 7.x files[] = shortcut.test configure = admin/config/user-interface/shortcut -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/drupal_web_test_case.php b/modules/simpletest/drupal_web_test_case.php index fb5c6a6c..b67c478a 100755 --- a/modules/simpletest/drupal_web_test_case.php +++ b/modules/simpletest/drupal_web_test_case.php @@ -2221,6 +2221,7 @@ class DrupalWebTestCase extends DrupalTestCase { // Submit the POST request. $return = drupal_json_decode($this->drupalPost(NULL, $edit, array('path' => $ajax_path, 'triggering_element' => $triggering_element), $options, $headers, $form_html_id, $extra_post)); + $this->assertIdentical($this->drupalGetHeader('X-Drupal-Ajax-Token'), '1', 'Ajax response header found.'); // Change the page content by applying the returned commands. if (!empty($ajax_settings) && !empty($return)) { diff --git a/modules/simpletest/simpletest.info b/modules/simpletest/simpletest.info index 025d032a..723736b6 100755 --- a/modules/simpletest/simpletest.info +++ b/modules/simpletest/simpletest.info @@ -56,8 +56,8 @@ files[] = tests/upgrade/update.trigger.test files[] = tests/upgrade/update.field.test files[] = tests/upgrade/update.user.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/actions_loop_test.info b/modules/simpletest/tests/actions_loop_test.info index 2adea5e3..b880d5d7 100755 --- a/modules/simpletest/tests/actions_loop_test.info +++ b/modules/simpletest/tests/actions_loop_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/ajax_forms_test.info b/modules/simpletest/tests/ajax_forms_test.info index 1d3b3fb4..f0353069 100755 --- a/modules/simpletest/tests/ajax_forms_test.info +++ b/modules/simpletest/tests/ajax_forms_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/ajax_test.info b/modules/simpletest/tests/ajax_test.info index e42587d1..a09870c8 100755 --- a/modules/simpletest/tests/ajax_test.info +++ b/modules/simpletest/tests/ajax_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/batch_test.info b/modules/simpletest/tests/batch_test.info index 30702d60..be057e33 100755 --- a/modules/simpletest/tests/batch_test.info +++ b/modules/simpletest/tests/batch_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test index fcc9791a..bf855761 100755 --- a/modules/simpletest/tests/common.test +++ b/modules/simpletest/tests/common.test @@ -2117,7 +2117,7 @@ class DrupalRenderTestCase extends DrupalWebTestCase { } /** - * Tests caching of an empty render item. + * Tests caching of render items. */ function testDrupalRenderCache() { // Force a request via GET. @@ -2143,6 +2143,59 @@ class DrupalRenderTestCase extends DrupalWebTestCase { drupal_render($element); $this->assertFalse(isset($element['#printed']), 'Cache hit'); + // Test that user 1 does not share the cache with other users who have the + // same roles, even when DRUPAL_CACHE_PER_ROLE is used. + $user1 = user_load(1); + $first_authenticated_user = $this->drupalCreateUser(); + $second_authenticated_user = $this->drupalCreateUser(); + $user1->roles = array_intersect_key($user1->roles, array(DRUPAL_AUTHENTICATED_RID => TRUE)); + user_save($user1); + // Load all the accounts again, to make sure we have complete account + // objects. + $user1 = user_load(1); + $first_authenticated_user = user_load($first_authenticated_user->uid); + $second_authenticated_user = user_load($second_authenticated_user->uid); + $this->assertEqual($user1->roles, $first_authenticated_user->roles, 'User 1 has the same roles as an authenticated user.'); + // Impersonate user 1 and render content that only user 1 should have + // permission to see. + $original_user = $GLOBALS['user']; + $original_session_state = drupal_save_session(); + drupal_save_session(FALSE); + $GLOBALS['user'] = $user1; + $test_element = array( + '#cache' => array( + 'keys' => array('test'), + 'granularity' => DRUPAL_CACHE_PER_ROLE, + ), + ); + $element = $test_element; + $element['#markup'] = 'content for user 1'; + $output = drupal_render($element); + $this->assertEqual($output, 'content for user 1'); + // Verify the cache is working by rendering the same element but with + // different markup passed in; the result should be the same. + $element = $test_element; + $element['#markup'] = 'should not be used'; + $output = drupal_render($element); + $this->assertEqual($output, 'content for user 1'); + // Verify that the first authenticated user does not see the same content + // as user 1. + $GLOBALS['user'] = $first_authenticated_user; + $element = $test_element; + $element['#markup'] = 'content for authenticated users'; + $output = drupal_render($element); + $this->assertEqual($output, 'content for authenticated users'); + // Verify that the second authenticated user shares the cache with the + // first authenticated user. + $GLOBALS['user'] = $second_authenticated_user; + $element = $test_element; + $element['#markup'] = 'should not be used'; + $output = drupal_render($element); + $this->assertEqual($output, 'content for authenticated users'); + // Restore the original logged-in user. + $GLOBALS['user'] = $original_user; + drupal_save_session($original_session_state); + // Restore the previous request method. $_SERVER['REQUEST_METHOD'] = $request_method; } diff --git a/modules/simpletest/tests/common_test.info b/modules/simpletest/tests/common_test.info index 4d57307f..1719db7a 100755 --- a/modules/simpletest/tests/common_test.info +++ b/modules/simpletest/tests/common_test.info @@ -7,8 +7,8 @@ stylesheets[all][] = common_test.css stylesheets[print][] = common_test.print.css hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/common_test_cron_helper.info b/modules/simpletest/tests/common_test_cron_helper.info index a3b3ae4a..e00bd241 100755 --- a/modules/simpletest/tests/common_test_cron_helper.info +++ b/modules/simpletest/tests/common_test_cron_helper.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/database_test.info b/modules/simpletest/tests/database_test.info index 92694550..e5022598 100755 --- a/modules/simpletest/tests/database_test.info +++ b/modules/simpletest/tests/database_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/database_test.test b/modules/simpletest/tests/database_test.test index 9c533bed..59d2e5d6 100755 --- a/modules/simpletest/tests/database_test.test +++ b/modules/simpletest/tests/database_test.test @@ -1414,10 +1414,47 @@ class DatabaseSelectTestCase extends DatabaseTestCase { } $query = (string)$query; - $expected = "/* Testing query comments SELECT nid FROM {node}; -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test"; + $expected = "/* Testing query comments * / SELECT nid FROM {node}; -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test"; $this->assertEqual($num_records, 4, 'Returned the correct number of rows.'); $this->assertEqual($query, $expected, 'The flattened query contains the sanitised comment string.'); + + $connection = Database::getConnection(); + foreach ($this->makeCommentsProvider() as $test_set) { + list($expected, $comments) = $test_set; + $this->assertEqual($expected, $connection->makeComment($comments)); + } + } + + /** + * Provides expected and input values for testVulnerableComment(). + */ + function makeCommentsProvider() { + return array( + array( + '/* */ ', + array(''), + ), + // Try and close the comment early. + array( + '/* Exploit * / DROP TABLE node; -- */ ', + array('Exploit */ DROP TABLE node; --'), + ), + // Variations on comment closing. + array( + '/* Exploit * / * / DROP TABLE node; -- */ ', + array('Exploit */*/ DROP TABLE node; --'), + ), + array( + '/* Exploit * * // DROP TABLE node; -- */ ', + array('Exploit **// DROP TABLE node; --'), + ), + // Try closing the comment in the second string which is appended. + array( + '/* Exploit * / DROP TABLE node; --; Another try * / DROP TABLE node; -- */ ', + array('Exploit */ DROP TABLE node; --', 'Another try */ DROP TABLE node; --'), + ), + ); } /** diff --git a/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info b/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info index 1321b93a..f78833af 100644 --- a/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info +++ b/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info @@ -7,8 +7,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info b/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info index 63d6832f..0932d840 100755 --- a/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info +++ b/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info b/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info index d3ccfca2..89617233 100755 --- a/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info +++ b/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/entity_cache_test.info b/modules/simpletest/tests/entity_cache_test.info index f8b463fe..76994613 100755 --- a/modules/simpletest/tests/entity_cache_test.info +++ b/modules/simpletest/tests/entity_cache_test.info @@ -6,8 +6,8 @@ core = 7.x dependencies[] = entity_cache_test_dependency hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/entity_cache_test_dependency.info b/modules/simpletest/tests/entity_cache_test_dependency.info index 1c9df926..0929012b 100755 --- a/modules/simpletest/tests/entity_cache_test_dependency.info +++ b/modules/simpletest/tests/entity_cache_test_dependency.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/entity_crud_hook_test.info b/modules/simpletest/tests/entity_crud_hook_test.info index f65b59ce..b56458f3 100755 --- a/modules/simpletest/tests/entity_crud_hook_test.info +++ b/modules/simpletest/tests/entity_crud_hook_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/entity_query_access_test.info b/modules/simpletest/tests/entity_query_access_test.info index 17cf1a38..b99be848 100755 --- a/modules/simpletest/tests/entity_query_access_test.info +++ b/modules/simpletest/tests/entity_query_access_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/error_test.info b/modules/simpletest/tests/error_test.info index f338a1e2..3012204f 100755 --- a/modules/simpletest/tests/error_test.info +++ b/modules/simpletest/tests/error_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/file_test.info b/modules/simpletest/tests/file_test.info index 4f907b49..d13e06e6 100755 --- a/modules/simpletest/tests/file_test.info +++ b/modules/simpletest/tests/file_test.info @@ -6,8 +6,8 @@ core = 7.x files[] = file_test.module hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/filter_test.info b/modules/simpletest/tests/filter_test.info index 672d2d34..b267eea9 100755 --- a/modules/simpletest/tests/filter_test.info +++ b/modules/simpletest/tests/filter_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/form_test.info b/modules/simpletest/tests/form_test.info index da16bf79..1b327b30 100755 --- a/modules/simpletest/tests/form_test.info +++ b/modules/simpletest/tests/form_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/image_test.info b/modules/simpletest/tests/image_test.info index e3293f72..942597b5 100755 --- a/modules/simpletest/tests/image_test.info +++ b/modules/simpletest/tests/image_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/menu_test.info b/modules/simpletest/tests/menu_test.info index 6dc2504b..162e912a 100755 --- a/modules/simpletest/tests/menu_test.info +++ b/modules/simpletest/tests/menu_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/module_test.info b/modules/simpletest/tests/module_test.info index 737b3e48..511b7b66 100755 --- a/modules/simpletest/tests/module_test.info +++ b/modules/simpletest/tests/module_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/path_test.info b/modules/simpletest/tests/path_test.info index 1d5df8d5..ee7db62e 100755 --- a/modules/simpletest/tests/path_test.info +++ b/modules/simpletest/tests/path_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/psr_0_test/psr_0_test.info b/modules/simpletest/tests/psr_0_test/psr_0_test.info index 1ee55297..a9d2c994 100755 --- a/modules/simpletest/tests/psr_0_test/psr_0_test.info +++ b/modules/simpletest/tests/psr_0_test/psr_0_test.info @@ -5,8 +5,8 @@ core = 7.x hidden = TRUE package = Testing -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/psr_4_test/psr_4_test.info b/modules/simpletest/tests/psr_4_test/psr_4_test.info index f14c3e4f..b84ec797 100644 --- a/modules/simpletest/tests/psr_4_test/psr_4_test.info +++ b/modules/simpletest/tests/psr_4_test/psr_4_test.info @@ -5,8 +5,8 @@ core = 7.x hidden = TRUE package = Testing -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/requirements1_test.info b/modules/simpletest/tests/requirements1_test.info index fccce935..3fc187eb 100755 --- a/modules/simpletest/tests/requirements1_test.info +++ b/modules/simpletest/tests/requirements1_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/requirements2_test.info b/modules/simpletest/tests/requirements2_test.info index da320760..1cbc8d32 100755 --- a/modules/simpletest/tests/requirements2_test.info +++ b/modules/simpletest/tests/requirements2_test.info @@ -7,8 +7,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/session_test.info b/modules/simpletest/tests/session_test.info index 9c3d0adf..e32c4a01 100755 --- a/modules/simpletest/tests/session_test.info +++ b/modules/simpletest/tests/session_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/system_dependencies_test.info b/modules/simpletest/tests/system_dependencies_test.info index f08622ed..fe0efca6 100755 --- a/modules/simpletest/tests/system_dependencies_test.info +++ b/modules/simpletest/tests/system_dependencies_test.info @@ -6,8 +6,8 @@ core = 7.x hidden = TRUE dependencies[] = _missing_dependency -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/system_incompatible_core_version_dependencies_test.info b/modules/simpletest/tests/system_incompatible_core_version_dependencies_test.info index 72207ce7..d06c4530 100755 --- a/modules/simpletest/tests/system_incompatible_core_version_dependencies_test.info +++ b/modules/simpletest/tests/system_incompatible_core_version_dependencies_test.info @@ -6,8 +6,8 @@ core = 7.x hidden = TRUE dependencies[] = system_incompatible_core_version_test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/system_incompatible_core_version_test.info b/modules/simpletest/tests/system_incompatible_core_version_test.info index a9208041..212424ba 100755 --- a/modules/simpletest/tests/system_incompatible_core_version_test.info +++ b/modules/simpletest/tests/system_incompatible_core_version_test.info @@ -5,8 +5,8 @@ version = VERSION core = 5.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/system_incompatible_module_version_dependencies_test.info b/modules/simpletest/tests/system_incompatible_module_version_dependencies_test.info index 4e37bfac..7675fddf 100755 --- a/modules/simpletest/tests/system_incompatible_module_version_dependencies_test.info +++ b/modules/simpletest/tests/system_incompatible_module_version_dependencies_test.info @@ -7,8 +7,8 @@ hidden = TRUE ; system_incompatible_module_version_test declares version 1.0 dependencies[] = system_incompatible_module_version_test (>2.0) -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/system_incompatible_module_version_test.info b/modules/simpletest/tests/system_incompatible_module_version_test.info index a9d17fe6..f469bd7f 100755 --- a/modules/simpletest/tests/system_incompatible_module_version_test.info +++ b/modules/simpletest/tests/system_incompatible_module_version_test.info @@ -5,8 +5,8 @@ version = 1.0 core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/system_test.info b/modules/simpletest/tests/system_test.info index 8fc85e33..e4d5583e 100755 --- a/modules/simpletest/tests/system_test.info +++ b/modules/simpletest/tests/system_test.info @@ -6,8 +6,8 @@ core = 7.x files[] = system_test.module hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/taxonomy_test.info b/modules/simpletest/tests/taxonomy_test.info index 419b6e52..ebb752e3 100755 --- a/modules/simpletest/tests/taxonomy_test.info +++ b/modules/simpletest/tests/taxonomy_test.info @@ -6,8 +6,8 @@ core = 7.x hidden = TRUE dependencies[] = taxonomy -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/theme_test.info b/modules/simpletest/tests/theme_test.info index 2e7eaa4f..9df1b617 100755 --- a/modules/simpletest/tests/theme_test.info +++ b/modules/simpletest/tests/theme_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/themes/test_basetheme/test_basetheme.info b/modules/simpletest/tests/themes/test_basetheme/test_basetheme.info index 475c691a..acba3d5f 100755 --- a/modules/simpletest/tests/themes/test_basetheme/test_basetheme.info +++ b/modules/simpletest/tests/themes/test_basetheme/test_basetheme.info @@ -6,8 +6,8 @@ hidden = TRUE settings[basetheme_only] = base theme value settings[subtheme_override] = base theme value -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/themes/test_subtheme/test_subtheme.info b/modules/simpletest/tests/themes/test_subtheme/test_subtheme.info index 6f952c56..120fc3a6 100755 --- a/modules/simpletest/tests/themes/test_subtheme/test_subtheme.info +++ b/modules/simpletest/tests/themes/test_subtheme/test_subtheme.info @@ -6,8 +6,8 @@ hidden = TRUE settings[subtheme_override] = subtheme value -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/themes/test_theme/test_theme.info b/modules/simpletest/tests/themes/test_theme/test_theme.info index 2bd8b669..4679f32e 100755 --- a/modules/simpletest/tests/themes/test_theme/test_theme.info +++ b/modules/simpletest/tests/themes/test_theme/test_theme.info @@ -17,8 +17,8 @@ stylesheets[all][] = system.base.css settings[theme_test_setting] = default value -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/update_script_test.info b/modules/simpletest/tests/update_script_test.info index caf035e8..5a174fc6 100755 --- a/modules/simpletest/tests/update_script_test.info +++ b/modules/simpletest/tests/update_script_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/update_test_1.info b/modules/simpletest/tests/update_test_1.info index b0325858..4484ad46 100755 --- a/modules/simpletest/tests/update_test_1.info +++ b/modules/simpletest/tests/update_test_1.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/update_test_2.info b/modules/simpletest/tests/update_test_2.info index b0325858..4484ad46 100755 --- a/modules/simpletest/tests/update_test_2.info +++ b/modules/simpletest/tests/update_test_2.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/update_test_3.info b/modules/simpletest/tests/update_test_3.info index b0325858..4484ad46 100755 --- a/modules/simpletest/tests/update_test_3.info +++ b/modules/simpletest/tests/update_test_3.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/url_alter_test.info b/modules/simpletest/tests/url_alter_test.info index 626bdf08..8af9f248 100755 --- a/modules/simpletest/tests/url_alter_test.info +++ b/modules/simpletest/tests/url_alter_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/simpletest/tests/xmlrpc_test.info b/modules/simpletest/tests/xmlrpc_test.info index ff6dd59a..0cf5bbac 100755 --- a/modules/simpletest/tests/xmlrpc_test.info +++ b/modules/simpletest/tests/xmlrpc_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/statistics/statistics.info b/modules/statistics/statistics.info index f95b85f4..92756356 100755 --- a/modules/statistics/statistics.info +++ b/modules/statistics/statistics.info @@ -6,8 +6,8 @@ core = 7.x files[] = statistics.test configure = admin/config/system/statistics -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/syslog/syslog.info b/modules/syslog/syslog.info index 08c1683e..e0b8a44a 100755 --- a/modules/syslog/syslog.info +++ b/modules/syslog/syslog.info @@ -6,8 +6,8 @@ core = 7.x files[] = syslog.test configure = admin/config/development/logging -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/system/system.info b/modules/system/system.info index 3ba01c03..97f3bdf3 100755 --- a/modules/system/system.info +++ b/modules/system/system.info @@ -12,8 +12,8 @@ files[] = system.test required = TRUE configure = admin/config/system -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/system/system.module b/modules/system/system.module index 8fc517fc..c2aa9e07 100755 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -359,7 +359,7 @@ function system_element_info() { '#size' => 60, '#maxlength' => 128, '#autocomplete_path' => FALSE, - '#process' => array('ajax_process_form'), + '#process' => array('form_process_autocomplete', 'ajax_process_form'), '#theme' => 'textfield', '#theme_wrappers' => array('form_element'), ); diff --git a/modules/system/tests/cron_queue_test.info b/modules/system/tests/cron_queue_test.info index faaef6e2..09f8a323 100644 --- a/modules/system/tests/cron_queue_test.info +++ b/modules/system/tests/cron_queue_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/taxonomy/taxonomy.info b/modules/taxonomy/taxonomy.info index c689e25b..ec4d59c3 100755 --- a/modules/taxonomy/taxonomy.info +++ b/modules/taxonomy/taxonomy.info @@ -8,8 +8,8 @@ files[] = taxonomy.module files[] = taxonomy.test configure = admin/structure/taxonomy -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/toolbar/toolbar.info b/modules/toolbar/toolbar.info index 782091c4..75a670ea 100755 --- a/modules/toolbar/toolbar.info +++ b/modules/toolbar/toolbar.info @@ -4,8 +4,8 @@ core = 7.x package = Core version = VERSION -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/tracker/tracker.info b/modules/tracker/tracker.info index f41cbf56..43ddc511 100755 --- a/modules/tracker/tracker.info +++ b/modules/tracker/tracker.info @@ -6,8 +6,8 @@ version = VERSION core = 7.x files[] = tracker.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/translation/tests/translation_test.info b/modules/translation/tests/translation_test.info index 3445bd16..14da1a48 100755 --- a/modules/translation/tests/translation_test.info +++ b/modules/translation/tests/translation_test.info @@ -5,8 +5,8 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/translation/translation.info b/modules/translation/translation.info index a27903c1..533412ce 100755 --- a/modules/translation/translation.info +++ b/modules/translation/translation.info @@ -6,8 +6,8 @@ version = VERSION core = 7.x files[] = translation.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/trigger/tests/trigger_test.info b/modules/trigger/tests/trigger_test.info index 7c8b9e2f..b4f052fc 100755 --- a/modules/trigger/tests/trigger_test.info +++ b/modules/trigger/tests/trigger_test.info @@ -4,8 +4,8 @@ package = Testing core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/trigger/trigger.info b/modules/trigger/trigger.info index aa112c83..2b088436 100755 --- a/modules/trigger/trigger.info +++ b/modules/trigger/trigger.info @@ -6,8 +6,8 @@ core = 7.x files[] = trigger.test configure = admin/structure/trigger -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/tests/aaa_update_test.info b/modules/update/tests/aaa_update_test.info index 3e841ad4..e0bbebd5 100755 --- a/modules/update/tests/aaa_update_test.info +++ b/modules/update/tests/aaa_update_test.info @@ -4,8 +4,8 @@ package = Testing core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/tests/bbb_update_test.info b/modules/update/tests/bbb_update_test.info index c5fdc701..94c8adea 100755 --- a/modules/update/tests/bbb_update_test.info +++ b/modules/update/tests/bbb_update_test.info @@ -4,8 +4,8 @@ package = Testing core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/tests/ccc_update_test.info b/modules/update/tests/ccc_update_test.info index 4fc09eb2..09598697 100755 --- a/modules/update/tests/ccc_update_test.info +++ b/modules/update/tests/ccc_update_test.info @@ -4,8 +4,8 @@ package = Testing core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/tests/themes/update_test_basetheme/update_test_basetheme.info b/modules/update/tests/themes/update_test_basetheme/update_test_basetheme.info index 6cbf67da..6954b3d4 100755 --- a/modules/update/tests/themes/update_test_basetheme/update_test_basetheme.info +++ b/modules/update/tests/themes/update_test_basetheme/update_test_basetheme.info @@ -3,8 +3,8 @@ description = Test theme which acts as a base theme for other test subthemes. core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/tests/themes/update_test_subtheme/update_test_subtheme.info b/modules/update/tests/themes/update_test_subtheme/update_test_subtheme.info index fe17cd21..81c222ef 100755 --- a/modules/update/tests/themes/update_test_subtheme/update_test_subtheme.info +++ b/modules/update/tests/themes/update_test_subtheme/update_test_subtheme.info @@ -4,8 +4,8 @@ core = 7.x base theme = update_test_basetheme hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/tests/update_test.info b/modules/update/tests/update_test.info index e8a5aaf3..f899512e 100755 --- a/modules/update/tests/update_test.info +++ b/modules/update/tests/update_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/update/update.info b/modules/update/update.info index 08aef932..ddd1bde6 100755 --- a/modules/update/update.info +++ b/modules/update/update.info @@ -6,8 +6,8 @@ core = 7.x files[] = update.test configure = admin/reports/updates/settings -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/user/tests/user_form_test.info b/modules/user/tests/user_form_test.info index 68c2f5e5..c8eeeabe 100755 --- a/modules/user/tests/user_form_test.info +++ b/modules/user/tests/user_form_test.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/user/user.info b/modules/user/user.info index 0740f019..aaebd74b 100755 --- a/modules/user/user.info +++ b/modules/user/user.info @@ -9,8 +9,8 @@ required = TRUE configure = admin/config/people stylesheets[all][] = user.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/modules/user/user.module b/modules/user/user.module index 0941926a..9637a716 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2348,26 +2348,14 @@ function user_external_login_register($name, $module) { * following properties: * - uid: The user ID number. * - login: The UNIX timestamp of the user's last login. - * @param array $options - * (optional) A keyed array of settings. Supported options are: - * - langcode: A language code to be used when generating locale-sensitive - * urls. If langcode is NULL the users preferred language is used. * * @return * A unique URL that provides a one-time log in for the user, from which * they can change their password. */ -function user_pass_reset_url($account, $options = array()) { +function user_pass_reset_url($account) { $timestamp = REQUEST_TIME; - $url_options = array('absolute' => TRUE); - if (isset($options['langcode'])) { - $languages = language_list(); - $url_options['language'] = $languages[$options['langcode']]; - } - else { - $url_options['language'] = user_preferred_language($account); - } - return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options); + return url("user/reset/$account->uid/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE)); } /** @@ -2379,10 +2367,6 @@ function user_pass_reset_url($account, $options = array()) { * - uid: The user ID number. * - pass: The hashed user password string. * - login: The UNIX timestamp of the user's last login. - * @param array $options - * (optional) A keyed array of settings. Supported options are: - * - langcode: A language code to be used when generating locale-sensitive - * urls. If langcode is NULL the users preferred language is used. * * @return * A unique URL that may be used to confirm the cancellation of the user @@ -2391,17 +2375,9 @@ function user_pass_reset_url($account, $options = array()) { * @see user_mail_tokens() * @see user_cancel_confirm() */ -function user_cancel_url($account, $options = array()) { +function user_cancel_url($account) { $timestamp = REQUEST_TIME; - $url_options = array('absolute' => TRUE); - if (isset($options['langcode'])) { - $languages = language_list(); - $url_options['language'] = $languages[$options['langcode']]; - } - else { - $url_options['language'] = user_preferred_language($account); - } - return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), $url_options); + return url("user/$account->uid/cancel/confirm/$timestamp/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE)); } /** @@ -2887,7 +2863,7 @@ Your account on [site:name] has been canceled. if ($replace) { // We do not sanitize the token replacement, since the output of this // replacement is intended for an e-mail message, not a web browser. - return token_replace($text, $variables, array('language' => $language, 'langcode' => $langcode, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); + return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); } return $text; @@ -2914,8 +2890,8 @@ Your account on [site:name] has been canceled. */ function user_mail_tokens(&$replacements, $data, $options) { if (isset($data['user'])) { - $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user'], $options); - $replacements['[user:cancel-url]'] = user_cancel_url($data['user'], $options); + $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']); + $replacements['[user:cancel-url]'] = user_cancel_url($data['user']); } } diff --git a/modules/user/user.test b/modules/user/user.test index 4536e0c2..07be4c2c 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -2145,26 +2145,6 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase { ); } - public function setUp() { - parent::setUp('locale'); - - $account = $this->drupalCreateUser(array('access administration pages', 'administer languages')); - $this->drupalLogin($account); - - // Add language. - $edit = array('langcode' => 'de'); - $this->drupalPost('admin/config/regional/language/add', $edit, t('Add language')); - - // Enable URL language detection and selection. - $edit = array('language[enabled][locale-url]' => 1); - $this->drupalPost('admin/config/regional/language/configure', $edit, t('Save settings')); - - // Reset static caching. - drupal_static_reset('language_list'); - drupal_static_reset('locale_url_outbound_alter'); - drupal_static_reset('locale_language_url_rewrite_url'); - } - /** * Creates a user, then tests the tokens generated from it. */ @@ -2215,39 +2195,6 @@ class UserTokenReplaceTestCase extends DrupalWebTestCase { $output = token_replace($input, array('user' => $account), array('language' => $language, 'sanitize' => FALSE)); $this->assertEqual($output, $expected, format_string('Unsanitized user token %token replaced.', array('%token' => $input))); } - - $languages = language_list(); - - // Generate login and cancel link. - $tests = array(); - $tests['[user:one-time-login-url]'] = user_pass_reset_url($account); - $tests['[user:cancel-url]'] = user_cancel_url($account); - - // Generate tokens with interface language. - $link = url('user', array('absolute' => TRUE)); - foreach ($tests as $input => $expected) { - $output = token_replace($input, array('user' => $account), array('langcode' => $language->language, 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); - $this->assertTrue(strpos($output, $link) === 0, 'Generated URL is in interface language.'); - } - - // Generate tokens with the user's preferred language. - $edit['language'] = 'de'; - $account = user_save($account, $edit); - $link = url('user', array('language' => $languages[$account->language], 'absolute' => TRUE)); - foreach ($tests as $input => $expected) { - $output = token_replace($input, array('user' => $account), array('callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); - $this->assertTrue(strpos($output, $link) === 0, "Generated URL is in the user's preferred language."); - } - - // Generate tokens with one specific language. - $link = url('user', array('language' => $languages['de'], 'absolute' => TRUE)); - foreach ($tests as $input => $expected) { - foreach (array($user1, $user2) as $account) { - $output = token_replace($input, array('user' => $account), array('langcode' => 'de', 'callback' => 'user_mail_tokens', 'sanitize' => FALSE, 'clear' => TRUE)); - $this->assertTrue(strpos($output, $link) === 0, "Generated URL in in the requested language."); - } - } - } } diff --git a/profiles/minimal/minimal.info b/profiles/minimal/minimal.info index 912fe1e7..551e6f8f 100755 --- a/profiles/minimal/minimal.info +++ b/profiles/minimal/minimal.info @@ -5,8 +5,8 @@ core = 7.x dependencies[] = block dependencies[] = dblog -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/profiles/standard/standard.info b/profiles/standard/standard.info index 347c069a..8ad6b6d9 100755 --- a/profiles/standard/standard.info +++ b/profiles/standard/standard.info @@ -24,8 +24,8 @@ dependencies[] = field_ui dependencies[] = file dependencies[] = rdf -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/profiles/testing/modules/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info b/profiles/testing/modules/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info index 1889a480..0dc4ff5a 100755 --- a/profiles/testing/modules/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info +++ b/profiles/testing/modules/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info @@ -6,8 +6,8 @@ core = 7.x hidden = TRUE files[] = drupal_system_listing_compatible_test.test -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/profiles/testing/modules/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info b/profiles/testing/modules/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info index 7fc93a20..43f79b76 100755 --- a/profiles/testing/modules/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info +++ b/profiles/testing/modules/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info @@ -8,8 +8,8 @@ version = VERSION core = 6.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/profiles/testing/testing.info b/profiles/testing/testing.info index d8f0e8ad..48f6ba22 100755 --- a/profiles/testing/testing.info +++ b/profiles/testing/testing.info @@ -4,8 +4,8 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/themes/bartik/bartik.info b/themes/bartik/bartik.info index d56742b6..d074cf4e 100755 --- a/themes/bartik/bartik.info +++ b/themes/bartik/bartik.info @@ -34,8 +34,8 @@ regions[footer] = Footer settings[shortcut_module_link] = 0 -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/themes/garland/garland.info b/themes/garland/garland.info index 4cbe9215..5e45effc 100755 --- a/themes/garland/garland.info +++ b/themes/garland/garland.info @@ -7,8 +7,8 @@ stylesheets[all][] = style.css stylesheets[print][] = print.css settings[garland_width] = fluid -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/themes/seven/seven.info b/themes/seven/seven.info index 9f9b6fdf..502000c8 100755 --- a/themes/seven/seven.info +++ b/themes/seven/seven.info @@ -13,8 +13,8 @@ regions[page_bottom] = Page bottom regions[sidebar_first] = First sidebar regions_hidden[] = sidebar_first -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197" diff --git a/themes/stark/stark.info b/themes/stark/stark.info index 70a06804..49257c32 100755 --- a/themes/stark/stark.info +++ b/themes/stark/stark.info @@ -5,8 +5,8 @@ version = VERSION core = 7.x stylesheets[all][] = layout.css -; Information added by Drupal.org packaging script on 2015-05-07 -version = "7.37" +; Information added by Drupal.org packaging script on 2015-08-19 +version = "7.39" project = "drupal" -datestamp = "1430973154" +datestamp = "1440020197"