updated core to 7.80
This commit is contained in:
@@ -1135,12 +1135,8 @@ function drupal_prepare_form($form_id, &$form, &$form_state) {
|
||||
* Helper function to call form_set_error() if there is a token error.
|
||||
*/
|
||||
function _drupal_invalid_token_set_form_error() {
|
||||
$path = current_path();
|
||||
$query = drupal_get_query_parameters();
|
||||
$url = url($path, array('query' => $query));
|
||||
|
||||
// Setting this error will cause the form to fail validation.
|
||||
form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));
|
||||
form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1181,6 +1177,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
|
||||
if (!empty($form['#token'])) {
|
||||
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
|
||||
_drupal_invalid_token_set_form_error();
|
||||
// Ignore all submitted values.
|
||||
$form_state['input'] = array();
|
||||
$_POST = array();
|
||||
// Make sure file uploads do not get processed.
|
||||
$_FILES = array();
|
||||
// Stop here and don't run any further validation handlers, because they
|
||||
// could invoke non-safe operations which opens the door for CSRF
|
||||
// vulnerabilities.
|
||||
@@ -1360,7 +1361,10 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) {
|
||||
// The following errors are always shown.
|
||||
if (isset($elements['#needs_validation'])) {
|
||||
// Verify that the value is not longer than #maxlength.
|
||||
if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
|
||||
if (isset($elements['#maxlength']) && (isset($elements['#value']) && !is_scalar($elements['#value']))) {
|
||||
form_error($elements, $t('An illegal value has been detected. Please contact the site administrator.'));
|
||||
}
|
||||
elseif (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
|
||||
form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value']))));
|
||||
}
|
||||
|
||||
@@ -1848,6 +1852,9 @@ function form_builder($form_id, &$element, &$form_state) {
|
||||
_drupal_invalid_token_set_form_error();
|
||||
// This value is checked in _form_builder_handle_input_element().
|
||||
$form_state['invalid_token'] = TRUE;
|
||||
// Ignore all submitted values.
|
||||
$form_state['input'] = array();
|
||||
$_POST = array();
|
||||
// Make sure file uploads do not get processed.
|
||||
$_FILES = array();
|
||||
}
|
||||
@@ -4120,9 +4127,17 @@ function form_process_weight($element) {
|
||||
$max_elements = variable_get('drupal_weight_select_max', DRUPAL_WEIGHT_SELECT_MAX);
|
||||
if ($element['#delta'] <= $max_elements) {
|
||||
$element['#type'] = 'select';
|
||||
$weights = array();
|
||||
for ($n = (-1 * $element['#delta']); $n <= $element['#delta']; $n++) {
|
||||
$weights[$n] = $n;
|
||||
}
|
||||
if (isset($element['#default_value'])) {
|
||||
$default_value = (int) $element['#default_value'];
|
||||
if (!isset($weights[$default_value])) {
|
||||
$weights[$default_value] = $default_value;
|
||||
ksort($weights);
|
||||
}
|
||||
}
|
||||
$element['#options'] = $weights;
|
||||
$element += element_info('select');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user