bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated core to 7.80

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2021-07-12 10:11:08 +02:00
parent 7b1e954f7f
commit 5656f5a68a
236 changed files with 4149 additions and 888 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
includes/ajax.inc
View File

@@ -294,6 +294,7 @@ function ajax_render($commands = array()) {
// Now add a command to merge changes and additions to Drupal.settings.
$scripts = drupal_add_js();
drupal_alter('js', $scripts);
if (!empty($scripts['settings'])) {
$settings = $scripts['settings'];
array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE));

15
includes/batch.inc
View File

@@ -478,18 +478,17 @@ function _batch_finished() {
$queue->deleteQueue();
}
}
// Clean-up the session. Not needed for CLI updates.
if (isset($_SESSION)) {
unset($_SESSION['batches'][$batch['id']]);
if (empty($_SESSION['batches'])) {
unset($_SESSION['batches']);
}
}
}
$_batch = $batch;
$batch = NULL;
// Clean-up the session. Not needed for CLI updates.
if (isset($_SESSION)) {
unset($_SESSION['batches'][$batch['id']]);
if (empty($_SESSION['batches'])) {
unset($_SESSION['batches']);
}
}
// Redirect if needed.
if ($_batch['progressive']) {
// Revert the 'destination' that was saved in batch_process().

119
includes/bootstrap.inc
View File

@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.67');
define('VERSION', '7.80');
/**
* Core API compatibility.
@@ -1189,19 +1189,21 @@ function variable_initialize($conf = array()) {
$variables = $cached->data;
}
else {
// Cache miss. Avoid a stampede.
// Cache miss. Avoid a stampede by acquiring a lock. If the lock fails to
// acquire, optionally just continue with uncached processing.
$name = 'variable_init';
if (!lock_acquire($name, 1)) {
// Another request is building the variable cache.
// Wait, then re-run this function.
$lock_acquired = lock_acquire($name, 1);
if (!$lock_acquired && variable_get('variable_initialize_wait_for_lock', FALSE)) {
lock_wait($name);
return variable_initialize($conf);
}
else {
// Proceed with variable rebuild.
// Load the variables from the table.
$variables = array_map('unserialize', db_query('SELECT name, value FROM {variable}')->fetchAllKeyed());
cache_set('variables', $variables, 'cache_bootstrap');
lock_release($name);
if ($lock_acquired) {
cache_set('variables', $variables, 'cache_bootstrap');
lock_release($name);
}
}
}
@@ -1998,7 +2000,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
// It is possible that the error handling will itself trigger an error. In that case, we could
// end up in an infinite loop. To avoid that, we implement a simple static semaphore.
if (!$in_error_state && function_exists('module_implements')) {
if (!$in_error_state && function_exists('module_invoke_all')) {
$in_error_state = TRUE;
// The user object may not exist in all conditions, so 0 is substituted if needed.
@@ -2021,9 +2023,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
);
// Call the logging hooks to log/process the message
foreach (module_implements('watchdog') as $module) {
module_invoke($module, 'watchdog', $log_entry);
}
module_invoke_all('watchdog', $log_entry);
// It is critical that the semaphore is only cleared here, in the parent
// watchdog() call (not outside the loop), to prevent recursive execution.
@@ -2518,6 +2518,7 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) {
switch ($current_phase) {
case DRUPAL_BOOTSTRAP_CONFIGURATION:
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
_drupal_bootstrap_configuration();
break;
@@ -2595,13 +2596,10 @@ function drupal_get_hash_salt() {
* The filename that the error was raised in.
* @param $line
* The line number the error was raised at.
* @param $context
* An array that points to the active symbol table at the point the error
* occurred.
*/
function _drupal_error_handler($error_level, $message, $filename, $line, $context) {
function _drupal_error_handler($error_level, $message, $filename, $line) {
require_once DRUPAL_ROOT . '/includes/errors.inc';
_drupal_error_handler_real($error_level, $message, $filename, $line, $context);
_drupal_error_handler_real($error_level, $message, $filename, $line);
}
/**
@@ -2622,6 +2620,10 @@ function _drupal_exception_handler($exception) {
_drupal_log_error(_drupal_decode_exception($exception), TRUE);
}
catch (Exception $exception2) {
// Add a 500 status code in case an exception was thrown before the 500
// status could be set (e.g. while loading a maintenance theme from cache).
drupal_add_http_header('Status', '500 Internal Server Error');
// Another uncaught exception was thrown while handling the first one.
// If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown.
if (error_displayable()) {
@@ -2647,7 +2649,6 @@ function _drupal_bootstrap_configuration() {
drupal_settings_initialize();
// Sanitize unsafe keys from the request.
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
DrupalRequestSanitizer::sanitize();
}
@@ -3875,3 +3876,85 @@ function drupal_clear_opcode_cache($filepath) {
@apc_delete_file($filepath);
}
}
/**
* Drupal's wrapper around PHP's setcookie() function.
*
* This allows the cookie's $value and $options to be altered.
*
* @param $name
* The name of the cookie.
* @param $value
* The value of the cookie.
* @param $options
* An associative array which may have any of the keys expires, path, domain,
* secure, httponly, samesite.
*
* @see setcookie()
* @ingroup php_wrappers
*/
function drupal_setcookie($name, $value, $options) {
$options = _drupal_cookie_params($options);
if (\PHP_VERSION_ID >= 70300) {
setcookie($name, $value, $options);
}
else {
setcookie($name, $value, $options['expires'], $options['path'], $options['domain'], $options['secure'], $options['httponly']);
}
}
/**
* Process the params for cookies. This emulates support for the SameSite
* attribute in earlier versions of PHP, and allows the value of that attribute
* to be overridden.
*
* @param $options
* An associative array which may have any of the keys expires, path, domain,
* secure, httponly, samesite.
*
* @return
* An associative array which may have any of the keys expires, path, domain,
* secure, httponly, and samesite.
*/
function _drupal_cookie_params($options) {
$options['samesite'] = _drupal_samesite_cookie($options);
if (\PHP_VERSION_ID < 70300) {
// Emulate SameSite support in older PHP versions.
if (!empty($options['samesite'])) {
// Ensure the SameSite attribute is only added once.
if (!preg_match('/SameSite=/i', $options['path'])) {
$options['path'] .= '; SameSite=' . $options['samesite'];
}
}
}
return $options;
}
/**
* Determine the value for the samesite cookie attribute, in the following order
* of precedence:
*
* 1) A value explicitly passed to drupal_setcookie()
* 2) A value set in $conf['samesite_cookie_value']
* 3) The setting from php ini
* 4) The default of None, or FALSE (no attribute) if the cookie is not Secure
*
* @param $options
* An associative array as passed to drupal_setcookie().
* @return
* The value for the samesite cookie attribute.
*/
function _drupal_samesite_cookie($options) {
if (isset($options['samesite'])) {
return $options['samesite'];
}
$override = variable_get('samesite_cookie_value', NULL);
if ($override !== NULL) {
return $override;
}
$ini_options = session_get_cookie_params();
if (isset($ini_options['samesite'])) {
return $ini_options['samesite'];
}
return empty($options['secure']) ? FALSE : 'None';
}

177
includes/common.inc
View File

@@ -391,7 +391,7 @@ function drupal_add_feed($url = NULL, $title = '') {
*/
function drupal_get_feeds($delimiter = "\n") {
$feeds = drupal_add_feed();
return implode($feeds, $delimiter);
return implode($delimiter, $feeds);
}
/**
@@ -684,7 +684,10 @@ function drupal_goto($path = '', array $options = array(), $http_response_code =
// We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
$destination = drupal_parse_url($_GET['destination']);
$path = $destination['path'];
// Double check the path derived by drupal_parse_url() is not external.
if (!url_is_external($destination['path'])) {
$path = $destination['path'];
}
$options['query'] = $destination['query'];
$options['fragment'] = $destination['fragment'];
}
@@ -760,9 +763,10 @@ function drupal_access_denied() {
* (optional) An array that can have one or more of the following elements:
* - headers: An array containing request headers to send as name/value pairs.
* - method: A string containing the request method. Defaults to 'GET'.
* - data: A string containing the request body, formatted as
* 'param=value&param=value&...'; to generate this, use http_build_query().
* Defaults to NULL.
* - data: An array containing the values for the request body or a string
* containing the request body, formatted as
* 'param=value&param=value&...'; to generate this, use
* drupal_http_build_query(). Defaults to NULL.
* - max_redirects: An integer representing how many times a redirect
* may be followed. Defaults to 3.
* - timeout: A float representing the maximum number of seconds the function
@@ -788,7 +792,7 @@ function drupal_access_denied() {
* easy access the array keys are returned in lower case.
* - data: A string containing the response body that was received.
*
* @see http_build_query()
* @see drupal_http_build_query()
*/
function drupal_http_request($url, array $options = array()) {
// Allow an alternate HTTP client library to replace Drupal's default
@@ -930,6 +934,11 @@ function drupal_http_request($url, array $options = array()) {
$path .= '?' . $uri['query'];
}
// Convert array $options['data'] to query string.
if (is_array($options['data'])) {
$options['data'] = drupal_http_build_query($options['data']);
}
// Only add Content-Length if we actually have any content or if it is a POST
// or PUT request. Some non-standard servers get confused by Content-Length in
// at least HEAD/GET requests, and Squid always requires Content-Length in
@@ -1550,7 +1559,7 @@ function _filter_xss_split($m, $store = FALSE) {
return '&lt;';
}
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)\s*([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed.
return '';
}
@@ -1609,7 +1618,13 @@ function _filter_xss_attributes($attr) {
// Attribute name, href for instance.
if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) {
$attrname = strtolower($match[1]);
$skip = ($attrname == 'style' || substr($attrname, 0, 2) == 'on');
$skip = (
$attrname == 'style' ||
substr($attrname, 0, 2) == 'on' ||
substr($attrname, 0, 1) == '-' ||
// Ignore long attributes to avoid unnecessary processing overhead.
strlen($attrname) > 96
);
$working = $mode = 1;
$attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
}
@@ -2320,6 +2335,7 @@ function url($path = NULL, array $options = array()) {
}
elseif (!empty($path) && !$options['alias']) {
$language = isset($options['language']) && isset($options['language']->language) ? $options['language']->language : '';
require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc');
$alias = drupal_get_path_alias($original_path, $language);
if ($alias != $original_path) {
// Strip leading slashes from internal path aliases to prevent them
@@ -3734,7 +3750,7 @@ function _drupal_build_css_path($matches, $base = NULL) {
}
// Prefix with base and remove '../' segments where possible.
$path = $_base . $matches[1];
$path = $_base . (isset($matches[1]) ? $matches[1] : '');
$last = '';
while ($path != $last) {
$last = $path;
@@ -4441,12 +4457,54 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
}
}
$output = '';
// The index counter is used to keep aggregated and non-aggregated files in
// order by weight.
$index = 1;
$processed = array();
$files = array();
// Sort the JavaScript so that it appears in the correct order.
uasort($items, 'drupal_sort_css_js');
// Provide the page with information about the individual JavaScript files
// used, information not otherwise available when aggregation is enabled.
$setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
unset($setting['ajaxPageState']['js']['settings']);
drupal_add_js($setting, 'setting');
// If we're outputting the header scope, then this might be the final time
// that drupal_get_js() is running, so add the setting to this output as well
// as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
// because drupal_get_js() was intentionally passed a $javascript argument
// stripped off settings, potentially in order to override how settings get
// output, so in this case, do not add the setting to this output.
if ($scope == 'header' && isset($items['settings'])) {
$items['settings']['data'][] = $setting;
}
$elements = array(
'#type' => 'scripts',
'#items' => $items,
);
return drupal_render($elements);
}
/**
* The #pre_render callback for the "scripts" element.
*
* This callback adds elements needed for <script> tags to be rendered.
*
* @param array $elements
* A render array containing:
* - '#items': The JS items as returned by drupal_add_js() and altered by
* drupal_get_js().
*
* @return array
* The $elements variable passed as argument with two more children keys:
* - "scripts": contains the Javascript items
* - "settings": contains the Javascript settings items.
* If those keys are already existing, then the items will be appended and
* their keys will be preserved.
*
* @see drupal_get_js()
* @see drupal_add_js()
*/
function drupal_pre_render_scripts(array $elements) {
$preprocess_js = (variable_get('preprocess_js', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update'));
// A dummy query-string is added to filenames, to gain control over
@@ -4467,34 +4525,29 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
// third-party code might require the use of a different query string.
$js_version_string = variable_get('drupal_js_version_query_string', 'v=');
// Sort the JavaScript so that it appears in the correct order.
uasort($items, 'drupal_sort_css_js');
$files = array();
// Provide the page with information about the individual JavaScript files
// used, information not otherwise available when aggregation is enabled.
$setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
unset($setting['ajaxPageState']['js']['settings']);
drupal_add_js($setting, 'setting');
$scripts = isset($elements['scripts']) ? $elements['scripts'] : array();
$scripts += array('#weight' => 0);
// If we're outputting the header scope, then this might be the final time
// that drupal_get_js() is running, so add the setting to this output as well
// as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
// because drupal_get_js() was intentionally passed a $javascript argument
// stripped off settings, potentially in order to override how settings get
// output, so in this case, do not add the setting to this output.
if ($scope == 'header' && isset($items['settings'])) {
$items['settings']['data'][] = $setting;
}
$settings = isset($elements['settings']) ? $elements['settings'] : array();
$settings += array('#weight' => $scripts['#weight'] + 10);
// The index counter is used to keep aggregated and non-aggregated files in
// order by weight. Use existing scripts count as a starting point.
$index = count(element_children($scripts)) + 1;
// Loop through the JavaScript to construct the rendered output.
$element = array(
'#type' => 'html_tag',
'#tag' => 'script',
'#value' => '',
'#attributes' => array(
'type' => 'text/javascript',
),
);
foreach ($items as $item) {
foreach ($elements['#items'] as $item) {
$query_string = empty($item['version']) ? $default_query_string : $js_version_string . $item['version'];
switch ($item['type']) {
@@ -4503,7 +4556,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#value_prefix'] = $embed_prefix;
$js_element['#value'] = 'jQuery.extend(Drupal.settings, ' . drupal_json_encode(drupal_array_merge_deep_array($item['data'])) . ");";
$js_element['#value_suffix'] = $embed_suffix;
$output .= theme('html_tag', array('element' => $js_element));
$settings[] = $js_element;
break;
case 'inline':
@@ -4514,7 +4567,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#value_prefix'] = $embed_prefix;
$js_element['#value'] = $item['data'];
$js_element['#value_suffix'] = $embed_suffix;
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
break;
case 'file':
@@ -4525,7 +4578,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
}
$query_string_separator = (strpos($item['data'], '?') !== FALSE) ? '&' : '?';
$js_element['#attributes']['src'] = file_create_url($item['data']) . $query_string_separator . ($item['cache'] ? $query_string : REQUEST_TIME);
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
}
else {
// By increasing the index for each aggregated file, we maintain
@@ -4536,7 +4589,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
// leading to better front-end performance of a website as a whole.
// See drupal_add_js() for details.
$key = 'aggregate_' . $item['group'] . '_' . $item['every_page'] . '_' . $index;
$processed[$key] = '';
$scripts[$key] = '';
$files[$key][$item['data']] = $item;
}
break;
@@ -4548,7 +4601,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#attributes']['defer'] = 'defer';
}
$js_element['#attributes']['src'] = $item['data'];
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
break;
}
}
@@ -4563,14 +4616,18 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$preprocess_file = file_create_url($uri);
$js_element = $element;
$js_element['#attributes']['src'] = $preprocess_file;
$processed[$key] = theme('html_tag', array('element' => $js_element));
$scripts[$key] = $js_element;
}
}
}
// Keep the order of JS files consistent as some are preprocessed and others are not.
// Make sure any inline or JS setting variables appear last after libraries have loaded.
return implode('', $processed) . $output;
// Keep the order of JS files consistent as some are preprocessed and others
// are not. Make sure any inline or JS setting variables appear last after
// libraries have loaded.
$element['scripts'] = $scripts;
$element['settings'] = $settings;
return $element;
}
/**
@@ -5116,6 +5173,8 @@ function drupal_build_js_cache($files) {
$contents .= file_get_contents($path) . ";\n";
}
}
// Remove JS source and source mapping urls or these may cause 404 errors.
$contents = preg_replace('/\/\/(#|@)\s(sourceURL|sourceMappingURL)=\s*(\S*?)\s*$/m', '', $contents);
// Prefix filename to prevent blocking by firewalls which reject files
// starting with "ad*".
$filename = 'js_' . drupal_hash_base64($contents) . '.js';
@@ -6603,30 +6662,41 @@ function element_children(&$elements, $sort = FALSE) {
$sort = isset($elements['#sorted']) ? !$elements['#sorted'] : $sort;
// Filter out properties from the element, leaving only children.
$children = array();
$count = count($elements);
$child_weights = array();
$i = 0;
$sortable = FALSE;
foreach ($elements as $key => $value) {
if ($key === '' || $key[0] !== '#') {
$children[$key] = $value;
if (is_int($key) || $key === '' || $key[0] !== '#') {
if (is_array($value) && isset($value['#weight'])) {
$weight = $value['#weight'];
$sortable = TRUE;
}
else {
$weight = 0;
}
// Support weights with up to three digit precision and conserve the
// insertion order.
$child_weights[$key] = floor($weight * 1000) + $i / $count;
}
$i++;
}
// Sort the children if necessary.
if ($sort && $sortable) {
uasort($children, 'element_sort');
asort($child_weights);
// Put the sorted children back into $elements in the correct order, to
// preserve sorting if the same element is passed through
// element_children() twice.
foreach ($children as $key => $child) {
foreach ($child_weights as $key => $weight) {
$value = $elements[$key];
unset($elements[$key]);
$elements[$key] = $child;
$elements[$key] = $value;
}
$elements['#sorted'] = TRUE;
}
return array_keys($children);
return array_keys($child_weights);
}
/**
@@ -6952,7 +7022,16 @@ function drupal_common_theme() {
'variables' => array(),
),
'table' => array(
'variables' => array('header' => NULL, 'rows' => NULL, 'attributes' => array(), 'caption' => NULL, 'colgroups' => array(), 'sticky' => TRUE, 'empty' => ''),
'variables' => array(
'header' => NULL,
'footer' => NULL,
'rows' => NULL,
'attributes' => array(),
'caption' => NULL,
'colgroups' => array(),
'sticky' => TRUE,
'empty' => '',
),
),
'tablesort_indicator' => array(
'variables' => array('style' => NULL),

93
includes/database/database.inc
View File

@@ -184,7 +184,7 @@
*
* @see http://php.net/manual/book.pdo.php
*/
abstract class DatabaseConnection extends PDO {
abstract class DatabaseConnection {
/**
* The database target this connection is for.
@@ -261,6 +261,13 @@ abstract class DatabaseConnection extends PDO {
*/
protected $temporaryNameIndex = 0;
/**
* The actual PDO connection.
*
* @var \PDO
*/
protected $connection;
/**
* The connection information for this connection object.
*
@@ -310,6 +317,13 @@ abstract class DatabaseConnection extends PDO {
*/
protected $escapedAliases = array();
/**
* List of un-prefixed table names, keyed by prefixed table names.
*
* @var array
*/
protected $unprefixedTablesMap = array();
function __construct($dsn, $username, $password, $driver_options = array()) {
// Initialize and prepare the connection prefix.
$this->setPrefix(isset($this->connectionOptions['prefix']) ? $this->connectionOptions['prefix'] : '');
@@ -318,14 +332,27 @@ abstract class DatabaseConnection extends PDO {
$driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
// Call PDO::__construct and PDO::setAttribute.
parent::__construct($dsn, $username, $password, $driver_options);
$this->connection = new PDO($dsn, $username, $password, $driver_options);
// Set a Statement class, unless the driver opted out.
if (!empty($this->statementClass)) {
$this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array($this->statementClass, array($this)));
$this->connection->setAttribute(PDO::ATTR_STATEMENT_CLASS, array($this->statementClass, array($this)));
}
}
/**
* Proxy possible direct calls to the \PDO methods.
*
* Since PHP8.0 the signature of the the \PDO::query() method has changed,
* and this class can't extending \PDO any more.
*
* However, for the BC, proxy any calls to the \PDO methods to the actual
* PDO connection object.
*/
public function __call($name, $arguments) {
return call_user_func_array(array($this->connection, $name), $arguments);
}
/**
* Destroys this Connection object.
*
@@ -338,7 +365,9 @@ abstract class DatabaseConnection extends PDO {
// Destroy all references to this connection by setting them to NULL.
// The Statement class attribute only accepts a new value that presents a
// proper callable, so we reset it to PDOStatement.
$this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array()));
if (!empty($this->statementClass)) {
$this->connection->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array()));
}
$this->schema = NULL;
}
@@ -442,6 +471,13 @@ abstract class DatabaseConnection extends PDO {
$this->prefixReplace[] = $this->prefixes['default'];
$this->prefixSearch[] = '}';
$this->prefixReplace[] = '';
// Set up a map of prefixed => un-prefixed tables.
foreach ($this->prefixes as $table_name => $prefix) {
if ($table_name !== 'default') {
$this->unprefixedTablesMap[$prefix . $table_name] = $table_name;
}
}
}
/**
@@ -477,6 +513,17 @@ abstract class DatabaseConnection extends PDO {
}
}
/**
* Gets a list of individually prefixed table names.
*
* @return array
* An array of un-prefixed table names, keyed by their fully qualified table
* names (i.e. prefix + table_name).
*/
public function getUnprefixedTablesMap() {
return $this->unprefixedTablesMap;
}
/**
* Prepares a query string and returns the prepared statement.
*
@@ -494,7 +541,7 @@ abstract class DatabaseConnection extends PDO {
$query = $this->prefixTables($query);
// Call PDO::prepare.
return parent::prepare($query);
return $this->connection->prepare($query);
}
/**
@@ -706,7 +753,7 @@ abstract class DatabaseConnection extends PDO {
case Database::RETURN_AFFECTED:
return $stmt->rowCount();
case Database::RETURN_INSERT_ID:
return $this->lastInsertId();
return $this->connection->lastInsertId();
case Database::RETURN_NULL:
return;
default:
@@ -1089,7 +1136,7 @@ abstract class DatabaseConnection extends PDO {
$rolled_back_other_active_savepoints = TRUE;
}
}
parent::rollBack();
$this->connection->rollBack();
if ($rolled_back_other_active_savepoints) {
throw new DatabaseTransactionOutOfOrderException();
}
@@ -1117,7 +1164,7 @@ abstract class DatabaseConnection extends PDO {
$this->query('SAVEPOINT ' . $name);
}
else {
parent::beginTransaction();
$this->connection->beginTransaction();
}
$this->transactionLayers[$name] = $name;
}
@@ -1168,7 +1215,7 @@ abstract class DatabaseConnection extends PDO {
// If there are no more layers left then we should commit.
unset($this->transactionLayers[$name]);
if (empty($this->transactionLayers)) {
if (!parent::commit()) {
if (!$this->connection->commit()) {
throw new DatabaseTransactionCommitFailedException();
}
}
@@ -1252,7 +1299,7 @@ abstract class DatabaseConnection extends PDO {
* Returns the version of the database server.
*/
public function version() {
return $this->getAttribute(PDO::ATTR_SERVER_VERSION);
return $this->connection->getAttribute(PDO::ATTR_SERVER_VERSION);
}
/**
@@ -1697,12 +1744,16 @@ abstract class Database {
*
* @param $key
* The connection key.
* @param $close
* Whether to close the connection.
* @return
* TRUE in case of success, FALSE otherwise.
*/
final public static function removeConnection($key) {
final public static function removeConnection($key, $close = TRUE) {
if (isset(self::$databaseInfo[$key])) {
self::closeConnection(NULL, $key);
if ($close) {
self::closeConnection(NULL, $key);
}
unset(self::$databaseInfo[$key]);
return TRUE;
}
@@ -2840,7 +2891,6 @@ function db_field_exists($table, $field) {
*
* @param $table_expression
* An SQL expression, for example "simpletest%" (without the quotes).
* BEWARE: this is not prefixed, the caller should take care of that.
*
* @return
* Array, both the keys and the values are the matching tables.
@@ -2849,6 +2899,23 @@ function db_find_tables($table_expression) {
return Database::getConnection()->schema()->findTables($table_expression);
}
/**
* Finds all tables that are like the specified base table name. This is a
* backport of the change made to db_find_tables in Drupal 8 to work with
* virtual, un-prefixed table names. The original function is retained for
* Backwards Compatibility.
* @see https://www.drupal.org/node/2552435
*
* @param $table_expression
* An SQL expression, for example "simpletest%" (without the quotes).
*
* @return
* Array, both the keys and the values are the matching tables.
*/
function db_find_tables_d8($table_expression) {
return Database::getConnection()->schema()->findTablesD8($table_expression);
}
function _db_create_keys_sql($spec) {
return Database::getConnection()->schema()->createKeysSql($spec);
}

417
includes/database/mysql/database.inc
View File

@@ -5,6 +5,11 @@
* Database interface code for MySQL database servers.
*/
/**
* The default character for quoting identifiers in MySQL.
*/
define('MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT', '`');
/**
* @addtogroup database
* @{
@@ -19,6 +24,277 @@ class DatabaseConnection_mysql extends DatabaseConnection {
*/
protected $needsCleanup = FALSE;
/**
* The list of MySQL reserved key words.
*
* @link https://dev.mysql.com/doc/refman/8.0/en/keywords.html
*/
private $reservedKeyWords = array(
'accessible',
'add',
'admin',
'all',
'alter',
'analyze',
'and',
'as',
'asc',
'asensitive',
'before',
'between',
'bigint',
'binary',
'blob',
'both',
'by',
'call',
'cascade',
'case',
'change',
'char',
'character',
'check',
'collate',
'column',
'condition',
'constraint',
'continue',
'convert',
'create',
'cross',
'cube',
'cume_dist',
'current_date',
'current_time',
'current_timestamp',
'current_user',
'cursor',
'database',
'databases',
'day_hour',
'day_microsecond',
'day_minute',
'day_second',
'dec',
'decimal',
'declare',
'default',
'delayed',
'delete',
'dense_rank',
'desc',
'describe',
'deterministic',
'distinct',
'distinctrow',
'div',
'double',
'drop',
'dual',
'each',
'else',
'elseif',
'empty',
'enclosed',
'escaped',
'except',
'exists',
'exit',
'explain',
'false',
'fetch',
'first_value',
'float',
'float4',
'float8',
'for',
'force',
'foreign',
'from',
'fulltext',
'function',
'generated',
'get',
'grant',
'group',
'grouping',
'groups',
'having',
'high_priority',
'hour_microsecond',
'hour_minute',
'hour_second',
'if',
'ignore',
'in',
'index',
'infile',
'inner',
'inout',
'insensitive',
'insert',
'int',
'int1',
'int2',
'int3',
'int4',
'int8',
'integer',
'interval',
'into',
'io_after_gtids',
'io_before_gtids',
'is',
'iterate',
'join',
'json_table',
'key',
'keys',
'kill',
'lag',
'last_value',
'lead',
'leading',
'leave',
'left',
'like',
'limit',
'linear',
'lines',
'load',
'localtime',
'localtimestamp',
'lock',
'long',
'longblob',
'longtext',
'loop',
'low_priority',
'master_bind',
'master_ssl_verify_server_cert',
'match',
'maxvalue',
'mediumblob',
'mediumint',
'mediumtext',
'middleint',
'minute_microsecond',
'minute_second',
'mod',
'modifies',
'natural',
'not',
'no_write_to_binlog',
'nth_value',
'ntile',
'null',
'numeric',
'of',
'on',
'optimize',
'optimizer_costs',
'option',
'optionally',
'or',
'order',
'out',
'outer',
'outfile',
'over',
'partition',
'percent_rank',
'persist',
'persist_only',
'precision',
'primary',
'procedure',
'purge',
'range',
'rank',
'read',
'reads',
'read_write',
'real',
'recursive',
'references',
'regexp',
'release',
'rename',
'repeat',
'replace',
'require',
'resignal',
'restrict',
'return',
'revoke',
'right',
'rlike',
'row',
'rows',
'row_number',
'schema',
'schemas',
'second_microsecond',
'select',
'sensitive',
'separator',
'set',
'show',
'signal',
'smallint',
'spatial',
'specific',
'sql',
'sqlexception',
'sqlstate',
'sqlwarning',
'sql_big_result',
'sql_calc_found_rows',
'sql_small_result',
'ssl',
'starting',
'stored',
'straight_join',
'system',
'table',
'terminated',
'then',
'tinyblob',
'tinyint',
'tinytext',
'to',
'trailing',
'trigger',
'true',
'undo',
'union',
'unique',
'unlock',
'unsigned',
'update',
'usage',
'use',
'using',
'utc_date',
'utc_time',
'utc_timestamp',
'values',
'varbinary',
'varchar',
'varcharacter',
'varying',
'virtual',
'when',
'where',
'while',
'window',
'with',
'write',
'xor',
'year_month',
'zerofill',
);
public function __construct(array $connection_options = array()) {
// This driver defaults to transaction support, except if explicitly passed FALSE.
$this->transactionSupport = !isset($connection_options['transactions']) || ($connection_options['transactions'] !== FALSE);
@@ -69,10 +345,10 @@ class DatabaseConnection_mysql extends DatabaseConnection {
// certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci'
// for UTF-8.
if (!empty($connection_options['collation'])) {
$this->exec('SET NAMES ' . $charset . ' COLLATE ' . $connection_options['collation']);
$this->connection->exec('SET NAMES ' . $charset . ' COLLATE ' . $connection_options['collation']);
}
else {
$this->exec('SET NAMES ' . $charset);
$this->connection->exec('SET NAMES ' . $charset);
}
// Set MySQL init_commands if not already defined. Default Drupal's MySQL
@@ -86,15 +362,95 @@ class DatabaseConnection_mysql extends DatabaseConnection {
$connection_options += array(
'init_commands' => array(),
);
$sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO';
// NO_AUTO_CREATE_USER was removed in MySQL 8.0.11
// https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-11.html#mysqld-8-0-11-deprecation-removal
if (version_compare($this->connection->getAttribute(PDO::ATTR_SERVER_VERSION), '8.0.11', '<')) {
$sql_mode .= ',NO_AUTO_CREATE_USER';
}
$connection_options['init_commands'] += array(
'sql_mode' => "SET sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER'",
'sql_mode' => "SET sql_mode = '$sql_mode'",
);
// Execute initial commands.
foreach ($connection_options['init_commands'] as $sql) {
$this->exec($sql);
$this->connection->exec($sql);
}
}
/**
* {@inheritdoc}}
*/
protected function setPrefix($prefix) {
parent::setPrefix($prefix);
// Successive versions of MySQL have become increasingly strict about the
// use of reserved keywords as table names. Drupal 7 uses at least one such
// table (system). Therefore we surround all table names with quotes.
$quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);
foreach ($this->prefixSearch as $i => $prefixSearch) {
if (substr($prefixSearch, 0, 1) === '{') {
// If the prefix already contains one or more quotes remove them.
// This can happen when - for example - DrupalUnitTestCase sets up a
// "temporary prefixed database". Also if there's a dot in the prefix,
// wrap it in quotes to cater for schema names in prefixes.
$search = array($quote_char, '.');
$replace = array('', $quote_char . '.' . $quote_char);
$this->prefixReplace[$i] = $quote_char . str_replace($search, $replace, $this->prefixReplace[$i]);
}
if (substr($prefixSearch, -1) === '}') {
$this->prefixReplace[$i] .= $quote_char;
}
}
}
/**
* {@inheritdoc}
*/
public function escapeField($field) {
$field = parent::escapeField($field);
return $this->quoteIdentifier($field);
}
public function escapeFields(array $fields) {
foreach ($fields as &$field) {
$field = $this->escapeField($field);
}
return $fields;
}
/**
* {@inheritdoc}
*/
public function escapeAlias($field) {
$field = parent::escapeAlias($field);
return $this->quoteIdentifier($field);
}
/**
* Quotes an identifier if it matches a MySQL reserved keyword.
*
* @param string $identifier
* The field to check.
*
* @return string
* The identifier, quoted if it matches a MySQL reserved keyword.
*/
private function quoteIdentifier($identifier) {
// Quote identifiers so that MySQL reserved words like 'function' can be
// used as column names. Sometimes the 'table.column_name' format is passed
// in. For example, menu_load_links() adds a condition on "ml.menu_name".
if (strpos($identifier, '.') !== FALSE) {
list($table, $identifier) = explode('.', $identifier, 2);
}
if (in_array(strtolower($identifier), $this->reservedKeyWords, TRUE)) {
// Quote the string for MySQL reserved keywords.
$quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);
$identifier = $quote_char . $identifier . $quote_char;
}
return isset($table) ? $table . '.' . $identifier : $identifier;
}
public function __destruct() {
if ($this->needsCleanup) {
$this->nextIdDelete();
@@ -180,7 +536,7 @@ class DatabaseConnection_mysql extends DatabaseConnection {
// If there are no more layers left then we should commit.
unset($this->transactionLayers[$name]);
if (empty($this->transactionLayers)) {
if (!PDO::commit()) {
if (!$this->doCommit()) {
throw new DatabaseTransactionCommitFailedException();
}
}
@@ -203,7 +559,7 @@ class DatabaseConnection_mysql extends DatabaseConnection {
$this->transactionLayers = array();
// We also have to explain to PDO that the transaction stack has
// been cleaned-up.
PDO::commit();
$this->doCommit();
}
else {
throw $e;
@@ -213,6 +569,53 @@ class DatabaseConnection_mysql extends DatabaseConnection {
}
}
/**
* Do the actual commit, including a workaround for PHP 8 behaviour changes.
*
* @return bool
* Success or otherwise of the commit.
*/
protected function doCommit() {
if ($this->connection->inTransaction()) {
return $this->connection->commit();
}
else {
// In PHP 8.0 a PDOException is thrown when a commit is attempted with no
// transaction active. In previous PHP versions this failed silently.
return TRUE;
}
}
/**
* {@inheritdoc}
*/
public function rollback($savepoint_name = 'drupal_transaction') {
// MySQL will automatically commit transactions when tables are altered or
// created (DDL transactions are not supported). Prevent triggering an
// exception to ensure that the error that has caused the rollback is
// properly reported.
if (!$this->connection->inTransaction()) {
// Before PHP 8 $this->connection->inTransaction() will return TRUE and
// $this->connection->rollback() does not throw an exception; the
// following code is unreachable.
// If \DatabaseConnection::rollback() would throw an
// exception then continue to throw an exception.
if (!$this->inTransaction()) {
throw new DatabaseTransactionNoActiveException();
}
// A previous rollback to an earlier savepoint may mean that the savepoint
// in question has already been accidentally committed.
if (!isset($this->transactionLayers[$savepoint_name])) {
throw new DatabaseTransactionNoActiveException();
}
trigger_error('Rollback attempted when there is no active transaction. This can cause data integrity issues.', E_USER_WARNING);
return;
}
return parent::rollback($savepoint_name);
}
public function utf8mb4IsConfigurable() {
return TRUE;
}
@@ -223,7 +626,7 @@ class DatabaseConnection_mysql extends DatabaseConnection {
public function utf8mb4IsSupported() {
// Ensure that the MySQL driver supports utf8mb4 encoding.
$version = $this->getAttribute(PDO::ATTR_CLIENT_VERSION);
$version = $this->connection->getAttribute(PDO::ATTR_CLIENT_VERSION);
if (strpos($version, 'mysqlnd') !== FALSE) {
// The mysqlnd driver supports utf8mb4 starting at version 5.0.9.
$version = preg_replace('/^\D+([\d.]+).*/', '$1', $version);

18
includes/database/mysql/query.inc
View File

@@ -48,6 +48,10 @@ class InsertQuery_mysql extends InsertQuery {
// Default fields are always placed first for consistency.
$insert_fields = array_merge($this->defaultFields, $this->insertFields);
if (method_exists($this->connection, 'escapeFields')) {
$insert_fields = $this->connection->escapeFields($insert_fields);
}
// If we're selecting from a SelectQuery, finish building the query and
// pass it back, as any remaining options are irrelevant.
if (!empty($this->fromQuery)) {
@@ -89,6 +93,20 @@ class InsertQuery_mysql extends InsertQuery {
class TruncateQuery_mysql extends TruncateQuery { }
class UpdateQuery_mysql extends UpdateQuery {
public function __toString() {
if (method_exists($this->connection, 'escapeField')) {
$escapedFields = array();
foreach ($this->fields as $field => $data) {
$field = $this->connection->escapeField($field);
$escapedFields[$field] = $data;
}
$this->fields = $escapedFields;
}
return parent::__toString();
}
}
/**
* @} End of "addtogroup database".
*/

9
includes/database/mysql/schema.inc
View File

@@ -57,6 +57,11 @@ class DatabaseSchema_mysql extends DatabaseSchema {
protected function buildTableNameCondition($table_name, $operator = '=', $add_prefix = TRUE) {
$info = $this->connection->getConnectionOptions();
// Ensure the table name is not surrounded with quotes as that is not
// appropriate for schema queries.
$quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);
$table_name = str_replace($quote_char, '', $table_name);
$table_info = $this->getPrefixInfo($table_name, $add_prefix);
$condition = new DatabaseCondition('AND');
@@ -494,11 +499,11 @@ class DatabaseSchema_mysql extends DatabaseSchema {
$condition->condition('column_name', $column);
$condition->compile($this->connection, $this);
// Don't use {} around information_schema.columns table.
return $this->connection->query("SELECT column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField();
return $this->connection->query("SELECT column_comment AS column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField();
}
$condition->compile($this->connection, $this);
// Don't use {} around information_schema.tables table.
$comment = $this->connection->query("SELECT table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField();
$comment = $this->connection->query("SELECT table_comment AS table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField();
// Work-around for MySQL 5.0 bug http://bugs.mysql.com/bug.php?id=11379
return preg_replace('/; InnoDB free:.*$/', '', $comment);
}

6
includes/database/pgsql/database.inc
View File

@@ -66,11 +66,11 @@ class DatabaseConnection_pgsql extends DatabaseConnection {
parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']);
// Force PostgreSQL to use the UTF-8 character set by default.
$this->exec("SET NAMES 'UTF8'");
$this->connection->exec("SET NAMES 'UTF8'");
// Execute PostgreSQL init_commands.
if (isset($connection_options['init_commands'])) {
$this->exec(implode('; ', $connection_options['init_commands']));
$this->connection->exec(implode('; ', $connection_options['init_commands']));
}
}
@@ -117,7 +117,7 @@ class DatabaseConnection_pgsql extends DatabaseConnection {
case Database::RETURN_AFFECTED:
return $stmt->rowCount();
case Database::RETURN_INSERT_ID:
return $this->lastInsertId($options['sequence_name']);
return $this->connection->lastInsertId($options['sequence_name']);
case Database::RETURN_NULL:
return;
default:

70
includes/database/schema.inc
View File

@@ -169,6 +169,11 @@ require_once dirname(__FILE__) . '/query.inc';
*/
abstract class DatabaseSchema implements QueryPlaceholderInterface {
/**
* The database connection.
*
* @var DatabaseConnection
*/
protected $connection;
/**
@@ -343,7 +348,70 @@ abstract class DatabaseSchema implements QueryPlaceholderInterface {
// couldn't use db_select() here because it would prefix
// information_schema.tables and the query would fail.
// Don't use {} around information_schema.tables table.
return $this->connection->query("SELECT table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0);
return $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0);
}
/**
* Finds all tables that are like the specified base table name. This is a
* backport of the change made to findTables in Drupal 8 to work with virtual,
* un-prefixed table names. The original function is retained for Backwards
* Compatibility.
* @see https://www.drupal.org/node/2552435
*
* @param string $table_expression
* An SQL expression, for example "cache_%" (without the quotes).
*
* @return array
* Both the keys and the values are the matching tables.
*/
public function findTablesD8($table_expression) {
// Load all the tables up front in order to take into account per-table
// prefixes. The actual matching is done at the bottom of the method.
$condition = $this->buildTableNameCondition('%', 'LIKE');
$condition->compile($this->connection, $this);
$individually_prefixed_tables = $this->connection->getUnprefixedTablesMap();
$default_prefix = $this->connection->tablePrefix();
$default_prefix_length = strlen($default_prefix);
$tables = array();
// Normally, we would heartily discourage the use of string
// concatenation for conditionals like this however, we
// couldn't use db_select() here because it would prefix
// information_schema.tables and the query would fail.
// Don't use {} around information_schema.tables table.
$results = $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments());
foreach ($results as $table) {
// Take into account tables that have an individual prefix.
if (isset($individually_prefixed_tables[$table->table_name])) {
$prefix_length = strlen($this->connection->tablePrefix($individually_prefixed_tables[$table->table_name]));
}
elseif ($default_prefix && substr($table->table_name, 0, $default_prefix_length) !== $default_prefix) {
// This table name does not start the default prefix, which means that
// it is not managed by Drupal so it should be excluded from the result.
continue;
}
else {
$prefix_length = $default_prefix_length;
}
// Remove the prefix from the returned tables.
$unprefixed_table_name = substr($table->table_name, $prefix_length);
// The pattern can match a table which is the same as the prefix. That
// will become an empty string when we remove the prefix, which will
// probably surprise the caller, besides not being a prefixed table. So
// remove it.
if (!empty($unprefixed_table_name)) {
$tables[$unprefixed_table_name] = $unprefixed_table_name;
}
}
// Convert the table expression from its SQL LIKE syntax to a regular
// expression and escape the delimiter that will be used for matching.
$table_expression = str_replace(array('%', '_'), array('.*?', '.'), preg_quote($table_expression, '/'));
$tables = preg_grep('/^' . $table_expression . '$/i', $tables);
return $tables;
}
/**

11
includes/database/select.inc
View File

@@ -964,7 +964,7 @@ class SelectQuery extends Query implements SelectQueryInterface {
*/
protected $forUpdate = FALSE;
public function __construct($table, $alias = NULL, DatabaseConnection $connection, $options = array()) {
public function __construct($table, $alias, DatabaseConnection $connection, $options = array()) {
$options['return'] = Database::RETURN_STATEMENT;
parent::__construct($connection, $options);
$this->where = new DatabaseCondition('AND');
@@ -1520,13 +1520,16 @@ class SelectQuery extends Query implements SelectQueryInterface {
$fields = array();
foreach ($this->tables as $alias => $table) {
if (!empty($table['all_fields'])) {
$fields[] = $this->connection->escapeTable($alias) . '.*';
$fields[] = $this->connection->escapeAlias($alias) . '.*';
}
}
foreach ($this->fields as $alias => $field) {
// Note that $field['table'] holds the table alias.
// @see \SelectQuery::addField
$table = isset($field['table']) ? $this->connection->escapeAlias($field['table']) . '.' : '';
// Always use the AS keyword for field aliases, as some
// databases require it (e.g., PostgreSQL).
$fields[] = (isset($field['table']) ? $this->connection->escapeTable($field['table']) . '.' : '') . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']);
$fields[] = $table . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']);
}
foreach ($this->expressions as $alias => $expression) {
$fields[] = $expression['expression'] . ' AS ' . $this->connection->escapeAlias($expression['alias']);
@@ -1555,7 +1558,7 @@ class SelectQuery extends Query implements SelectQueryInterface {
// Don't use the AS keyword for table aliases, as some
// databases don't support it (e.g., Oracle).
$query .= $table_string . ' ' . $this->connection->escapeTable($table['alias']);
$query .= $table_string . ' ' . $this->connection->escapeAlias($table['alias']);
if (!empty($table['condition'])) {
$query .= ' ON ' . $table['condition'];

44
includes/database/sqlite/database.inc
View File

@@ -107,9 +107,21 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
$this->sqliteCreateFunction('substring_index', array($this, 'sqlFunctionSubstringIndex'), 3);
$this->sqliteCreateFunction('rand', array($this, 'sqlFunctionRand'));
// Enable the Write-Ahead Logging (WAL) option for SQLite if supported.
// @see https://www.drupal.org/node/2348137
// @see https://sqlite.org/wal.html
if (version_compare($version, '3.7') >= 0) {
$connection_options += array(
'init_commands' => array(),
);
$connection_options['init_commands'] += array(
'wal' => "PRAGMA journal_mode=WAL",
);
}
// Execute sqlite init_commands.
if (isset($connection_options['init_commands'])) {
$this->exec(implode('; ', $connection_options['init_commands']));
$this->connection->exec(implode('; ', $connection_options['init_commands']));
}
}
@@ -128,10 +140,10 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
$count = $this->query('SELECT COUNT(*) FROM ' . $prefix . '.sqlite_master WHERE type = :type AND name NOT LIKE :pattern', array(':type' => 'table', ':pattern' => 'sqlite_%'))->fetchField();
// We can prune the database file if it doesn't have any tables.
if ($count == 0) {
// Detach the database.
$this->query('DETACH DATABASE :schema', array(':schema' => $prefix));
// Destroy the database file.
if ($count == 0 && $this->connectionOptions['database'] != ':memory:') {
// Detaching the database fails at this point, but no other queries
// are executed after the connection is destructed so we can simply
// remove the database file.
unlink($this->connectionOptions['database'] . '-' . $prefix);
}
}
@@ -143,6 +155,18 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
}
}
/**
* Gets all the attached databases.
*
* @return array
* An array of attached database names.
*
* @see DatabaseConnection_sqlite::__construct().
*/
public function getAttachedDatabases() {
return $this->attachedDatabases;
}
/**
* SQLite compatibility implementation for the IF() SQL function.
*/
@@ -235,7 +259,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
* expose this function to the world.
*/
public function PDOPrepare($query, array $options = array()) {
return parent::prepare($query, $options);
return $this->connection->prepare($query, $options);
}
public function queryRange($query, $from, $count, array $args = array(), array $options = array()) {
@@ -326,7 +350,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
}
}
if ($this->supportsTransactions()) {
PDO::rollBack();
$this->connection->rollBack();
}
}
@@ -341,7 +365,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
throw new DatabaseTransactionNameNonUniqueException($name . " is already in use.");
}
if (!$this->inTransaction()) {
PDO::beginTransaction();
$this->connection->beginTransaction();
}
$this->transactionLayers[$name] = $name;
}
@@ -366,9 +390,9 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
// If there was any rollback() we should roll back whole transaction.
if ($this->willRollback) {
$this->willRollback = FALSE;
PDO::rollBack();
$this->connection->rollBack();
}
elseif (!PDO::commit()) {
elseif (!$this->connection->commit()) {
throw new DatabaseTransactionCommitFailedException();
}
}

7
includes/database/sqlite/query.inc
View File

@@ -23,7 +23,7 @@ class InsertQuery_sqlite extends InsertQuery {
if (!$this->preExecute()) {
return NULL;
}
if (count($this->insertFields)) {
if (count($this->insertFields) || !empty($this->fromQuery)) {
return parent::execute();
}
else {
@@ -36,7 +36,10 @@ class InsertQuery_sqlite extends InsertQuery {
$comments = $this->connection->makeComment($this->comments);
// Produce as many generic placeholders as necessary.
$placeholders = array_fill(0, count($this->insertFields), '?');
$placeholders = array();
if (!empty($this->insertFields)) {
$placeholders = array_fill(0, count($this->insertFields), '?');
}
// If we're selecting from a SelectQuery, finish building the query and
// pass it back, as any remaining options are irrelevant.

31
includes/database/sqlite/schema.inc
View File

@@ -668,6 +668,9 @@ class DatabaseSchema_sqlite extends DatabaseSchema {
$this->alterTable($table, $old_schema, $new_schema);
}
/**
* {@inheritdoc}
*/
public function findTables($table_expression) {
// Don't add the prefix, $table_expression already includes the prefix.
$info = $this->getPrefixInfo($table_expression, FALSE);
@@ -680,4 +683,32 @@ class DatabaseSchema_sqlite extends DatabaseSchema {
));
return $result->fetchAllKeyed(0, 0);
}
/**
* {@inheritdoc}
*/
public function findTablesD8($table_expression) {
$tables = array();
// The SQLite implementation doesn't need to use the same filtering strategy
// as the parent one because individually prefixed tables live in their own
// schema (database), which means that neither the main database nor any
// attached one will contain a prefixed table name, so we just need to loop
// over all known schemas and filter by the user-supplied table expression.
$attached_dbs = $this->connection->getAttachedDatabases();
foreach ($attached_dbs as $schema) {
// Can't use query placeholders for the schema because the query would
// have to be :prefixsqlite_master, which does not work. We also need to
// ignore the internal SQLite tables.
$result = db_query("SELECT name FROM " . $schema . ".sqlite_master WHERE type = :type AND name LIKE :table_name AND name NOT LIKE :pattern", array(
':type' => 'table',
':table_name' => $table_expression,
':pattern' => 'sqlite_%',
));
$tables += $result->fetchAllKeyed(0, 0);
}
return $tables;
}
}

5
includes/errors.inc
View File

@@ -48,11 +48,8 @@ function drupal_error_levels() {
* The filename that the error was raised in.
* @param $line
* The line number the error was raised at.
* @param $context
* An array that points to the active symbol table at the point the error
* occurred.
*/
function _drupal_error_handler_real($error_level, $message, $filename, $line, $context) {
function _drupal_error_handler_real($error_level, $message, $filename, $line) {
if ($error_level & error_reporting()) {
$types = drupal_error_levels();
list($severity_msg, $severity_level) = $types[$error_level];

73
includes/file.inc
View File

@@ -532,6 +532,9 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
EOF;
if ($private) {
@@ -1144,8 +1147,8 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST
* exploit.php_.pps.
*
* Specifically, this function adds an underscore to all extensions that are
* between 2 and 5 characters in length, internal to the file name, and not
* included in $extensions.
* between 2 and 5 characters in length, internal to the file name, and either
* included in the list of unsafe extensions, or not included in $extensions.
*
* Function behavior is also controlled by the Drupal variable
* 'allow_insecure_uploads'. If 'allow_insecure_uploads' evaluates to TRUE, no
@@ -1154,7 +1157,8 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST
* @param $filename
* File name to modify.
* @param $extensions
* A space-separated list of extensions that should not be altered.
* A space-separated list of extensions that should not be altered. Note that
* extensions that are unsafe will be altered regardless of this parameter.
* @param $alerts
* If TRUE, drupal_set_message() will be called to display a message if the
* file name was changed.
@@ -1172,6 +1176,10 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
$whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
// Remove unsafe extensions from the list of allowed extensions. The list is
// copied from file_save_upload().
$whitelist = array_diff($whitelist, explode('|', 'php|phar|pl|py|cgi|asp|js'));
// Split the filename up by periods. The first part becomes the basename
// the last part the final extension.
$filename_parts = explode('.', $filename);
@@ -1539,25 +1547,35 @@ function file_save_upload($form_field_name, $validators = array(), $destination
$validators['file_validate_extensions'][0] = $extensions;
}
if (!empty($extensions)) {
// Munge the filename to protect against possible malicious extension hiding
// within an unknown file type (ie: filename.html.foo).
$file->filename = file_munge_filename($file->filename, $extensions);
}
// Rename potentially executable files, to help prevent exploits (i.e. will
// rename filename.php.foo and filename.php to filename.php.foo.txt and
// filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads'
// evaluates to TRUE.
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
$file->filemime = 'text/plain';
// The destination filename will also later be used to create the URI.
$file->filename .= '.txt';
// The .txt extension may not be in the allowed list of extensions. We have
// to add it here or else the file upload will fail.
if (!variable_get('allow_insecure_uploads', 0)) {
if (!empty($extensions)) {
$validators['file_validate_extensions'][0] .= ' txt';
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename)));
// Munge the filename to protect against possible malicious extension hiding
// within an unknown file type (ie: filename.html.foo).
$file->filename = file_munge_filename($file->filename, $extensions);
}
// Rename potentially executable files, to help prevent exploits (i.e. will
// rename filename.php.foo and filename.php to filename.php_.foo_.txt and
// filename.php_.txt, respectively). Don't rename if 'allow_insecure_uploads'
// evaluates to TRUE.
if (preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) {
// If the file will be rejected anyway due to a disallowed extension, it
// should not be renamed; rather, we'll let file_validate_extensions()
// reject it below.
if (!isset($validators['file_validate_extensions']) || !file_validate_extensions($file, $extensions)) {
$file->filemime = 'text/plain';
if (substr($file->filename, -4) != '.txt') {
// The destination filename will also later be used to create the URI.
$file->filename .= '.txt';
}
$file->filename = file_munge_filename($file->filename, $extensions, FALSE);
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename)));
// The .txt extension may not be in the allowed list of extensions. We have
// to add it here or else the file upload will fail.
if (!empty($validators['file_validate_extensions'][0])) {
$validators['file_validate_extensions'][0] .= ' txt';
}
}
}
}
@@ -1725,7 +1743,18 @@ function file_validate(stdClass &$file, $validators = array()) {
}
// Let other modules perform validation on the new file.
return array_merge($errors, module_invoke_all('file_validate', $file));
$errors = array_merge($errors, module_invoke_all('file_validate', $file));
// Ensure the file does not contain a malicious extension. At this point
// file_save_upload() will have munged the file so it does not contain a
// malicious extension. Contributed and custom code that calls this method
// needs to take similar steps if they need to permit files with malicious
// extensions to be uploaded.
if (empty($errors) && !variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) {
$errors[] = t('For security reasons, your upload has been rejected.');
}
return $errors;
}
/**

2
includes/filetransfer/filetransfer.inc
View File

@@ -301,7 +301,7 @@ abstract class FileTransfer {
$parts = explode('/', $path);
$chroot = '';
while (count($parts)) {
$check = implode($parts, '/');
$check = implode('/', $parts);
if ($this->isFile($check . '/' . drupal_basename(__FILE__))) {
// Remove the trailing slash.
return substr($chroot, 0, -1);

27
includes/form.inc
View File

@@ -1135,12 +1135,8 @@ function drupal_prepare_form($form_id, &$form, &$form_state) {
* Helper function to call form_set_error() if there is a token error.
*/
function _drupal_invalid_token_set_form_error() {
$path = current_path();
$query = drupal_get_query_parameters();
$url = url($path, array('query' => $query));
// Setting this error will cause the form to fail validation.
form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));
form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
}
/**
@@ -1181,6 +1177,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
if (!empty($form['#token'])) {
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
_drupal_invalid_token_set_form_error();
// Ignore all submitted values.
$form_state['input'] = array();
$_POST = array();
// Make sure file uploads do not get processed.
$_FILES = array();
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
@@ -1360,7 +1361,10 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) {
// The following errors are always shown.
if (isset($elements['#needs_validation'])) {
// Verify that the value is not longer than #maxlength.
if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
if (isset($elements['#maxlength']) && (isset($elements['#value']) && !is_scalar($elements['#value']))) {
form_error($elements, $t('An illegal value has been detected. Please contact the site administrator.'));
}
elseif (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value']))));
}
@@ -1848,6 +1852,9 @@ function form_builder($form_id, &$element, &$form_state) {
_drupal_invalid_token_set_form_error();
// This value is checked in _form_builder_handle_input_element().
$form_state['invalid_token'] = TRUE;
// Ignore all submitted values.
$form_state['input'] = array();
$_POST = array();
// Make sure file uploads do not get processed.
$_FILES = array();
}
@@ -4120,9 +4127,17 @@ function form_process_weight($element) {
$max_elements = variable_get('drupal_weight_select_max', DRUPAL_WEIGHT_SELECT_MAX);
if ($element['#delta'] <= $max_elements) {
$element['#type'] = 'select';
$weights = array();
for ($n = (-1 * $element['#delta']); $n <= $element['#delta']; $n++) {
$weights[$n] = $n;
}
if (isset($element['#default_value'])) {
$default_value = (int) $element['#default_value'];
if (!isset($weights[$default_value])) {
$weights[$default_value] = $default_value;
ksort($weights);
}
}
$element['#options'] = $weights;
$element += element_info('select');
}

64
includes/mail.inc
View File

@@ -12,6 +12,12 @@
*/
define('MAIL_LINE_ENDINGS', isset($_SERVER['WINDIR']) || (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) ? "\r\n" : "\n");
/**
* Special characters, defined in RFC_2822.
*/
define('MAIL_RFC_2822_SPECIALS', '()<>[]:;@\,."');
/**
* Composes and optionally sends an e-mail message.
*
@@ -148,8 +154,13 @@ function drupal_mail($module, $key, $to, $language, $params = array(), $from = N
// Return-Path headers should have a domain authorized to use the originating
// SMTP server.
$headers['From'] = $headers['Sender'] = $headers['Return-Path'] = $default_from;
if (variable_get('mail_display_name_site_name', FALSE)) {
$display_name = variable_get('site_name', 'Drupal');
$headers['From'] = drupal_mail_format_display_name($display_name) . ' <' . $default_from . '>';
}
}
if ($from) {
if ($from && $from != $default_from) {
$headers['From'] = $from;
}
$message['headers'] = $headers;
@@ -557,10 +568,59 @@ function drupal_html_to_text($string, $allowed_tags = NULL) {
return $output . $footnotes;
}
/**
* Return a RFC-2822 compliant "display-name" component.
*
* The "display-name" component is used in mail header "Originator" fields
* (From, Sender, Reply-to) to give a human-friendly description of the
* address, i.e. From: My Display Name <xyz@example.org>. RFC-822 and
* RFC-2822 define its syntax and rules. This method gets as input a string
* to be used as "display-name" and formats it to be RFC compliant.
*
* @param string $string
* A string to be used as "display-name".
*
* @return string
* A RFC compliant version of the string, ready to be used as
* "display-name" in mail originator header fields.
*/
function drupal_mail_format_display_name($string) {
// Make sure we don't process html-encoded characters. They may create
// unneeded trouble if left encoded, besides they will be correctly
// processed if decoded.
$string = decode_entities($string);
// If string contains non-ASCII characters it must be (short) encoded
// according to RFC-2047. The output of a "B" (Base64) encoded-word is
// always safe to be used as display-name.
$safe_display_name = mime_header_encode($string, TRUE);
// Encoded-words are always safe to be used as display-name because don't
// contain any RFC 2822 "specials" characters. However
// mimeHeaderEncode() encodes a string only if it contains any
// non-ASCII characters, and leaves its value untouched (un-encoded) if
// ASCII only. For this reason in order to produce a valid display-name we
// still need to make sure there are no "specials" characters left.
if (preg_match('/[' . preg_quote(MAIL_RFC_2822_SPECIALS) . ']/', $safe_display_name)) {
// If string is already quoted, it may or may not be escaped properly, so
// don't trust it and reset.
if (preg_match('/^"(.+)"$/', $safe_display_name, $matches)) {
$safe_display_name = str_replace(array('\\\\', '\\"'), array('\\', '"'), $matches[1]);
}
// Transform the string in a RFC-2822 "quoted-string" by wrapping it in
// double-quotes. Also make sure '"' and '\' occurrences are escaped.
$safe_display_name = '"' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $safe_display_name) . '"';
}
return $safe_display_name;
}
/**
* Wraps words on a single line.
*
* Callback for array_walk() winthin drupal_wrap_mail().
* Callback for array_walk() within drupal_wrap_mail().
*/
function _drupal_wrap_mail_line(&$line, $key, $values) {
// Use soft-breaks only for purely quoted or unindented text.

9
includes/menu.inc
View File

@@ -317,7 +317,7 @@ define('MENU_PREFERRED_LINK', '1cf698d64d1aa4b83907cf6ed55db3a7f8e92c91');
* actually exists. This list of 'masks' is built in menu_rebuild().
*
* @param $parts
* An array of path parts; for the above example,
* An array of path parts; for the above example,
* array('node', '12345', 'edit').
*
* @return
@@ -1067,7 +1067,7 @@ function menu_tree_output($tree) {
// the active class accordingly. But local tasks do not appear in menu
// trees, so if the current path is a local task, and this link is its
// tab root, then we have to set the class manually.
if ($data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) {
if ($router_item && $data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) {
$data['link']['localized_options']['attributes']['class'][] = 'active';
}
@@ -2483,6 +2483,9 @@ function menu_link_get_preferred($path = NULL, $selected_menu = NULL) {
// untranslated paths). Afterwards, the most relevant path is picked from
// the menus, ordered by menu preference.
$item = menu_get_item($path);
if ($item === FALSE) {
return FALSE;
}
$path_candidates = array();
// 1. The current item href.
$path_candidates[$item['href']] = $item['href'];
@@ -2592,7 +2595,7 @@ function menu_get_active_breadcrumb() {
// Don't show a link to the current page in the breadcrumb trail.
$end = end($active_trail);
if ($item['href'] == $end['href']) {
if (is_array($end) && $item['href'] == $end['href']) {
array_pop($active_trail);
}

32
includes/pager.inc
View File

@@ -321,9 +321,19 @@ function theme_pager($variables) {
$tags = $variables['tags'];
$element = $variables['element'];
$parameters = $variables['parameters'];
$quantity = $variables['quantity'];
$quantity = empty($variables['quantity']) ? 0 : $variables['quantity'];
global $pager_page_array, $pager_total;
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// Nothing to do if there is only one page.
if ($pager_total[$element] <= 1) {
return;
}
// Calculate various markers within this pager piece:
// Middle is used to "center" pages around the current page.
$pager_middle = ceil($quantity / 2);
@@ -455,6 +465,11 @@ function theme_pager_first($variables) {
global $pager_page_array;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element])) {
return;
}
// If we are anywhere but the first page
if ($pager_page_array[$element] > 0) {
$output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array(0, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));
@@ -485,6 +500,11 @@ function theme_pager_previous($variables) {
global $pager_page_array;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element])) {
return;
}
// If we are anywhere but the first page
if ($pager_page_array[$element] > 0) {
$page_new = pager_load_array($pager_page_array[$element] - $interval, $element, $pager_page_array);
@@ -524,6 +544,11 @@ function theme_pager_next($variables) {
global $pager_page_array, $pager_total;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// If we are anywhere but the last page
if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
$page_new = pager_load_array($pager_page_array[$element] + $interval, $element, $pager_page_array);
@@ -560,6 +585,11 @@ function theme_pager_last($variables) {
global $pager_page_array, $pager_total;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// If we are anywhere but the last page
if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
$output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array($pager_total[$element] - 1, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));

14
includes/path.inc
View File

@@ -466,13 +466,15 @@ function path_delete($criteria) {
$criteria = array('pid' => $criteria);
}
$path = path_load($criteria);
$query = db_delete('url_alias');
foreach ($criteria as $field => $value) {
$query->condition($field, $value);
if (isset($path['source'])) {
$query = db_delete('url_alias');
foreach ($criteria as $field => $value) {
$query->condition($field, $value);
}
$query->execute();
module_invoke_all('path_delete', $path);
drupal_clear_path_cache($path['source']);
}
$query->execute();
module_invoke_all('path_delete', $path);
drupal_clear_path_cache($path['source']);
}
/**

2
includes/request-sanitizer.inc
View File

@@ -99,7 +99,7 @@ class DrupalRequestSanitizer {
protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}

75
includes/session.inc
View File

@@ -284,6 +284,20 @@ function drupal_session_start() {
// Save current session data before starting it, as PHP will destroy it.
$session_data = isset($_SESSION) ? $_SESSION : NULL;
// Apply any overrides to the session cookie params.
$params = $original_params = session_get_cookie_params();
// PHP settings for samesite will be handled by _drupal_cookie_params().
unset($params['samesite']);
$params = _drupal_cookie_params($params);
if ($params !== $original_params) {
if (\PHP_VERSION_ID >= 70300) {
session_set_cookie_params($params);
}
else {
session_set_cookie_params($params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
}
session_start();
drupal_session_started(TRUE);
@@ -323,7 +337,14 @@ function drupal_session_commit() {
$insecure_session_name = substr(session_name(), 1);
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
$options = array(
'expires' => $expire,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => FALSE,
'httponly' => $params['httponly'],
);
drupal_setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $options);
}
}
// Write the session data.
@@ -365,19 +386,36 @@ function drupal_session_regenerate() {
// $params['lifetime'] seconds from the current request. If it is not set,
// it will expire when the browser is closed.
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
$options = array(
'expires' => $expire,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => FALSE,
'httponly' => $params['httponly'],
);
drupal_setcookie($insecure_session_name, $session_id, $options);
$_COOKIE[$insecure_session_name] = $session_id;
}
if (drupal_session_started()) {
$old_session_id = session_id();
_drupal_session_regenerate_existing();
}
else {
session_id(drupal_random_key());
}
session_id(drupal_random_key());
if (isset($old_session_id)) {
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$options = array(
'expires' => $expire,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => $params['secure'],
'httponly' => $params['httponly'],
);
drupal_setcookie(session_name(), session_id(), $options);
$fields = array('sid' => session_id());
if ($is_https) {
$fields['ssid'] = session_id();
@@ -412,6 +450,26 @@ function drupal_session_regenerate() {
date_default_timezone_set(drupal_get_user_timezone());
}
/**
* Regenerates an existing session.
*/
function _drupal_session_regenerate_existing() {
global $user;
// Preserve existing settings for the saving of sessions.
$original_save_session_status = drupal_save_session();
// Turn off saving of sessions.
drupal_save_session(FALSE);
session_write_close();
drupal_session_started(FALSE);
// Preserve the user object, as starting a new session will reset it.
$original_user = $user;
session_id(drupal_random_key());
drupal_session_start();
$user = $original_user;
// Restore the original settings for the saving of sessions.
drupal_save_session($original_save_session_status);
}
/**
* Session handler assigned by session_set_save_handler().
*
@@ -465,7 +523,14 @@ function _drupal_session_delete_cookie($name, $secure = NULL) {
if ($secure !== NULL) {
$params['secure'] = $secure;
}
setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$options = array(
'expires' => REQUEST_TIME - 3600,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => $params['secure'],
'httponly' => $params['httponly'],
);
drupal_setcookie($name, '', $options);
unset($_COOKIE[$name]);
}
}

67
includes/theme.inc
View File

@@ -1911,7 +1911,7 @@ function theme_breadcrumb($variables) {
/**
* Returns HTML for a table.
*
* @param $variables
* @param array $variables
* An associative array containing:
* - header: An array containing the table headers. Each element of the array
* can be either a localized string or an associative array with the
@@ -1948,6 +1948,11 @@ function theme_breadcrumb($variables) {
* )
* );
* @endcode
* - footer: An array of table rows which will be printed within a <tfoot>
* tag, in the same format as the rows element (see above).
* The structure is the same the one defined for the "rows" key except
* that the no_striping boolean has no effect, there is no rows striping
* for the table footer.
* - attributes: An array of HTML attributes to apply to the table tag.
* - caption: A localized string to use for the <caption> tag.
* - colgroups: An array of column groups. Each element of the array can be
@@ -1984,8 +1989,11 @@ function theme_breadcrumb($variables) {
* - sticky: Use a "sticky" table header.
* - empty: The message to display in an extra row if table does not have any
* rows.
*
* @return string
* The HTML output.
*/
function theme_table($variables) {
function theme_table(array $variables) {
$header = $variables['header'];
$rows = $variables['rows'];
$attributes = $variables['attributes'];
@@ -2049,17 +2057,27 @@ function theme_table($variables) {
if (!empty($header)) {
foreach ($header as $header_cell) {
if (is_array($header_cell)) {
$header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
$header_count += isset($header_cell['colspan']) ?
$header_cell['colspan'] : 1;
}
else {
$header_count++;
}
}
}
$rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message')));
$rows[] = array(
array(
'data' => $empty,
'colspan' => $header_count,
'class' => array(
'empty',
'message'
),
),
);
}
// Format the table header:
// Format the table header.
if (!empty($header)) {
$ts = tablesort_init($header);
// HTML requires that the thead tag has tr tags in it followed by tbody
@@ -2069,23 +2087,39 @@ function theme_table($variables) {
$cell = tablesort_header($cell, $header, $ts);
$output .= _theme_table_cell($cell, TRUE);
}
// Using ternary operator to close the tags based on whether or not there are rows
// Using ternary operator to close the tags based on whether
// or not there are rows.
$output .= (!empty($rows) ? " </tr></thead>\n" : "</tr>\n");
}
else {
$ts = array();
}
// Format the table rows:
// Format the table and footer rows.
$sections = array();
if (!empty($rows)) {
$output .= "<tbody>\n";
$sections['tbody'] = $rows;
}
if (!empty($variables['footer'])) {
$sections['tfoot'] = $variables['footer'];
}
// tbody and tfoot have the same structure and are built using the same
// procedure.
foreach ($sections as $tag => $content) {
$output .= "<" . $tag . ">\n";
$flip = array('even' => 'odd', 'odd' => 'even');
$class = 'even';
foreach ($rows as $number => $row) {
// Check if we're dealing with a simple or complex row
$default_no_striping = ($tag === 'tfoot');
foreach ($content as $number => $row) {
// Check if we're dealing with a simple or complex row.
if (isset($row['data'])) {
$cells = $row['data'];
$no_striping = isset($row['no_striping']) ? $row['no_striping'] : FALSE;
$no_striping = isset($row['no_striping']) ?
$row['no_striping'] : $default_no_striping;
// Set the attributes array and exclude 'data' and 'no_striping'.
$attributes = $row;
@@ -2095,16 +2129,17 @@ function theme_table($variables) {
else {
$cells = $row;
$attributes = array();
$no_striping = FALSE;
$no_striping = $default_no_striping;
}
if (!empty($cells)) {
// Add odd/even class
// Add odd/even class.
if (!$no_striping) {
$class = $flip[$class];
$attributes['class'][] = $class;
}
// Build row
// Build row.
$output .= ' <tr' . drupal_attributes($attributes) . '>';
$i = 0;
foreach ($cells as $cell) {
@@ -2114,10 +2149,12 @@ function theme_table($variables) {
$output .= " </tr>\n";
}
}
$output .= "</tbody>\n";
$output .= "</" . $tag . ">\n";
}
$output .= "</table>\n";
return $output;
}