upadted i18n admin_theme

repatched https://www.drupal.org/project/drupal/issues/1754162#comment-9737269
updated core to 7.73
2020-11-09 14:47:59 +01:00 · 2020-11-09 10:18:41 +01:00 · 2020-11-09 10:18:07 +01:00 · 2020-03-27 14:25:57 +01:00 · 2020-03-27 14:23:44 +01:00 · 2020-03-27 14:22:44 +01:00
251 changed files with 2737 additions and 1428 deletions
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,47 @@
-Drupal 7.xx, xxxx-xx-xx (development version)
+Drupal 7.73, 2020-09-16
 -----------------------
+- Fixed security issues:
+   - SA-CORE-2020-007
+
+Drupal 7.72, 2020-06-17
+-----------------------
+- Fixed security issues:
+   - SA-CORE-2020-004
+
+Drupal 7.71, 2020-06-03
+-----------------------
+- Fix for jQuery Form bug in Chromium-based browsers
+- Full support for PHP 7.4
+
+Drupal 7.70, 2020-05-19
+-----------------------
+- Fixed security issues:
+   - SA-CORE-2020-002
+   - SA-CORE-2020-003
+
+Drupal 7.69, 2019-12-18
+-----------------------
+- Fixed security issues:
+   - SA-CORE-2019-012
+
+Drupal 7.68, 2019-12-04
+-----------------------
+- Fixed: Hide toolbar when printing
+- Fixed: Settings returned via ajax are not run through hook_js_alter()
+- Fixed: Use drupal_http_build_query() in drupal_http_request()
+- Fixed: DrupalRequestSanitizer not found fatal error when bootstrap phase order is changed
+- Fixed: Block web.config in .htaccess (and vice-versa)
+- Fixed: Create "scripts" element to align rendering workflow to how "styles" are handled
+- PHP 7.3: Fixed 'Cannot change session id when session is active'
+- PHP 7.1: Fixed 'A non-numeric value encountered in theme_pager()'
+- PHP 7.x: Fixed file.inc generated .htaccess does not cover PHP 7
+- PHP 5.3: Fixed check_plain() 'Invalid multibyte sequence in argument' test failures
+- Fixed: Allow passing data as array to drupal_http_request()
+- Fixed: Skip module_invoke/module_hook in calling hook_watchdog (excessive function_exist)
+- Fixed: HTTP status 200 returned for 'Additional uncaught exception thrown while handling exception'
+- Fixed: theme_table() should take an optional footer variable and produce <tfoot>
+- Fixed: 'uasort() expects parameter 1 to be array, null given in node_view_multiple()'
+- [regression] Fix default.settings.php permission

 Drupal 7.67, 2019-05-08
 -----------------------
--- a/MAINTAINERS.txt
+++ b/MAINTAINERS.txt
@@ -11,11 +11,8 @@ The Drupal Core branch maintainers oversee the development of Drupal as a whole.
 The branch maintainers for Drupal 7 are:

 - Dries Buytaert 'dries' https://www.drupal.org/u/dries
- Angela Byron 'webchick' https://www.drupal.org/u/webchick
 - Fabian Franz 'Fabianx' https://www.drupal.org/u/fabianx
- David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein
- Stefan Ruijsenaars 'stefan.r' https://www.drupal.org/u/stefanr-0
- (provisional) Pol Dellaiera 'Pol' https://www.drupal.org/u/pol
+- (provisional) Drew Webber 'mcdruid' https://www.drupal.org/u/mcdruid


 Component maintainers
--- a/includes/ajax.inc
+++ b/includes/ajax.inc
@@ -294,6 +294,7 @@ function ajax_render($commands = array()) {

  // Now add a command to merge changes and additions to Drupal.settings.
  $scripts = drupal_add_js();
+  drupal_alter('js', $scripts);
  if (!empty($scripts['settings'])) {
    $settings = $scripts['settings'];
    array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE));
--- a/includes/batch.inc
+++ b/includes/batch.inc
@@ -478,18 +478,17 @@ function _batch_finished() {
        $queue->deleteQueue();
      }
    }
+    // Clean-up the session. Not needed for CLI updates.
+    if (isset($_SESSION)) {
+      unset($_SESSION['batches'][$batch['id']]);
+      if (empty($_SESSION['batches'])) {
+        unset($_SESSION['batches']);
+      }
+    }
  }
  $_batch = $batch;
  $batch = NULL;

-  // Clean-up the session. Not needed for CLI updates.
-  if (isset($_SESSION)) {
-    unset($_SESSION['batches'][$batch['id']]);
-    if (empty($_SESSION['batches'])) {
-      unset($_SESSION['batches']);
-    }
-  }
-
  // Redirect if needed.
  if ($_batch['progressive']) {
    // Revert the 'destination' that was saved in batch_process().
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
 /**
 * The current system version.
 */
-define('VERSION', '7.67');
+define('VERSION', '7.73');

 /**
 * Core API compatibility.
@@ -1998,7 +1998,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO

  // It is possible that the error handling will itself trigger an error. In that case, we could
  // end up in an infinite loop. To avoid that, we implement a simple static semaphore.
-  if (!$in_error_state && function_exists('module_implements')) {
+  if (!$in_error_state && function_exists('module_invoke_all')) {
    $in_error_state = TRUE;

    // The user object may not exist in all conditions, so 0 is substituted if needed.
@@ -2021,9 +2021,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
    );

    // Call the logging hooks to log/process the message
-    foreach (module_implements('watchdog') as $module) {
-      module_invoke($module, 'watchdog', $log_entry);
-    }
+    module_invoke_all('watchdog', $log_entry);

    // It is critical that the semaphore is only cleared here, in the parent
    // watchdog() call (not outside the loop), to prevent recursive execution.
@@ -2518,6 +2516,7 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) {

      switch ($current_phase) {
        case DRUPAL_BOOTSTRAP_CONFIGURATION:
+          require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
          _drupal_bootstrap_configuration();
          break;

@@ -2622,6 +2621,10 @@ function _drupal_exception_handler($exception) {
    _drupal_log_error(_drupal_decode_exception($exception), TRUE);
  }
  catch (Exception $exception2) {
+    // Add a 500 status code in case an exception was thrown before the 500
+    // status could be set (e.g. while loading a maintenance theme from cache).
+    drupal_add_http_header('Status', '500 Internal Server Error');
+
    // Another uncaught exception was thrown while handling the first one.
    // If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown.
    if (error_displayable()) {
@@ -2647,7 +2650,6 @@ function _drupal_bootstrap_configuration() {
  drupal_settings_initialize();

  // Sanitize unsafe keys from the request.
-  require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
  DrupalRequestSanitizer::sanitize();
 }

--- a/includes/common.inc
+++ b/includes/common.inc
@@ -391,7 +391,7 @@ function drupal_add_feed($url = NULL, $title = '') {
 */
 function drupal_get_feeds($delimiter = "\n") {
  $feeds = drupal_add_feed();
-  return implode($feeds, $delimiter);
+  return implode($delimiter, $feeds);
 }

 /**
@@ -684,7 +684,10 @@ function drupal_goto($path = '', array $options = array(), $http_response_code =
  // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
  if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
    $destination = drupal_parse_url($_GET['destination']);
-    $path = $destination['path'];
+    // Double check the path derived by drupal_parse_url() is not external.
+    if (!url_is_external($destination['path'])) {
+      $path = $destination['path'];
+    }
    $options['query'] = $destination['query'];
    $options['fragment'] = $destination['fragment'];
  }
@@ -760,9 +763,10 @@ function drupal_access_denied() {
 *   (optional) An array that can have one or more of the following elements:
 *   - headers: An array containing request headers to send as name/value pairs.
 *   - method: A string containing the request method. Defaults to 'GET'.
- *   - data: A string containing the request body, formatted as
- *     'param=value&param=value&...'; to generate this, use http_build_query().
- *     Defaults to NULL.
+ *   - data: An array containing the values for the request body or a string
+ *     containing the request body, formatted as
+ *     'param=value&param=value&...'; to generate this, use
+ *     drupal_http_build_query(). Defaults to NULL.
 *   - max_redirects: An integer representing how many times a redirect
 *     may be followed. Defaults to 3.
 *   - timeout: A float representing the maximum number of seconds the function
@@ -788,7 +792,7 @@ function drupal_access_denied() {
 *     easy access the array keys are returned in lower case.
 *   - data: A string containing the response body that was received.
 *
- * @see http_build_query()
+ * @see drupal_http_build_query()
 */
 function drupal_http_request($url, array $options = array()) {
  // Allow an alternate HTTP client library to replace Drupal's default
@@ -930,6 +934,11 @@ function drupal_http_request($url, array $options = array()) {
    $path .= '?' . $uri['query'];
  }

+  // Convert array $options['data'] to query string.
+  if (is_array($options['data'])) {
+    $options['data'] = drupal_http_build_query($options['data']);
+  }
+
  // Only add Content-Length if we actually have any content or if it is a POST
  // or PUT request. Some non-standard servers get confused by Content-Length in
  // at least HEAD/GET requests, and Squid always requires Content-Length in
@@ -3734,7 +3743,7 @@ function _drupal_build_css_path($matches, $base = NULL) {
  }

  // Prefix with base and remove '../' segments where possible.
-  $path = $_base . $matches[1];
+  $path = $_base . (isset($matches[1]) ? $matches[1] : '');
  $last = '';
  while ($path != $last) {
    $last = $path;
@@ -4441,12 +4450,54 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
    }
  }

-  $output = '';
-  // The index counter is used to keep aggregated and non-aggregated files in
-  // order by weight.
-  $index = 1;
-  $processed = array();
-  $files = array();
+  // Sort the JavaScript so that it appears in the correct order.
+  uasort($items, 'drupal_sort_css_js');
+
+  // Provide the page with information about the individual JavaScript files
+  // used, information not otherwise available when aggregation is enabled.
+  $setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
+  unset($setting['ajaxPageState']['js']['settings']);
+  drupal_add_js($setting, 'setting');
+
+  // If we're outputting the header scope, then this might be the final time
+  // that drupal_get_js() is running, so add the setting to this output as well
+  // as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
+  // because drupal_get_js() was intentionally passed a $javascript argument
+  // stripped off settings, potentially in order to override how settings get
+  // output, so in this case, do not add the setting to this output.
+  if ($scope == 'header' && isset($items['settings'])) {
+    $items['settings']['data'][] = $setting;
+  }
+
+  $elements = array(
+    '#type' => 'scripts',
+    '#items' => $items,
+  );
+
+  return drupal_render($elements);
+}
+
+/**
+ * The #pre_render callback for the "scripts" element.
+ *
+ * This callback adds elements needed for <script> tags to be rendered.
+ *
+ * @param array $elements
+ *   A render array containing:
+ *   - '#items': The JS items as returned by drupal_add_js() and altered by
+ *     drupal_get_js().
+ *
+ * @return array
+ *   The $elements variable passed as argument with two more children keys:
+ *     - "scripts": contains the Javascript items
+ *     - "settings": contains the Javascript settings items.
+ *   If those keys are already existing, then the items will be appended and
+ *   their keys will be preserved.
+ *
+ * @see drupal_get_js()
+ * @see drupal_add_js()
+ */
+function drupal_pre_render_scripts(array $elements) {
  $preprocess_js = (variable_get('preprocess_js', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update'));

  // A dummy query-string is added to filenames, to gain control over
@@ -4467,34 +4518,29 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
  // third-party code might require the use of a different query string.
  $js_version_string = variable_get('drupal_js_version_query_string', 'v=');

-  // Sort the JavaScript so that it appears in the correct order.
-  uasort($items, 'drupal_sort_css_js');
+  $files = array();

-  // Provide the page with information about the individual JavaScript files
-  // used, information not otherwise available when aggregation is enabled.
-  $setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
-  unset($setting['ajaxPageState']['js']['settings']);
-  drupal_add_js($setting, 'setting');
+  $scripts = isset($elements['scripts']) ? $elements['scripts'] : array();
+  $scripts += array('#weight' => 0);

-  // If we're outputting the header scope, then this might be the final time
-  // that drupal_get_js() is running, so add the setting to this output as well
-  // as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
-  // because drupal_get_js() was intentionally passed a $javascript argument
-  // stripped off settings, potentially in order to override how settings get
-  // output, so in this case, do not add the setting to this output.
-  if ($scope == 'header' && isset($items['settings'])) {
-    $items['settings']['data'][] = $setting;
-  }
+  $settings = isset($elements['settings']) ? $elements['settings'] : array();
+  $settings += array('#weight' => $scripts['#weight'] + 10);
+
+  // The index counter is used to keep aggregated and non-aggregated files in
+  // order by weight. Use existing scripts count as a starting point.
+  $index = count(element_children($scripts)) + 1;

  // Loop through the JavaScript to construct the rendered output.
  $element = array(
+    '#type' => 'html_tag',
    '#tag' => 'script',
    '#value' => '',
    '#attributes' => array(
      'type' => 'text/javascript',
    ),
  );
-  foreach ($items as $item) {
+
+  foreach ($elements['#items'] as $item) {
    $query_string =  empty($item['version']) ? $default_query_string : $js_version_string . $item['version'];

    switch ($item['type']) {
@@ -4503,7 +4549,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
        $js_element['#value_prefix'] = $embed_prefix;
        $js_element['#value'] = 'jQuery.extend(Drupal.settings, ' . drupal_json_encode(drupal_array_merge_deep_array($item['data'])) . ");";
        $js_element['#value_suffix'] = $embed_suffix;
-        $output .= theme('html_tag', array('element' => $js_element));
+        $settings[] = $js_element;
        break;

      case 'inline':
@@ -4514,7 +4560,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
        $js_element['#value_prefix'] = $embed_prefix;
        $js_element['#value'] = $item['data'];
        $js_element['#value_suffix'] = $embed_suffix;
-        $processed[$index++] = theme('html_tag', array('element' => $js_element));
+        $scripts[$index++] = $js_element;
        break;

      case 'file':
@@ -4525,7 +4571,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
          }
          $query_string_separator = (strpos($item['data'], '?') !== FALSE) ? '&' : '?';
          $js_element['#attributes']['src'] = file_create_url($item['data']) . $query_string_separator . ($item['cache'] ? $query_string : REQUEST_TIME);
-          $processed[$index++] = theme('html_tag', array('element' => $js_element));
+          $scripts[$index++] = $js_element;
        }
        else {
          // By increasing the index for each aggregated file, we maintain
@@ -4536,7 +4582,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
          // leading to better front-end performance of a website as a whole.
          // See drupal_add_js() for details.
          $key = 'aggregate_' . $item['group'] . '_' . $item['every_page'] . '_' . $index;
-          $processed[$key] = '';
+          $scripts[$key] = '';
          $files[$key][$item['data']] = $item;
        }
        break;
@@ -4548,7 +4594,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
          $js_element['#attributes']['defer'] = 'defer';
        }
        $js_element['#attributes']['src'] = $item['data'];
-        $processed[$index++] = theme('html_tag', array('element' => $js_element));
+        $scripts[$index++] = $js_element;
        break;
    }
  }
@@ -4563,14 +4609,18 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
        $preprocess_file = file_create_url($uri);
        $js_element = $element;
        $js_element['#attributes']['src'] = $preprocess_file;
-        $processed[$key] = theme('html_tag', array('element' => $js_element));
+        $scripts[$key] = $js_element;
      }
    }
  }

-  // Keep the order of JS files consistent as some are preprocessed and others are not.
-  // Make sure any inline or JS setting variables appear last after libraries have loaded.
-  return implode('', $processed) . $output;
+  // Keep the order of JS files consistent as some are preprocessed and others
+  // are not. Make sure any inline or JS setting variables appear last after
+  // libraries have loaded.
+  $element['scripts'] = $scripts;
+  $element['settings'] = $settings;
+
+  return $element;
 }

 /**
@@ -6606,7 +6656,7 @@ function element_children(&$elements, $sort = FALSE) {
  $children = array();
  $sortable = FALSE;
  foreach ($elements as $key => $value) {
-    if ($key === '' || $key[0] !== '#') {
+    if (is_int($key) || $key === '' || $key[0] !== '#') {
      $children[$key] = $value;
      if (is_array($value) && isset($value['#weight'])) {
        $sortable = TRUE;
@@ -6952,7 +7002,16 @@ function drupal_common_theme() {
      'variables' => array(),
    ),
    'table' => array(
-      'variables' => array('header' => NULL, 'rows' => NULL, 'attributes' => array(), 'caption' => NULL, 'colgroups' => array(), 'sticky' => TRUE, 'empty' => ''),
+      'variables' => array(
+        'header' => NULL,
+        'footer' => NULL,
+        'rows' => NULL,
+        'attributes' => array(),
+        'caption' => NULL,
+        'colgroups' => array(),
+        'sticky' => TRUE,
+        'empty' => '',
+      ),
    ),
    'tablesort_indicator' => array(
      'variables' => array('style' => NULL),
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -532,6 +532,9 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
 <IfModule mod_php5.c>
  php_flag engine off
 </IfModule>
+<IfModule mod_php7.c>
+  php_flag engine off
+</IfModule>
 EOF;

  if ($private) {
--- a/includes/filetransfer/filetransfer.inc
+++ b/includes/filetransfer/filetransfer.inc
@@ -301,7 +301,7 @@ abstract class FileTransfer {
    $parts = explode('/', $path);
    $chroot = '';
    while (count($parts)) {
-      $check = implode($parts, '/');
+      $check = implode('/', $parts);
      if ($this->isFile($check . '/' . drupal_basename(__FILE__))) {
        // Remove the trailing slash.
        return substr($chroot, 0, -1);
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -1135,12 +1135,8 @@ function drupal_prepare_form($form_id, &$form, &$form_state) {
 * Helper function to call form_set_error() if there is a token error.
 */
 function _drupal_invalid_token_set_form_error() {
-  $path = current_path();
-  $query = drupal_get_query_parameters();
-  $url = url($path, array('query' => $query));
-
  // Setting this error will cause the form to fail validation.
-  form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));
+  form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
 }

 /**
@@ -1181,6 +1177,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
  if (!empty($form['#token'])) {
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
      _drupal_invalid_token_set_form_error();
+      // Ignore all submitted values.
+      $form_state['input'] = array();
+      $_POST = array();
+      // Make sure file uploads do not get processed.
+      $_FILES = array();
      // Stop here and don't run any further validation handlers, because they
      // could invoke non-safe operations which opens the door for CSRF
      // vulnerabilities.
@@ -1848,6 +1849,9 @@ function form_builder($form_id, &$element, &$form_state) {
          _drupal_invalid_token_set_form_error();
          // This value is checked in _form_builder_handle_input_element().
          $form_state['invalid_token'] = TRUE;
+          // Ignore all submitted values.
+          $form_state['input'] = array();
+          $_POST = array();
          // Make sure file uploads do not get processed.
          $_FILES = array();
        }
--- a/includes/menu.inc
+++ b/includes/menu.inc
@@ -2483,6 +2483,9 @@ function menu_link_get_preferred($path = NULL, $selected_menu = NULL) {
    // untranslated paths). Afterwards, the most relevant path is picked from
    // the menus, ordered by menu preference.
    $item = menu_get_item($path);
+    if ($item === FALSE) {
+      return FALSE;
+    }
    $path_candidates = array();
    // 1. The current item href.
    $path_candidates[$item['href']] = $item['href'];
--- a/includes/pager.inc
+++ b/includes/pager.inc
@@ -321,9 +321,19 @@ function theme_pager($variables) {
  $tags = $variables['tags'];
  $element = $variables['element'];
  $parameters = $variables['parameters'];
-  $quantity = $variables['quantity'];
+  $quantity = empty($variables['quantity']) ? 0 : $variables['quantity'];
  global $pager_page_array, $pager_total;

+  // Nothing to do if there is no pager.
+  if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
+    return;
+  }
+
+  // Nothing to do if there is only one page.
+  if ($pager_total[$element] <= 1) {
+    return;
+  }
+
  // Calculate various markers within this pager piece:
  // Middle is used to "center" pages around the current page.
  $pager_middle = ceil($quantity / 2);
@@ -455,6 +465,11 @@ function theme_pager_first($variables) {
  global $pager_page_array;
  $output = '';

+  // Nothing to do if there is no pager.
+  if (!isset($pager_page_array[$element])) {
+    return;
+  }
+
  // If we are anywhere but the first page
  if ($pager_page_array[$element] > 0) {
    $output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array(0, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));
@@ -485,6 +500,11 @@ function theme_pager_previous($variables) {
  global $pager_page_array;
  $output = '';

+  // Nothing to do if there is no pager.
+  if (!isset($pager_page_array[$element])) {
+    return;
+  }
+
  // If we are anywhere but the first page
  if ($pager_page_array[$element] > 0) {
    $page_new = pager_load_array($pager_page_array[$element] - $interval, $element, $pager_page_array);
@@ -524,6 +544,11 @@ function theme_pager_next($variables) {
  global $pager_page_array, $pager_total;
  $output = '';

+  // Nothing to do if there is no pager.
+  if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
+    return;
+  }
+
  // If we are anywhere but the last page
  if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
    $page_new = pager_load_array($pager_page_array[$element] + $interval, $element, $pager_page_array);
@@ -560,6 +585,11 @@ function theme_pager_last($variables) {
  global $pager_page_array, $pager_total;
  $output = '';

+  // Nothing to do if there is no pager.
+  if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
+    return;
+  }
+
  // If we are anywhere but the last page
  if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
    $output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array($pager_total[$element] - 1, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));
--- a/includes/path.inc
+++ b/includes/path.inc
@@ -466,13 +466,15 @@ function path_delete($criteria) {
    $criteria = array('pid' => $criteria);
  }
  $path = path_load($criteria);
-  $query = db_delete('url_alias');
-  foreach ($criteria as $field => $value) {
-    $query->condition($field, $value);
+  if (isset($path['source'])) {
+    $query = db_delete('url_alias');
+    foreach ($criteria as $field => $value) {
+      $query->condition($field, $value);
+    }
+    $query->execute();
+    module_invoke_all('path_delete', $path);
+    drupal_clear_path_cache($path['source']);
  }
-  $query->execute();
-  module_invoke_all('path_delete', $path);
-  drupal_clear_path_cache($path['source']);
 }

 /**
--- a/includes/request-sanitizer.inc
+++ b/includes/request-sanitizer.inc
@@ -99,7 +99,7 @@ class DrupalRequestSanitizer {
  protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
    if (is_array($input)) {
      foreach ($input as $key => $value) {
-        if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
+        if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
          unset($input[$key]);
          $sanitized_keys[] = $key;
        }
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -371,8 +371,11 @@ function drupal_session_regenerate() {

  if (drupal_session_started()) {
    $old_session_id = session_id();
+    _drupal_session_regenerate_existing();
+  }
+  else {
+    session_id(drupal_random_key());
  }
-  session_id(drupal_random_key());

  if (isset($old_session_id)) {
    $params = session_get_cookie_params();
@@ -412,6 +415,26 @@ function drupal_session_regenerate() {
  date_default_timezone_set(drupal_get_user_timezone());
 }

+/**
+ * Regenerates an existing session.
+ */
+function _drupal_session_regenerate_existing() {
+  global $user;
+  // Preserve existing settings for the saving of sessions.
+  $original_save_session_status = drupal_save_session();
+  // Turn off saving of sessions.
+  drupal_save_session(FALSE);
+  session_write_close();
+  drupal_session_started(FALSE);
+  // Preserve the user object, as starting a new session will reset it.
+  $original_user = $user;
+  session_id(drupal_random_key());
+  drupal_session_start();
+  $user = $original_user;
+  // Restore the original settings for the saving of sessions.
+  drupal_save_session($original_save_session_status);
+}
+
 /**
 * Session handler assigned by session_set_save_handler().
 *
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -1911,7 +1911,7 @@ function theme_breadcrumb($variables) {
 /**
 * Returns HTML for a table.
 *
- * @param $variables
+ * @param array $variables
 *   An associative array containing:
 *   - header: An array containing the table headers. Each element of the array
 *     can be either a localized string or an associative array with the
@@ -1948,6 +1948,11 @@ function theme_breadcrumb($variables) {
 *       )
 *     );
 *     @endcode
+ *   - footer: An array of table rows which will be printed within a <tfoot>
+ *     tag, in the same format as the rows element (see above).
+ *     The structure is the same the one defined for the "rows" key except
+ *     that the no_striping boolean has no effect, there is no rows striping
+ *     for the table footer.
 *   - attributes: An array of HTML attributes to apply to the table tag.
 *   - caption: A localized string to use for the <caption> tag.
 *   - colgroups: An array of column groups. Each element of the array can be
@@ -1984,8 +1989,11 @@ function theme_breadcrumb($variables) {
 *   - sticky: Use a "sticky" table header.
 *   - empty: The message to display in an extra row if table does not have any
 *     rows.
+ *
+ * @return string
+ *   The HTML output.
 */
-function theme_table($variables) {
+function theme_table(array $variables) {
  $header = $variables['header'];
  $rows = $variables['rows'];
  $attributes = $variables['attributes'];
@@ -2049,17 +2057,27 @@ function theme_table($variables) {
    if (!empty($header)) {
      foreach ($header as $header_cell) {
        if (is_array($header_cell)) {
-          $header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
+          $header_count += isset($header_cell['colspan']) ?
+            $header_cell['colspan'] : 1;
        }
        else {
          $header_count++;
        }
      }
    }
-    $rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message')));
+    $rows[] = array(
+      array(
+        'data' => $empty,
+        'colspan' => $header_count,
+        'class' => array(
+          'empty',
+          'message'
+        ),
+      ),
+    );
  }

-  // Format the table header:
+  // Format the table header.
  if (!empty($header)) {
    $ts = tablesort_init($header);
    // HTML requires that the thead tag has tr tags in it followed by tbody
@@ -2069,23 +2087,39 @@ function theme_table($variables) {
      $cell = tablesort_header($cell, $header, $ts);
      $output .= _theme_table_cell($cell, TRUE);
    }
-    // Using ternary operator to close the tags based on whether or not there are rows
+    // Using ternary operator to close the tags based on whether
+    // or not there are rows.
    $output .= (!empty($rows) ? " </tr></thead>\n" : "</tr>\n");
  }
  else {
    $ts = array();
  }

-  // Format the table rows:
+  // Format the table and footer rows.
+  $sections = array();
+
  if (!empty($rows)) {
-    $output .= "<tbody>\n";
+    $sections['tbody'] = $rows;
+  }
+
+  if (!empty($variables['footer'])) {
+    $sections['tfoot'] = $variables['footer'];
+  }
+
+  // tbody and tfoot have the same structure and are built using the same
+  // procedure.
+  foreach ($sections as $tag => $content) {
+    $output .= "<" . $tag . ">\n";
    $flip = array('even' => 'odd', 'odd' => 'even');
    $class = 'even';
-    foreach ($rows as $number => $row) {
-      // Check if we're dealing with a simple or complex row
+    $default_no_striping = ($tag === 'tfoot');
+
+    foreach ($content as $number => $row) {
+      // Check if we're dealing with a simple or complex row.
      if (isset($row['data'])) {
        $cells = $row['data'];
-        $no_striping = isset($row['no_striping']) ? $row['no_striping'] : FALSE;
+        $no_striping = isset($row['no_striping']) ?
+          $row['no_striping'] : $default_no_striping;

        // Set the attributes array and exclude 'data' and 'no_striping'.
        $attributes = $row;
@@ -2095,16 +2129,17 @@ function theme_table($variables) {
      else {
        $cells = $row;
        $attributes = array();
-        $no_striping = FALSE;
+        $no_striping = $default_no_striping;
      }
+
      if (!empty($cells)) {
-        // Add odd/even class
+        // Add odd/even class.
        if (!$no_striping) {
          $class = $flip[$class];
          $attributes['class'][] = $class;
        }

-        // Build row
+        // Build row.
        $output .= ' <tr' . drupal_attributes($attributes) . '>';
        $i = 0;
        foreach ($cells as $cell) {
@@ -2114,10 +2149,12 @@ function theme_table($variables) {
        $output .= " </tr>\n";
      }
    }
-    $output .= "</tbody>\n";
+
+    $output .= "</" . $tag . ">\n";
  }

  $output .= "</table>\n";
+
  return $output;
 }

--- a/misc/ajax.js
+++ b/misc/ajax.js
@@ -149,7 +149,7 @@ Drupal.ajax = function (base, element, element_settings) {
  // The 'this' variable will not persist inside of the options object.
  var ajax = this;
  ajax.options = {
-    url: ajax.url,
+    url: Drupal.sanitizeAjaxUrl(ajax.url),
    data: ajax.submit,
    beforeSerialize: function (element_settings, options) {
      return ajax.beforeSerialize(element_settings, options);
@@ -195,9 +195,29 @@ Drupal.ajax = function (base, element, element_settings) {
      }
    },
    dataType: 'json',
+    jsonp: false,
    type: 'POST'
  };

+  // For multipart forms (e.g., file uploads), jQuery Form targets the form
+  // submission to an iframe instead of using an XHR object. The initial "src"
+  // of the iframe, prior to the form submission, is set to options.iframeSrc.
+  // "about:blank" is the semantically correct, standards-compliant, way to
+  // initialize a blank iframe; however, some old IE versions (possibly only 6)
+  // incorrectly report a mixed content warning when iframes with an
+  // "about:blank" src are added to a parent document with an https:// origin.
+  // jQuery Form works around this by defaulting to "javascript:false" instead,
+  // but that breaks on Chrome 83, so here we force the semantically correct
+  // behavior for all browsers except old IE.
+  // @see https://www.drupal.org/project/drupal/issues/3143016
+  // @see https://github.com/jquery-form/form/blob/df9cb101b9c9c085c8d75ad980c7ff1cf62063a1/jquery.form.js#L68
+  // @see https://bugs.chromium.org/p/chromium/issues/detail?id=1084874
+  // @see https://html.spec.whatwg.org/multipage/browsers.html#creating-browsing-contexts
+  // @see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
+  if (navigator.userAgent.indexOf("MSIE") === -1) {
+    ajax.options.iframeSrc = 'about:blank';
+  }
+
  // Bind the ajaxSubmit function to the element event.
  $(ajax.element).bind(element_settings.event, function (event) {
    if (!Drupal.settings.urlIsAjaxTrusted[ajax.url] && !Drupal.urlIsLocal(ajax.url)) {
--- a/misc/autocomplete.js
+++ b/misc/autocomplete.js
@@ -297,8 +297,9 @@ Drupal.ACDB.prototype.search = function (searchString) {
    // encodeURIComponent to allow autocomplete search terms to contain slashes.
    $.ajax({
      type: 'GET',
-      url: db.uri + '/' + Drupal.encodePath(searchString),
+      url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)),
      dataType: 'json',
+      jsonp: false,
      success: function (matches) {
        if (typeof matches.status == 'undefined' || matches.status != 0) {
          db.cache[searchString] = matches;
--- a/misc/drupal.js
+++ b/misc/drupal.js
@@ -424,6 +424,23 @@ Drupal.urlIsLocal = function (url) {
  return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0;
 };

+/**
+ * Sanitizes a URL for use with jQuery.ajax().
+ *
+ * @param url
+ *   The URL string to be sanitized.
+ *
+ * @return
+ *   The sanitized URL.
+ */
+Drupal.sanitizeAjaxUrl = function (url) {
+  var regex = /\=\?(&|$)/;
+  while (url.match(regex)) {
+    url = url.replace(regex, '');
+  }
+  return url;
+}
+
 /**
 * Generate the themed representation of a Drupal object.
 *
--- a/misc/jquery-html-prefilter-3.5.0-backport.js
+++ b/misc/jquery-html-prefilter-3.5.0-backport.js
@@ -0,0 +1,251 @@
+/**
+ * For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter()
+ * function with one that fixes these security vulnerabilities while also
+ * retaining the pre-3.5.0 behavior where it's safe to do so.
+ * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
+ * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
+ *
+ * Additionally, for jQuery versions that do not have a jQuery.htmlPrefilter()
+ * function (1.x prior to 1.12 and 2.x prior to 2.2), this adds it, and
+ * extends the functions that need to call it to do so.
+ *
+ * Drupal core's jQuery version is 1.4.4, but jQuery Update can provide a
+ * different version, so this covers all versions between 1.4.4 and 3.4.1.
+ * The GitHub links in the code comments below link to jQuery 1.5 code, because
+ * 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to
+ * 1.5.
+ */
+
+(function (jQuery) {
+
+  // Parts of this backport differ by jQuery version.
+  var versionParts = jQuery.fn.jquery.split('.');
+  var majorVersion = parseInt(versionParts[0]);
+  var minorVersion = parseInt(versionParts[1]);
+
+  // No backport is needed if we're already on jQuery 3.5 or higher.
+  if ( (majorVersion > 3) || (majorVersion === 3 && minorVersion >= 5) ) {
+    return;
+  }
+
+  // Prior to jQuery 3.5, jQuery converted XHTML-style self-closing tags to
+  // their XML equivalent: e.g., "<div />" to "<div></div>". This is
+  // problematic for several reasons, including that it's vulnerable to XSS
+  // attacks. However, since this was jQuery's behavior for many years, many
+  // Drupal modules and jQuery plugins may be relying on it. Therefore, we
+  // preserve that behavior, but for a limited set of tags only, that we believe
+  // to not be vulnerable. This is the set of HTML tags that satisfy all of the
+  // following conditions:
+  // - In DOMPurify's list of HTML tags. If an HTML tag isn't safe enough to
+  //   appear in that list, then we don't want to mess with it here either.
+  //   @see https://github.com/cure53/DOMPurify/blob/2.0.11/dist/purify.js#L128
+  // - A normal element (not a void, template, text, or foreign element).
+  //   @see https://html.spec.whatwg.org/multipage/syntax.html#elements-2
+  // - An element that is still defined by the current HTML specification
+  //   (not a deprecated element), because we do not want to rely on how
+  //   browsers parse deprecated elements.
+  //   @see https://developer.mozilla.org/en-US/docs/Web/HTML/Element
+  // - Not 'html', 'head', or 'body', because this pseudo-XHTML expansion is
+  //   designed for fragments, not entire documents.
+  // - Not 'colgroup', because due to an idiosyncrasy of jQuery's original
+  //   regular expression, it didn't match on colgroup, and we don't want to
+  //   introduce a behavior change for that.
+  var selfClosingTagsToReplace = [
+    'a', 'abbr', 'address', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo',
+    'blockquote', 'button', 'canvas', 'caption', 'cite', 'code', 'data',
+    'datalist', 'dd', 'del', 'details', 'dfn', 'div', 'dl', 'dt', 'em',
+    'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3',
+    'h4', 'h5', 'h6', 'header', 'hgroup', 'i', 'ins', 'kbd', 'label', 'legend',
+    'li', 'main', 'map', 'mark', 'menu', 'meter', 'nav', 'ol', 'optgroup',
+    'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt',
+    'ruby', 's', 'samp', 'section', 'select', 'small', 'source', 'span',
+    'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th',
+    'thead', 'time', 'tr', 'u', 'ul', 'var', 'video'
+  ];
+
+  // Define regular expressions for <TAG/> and <TAG ATTRIBUTES/>. Doing this as
+  // two expressions makes it easier to target <a/> without also targeting
+  // every tag that starts with "a".
+  var xhtmlRegExpGroup = '(' + selfClosingTagsToReplace.join('|') + ')';
+  var whitespace = '[\\x20\\t\\r\\n\\f]';
+  var rxhtmlTagWithoutSpaceOrAttributes = new RegExp('<' + xhtmlRegExpGroup + '\\/>', 'gi');
+  var rxhtmlTagWithSpaceAndMaybeAttributes = new RegExp('<' + xhtmlRegExpGroup + '(' + whitespace + '[^>]*)\\/>', 'gi');
+
+  // jQuery 3.5 also fixed a vulnerability for when </select> appears within
+  // an <option> or <optgroup>, but it did that in local code that we can't
+  // backport directly. Instead, we filter such cases out. To do so, we need to
+  // determine when jQuery would otherwise invoke the vulnerable code, which it
+  // uses this regular expression to determine. The regular expression changed
+  // for version 3.0.0 and changed again for 3.4.0.
+  // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4958
+  // @see https://github.com/jquery/jquery/blob/3.0.0/dist/jquery.js#L4584
+  // @see https://github.com/jquery/jquery/blob/3.4.0/dist/jquery.js#L4712
+  var rtagName;
+  if (majorVersion < 3) {
+    rtagName = /<([\w:]+)/;
+  }
+  else if (minorVersion < 4) {
+    rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]+)/i;
+  }
+  else {
+    rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i;
+  }
+
+  // The regular expression that jQuery uses to determine which self-closing
+  // tags to expand to open and close tags. This is vulnerable, because it
+  // matches all tag names except the few excluded ones. We only use this
+  // expression for determining vulnerability. The expression changed for
+  // version 3, but we only need to check for vulnerability in versions 1 and 2,
+  // so we use the expression from those versions.
+  // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4957
+  var rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi;
+
+  jQuery.extend({
+    htmlPrefilter: function (html) {
+      // This is how jQuery determines the first tag in the HTML.
+      // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5521
+      var tag = ( rtagName.exec( html ) || [ "", "" ] )[ 1 ].toLowerCase();
+
+      // It is not valid HTML for <option> or <optgroup> to have <select> as
+      // either a descendant or sibling, and attempts to inject one can cause
+      // XSS on jQuery versions before 3.5. Since this is invalid HTML and a
+      // possible XSS attack, reject the entire string.
+      // @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
+      if ((tag === 'option' || tag === 'optgroup') && html.match(/<\/?select/i)) {
+        html = '';
+      }
+
+      // Retain jQuery's prior to 3.5 conversion of pseudo-XHTML, but for only
+      // the tags in the `selfClosingTagsToReplace` list defined above.
+      // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5518
+      // @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
+      html = html.replace(rxhtmlTagWithoutSpaceOrAttributes, "<$1></$1>");
+      html = html.replace(rxhtmlTagWithSpaceAndMaybeAttributes, "<$1$2></$1>");
+
+      // Prior to jQuery 1.12 and 2.2, this function gets called (via code later
+      // in this file) in addition to, rather than instead of, the unsafe
+      // expansion of self-closing tags (including ones not in the list above).
+      // We can't prevent that unsafe expansion from running, so instead we
+      // check to make sure that it doesn't affect the DOM returned by the
+      // browser's parsing logic. If it does affect it, then it's vulnerable to
+      // XSS, so we reject the entire string.
+      if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) {
+        var htmlRisky = html.replace(rxhtmlTag, "<$1></$2>");
+        if (htmlRisky !== html) {
+          // Even though htmlRisky and html are different strings, they might
+          // represent the same HTML structure once parsed, in which case,
+          // htmlRisky is actually safe. We can ask the browser to parse both
+          // to find out, but the browser can't parse table fragments (e.g., a
+          // root-level "<td>"), so we need to wrap them. We just need this
+          // technique to work on all supported browsers; we don't need to
+          // copy from the specific jQuery version we're using.
+          // @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L4939
+          var wrapMap = {
+            thead: [ 1, "<table>", "</table>" ],
+            col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
+            tr: [ 2, "<table><tbody>", "</tbody></table>" ],
+            td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
+          };
+          wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
+          wrapMap.th = wrapMap.td;
+
+          // Function to wrap HTML into something that a browser can parse.
+          // @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L5032
+          var getWrappedHtml = function (html) {
+            var wrap = wrapMap[tag];
+            if (wrap) {
+              html = wrap[1] + html + wrap[2];
+            }
+            return html;
+          };
+
+          // Function to return canonical HTML after parsing it. This parses
+          // only; it doesn't execute scripts.
+          // @see https://github.com/jquery/jquery-migrate/blob/3.3.0/src/jquery/manipulation.js#L5
+          var getParsedHtml = function (html) {
+            var doc = window.document.implementation.createHTMLDocument( "" );
+            doc.body.innerHTML = html;
+            return doc.body ? doc.body.innerHTML : '';
+          };
+
+          // If the browser couldn't parse either one successfully, or if
+          // htmlRisky parses differently than html, then html is vulnerable,
+          // so reject it.
+          var htmlParsed = getParsedHtml(getWrappedHtml(html));
+          var htmlRiskyParsed = getParsedHtml(getWrappedHtml(htmlRisky));
+          if (htmlRiskyParsed === '' || htmlParsed === '' || (htmlRiskyParsed !== htmlParsed)) {
+            html = '';
+          }
+        }
+      }
+
+      return html;
+    }
+  });
+
+  // Prior to jQuery 1.12 and 2.2, jQuery.clean(), jQuery.buildFragment(), and
+  // jQuery.fn.html() did not call jQuery.htmlPrefilter(), so we add that.
+  if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) {
+    // Filter the HTML coming into jQuery.fn.html().
+    var fnOriginalHtml = jQuery.fn.html;
+    jQuery.fn.extend({
+      // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5147
+      html: function (value) {
+        if (typeof value === "string") {
+          value = jQuery.htmlPrefilter(value);
+        }
+        // .html() can be called as a setter (with an argument) or as a getter
+        // (without an argument), so invoke fnOriginalHtml() the same way that
+        // we were invoked.
+        return fnOriginalHtml.apply(this, arguments.length ? [value] : []);
+      }
+    });
+
+    // The regular expression that jQuery uses to determine if a string is HTML.
+    // Used by both clean() and buildFragment().
+    // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4960
+    var rhtml = /<|&#?\w+;/;
+
+    // Filter HTML coming into:
+    // - jQuery.clean() for versions prior to 1.9.
+    // - jQuery.buildFragment() for 1.9 and above.
+    //
+    // The looping constructs in the two functions might be essentially
+    // identical, but they're each expressed here in the way that most closely
+    // matches their original expression in jQuery, so that we filter all of
+    // the items and only the items that jQuery will treat as HTML strings.
+    if (majorVersion === 1 && minorVersion < 9) {
+      var originalClean = jQuery.clean;
+      jQuery.extend({
+        // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5493
+        'clean': function (elems, context, fragment, scripts) {
+          for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) {
+            if ( typeof elem === "string" && rhtml.test( elem ) ) {
+              elems[i] = elem = jQuery.htmlPrefilter(elem);
+            }
+          }
+          return originalClean.call(this, elems, context, fragment, scripts);
+        }
+      });
+    }
+    else {
+      var originalBuildFragment = jQuery.buildFragment;
+      jQuery.extend({
+        // @see https://github.com/jquery/jquery/blob/1.9.0/jquery.js#L6419
+        'buildFragment': function (elems, context, scripts, selection) {
+          var l = elems.length;
+          for ( var i = 0; i < l; i++ ) {
+            var elem = elems[i];
+            if (elem || elem === 0) {
+              if ( jQuery.type( elem ) !== "object" && rhtml.test( elem ) ) {
+                elems[i] = elem = jQuery.htmlPrefilter(elem);
+              }
+            }
+          }
+          return originalBuildFragment.call(this, elems, context, scripts, selection);
+        }
+      });
+    }
+  }
+
+})(jQuery);
--- a/misc/typo3/phar-stream-wrapper/README.md
+++ b/misc/typo3/phar-stream-wrapper/README.md
@@ -1,5 +1,6 @@
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/badges/quality-score.png?b=v2)](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/?branch=v2)
 [![Travis CI Build Status](https://travis-ci.org/TYPO3/phar-stream-wrapper.svg?branch=v2)](https://travis-ci.org/TYPO3/phar-stream-wrapper)
+[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/q4ls5tg4w1d6sf4i/branch/v2?svg=true)](https://ci.appveyor.com/project/ohader/phar-stream-wrapper)

 # PHP Phar Stream Wrapper

@@ -21,9 +22,11 @@ and has been addressed concerning the specific attack vector and for this generi
 `PharStreamWrapper` in TYPO3 versions 7.6.30 LTS, 8.7.17 LTS and 9.3.1 on 12th
 July 2018.

-* https://typo3.org/security/advisory/typo3-core-sa-2018-002/
 * https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are
 * https://youtu.be/GePBmsNJw6Y
+* https://typo3.org/security/advisory/typo3-psa-2018-001/
+* https://typo3.org/security/advisory/typo3-psa-2019-007/
+* https://typo3.org/security/advisory/typo3-psa-2019-008/

 ## License

--- a/misc/typo3/phar-stream-wrapper/composer.json
+++ b/misc/typo3/phar-stream-wrapper/composer.json
@@ -7,7 +7,6 @@
    "keywords": ["php", "phar", "stream-wrapper", "security"],
    "require": {
        "php": "^5.3.3|^7.0",
-        "ext-fileinfo": "*",
        "ext-json": "*",
        "brumann/polyfill-unserialize": "^1.0"
    },
@@ -15,6 +14,9 @@
        "ext-xdebug": "*",
        "phpunit/phpunit": "^4.8.36"
    },
+    "suggest": {
+        "ext-fileinfo": "For PHP builtin file type guessing, otherwise uses internal processing"
+    },
    "autoload": {
        "psr-4": {
            "TYPO3\\PharStreamWrapper\\": "src/"
--- a/misc/typo3/phar-stream-wrapper/src/Helper.php
+++ b/misc/typo3/phar-stream-wrapper/src/Helper.php
@@ -52,7 +52,7 @@ class Helper

        while (count($parts)) {
            $currentPath = implode('/', $parts);
-            if (@is_file($currentPath)) {
+            if (@is_file($currentPath) && realpath($currentPath) !== false) {
                return $currentPath;
            }
            array_pop($parts);
@@ -106,7 +106,7 @@ class Helper
     * @param string $path File path to process
     * @return string
     */
-    private static function normalizeWindowsPath($path)
+    public static function normalizeWindowsPath($path)
    {
        return str_replace('\\', '/', $path);
    }
--- a/misc/typo3/phar-stream-wrapper/src/Phar/Reader.php
+++ b/misc/typo3/phar-stream-wrapper/src/Phar/Reader.php
@@ -19,6 +19,11 @@ class Reader
    private $fileName;

    /**
+     * Mime-type in order to use zlib, bzip2 or no compression.
+     * In case ext-fileinfo is not present only the relevant types
+     * 'application/x-gzip' and 'application/x-bzip2' are assigned
+     * to this class property.
+     *
     * @var string
     */
    private $fileType;
@@ -139,7 +144,7 @@ class Reader
     */
    private function resolveStream()
    {
-        if ($this->fileType === 'application/x-gzip') {
+        if ($this->fileType === 'application/x-gzip' || $this->fileType === 'application/gzip') {
            return 'compress.zlib://';
        } elseif ($this->fileType === 'application/x-bzip2') {
            return 'compress.bzip2://';
@@ -152,8 +157,37 @@ class Reader
     */
    private function determineFileType()
    {
-        $fileInfo = new \finfo();
-        return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);
+        if (class_exists('\\finfo')) {
+            $fileInfo = new \finfo();
+            return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);
+        }
+        return $this->determineFileTypeByHeader();
+    }
+
+    /**
+     * In case ext-fileinfo is not present only the relevant types
+     * 'application/x-gzip' and 'application/x-bzip2' are resolved.
+     *
+     * @return string
+     */
+    private function determineFileTypeByHeader()
+    {
+        $resource = fopen($this->fileName, 'r');
+        if (!is_resource($resource)) {
+            throw new ReaderException(
+                sprintf('Resource %s could not be opened', $this->fileName),
+                1557753055
+            );
+        }
+        $header = fgets($resource, 4);
+        fclose($resource);
+        $mimeType = '';
+        if (strpos($header, "\x42\x5a\x68") === 0) {
+            $mimeType = 'application/x-bzip2';
+        } elseif (strpos($header, "\x1f\x8b") === 0) {
+            $mimeType = 'application/x-gzip';
+        }
+        return $mimeType;
    }

    /**
--- a/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php
+++ b/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php
@@ -476,7 +476,7 @@ class PharStreamWrapper
    {
        $arguments = func_get_args();
        array_shift($arguments);
-        $silentExecution = $functionName{0} === '@';
+        $silentExecution = $functionName[0] === '@';
        $functionName = ltrim($functionName, '@');
        $this->restoreInternalSteamWrapper();

--- a/misc/typo3/phar-stream-wrapper/src/Resolver/PharInvocationResolver.php
+++ b/misc/typo3/phar-stream-wrapper/src/Resolver/PharInvocationResolver.php
@@ -14,6 +14,7 @@ namespace TYPO3\PharStreamWrapper\Resolver;
 use TYPO3\PharStreamWrapper\Helper;
 use TYPO3\PharStreamWrapper\Manager;
 use TYPO3\PharStreamWrapper\Phar\Reader;
+use TYPO3\PharStreamWrapper\Phar\ReaderException;
 use TYPO3\PharStreamWrapper\Resolvable;

 class PharInvocationResolver implements Resolvable
@@ -59,7 +60,7 @@ class PharInvocationResolver implements Resolvable
    {
        $hasPharPrefix = Helper::hasPharPrefix($path);
        if ($flags === null) {
-            $flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS | static::ASSERT_INTERNAL_INVOCATION;
+            $flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS;
        }

        if ($hasPharPrefix && $flags & static::RESOLVE_ALIAS) {
@@ -147,9 +148,14 @@ class PharInvocationResolver implements Resolvable
            }
            // ensure the possible alias name (how we have been called initially) matches
            // the resolved alias name that was retrieved by the current possible base name
-            $reader = new Reader($currentBaseName);
-            $currentAlias = $reader->resolveContainer()->getAlias();
-            if ($currentAlias !== $possibleAlias) {
+            try {
+                $reader = new Reader($currentBaseName);
+                $currentAlias = $reader->resolveContainer()->getAlias();
+            } catch (ReaderException $exception) {
+                // most probably that was not a Phar file
+                continue;
+            }
+            if (empty($currentAlias) || $currentAlias !== $possibleAlias) {
                continue;
            }
            $this->addBaseName($currentBaseName);
@@ -215,7 +221,9 @@ class PharInvocationResolver implements Resolvable
        if (isset($this->baseNames[$baseName])) {
            return;
        }
-        $this->baseNames[$baseName] = realpath($baseName);
+        $this->baseNames[$baseName] = Helper::normalizeWindowsPath(
+            realpath($baseName)
+        );
    }

    /**
--- a/modules/aggregator/aggregator.info
+++ b/modules/aggregator/aggregator.info
@@ -7,7 +7,7 @@ files[] = aggregator.test
 configure = admin/config/services/aggregator/settings
 stylesheets[all][] = aggregator.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/aggregator/tests/aggregator_test.info
+++ b/modules/aggregator/tests/aggregator_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/block/block.info
+++ b/modules/block/block.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = block.test
 configure = admin/structure/block

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -263,7 +263,7 @@ function block_page_build(&$page) {
  $all_regions = system_region_list($theme);

  $item = menu_get_item();
-  if ($item['path'] != 'admin/structure/block/demo/' . $theme) {
+  if ($item === FALSE || $item['path'] != 'admin/structure/block/demo/' . $theme) {
    // Load all region content assigned via blocks.
    foreach (array_keys($all_regions) as $region) {
      // Assign blocks to region.
@@ -283,7 +283,6 @@ function block_page_build(&$page) {
  }
  else {
    // Append region description if we are rendering the regions demo page.
-    $item = menu_get_item();
    if ($item['path'] == 'admin/structure/block/demo/' . $theme) {
      foreach (system_region_list($theme, REGIONS_VISIBLE, FALSE) as $region) {
        $description = '<div class="block-region">' . $all_regions[$region] . '</div>';
--- a/modules/block/tests/block_test.info
+++ b/modules/block/tests/block_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/block/tests/themes/block_test_theme/block_test_theme.info
+++ b/modules/block/tests/themes/block_test_theme/block_test_theme.info
@@ -13,7 +13,7 @@ regions[footer] = Footer
 regions[highlighted] = Highlighted
 regions[help] = Help

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/blog/blog.info
+++ b/modules/blog/blog.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = blog.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/book/book.info
+++ b/modules/book/book.info
@@ -7,7 +7,7 @@ files[] = book.test
 configure = admin/content/book/settings
 stylesheets[all][] = book.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/color/color.info
+++ b/modules/color/color.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = color.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/color/color.module
+++ b/modules/color/color.module
@@ -734,8 +734,9 @@ function _color_blend($img, $hex1, $hex2, $alpha) {
 * Converts a hex color into an RGB triplet.
 */
 function _color_unpack($hex, $normalize = FALSE) {
-  if (strlen($hex) == 4) {
-    $hex = $hex[1] . $hex[1] . $hex[2] . $hex[2] . $hex[3] . $hex[3];
+  $hex = substr($hex, 1);
+  if (strlen($hex) == 3) {
+    $hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
  }
  $c = hexdec($hex);
  for ($i = 16; $i >= 0; $i -= 8) {
--- a/modules/comment/comment.info
+++ b/modules/comment/comment.info
@@ -9,7 +9,7 @@ files[] = comment.test
 configure = admin/content/comment
 stylesheets[all][] = comment.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/comment/comment.install
+++ b/modules/comment/comment.install
@@ -9,9 +9,6 @@
 * Implements hook_uninstall().
 */
 function comment_uninstall() {
-  // Delete comment_body field.
-  field_delete_field('comment_body');
-
  // Remove variables.
  variable_del('comment_block_count');
  $node_types = array_keys(node_type_get_types());
--- a/modules/comment/comment.test
+++ b/modules/comment/comment.test
@@ -6,6 +6,7 @@
 */

 class CommentHelperCase extends DrupalWebTestCase {
+  protected $super_user;
  protected $admin_user;
  protected $web_user;
  protected $node;
@@ -19,6 +20,7 @@ class CommentHelperCase extends DrupalWebTestCase {
    parent::setUp($modules);

    // Create users and test node.
+    $this->super_user = $this->drupalCreateUser(array('access administration pages', 'administer modules'));
    $this->admin_user = $this->drupalCreateUser(array('administer content types', 'administer comments', 'administer blocks', 'administer actions', 'administer fields'));
    $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content', 'edit own comments'));
    $this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'uid' => $this->web_user->uid));
@@ -2264,3 +2266,56 @@ class CommentNodeChangesTestCase extends CommentHelperCase {
    $this->assertFalse(comment_load($comment->id), 'The comment could not be loaded after the node was deleted.');
  }
 }
+
+/**
+ * Tests uninstalling the comment module.
+ */
+class CommentUninstallTestCase extends CommentHelperCase {
+
+  public static function getInfo() {
+    return array(
+      'name' => 'Comment module uninstallation',
+      'description' => 'Tests that the comments module can be properly uninstalled.',
+      'group' => 'Comment',
+    );
+  }
+
+  function testCommentUninstall() {
+    $this->drupalLogin($this->super_user);
+
+    // Disable comment module.
+    $edit['modules[Core][comment][enable]'] = FALSE;
+    $this->drupalPost('admin/modules', $edit, t('Save configuration'));
+    $this->assertText(t('The configuration options have been saved.'), 'Comment module was disabled.');
+
+    // Uninstall comment module.
+    $edit = array('uninstall[comment]' => 'comment');
+    $this->drupalPost('admin/modules/uninstall', $edit, t('Uninstall'));
+    $this->drupalPost(NULL, NULL, t('Uninstall'));
+    $this->assertText(t('The selected modules have been uninstalled.'), 'Comment module was uninstalled.');
+
+    // Run cron and clear field cache so that comment fields and instances
+    // marked for deletion are actually removed.
+    $this->cronRun();
+    field_cache_clear();
+
+    // Verify that comment fields have been removed.
+    $all_fields = array_keys(field_info_field_map());
+    $this->assertFalse(in_array('comment_body', $all_fields), 'Comment fields were removed by uninstall.');
+
+    // Verify that comment field instances have been removed (or at least marked
+    // for deletion).
+    // N.B. field_read_instances does an INNER JOIN on field_config so if the
+    // comment_body row has been removed successfully from there no instances
+    // will be returned, but that does not guarantee that no rows are left over
+    // in the field_config_instance table.
+    $count = db_select('field_config_instance', 'fci')
+      ->condition('entity_type', 'comment')
+      ->condition('field_name', 'comment_body')
+      ->condition('deleted', 0)
+      ->countQuery()
+      ->execute()
+      ->fetchField();
+    $this->assertTrue($count == 0, 'Comment field instances were removed by uninstall.');
+  }
+}
--- a/modules/contact/contact.info
+++ b/modules/contact/contact.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = contact.test
 configure = admin/structure/contact

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/contextual/contextual.info
+++ b/modules/contextual/contextual.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = contextual.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/dashboard/dashboard.info
+++ b/modules/dashboard/dashboard.info
@@ -7,7 +7,7 @@ files[] = dashboard.test
 dependencies[] = block
 configure = admin/dashboard/customize

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/dblog/dblog.info
+++ b/modules/dblog/dblog.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = dblog.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/field.info
+++ b/modules/field/field.info
@@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
 required = TRUE
 stylesheets[all][] = theme/field.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/modules/field_sql_storage/field_sql_storage.info
+++ b/modules/field/modules/field_sql_storage/field_sql_storage.info
@@ -7,7 +7,7 @@ dependencies[] = field
 files[] = field_sql_storage.test
 required = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/modules/list/list.info
+++ b/modules/field/modules/list/list.info
@@ -7,7 +7,7 @@ dependencies[] = field
 dependencies[] = options
 files[] = tests/list.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/modules/list/tests/list_test.info
+++ b/modules/field/modules/list/tests/list_test.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/modules/number/number.info
+++ b/modules/field/modules/number/number.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = number.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/modules/number/number.test
+++ b/modules/field/modules/number/number.test
@@ -174,7 +174,7 @@ class NumberFieldTestCase extends DrupalWebTestCase {
      ),
      'display' => array(
        'default' => array(
-          'type' => 'number_float',
+          'type' => 'number_decimal',
        ),
      ),
    );
--- a/modules/field/modules/options/options.info
+++ b/modules/field/modules/options/options.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = options.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/modules/text/text.info
+++ b/modules/field/modules/text/text.info
@@ -7,7 +7,7 @@ dependencies[] = field
 files[] = text.test
 required = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/tests/field_test.info
+++ b/modules/field/tests/field_test.info
@@ -6,7 +6,7 @@ files[] = field_test.entity.inc
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field/tests/field_test.storage.inc
+++ b/modules/field/tests/field_test.storage.inc
@@ -455,13 +455,13 @@ function field_test_field_attach_rename_bundle($bundle_old, $bundle_new) {
 function field_test_field_attach_delete_bundle($entity_type, $bundle, $instances) {
  $data = _field_test_storage_data();

-  foreach ($instances as $field_name => $instance) {
-    $field = field_info_field($field_name);
+  foreach ($instances as $instance) {
+    $field = field_info_field_by_id($instance['field_id']);
    if ($field['storage']['type'] == 'field_test_storage') {
      $field_data = &$data[$field['id']];
      foreach (array('current', 'revisions') as $sub_table) {
        foreach ($field_data[$sub_table] as &$row) {
-          if ($row->bundle == $bundle_old) {
+          if ($row->bundle == $bundle) {
            $row->deleted = TRUE;
          }
        }
--- a/modules/field_ui/field_ui.admin.inc
+++ b/modules/field_ui/field_ui.admin.inc
@@ -1026,6 +1026,10 @@ function field_ui_display_overview_form($form, &$form_state, $entity_type, $bund

    $instance['display'][$view_mode]['type'] = $formatter_type;
    $formatter = field_info_formatter_types($formatter_type);
+    // For hidden fields, $formatter will be NULL, but we expect an array later.
+    // To maintain BC, but avoid PHP 7.4 Notices, ensure $formatter is an array
+    // with a 'module' element.
+    $formatter['module'] = isset($formatter['module']) ? $formatter['module'] : '';
    $instance['display'][$view_mode]['module'] = $formatter['module'];
    $instance['display'][$view_mode]['settings'] = $settings;

--- a/modules/field_ui/field_ui.info
+++ b/modules/field_ui/field_ui.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = field_ui.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/field_ui/field_ui.module
+++ b/modules/field_ui/field_ui.module
@@ -265,6 +265,12 @@ function field_ui_menu_title($instance) {
 * Menu access callback for the 'view mode display settings' pages.
 */
 function _field_ui_view_mode_menu_access($entity_type, $bundle, $view_mode, $access_callback) {
+  // It's good practice to call func_get_args() at the beginning of a function
+  // to avoid problems with function parameters being modified later. The
+  // behavior of func_get_args() changed in PHP7.
+  // @see https://www.php.net/manual/en/migration70.incompatible.php#migration70.incompatible.other.func-parameter-modified
+  $all_args = func_get_args();
+
  // First, determine visibility according to the 'use custom display'
  // setting for the view mode.
  $bundle = field_extract_bundle($entity_type, $bundle);
@@ -275,7 +281,6 @@ function _field_ui_view_mode_menu_access($entity_type, $bundle, $view_mode, $acc
  // part of _menu_check_access().
  if ($visibility) {
    // Grab the variable 'access arguments' part.
-    $all_args = func_get_args();
    $args = array_slice($all_args, 4);
    $callback = empty($access_callback) ? 0 : trim($access_callback);
    if (is_numeric($callback)) {
--- a/modules/file/file.info
+++ b/modules/file/file.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = tests/file.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/file/tests/file.test
+++ b/modules/file/tests/file.test
@@ -409,7 +409,7 @@ class FileManagedFileElementTestCase extends FileFieldTestCase {
          'form_token' => 'invalid token',
        );
        $this->drupalPost($path, $edit, t('Save'));
-        $this->assertText('The form has become outdated. Copy any unsaved work in the form below');
+        $this->assertText('The form has become outdated.');
        $last_fid = $this->getLastFileId();
        $this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');

--- a/modules/file/tests/file_module_test.info
+++ b/modules/file/tests/file_module_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/filter/filter.api.php
+++ b/modules/filter/filter.api.php
@@ -202,7 +202,7 @@ function callback_filter_settings($form, &$form_state, $filter, $format, $defaul
 */
 function callback_filter_prepare($text, $filter, $format, $langcode, $cache, $cache_id) {
  // Escape <code> and </code> tags.
-  $text = preg_replace('|<code>(.+?)</code>|se', "[codefilter_code]$1[/codefilter_code]", $text);
+  $text = preg_replace('|<code>(.+?)</code>|s', "[codefilter_code]$1[/codefilter_code]", $text);
  return $text;
 }

@@ -234,7 +234,7 @@ function callback_filter_prepare($text, $filter, $format, $langcode, $cache, $ca
 * @ingroup callbacks
 */
 function callback_filter_process($text, $filter, $format, $langcode, $cache, $cache_id) {
-  $text = preg_replace('|\[codefilter_code\](.+?)\[/codefilter_code\]|se', "<pre>$1</pre>", $text);
+  $text = preg_replace('|\[codefilter_code\](.+?)\[/codefilter_code\]|s', "<pre>$1</pre>", $text);

  return $text;
 }
--- a/modules/filter/filter.info
+++ b/modules/filter/filter.info
@@ -7,7 +7,7 @@ files[] = filter.test
 required = TRUE
 configure = admin/config/content/formats

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/forum/forum.info
+++ b/modules/forum/forum.info
@@ -9,7 +9,7 @@ files[] = forum.test
 configure = admin/structure/forum
 stylesheets[all][] = forum.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -922,7 +922,8 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
  );

  $order = _forum_get_topic_order($sortby);
-  for ($i = 0; $i < count($forum_topic_list_header); $i++) {
+  // Skip element with index 0 which is NULL.
+  for ($i = 1; $i < count($forum_topic_list_header); $i++) {
    if ($forum_topic_list_header[$i]['field'] == $order['field']) {
      $forum_topic_list_header[$i]['sort'] = $order['sort'];
    }
--- a/modules/help/help.info
+++ b/modules/help/help.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = help.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/image/image.info
+++ b/modules/image/image.info
@@ -7,7 +7,7 @@ dependencies[] = file
 files[] = image.test
 configure = admin/config/media/image-styles

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/image/tests/image_module_test.info
+++ b/modules/image/tests/image_module_test.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = image_module_test.module
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/locale/locale.info
+++ b/modules/locale/locale.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = locale.test
 configure = admin/config/regional/language

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/locale/tests/locale_test.info
+++ b/modules/locale/tests/locale_test.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/menu/menu.info
+++ b/modules/menu/menu.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = menu.test
 configure = admin/structure/menu

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/node/node.info
+++ b/modules/node/node.info
@@ -9,7 +9,7 @@ required = TRUE
 configure = admin/structure/types
 stylesheets[all][] = node.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -2659,7 +2659,7 @@ function node_feed($nids = FALSE, $channel = array()) {
 *   An array in the format expected by drupal_render().
 */
 function node_view_multiple($nodes, $view_mode = 'teaser', $weight = 0, $langcode = NULL) {
-  $build = array();
+  $build = array('nodes' => array());
  $entities_by_view_mode = entity_view_mode_prepare('node', $nodes, $view_mode, $langcode);
  foreach ($entities_by_view_mode as $entity_view_mode => $entities) {
    field_attach_prepare_view('node', $entities, $entity_view_mode, $langcode);
--- a/modules/node/tests/node_access_test.info
+++ b/modules/node/tests/node_access_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/node/tests/node_test.info
+++ b/modules/node/tests/node_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/node/tests/node_test_exception.info
+++ b/modules/node/tests/node_test_exception.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/openid/openid.info
+++ b/modules/openid/openid.info
@@ -5,7 +5,7 @@ package = Core
 core = 7.x
 files[] = openid.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/openid/tests/openid_test.info
+++ b/modules/openid/tests/openid_test.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = openid
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/overlay/overlay.info
+++ b/modules/overlay/overlay.info
@@ -4,7 +4,7 @@ package = Core
 version = VERSION
 core = 7.x

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/path/path.info
+++ b/modules/path/path.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = path.test
 configure = admin/config/search/path

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/php/php.info
+++ b/modules/php/php.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = php.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/poll/poll.info
+++ b/modules/poll/poll.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = poll.test
 stylesheets[all][] = poll.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/profile/profile.info
+++ b/modules/profile/profile.info
@@ -11,7 +11,7 @@ configure = admin/config/people/profile
 ; See user_system_info_alter().
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/rdf/rdf.info
+++ b/modules/rdf/rdf.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = rdf.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/rdf/tests/rdf_test.info
+++ b/modules/rdf/tests/rdf_test.info
@@ -6,7 +6,7 @@ core = 7.x
 hidden = TRUE
 dependencies[] = blog

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/search/search.extender.inc
+++ b/modules/search/search.extender.inc
@@ -219,7 +219,7 @@ class SearchQuery extends SelectQueryExtender {
      }
      $phrase = FALSE;
      // Strip off phrase quotes.
-      if ($match[2]{0} == '"') {
+      if ($match[2][0] == '"') {
        $match[2] = substr($match[2], 1, -1);
        $phrase = TRUE;
        $this->simple = FALSE;
--- a/modules/search/search.info
+++ b/modules/search/search.info
@@ -8,7 +8,7 @@ files[] = search.test
 configure = admin/config/search/settings
 stylesheets[all][] = search.css

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/search/search.module
+++ b/modules/search/search.module
@@ -1172,7 +1172,7 @@ function search_excerpt($keys, $text) {
      }
      else {
        $info = search_simplify_excerpt_match($key, $text, $included[$key], $boundary);
-        if ($info['where']) {
+        if (isset($info['where'])) {
          $p = $info['where'];
          if ($info['keyword']) {
            $foundkeys[] = $info['keyword'];
--- a/modules/search/tests/search_embedded_form.info
+++ b/modules/search/tests/search_embedded_form.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/search/tests/search_extra_type.info
+++ b/modules/search/tests/search_extra_type.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/search/tests/search_node_tags.info
+++ b/modules/search/tests/search_node_tags.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/shortcut/shortcut.info
+++ b/modules/shortcut/shortcut.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = shortcut.test
 configure = admin/config/user-interface/shortcut

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/simpletest.info
+++ b/modules/simpletest/simpletest.info
@@ -33,6 +33,7 @@ files[] = tests/pager.test
 files[] = tests/password.test
 files[] = tests/path.test
 files[] = tests/registry.test
+files[] = tests/request_sanitizer.test
 files[] = tests/schema.test
 files[] = tests/session.test
 files[] = tests/tablesort.test
@@ -57,7 +58,7 @@ files[] = tests/upgrade/update.trigger.test
 files[] = tests/upgrade/update.field.test
 files[] = tests/upgrade/update.user.test

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/actions_loop_test.info
+++ b/modules/simpletest/tests/actions_loop_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/ajax_forms_test.info
+++ b/modules/simpletest/tests/ajax_forms_test.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/ajax_test.info
+++ b/modules/simpletest/tests/ajax_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/batch_test.info
+++ b/modules/simpletest/tests/batch_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/boot_test_1.info
+++ b/modules/simpletest/tests/boot_test_1.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/boot_test_2.info
+++ b/modules/simpletest/tests/boot_test_2.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/common.test
+++ b/modules/simpletest/tests/common.test
@@ -1124,9 +1124,15 @@ class DrupalHTTPRequestTestCase extends DrupalWebTestCase {
    $this->assertEqual($unable_to_parse->code, -1001, 'Returned with "-1001" error code.');
    $this->assertEqual($unable_to_parse->error, 'unable to parse URL', 'Returned with "unable to parse URL" error message.');

-    // Fetch page.
-    $result = drupal_http_request(url('node', array('absolute' => TRUE)));
+    // Fetch page and check that the data parameter works with both array and string.
+    $data_array = array($this->randomName() => $this->randomString() . ' "\'');
+    $data_string = drupal_http_build_query($data_array);
+    $result = drupal_http_request(url('node', array('absolute' => TRUE)), array('data' => $data_array));
    $this->assertEqual($result->code, 200, 'Fetched page successfully.');
+    $this->assertTrue(substr($result->request, -strlen($data_string)) === $data_string, 'Request ends with URL-encoded data when drupal_http_request() called using array.');
+    $result = drupal_http_request(url('node', array('absolute' => TRUE)), array('data' => $data_string));
+    $this->assertTrue(substr($result->request, -strlen($data_string)) === $data_string, 'Request ends with URL-encoded data when drupal_http_request() called using string.');
+
    $this->drupalSetContent($result->data);
    $this->assertTitle(t('Welcome to @site-name | @site-name', array('@site-name' => variable_get('site_name', 'Drupal'))), 'Site title matches.');

--- a/modules/simpletest/tests/common_test.info
+++ b/modules/simpletest/tests/common_test.info
@@ -7,7 +7,7 @@ stylesheets[all][] = common_test.css
 stylesheets[print][] = common_test.print.css
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/common_test_cron_helper.info
+++ b/modules/simpletest/tests/common_test_cron_helper.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/modules/simpletest/tests/database_test.info
+++ b/modules/simpletest/tests/database_test.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE

-; Information added by Drupal.org packaging script on 2019-05-08
-version = "7.67"
+; Information added by Drupal.org packaging script on 2020-09-16
+version = "7.73"
 project = "drupal"
-datestamp = "1557336079"
+datestamp = "1600272641"
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Bachir Soussi Chiadmi	49a0944412	upadted i18n admin_theme	2020-11-09 14:47:59 +01:00
Bachir Soussi Chiadmi	d6e525465b	repatched https://www.drupal.org/project/drupal/issues/1754162#comment-9737269	2020-11-09 10:18:41 +01:00
Bachir Soussi Chiadmi	91e0ff102e	updated core to 7.73	2020-11-09 10:18:07 +01:00
Bachir Soussi Chiadmi	be549a75f6	updated webform & faq	2020-03-27 14:25:57 +01:00
Bachir Soussi Chiadmi	1e27fcca51	repatched https://www.drupal.org/project/drupal/issues/1754162#comment-9737269	2020-03-27 14:23:44 +01:00
Bachir Soussi Chiadmi	ab5d43a397	upadted core to 7.69	2020-03-27 14:22:44 +01:00