From 27bffaa4dc16b0515a397569cd7558acc1bdccd3 Mon Sep 17 00:00:00 2001 From: Bachir Soussi Chiadmi Date: Sat, 9 Feb 2019 16:21:41 +0100 Subject: [PATCH] updated core --- CHANGELOG.txt | 29 +- MAINTAINERS.txt | 4 +- includes/bootstrap.inc | 21 +- includes/common.inc | 14 +- includes/file.inc | 4 +- includes/file.phar.inc | 41 ++ includes/form.inc | 12 +- includes/install.inc | 2 +- includes/menu.inc | 9 +- includes/module.inc | 12 +- includes/theme.inc | 36 +- misc/tabledrag.js | 46 +- .../PharExtensionInterceptor.php | 79 +++ misc/typo3/phar-stream-wrapper/LICENSE | 21 + misc/typo3/phar-stream-wrapper/README.md | 155 ++++++ misc/typo3/phar-stream-wrapper/composer.json | 24 + .../phar-stream-wrapper/src/Assertable.php | 22 + .../phar-stream-wrapper/src/Behavior.php | 124 +++++ .../phar-stream-wrapper/src/Exception.php | 16 + misc/typo3/phar-stream-wrapper/src/Helper.php | 183 +++++++ .../Interceptor/PharExtensionInterceptor.php | 55 ++ .../typo3/phar-stream-wrapper/src/Manager.php | 85 ++++ .../src/PharStreamWrapper.php | 477 ++++++++++++++++++ modules/aggregator/aggregator.info | 6 +- modules/aggregator/tests/aggregator_test.info | 6 +- modules/block/block.info | 6 +- modules/block/tests/block_test.info | 6 +- .../block_test_theme/block_test_theme.info | 6 +- modules/blog/blog.info | 6 +- modules/book/book.info | 6 +- modules/book/book.module | 11 +- modules/color/color.info | 6 +- modules/comment/comment.info | 6 +- modules/contact/contact.info | 6 +- modules/contextual/contextual.info | 6 +- modules/dashboard/dashboard.info | 6 +- modules/dblog/dblog.info | 6 +- modules/field/field.info | 6 +- .../field_sql_storage/field_sql_storage.info | 6 +- modules/field/modules/list/list.info | 6 +- modules/field/modules/list/list.install | 9 +- .../field/modules/list/tests/list_test.info | 6 +- modules/field/modules/number/number.info | 6 +- modules/field/modules/options/options.info | 6 +- modules/field/modules/text/text.info | 6 +- modules/field/tests/field_test.info | 6 +- modules/field_ui/field_ui.info | 6 +- modules/file/file.info | 6 +- modules/file/tests/file_module_test.info | 6 +- modules/filter/filter.info | 6 +- modules/forum/forum.info | 6 +- modules/help/help.info | 6 +- modules/image/image.admin.inc | 3 +- modules/image/image.info | 6 +- modules/image/tests/image_module_test.info | 6 +- modules/locale/locale.info | 6 +- modules/locale/locale.test | 6 +- modules/locale/tests/locale_test.info | 6 +- modules/menu/menu.info | 6 +- modules/node/node.info | 6 +- modules/node/tests/node_access_test.info | 6 +- modules/node/tests/node_test.info | 6 +- modules/node/tests/node_test_exception.info | 6 +- modules/openid/openid.info | 6 +- modules/openid/tests/openid_test.info | 6 +- modules/overlay/overlay.info | 6 +- modules/path/path.info | 6 +- modules/php/php.info | 6 +- modules/poll/poll.info | 6 +- modules/profile/profile.info | 6 +- modules/rdf/rdf.info | 6 +- modules/rdf/tests/rdf_test.info | 6 +- modules/search/search.info | 6 +- .../search/tests/search_embedded_form.info | 6 +- modules/search/tests/search_extra_type.info | 6 +- modules/search/tests/search_node_tags.info | 6 +- modules/shortcut/shortcut.info | 6 +- modules/simpletest/files/phar-1.phar | Bin 0 -> 6909 bytes modules/simpletest/simpletest.info | 6 +- .../simpletest/tests/actions_loop_test.info | 6 +- modules/simpletest/tests/ajax_forms_test.info | 6 +- modules/simpletest/tests/ajax_test.info | 6 +- modules/simpletest/tests/batch_test.info | 6 +- modules/simpletest/tests/boot_test_1.info | 6 +- modules/simpletest/tests/boot_test_2.info | 6 +- modules/simpletest/tests/common_test.info | 6 +- .../tests/common_test_cron_helper.info | 6 +- modules/simpletest/tests/database_test.info | 6 +- .../drupal_autoload_test.info | 6 +- ...drupal_system_listing_compatible_test.info | 6 +- ...upal_system_listing_incompatible_test.info | 6 +- .../simpletest/tests/entity_cache_test.info | 6 +- .../tests/entity_cache_test_dependency.info | 6 +- .../tests/entity_crud_hook_test.info | 6 +- .../tests/entity_query_access_test.info | 6 +- modules/simpletest/tests/error_test.info | 6 +- modules/simpletest/tests/file.test | 60 +++ modules/simpletest/tests/file_test.info | 6 +- modules/simpletest/tests/filter_test.info | 6 +- modules/simpletest/tests/form.test | 53 ++ modules/simpletest/tests/form_test.info | 6 +- modules/simpletest/tests/form_test.module | 18 + modules/simpletest/tests/image.test | 8 +- modules/simpletest/tests/image_test.info | 6 +- modules/simpletest/tests/menu_test.info | 6 +- modules/simpletest/tests/module_test.info | 6 +- modules/simpletest/tests/path_test.info | 6 +- .../tests/psr_0_test/psr_0_test.info | 6 +- .../tests/psr_4_test/psr_4_test.info | 6 +- .../simpletest/tests/requirements1_test.info | 6 +- .../simpletest/tests/requirements2_test.info | 6 +- modules/simpletest/tests/session_test.info | 6 +- .../tests/system_dependencies_test.info | 6 +- ...atible_core_version_dependencies_test.info | 6 +- ...system_incompatible_core_version_test.info | 6 +- ...ible_module_version_dependencies_test.info | 6 +- ...stem_incompatible_module_version_test.info | 6 +- .../tests/system_project_namespace_test.info | 6 +- modules/simpletest/tests/system_test.info | 6 +- modules/simpletest/tests/taxonomy_test.info | 6 +- modules/simpletest/tests/theme_test.info | 6 +- .../themes/test_basetheme/test_basetheme.info | 6 +- .../themes/test_subtheme/test_subtheme.info | 6 +- .../tests/themes/test_theme/test_theme.info | 6 +- .../themes/test_theme/theme-settings.php | 32 ++ .../test_theme_nyan_cat.info | 6 +- .../simpletest/tests/update_script_test.info | 6 +- modules/simpletest/tests/update_test_1.info | 6 +- modules/simpletest/tests/update_test_2.info | 6 +- modules/simpletest/tests/update_test_3.info | 6 +- modules/simpletest/tests/url_alter_test.info | 6 +- modules/simpletest/tests/xmlrpc_test.info | 6 +- modules/statistics/statistics.info | 6 +- modules/syslog/syslog.info | 6 +- modules/system/system.admin.inc | 23 +- modules/system/system.api.php | 4 +- modules/system/system.info | 6 +- modules/system/system.tar.inc | 196 ++++--- modules/system/system.test | 24 + modules/system/tests/cron_queue_test.info | 6 +- modules/system/tests/system_cron_test.info | 6 +- modules/taxonomy/taxonomy.info | 6 +- modules/taxonomy/taxonomy.module | 8 +- modules/toolbar/toolbar.info | 6 +- modules/tracker/tracker.info | 6 +- .../translation/tests/translation_test.info | 6 +- modules/translation/translation.info | 6 +- modules/trigger/tests/trigger_test.info | 6 +- modules/trigger/trigger.info | 6 +- modules/update/tests/aaa_update_test.info | 6 +- modules/update/tests/bbb_update_test.info | 6 +- modules/update/tests/ccc_update_test.info | 6 +- .../update_test_admintheme.info | 6 +- .../update_test_basetheme.info | 6 +- .../update_test_subtheme.info | 6 +- modules/update/tests/update_test.info | 6 +- modules/update/update.info | 6 +- modules/user/tests/user_form_test.info | 6 +- modules/user/user.info | 6 +- modules/user/user.module | 4 +- modules/user/user.test | 7 + profiles/minimal/minimal.info | 6 +- profiles/standard/standard.info | 6 +- ...drupal_system_listing_compatible_test.info | 6 +- ...upal_system_listing_incompatible_test.info | 6 +- profiles/testing/testing.info | 6 +- themes/bartik/bartik.info | 6 +- themes/garland/garland.info | 6 +- themes/seven/seven.info | 6 +- themes/stark/stark.info | 6 +- 170 files changed, 2180 insertions(+), 537 deletions(-) create mode 100644 includes/file.phar.inc create mode 100644 misc/typo3/drupal-security/PharExtensionInterceptor.php create mode 100644 misc/typo3/phar-stream-wrapper/LICENSE create mode 100644 misc/typo3/phar-stream-wrapper/README.md create mode 100644 misc/typo3/phar-stream-wrapper/composer.json create mode 100644 misc/typo3/phar-stream-wrapper/src/Assertable.php create mode 100644 misc/typo3/phar-stream-wrapper/src/Behavior.php create mode 100644 misc/typo3/phar-stream-wrapper/src/Exception.php create mode 100644 misc/typo3/phar-stream-wrapper/src/Helper.php create mode 100644 misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php create mode 100644 misc/typo3/phar-stream-wrapper/src/Manager.php create mode 100644 misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php create mode 100644 modules/simpletest/files/phar-1.phar create mode 100644 modules/simpletest/tests/themes/test_theme/theme-settings.php diff --git a/CHANGELOG.txt b/CHANGELOG.txt index fa4f209..4adf5a4 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,30 @@ +Drupal 7.63, 2019-01-16 +----------------------- +- Fixed a fatal error for some Drush users introduced by SA-CORE-2019-002. + +Drupal 7.62, 2019-01-15 +----------------------- +- Fixed security issues: + - SA-CORE-2019-001 + - SA-CORE-2019-002 + +Drupal 7.61, 2018-11-07 +----------------------- +- File upload validation functions and hook_file_validate() implementations are + now always passed the correct file URI. +- The default form cache expiration of 6 hours is now configurable (API + addition: https://www.drupal.org/node/2857751). +- Allowed callers of drupal_http_request() to optionally specify an explicit + Host header. +- Allowed the + character to appear in usernames. +- PHP 7.2: Fixed Archive_Tar incompatibility. +- PHP 7.2: Removed deprecated function each(). +- PHP 7.2: Avoid count() calls on uncountable variables. +- PHP 7.2: Removed deprecated create_function() call. +- PHP 7.2: Make sure variables are arrays in theme_links(). +- Fixed theme-settings.php not being loaded on cached forms +- Fixed problem with IE11 & Chrome(PointerEvents enabled) & some Firefox scroll to the top of the page after dragging the bottom item with jquery 1.5 <-> 1.11 + Drupal 7.60, 2018-10-18 ------------------------ - Fixed security issues. See SA-CORE-2018-006. @@ -8,7 +35,7 @@ Drupal 7.59, 2018-04-25 Drupal 7.58, 2018-03-28 ----------------------- -- Fixed security issues (multiple vulnerabilities). See SA-CORE-2018-002. +- Fixed security issues (remote code execution). See SA-CORE-2018-002. Drupal 7.57, 2018-02-21 ----------------------- diff --git a/MAINTAINERS.txt b/MAINTAINERS.txt index 5603a43..460658c 100644 --- a/MAINTAINERS.txt +++ b/MAINTAINERS.txt @@ -15,6 +15,7 @@ The branch maintainers for Drupal 7 are: - Fabian Franz 'Fabianx' https://www.drupal.org/u/fabianx - David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein - Stefan Ruijsenaars 'stefan.r' https://www.drupal.org/u/stefanr-0 +- (provisional) Pol Dellaiera 'Pol' https://www.drupal.org/u/pol Component maintainers @@ -44,10 +45,9 @@ Cron system - Derek Wright 'dww' https://www.drupal.org/u/dww Database system -- Larry Garfield 'Crell' https://www.drupal.org/u/crell +- ? - MySQL driver - - Larry Garfield 'Crell' https://www.drupal.org/u/crell - David Strauss 'David Strauss' https://www.drupal.org/u/david-strauss - PostgreSQL driver diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 2d8b820..6891f12 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.60'); +define('VERSION', '7.63'); /** * Core API compatibility. @@ -704,6 +704,19 @@ function drupal_environment_initialize() { // Set sane locale settings, to ensure consistent string, dates, times and // numbers handling. setlocale(LC_ALL, 'C'); + + // PHP's built-in phar:// stream wrapper is not sufficiently secure. Override + // it with a more secure one, which requires PHP 5.3.3. For lower versions, + // unregister the built-in one without replacing it. Sites needing phar + // support for lower PHP versions must implement hook_stream_wrappers() to + // register their desired implementation. + if (in_array('phar', stream_get_wrappers(), TRUE)) { + stream_wrapper_unregister('phar'); + if (version_compare(PHP_VERSION, '5.3.3', '>=')) { + include_once DRUPAL_ROOT . '/includes/file.phar.inc'; + file_register_phar_wrapper(); + } + } } /** @@ -3785,8 +3798,12 @@ function _drupal_shutdown_function() { chdir(DRUPAL_ROOT); try { - while (list($key, $callback) = each($callbacks)) { + // Manually iterate over the array instead of using a foreach loop. + // A foreach operates on a copy of the array, so any shutdown functions that + // were added from other shutdown functions would never be called. + while ($callback = current($callbacks)) { call_user_func_array($callback['callback'], $callback['arguments']); + next($callbacks); } } catch (Exception $exception) { diff --git a/includes/common.inc b/includes/common.inc index a79a2f4..c5b4ff2 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -867,8 +867,10 @@ function drupal_http_request($url, array $options = array()) { // Make the socket connection to a proxy server. $socket = 'tcp://' . $proxy_server . ':' . variable_get('proxy_port', 8080); // The Host header still needs to match the real request. - $options['headers']['Host'] = $uri['host']; - $options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : ''; + if (!isset($options['headers']['Host'])) { + $options['headers']['Host'] = $uri['host']; + $options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : ''; + } break; case 'http': @@ -878,14 +880,18 @@ function drupal_http_request($url, array $options = array()) { // RFC 2616: "non-standard ports MUST, default ports MAY be included". // We don't add the standard port to prevent from breaking rewrite rules // checking the host that do not take into account the port number. - $options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : ''); + if (!isset($options['headers']['Host'])) { + $options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : ''); + } break; case 'https': // Note: Only works when PHP is compiled with OpenSSL support. $port = isset($uri['port']) ? $uri['port'] : 443; $socket = 'ssl://' . $uri['host'] . ':' . $port; - $options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : ''); + if (!isset($options['headers']['Host'])) { + $options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : ''); + } break; default: diff --git a/includes/file.inc b/includes/file.inc index fa7f5eb..50a3b76 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -1534,9 +1534,9 @@ function file_save_upload($form_field_name, $validators = array(), $destination // rename filename.php.foo and filename.php to filename.php.foo.txt and // filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads' // evaluates to TRUE. - if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { + if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { $file->filemime = 'text/plain'; - $file->uri .= '.txt'; + // The destination filename will also later be used to create the URI. $file->filename .= '.txt'; // The .txt extension may not be in the allowed list of extensions. We have // to add it here or else the file upload will fail. diff --git a/includes/file.phar.inc b/includes/file.phar.inc new file mode 100644 index 0000000..3d7ba01 --- /dev/null +++ b/includes/file.phar.inc @@ -0,0 +1,41 @@ +withAssertion(new PharExtensionInterceptor()) + ); + } + catch (\LogicException $e) { + // Continue if the PharStreamWrapperManager is already initialized. + // For example, this occurs following a drupal_static_reset(), such + // as during tests. + }; + + // To prevent file_stream_wrapper_valid_scheme() treating "phar" as a valid + // scheme, this is registered with PHP only, not with hook_stream_wrappers() + // or the internal storage of file_get_stream_wrappers(). + stream_wrapper_register('phar', '\\TYPO3\\PharStreamWrapper\\PharStreamWrapper'); +} diff --git a/includes/form.inc b/includes/form.inc index e749239..6c33de7 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -555,8 +555,10 @@ function form_get_cache($form_build_id, &$form_state) { * Stores a form in the cache. */ function form_set_cache($form_build_id, $form, $form_state) { - // 6 hours cache life time for forms should be plenty. - $expire = 21600; + // The default cache_form expiration is 6 hours. On busy sites, the cache_form + // table can become very large. A shorter cache lifetime can help to keep the + // table's size under control. + $expire = variable_get('form_cache_expiration', 21600); // Ensure that the form build_id embedded in the form structure is the same as // the one passed in as a parameter. This is an additional safety measure to @@ -1438,10 +1440,12 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) { // length if it's a string, and the item count if it's an array. // An unchecked checkbox has a #value of integer 0, different than string // '0', which could be a valid value. - $is_empty_multiple = (!count($elements['#value'])); + $is_countable = is_array($elements['#value']) || $elements['#value'] instanceof Countable; + $is_empty_multiple = $is_countable && count($elements['#value']) == 0; $is_empty_string = (is_string($elements['#value']) && drupal_strlen(trim($elements['#value'])) == 0); $is_empty_value = ($elements['#value'] === 0); - if ($is_empty_multiple || $is_empty_string || $is_empty_value) { + $is_empty_null = is_null($elements['#value']); + if ($is_empty_multiple || $is_empty_string || $is_empty_value || $is_empty_null) { // Although discouraged, a #title is not mandatory for form elements. In // case there is no #title, we cannot set a form error message. // Instead of setting no #title, form constructors are encouraged to set diff --git a/includes/install.inc b/includes/install.inc index 5e1d3c6..b7db783 100644 --- a/includes/install.inc +++ b/includes/install.inc @@ -779,7 +779,7 @@ function drupal_uninstall_modules($module_list = array(), $uninstall_dependents $module_list = array_flip(array_values($module_list)); $profile = drupal_get_profile(); - while (list($module) = each($module_list)) { + foreach (array_keys($module_list) as $module) { if (!isset($module_data[$module]) || drupal_get_installed_schema_version($module) == SCHEMA_UNINSTALLED) { // This module doesn't exist or is already uninstalled. Skip it. unset($module_list[$module]); diff --git a/includes/menu.inc b/includes/menu.inc index 4664d27..ca37ba5 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -576,7 +576,8 @@ function _menu_load_objects(&$item, &$map) { // 'load arguments' in the hook_menu() entry, but they need // some processing. In this case the $function is the key to the // load_function array, and the value is the list of arguments. - list($function, $args) = each($function); + $args = current($function); + $function = key($function); $load_functions[$index] = $function; // Some arguments are placeholders for dynamic items to process. @@ -2402,7 +2403,8 @@ function menu_set_active_trail($new_trail = NULL) { // a stripped down menu tree containing the active trail only, in case // the given menu has not been built in this request yet. $tree = menu_tree_page_data($preferred_link['menu_name'], NULL, TRUE); - list($key, $curr) = each($tree); + $curr = current($tree); + next($tree); } // There is no link for the current path. else { @@ -2432,7 +2434,8 @@ function menu_set_active_trail($new_trail = NULL) { } $tree = $curr['below'] ? $curr['below'] : array(); } - list($key, $curr) = each($tree); + $curr = current($tree); + next($tree); } // Make sure the current page is in the trail to build the page title, by // appending either the preferred link or the menu router item for the diff --git a/includes/module.inc b/includes/module.inc index 2e25108..4c2b3fb 100644 --- a/includes/module.inc +++ b/includes/module.inc @@ -404,7 +404,11 @@ function module_enable($module_list, $enable_dependencies = TRUE) { // Create an associative array with weights as values. $module_list = array_flip(array_values($module_list)); - while (list($module) = each($module_list)) { + // The array is iterated over manually (instead of using a foreach) because + // modules may be added to the list within the loop and we need to process + // them. + while ($module = key($module_list)) { + next($module_list); if (!isset($module_data[$module])) { // This module is not found in the filesystem, abort. return FALSE; @@ -540,7 +544,11 @@ function module_disable($module_list, $disable_dependents = TRUE) { $module_list = array_flip(array_values($module_list)); $profile = drupal_get_profile(); - while (list($module) = each($module_list)) { + // The array is iterated over manually (instead of using a foreach) because + // modules may be added to the list within the loop and we need to process + // them. + while ($module = key($module_list)) { + next($module_list); if (!isset($module_data[$module]) || !$module_data[$module]->status) { // This module doesn't exist or is already disabled, skip it. unset($module_list[$module]); diff --git a/includes/theme.inc b/includes/theme.inc index 9b606e9..a926b76 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -1776,13 +1776,13 @@ function theme_link($variables) { * http://www.w3.org/TR/WCAG-TECHS/H42.html for more information. */ function theme_links($variables) { - $links = $variables['links']; - $attributes = $variables['attributes']; + $links = (array) $variables['links']; + $attributes = (array) $variables['attributes']; $heading = $variables['heading']; global $language_url; $output = ''; - if (count($links) > 0) { + if (!empty($links)) { // Treat the heading first if it is present to prepend it to the // list of links. if (!empty($heading)) { @@ -1995,7 +1995,7 @@ function theme_table($variables) { $empty = $variables['empty']; // Add sticky headers, if applicable. - if (count($header) && $sticky) { + if (!empty($header) && $sticky) { drupal_add_js('misc/tableheader.js'); // Add 'sticky-enabled' class to the table to identify it for JS. // This is needed to target tables constructed by this function. @@ -2009,7 +2009,7 @@ function theme_table($variables) { } // Format the table columns: - if (count($colgroups)) { + if (!empty($colgroups)) { foreach ($colgroups as $number => $colgroup) { $attributes = array(); @@ -2044,38 +2044,40 @@ function theme_table($variables) { } // Add the 'empty' row message if available. - if (!count($rows) && $empty) { + if (empty($rows) && $empty) { $header_count = 0; - foreach ($header as $header_cell) { - if (is_array($header_cell)) { - $header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1; - } - else { - $header_count++; + if (!empty($header)) { + foreach ($header as $header_cell) { + if (is_array($header_cell)) { + $header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1; + } + else { + $header_count++; + } } } $rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message'))); } // Format the table header: - if (count($header)) { + if (!empty($header)) { $ts = tablesort_init($header); // HTML requires that the thead tag has tr tags in it followed by tbody // tags. Using ternary operator to check and see if we have any rows. - $output .= (count($rows) ? ' ' : ' '); + $output .= (!empty($rows) ? ' ' : ' '); foreach ($header as $cell) { $cell = tablesort_header($cell, $header, $ts); $output .= _theme_table_cell($cell, TRUE); } // Using ternary operator to close the tags based on whether or not there are rows - $output .= (count($rows) ? " \n" : "\n"); + $output .= (!empty($rows) ? " \n" : "\n"); } else { $ts = array(); } // Format the table rows: - if (count($rows)) { + if (!empty($rows)) { $output .= "\n"; $flip = array('even' => 'odd', 'odd' => 'even'); $class = 'even'; @@ -2095,7 +2097,7 @@ function theme_table($variables) { $attributes = array(); $no_striping = FALSE; } - if (count($cells)) { + if (!empty($cells)) { // Add odd/even class if (!$no_striping) { $class = $flip[$class]; diff --git a/misc/tabledrag.js b/misc/tabledrag.js index 7ea88b6..836568f 100644 --- a/misc/tabledrag.js +++ b/misc/tabledrag.js @@ -580,21 +580,43 @@ Drupal.tableDrag.prototype.dropRow = function (event, self) { * Get the mouse coordinates from the event (allowing for browser differences). */ Drupal.tableDrag.prototype.mouseCoords = function (event) { - // Complete support for pointer events was only introduced to jQuery in - // version 1.11.1; between versions 1.7 and 1.11.0 pointer events have the - // clientX and clientY properties undefined. In those cases, the properties - // must be retrieved from the event.originalEvent object instead. - var clientX = event.clientX || event.originalEvent.clientX; - var clientY = event.clientY || event.originalEvent.clientY; - if (event.pageX || event.pageY) { - return { x: event.pageX, y: event.pageY }; + // Match both null and undefined, but not zero, by using != null. + // See https://stackoverflow.com/questions/2647867/how-to-determine-if-variable-is-undefined-or-null + if (event.pageX != null && event.pageY != null) { + return {x: event.pageX, y: event.pageY}; } - return { - x: clientX + document.body.scrollLeft - document.body.clientLeft, - y: clientY + document.body.scrollTop - document.body.clientTop - }; + // Complete support for pointer events was only introduced to jQuery in + // version 1.11.1; between versions 1.7 and 1.11.0 pointer events have the + // pageX and pageY properties undefined. In those cases, the properties must + // be retrieved from the event.originalEvent object instead. + if (event.originalEvent && event.originalEvent.pageX != null && event.originalEvent.pageY != null) { + return {x: event.originalEvent.pageX, y: event.originalEvent.pageY}; + } + + // Some old browsers do not support MouseEvent.pageX and *.pageY at all. + // See https://developer.mozilla.org/en-US/docs/Web/API/MouseEvent/pageY + // For those, we look at event.clientX and event.clientY instead. + if (event.clientX == null || event.clientY == null) { + // In some jQuery versions, some events created by jQuery do not have + // clientX and clientY. But the original event might have. + if (!event.originalEvent) { + throw new Error("The event has no coordinates, and no event.originalEvent."); + } + event = event.originalEvent; + if (event.clientX == null || event.clientY == null) { + throw new Error("The original event has no coordinates."); + } + } + + // Copied from jQuery.event.fix() in jQuery 1.4.1. + // In newer jQuery versions, this code is in jQuery.event.mouseHooks.filter(). + var doc = document.documentElement, body = document.body; + var pageX = event.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && body.clientLeft || 0 ); + var pageY = event.clientY + ( doc && doc.scrollTop || body && body.scrollTop || 0 ) - ( doc && doc.clientTop || body && body.clientTop || 0 ); + + return {x: pageX, y: pageY}; }; /** diff --git a/misc/typo3/drupal-security/PharExtensionInterceptor.php b/misc/typo3/drupal-security/PharExtensionInterceptor.php new file mode 100644 index 0000000..2e1a0cb --- /dev/null +++ b/misc/typo3/drupal-security/PharExtensionInterceptor.php @@ -0,0 +1,79 @@ +baseFileContainsPharExtension($path)) { + return TRUE; + } + throw new Exception( + sprintf( + 'Unexpected file extension in "%s"', + $path + ), + 1535198703 + ); + } + + /** + * Determines if a path has a .phar extension or invoked execution. + * + * @param string $path + * The path of the phar file to check. + * + * @return bool + * TRUE if the file has a .phar extension or if the execution has been + * invoked by the phar file. + */ + private function baseFileContainsPharExtension($path) { + $baseFile = Helper::determineBaseFile($path); + if ($baseFile === NULL) { + return FALSE; + } + // If the stream wrapper is registered by invoking a phar file that does + // not not have .phar extension then this should be allowed. For + // example, some CLI tools recommend removing the extension. + $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); + // Find the last entry in the backtrace containing a 'file' key as + // sometimes the last caller is executed outside the scope of a file. For + // example, this occurs with shutdown functions. + do { + $caller = array_pop($backtrace); + } while (empty($caller['file']) && !empty($backtrace)); + if (isset($caller['file']) && $baseFile === Helper::determineBaseFile($caller['file'])) { + return TRUE; + } + $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); + return strtolower($fileExtension) === 'phar'; + } + +} diff --git a/misc/typo3/phar-stream-wrapper/LICENSE b/misc/typo3/phar-stream-wrapper/LICENSE new file mode 100644 index 0000000..d71267a --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 TYPO3 project - https://typo3.org/ + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/misc/typo3/phar-stream-wrapper/README.md b/misc/typo3/phar-stream-wrapper/README.md new file mode 100644 index 0000000..b632784 --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/README.md @@ -0,0 +1,155 @@ +[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/badges/quality-score.png?b=v2)](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/?branch=v2) +[![Travis CI Build Status](https://travis-ci.org/TYPO3/phar-stream-wrapper.svg?branch=v2)](https://travis-ci.org/TYPO3/phar-stream-wrapper) + +# PHP Phar Stream Wrapper + +## Abstract & History + +Based on Sam Thomas' findings concerning +[insecure deserialization in combination with obfuscation strategies](https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are) +allowing to hide Phar files inside valid image resources, the TYPO3 project +decided back then to introduce a `PharStreamWrapper` to intercept invocations +of the `phar://` stream in PHP and only allow usage for defined locations in +the file system. + +Since the TYPO3 mission statement is **inspiring people to share**, we thought +it would be helpful for others to release our `PharStreamWrapper` as standalone +package to the PHP community. + +The mentioned security issue was reported to TYPO3 on 10th June 2018 by Sam Thomas +and has been addressed concerning the specific attack vector and for this generic +`PharStreamWrapper` in TYPO3 versions 7.6.30 LTS, 8.7.17 LTS and 9.3.1 on 12th +July 2018. + +* https://typo3.org/security/advisory/typo3-core-sa-2018-002/ +* https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are +* https://youtu.be/GePBmsNJw6Y + +## License + +In general the TYPO3 core is released under the GNU General Public License version +2 or any later version (`GPL-2.0-or-later`). In order to avoid licensing issues and +incompatibilities this `PharStreamWrapper` is licenced under the MIT License. In case +you duplicate or modify source code, credits are not required but really appreciated. + +## Credits + +Thanks to [Alex Pott](https://github.com/alexpott), Drupal for creating +back-ports of all sources in order to provide compatibility with PHP v5.3. + +## Installation + +The `PharStreamWrapper` is provided as composer package `typo3/phar-stream-wrapper` +and has minimum requirements of PHP v5.3 ([`v2`](https://github.com/TYPO3/phar-stream-wrapper/tree/v2) branch) and PHP v7.0 ([`master`](https://github.com/TYPO3/phar-stream-wrapper) branch). + +### Installation for PHP v7.0 + +``` +composer require typo3/phar-stream-wrapper ^3.0 +``` + +### Installation for PHP v5.3 + +``` +composer require typo3/phar-stream-wrapper ^2.0 +``` + +## Example + +The following example is bundled within this package, the shown +`PharExtensionInterceptor` denies all stream wrapper invocations files +not having the `.phar` suffix. Interceptor logic has to be individual and +adjusted to according requirements. + +``` +$behavior = new \TYPO3\PharStreamWrapper\Behavior(); +Manager::initialize( + $behavior->withAssertion(new PharExtensionInterceptor()) +); + +if (in_array('phar', stream_get_wrappers())) { + stream_wrapper_unregister('phar'); + stream_wrapper_register('phar', 'TYPO3\\PharStreamWrapper\\PharStreamWrapper'); +} +``` + +* `PharStreamWrapper` defined as class reference will be instantiated each time + `phar://` streams shall be processed. +* `Manager` as singleton pattern being called by `PharStreamWrapper` instances + in order to retrieve individual behavior and settings. +* `Behavior` holds reference to interceptor(s) that shall assert correct/allowed + invocation of a given `$path` for a given `$command`. Interceptors implement + the interface `Assertable`. Interceptors can act individually on following + commands or handle all of them in case not defined specifically: + + `COMMAND_DIR_OPENDIR` + + `COMMAND_MKDIR` + + `COMMAND_RENAME` + + `COMMAND_RMDIR` + + `COMMAND_STEAM_METADATA` + + `COMMAND_STREAM_OPEN` + + `COMMAND_UNLINK` + + `COMMAND_URL_STAT` + +## Interceptor + +The following interceptor is shipped with the package and ready to use in order +to block any Phar invocation of files not having a `.phar` suffix. Besides that +individual interceptors are possible of course. + +``` +class PharExtensionInterceptor implements Assertable +{ + /** + * Determines whether the base file name has a ".phar" suffix. + * + * @param string $path + * @param string $command + * @return bool + * @throws Exception + */ + public function assert($path, $command) + { + if ($this->baseFileContainsPharExtension($path)) { + return true; + } + throw new Exception( + sprintf( + 'Unexpected file extension in "%s"', + $path + ), + 1535198703 + ); + } + + /** + * @param string $path + * @return bool + */ + private function baseFileContainsPharExtension($path) + { + $baseFile = Helper::determineBaseFile($path); + if ($baseFile === null) { + return false; + } + $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); + return strtolower($fileExtension) === 'phar'; + } +} +``` + +## Helper + +* `Helper::determineBaseFile(string $path)`: Determines base file that can be + accessed using the regular file system. For instance the following path + `phar:///home/user/bundle.phar/content.txt` would be resolved to + `/home/user/bundle.phar`. +* `Helper::resetOpCache()`: Resets PHP's OPcache if enabled as work-around for + issues in `include()` or `require()` calls and OPcache delivering wrong + results. More details can be found in PHP's bug tracker, for instance like + https://bugs.php.net/bug.php?id=66569 + +## Security Contact + +In case of finding additional security issues in the TYPO3 project or in this +`PharStreamWrapper` package in particular, please get in touch with the +[TYPO3 Security Team](mailto:security@typo3.org). diff --git a/misc/typo3/phar-stream-wrapper/composer.json b/misc/typo3/phar-stream-wrapper/composer.json new file mode 100644 index 0000000..d308f8c --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/composer.json @@ -0,0 +1,24 @@ +{ + "name": "typo3/phar-stream-wrapper", + "description": "Interceptors for PHP's native phar:// stream handling", + "type": "library", + "license": "MIT", + "homepage": "https://typo3.org/", + "keywords": ["php", "phar", "stream-wrapper", "security"], + "require": { + "php": "^5.3.3|^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.8.36" + }, + "autoload": { + "psr-4": { + "TYPO3\\PharStreamWrapper\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "TYPO3\\PharStreamWrapper\\Tests\\": "tests/" + } + } +} diff --git a/misc/typo3/phar-stream-wrapper/src/Assertable.php b/misc/typo3/phar-stream-wrapper/src/Assertable.php new file mode 100644 index 0000000..a21b1da --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/src/Assertable.php @@ -0,0 +1,22 @@ +assertCommands($commands); + $commands = $commands ?: $this->availableCommands; + + $target = clone $this; + foreach ($commands as $command) { + $target->assertions[$command] = $assertable; + } + return $target; + } + + /** + * @param string $path + * @param string $command + * @return bool + */ + public function assert($path, $command) + { + $this->assertCommand($command); + $this->assertAssertionCompleteness(); + + return $this->assertions[$command]->assert($path, $command); + } + + /** + * @param array $commands + */ + private function assertCommands(array $commands) + { + $unknownCommands = array_diff($commands, $this->availableCommands); + if (empty($unknownCommands)) { + return; + } + throw new \LogicException( + sprintf( + 'Unknown commands: %s', + implode(', ', $unknownCommands) + ), + 1535189881 + ); + } + + private function assertCommand($command) + { + if (in_array($command, $this->availableCommands, true)) { + return; + } + throw new \LogicException( + sprintf( + 'Unknown command "%s"', + $command + ), + 1535189882 + ); + } + + private function assertAssertionCompleteness() + { + $undefinedAssertions = array_diff( + $this->availableCommands, + array_keys($this->assertions) + ); + if (empty($undefinedAssertions)) { + return; + } + throw new \LogicException( + sprintf( + 'Missing assertions for commands: %s', + implode(', ', $undefinedAssertions) + ), + 1535189883 + ); + } +} diff --git a/misc/typo3/phar-stream-wrapper/src/Exception.php b/misc/typo3/phar-stream-wrapper/src/Exception.php new file mode 100644 index 0000000..690121a --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/src/Exception.php @@ -0,0 +1,16 @@ += 1) { + // Rremove this and previous element + array_splice($pathParts, $partCount - 1, 2); + $partCount -= 2; + $pathPartsLength -= 2; + } elseif ($absolutePathPrefix) { + // can't go higher than root dir + // simply remove this part and continue + array_splice($pathParts, $partCount, 1); + $partCount--; + $pathPartsLength--; + } + } + } + + return $absolutePathPrefix . implode('/', $pathParts); + } + + /** + * Checks if the $path is absolute or relative (detecting either '/' or + * 'x:/' as first part of string) and returns TRUE if so. + * + * @param string $path File path to evaluate + * @return bool + */ + private static function isAbsolutePath($path) + { + // Path starting with a / is always absolute, on every system + // On Windows also a path starting with a drive letter is absolute: X:/ + return (isset($path[0]) ? $path[0] : null) === '/' + || static::isWindows() && ( + strpos($path, ':/') === 1 + || strpos($path, ':\\') === 1 + ); + } + + /** + * @return bool + */ + private static function isWindows() + { + return stripos(PHP_OS, 'WIN') === 0; + } +} \ No newline at end of file diff --git a/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php b/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php new file mode 100644 index 0000000..db500af --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php @@ -0,0 +1,55 @@ +baseFileContainsPharExtension($path)) { + return true; + } + throw new Exception( + sprintf( + 'Unexpected file extension in "%s"', + $path + ), + 1535198703 + ); + } + + /** + * @param string $path + * @return bool + */ + private function baseFileContainsPharExtension($path) + { + $baseFile = Helper::determineBaseFile($path); + if ($baseFile === null) { + return false; + } + $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); + return strtolower($fileExtension) === 'phar'; + } +} diff --git a/misc/typo3/phar-stream-wrapper/src/Manager.php b/misc/typo3/phar-stream-wrapper/src/Manager.php new file mode 100644 index 0000000..1eb9735 --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/src/Manager.php @@ -0,0 +1,85 @@ +behavior = $behaviour; + } + + /** + * @param string $path + * @param string $command + * @return bool + */ + public function assert($path, $command) + { + return $this->behavior->assert($path, $command); + } +} diff --git a/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php b/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php new file mode 100644 index 0000000..5a924e4 --- /dev/null +++ b/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php @@ -0,0 +1,477 @@ +internalResource)) { + return false; + } + + $this->invokeInternalStreamWrapper( + 'closedir', + $this->internalResource + ); + return !is_resource($this->internalResource); + } + + /** + * @param string $path + * @param int $options + * @return bool + */ + public function dir_opendir($path, $options) + { + $this->assert($path, Behavior::COMMAND_DIR_OPENDIR); + $this->internalResource = $this->invokeInternalStreamWrapper( + 'opendir', + $path, + $this->context + ); + return is_resource($this->internalResource); + } + + /** + * @return string|false + */ + public function dir_readdir() + { + return $this->invokeInternalStreamWrapper( + 'readdir', + $this->internalResource + ); + } + + /** + * @return bool + */ + public function dir_rewinddir() + { + if (!is_resource($this->internalResource)) { + return false; + } + + $this->invokeInternalStreamWrapper( + 'rewinddir', + $this->internalResource + ); + return is_resource($this->internalResource); + } + + /** + * @param string $path + * @param int $mode + * @param int $options + * @return bool + */ + public function mkdir($path, $mode, $options) + { + $this->assert($path, Behavior::COMMAND_MKDIR); + return $this->invokeInternalStreamWrapper( + 'mkdir', + $path, + $mode, + (bool) ($options & STREAM_MKDIR_RECURSIVE), + $this->context + ); + } + + /** + * @param string $path_from + * @param string $path_to + * @return bool + */ + public function rename($path_from, $path_to) + { + $this->assert($path_from, Behavior::COMMAND_RENAME); + $this->assert($path_to, Behavior::COMMAND_RENAME); + return $this->invokeInternalStreamWrapper( + 'rename', + $path_from, + $path_to, + $this->context + ); + } + + /** + * @param string $path + * @param int $options + * @return bool + */ + public function rmdir($path, $options) + { + $this->assert($path, Behavior::COMMAND_RMDIR); + return $this->invokeInternalStreamWrapper( + 'rmdir', + $path, + $this->context + ); + } + + /** + * @param int $cast_as + */ + public function stream_cast($cast_as) + { + throw new Exception( + 'Method stream_select() cannot be used', + 1530103999 + ); + } + + public function stream_close() + { + $this->invokeInternalStreamWrapper( + 'fclose', + $this->internalResource + ); + } + + /** + * @return bool + */ + public function stream_eof() + { + return $this->invokeInternalStreamWrapper( + 'feof', + $this->internalResource + ); + } + + /** + * @return bool + */ + public function stream_flush() + { + return $this->invokeInternalStreamWrapper( + 'fflush', + $this->internalResource + ); + } + + /** + * @param int $operation + * @return bool + */ + public function stream_lock($operation) + { + return $this->invokeInternalStreamWrapper( + 'flock', + $this->internalResource, + $operation + ); + } + + /** + * @param string $path + * @param int $option + * @param string|int $value + * @return bool + */ + public function stream_metadata($path, $option, $value) + { + $this->assert($path, Behavior::COMMAND_STEAM_METADATA); + if ($option === STREAM_META_TOUCH) { + return call_user_func_array( + array($this, 'invokeInternalStreamWrapper'), + array_merge(array('touch', $path), (array) $value) + ); + } + if ($option === STREAM_META_OWNER_NAME || $option === STREAM_META_OWNER) { + return $this->invokeInternalStreamWrapper( + 'chown', + $path, + $value + ); + } + if ($option === STREAM_META_GROUP_NAME || $option === STREAM_META_GROUP) { + return $this->invokeInternalStreamWrapper( + 'chgrp', + $path, + $value + ); + } + if ($option === STREAM_META_ACCESS) { + return $this->invokeInternalStreamWrapper( + 'chmod', + $path, + $value + ); + } + return false; + } + + /** + * @param string $path + * @param string $mode + * @param int $options + * @param string|null $opened_path + * @return bool + */ + public function stream_open( + $path, + $mode, + $options, + &$opened_path = null + ) { + $this->assert($path, Behavior::COMMAND_STREAM_OPEN); + $arguments = array($path, $mode, (bool) ($options & STREAM_USE_PATH)); + // only add stream context for non include/require calls + if (!($options & static::STREAM_OPEN_FOR_INCLUDE)) { + $arguments[] = $this->context; + // work around https://bugs.php.net/bug.php?id=66569 + // for including files from Phar stream with OPcache enabled + } else { + Helper::resetOpCache(); + } + $this->internalResource = call_user_func_array( + array($this, 'invokeInternalStreamWrapper'), + array_merge(array('fopen'), $arguments) + ); + if (!is_resource($this->internalResource)) { + return false; + } + if ($opened_path !== null) { + $metaData = stream_get_meta_data($this->internalResource); + $opened_path = $metaData['uri']; + } + return true; + } + + /** + * @param int $count + * @return string + */ + public function stream_read($count) + { + return $this->invokeInternalStreamWrapper( + 'fread', + $this->internalResource, + $count + ); + } + + /** + * @param int $offset + * @param int $whence + * @return bool + */ + public function stream_seek($offset, $whence = SEEK_SET) + { + return $this->invokeInternalStreamWrapper( + 'fseek', + $this->internalResource, + $offset, + $whence + ) !== -1; + } + + /** + * @param int $option + * @param int $arg1 + * @param int $arg2 + * @return bool + */ + public function stream_set_option($option, $arg1, $arg2) + { + if ($option === STREAM_OPTION_BLOCKING) { + return $this->invokeInternalStreamWrapper( + 'stream_set_blocking', + $this->internalResource, + $arg1 + ); + } + if ($option === STREAM_OPTION_READ_TIMEOUT) { + return $this->invokeInternalStreamWrapper( + 'stream_set_timeout', + $this->internalResource, + $arg1, + $arg2 + ); + } + if ($option === STREAM_OPTION_WRITE_BUFFER) { + return $this->invokeInternalStreamWrapper( + 'stream_set_write_buffer', + $this->internalResource, + $arg2 + ) === 0; + } + return false; + } + + /** + * @return array + */ + public function stream_stat() + { + return $this->invokeInternalStreamWrapper( + 'fstat', + $this->internalResource + ); + } + + /** + * @return int + */ + public function stream_tell() + { + return $this->invokeInternalStreamWrapper( + 'ftell', + $this->internalResource + ); + } + + /** + * @param int $new_size + * @return bool + */ + public function stream_truncate($new_size) + { + return $this->invokeInternalStreamWrapper( + 'ftruncate', + $this->internalResource, + $new_size + ); + } + + /** + * @param string $data + * @return int + */ + public function stream_write($data) + { + return $this->invokeInternalStreamWrapper( + 'fwrite', + $this->internalResource, + $data + ); + } + + /** + * @param string $path + * @return bool + */ + public function unlink($path) + { + $this->assert($path, Behavior::COMMAND_UNLINK); + return $this->invokeInternalStreamWrapper( + 'unlink', + $path, + $this->context + ); + } + + /** + * @param string $path + * @param int $flags + * @return array|false + */ + public function url_stat($path, $flags) + { + $this->assert($path, Behavior::COMMAND_URL_STAT); + $functionName = $flags & STREAM_URL_STAT_QUIET ? '@stat' : 'stat'; + return $this->invokeInternalStreamWrapper($functionName, $path); + } + + /** + * @param string $path + * @param string $command + */ + protected function assert($path, $command) + { + if ($this->resolveAssertable()->assert($path, $command) === true) { + return; + } + + throw new Exception( + sprintf( + 'Denied invocation of "%s" for command "%s"', + $path, + $command + ), + 1535189880 + ); + } + + /** + * @return Assertable + */ + protected function resolveAssertable() + { + return Manager::instance(); + } + + /** + * Invokes commands on the native PHP Phar stream wrapper. + * + * @param string $functionName + * @param mixed ...$arguments + * @return mixed + */ + private function invokeInternalStreamWrapper($functionName) + { + $arguments = func_get_args(); + array_shift($arguments); + $silentExecution = $functionName{0} === '@'; + $functionName = ltrim($functionName, '@'); + $this->restoreInternalSteamWrapper(); + + try { + if ($silentExecution) { + $result = @call_user_func_array($functionName, $arguments); + } else { + $result = call_user_func_array($functionName, $arguments); + } + } catch (\Exception $exception) { + $this->registerStreamWrapper(); + throw $exception; + } catch (\Throwable $throwable) { + $this->registerStreamWrapper(); + throw $throwable; + } + + $this->registerStreamWrapper(); + return $result; + } + + private function restoreInternalSteamWrapper() + { + stream_wrapper_restore('phar'); + } + + private function registerStreamWrapper() + { + stream_wrapper_unregister('phar'); + stream_wrapper_register('phar', get_class($this)); + } +} diff --git a/modules/aggregator/aggregator.info b/modules/aggregator/aggregator.info index 2d84f9d..a5532dc 100644 --- a/modules/aggregator/aggregator.info +++ b/modules/aggregator/aggregator.info @@ -7,7 +7,7 @@ files[] = aggregator.test configure = admin/config/services/aggregator/settings stylesheets[all][] = aggregator.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/aggregator/tests/aggregator_test.info b/modules/aggregator/tests/aggregator_test.info index 91811fc..90a8b2f 100644 --- a/modules/aggregator/tests/aggregator_test.info +++ b/modules/aggregator/tests/aggregator_test.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/block/block.info b/modules/block/block.info index f3f2c7c..c9c4171 100644 --- a/modules/block/block.info +++ b/modules/block/block.info @@ -6,7 +6,7 @@ core = 7.x files[] = block.test configure = admin/structure/block -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/block/tests/block_test.info b/modules/block/tests/block_test.info index f62fdd7..beb9141 100644 --- a/modules/block/tests/block_test.info +++ b/modules/block/tests/block_test.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/block/tests/themes/block_test_theme/block_test_theme.info b/modules/block/tests/themes/block_test_theme/block_test_theme.info index 4ce61da..89305fc 100644 --- a/modules/block/tests/themes/block_test_theme/block_test_theme.info +++ b/modules/block/tests/themes/block_test_theme/block_test_theme.info @@ -13,7 +13,7 @@ regions[footer] = Footer regions[highlighted] = Highlighted regions[help] = Help -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/blog/blog.info b/modules/blog/blog.info index ea02638..041aadc 100644 --- a/modules/blog/blog.info +++ b/modules/blog/blog.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = blog.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/book/book.info b/modules/book/book.info index 98aca93..a3c5af7 100644 --- a/modules/book/book.info +++ b/modules/book/book.info @@ -7,7 +7,7 @@ files[] = book.test configure = admin/content/book/settings stylesheets[all][] = book.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/book/book.module b/modules/book/book.module index 7afed9a..32047f9 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -768,11 +768,13 @@ function book_prev($book_link) { return NULL; } $flat = book_get_flat_menu($book_link); - // Assigning the array to $flat resets the array pointer for use with each(). + reset($flat); $curr = NULL; do { $prev = $curr; - list($key, $curr) = each($flat); + $curr = current($flat); + $key = key($flat); + next($flat); } while ($key && $key != $book_link['mlid']); if ($key == $book_link['mlid']) { @@ -806,9 +808,10 @@ function book_prev($book_link) { */ function book_next($book_link) { $flat = book_get_flat_menu($book_link); - // Assigning the array to $flat resets the array pointer for use with each(). + reset($flat); do { - list($key, $curr) = each($flat); + $key = key($flat); + next($flat); } while ($key && $key != $book_link['mlid']); diff --git a/modules/color/color.info b/modules/color/color.info index 9ca6bcc..2f986d9 100644 --- a/modules/color/color.info +++ b/modules/color/color.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = color.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/comment/comment.info b/modules/comment/comment.info index 5ea180d..7970128 100644 --- a/modules/comment/comment.info +++ b/modules/comment/comment.info @@ -9,7 +9,7 @@ files[] = comment.test configure = admin/content/comment stylesheets[all][] = comment.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/contact/contact.info b/modules/contact/contact.info index 63cf78c..663818e 100644 --- a/modules/contact/contact.info +++ b/modules/contact/contact.info @@ -6,7 +6,7 @@ core = 7.x files[] = contact.test configure = admin/structure/contact -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/contextual/contextual.info b/modules/contextual/contextual.info index c2f68e3..d23cc9a 100644 --- a/modules/contextual/contextual.info +++ b/modules/contextual/contextual.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = contextual.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/dashboard/dashboard.info b/modules/dashboard/dashboard.info index d4778c6..d3ca721 100644 --- a/modules/dashboard/dashboard.info +++ b/modules/dashboard/dashboard.info @@ -7,7 +7,7 @@ files[] = dashboard.test dependencies[] = block configure = admin/dashboard/customize -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/dblog/dblog.info b/modules/dblog/dblog.info index 9c78e1b..26e1737 100644 --- a/modules/dblog/dblog.info +++ b/modules/dblog/dblog.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = dblog.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/field.info b/modules/field/field.info index 4cfb0b6..2228c05 100644 --- a/modules/field/field.info +++ b/modules/field/field.info @@ -11,7 +11,7 @@ dependencies[] = field_sql_storage required = TRUE stylesheets[all][] = theme/field.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/modules/field_sql_storage/field_sql_storage.info b/modules/field/modules/field_sql_storage/field_sql_storage.info index 29c7421..e43fe82 100644 --- a/modules/field/modules/field_sql_storage/field_sql_storage.info +++ b/modules/field/modules/field_sql_storage/field_sql_storage.info @@ -7,7 +7,7 @@ dependencies[] = field files[] = field_sql_storage.test required = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/modules/list/list.info b/modules/field/modules/list/list.info index 55c539c..851292e 100644 --- a/modules/field/modules/list/list.info +++ b/modules/field/modules/list/list.info @@ -7,7 +7,7 @@ dependencies[] = field dependencies[] = options files[] = tests/list.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/modules/list/list.install b/modules/field/modules/list/list.install index 2386f04..c10fbc8 100644 --- a/modules/field/modules/list/list.install +++ b/modules/field/modules/list/list.install @@ -61,7 +61,7 @@ function list_update_7001() { // Additionally, float keys need to be disambiguated ('.5' is '0.5'). if ($field['type'] == 'list_number' && !empty($allowed_values)) { - $keys = array_map(create_function('$a', 'return (string) (float) $a;'), array_keys($allowed_values)); + $keys = array_map('_list_update_7001_float_string_cast', array_keys($allowed_values)); $allowed_values = array_combine($keys, array_values($allowed_values)); } @@ -88,6 +88,13 @@ function list_update_7001() { } } +/** + * Helper callback function to cast the array element. + */ +function _list_update_7001_float_string_cast($element) { + return (string) (float) $element; +} + /** * Helper function for list_update_7001: extract allowed values from a string. * diff --git a/modules/field/modules/list/tests/list_test.info b/modules/field/modules/list/tests/list_test.info index ca74fe3..9a8e792 100644 --- a/modules/field/modules/list/tests/list_test.info +++ b/modules/field/modules/list/tests/list_test.info @@ -5,7 +5,7 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/modules/number/number.info b/modules/field/modules/number/number.info index c2c57a2..a7853d5 100644 --- a/modules/field/modules/number/number.info +++ b/modules/field/modules/number/number.info @@ -6,7 +6,7 @@ core = 7.x dependencies[] = field files[] = number.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/modules/options/options.info b/modules/field/modules/options/options.info index 71abf41..77b1359 100644 --- a/modules/field/modules/options/options.info +++ b/modules/field/modules/options/options.info @@ -6,7 +6,7 @@ core = 7.x dependencies[] = field files[] = options.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/modules/text/text.info b/modules/field/modules/text/text.info index 1de6143..39881eb 100644 --- a/modules/field/modules/text/text.info +++ b/modules/field/modules/text/text.info @@ -7,7 +7,7 @@ dependencies[] = field files[] = text.test required = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field/tests/field_test.info b/modules/field/tests/field_test.info index fb1653f..e0f42e9 100644 --- a/modules/field/tests/field_test.info +++ b/modules/field/tests/field_test.info @@ -6,7 +6,7 @@ files[] = field_test.entity.inc version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/field_ui/field_ui.info b/modules/field_ui/field_ui.info index b977882..d7564f5 100644 --- a/modules/field_ui/field_ui.info +++ b/modules/field_ui/field_ui.info @@ -6,7 +6,7 @@ core = 7.x dependencies[] = field files[] = field_ui.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/file/file.info b/modules/file/file.info index 27fbd62..f2d0872 100644 --- a/modules/file/file.info +++ b/modules/file/file.info @@ -6,7 +6,7 @@ core = 7.x dependencies[] = field files[] = tests/file.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/file/tests/file_module_test.info b/modules/file/tests/file_module_test.info index b63d506..a8b4acc 100644 --- a/modules/file/tests/file_module_test.info +++ b/modules/file/tests/file_module_test.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/filter/filter.info b/modules/filter/filter.info index 25b5800..f16777f 100644 --- a/modules/filter/filter.info +++ b/modules/filter/filter.info @@ -7,7 +7,7 @@ files[] = filter.test required = TRUE configure = admin/config/content/formats -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/forum/forum.info b/modules/forum/forum.info index 6907509..758f35b 100644 --- a/modules/forum/forum.info +++ b/modules/forum/forum.info @@ -9,7 +9,7 @@ files[] = forum.test configure = admin/structure/forum stylesheets[all][] = forum.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/help/help.info b/modules/help/help.info index 33e6c81..46ee825 100644 --- a/modules/help/help.info +++ b/modules/help/help.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = help.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/image/image.admin.inc b/modules/image/image.admin.inc index cebe894..0fbdc0b 100644 --- a/modules/image/image.admin.inc +++ b/modules/image/image.admin.inc @@ -736,7 +736,8 @@ function theme_image_style_effects($variables) { if (!isset($form[$key]['#access']) || $form[$key]['#access']) { $rows[] = array( 'data' => $row, - 'class' => !empty($form[$key]['weight']['#access']) || $key == 'new' ? array('draggable') : array(), + // Use a strict (===) comparison since $key can be 0. + 'class' => !empty($form[$key]['weight']['#access']) || $key === 'new' ? array('draggable') : array(), ); } } diff --git a/modules/image/image.info b/modules/image/image.info index d6b6942..7903f2c 100644 --- a/modules/image/image.info +++ b/modules/image/image.info @@ -7,7 +7,7 @@ dependencies[] = file files[] = image.test configure = admin/config/media/image-styles -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/image/tests/image_module_test.info b/modules/image/tests/image_module_test.info index 588044e..124b699 100644 --- a/modules/image/tests/image_module_test.info +++ b/modules/image/tests/image_module_test.info @@ -6,7 +6,7 @@ core = 7.x files[] = image_module_test.module hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/locale/locale.info b/modules/locale/locale.info index 45d1d67..fb257d1 100644 --- a/modules/locale/locale.info +++ b/modules/locale/locale.info @@ -6,7 +6,7 @@ core = 7.x files[] = locale.test configure = admin/config/regional/language -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/locale/locale.test b/modules/locale/locale.test index db87e05..b890b06 100644 --- a/modules/locale/locale.test +++ b/modules/locale/locale.test @@ -3188,11 +3188,7 @@ class LocaleLanguageNegotiationInfoFunctionalTest extends DrupalWebTestCase { foreach (language_types_info() as $type => $info) { if (isset($info['fixed'])) { $negotiation = variable_get("language_negotiation_$type", array()); - $equal = count($info['fixed']) == count($negotiation); - while ($equal && list($id) = each($negotiation)) { - list(, $info_id) = each($info['fixed']); - $equal = $info_id == $id; - } + $equal = array_keys($negotiation) === array_values($info['fixed']); $this->assertTrue($equal, format_string('language negotiation for %type is properly set up', array('%type' => $type))); } } diff --git a/modules/locale/tests/locale_test.info b/modules/locale/tests/locale_test.info index 20ae2b4..5727160 100644 --- a/modules/locale/tests/locale_test.info +++ b/modules/locale/tests/locale_test.info @@ -5,7 +5,7 @@ package = Testing version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/menu/menu.info b/modules/menu/menu.info index b44e130..52b127b 100644 --- a/modules/menu/menu.info +++ b/modules/menu/menu.info @@ -6,7 +6,7 @@ core = 7.x files[] = menu.test configure = admin/structure/menu -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/node/node.info b/modules/node/node.info index 0094ad6..91e5524 100644 --- a/modules/node/node.info +++ b/modules/node/node.info @@ -9,7 +9,7 @@ required = TRUE configure = admin/structure/types stylesheets[all][] = node.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/node/tests/node_access_test.info b/modules/node/tests/node_access_test.info index a7aad51..b4c70c8 100644 --- a/modules/node/tests/node_access_test.info +++ b/modules/node/tests/node_access_test.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/node/tests/node_test.info b/modules/node/tests/node_test.info index 8633766..162dca0 100644 --- a/modules/node/tests/node_test.info +++ b/modules/node/tests/node_test.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/node/tests/node_test_exception.info b/modules/node/tests/node_test_exception.info index 7c495bf..8003291 100644 --- a/modules/node/tests/node_test_exception.info +++ b/modules/node/tests/node_test_exception.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/openid/openid.info b/modules/openid/openid.info index 09a49f7..c6b9325 100644 --- a/modules/openid/openid.info +++ b/modules/openid/openid.info @@ -5,7 +5,7 @@ package = Core core = 7.x files[] = openid.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/openid/tests/openid_test.info b/modules/openid/tests/openid_test.info index 712801a..5f06fc2 100644 --- a/modules/openid/tests/openid_test.info +++ b/modules/openid/tests/openid_test.info @@ -6,7 +6,7 @@ core = 7.x dependencies[] = openid hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/overlay/overlay.info b/modules/overlay/overlay.info index 656c657..d8f9cf6 100644 --- a/modules/overlay/overlay.info +++ b/modules/overlay/overlay.info @@ -4,7 +4,7 @@ package = Core version = VERSION core = 7.x -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/path/path.info b/modules/path/path.info index 0edafb7..1878b27 100644 --- a/modules/path/path.info +++ b/modules/path/path.info @@ -6,7 +6,7 @@ core = 7.x files[] = path.test configure = admin/config/search/path -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/php/php.info b/modules/php/php.info index 9ea7278..8f64cf0 100644 --- a/modules/php/php.info +++ b/modules/php/php.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = php.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/poll/poll.info b/modules/poll/poll.info index 3f0d235..630ba42 100644 --- a/modules/poll/poll.info +++ b/modules/poll/poll.info @@ -6,7 +6,7 @@ core = 7.x files[] = poll.test stylesheets[all][] = poll.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/profile/profile.info b/modules/profile/profile.info index ce6d954..7d1e791 100644 --- a/modules/profile/profile.info +++ b/modules/profile/profile.info @@ -11,7 +11,7 @@ configure = admin/config/people/profile ; See user_system_info_alter(). hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/rdf/rdf.info b/modules/rdf/rdf.info index ea28b0e..ee1d9c8 100644 --- a/modules/rdf/rdf.info +++ b/modules/rdf/rdf.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x files[] = rdf.test -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/rdf/tests/rdf_test.info b/modules/rdf/tests/rdf_test.info index 7e0e2b2..063514f 100644 --- a/modules/rdf/tests/rdf_test.info +++ b/modules/rdf/tests/rdf_test.info @@ -6,7 +6,7 @@ core = 7.x hidden = TRUE dependencies[] = blog -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/search/search.info b/modules/search/search.info index 3132878..4806cb8 100644 --- a/modules/search/search.info +++ b/modules/search/search.info @@ -8,7 +8,7 @@ files[] = search.test configure = admin/config/search/settings stylesheets[all][] = search.css -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/search/tests/search_embedded_form.info b/modules/search/tests/search_embedded_form.info index 0874c63..a16393f 100644 --- a/modules/search/tests/search_embedded_form.info +++ b/modules/search/tests/search_embedded_form.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/search/tests/search_extra_type.info b/modules/search/tests/search_extra_type.info index 67b8566..85d76cc 100644 --- a/modules/search/tests/search_extra_type.info +++ b/modules/search/tests/search_extra_type.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/search/tests/search_node_tags.info b/modules/search/tests/search_node_tags.info index f260f0b..5f0f84d 100644 --- a/modules/search/tests/search_node_tags.info +++ b/modules/search/tests/search_node_tags.info @@ -5,7 +5,7 @@ version = VERSION core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/shortcut/shortcut.info b/modules/shortcut/shortcut.info index 1c1b2a5..a8bcc26 100644 --- a/modules/shortcut/shortcut.info +++ b/modules/shortcut/shortcut.info @@ -6,7 +6,7 @@ core = 7.x files[] = shortcut.test configure = admin/config/user-interface/shortcut -; Information added by Drupal.org packaging script on 2018-10-17 -version = "7.60" +; Information added by Drupal.org packaging script on 2019-01-16 +version = "7.63" project = "drupal" -datestamp = "1539816636" +datestamp = "1547681965" diff --git a/modules/simpletest/files/phar-1.phar b/modules/simpletest/files/phar-1.phar new file mode 100644 index 0000000000000000000000000000000000000000..8d25e6d4403979bf0fb37b7d10ff721bc804130d GIT binary patch literal 6909 zcmb_hOLN=S6?VD{cinV-#X$_nB1Mss?SztL$uebmB3UfOC{t4&4hUS5i0}#k>J{e) zzoNTN7ySv{_dE9ifg)&UQF%PXJ@>rNx#ye=8m?K;THz^6$(1R7ue80xXIBY3gCM;RxZwi5(n=G-N zY$*Ah_4j-I?MlM4SrTqnewIGjv%C~qTL#qWop*Wzv)B3acb&8T@Vnky^Mi24GK`Z> z|LF9!LMq{)_t^_X<4vb;vX39xqM$jn?&(?ITosO`?eRF1T2TfaVhfJS{c~Q+%oXA4CqIbGH?=>g0q{f4ErW6 z6-Wt9#x`LW(jb4fuRO`+%5!qOXlIRt3psTg@9lc>*SHf(-P41x`ZN~M$YB6eZ}iz)Uhey zW%I$sQZN<21(#|#h>O*v?M4}La-1SLaSN@$Fwr#w#yT%dSE+KUO$M! zEQ$O!3!}P2kQxhSX;x48mF;`3o$)G&G)*_LCxLyBOnVh$WT!l|1CFz=A1z%~fj~8W z1vNd6(voT<>KO{CrW7^CnYvzL%~u*D<3UX9WFZ$Nw^%ogID-P|Yy?ru<@|m<*cvq= zpNCdKH)RdUqM}J6QA8Uibs(t#b%NYs=25@jZ8X=LY;&W@PNFOBvMx^oJLF;J-=HG{THphGD~U^h{qgw-UF3?)BSV=Kx*pFLMn}@(~dN z6PTn-hWja^mSH0vI~rQTS%gcahqiWuZEb9^cTvU;qgm*ZmE4&|thz&mXZIpxJ48Vb zY$x+FpYKw;zNb(?LTqTvol)f8N|I@Fmju+=1F8l#1dT!kG0CeI97PidImrvh5gDiA zsaol1V4^?qFh!|C|D>R5)99QaX7&DU%-gKc#tI?SILADkWK$W)F$_z+JLySESKB3! zl&#|@rXbnxMH3wu^O{Ii2un8Eg?(h<3)Uok^V4D9Tm3o0mN3+tOnv;%hKu@@I{|sR zM4kVKPcR6HX^$0?uJThQ&Cp34CaM7@JGF`uZ-SiNt~gPcX6(&-#ChYUxv{aKL9gDo z1guqno$Q}|D}b8?pcu#iof}jo+vCnVY&?6mwTZH)M2|6KQfp(FgbX>w0cULcDPM)U z#yF;B6r+ylnpk6IGNMy4PC37{fP$Hq`{Q;S0suCSK{5+t+qtyNa}31de2*!2B=Q!G zp+*2KlZI$FLf|3Wb^-ai`Ath^wQ)RXe!wZwRV<*BOxvPZDfC4oQBcsIsG1gJ3jR{; z`U_?d0x;S2luoXtWe`{lry3xH3L&5st)OHF>boAd%ucU&+G{hEM{mrb0E#aT5>+;r zUE3+EBIV$BS(L$f-K;V+)tT?I5tqBt9+b%{IT%S~&{2me(!oRJRwE!&#(<0c0p`;W zNGP{5I2}fmc8E#B=l1ii0C83}xvU|CzqdS*tPK(-(?!375 zS#^s%mS{Y>YkfjtabWW}WI;?FUgyM$+(rLc@lss+yo`Kh$(AqDHH8;&%BXe=CSo;A zF-*xD9XL^$LvmouK%Fe$*I0GCy2@5iBGs`h?h-dKGdv_(&T6fxq^(e?)EQA^x=O8- zOd%uZHu79K5NS(^;Zx`5=qW)QC3bSlK*XIa!c!JeVCc5UDEu<|+LJ}TGS!I%!|5~| zgsmtW=DMD(iWNxY6ETzrBWFrHa-b@!@DXmp&b3Pc+Y2s*RfJe$8_%CVuQ7cE6bckZ z5g9;ru;#rbbzL%+1nyJWhIGl4S5I|@6OKWj_k;M5nybu`TCU-zRooLHi)YyoC7n9D zqR%I*MbRkN;Sc_z(acs_7I82UH%4$8tA)Bd` zE0=x>>w%{opQ9R}`H7i5KSx5Bfv%9G*eV(Ty1@OES`1%qw4jqBpw7>XqkEyKea=^k zOom0J8^y#@8^R-KU*lL<=}dzN9cw=2WPd;(PrdTF$TL(YI& zIA%EmIiJvEA{eA#02quE4P2toIi)iyR%q`SdgOrxE}qub$m0;sLtrcsE5#@imCQ8= z-3B4`9NmW0WfT6;6vS7XB~%5Of`OPZsVqvzAZLWrDc_k5apj(&pyf*0jq_3C+-aP< zjdR{O$E$(-ep?XPLLkVE!VUAB2b;t^jT5{V9b4vCGa4q#@hXooFpt&WGIr02oe@D; z#K^ERRxJvN3=>dVB2Z;`Pv=7SaS6Ar5BW4k(|X}VknqwxE-OSR^vSKPM3mcjuR%4M zrf0(;lf?djRIjLs)^J3rp*xpToSOwHdhA|tHg?Ei#0V*xS5E-ydLEY&ACQSzoJ`R3 zoYbOVvK&CQy7wcafIy~{C2H0Jtr`h6@!SBH)6b9OWE<5(?T-z-XqKaS^=&BL2Ql%2 zJ+yr}k22~In7VMmWt@gzRz*+I{YSD}2MjE+A<`lnAc+85rFTd3h9g;lsI#^D)vQ`$ zPU38~EU7Otp^&1#Pc^*JaxT+ZAl1`Ckve$W&IDVb#ly?ouzbca)IdZxy9Z4wpAIH| zG_uSmsP!})jCB@?UaG!a04l(0J_OE7wwDBAtiqzr_GY2)g>*H9lPJ6osOejXo-QS? zC8N=JZZ1;oRg0pQ1pbS&gfdMVt5UQx_uT^5UC<7PNBhV9;lb%i7avi20I`?5&mTQ{ z^acL^QT^fve_!H%{_W>)SbV+m+kk#&|M=y%zY{+GcEq=$#*-%%_5?=^*+mciDeh1i z-3Ud#VKJjC5vF4Se4Wf<+c#4&BUAR_>k(65j`F(|-ezXE>)<9h