bachir/materio-base-legacy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security update for addressfiled_token

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi 2015-04-19 21:20:32 +02:00
parent a1856277e5
commit e89afbf603
7 changed files with 100 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sites/all/modules/contrib/dev/addressfield_tokens/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.idea
*.patch

20
sites/all/modules/contrib/dev/addressfield_tokens/addressfield_tokens.admin.inc
View File

@ -1,17 +1,9 @@
<?php
// $Id$
/*
* Copyright © 2012 New Signature
*
* This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
* You can contact New Signature by electronic mail at labs@newsignature.com -or- by U.S. Postal Service at 1100 H St. NW, Suite 940, Washington, DC 20005.
*/
/**
* @file Provides an Administrative UI for the addressfield_tokens module.
/**
* @file
* Provides an Administrative UI for the addressfield_tokens module.
*/
/**
* Provides a form for configuring regional options for addresses.
*
@ -44,8 +36,8 @@ function addressfield_tokens_admin_form($form, &$form_state) {
foreach ($props as $name => $prop) {
$form['addressfield_tokens_property_names'][$name] = array(
'#type' => 'textfield',
'#title' => $prop['label'],
'#description' => $name,
'#title' => check_plain($prop['label']),
'#description' => filter_xss($name),
'#default_value' => !empty($names[$name]) ? $names[$name] : $prop['label'],
);
}

50
sites/all/modules/contrib/dev/addressfield_tokens/addressfield_tokens.components.inc
View File

@ -1,15 +1,7 @@
<?php
// $Id$
/*
* Copyright © 2012 New Signature
*
* This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
* You can contact New Signature by electronic mail at labs@newsignature.com -or- by U.S. Postal Service at 1100 H St. NW, Suite 940, Washington, DC 20005.
*/
/**
* @file Webform Component information for an address field type
/**
* @file
* Webform Component information for an address field type
*/
/**
@ -19,16 +11,16 @@
* An array defining the default structure of a component.
*/
function _webform_defaults_addressfield() {
return array (
return array(
'name' => '',
'form_key' => NULL,
'mandatory' => 0,
'required' => 0,
'pid' => 0,
'weight' => 0,
'extra' => array (
'extra' => array(
'title_display' => 0,
'private' => FALSE,
'attributes' => array (),
'attributes' => array(),
'description' => '',
'available_countries' => array(),
'csv_separate' => 0,
@ -51,7 +43,7 @@ function _webform_defaults_addressfield() {
* An array of form items to be displayed on the edit component page
*/
function _webform_edit_addressfield($component) {
$form = array ();
$form = array();
$form['extra']['available_countries'] = array(
'#type' => 'select',
@ -92,16 +84,16 @@ function _webform_edit_addressfield($component) {
* @see _webform_client_form_add_component()
*/
function _webform_render_addressfield($component, $value = NULL, $filter = TRUE) {
$element = array (
$element = array(
'#type' => 'fieldset',
'#title' => $filter ? _webform_filter_xss($component['name']) : $component['name'],
'#title_display' => $component['extra']['title_display'] ? $component['extra']['title_display'] : 'before',
'#attributes' => $component['extra']['attributes'],
'#theme_wrappers' => array ( 'webform_element' ),
'#theme_wrappers' => array('webform_element'),
'#description' => $filter ? _webform_filter_descriptions($component['extra']['description']) : $component['extra']['description'],
'#required' => $component['mandatory'],
'#required' => $component['required'],
'#weight' => $component['weight'],
'#translatable' => array (
'#translatable' => array(
'title',
'description',
),
@ -220,12 +212,12 @@ function _webform_display_addressfield($component, $value, $format = 'html') {
$address = unserialize($address);
}
}
return array (
return array(
'#title' => $component['name'],
'#weight' => $component['weight'],
'#theme' => $format == 'html' ? 'addressfield_formatter' : 'addressfield_formatter__linear',
'#theme_wrappers' => $format == 'html' ? array ( 'webform_element' ) : array ( 'webform_element_text' ),
'#post_render' => array ( 'webform_element_wrapper' ),
'#theme_wrappers' => $format == 'html' ? array('webform_element' ) : array('webform_element_text'),
'#post_render' => array('webform_element_wrapper'),
'#component' => $component,
'#format' => $format,
'#address' => $address,
@ -275,12 +267,12 @@ function _webform_submit_addressfield($component, $value) {
* An array of data rows, each containing a statistic for this component's
* submissions.
*/
function _webform_analysis_addressfield($component, $sids = array (), $single = FALSE) {
function _webform_analysis_addressfield($component, $sids = array(), $single = FALSE) {
// TODO Update this function
// Generate the list of options and questions.
$query = db_select('webform_submitted_data', 'wsd')
->fields('wsd', array ('data'))
->fields('wsd', array('data'))
->condition('nid', $component['nid'])
->condition('cid', $component['cid']);
@ -296,11 +288,11 @@ function _webform_analysis_addressfield($component, $sids = array (), $single =
}
$submissions++;
}
$rows[0] = array (
$rows[0] = array(
t('Left Blank'),
( $submissions - $non_blanks )
);
$rows[1] = array (
$rows[1] = array(
t('User entered value'),
$non_blanks
);
@ -343,7 +335,7 @@ function _webform_table_addressfield($component, $value) {
* including either prefixed or trailing commas.
*/
function _webform_csv_headers_addressfield($component, $export_options) {
$header = array ();
$header = array();
if (!empty($component['extra']['csv_separate']) && $component['extra']['csv_separate'] == 1) {
$header[0] = array();
$header[1] = array();
@ -395,4 +387,4 @@ function _webform_csv_data_addressfield($component, $export_options, $value) {
}
return '';
}
}
}

14
sites/all/modules/contrib/dev/addressfield_tokens/addressfield_tokens.info
View File

@ -1,24 +1,16 @@
; $Id$
; Copyright © 2012 New Signature
;
; This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
; This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
; You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
; You can contact New Signature by electronic mail at labs@newsignature.com <20>or- by U.S. Postal Service at 1100 H St. NW, Suite 940, Washington, DC 20005.
name = Address Field Tokens
description = Creates tokens for address fields, adds new addressfield renders, and adds webform integration.
core = 7.x
package = Fields
version = 7.x-1.0-dev
dependencies[] = addressfield
dependencies[] = entity_token
dependencies[] = token
; Information added by Drupal.org packaging script on 2014-05-14
version = "7.x-1.4"
; Information added by Drupal.org packaging script on 2014-10-29
version = "7.x-1.5"
core = "7.x"
project = "addressfield_tokens"
datestamp = "1400081330"
datestamp = "1414599829"

70
sites/all/modules/contrib/dev/addressfield_tokens/addressfield_tokens.module
View File

@ -1,12 +1,7 @@
<?php
/**
* @file
*
* Copyright 2011 New Signature
* http://www.newsignature.com
*
* @author Andrew Marcus
* @since Oct 4, 2011
* @file
* Main components.
*/
function addressfield_tokens_menu() {
@ -127,7 +122,7 @@ function addressfield_tokens_field_formatter_settings_summary($field, $instance,
if ($display['type'] == 'addressfield_components') {
$comps = array_intersect_key(addressfield_tokens_components(), array_flip($settings['components']));
$sep = str_replace('\n', '<br/>', $settings['separator']);
$summary = implode($sep, $comps);
$summary = filter_xss(implode($sep, $comps));
}
return $summary;
}
@ -141,26 +136,28 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
switch ($display['type']) {
case 'addressfield_citystate':
$theme = array('addressfield_formatter__citystate', 'addressfield_formatter');
if (!empty($item['country'])) {
array_unshift($theme, 'addressfield_formatter__citystate__' . $item['country']);
}
foreach ($items as $delta => $item) {
if (!empty($item['country'])) {
array_unshift($theme, 'addressfield_formatter__citystate__' . $item['country']);
}
$element[$delta] = array(
'#theme' => $theme,
'#address' => $item,
'#address' => array_map('filter_xss', $item),
);
}
break;
case 'addressfield_linear':
$theme = array('addressfield_formatter__linear', 'addressfield_formatter');
if (!empty($item['country'])) {
array_unshift($theme, 'addressfield_formatter__linear__' . $item['country']);
}
foreach ($items as $delta => $item) {
if (!empty($item['country'])) {
array_unshift($theme, 'addressfield_formatter__linear__' . $item['country']);
}
$element[$delta] = array(
'#theme' => $theme,
'#address' => $item,
'#address' => array_map('filter_xss', $item),
);
}
break;
@ -171,7 +168,7 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
$country = _addressfield_tokens_country($item['country']);
$element[$delta] = array(
'#type' => 'markup',
'#markup' => $country,
'#markup' => filter_xss($country),
'#prefix' => '<span class="addressfield-country">',
'#suffix' => '</span>',
);
@ -185,7 +182,7 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
$state = _addressfield_tokens_state($item['country'], $item['administrative_area']);
$element[$delta] = array(
'#type' => 'markup',
'#markup' => $state,
'#markup' => filter_xss($state),
'#prefix' => '<span class="addressfield-state">',
'#suffix' => '</span>',
);
@ -195,17 +192,16 @@ function addressfield_tokens_field_formatter_view($entity_type, $entity, $field,
case 'addressfield_components':
$theme = array('addressfield_formatter__components', 'addressfield_formatter');
if (!empty($item['country'])) {
array_unshift($theme, 'addressfield_formatter__components__' . $item['country']);
}
$settings = $display['settings'];
foreach ($items as $delta => $item) {
if (!empty($item['country'])) {
array_unshift($theme, 'addressfield_formatter__components__' . $item['country']);
}
$element[$delta] = array(
'#theme' => $theme,
'#address' => $item,
'#address' => array_map('filter_xss', $item),
'#components' => $settings['components'],
'#separator' => $settings['separator'],
'#separator' => filter_xss($settings['separator']),
);
}
break;
@ -227,7 +223,7 @@ function addressfield_tokens_property_names() {
$names = variable_get('addressfield_tokens_property_names', array());
if (empty($names)) {
$props = addressfield_data_property_info();
foreach($props as $name => $prop) {
foreach ($props as $name => $prop) {
$names[$name] = $prop['label'];
}
}
@ -277,24 +273,26 @@ function _addressfield_tokens_country($country) {
// Country abbreviations will always be two uppercase letters.
$country = drupal_strtoupper($country);
if (!empty($country) && isset($countries[$country])) {
return $countries[$country];
return check_plain($countries[$country]);
}
return $country;
return check_plain($country);
}
/**
* Gets the abbreviation of the country with the given name
*
* @param string The name of the country
* @return string $country The 2-letter abbreviation of the country, or FALSE.
* @param string
* The name of the country.
* @return string $country
* The 2-letter abbreviation of the country, or FALSE.
*/
function _addressfield_tokens_country_abbr($country) {
$countries = array_flip(array_map('strtolower', _addressfield_tokens_countries()));
if (isset($countries[strtolower($country)])) {
return $countries[strtolower($country)];
return check_plain($countries[strtolower($country)]);
}
return $country;
return check_plain($country);
}
/**
@ -341,20 +339,20 @@ function _addressfield_tokens_state($country, $state) {
// State abbreviations will usually be two uppercase letters.
$state = drupal_strtoupper($state);
if (!empty($state) && !empty($states[$state])) {
return $states[$state];
return check_plain($states[$state]);
}
return $state;
return check_plain($state);
}
/**
* Implements hook_webform_component_info().
*/
function addressfield_tokens_webform_component_info() {
$components = array ();
$components['addressfield'] = array (
$components = array();
$components['addressfield'] = array(
'label' => t('Address'),
'description' => t('Address field.'),
'features' => array (
'features' => array(
// Add content to CSV downloads. Defaults to TRUE.
'csv' => TRUE,
// Show this component in e-mailed submissions. Defaults to TRUE.

7
sites/all/modules/contrib/dev/addressfield_tokens/addressfield_tokens.theme.inc
View File

@ -1,4 +1,9 @@
<?php
/**
* @file
* Theme Controllers.
*/
/**
* Implements theme_field();
*
@ -102,5 +107,5 @@ function theme_addressfield_formatter__components($vars) {
}
}
return filter_xss(implode($separator, $out));
return implode($separator, $out);
}

54
sites/all/modules/contrib/dev/addressfield_tokens/addressfield_tokens.tokens.inc
View File

@ -1,17 +1,7 @@
<?php
// $Id$
/*
* Copyright © 2012 New Signature
*
* This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
* You can contact New Signature by electronic mail at labs@newsignature.com -or- by U.S. Postal Service at 1100 H St. NW, Suite 940, Washington, DC 20005.
*/
/**
* @file Provides token replacements for address fields.
*/
/**
* @file Provides token replacements for address fields.
*/
/**
* Implements hook_token_info_alter().
@ -40,8 +30,6 @@ function addressfield_tokens_token_info_alter(&$info) {
foreach ($props as $field => $data) {
$fieldtoken = str_replace('_', '-', $field);
$name = '';
$descr = '';
if (!empty($names[$field])) {
$name = $names[$field];
@ -58,7 +46,7 @@ function addressfield_tokens_token_info_alter(&$info) {
}
}
$info['tokens']['addressfield'][$fieldtoken] = array(
'name' => $name,
'name' => $name,
'description' => $descr,
'type' => 'text',
);
@ -139,6 +127,7 @@ function addressfield_tokens_token_info_alter(&$info) {
*/
function addressfield_tokens_tokens($type, $tokens, array $data = array(), array $options = array()) {
$url_options = array();
// @todo: why are we setting $language_code and not using it?
if (isset($options['language'])) {
$url_options['language'] = $options['language'];
$language_code = $options['language']->language;
@ -146,18 +135,21 @@ function addressfield_tokens_tokens($type, $tokens, array $data = array(), array
else {
$language_code = LANGUAGE_NONE;
}
$sanitize = !empty($options['sanitize']);
$replacements = array();
$last_original = NULL;
// Process address field tokens
if ($type == 'addressfield' && !empty($data['addressfield'])) {
foreach ($tokens as $name => $original) {
$last_original = $original;
$name = str_replace('-', '_', $name);
$address = $data['addressfield'];
// If the address field exists, use it.
if (isset($address[$name])) {
$replacements[$original] = $address[$name];
$replacements[$original] = $sanitize ? filter_xss($address[$name]) : $address[$name];
}
else {
// Otherwise, it's a special token
@ -166,7 +158,7 @@ function addressfield_tokens_tokens($type, $tokens, array $data = array(), array
$render = addressfield_generate($address, array('address'), array(
'mode' => 'render',
));
$replacements[$original] = drupal_render($render);
$replacements[$original] = $sanitize ? filter_xss(drupal_render($render)) : drupal_render($render);
break;
case 'text':
@ -188,7 +180,7 @@ function addressfield_tokens_tokens($type, $tokens, array $data = array(), array
if (!empty($address['country']) && $address['country'] != addressfield_tokens_default_country()) {
$out[2] = _addressfield_tokens_country($address['country']);
}
$replacements[$original] = implode("\n", $out);
$replacements[$original] = $sanitize ? filter_xss(implode("\n", $out)) : implode("\n", $out);
break;
case 'city_state':
@ -202,18 +194,28 @@ function addressfield_tokens_tokens($type, $tokens, array $data = array(), array
if (!empty($address['country']) && $address['country'] != addressfield_tokens_default_country()) {
$out[] = _addressfield_tokens_country($address['country']);
}
$replacements[$original] = implode(", ", $out);
$replacements[$original] = $sanitize ? filter_xss(implode(", ", $out)) : implode(", ", $out);
break;
case 'state_name':
if (!empty($address['administrative_area']) && !empty($address['country'])) {
$replacements[$original] = _addressfield_tokens_state($address['country'], $address['administrative_area']);
if ($sanitize) {
$replacements[$original] = filter_xss(_addressfield_tokens_state($address['country'], $address['administrative_area']));
}
else {
$replacements[$original] = _addressfield_tokens_state($address['country'], $address['administrative_area']);
}
}
break;
case 'country_name':
if (!empty($address['country'])) {
$replacements[$original] = _addressfield_tokens_country($address['country']);
if ($sanitize) {
$replacements[$original] = filter_xss(_addressfield_tokens_country($address['country']));
}
else {
$replacements[$original] = _addressfield_tokens_country($address['country']);
}
}
break;
@ -232,8 +234,8 @@ function addressfield_tokens_tokens($type, $tokens, array $data = array(), array
}
}
}
if (!isset($replacements[$original])) {
$replacements[$original] = '';
if (!isset($replacements[$last_original])) {
$replacements[$last_original] = '';
}
}
else {
@ -252,7 +254,7 @@ function addressfield_tokens_tokens($type, $tokens, array $data = array(), array
}
catch (EntityMetadataWrapperException $e) {
// The property doesn't exist, so skip it.
$replacements[$original] = '';
$replacements[$last_original] = '';
}
}
}