security updates of unpatched modules
This commit is contained in:
Bachir Soussi Chiadmi
@@ -34,7 +34,8 @@ class SearchApiAlterBundleFilter extends SearchApiAbstractAlterCallback {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($this->isMultiEntityIndex()) {
|
||||
$multi_entity = $this->isMultiEntityIndex();
|
||||
if ($multi_entity) {
|
||||
$bundle_prop = 'item_bundle';
|
||||
}
|
||||
else {
|
||||
@@ -46,6 +47,10 @@ class SearchApiAlterBundleFilter extends SearchApiAbstractAlterCallback {
|
||||
$default = (bool) $this->options['default'];
|
||||
|
||||
foreach ($items as $id => $item) {
|
||||
// Ignore types that have no bundles.
|
||||
if ($multi_entity && !self::hasBundles(entity_get_info($item->item_type))) {
|
||||
continue;
|
||||
}
|
||||
if (isset($bundles[$item->$bundle_prop]) == $default) {
|
||||
unset($items[$id]);
|
||||
}
|
||||
|
||||
@@ -166,6 +166,10 @@ class SearchApiEntityDataSourceController extends SearchApiAbstractDataSourceCon
|
||||
$bundle_column = 'vid';
|
||||
$bundles = db_query('SELECT vid FROM {taxonomy_vocabulary} WHERE machine_name IN (:bundles)', array(':bundles' => $bundles))->fetchCol();
|
||||
}
|
||||
elseif ($this->entityType == 'flagging') {
|
||||
$bundle_column = 'fid';
|
||||
$bundles = db_query('SELECT fid FROM {flag} WHERE name IN (:bundles)', array(':bundles' => $bundles))->fetchCol();
|
||||
}
|
||||
elseif ($this->entityType == 'comment') {
|
||||
// Comments are significantly more complicated, since they don't
|
||||
// store their bundle explicitly in their database table. Instead,
|
||||
@@ -182,14 +186,17 @@ class SearchApiEntityDataSourceController extends SearchApiAbstractDataSourceCon
|
||||
$bundles = db_query('SELECT nid FROM {node} WHERE type IN (:bundles)', array(':bundles' => $node_types))->fetchCol();
|
||||
}
|
||||
else {
|
||||
return;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$this->startTrackingFallback(array($index->machine_name => $index));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
$query->condition($bundle_column, $bundles);
|
||||
if ($bundles) {
|
||||
$query->condition($bundle_column, $bundles);
|
||||
}
|
||||
}
|
||||
|
||||
// INSERT ... SELECT ...
|
||||
|
||||
@@ -764,12 +764,14 @@ class SearchApiIndex extends Entity {
|
||||
* "additional fields" key.
|
||||
*/
|
||||
public function getFields($only_indexed = TRUE, $get_additional = FALSE) {
|
||||
global $language;
|
||||
|
||||
$only_indexed = $only_indexed ? 1 : 0;
|
||||
$get_additional = $get_additional ? 1 : 0;
|
||||
|
||||
// First, try the static cache and the persistent cache bin.
|
||||
if (empty($this->fields[$only_indexed][$get_additional])) {
|
||||
$cid = $this->getCacheId() . "-$only_indexed-$get_additional";
|
||||
$cid = $this->getCacheId() . "-$only_indexed-$get_additional-{$language->language}";
|
||||
$cache = cache_get($cid);
|
||||
if ($cache) {
|
||||
$this->fields[$only_indexed][$get_additional] = $cache->data;
|
||||
|
||||
@@ -158,13 +158,14 @@ class SearchApiHighlight extends SearchApiAbstractProcessor {
|
||||
if ($this->options['highlight'] != 'never') {
|
||||
$fields = $this->getFulltextFields($response['results'], $id, $fulltext_fields, $this->options['highlight'] == 'always');
|
||||
foreach ($fields as $field => $data) {
|
||||
$result['fields'][$field] = array('#sanitize_callback' => FALSE);
|
||||
if (is_array($data)) {
|
||||
foreach ($data as $i => $text) {
|
||||
$result['fields'][$field][$i] = $this->highlightField($text, $keys);
|
||||
$result['fields'][$field]['#value'][$i] = $this->highlightField($text, $keys);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$result['fields'][$field] = $this->highlightField($data, $keys);
|
||||
$result['fields'][$field]['#value'] = $this->highlightField($data, $keys);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -200,9 +201,10 @@ class SearchApiHighlight extends SearchApiAbstractProcessor {
|
||||
// We only need detailed fields data if $load is TRUE.
|
||||
$fields = $load ? $this->index->getFields() : array();
|
||||
$needs_extraction = array();
|
||||
$returned_fields = search_api_get_sanitized_field_values(array_intersect_key($result['fields'], array_flip($fulltext_fields)));
|
||||
foreach ($fulltext_fields as $field) {
|
||||
if (array_key_exists($field, $result['fields'])) {
|
||||
$data[$field] = $result['fields'][$field];
|
||||
if (array_key_exists($field, $returned_fields)) {
|
||||
$data[$field] = $returned_fields[$field];
|
||||
}
|
||||
elseif ($load) {
|
||||
$needs_extraction[$field] = $fields[$field];
|
||||
@@ -225,7 +227,7 @@ class SearchApiHighlight extends SearchApiAbstractProcessor {
|
||||
}
|
||||
$wrapper = $this->index->entityWrapper($result['entity'], FALSE);
|
||||
$wrapper->language($language->language);
|
||||
$extracted = search_api_extract_fields($wrapper, $needs_extraction);
|
||||
$extracted = search_api_extract_fields($wrapper, $needs_extraction, array('sanitize' => TRUE));
|
||||
|
||||
foreach ($extracted as $field => $info) {
|
||||
if (isset($info['value'])) {
|
||||
@@ -448,12 +450,12 @@ class SearchApiHighlight extends SearchApiAbstractProcessor {
|
||||
* @param array $array
|
||||
* The array to flatten.
|
||||
* @param string $glue
|
||||
* The separator to insert between individual array items.
|
||||
* (optional) The separator to insert between individual array items.
|
||||
*
|
||||
* @return string
|
||||
* The glued string.
|
||||
*/
|
||||
protected function flattenArrayValues(array $array, $glue = "\n\n") {
|
||||
protected function flattenArrayValues(array $array, $glue = " \n\n ") {
|
||||
$ret = array();
|
||||
foreach ($array as $item) {
|
||||
if (is_array($item)) {
|
||||
|
||||
@@ -101,7 +101,7 @@ class SearchApiHtmlFilter extends SearchApiAbstractProcessor {
|
||||
$value = $this->parseText($text);
|
||||
}
|
||||
else {
|
||||
$value = strip_tags($text);
|
||||
$value = html_entity_decode(strip_tags($text));
|
||||
// Remove any multiple or leading/trailing spaces we might have introduced.
|
||||
$value = preg_replace('/\s\s+/', ' ', trim($value));
|
||||
}
|
||||
@@ -120,7 +120,7 @@ class SearchApiHtmlFilter extends SearchApiAbstractProcessor {
|
||||
);
|
||||
}
|
||||
$text = substr($text, $pos + 1);
|
||||
if (!preg_match('#^(/?)([-:_a-zA-Z]+)#', $text, $m)) {
|
||||
if (!preg_match('#^(/?)([:_a-zA-Z][-:_a-zA-Z0-9.]*)#', $text, $m)) {
|
||||
continue;
|
||||
}
|
||||
$text = substr($text, strpos($text, '>') + 1);
|
||||
|
||||
@@ -201,7 +201,16 @@ interface SearchApiQueryInterface {
|
||||
* already ready-to-use. This allows search engines (or postprocessors)
|
||||
* to store extracted fields so other modules don't have to extract them
|
||||
* again. This fields should always be checked by modules that want to
|
||||
* use field contents of the result items.
|
||||
* use field contents of the result items. The format of the array is
|
||||
* field IDs (as used by the Search API internally) mapped to either the
|
||||
* raw value of the field (scalar or array value), or an associative
|
||||
* array with the following keys:
|
||||
* - #value: The raw field value.
|
||||
* - #sanitize_callback: The callback to use for sanitizing the field
|
||||
* value for HTML output, or FALSE to state that the field value is
|
||||
* already sanitized.
|
||||
* In the simple form, it's assumed the field value should be sanitized
|
||||
* with check_plain().
|
||||
* - entity: (optional) If set, the fully loaded result item. This field
|
||||
* should always be used by modules using search results, to avoid
|
||||
* duplicate item loads.
|
||||
|
||||
Reference in New Issue
Block a user