core security update
This commit is contained in:
Bachir Soussi Chiadmi
@@ -740,9 +740,11 @@ function _node_types_build($rebuild = FALSE) {
|
||||
$type_db = $type_object->type;
|
||||
// Original disabled value.
|
||||
$disabled = $type_object->disabled;
|
||||
// Check for node types either from disabled modules or otherwise not defined
|
||||
// and mark as disabled.
|
||||
if (empty($type_object->custom) && empty($_node_types->types[$type_db])) {
|
||||
// Check for node types from disabled modules and mark their types for removal.
|
||||
// Types defined by the node module in the database (rather than by a separate
|
||||
// module using hook_node_info) have a base value of 'node_content'. The isset()
|
||||
// check prevents errors on old (pre-Drupal 7) databases.
|
||||
if (isset($type_object->base) && $type_object->base != 'node_content' && empty($_node_types->types[$type_db])) {
|
||||
$type_object->disabled = TRUE;
|
||||
}
|
||||
if (isset($_node_types->types[$type_db])) {
|
||||
@@ -2951,7 +2953,10 @@ function node_search_validate($form, &$form_state) {
|
||||
* system. When adding a node listing to your module, be sure to use a dynamic
|
||||
* query created by db_select() and add a tag of "node_access". This will allow
|
||||
* modules dealing with node access to ensure only nodes to which the user has
|
||||
* access are retrieved, through the use of hook_query_TAG_alter().
|
||||
* access are retrieved, through the use of hook_query_TAG_alter(). Tagging a
|
||||
* query with "node_access" does not check the published/unpublished status of
|
||||
* nodes, so the base query is responsible for ensuring that unpublished nodes
|
||||
* are not displayed to inappropriate users.
|
||||
*
|
||||
* Note: Even a single module returning NODE_ACCESS_DENY from hook_node_access()
|
||||
* will block access to the node. Therefore, implementers should take care to
|
||||
@@ -3667,6 +3672,8 @@ function node_access_rebuild($batch_mode = FALSE) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements callback_batch_operation().
|
||||
*
|
||||
* Performs batch operation for node_access_rebuild().
|
||||
*
|
||||
* This is a multistep operation: we go through all nodes by packs of 20. The
|
||||
@@ -3681,7 +3688,7 @@ function _node_access_rebuild_batch_operation(&$context) {
|
||||
// Initiate multistep processing.
|
||||
$context['sandbox']['progress'] = 0;
|
||||
$context['sandbox']['current_node'] = 0;
|
||||
$context['sandbox']['max'] = db_query('SELECT COUNT(DISTINCT nid) FROM {node}')->fetchField();
|
||||
$context['sandbox']['max'] = db_query('SELECT COUNT(nid) FROM {node}')->fetchField();
|
||||
}
|
||||
|
||||
// Process the next 20 nodes.
|
||||
@@ -3705,6 +3712,8 @@ function _node_access_rebuild_batch_operation(&$context) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements callback_batch_finished().
|
||||
*
|
||||
* Performs post-processing for node_access_rebuild().
|
||||
*
|
||||
* @param bool $success
|
||||
|
||||
Reference in New Issue
Block a user