bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://figureslibres.io/gogs/bachir/popsu-d7

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2021-07-12 10:15:14 +02:00
parent fd5d68d5e9 5656f5a68a
commit 6385bc5267
236 changed files with 4149 additions and 888 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
CHANGELOG.txt
View File

@@ -1,5 +1,83 @@
Drupal 7.xx, xxxx-xx-xx (development version)
Drupal 7.80, 2021-04-20
-----------------------
- Fixed security issues:
- SA-CORE-2021-002
Drupal 7.79, 2021-04-07
-----------------------
- Initial support for PHP 8
- Support for SameSite cookie attribute
- Avoid write for unchanged fields (opt-in)
Drupal 7.78, 2021-01-19
-----------------------
- Fixed security issues:
- SA-CORE-2021-001
Drupal 7.77, 2020-12-03
-----------------------
- Hotfix for schema.prefixed tables
Drupal 7.76, 2020-12-02
-----------------------
- Support for MySQL 8
- Core tests pass in SQLite
- Better user flood control logging
Drupal 7.75, 2020-11-26
-----------------------
- Fixed security issues:
- SA-CORE-2020-013
Drupal 7.74, 2020-11-17
-----------------------
- Fixed security issues:
- SA-CORE-2020-012
Drupal 7.73, 2020-09-16
-----------------------
- Fixed security issues:
- SA-CORE-2020-007
Drupal 7.72, 2020-06-17
-----------------------
- Fixed security issues:
- SA-CORE-2020-004
Drupal 7.71, 2020-06-03
-----------------------
- Fix for jQuery Form bug in Chromium-based browsers
- Full support for PHP 7.4
Drupal 7.70, 2020-05-19
-----------------------
- Fixed security issues:
- SA-CORE-2020-002
- SA-CORE-2020-003
Drupal 7.69, 2019-12-18
-----------------------
- Fixed security issues:
- SA-CORE-2019-012
Drupal 7.68, 2019-12-04
-----------------------
- Fixed: Hide toolbar when printing
- Fixed: Settings returned via ajax are not run through hook_js_alter()
- Fixed: Use drupal_http_build_query() in drupal_http_request()
- Fixed: DrupalRequestSanitizer not found fatal error when bootstrap phase order is changed
- Fixed: Block web.config in .htaccess (and vice-versa)
- Fixed: Create "scripts" element to align rendering workflow to how "styles" are handled
- PHP 7.3: Fixed 'Cannot change session id when session is active'
- PHP 7.1: Fixed 'A non-numeric value encountered in theme_pager()'
- PHP 7.x: Fixed file.inc generated .htaccess does not cover PHP 7
- PHP 5.3: Fixed check_plain() 'Invalid multibyte sequence in argument' test failures
- Fixed: Allow passing data as array to drupal_http_request()
- Fixed: Skip module_invoke/module_hook in calling hook_watchdog (excessive function_exist)
- Fixed: HTTP status 200 returned for 'Additional uncaught exception thrown while handling exception'
- Fixed: theme_table() should take an optional footer variable and produce <tfoot>
- Fixed: 'uasort() expects parameter 1 to be array, null given in node_view_multiple()'
- [regression] Fix default.settings.php permission
Drupal 7.67, 2019-05-08
-----------------------

5
MAINTAINERS.txt
View File

@@ -11,11 +11,8 @@ The Drupal Core branch maintainers oversee the development of Drupal as a whole.
The branch maintainers for Drupal 7 are:
- Dries Buytaert 'dries' https://www.drupal.org/u/dries
- Angela Byron 'webchick' https://www.drupal.org/u/webchick
- Fabian Franz 'Fabianx' https://www.drupal.org/u/fabianx
- David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein
- Stefan Ruijsenaars 'stefan.r' https://www.drupal.org/u/stefanr-0
- (provisional) Pol Dellaiera 'Pol' https://www.drupal.org/u/pol
- Drew Webber 'mcdruid' https://www.drupal.org/u/mcdruid
Component maintainers

1
includes/ajax.inc
View File

@@ -294,6 +294,7 @@ function ajax_render($commands = array()) {
// Now add a command to merge changes and additions to Drupal.settings.
$scripts = drupal_add_js();
drupal_alter('js', $scripts);
if (!empty($scripts['settings'])) {
$settings = $scripts['settings'];
array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE));

15
includes/batch.inc
View File

@@ -478,18 +478,17 @@ function _batch_finished() {
$queue->deleteQueue();
}
}
// Clean-up the session. Not needed for CLI updates.
if (isset($_SESSION)) {
unset($_SESSION['batches'][$batch['id']]);
if (empty($_SESSION['batches'])) {
unset($_SESSION['batches']);
}
}
}
$_batch = $batch;
$batch = NULL;
// Clean-up the session. Not needed for CLI updates.
if (isset($_SESSION)) {
unset($_SESSION['batches'][$batch['id']]);
if (empty($_SESSION['batches'])) {
unset($_SESSION['batches']);
}
}
// Redirect if needed.
if ($_batch['progressive']) {
// Revert the 'destination' that was saved in batch_process().

119
includes/bootstrap.inc
View File

@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.67');
define('VERSION', '7.80');
/**
* Core API compatibility.
@@ -1189,19 +1189,21 @@ function variable_initialize($conf = array()) {
$variables = $cached->data;
}
else {
// Cache miss. Avoid a stampede.
// Cache miss. Avoid a stampede by acquiring a lock. If the lock fails to
// acquire, optionally just continue with uncached processing.
$name = 'variable_init';
if (!lock_acquire($name, 1)) {
// Another request is building the variable cache.
// Wait, then re-run this function.
$lock_acquired = lock_acquire($name, 1);
if (!$lock_acquired && variable_get('variable_initialize_wait_for_lock', FALSE)) {
lock_wait($name);
return variable_initialize($conf);
}
else {
// Proceed with variable rebuild.
// Load the variables from the table.
$variables = array_map('unserialize', db_query('SELECT name, value FROM {variable}')->fetchAllKeyed());
cache_set('variables', $variables, 'cache_bootstrap');
lock_release($name);
if ($lock_acquired) {
cache_set('variables', $variables, 'cache_bootstrap');
lock_release($name);
}
}
}
@@ -1998,7 +2000,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
// It is possible that the error handling will itself trigger an error. In that case, we could
// end up in an infinite loop. To avoid that, we implement a simple static semaphore.
if (!$in_error_state && function_exists('module_implements')) {
if (!$in_error_state && function_exists('module_invoke_all')) {
$in_error_state = TRUE;
// The user object may not exist in all conditions, so 0 is substituted if needed.
@@ -2021,9 +2023,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
);
// Call the logging hooks to log/process the message
foreach (module_implements('watchdog') as $module) {
module_invoke($module, 'watchdog', $log_entry);
}
module_invoke_all('watchdog', $log_entry);
// It is critical that the semaphore is only cleared here, in the parent
// watchdog() call (not outside the loop), to prevent recursive execution.
@@ -2518,6 +2518,7 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) {
switch ($current_phase) {
case DRUPAL_BOOTSTRAP_CONFIGURATION:
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
_drupal_bootstrap_configuration();
break;
@@ -2595,13 +2596,10 @@ function drupal_get_hash_salt() {
* The filename that the error was raised in.
* @param $line
* The line number the error was raised at.
* @param $context
* An array that points to the active symbol table at the point the error
* occurred.
*/
function _drupal_error_handler($error_level, $message, $filename, $line, $context) {
function _drupal_error_handler($error_level, $message, $filename, $line) {
require_once DRUPAL_ROOT . '/includes/errors.inc';
_drupal_error_handler_real($error_level, $message, $filename, $line, $context);
_drupal_error_handler_real($error_level, $message, $filename, $line);
}
/**
@@ -2622,6 +2620,10 @@ function _drupal_exception_handler($exception) {
_drupal_log_error(_drupal_decode_exception($exception), TRUE);
}
catch (Exception $exception2) {
// Add a 500 status code in case an exception was thrown before the 500
// status could be set (e.g. while loading a maintenance theme from cache).
drupal_add_http_header('Status', '500 Internal Server Error');
// Another uncaught exception was thrown while handling the first one.
// If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown.
if (error_displayable()) {
@@ -2647,7 +2649,6 @@ function _drupal_bootstrap_configuration() {
drupal_settings_initialize();
// Sanitize unsafe keys from the request.
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
DrupalRequestSanitizer::sanitize();
}
@@ -3875,3 +3876,85 @@ function drupal_clear_opcode_cache($filepath) {
@apc_delete_file($filepath);
}
}
/**
* Drupal's wrapper around PHP's setcookie() function.
*
* This allows the cookie's $value and $options to be altered.
*
* @param $name
* The name of the cookie.
* @param $value
* The value of the cookie.
* @param $options
* An associative array which may have any of the keys expires, path, domain,
* secure, httponly, samesite.
*
* @see setcookie()
* @ingroup php_wrappers
*/
function drupal_setcookie($name, $value, $options) {
$options = _drupal_cookie_params($options);
if (\PHP_VERSION_ID >= 70300) {
setcookie($name, $value, $options);
}
else {
setcookie($name, $value, $options['expires'], $options['path'], $options['domain'], $options['secure'], $options['httponly']);
}
}
/**
* Process the params for cookies. This emulates support for the SameSite
* attribute in earlier versions of PHP, and allows the value of that attribute
* to be overridden.
*
* @param $options
* An associative array which may have any of the keys expires, path, domain,
* secure, httponly, samesite.
*
* @return
* An associative array which may have any of the keys expires, path, domain,
* secure, httponly, and samesite.
*/
function _drupal_cookie_params($options) {
$options['samesite'] = _drupal_samesite_cookie($options);
if (\PHP_VERSION_ID < 70300) {
// Emulate SameSite support in older PHP versions.
if (!empty($options['samesite'])) {
// Ensure the SameSite attribute is only added once.
if (!preg_match('/SameSite=/i', $options['path'])) {
$options['path'] .= '; SameSite=' . $options['samesite'];
}
}
}
return $options;
}
/**
* Determine the value for the samesite cookie attribute, in the following order
* of precedence:
*
* 1) A value explicitly passed to drupal_setcookie()
* 2) A value set in $conf['samesite_cookie_value']
* 3) The setting from php ini
* 4) The default of None, or FALSE (no attribute) if the cookie is not Secure
*
* @param $options
* An associative array as passed to drupal_setcookie().
* @return
* The value for the samesite cookie attribute.
*/
function _drupal_samesite_cookie($options) {
if (isset($options['samesite'])) {
return $options['samesite'];
}
$override = variable_get('samesite_cookie_value', NULL);
if ($override !== NULL) {
return $override;
}
$ini_options = session_get_cookie_params();
if (isset($ini_options['samesite'])) {
return $ini_options['samesite'];
}
return empty($options['secure']) ? FALSE : 'None';
}

177
includes/common.inc
View File

@@ -391,7 +391,7 @@ function drupal_add_feed($url = NULL, $title = '') {
*/
function drupal_get_feeds($delimiter = "\n") {
$feeds = drupal_add_feed();
return implode($feeds, $delimiter);
return implode($delimiter, $feeds);
}
/**
@@ -684,7 +684,10 @@ function drupal_goto($path = '', array $options = array(), $http_response_code =
// We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
$destination = drupal_parse_url($_GET['destination']);
$path = $destination['path'];
// Double check the path derived by drupal_parse_url() is not external.
if (!url_is_external($destination['path'])) {
$path = $destination['path'];
}
$options['query'] = $destination['query'];
$options['fragment'] = $destination['fragment'];
}
@@ -760,9 +763,10 @@ function drupal_access_denied() {
* (optional) An array that can have one or more of the following elements:
* - headers: An array containing request headers to send as name/value pairs.
* - method: A string containing the request method. Defaults to 'GET'.
* - data: A string containing the request body, formatted as
* 'param=value&param=value&...'; to generate this, use http_build_query().
* Defaults to NULL.
* - data: An array containing the values for the request body or a string
* containing the request body, formatted as
* 'param=value&param=value&...'; to generate this, use
* drupal_http_build_query(). Defaults to NULL.
* - max_redirects: An integer representing how many times a redirect
* may be followed. Defaults to 3.
* - timeout: A float representing the maximum number of seconds the function
@@ -788,7 +792,7 @@ function drupal_access_denied() {
* easy access the array keys are returned in lower case.
* - data: A string containing the response body that was received.
*
* @see http_build_query()
* @see drupal_http_build_query()
*/
function drupal_http_request($url, array $options = array()) {
// Allow an alternate HTTP client library to replace Drupal's default
@@ -930,6 +934,11 @@ function drupal_http_request($url, array $options = array()) {
$path .= '?' . $uri['query'];
}
// Convert array $options['data'] to query string.
if (is_array($options['data'])) {
$options['data'] = drupal_http_build_query($options['data']);
}
// Only add Content-Length if we actually have any content or if it is a POST
// or PUT request. Some non-standard servers get confused by Content-Length in
// at least HEAD/GET requests, and Squid always requires Content-Length in
@@ -1550,7 +1559,7 @@ function _filter_xss_split($m, $store = FALSE) {
return '&lt;';
}
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)\s*([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed.
return '';
}
@@ -1609,7 +1618,13 @@ function _filter_xss_attributes($attr) {
// Attribute name, href for instance.
if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) {
$attrname = strtolower($match[1]);
$skip = ($attrname == 'style' || substr($attrname, 0, 2) == 'on');
$skip = (
$attrname == 'style' ||
substr($attrname, 0, 2) == 'on' ||
substr($attrname, 0, 1) == '-' ||
// Ignore long attributes to avoid unnecessary processing overhead.
strlen($attrname) > 96
);
$working = $mode = 1;
$attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
}
@@ -2320,6 +2335,7 @@ function url($path = NULL, array $options = array()) {
}
elseif (!empty($path) && !$options['alias']) {
$language = isset($options['language']) && isset($options['language']->language) ? $options['language']->language : '';
require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc');
$alias = drupal_get_path_alias($original_path, $language);
if ($alias != $original_path) {
// Strip leading slashes from internal path aliases to prevent them
@@ -3734,7 +3750,7 @@ function _drupal_build_css_path($matches, $base = NULL) {
}
// Prefix with base and remove '../' segments where possible.
$path = $_base . $matches[1];
$path = $_base . (isset($matches[1]) ? $matches[1] : '');
$last = '';
while ($path != $last) {
$last = $path;
@@ -4441,12 +4457,54 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
}
}
$output = '';
// The index counter is used to keep aggregated and non-aggregated files in
// order by weight.
$index = 1;
$processed = array();
$files = array();
// Sort the JavaScript so that it appears in the correct order.
uasort($items, 'drupal_sort_css_js');
// Provide the page with information about the individual JavaScript files
// used, information not otherwise available when aggregation is enabled.
$setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
unset($setting['ajaxPageState']['js']['settings']);
drupal_add_js($setting, 'setting');
// If we're outputting the header scope, then this might be the final time
// that drupal_get_js() is running, so add the setting to this output as well
// as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
// because drupal_get_js() was intentionally passed a $javascript argument
// stripped off settings, potentially in order to override how settings get
// output, so in this case, do not add the setting to this output.
if ($scope == 'header' && isset($items['settings'])) {
$items['settings']['data'][] = $setting;
}
$elements = array(
'#type' => 'scripts',
'#items' => $items,
);
return drupal_render($elements);
}
/**
* The #pre_render callback for the "scripts" element.
*
* This callback adds elements needed for <script> tags to be rendered.
*
* @param array $elements
* A render array containing:
* - '#items': The JS items as returned by drupal_add_js() and altered by
* drupal_get_js().
*
* @return array
* The $elements variable passed as argument with two more children keys:
* - "scripts": contains the Javascript items
* - "settings": contains the Javascript settings items.
* If those keys are already existing, then the items will be appended and
* their keys will be preserved.
*
* @see drupal_get_js()
* @see drupal_add_js()
*/
function drupal_pre_render_scripts(array $elements) {
$preprocess_js = (variable_get('preprocess_js', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update'));
// A dummy query-string is added to filenames, to gain control over
@@ -4467,34 +4525,29 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
// third-party code might require the use of a different query string.
$js_version_string = variable_get('drupal_js_version_query_string', 'v=');
// Sort the JavaScript so that it appears in the correct order.
uasort($items, 'drupal_sort_css_js');
$files = array();
// Provide the page with information about the individual JavaScript files
// used, information not otherwise available when aggregation is enabled.
$setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
unset($setting['ajaxPageState']['js']['settings']);
drupal_add_js($setting, 'setting');
$scripts = isset($elements['scripts']) ? $elements['scripts'] : array();
$scripts += array('#weight' => 0);
// If we're outputting the header scope, then this might be the final time
// that drupal_get_js() is running, so add the setting to this output as well
// as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
// because drupal_get_js() was intentionally passed a $javascript argument
// stripped off settings, potentially in order to override how settings get
// output, so in this case, do not add the setting to this output.
if ($scope == 'header' && isset($items['settings'])) {
$items['settings']['data'][] = $setting;
}
$settings = isset($elements['settings']) ? $elements['settings'] : array();
$settings += array('#weight' => $scripts['#weight'] + 10);
// The index counter is used to keep aggregated and non-aggregated files in
// order by weight. Use existing scripts count as a starting point.
$index = count(element_children($scripts)) + 1;
// Loop through the JavaScript to construct the rendered output.
$element = array(
'#type' => 'html_tag',
'#tag' => 'script',
'#value' => '',
'#attributes' => array(
'type' => 'text/javascript',
),
);
foreach ($items as $item) {
foreach ($elements['#items'] as $item) {
$query_string = empty($item['version']) ? $default_query_string : $js_version_string . $item['version'];
switch ($item['type']) {
@@ -4503,7 +4556,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#value_prefix'] = $embed_prefix;
$js_element['#value'] = 'jQuery.extend(Drupal.settings, ' . drupal_json_encode(drupal_array_merge_deep_array($item['data'])) . ");";
$js_element['#value_suffix'] = $embed_suffix;
$output .= theme('html_tag', array('element' => $js_element));
$settings[] = $js_element;
break;
case 'inline':
@@ -4514,7 +4567,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#value_prefix'] = $embed_prefix;
$js_element['#value'] = $item['data'];
$js_element['#value_suffix'] = $embed_suffix;
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
break;
case 'file':
@@ -4525,7 +4578,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
}
$query_string_separator = (strpos($item['data'], '?') !== FALSE) ? '&' : '?';
$js_element['#attributes']['src'] = file_create_url($item['data']) . $query_string_separator . ($item['cache'] ? $query_string : REQUEST_TIME);
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
}
else {
// By increasing the index for each aggregated file, we maintain
@@ -4536,7 +4589,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
// leading to better front-end performance of a website as a whole.
// See drupal_add_js() for details.
$key = 'aggregate_' . $item['group'] . '_' . $item['every_page'] . '_' . $index;
$processed[$key] = '';
$scripts[$key] = '';
$files[$key][$item['data']] = $item;
}
break;
@@ -4548,7 +4601,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#attributes']['defer'] = 'defer';
}
$js_element['#attributes']['src'] = $item['data'];
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
break;
}
}
@@ -4563,14 +4616,18 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$preprocess_file = file_create_url($uri);
$js_element = $element;
$js_element['#attributes']['src'] = $preprocess_file;
$processed[$key] = theme('html_tag', array('element' => $js_element));
$scripts[$key] = $js_element;
}
}
}
// Keep the order of JS files consistent as some are preprocessed and others are not.
// Make sure any inline or JS setting variables appear last after libraries have loaded.
return implode('', $processed) . $output;
// Keep the order of JS files consistent as some are preprocessed and others
// are not. Make sure any inline or JS setting variables appear last after
// libraries have loaded.
$element['scripts'] = $scripts;
$element['settings'] = $settings;
return $element;
}
/**
@@ -5116,6 +5173,8 @@ function drupal_build_js_cache($files) {
$contents .= file_get_contents($path) . ";\n";
}
}
// Remove JS source and source mapping urls or these may cause 404 errors.
$contents = preg_replace('/\/\/(#|@)\s(sourceURL|sourceMappingURL)=\s*(\S*?)\s*$/m', '', $contents);
// Prefix filename to prevent blocking by firewalls which reject files
// starting with "ad*".
$filename = 'js_' . drupal_hash_base64($contents) . '.js';
@@ -6603,30 +6662,41 @@ function element_children(&$elements, $sort = FALSE) {
$sort = isset($elements['#sorted']) ? !$elements['#sorted'] : $sort;
// Filter out properties from the element, leaving only children.
$children = array();
$count = count($elements);
$child_weights = array();
$i = 0;
$sortable = FALSE;
foreach ($elements as $key => $value) {
if ($key === '' || $key[0] !== '#') {
$children[$key] = $value;
if (is_int($key) || $key === '' || $key[0] !== '#') {
if (is_array($value) && isset($value['#weight'])) {
$weight = $value['#weight'];
$sortable = TRUE;
}
else {
$weight = 0;
}
// Support weights with up to three digit precision and conserve the
// insertion order.
$child_weights[$key] = floor($weight * 1000) + $i / $count;
}
$i++;
}
// Sort the children if necessary.
if ($sort && $sortable) {
uasort($children, 'element_sort');
asort($child_weights);
// Put the sorted children back into $elements in the correct order, to
// preserve sorting if the same element is passed through
// element_children() twice.
foreach ($children as $key => $child) {
foreach ($child_weights as $key => $weight) {
$value = $elements[$key];
unset($elements[$key]);
$elements[$key] = $child;
$elements[$key] = $value;
}
$elements['#sorted'] = TRUE;
}
return array_keys($children);
return array_keys($child_weights);
}
/**
@@ -6952,7 +7022,16 @@ function drupal_common_theme() {
'variables' => array(),
),
'table' => array(
'variables' => array('header' => NULL, 'rows' => NULL, 'attributes' => array(), 'caption' => NULL, 'colgroups' => array(), 'sticky' => TRUE, 'empty' => ''),
'variables' => array(
'header' => NULL,
'footer' => NULL,
'rows' => NULL,
'attributes' => array(),
'caption' => NULL,
'colgroups' => array(),
'sticky' => TRUE,
'empty' => '',
),
),
'tablesort_indicator' => array(
'variables' => array('style' => NULL),

93
includes/database/database.inc
View File

@@ -184,7 +184,7 @@
*
* @see http://php.net/manual/book.pdo.php
*/
abstract class DatabaseConnection extends PDO {
abstract class DatabaseConnection {
/**
* The database target this connection is for.
@@ -261,6 +261,13 @@ abstract class DatabaseConnection extends PDO {
*/
protected $temporaryNameIndex = 0;
/**
* The actual PDO connection.
*
* @var \PDO
*/
protected $connection;
/**
* The connection information for this connection object.
*
@@ -310,6 +317,13 @@ abstract class DatabaseConnection extends PDO {
*/
protected $escapedAliases = array();
/**
* List of un-prefixed table names, keyed by prefixed table names.
*
* @var array
*/
protected $unprefixedTablesMap = array();
function __construct($dsn, $username, $password, $driver_options = array()) {
// Initialize and prepare the connection prefix.
$this->setPrefix(isset($this->connectionOptions['prefix']) ? $this->connectionOptions['prefix'] : '');
@@ -318,14 +332,27 @@ abstract class DatabaseConnection extends PDO {
$driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
// Call PDO::__construct and PDO::setAttribute.
parent::__construct($dsn, $username, $password, $driver_options);
$this->connection = new PDO($dsn, $username, $password, $driver_options);
// Set a Statement class, unless the driver opted out.
if (!empty($this->statementClass)) {
$this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array($this->statementClass, array($this)));
$this->connection->setAttribute(PDO::ATTR_STATEMENT_CLASS, array($this->statementClass, array($this)));
}
}
/**
* Proxy possible direct calls to the \PDO methods.
*
* Since PHP8.0 the signature of the the \PDO::query() method has changed,
* and this class can't extending \PDO any more.
*
* However, for the BC, proxy any calls to the \PDO methods to the actual
* PDO connection object.
*/
public function __call($name, $arguments) {
return call_user_func_array(array($this->connection, $name), $arguments);
}
/**
* Destroys this Connection object.
*
@@ -338,7 +365,9 @@ abstract class DatabaseConnection extends PDO {
// Destroy all references to this connection by setting them to NULL.
// The Statement class attribute only accepts a new value that presents a
// proper callable, so we reset it to PDOStatement.
$this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array()));
if (!empty($this->statementClass)) {
$this->connection->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array()));
}
$this->schema = NULL;
}
@@ -442,6 +471,13 @@ abstract class DatabaseConnection extends PDO {
$this->prefixReplace[] = $this->prefixes['default'];
$this->prefixSearch[] = '}';
$this->prefixReplace[] = '';
// Set up a map of prefixed => un-prefixed tables.
foreach ($this->prefixes as $table_name => $prefix) {
if ($table_name !== 'default') {
$this->unprefixedTablesMap[$prefix . $table_name] = $table_name;
}
}
}
/**
@@ -477,6 +513,17 @@ abstract class DatabaseConnection extends PDO {
}
}
/**
* Gets a list of individually prefixed table names.
*
* @return array
* An array of un-prefixed table names, keyed by their fully qualified table
* names (i.e. prefix + table_name).
*/
public function getUnprefixedTablesMap() {
return $this->unprefixedTablesMap;
}
/**
* Prepares a query string and returns the prepared statement.
*
@@ -494,7 +541,7 @@ abstract class DatabaseConnection extends PDO {
$query = $this->prefixTables($query);
// Call PDO::prepare.
return parent::prepare($query);
return $this->connection->prepare($query);
}
/**
@@ -706,7 +753,7 @@ abstract class DatabaseConnection extends PDO {
case Database::RETURN_AFFECTED:
return $stmt->rowCount();
case Database::RETURN_INSERT_ID:
return $this->lastInsertId();
return $this->connection->lastInsertId();
case Database::RETURN_NULL:
return;
default:
@@ -1089,7 +1136,7 @@ abstract class DatabaseConnection extends PDO {
$rolled_back_other_active_savepoints = TRUE;
}
}
parent::rollBack();
$this->connection->rollBack();
if ($rolled_back_other_active_savepoints) {
throw new DatabaseTransactionOutOfOrderException();
}
@@ -1117,7 +1164,7 @@ abstract class DatabaseConnection extends PDO {
$this->query('SAVEPOINT ' . $name);
}
else {
parent::beginTransaction();
$this->connection->beginTransaction();
}
$this->transactionLayers[$name] = $name;
}
@@ -1168,7 +1215,7 @@ abstract class DatabaseConnection extends PDO {
// If there are no more layers left then we should commit.
unset($this->transactionLayers[$name]);
if (empty($this->transactionLayers)) {
if (!parent::commit()) {
if (!$this->connection->commit()) {
throw new DatabaseTransactionCommitFailedException();
}
}
@@ -1252,7 +1299,7 @@ abstract class DatabaseConnection extends PDO {
* Returns the version of the database server.
*/
public function version() {
return $this->getAttribute(PDO::ATTR_SERVER_VERSION);
return $this->connection->getAttribute(PDO::ATTR_SERVER_VERSION);
}
/**
@@ -1697,12 +1744,16 @@ abstract class Database {
*
* @param $key
* The connection key.
* @param $close
* Whether to close the connection.
* @return
* TRUE in case of success, FALSE otherwise.
*/
final public static function removeConnection($key) {
final public static function removeConnection($key, $close = TRUE) {
if (isset(self::$databaseInfo[$key])) {
self::closeConnection(NULL, $key);
if ($close) {
self::closeConnection(NULL, $key);
}
unset(self::$databaseInfo[$key]);
return TRUE;
}
@@ -2840,7 +2891,6 @@ function db_field_exists($table, $field) {
*
* @param $table_expression
* An SQL expression, for example "simpletest%" (without the quotes).
* BEWARE: this is not prefixed, the caller should take care of that.
*
* @return
* Array, both the keys and the values are the matching tables.
@@ -2849,6 +2899,23 @@ function db_find_tables($table_expression) {
return Database::getConnection()->schema()->findTables($table_expression);
}
/**
* Finds all tables that are like the specified base table name. This is a
* backport of the change made to db_find_tables in Drupal 8 to work with
* virtual, un-prefixed table names. The original function is retained for
* Backwards Compatibility.
* @see https://www.drupal.org/node/2552435
*
* @param $table_expression
* An SQL expression, for example "simpletest%" (without the quotes).
*
* @return
* Array, both the keys and the values are the matching tables.
*/
function db_find_tables_d8($table_expression) {
return Database::getConnection()->schema()->findTablesD8($table_expression);
}
function _db_create_keys_sql($spec) {
return Database::getConnection()->schema()->createKeysSql($spec);
}

417
includes/database/mysql/database.inc
View File

@@ -5,6 +5,11 @@
* Database interface code for MySQL database servers.
*/
/**
* The default character for quoting identifiers in MySQL.
*/
define('MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT', '`');
/**
* @addtogroup database
* @{
@@ -19,6 +24,277 @@ class DatabaseConnection_mysql extends DatabaseConnection {
*/
protected $needsCleanup = FALSE;
/**
* The list of MySQL reserved key words.
*
* @link https://dev.mysql.com/doc/refman/8.0/en/keywords.html
*/
private $reservedKeyWords = array(
'accessible',
'add',
'admin',
'all',
'alter',
'analyze',
'and',
'as',
'asc',
'asensitive',
'before',
'between',
'bigint',
'binary',
'blob',
'both',
'by',
'call',
'cascade',
'case',
'change',
'char',
'character',
'check',
'collate',
'column',
'condition',
'constraint',
'continue',
'convert',
'create',
'cross',
'cube',
'cume_dist',
'current_date',
'current_time',
'current_timestamp',
'current_user',
'cursor',
'database',
'databases',
'day_hour',
'day_microsecond',
'day_minute',
'day_second',
'dec',
'decimal',
'declare',
'default',
'delayed',
'delete',
'dense_rank',
'desc',
'describe',
'deterministic',
'distinct',
'distinctrow',
'div',
'double',
'drop',
'dual',
'each',
'else',
'elseif',
'empty',
'enclosed',
'escaped',
'except',
'exists',
'exit',
'explain',
'false',
'fetch',
'first_value',
'float',
'float4',
'float8',
'for',
'force',
'foreign',
'from',
'fulltext',
'function',
'generated',
'get',
'grant',
'group',
'grouping',
'groups',
'having',
'high_priority',
'hour_microsecond',
'hour_minute',
'hour_second',
'if',
'ignore',
'in',
'index',
'infile',
'inner',
'inout',
'insensitive',
'insert',
'int',
'int1',
'int2',
'int3',
'int4',
'int8',
'integer',
'interval',
'into',
'io_after_gtids',
'io_before_gtids',
'is',
'iterate',
'join',
'json_table',
'key',
'keys',
'kill',
'lag',
'last_value',
'lead',
'leading',
'leave',
'left',
'like',
'limit',
'linear',
'lines',
'load',
'localtime',
'localtimestamp',
'lock',
'long',
'longblob',
'longtext',
'loop',
'low_priority',
'master_bind',
'master_ssl_verify_server_cert',
'match',
'maxvalue',
'mediumblob',
'mediumint',
'mediumtext',
'middleint',
'minute_microsecond',
'minute_second',
'mod',
'modifies',
'natural',
'not',
'no_write_to_binlog',
'nth_value',
'ntile',
'null',
'numeric',
'of',
'on',
'optimize',
'optimizer_costs',
'option',
'optionally',
'or',
'order',
'out',
'outer',
'outfile',
'over',
'partition',
'percent_rank',
'persist',
'persist_only',
'precision',
'primary',
'procedure',
'purge',
'range',
'rank',
'read',
'reads',
'read_write',
'real',
'recursive',
'references',
'regexp',
'release',
'rename',
'repeat',
'replace',
'require',
'resignal',
'restrict',
'return',
'revoke',
'right',
'rlike',
'row',
'rows',
'row_number',
'schema',
'schemas',
'second_microsecond',
'select',
'sensitive',
'separator',
'set',
'show',
'signal',
'smallint',
'spatial',
'specific',
'sql',
'sqlexception',
'sqlstate',
'sqlwarning',
'sql_big_result',
'sql_calc_found_rows',
'sql_small_result',
'ssl',
'starting',
'stored',
'straight_join',
'system',
'table',
'terminated',
'then',
'tinyblob',
'tinyint',
'tinytext',
'to',
'trailing',
'trigger',
'true',
'undo',
'union',
'unique',
'unlock',
'unsigned',
'update',
'usage',
'use',
'using',
'utc_date',
'utc_time',
'utc_timestamp',
'values',
'varbinary',
'varchar',
'varcharacter',
'varying',
'virtual',
'when',
'where',
'while',
'window',
'with',
'write',
'xor',
'year_month',
'zerofill',
);
public function __construct(array $connection_options = array()) {
// This driver defaults to transaction support, except if explicitly passed FALSE.
$this->transactionSupport = !isset($connection_options['transactions']) || ($connection_options['transactions'] !== FALSE);
@@ -69,10 +345,10 @@ class DatabaseConnection_mysql extends DatabaseConnection {
// certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci'
// for UTF-8.
if (!empty($connection_options['collation'])) {
$this->exec('SET NAMES ' . $charset . ' COLLATE ' . $connection_options['collation']);
$this->connection->exec('SET NAMES ' . $charset . ' COLLATE ' . $connection_options['collation']);
}
else {
$this->exec('SET NAMES ' . $charset);
$this->connection->exec('SET NAMES ' . $charset);
}
// Set MySQL init_commands if not already defined. Default Drupal's MySQL
@@ -86,15 +362,95 @@ class DatabaseConnection_mysql extends DatabaseConnection {
$connection_options += array(
'init_commands' => array(),
);
$sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO';
// NO_AUTO_CREATE_USER was removed in MySQL 8.0.11
// https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-11.html#mysqld-8-0-11-deprecation-removal
if (version_compare($this->connection->getAttribute(PDO::ATTR_SERVER_VERSION), '8.0.11', '<')) {
$sql_mode .= ',NO_AUTO_CREATE_USER';
}
$connection_options['init_commands'] += array(
'sql_mode' => "SET sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER'",
'sql_mode' => "SET sql_mode = '$sql_mode'",
);
// Execute initial commands.
foreach ($connection_options['init_commands'] as $sql) {
$this->exec($sql);
$this->connection->exec($sql);
}
}
/**
* {@inheritdoc}}
*/
protected function setPrefix($prefix) {
parent::setPrefix($prefix);
// Successive versions of MySQL have become increasingly strict about the
// use of reserved keywords as table names. Drupal 7 uses at least one such
// table (system). Therefore we surround all table names with quotes.
$quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);
foreach ($this->prefixSearch as $i => $prefixSearch) {
if (substr($prefixSearch, 0, 1) === '{') {
// If the prefix already contains one or more quotes remove them.
// This can happen when - for example - DrupalUnitTestCase sets up a
// "temporary prefixed database". Also if there's a dot in the prefix,
// wrap it in quotes to cater for schema names in prefixes.
$search = array($quote_char, '.');
$replace = array('', $quote_char . '.' . $quote_char);
$this->prefixReplace[$i] = $quote_char . str_replace($search, $replace, $this->prefixReplace[$i]);
}
if (substr($prefixSearch, -1) === '}') {
$this->prefixReplace[$i] .= $quote_char;
}
}
}
/**
* {@inheritdoc}
*/
public function escapeField($field) {
$field = parent::escapeField($field);
return $this->quoteIdentifier($field);
}
public function escapeFields(array $fields) {
foreach ($fields as &$field) {
$field = $this->escapeField($field);
}
return $fields;
}
/**
* {@inheritdoc}
*/
public function escapeAlias($field) {
$field = parent::escapeAlias($field);
return $this->quoteIdentifier($field);
}
/**
* Quotes an identifier if it matches a MySQL reserved keyword.
*
* @param string $identifier
* The field to check.
*
* @return string
* The identifier, quoted if it matches a MySQL reserved keyword.
*/
private function quoteIdentifier($identifier) {
// Quote identifiers so that MySQL reserved words like 'function' can be
// used as column names. Sometimes the 'table.column_name' format is passed
// in. For example, menu_load_links() adds a condition on "ml.menu_name".
if (strpos($identifier, '.') !== FALSE) {
list($table, $identifier) = explode('.', $identifier, 2);
}
if (in_array(strtolower($identifier), $this->reservedKeyWords, TRUE)) {
// Quote the string for MySQL reserved keywords.
$quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);
$identifier = $quote_char . $identifier . $quote_char;
}
return isset($table) ? $table . '.' . $identifier : $identifier;
}
public function __destruct() {
if ($this->needsCleanup) {
$this->nextIdDelete();
@@ -180,7 +536,7 @@ class DatabaseConnection_mysql extends DatabaseConnection {
// If there are no more layers left then we should commit.
unset($this->transactionLayers[$name]);
if (empty($this->transactionLayers)) {
if (!PDO::commit()) {
if (!$this->doCommit()) {
throw new DatabaseTransactionCommitFailedException();
}
}
@@ -203,7 +559,7 @@ class DatabaseConnection_mysql extends DatabaseConnection {
$this->transactionLayers = array();
// We also have to explain to PDO that the transaction stack has
// been cleaned-up.
PDO::commit();
$this->doCommit();
}
else {
throw $e;
@@ -213,6 +569,53 @@ class DatabaseConnection_mysql extends DatabaseConnection {
}
}
/**
* Do the actual commit, including a workaround for PHP 8 behaviour changes.
*
* @return bool
* Success or otherwise of the commit.
*/
protected function doCommit() {
if ($this->connection->inTransaction()) {
return $this->connection->commit();
}
else {
// In PHP 8.0 a PDOException is thrown when a commit is attempted with no
// transaction active. In previous PHP versions this failed silently.
return TRUE;
}
}
/**
* {@inheritdoc}
*/
public function rollback($savepoint_name = 'drupal_transaction') {
// MySQL will automatically commit transactions when tables are altered or
// created (DDL transactions are not supported). Prevent triggering an
// exception to ensure that the error that has caused the rollback is
// properly reported.
if (!$this->connection->inTransaction()) {
// Before PHP 8 $this->connection->inTransaction() will return TRUE and
// $this->connection->rollback() does not throw an exception; the
// following code is unreachable.
// If \DatabaseConnection::rollback() would throw an
// exception then continue to throw an exception.
if (!$this->inTransaction()) {
throw new DatabaseTransactionNoActiveException();
}
// A previous rollback to an earlier savepoint may mean that the savepoint
// in question has already been accidentally committed.
if (!isset($this->transactionLayers[$savepoint_name])) {
throw new DatabaseTransactionNoActiveException();
}
trigger_error('Rollback attempted when there is no active transaction. This can cause data integrity issues.', E_USER_WARNING);
return;
}
return parent::rollback($savepoint_name);
}
public function utf8mb4IsConfigurable() {
return TRUE;
}
@@ -223,7 +626,7 @@ class DatabaseConnection_mysql extends DatabaseConnection {
public function utf8mb4IsSupported() {
// Ensure that the MySQL driver supports utf8mb4 encoding.
$version = $this->getAttribute(PDO::ATTR_CLIENT_VERSION);
$version = $this->connection->getAttribute(PDO::ATTR_CLIENT_VERSION);
if (strpos($version, 'mysqlnd') !== FALSE) {
// The mysqlnd driver supports utf8mb4 starting at version 5.0.9.
$version = preg_replace('/^\D+([\d.]+).*/', '$1', $version);

18
includes/database/mysql/query.inc
View File

@@ -48,6 +48,10 @@ class InsertQuery_mysql extends InsertQuery {
// Default fields are always placed first for consistency.
$insert_fields = array_merge($this->defaultFields, $this->insertFields);
if (method_exists($this->connection, 'escapeFields')) {
$insert_fields = $this->connection->escapeFields($insert_fields);
}
// If we're selecting from a SelectQuery, finish building the query and
// pass it back, as any remaining options are irrelevant.
if (!empty($this->fromQuery)) {
@@ -89,6 +93,20 @@ class InsertQuery_mysql extends InsertQuery {
class TruncateQuery_mysql extends TruncateQuery { }
class UpdateQuery_mysql extends UpdateQuery {
public function __toString() {
if (method_exists($this->connection, 'escapeField')) {
$escapedFields = array();
foreach ($this->fields as $field => $data) {
$field = $this->connection->escapeField($field);
$escapedFields[$field] = $data;
}
$this->fields = $escapedFields;
}
return parent::__toString();
}
}
/**
* @} End of "addtogroup database".
*/

9
includes/database/mysql/schema.inc
View File

@@ -57,6 +57,11 @@ class DatabaseSchema_mysql extends DatabaseSchema {
protected function buildTableNameCondition($table_name, $operator = '=', $add_prefix = TRUE) {
$info = $this->connection->getConnectionOptions();
// Ensure the table name is not surrounded with quotes as that is not
// appropriate for schema queries.
$quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);
$table_name = str_replace($quote_char, '', $table_name);
$table_info = $this->getPrefixInfo($table_name, $add_prefix);
$condition = new DatabaseCondition('AND');
@@ -494,11 +499,11 @@ class DatabaseSchema_mysql extends DatabaseSchema {
$condition->condition('column_name', $column);
$condition->compile($this->connection, $this);
// Don't use {} around information_schema.columns table.
return $this->connection->query("SELECT column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField();
return $this->connection->query("SELECT column_comment AS column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField();
}
$condition->compile($this->connection, $this);
// Don't use {} around information_schema.tables table.
$comment = $this->connection->query("SELECT table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField();
$comment = $this->connection->query("SELECT table_comment AS table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField();
// Work-around for MySQL 5.0 bug http://bugs.mysql.com/bug.php?id=11379
return preg_replace('/; InnoDB free:.*$/', '', $comment);
}

6
includes/database/pgsql/database.inc
View File

@@ -66,11 +66,11 @@ class DatabaseConnection_pgsql extends DatabaseConnection {
parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']);
// Force PostgreSQL to use the UTF-8 character set by default.
$this->exec("SET NAMES 'UTF8'");
$this->connection->exec("SET NAMES 'UTF8'");
// Execute PostgreSQL init_commands.
if (isset($connection_options['init_commands'])) {
$this->exec(implode('; ', $connection_options['init_commands']));
$this->connection->exec(implode('; ', $connection_options['init_commands']));
}
}
@@ -117,7 +117,7 @@ class DatabaseConnection_pgsql extends DatabaseConnection {
case Database::RETURN_AFFECTED:
return $stmt->rowCount();
case Database::RETURN_INSERT_ID:
return $this->lastInsertId($options['sequence_name']);
return $this->connection->lastInsertId($options['sequence_name']);
case Database::RETURN_NULL:
return;
default:

70
includes/database/schema.inc
View File

@@ -169,6 +169,11 @@ require_once dirname(__FILE__) . '/query.inc';
*/
abstract class DatabaseSchema implements QueryPlaceholderInterface {
/**
* The database connection.
*
* @var DatabaseConnection
*/
protected $connection;
/**
@@ -343,7 +348,70 @@ abstract class DatabaseSchema implements QueryPlaceholderInterface {
// couldn't use db_select() here because it would prefix
// information_schema.tables and the query would fail.
// Don't use {} around information_schema.tables table.
return $this->connection->query("SELECT table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0);
return $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0);
}
/**
* Finds all tables that are like the specified base table name. This is a
* backport of the change made to findTables in Drupal 8 to work with virtual,
* un-prefixed table names. The original function is retained for Backwards
* Compatibility.
* @see https://www.drupal.org/node/2552435
*
* @param string $table_expression
* An SQL expression, for example "cache_%" (without the quotes).
*
* @return array
* Both the keys and the values are the matching tables.
*/
public function findTablesD8($table_expression) {
// Load all the tables up front in order to take into account per-table
// prefixes. The actual matching is done at the bottom of the method.
$condition = $this->buildTableNameCondition('%', 'LIKE');
$condition->compile($this->connection, $this);
$individually_prefixed_tables = $this->connection->getUnprefixedTablesMap();
$default_prefix = $this->connection->tablePrefix();
$default_prefix_length = strlen($default_prefix);
$tables = array();
// Normally, we would heartily discourage the use of string
// concatenation for conditionals like this however, we
// couldn't use db_select() here because it would prefix
// information_schema.tables and the query would fail.
// Don't use {} around information_schema.tables table.
$results = $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments());
foreach ($results as $table) {
// Take into account tables that have an individual prefix.
if (isset($individually_prefixed_tables[$table->table_name])) {
$prefix_length = strlen($this->connection->tablePrefix($individually_prefixed_tables[$table->table_name]));
}
elseif ($default_prefix && substr($table->table_name, 0, $default_prefix_length) !== $default_prefix) {
// This table name does not start the default prefix, which means that
// it is not managed by Drupal so it should be excluded from the result.
continue;
}
else {
$prefix_length = $default_prefix_length;
}
// Remove the prefix from the returned tables.
$unprefixed_table_name = substr($table->table_name, $prefix_length);
// The pattern can match a table which is the same as the prefix. That
// will become an empty string when we remove the prefix, which will
// probably surprise the caller, besides not being a prefixed table. So
// remove it.
if (!empty($unprefixed_table_name)) {
$tables[$unprefixed_table_name] = $unprefixed_table_name;
}
}
// Convert the table expression from its SQL LIKE syntax to a regular
// expression and escape the delimiter that will be used for matching.
$table_expression = str_replace(array('%', '_'), array('.*?', '.'), preg_quote($table_expression, '/'));
$tables = preg_grep('/^' . $table_expression . '$/i', $tables);
return $tables;
}
/**

11
includes/database/select.inc
View File

@@ -964,7 +964,7 @@ class SelectQuery extends Query implements SelectQueryInterface {
*/
protected $forUpdate = FALSE;
public function __construct($table, $alias = NULL, DatabaseConnection $connection, $options = array()) {
public function __construct($table, $alias, DatabaseConnection $connection, $options = array()) {
$options['return'] = Database::RETURN_STATEMENT;
parent::__construct($connection, $options);
$this->where = new DatabaseCondition('AND');
@@ -1520,13 +1520,16 @@ class SelectQuery extends Query implements SelectQueryInterface {
$fields = array();
foreach ($this->tables as $alias => $table) {
if (!empty($table['all_fields'])) {
$fields[] = $this->connection->escapeTable($alias) . '.*';
$fields[] = $this->connection->escapeAlias($alias) . '.*';
}
}
foreach ($this->fields as $alias => $field) {
// Note that $field['table'] holds the table alias.
// @see \SelectQuery::addField
$table = isset($field['table']) ? $this->connection->escapeAlias($field['table']) . '.' : '';
// Always use the AS keyword for field aliases, as some
// databases require it (e.g., PostgreSQL).
$fields[] = (isset($field['table']) ? $this->connection->escapeTable($field['table']) . '.' : '') . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']);
$fields[] = $table . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']);
}
foreach ($this->expressions as $alias => $expression) {
$fields[] = $expression['expression'] . ' AS ' . $this->connection->escapeAlias($expression['alias']);
@@ -1555,7 +1558,7 @@ class SelectQuery extends Query implements SelectQueryInterface {
// Don't use the AS keyword for table aliases, as some
// databases don't support it (e.g., Oracle).
$query .= $table_string . ' ' . $this->connection->escapeTable($table['alias']);
$query .= $table_string . ' ' . $this->connection->escapeAlias($table['alias']);
if (!empty($table['condition'])) {
$query .= ' ON ' . $table['condition'];

44
includes/database/sqlite/database.inc
View File

@@ -107,9 +107,21 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
$this->sqliteCreateFunction('substring_index', array($this, 'sqlFunctionSubstringIndex'), 3);
$this->sqliteCreateFunction('rand', array($this, 'sqlFunctionRand'));
// Enable the Write-Ahead Logging (WAL) option for SQLite if supported.
// @see https://www.drupal.org/node/2348137
// @see https://sqlite.org/wal.html
if (version_compare($version, '3.7') >= 0) {
$connection_options += array(
'init_commands' => array(),
);
$connection_options['init_commands'] += array(
'wal' => "PRAGMA journal_mode=WAL",
);
}
// Execute sqlite init_commands.
if (isset($connection_options['init_commands'])) {
$this->exec(implode('; ', $connection_options['init_commands']));
$this->connection->exec(implode('; ', $connection_options['init_commands']));
}
}
@@ -128,10 +140,10 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
$count = $this->query('SELECT COUNT(*) FROM ' . $prefix . '.sqlite_master WHERE type = :type AND name NOT LIKE :pattern', array(':type' => 'table', ':pattern' => 'sqlite_%'))->fetchField();
// We can prune the database file if it doesn't have any tables.
if ($count == 0) {
// Detach the database.
$this->query('DETACH DATABASE :schema', array(':schema' => $prefix));
// Destroy the database file.
if ($count == 0 && $this->connectionOptions['database'] != ':memory:') {
// Detaching the database fails at this point, but no other queries
// are executed after the connection is destructed so we can simply
// remove the database file.
unlink($this->connectionOptions['database'] . '-' . $prefix);
}
}
@@ -143,6 +155,18 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
}
}
/**
* Gets all the attached databases.
*
* @return array
* An array of attached database names.
*
* @see DatabaseConnection_sqlite::__construct().
*/
public function getAttachedDatabases() {
return $this->attachedDatabases;
}
/**
* SQLite compatibility implementation for the IF() SQL function.
*/
@@ -235,7 +259,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
* expose this function to the world.
*/
public function PDOPrepare($query, array $options = array()) {
return parent::prepare($query, $options);
return $this->connection->prepare($query, $options);
}
public function queryRange($query, $from, $count, array $args = array(), array $options = array()) {
@@ -326,7 +350,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
}
}
if ($this->supportsTransactions()) {
PDO::rollBack();
$this->connection->rollBack();
}
}
@@ -341,7 +365,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
throw new DatabaseTransactionNameNonUniqueException($name . " is already in use.");
}
if (!$this->inTransaction()) {
PDO::beginTransaction();
$this->connection->beginTransaction();
}
$this->transactionLayers[$name] = $name;
}
@@ -366,9 +390,9 @@ class DatabaseConnection_sqlite extends DatabaseConnection {
// If there was any rollback() we should roll back whole transaction.
if ($this->willRollback) {
$this->willRollback = FALSE;
PDO::rollBack();
$this->connection->rollBack();
}
elseif (!PDO::commit()) {
elseif (!$this->connection->commit()) {
throw new DatabaseTransactionCommitFailedException();
}
}

7
includes/database/sqlite/query.inc
View File

@@ -23,7 +23,7 @@ class InsertQuery_sqlite extends InsertQuery {
if (!$this->preExecute()) {
return NULL;
}
if (count($this->insertFields)) {
if (count($this->insertFields) || !empty($this->fromQuery)) {
return parent::execute();
}
else {
@@ -36,7 +36,10 @@ class InsertQuery_sqlite extends InsertQuery {
$comments = $this->connection->makeComment($this->comments);
// Produce as many generic placeholders as necessary.
$placeholders = array_fill(0, count($this->insertFields), '?');
$placeholders = array();
if (!empty($this->insertFields)) {
$placeholders = array_fill(0, count($this->insertFields), '?');
}
// If we're selecting from a SelectQuery, finish building the query and
// pass it back, as any remaining options are irrelevant.

31
includes/database/sqlite/schema.inc
View File

@@ -668,6 +668,9 @@ class DatabaseSchema_sqlite extends DatabaseSchema {
$this->alterTable($table, $old_schema, $new_schema);
}
/**
* {@inheritdoc}
*/
public function findTables($table_expression) {
// Don't add the prefix, $table_expression already includes the prefix.
$info = $this->getPrefixInfo($table_expression, FALSE);
@@ -680,4 +683,32 @@ class DatabaseSchema_sqlite extends DatabaseSchema {
));
return $result->fetchAllKeyed(0, 0);
}
/**
* {@inheritdoc}
*/
public function findTablesD8($table_expression) {
$tables = array();
// The SQLite implementation doesn't need to use the same filtering strategy
// as the parent one because individually prefixed tables live in their own
// schema (database), which means that neither the main database nor any
// attached one will contain a prefixed table name, so we just need to loop
// over all known schemas and filter by the user-supplied table expression.
$attached_dbs = $this->connection->getAttachedDatabases();
foreach ($attached_dbs as $schema) {
// Can't use query placeholders for the schema because the query would
// have to be :prefixsqlite_master, which does not work. We also need to
// ignore the internal SQLite tables.
$result = db_query("SELECT name FROM " . $schema . ".sqlite_master WHERE type = :type AND name LIKE :table_name AND name NOT LIKE :pattern", array(
':type' => 'table',
':table_name' => $table_expression,
':pattern' => 'sqlite_%',
));
$tables += $result->fetchAllKeyed(0, 0);
}
return $tables;
}
}

5
includes/errors.inc
View File

@@ -48,11 +48,8 @@ function drupal_error_levels() {
* The filename that the error was raised in.
* @param $line
* The line number the error was raised at.
* @param $context
* An array that points to the active symbol table at the point the error
* occurred.
*/
function _drupal_error_handler_real($error_level, $message, $filename, $line, $context) {
function _drupal_error_handler_real($error_level, $message, $filename, $line) {
if ($error_level & error_reporting()) {
$types = drupal_error_levels();
list($severity_msg, $severity_level) = $types[$error_level];

73
includes/file.inc
View File

@@ -532,6 +532,9 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
EOF;
if ($private) {
@@ -1144,8 +1147,8 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST
* exploit.php_.pps.
*
* Specifically, this function adds an underscore to all extensions that are
* between 2 and 5 characters in length, internal to the file name, and not
* included in $extensions.
* between 2 and 5 characters in length, internal to the file name, and either
* included in the list of unsafe extensions, or not included in $extensions.
*
* Function behavior is also controlled by the Drupal variable
* 'allow_insecure_uploads'. If 'allow_insecure_uploads' evaluates to TRUE, no
@@ -1154,7 +1157,8 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST
* @param $filename
* File name to modify.
* @param $extensions
* A space-separated list of extensions that should not be altered.
* A space-separated list of extensions that should not be altered. Note that
* extensions that are unsafe will be altered regardless of this parameter.
* @param $alerts
* If TRUE, drupal_set_message() will be called to display a message if the
* file name was changed.
@@ -1172,6 +1176,10 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
$whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
// Remove unsafe extensions from the list of allowed extensions. The list is
// copied from file_save_upload().
$whitelist = array_diff($whitelist, explode('|', 'php|phar|pl|py|cgi|asp|js'));
// Split the filename up by periods. The first part becomes the basename
// the last part the final extension.
$filename_parts = explode('.', $filename);
@@ -1539,25 +1547,35 @@ function file_save_upload($form_field_name, $validators = array(), $destination
$validators['file_validate_extensions'][0] = $extensions;
}
if (!empty($extensions)) {
// Munge the filename to protect against possible malicious extension hiding
// within an unknown file type (ie: filename.html.foo).
$file->filename = file_munge_filename($file->filename, $extensions);
}
// Rename potentially executable files, to help prevent exploits (i.e. will
// rename filename.php.foo and filename.php to filename.php.foo.txt and
// filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads'
// evaluates to TRUE.
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
$file->filemime = 'text/plain';
// The destination filename will also later be used to create the URI.
$file->filename .= '.txt';
// The .txt extension may not be in the allowed list of extensions. We have
// to add it here or else the file upload will fail.
if (!variable_get('allow_insecure_uploads', 0)) {
if (!empty($extensions)) {
$validators['file_validate_extensions'][0] .= ' txt';
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename)));
// Munge the filename to protect against possible malicious extension hiding
// within an unknown file type (ie: filename.html.foo).
$file->filename = file_munge_filename($file->filename, $extensions);
}
// Rename potentially executable files, to help prevent exploits (i.e. will
// rename filename.php.foo and filename.php to filename.php_.foo_.txt and
// filename.php_.txt, respectively). Don't rename if 'allow_insecure_uploads'
// evaluates to TRUE.
if (preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) {
// If the file will be rejected anyway due to a disallowed extension, it
// should not be renamed; rather, we'll let file_validate_extensions()
// reject it below.
if (!isset($validators['file_validate_extensions']) || !file_validate_extensions($file, $extensions)) {
$file->filemime = 'text/plain';
if (substr($file->filename, -4) != '.txt') {
// The destination filename will also later be used to create the URI.
$file->filename .= '.txt';
}
$file->filename = file_munge_filename($file->filename, $extensions, FALSE);
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename)));
// The .txt extension may not be in the allowed list of extensions. We have
// to add it here or else the file upload will fail.
if (!empty($validators['file_validate_extensions'][0])) {
$validators['file_validate_extensions'][0] .= ' txt';
}
}
}
}
@@ -1725,7 +1743,18 @@ function file_validate(stdClass &$file, $validators = array()) {
}
// Let other modules perform validation on the new file.
return array_merge($errors, module_invoke_all('file_validate', $file));
$errors = array_merge($errors, module_invoke_all('file_validate', $file));
// Ensure the file does not contain a malicious extension. At this point
// file_save_upload() will have munged the file so it does not contain a
// malicious extension. Contributed and custom code that calls this method
// needs to take similar steps if they need to permit files with malicious
// extensions to be uploaded.
if (empty($errors) && !variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) {
$errors[] = t('For security reasons, your upload has been rejected.');
}
return $errors;
}
/**

2
includes/filetransfer/filetransfer.inc
View File

@@ -301,7 +301,7 @@ abstract class FileTransfer {
$parts = explode('/', $path);
$chroot = '';
while (count($parts)) {
$check = implode($parts, '/');
$check = implode('/', $parts);
if ($this->isFile($check . '/' . drupal_basename(__FILE__))) {
// Remove the trailing slash.
return substr($chroot, 0, -1);

27
includes/form.inc
View File

@@ -1135,12 +1135,8 @@ function drupal_prepare_form($form_id, &$form, &$form_state) {
* Helper function to call form_set_error() if there is a token error.
*/
function _drupal_invalid_token_set_form_error() {
$path = current_path();
$query = drupal_get_query_parameters();
$url = url($path, array('query' => $query));
// Setting this error will cause the form to fail validation.
form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));
form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
}
/**
@@ -1181,6 +1177,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
if (!empty($form['#token'])) {
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
_drupal_invalid_token_set_form_error();
// Ignore all submitted values.
$form_state['input'] = array();
$_POST = array();
// Make sure file uploads do not get processed.
$_FILES = array();
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
@@ -1360,7 +1361,10 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) {
// The following errors are always shown.
if (isset($elements['#needs_validation'])) {
// Verify that the value is not longer than #maxlength.
if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
if (isset($elements['#maxlength']) && (isset($elements['#value']) && !is_scalar($elements['#value']))) {
form_error($elements, $t('An illegal value has been detected. Please contact the site administrator.'));
}
elseif (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value']))));
}
@@ -1848,6 +1852,9 @@ function form_builder($form_id, &$element, &$form_state) {
_drupal_invalid_token_set_form_error();
// This value is checked in _form_builder_handle_input_element().
$form_state['invalid_token'] = TRUE;
// Ignore all submitted values.
$form_state['input'] = array();
$_POST = array();
// Make sure file uploads do not get processed.
$_FILES = array();
}
@@ -4120,9 +4127,17 @@ function form_process_weight($element) {
$max_elements = variable_get('drupal_weight_select_max', DRUPAL_WEIGHT_SELECT_MAX);
if ($element['#delta'] <= $max_elements) {
$element['#type'] = 'select';
$weights = array();
for ($n = (-1 * $element['#delta']); $n <= $element['#delta']; $n++) {
$weights[$n] = $n;
}
if (isset($element['#default_value'])) {
$default_value = (int) $element['#default_value'];
if (!isset($weights[$default_value])) {
$weights[$default_value] = $default_value;
ksort($weights);
}
}
$element['#options'] = $weights;
$element += element_info('select');
}

64
includes/mail.inc
View File

@@ -12,6 +12,12 @@
*/
define('MAIL_LINE_ENDINGS', isset($_SERVER['WINDIR']) || (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) ? "\r\n" : "\n");
/**
* Special characters, defined in RFC_2822.
*/
define('MAIL_RFC_2822_SPECIALS', '()<>[]:;@\,."');
/**
* Composes and optionally sends an e-mail message.
*
@@ -148,8 +154,13 @@ function drupal_mail($module, $key, $to, $language, $params = array(), $from = N
// Return-Path headers should have a domain authorized to use the originating
// SMTP server.
$headers['From'] = $headers['Sender'] = $headers['Return-Path'] = $default_from;
if (variable_get('mail_display_name_site_name', FALSE)) {
$display_name = variable_get('site_name', 'Drupal');
$headers['From'] = drupal_mail_format_display_name($display_name) . ' <' . $default_from . '>';
}
}
if ($from) {
if ($from && $from != $default_from) {
$headers['From'] = $from;
}
$message['headers'] = $headers;
@@ -557,10 +568,59 @@ function drupal_html_to_text($string, $allowed_tags = NULL) {
return $output . $footnotes;
}
/**
* Return a RFC-2822 compliant "display-name" component.
*
* The "display-name" component is used in mail header "Originator" fields
* (From, Sender, Reply-to) to give a human-friendly description of the
* address, i.e. From: My Display Name <xyz@example.org>. RFC-822 and
* RFC-2822 define its syntax and rules. This method gets as input a string
* to be used as "display-name" and formats it to be RFC compliant.
*
* @param string $string
* A string to be used as "display-name".
*
* @return string
* A RFC compliant version of the string, ready to be used as
* "display-name" in mail originator header fields.
*/
function drupal_mail_format_display_name($string) {
// Make sure we don't process html-encoded characters. They may create
// unneeded trouble if left encoded, besides they will be correctly
// processed if decoded.
$string = decode_entities($string);
// If string contains non-ASCII characters it must be (short) encoded
// according to RFC-2047. The output of a "B" (Base64) encoded-word is
// always safe to be used as display-name.
$safe_display_name = mime_header_encode($string, TRUE);
// Encoded-words are always safe to be used as display-name because don't
// contain any RFC 2822 "specials" characters. However
// mimeHeaderEncode() encodes a string only if it contains any
// non-ASCII characters, and leaves its value untouched (un-encoded) if
// ASCII only. For this reason in order to produce a valid display-name we
// still need to make sure there are no "specials" characters left.
if (preg_match('/[' . preg_quote(MAIL_RFC_2822_SPECIALS) . ']/', $safe_display_name)) {
// If string is already quoted, it may or may not be escaped properly, so
// don't trust it and reset.
if (preg_match('/^"(.+)"$/', $safe_display_name, $matches)) {
$safe_display_name = str_replace(array('\\\\', '\\"'), array('\\', '"'), $matches[1]);
}
// Transform the string in a RFC-2822 "quoted-string" by wrapping it in
// double-quotes. Also make sure '"' and '\' occurrences are escaped.
$safe_display_name = '"' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $safe_display_name) . '"';
}
return $safe_display_name;
}
/**
* Wraps words on a single line.
*
* Callback for array_walk() winthin drupal_wrap_mail().
* Callback for array_walk() within drupal_wrap_mail().
*/
function _drupal_wrap_mail_line(&$line, $key, $values) {
// Use soft-breaks only for purely quoted or unindented text.

9
includes/menu.inc
View File

@@ -317,7 +317,7 @@ define('MENU_PREFERRED_LINK', '1cf698d64d1aa4b83907cf6ed55db3a7f8e92c91');
* actually exists. This list of 'masks' is built in menu_rebuild().
*
* @param $parts
* An array of path parts; for the above example,
* An array of path parts; for the above example,
* array('node', '12345', 'edit').
*
* @return
@@ -1067,7 +1067,7 @@ function menu_tree_output($tree) {
// the active class accordingly. But local tasks do not appear in menu
// trees, so if the current path is a local task, and this link is its
// tab root, then we have to set the class manually.
if ($data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) {
if ($router_item && $data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) {
$data['link']['localized_options']['attributes']['class'][] = 'active';
}
@@ -2483,6 +2483,9 @@ function menu_link_get_preferred($path = NULL, $selected_menu = NULL) {
// untranslated paths). Afterwards, the most relevant path is picked from
// the menus, ordered by menu preference.
$item = menu_get_item($path);
if ($item === FALSE) {
return FALSE;
}
$path_candidates = array();
// 1. The current item href.
$path_candidates[$item['href']] = $item['href'];
@@ -2592,7 +2595,7 @@ function menu_get_active_breadcrumb() {
// Don't show a link to the current page in the breadcrumb trail.
$end = end($active_trail);
if ($item['href'] == $end['href']) {
if (is_array($end) && $item['href'] == $end['href']) {
array_pop($active_trail);
}

32
includes/pager.inc
View File

@@ -321,9 +321,19 @@ function theme_pager($variables) {
$tags = $variables['tags'];
$element = $variables['element'];
$parameters = $variables['parameters'];
$quantity = $variables['quantity'];
$quantity = empty($variables['quantity']) ? 0 : $variables['quantity'];
global $pager_page_array, $pager_total;
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// Nothing to do if there is only one page.
if ($pager_total[$element] <= 1) {
return;
}
// Calculate various markers within this pager piece:
// Middle is used to "center" pages around the current page.
$pager_middle = ceil($quantity / 2);
@@ -455,6 +465,11 @@ function theme_pager_first($variables) {
global $pager_page_array;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element])) {
return;
}
// If we are anywhere but the first page
if ($pager_page_array[$element] > 0) {
$output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array(0, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));
@@ -485,6 +500,11 @@ function theme_pager_previous($variables) {
global $pager_page_array;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element])) {
return;
}
// If we are anywhere but the first page
if ($pager_page_array[$element] > 0) {
$page_new = pager_load_array($pager_page_array[$element] - $interval, $element, $pager_page_array);
@@ -524,6 +544,11 @@ function theme_pager_next($variables) {
global $pager_page_array, $pager_total;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// If we are anywhere but the last page
if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
$page_new = pager_load_array($pager_page_array[$element] + $interval, $element, $pager_page_array);
@@ -560,6 +585,11 @@ function theme_pager_last($variables) {
global $pager_page_array, $pager_total;
$output = '';
// Nothing to do if there is no pager.
if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) {
return;
}
// If we are anywhere but the last page
if ($pager_page_array[$element] < ($pager_total[$element] - 1)) {
$output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array($pager_total[$element] - 1, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters));

14
includes/path.inc
View File

@@ -466,13 +466,15 @@ function path_delete($criteria) {
$criteria = array('pid' => $criteria);
}
$path = path_load($criteria);
$query = db_delete('url_alias');
foreach ($criteria as $field => $value) {
$query->condition($field, $value);
if (isset($path['source'])) {
$query = db_delete('url_alias');
foreach ($criteria as $field => $value) {
$query->condition($field, $value);
}
$query->execute();
module_invoke_all('path_delete', $path);
drupal_clear_path_cache($path['source']);
}
$query->execute();
module_invoke_all('path_delete', $path);
drupal_clear_path_cache($path['source']);
}
/**

2
includes/request-sanitizer.inc
View File

@@ -99,7 +99,7 @@ class DrupalRequestSanitizer {
protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}

75
includes/session.inc
View File

@@ -284,6 +284,20 @@ function drupal_session_start() {
// Save current session data before starting it, as PHP will destroy it.
$session_data = isset($_SESSION) ? $_SESSION : NULL;
// Apply any overrides to the session cookie params.
$params = $original_params = session_get_cookie_params();
// PHP settings for samesite will be handled by _drupal_cookie_params().
unset($params['samesite']);
$params = _drupal_cookie_params($params);
if ($params !== $original_params) {
if (\PHP_VERSION_ID >= 70300) {
session_set_cookie_params($params);
}
else {
session_set_cookie_params($params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
}
session_start();
drupal_session_started(TRUE);
@@ -323,7 +337,14 @@ function drupal_session_commit() {
$insecure_session_name = substr(session_name(), 1);
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
$options = array(
'expires' => $expire,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => FALSE,
'httponly' => $params['httponly'],
);
drupal_setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $options);
}
}
// Write the session data.
@@ -365,19 +386,36 @@ function drupal_session_regenerate() {
// $params['lifetime'] seconds from the current request. If it is not set,
// it will expire when the browser is closed.
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
$options = array(
'expires' => $expire,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => FALSE,
'httponly' => $params['httponly'],
);
drupal_setcookie($insecure_session_name, $session_id, $options);
$_COOKIE[$insecure_session_name] = $session_id;
}
if (drupal_session_started()) {
$old_session_id = session_id();
_drupal_session_regenerate_existing();
}
else {
session_id(drupal_random_key());
}
session_id(drupal_random_key());
if (isset($old_session_id)) {
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$options = array(
'expires' => $expire,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => $params['secure'],
'httponly' => $params['httponly'],
);
drupal_setcookie(session_name(), session_id(), $options);
$fields = array('sid' => session_id());
if ($is_https) {
$fields['ssid'] = session_id();
@@ -412,6 +450,26 @@ function drupal_session_regenerate() {
date_default_timezone_set(drupal_get_user_timezone());
}
/**
* Regenerates an existing session.
*/
function _drupal_session_regenerate_existing() {
global $user;
// Preserve existing settings for the saving of sessions.
$original_save_session_status = drupal_save_session();
// Turn off saving of sessions.
drupal_save_session(FALSE);
session_write_close();
drupal_session_started(FALSE);
// Preserve the user object, as starting a new session will reset it.
$original_user = $user;
session_id(drupal_random_key());
drupal_session_start();
$user = $original_user;
// Restore the original settings for the saving of sessions.
drupal_save_session($original_save_session_status);
}
/**
* Session handler assigned by session_set_save_handler().
*
@@ -465,7 +523,14 @@ function _drupal_session_delete_cookie($name, $secure = NULL) {
if ($secure !== NULL) {
$params['secure'] = $secure;
}
setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
$options = array(
'expires' => REQUEST_TIME - 3600,
'path' => $params['path'],
'domain' => $params['domain'],
'secure' => $params['secure'],
'httponly' => $params['httponly'],
);
drupal_setcookie($name, '', $options);
unset($_COOKIE[$name]);
}
}

67
includes/theme.inc
View File

@@ -1911,7 +1911,7 @@ function theme_breadcrumb($variables) {
/**
* Returns HTML for a table.
*
* @param $variables
* @param array $variables
* An associative array containing:
* - header: An array containing the table headers. Each element of the array
* can be either a localized string or an associative array with the
@@ -1948,6 +1948,11 @@ function theme_breadcrumb($variables) {
* )
* );
* @endcode
* - footer: An array of table rows which will be printed within a <tfoot>
* tag, in the same format as the rows element (see above).
* The structure is the same the one defined for the "rows" key except
* that the no_striping boolean has no effect, there is no rows striping
* for the table footer.
* - attributes: An array of HTML attributes to apply to the table tag.
* - caption: A localized string to use for the <caption> tag.
* - colgroups: An array of column groups. Each element of the array can be
@@ -1984,8 +1989,11 @@ function theme_breadcrumb($variables) {
* - sticky: Use a "sticky" table header.
* - empty: The message to display in an extra row if table does not have any
* rows.
*
* @return string
* The HTML output.
*/
function theme_table($variables) {
function theme_table(array $variables) {
$header = $variables['header'];
$rows = $variables['rows'];
$attributes = $variables['attributes'];
@@ -2049,17 +2057,27 @@ function theme_table($variables) {
if (!empty($header)) {
foreach ($header as $header_cell) {
if (is_array($header_cell)) {
$header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
$header_count += isset($header_cell['colspan']) ?
$header_cell['colspan'] : 1;
}
else {
$header_count++;
}
}
}
$rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message')));
$rows[] = array(
array(
'data' => $empty,
'colspan' => $header_count,
'class' => array(
'empty',
'message'
),
),
);
}
// Format the table header:
// Format the table header.
if (!empty($header)) {
$ts = tablesort_init($header);
// HTML requires that the thead tag has tr tags in it followed by tbody
@@ -2069,23 +2087,39 @@ function theme_table($variables) {
$cell = tablesort_header($cell, $header, $ts);
$output .= _theme_table_cell($cell, TRUE);
}
// Using ternary operator to close the tags based on whether or not there are rows
// Using ternary operator to close the tags based on whether
// or not there are rows.
$output .= (!empty($rows) ? " </tr></thead>\n" : "</tr>\n");
}
else {
$ts = array();
}
// Format the table rows:
// Format the table and footer rows.
$sections = array();
if (!empty($rows)) {
$output .= "<tbody>\n";
$sections['tbody'] = $rows;
}
if (!empty($variables['footer'])) {
$sections['tfoot'] = $variables['footer'];
}
// tbody and tfoot have the same structure and are built using the same
// procedure.
foreach ($sections as $tag => $content) {
$output .= "<" . $tag . ">\n";
$flip = array('even' => 'odd', 'odd' => 'even');
$class = 'even';
foreach ($rows as $number => $row) {
// Check if we're dealing with a simple or complex row
$default_no_striping = ($tag === 'tfoot');
foreach ($content as $number => $row) {
// Check if we're dealing with a simple or complex row.
if (isset($row['data'])) {
$cells = $row['data'];
$no_striping = isset($row['no_striping']) ? $row['no_striping'] : FALSE;
$no_striping = isset($row['no_striping']) ?
$row['no_striping'] : $default_no_striping;
// Set the attributes array and exclude 'data' and 'no_striping'.
$attributes = $row;
@@ -2095,16 +2129,17 @@ function theme_table($variables) {
else {
$cells = $row;
$attributes = array();
$no_striping = FALSE;
$no_striping = $default_no_striping;
}
if (!empty($cells)) {
// Add odd/even class
// Add odd/even class.
if (!$no_striping) {
$class = $flip[$class];
$attributes['class'][] = $class;
}
// Build row
// Build row.
$output .= ' <tr' . drupal_attributes($attributes) . '>';
$i = 0;
foreach ($cells as $cell) {
@@ -2114,10 +2149,12 @@ function theme_table($variables) {
$output .= " </tr>\n";
}
}
$output .= "</tbody>\n";
$output .= "</" . $tag . ">\n";
}
$output .= "</table>\n";
return $output;
}

24
misc/ajax.js
View File

@@ -149,7 +149,7 @@ Drupal.ajax = function (base, element, element_settings) {
// The 'this' variable will not persist inside of the options object.
var ajax = this;
ajax.options = {
url: ajax.url,
url: Drupal.sanitizeAjaxUrl(ajax.url),
data: ajax.submit,
beforeSerialize: function (element_settings, options) {
return ajax.beforeSerialize(element_settings, options);
@@ -195,9 +195,29 @@ Drupal.ajax = function (base, element, element_settings) {
}
},
dataType: 'json',
jsonp: false,
type: 'POST'
};
// For multipart forms (e.g., file uploads), jQuery Form targets the form
// submission to an iframe instead of using an XHR object. The initial "src"
// of the iframe, prior to the form submission, is set to options.iframeSrc.
// "about:blank" is the semantically correct, standards-compliant, way to
// initialize a blank iframe; however, some old IE versions (possibly only 6)
// incorrectly report a mixed content warning when iframes with an
// "about:blank" src are added to a parent document with an https:// origin.
// jQuery Form works around this by defaulting to "javascript:false" instead,
// but that breaks on Chrome 83, so here we force the semantically correct
// behavior for all browsers except old IE.
// @see https://www.drupal.org/project/drupal/issues/3143016
// @see https://github.com/jquery-form/form/blob/df9cb101b9c9c085c8d75ad980c7ff1cf62063a1/jquery.form.js#L68
// @see https://bugs.chromium.org/p/chromium/issues/detail?id=1084874
// @see https://html.spec.whatwg.org/multipage/browsers.html#creating-browsing-contexts
// @see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
if (navigator.userAgent.indexOf("MSIE") === -1) {
ajax.options.iframeSrc = 'about:blank';
}
// Bind the ajaxSubmit function to the element event.
$(ajax.element).bind(element_settings.event, function (event) {
if (!Drupal.settings.urlIsAjaxTrusted[ajax.url] && !Drupal.urlIsLocal(ajax.url)) {
@@ -388,7 +408,7 @@ Drupal.ajax.prototype.beforeSend = function (xmlhttprequest, options) {
// Insert progressbar or throbber.
if (this.progress.type == 'bar') {
var progressBar = new Drupal.progressBar('ajax-progress-' + this.element.id, eval(this.progress.update_callback), this.progress.method, eval(this.progress.error_callback));
var progressBar = new Drupal.progressBar('ajax-progress-' + this.element.id, $.noop, this.progress.method, $.noop);
if (this.progress.message) {
progressBar.setProgress(-1, this.progress.message);
}

3
misc/autocomplete.js
View File

@@ -297,8 +297,9 @@ Drupal.ACDB.prototype.search = function (searchString) {
// encodeURIComponent to allow autocomplete search terms to contain slashes.
$.ajax({
type: 'GET',
url: db.uri + '/' + Drupal.encodePath(searchString),
url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)),
dataType: 'json',
jsonp: false,
success: function (matches) {
if (typeof matches.status == 'undefined' || matches.status != 0) {
db.cache[searchString] = matches;

17
misc/drupal.js
View File

@@ -424,6 +424,23 @@ Drupal.urlIsLocal = function (url) {
return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0;
};
/**
* Sanitizes a URL for use with jQuery.ajax().
*
* @param url
* The URL string to be sanitized.
*
* @return
* The sanitized URL.
*/
Drupal.sanitizeAjaxUrl = function (url) {
var regex = /\=\?(&|$)/;
while (url.match(regex)) {
url = url.replace(regex, '');
}
return url;
}
/**
* Generate the themed representation of a Drupal object.
*

251
misc/jquery-html-prefilter-3.5.0-backport.js Normal file
View File

@@ -0,0 +1,251 @@
/**
* For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter()
* function with one that fixes these security vulnerabilities while also
* retaining the pre-3.5.0 behavior where it's safe to do so.
* - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
* - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
*
* Additionally, for jQuery versions that do not have a jQuery.htmlPrefilter()
* function (1.x prior to 1.12 and 2.x prior to 2.2), this adds it, and
* extends the functions that need to call it to do so.
*
* Drupal core's jQuery version is 1.4.4, but jQuery Update can provide a
* different version, so this covers all versions between 1.4.4 and 3.4.1.
* The GitHub links in the code comments below link to jQuery 1.5 code, because
* 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to
* 1.5.
*/
(function (jQuery) {
// Parts of this backport differ by jQuery version.
var versionParts = jQuery.fn.jquery.split('.');
var majorVersion = parseInt(versionParts[0]);
var minorVersion = parseInt(versionParts[1]);
// No backport is needed if we're already on jQuery 3.5 or higher.
if ( (majorVersion > 3) || (majorVersion === 3 && minorVersion >= 5) ) {
return;
}
// Prior to jQuery 3.5, jQuery converted XHTML-style self-closing tags to
// their XML equivalent: e.g., "<div />" to "<div></div>". This is
// problematic for several reasons, including that it's vulnerable to XSS
// attacks. However, since this was jQuery's behavior for many years, many
// Drupal modules and jQuery plugins may be relying on it. Therefore, we
// preserve that behavior, but for a limited set of tags only, that we believe
// to not be vulnerable. This is the set of HTML tags that satisfy all of the
// following conditions:
// - In DOMPurify's list of HTML tags. If an HTML tag isn't safe enough to
// appear in that list, then we don't want to mess with it here either.
// @see https://github.com/cure53/DOMPurify/blob/2.0.11/dist/purify.js#L128
// - A normal element (not a void, template, text, or foreign element).
// @see https://html.spec.whatwg.org/multipage/syntax.html#elements-2
// - An element that is still defined by the current HTML specification
// (not a deprecated element), because we do not want to rely on how
// browsers parse deprecated elements.
// @see https://developer.mozilla.org/en-US/docs/Web/HTML/Element
// - Not 'html', 'head', or 'body', because this pseudo-XHTML expansion is
// designed for fragments, not entire documents.
// - Not 'colgroup', because due to an idiosyncrasy of jQuery's original
// regular expression, it didn't match on colgroup, and we don't want to
// introduce a behavior change for that.
var selfClosingTagsToReplace = [
'a', 'abbr', 'address', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo',
'blockquote', 'button', 'canvas', 'caption', 'cite', 'code', 'data',
'datalist', 'dd', 'del', 'details', 'dfn', 'div', 'dl', 'dt', 'em',
'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3',
'h4', 'h5', 'h6', 'header', 'hgroup', 'i', 'ins', 'kbd', 'label', 'legend',
'li', 'main', 'map', 'mark', 'menu', 'meter', 'nav', 'ol', 'optgroup',
'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt',
'ruby', 's', 'samp', 'section', 'select', 'small', 'source', 'span',
'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th',
'thead', 'time', 'tr', 'u', 'ul', 'var', 'video'
];
// Define regular expressions for <TAG/> and <TAG ATTRIBUTES/>. Doing this as
// two expressions makes it easier to target <a/> without also targeting
// every tag that starts with "a".
var xhtmlRegExpGroup = '(' + selfClosingTagsToReplace.join('|') + ')';
var whitespace = '[\\x20\\t\\r\\n\\f]';
var rxhtmlTagWithoutSpaceOrAttributes = new RegExp('<' + xhtmlRegExpGroup + '\\/>', 'gi');
var rxhtmlTagWithSpaceAndMaybeAttributes = new RegExp('<' + xhtmlRegExpGroup + '(' + whitespace + '[^>]*)\\/>', 'gi');
// jQuery 3.5 also fixed a vulnerability for when </select> appears within
// an <option> or <optgroup>, but it did that in local code that we can't
// backport directly. Instead, we filter such cases out. To do so, we need to
// determine when jQuery would otherwise invoke the vulnerable code, which it
// uses this regular expression to determine. The regular expression changed
// for version 3.0.0 and changed again for 3.4.0.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4958
// @see https://github.com/jquery/jquery/blob/3.0.0/dist/jquery.js#L4584
// @see https://github.com/jquery/jquery/blob/3.4.0/dist/jquery.js#L4712
var rtagName;
if (majorVersion < 3) {
rtagName = /<([\w:]+)/;
}
else if (minorVersion < 4) {
rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]+)/i;
}
else {
rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i;
}
// The regular expression that jQuery uses to determine which self-closing
// tags to expand to open and close tags. This is vulnerable, because it
// matches all tag names except the few excluded ones. We only use this
// expression for determining vulnerability. The expression changed for
// version 3, but we only need to check for vulnerability in versions 1 and 2,
// so we use the expression from those versions.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4957
var rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi;
jQuery.extend({
htmlPrefilter: function (html) {
// This is how jQuery determines the first tag in the HTML.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5521
var tag = ( rtagName.exec( html ) || [ "", "" ] )[ 1 ].toLowerCase();
// It is not valid HTML for <option> or <optgroup> to have <select> as
// either a descendant or sibling, and attempts to inject one can cause
// XSS on jQuery versions before 3.5. Since this is invalid HTML and a
// possible XSS attack, reject the entire string.
// @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
if ((tag === 'option' || tag === 'optgroup') && html.match(/<\/?select/i)) {
html = '';
}
// Retain jQuery's prior to 3.5 conversion of pseudo-XHTML, but for only
// the tags in the `selfClosingTagsToReplace` list defined above.
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5518
// @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
html = html.replace(rxhtmlTagWithoutSpaceOrAttributes, "<$1></$1>");
html = html.replace(rxhtmlTagWithSpaceAndMaybeAttributes, "<$1$2></$1>");
// Prior to jQuery 1.12 and 2.2, this function gets called (via code later
// in this file) in addition to, rather than instead of, the unsafe
// expansion of self-closing tags (including ones not in the list above).
// We can't prevent that unsafe expansion from running, so instead we
// check to make sure that it doesn't affect the DOM returned by the
// browser's parsing logic. If it does affect it, then it's vulnerable to
// XSS, so we reject the entire string.
if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) {
var htmlRisky = html.replace(rxhtmlTag, "<$1></$2>");
if (htmlRisky !== html) {
// Even though htmlRisky and html are different strings, they might
// represent the same HTML structure once parsed, in which case,
// htmlRisky is actually safe. We can ask the browser to parse both
// to find out, but the browser can't parse table fragments (e.g., a
// root-level "<td>"), so we need to wrap them. We just need this
// technique to work on all supported browsers; we don't need to
// copy from the specific jQuery version we're using.
// @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L4939
var wrapMap = {
thead: [ 1, "<table>", "</table>" ],
col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
tr: [ 2, "<table><tbody>", "</tbody></table>" ],
td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
};
wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
wrapMap.th = wrapMap.td;
// Function to wrap HTML into something that a browser can parse.
// @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L5032
var getWrappedHtml = function (html) {
var wrap = wrapMap[tag];
if (wrap) {
html = wrap[1] + html + wrap[2];
}
return html;
};
// Function to return canonical HTML after parsing it. This parses
// only; it doesn't execute scripts.
// @see https://github.com/jquery/jquery-migrate/blob/3.3.0/src/jquery/manipulation.js#L5
var getParsedHtml = function (html) {
var doc = window.document.implementation.createHTMLDocument( "" );
doc.body.innerHTML = html;
return doc.body ? doc.body.innerHTML : '';
};
// If the browser couldn't parse either one successfully, or if
// htmlRisky parses differently than html, then html is vulnerable,
// so reject it.
var htmlParsed = getParsedHtml(getWrappedHtml(html));
var htmlRiskyParsed = getParsedHtml(getWrappedHtml(htmlRisky));
if (htmlRiskyParsed === '' || htmlParsed === '' || (htmlRiskyParsed !== htmlParsed)) {
html = '';
}
}
}
return html;
}
});
// Prior to jQuery 1.12 and 2.2, jQuery.clean(), jQuery.buildFragment(), and
// jQuery.fn.html() did not call jQuery.htmlPrefilter(), so we add that.
if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) {
// Filter the HTML coming into jQuery.fn.html().
var fnOriginalHtml = jQuery.fn.html;
jQuery.fn.extend({
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5147
html: function (value) {
if (typeof value === "string") {
value = jQuery.htmlPrefilter(value);
}
// .html() can be called as a setter (with an argument) or as a getter
// (without an argument), so invoke fnOriginalHtml() the same way that
// we were invoked.
return fnOriginalHtml.apply(this, arguments.length ? [value] : []);
}
});
// The regular expression that jQuery uses to determine if a string is HTML.
// Used by both clean() and buildFragment().
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4960
var rhtml = /<|&#?\w+;/;
// Filter HTML coming into:
// - jQuery.clean() for versions prior to 1.9.
// - jQuery.buildFragment() for 1.9 and above.
//
// The looping constructs in the two functions might be essentially
// identical, but they're each expressed here in the way that most closely
// matches their original expression in jQuery, so that we filter all of
// the items and only the items that jQuery will treat as HTML strings.
if (majorVersion === 1 && minorVersion < 9) {
var originalClean = jQuery.clean;
jQuery.extend({
// @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5493
'clean': function (elems, context, fragment, scripts) {
for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) {
if ( typeof elem === "string" && rhtml.test( elem ) ) {
elems[i] = elem = jQuery.htmlPrefilter(elem);
}
}
return originalClean.call(this, elems, context, fragment, scripts);
}
});
}
else {
var originalBuildFragment = jQuery.buildFragment;
jQuery.extend({
// @see https://github.com/jquery/jquery/blob/1.9.0/jquery.js#L6419
'buildFragment': function (elems, context, scripts, selection) {
var l = elems.length;
for ( var i = 0; i < l; i++ ) {
var elem = elems[i];
if (elem || elem === 0) {
if ( jQuery.type( elem ) !== "object" && rhtml.test( elem ) ) {
elems[i] = elem = jQuery.htmlPrefilter(elem);
}
}
}
return originalBuildFragment.call(this, elems, context, scripts, selection);
}
});
}
}
})(jQuery);

1
misc/jquery.js vendored
View File

@@ -1,4 +1,3 @@
/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/

5
misc/typo3/phar-stream-wrapper/README.md
View File

@@ -1,5 +1,6 @@
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/badges/quality-score.png?b=v2)](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/?branch=v2)
[![Travis CI Build Status](https://travis-ci.org/TYPO3/phar-stream-wrapper.svg?branch=v2)](https://travis-ci.org/TYPO3/phar-stream-wrapper)
[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/q4ls5tg4w1d6sf4i/branch/v2?svg=true)](https://ci.appveyor.com/project/ohader/phar-stream-wrapper)
# PHP Phar Stream Wrapper
@@ -21,9 +22,11 @@ and has been addressed concerning the specific attack vector and for this generi
`PharStreamWrapper` in TYPO3 versions 7.6.30 LTS, 8.7.17 LTS and 9.3.1 on 12th
July 2018.
* https://typo3.org/security/advisory/typo3-core-sa-2018-002/
* https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are
* https://youtu.be/GePBmsNJw6Y
* https://typo3.org/security/advisory/typo3-psa-2018-001/
* https://typo3.org/security/advisory/typo3-psa-2019-007/
* https://typo3.org/security/advisory/typo3-psa-2019-008/
## License

4
misc/typo3/phar-stream-wrapper/composer.json
View File

@@ -7,7 +7,6 @@
"keywords": ["php", "phar", "stream-wrapper", "security"],
"require": {
"php": "^5.3.3|^7.0",
"ext-fileinfo": "*",
"ext-json": "*",
"brumann/polyfill-unserialize": "^1.0"
},
@@ -15,6 +14,9 @@
"ext-xdebug": "*",
"phpunit/phpunit": "^4.8.36"
},
"suggest": {
"ext-fileinfo": "For PHP builtin file type guessing, otherwise uses internal processing"
},
"autoload": {
"psr-4": {
"TYPO3\\PharStreamWrapper\\": "src/"

4
misc/typo3/phar-stream-wrapper/src/Helper.php
View File

@@ -52,7 +52,7 @@ class Helper
while (count($parts)) {
$currentPath = implode('/', $parts);
if (@is_file($currentPath)) {
if (@is_file($currentPath) && realpath($currentPath) !== false) {
return $currentPath;
}
array_pop($parts);
@@ -106,7 +106,7 @@ class Helper
* @param string $path File path to process
* @return string
*/
private static function normalizeWindowsPath($path)
public static function normalizeWindowsPath($path)
{
return str_replace('\\', '/', $path);
}

40
misc/typo3/phar-stream-wrapper/src/Phar/Reader.php
View File

@@ -19,6 +19,11 @@ class Reader
private $fileName;
/**
* Mime-type in order to use zlib, bzip2 or no compression.
* In case ext-fileinfo is not present only the relevant types
* 'application/x-gzip' and 'application/x-bzip2' are assigned
* to this class property.
*
* @var string
*/
private $fileType;
@@ -139,7 +144,7 @@ class Reader
*/
private function resolveStream()
{
if ($this->fileType === 'application/x-gzip') {
if ($this->fileType === 'application/x-gzip' || $this->fileType === 'application/gzip') {
return 'compress.zlib://';
} elseif ($this->fileType === 'application/x-bzip2') {
return 'compress.bzip2://';
@@ -152,8 +157,37 @@ class Reader
*/
private function determineFileType()
{
$fileInfo = new \finfo();
return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);
if (class_exists('\\finfo')) {
$fileInfo = new \finfo();
return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE);
}
return $this->determineFileTypeByHeader();
}
/**
* In case ext-fileinfo is not present only the relevant types
* 'application/x-gzip' and 'application/x-bzip2' are resolved.
*
* @return string
*/
private function determineFileTypeByHeader()
{
$resource = fopen($this->fileName, 'r');
if (!is_resource($resource)) {
throw new ReaderException(
sprintf('Resource %s could not be opened', $this->fileName),
1557753055
);
}
$header = fgets($resource, 4);
fclose($resource);
$mimeType = '';
if (strpos($header, "\x42\x5a\x68") === 0) {
$mimeType = 'application/x-bzip2';
} elseif (strpos($header, "\x1f\x8b") === 0) {
$mimeType = 'application/x-gzip';
}
return $mimeType;
}
/**

2
misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php
View File

@@ -476,7 +476,7 @@ class PharStreamWrapper
{
$arguments = func_get_args();
array_shift($arguments);
$silentExecution = $functionName{0} === '@';
$silentExecution = $functionName[0] === '@';
$functionName = ltrim($functionName, '@');
$this->restoreInternalSteamWrapper();

18
misc/typo3/phar-stream-wrapper/src/Resolver/PharInvocationResolver.php
View File

@@ -14,6 +14,7 @@ namespace TYPO3\PharStreamWrapper\Resolver;
use TYPO3\PharStreamWrapper\Helper;
use TYPO3\PharStreamWrapper\Manager;
use TYPO3\PharStreamWrapper\Phar\Reader;
use TYPO3\PharStreamWrapper\Phar\ReaderException;
use TYPO3\PharStreamWrapper\Resolvable;
class PharInvocationResolver implements Resolvable
@@ -59,7 +60,7 @@ class PharInvocationResolver implements Resolvable
{
$hasPharPrefix = Helper::hasPharPrefix($path);
if ($flags === null) {
$flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS | static::ASSERT_INTERNAL_INVOCATION;
$flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS;
}
if ($hasPharPrefix && $flags & static::RESOLVE_ALIAS) {
@@ -147,9 +148,14 @@ class PharInvocationResolver implements Resolvable
}
// ensure the possible alias name (how we have been called initially) matches
// the resolved alias name that was retrieved by the current possible base name
$reader = new Reader($currentBaseName);
$currentAlias = $reader->resolveContainer()->getAlias();
if ($currentAlias !== $possibleAlias) {
try {
$reader = new Reader($currentBaseName);
$currentAlias = $reader->resolveContainer()->getAlias();
} catch (ReaderException $exception) {
// most probably that was not a Phar file
continue;
}
if (empty($currentAlias) || $currentAlias !== $possibleAlias) {
continue;
}
$this->addBaseName($currentBaseName);
@@ -215,7 +221,9 @@ class PharInvocationResolver implements Resolvable
if (isset($this->baseNames[$baseName])) {
return;
}
$this->baseNames[$baseName] = realpath($baseName);
$this->baseNames[$baseName] = Helper::normalizeWindowsPath(
realpath($baseName)
);
}
/**

6
modules/aggregator/aggregator.info
View File

@@ -7,7 +7,7 @@ files[] = aggregator.test
configure = admin/config/services/aggregator/settings
stylesheets[all][] = aggregator.css
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/aggregator/tests/aggregator_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/block/block.info
View File

@@ -6,7 +6,7 @@ core = 7.x
files[] = block.test
configure = admin/structure/block
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

3
modules/block/block.module
View File

@@ -263,7 +263,7 @@ function block_page_build(&$page) {
$all_regions = system_region_list($theme);
$item = menu_get_item();
if ($item['path'] != 'admin/structure/block/demo/' . $theme) {
if ($item === FALSE || $item['path'] != 'admin/structure/block/demo/' . $theme) {
// Load all region content assigned via blocks.
foreach (array_keys($all_regions) as $region) {
// Assign blocks to region.
@@ -283,7 +283,6 @@ function block_page_build(&$page) {
}
else {
// Append region description if we are rendering the regions demo page.
$item = menu_get_item();
if ($item['path'] == 'admin/structure/block/demo/' . $theme) {
foreach (system_region_list($theme, REGIONS_VISIBLE, FALSE) as $region) {
$description = '<div class="block-region">' . $all_regions[$region] . '</div>';

6
modules/block/tests/block_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/block/tests/themes/block_test_theme/block_test_theme.info
View File

@@ -13,7 +13,7 @@ regions[footer] = Footer
regions[highlighted] = Highlighted
regions[help] = Help
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/blog/blog.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = blog.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/book/book.info
View File

@@ -7,7 +7,7 @@ files[] = book.test
configure = admin/content/book/settings
stylesheets[all][] = book.css
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

8
modules/book/book.test
View File

@@ -101,7 +101,7 @@ class BookTestCase extends DrupalWebTestCase {
// Check that book pages display along with the correct outlines and
// previous/next links.
$this->checkBookNode($book, array($nodes[0], $nodes[3], $nodes[4]), FALSE, FALSE, $nodes[0], array());
$this->checkBookNode($book, array($nodes[0], $nodes[3], $nodes[4]), FALSE, FALSE, $nodes[0]);
$this->checkBookNode($nodes[0], array($nodes[1], $nodes[2]), $book, $book, $nodes[1], array($book));
$this->checkBookNode($nodes[1], NULL, $nodes[0], $nodes[0], $nodes[2], array($book, $nodes[0]));
$this->checkBookNode($nodes[2], NULL, $nodes[1], $nodes[0], $nodes[3], array($book, $nodes[0]));
@@ -124,7 +124,7 @@ class BookTestCase extends DrupalWebTestCase {
// First we must set $this->book to the second book, so that the
// correct regex will be generated for testing the outline.
$this->book = $other_book;
$this->checkBookNode($other_book, array($node), FALSE, FALSE, $node, array());
$this->checkBookNode($other_book, array($node), FALSE, FALSE, $node);
$this->checkBookNode($node, NULL, $other_book, $other_book, FALSE, array($other_book));
}
@@ -144,9 +144,9 @@ class BookTestCase extends DrupalWebTestCase {
* @param $next
* (optional) Next link node. Defaults to FALSE.
* @param $breadcrumb
* The nodes that should be displayed in the breadcrumb.
* (optional) The nodes that should be displayed in the breadcrumb.
*/
function checkBookNode($node, $nodes, $previous = FALSE, $up = FALSE, $next = FALSE, array $breadcrumb) {
function checkBookNode($node, $nodes = NULL, $previous = FALSE, $up = FALSE, $next = FALSE, array $breadcrumb = array()) {
// $number does not use drupal_static as it should not be reset
// since it uniquely identifies each call to checkBookNode().
static $number = 0;

6
modules/color/color.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = color.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

5
modules/color/color.module
View File

@@ -734,8 +734,9 @@ function _color_blend($img, $hex1, $hex2, $alpha) {
* Converts a hex color into an RGB triplet.
*/
function _color_unpack($hex, $normalize = FALSE) {
if (strlen($hex) == 4) {
$hex = $hex[1] . $hex[1] . $hex[2] . $hex[2] . $hex[3] . $hex[3];
$hex = substr($hex, 1);
if (strlen($hex) == 3) {
$hex = $hex[0] . $hex[0] . $hex[1] . $hex[1] . $hex[2] . $hex[2];
}
$c = hexdec($hex);
for ($i = 16; $i >= 0; $i -= 8) {

6
modules/comment/comment.info
View File

@@ -9,7 +9,7 @@ files[] = comment.test
configure = admin/content/comment
stylesheets[all][] = comment.css
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

3
modules/comment/comment.install
View File

@@ -9,9 +9,6 @@
* Implements hook_uninstall().
*/
function comment_uninstall() {
// Delete comment_body field.
field_delete_field('comment_body');
// Remove variables.
variable_del('comment_block_count');
$node_types = array_keys(node_type_get_types());

55
modules/comment/comment.test
View File

@@ -6,6 +6,7 @@
*/
class CommentHelperCase extends DrupalWebTestCase {
protected $super_user;
protected $admin_user;
protected $web_user;
protected $node;
@@ -19,6 +20,7 @@ class CommentHelperCase extends DrupalWebTestCase {
parent::setUp($modules);
// Create users and test node.
$this->super_user = $this->drupalCreateUser(array('access administration pages', 'administer modules'));
$this->admin_user = $this->drupalCreateUser(array('administer content types', 'administer comments', 'administer blocks', 'administer actions', 'administer fields'));
$this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content', 'edit own comments'));
$this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1, 'uid' => $this->web_user->uid));
@@ -2264,3 +2266,56 @@ class CommentNodeChangesTestCase extends CommentHelperCase {
$this->assertFalse(comment_load($comment->id), 'The comment could not be loaded after the node was deleted.');
}
}
/**
* Tests uninstalling the comment module.
*/
class CommentUninstallTestCase extends CommentHelperCase {
public static function getInfo() {
return array(
'name' => 'Comment module uninstallation',
'description' => 'Tests that the comments module can be properly uninstalled.',
'group' => 'Comment',
);
}
function testCommentUninstall() {
$this->drupalLogin($this->super_user);
// Disable comment module.
$edit['modules[Core][comment][enable]'] = FALSE;
$this->drupalPost('admin/modules', $edit, t('Save configuration'));
$this->assertText(t('The configuration options have been saved.'), 'Comment module was disabled.');
// Uninstall comment module.
$edit = array('uninstall[comment]' => 'comment');
$this->drupalPost('admin/modules/uninstall', $edit, t('Uninstall'));
$this->drupalPost(NULL, NULL, t('Uninstall'));
$this->assertText(t('The selected modules have been uninstalled.'), 'Comment module was uninstalled.');
// Run cron and clear field cache so that comment fields and instances
// marked for deletion are actually removed.
$this->cronRun();
field_cache_clear();
// Verify that comment fields have been removed.
$all_fields = array_keys(field_info_field_map());
$this->assertFalse(in_array('comment_body', $all_fields), 'Comment fields were removed by uninstall.');
// Verify that comment field instances have been removed (or at least marked
// for deletion).
// N.B. field_read_instances does an INNER JOIN on field_config so if the
// comment_body row has been removed successfully from there no instances
// will be returned, but that does not guarantee that no rows are left over
// in the field_config_instance table.
$count = db_select('field_config_instance', 'fci')
->condition('entity_type', 'comment')
->condition('field_name', 'comment_body')
->condition('deleted', 0)
->countQuery()
->execute()
->fetchField();
$this->assertTrue($count == 0, 'Comment field instances were removed by uninstall.');
}
}

6
modules/contact/contact.info
View File

@@ -6,7 +6,7 @@ core = 7.x
files[] = contact.test
configure = admin/structure/contact
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/contextual/contextual.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = contextual.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/dashboard/dashboard.info
View File

@@ -7,7 +7,7 @@ files[] = dashboard.test
dependencies[] = block
configure = admin/dashboard/customize
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/dblog/dblog.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = dblog.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/field/field.info
View File

@@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
required = TRUE
stylesheets[all][] = theme/field.css
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/field/modules/field_sql_storage/field_sql_storage.info
View File

@@ -7,7 +7,7 @@ dependencies[] = field
files[] = field_sql_storage.test
required = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

96
modules/field/modules/field_sql_storage/field_sql_storage.module
View File

@@ -434,6 +434,81 @@ function field_sql_storage_field_storage_load($entity_type, $entities, $age, $fi
}
}
/**
* Callback for array_filter().
*/
function _field_sql_storage_write_compare_filter_callback($value) {
return NULL !== $value && '' !== $value;
}
/**
* Cleanup field values for later values comparison.
*
* @param array $field
* Field info as returned by field_info_field_by_id().
*
* @param array $array
* Field values to cleanup.
*
* @return array
* Filtered values.
*/
function _field_sql_storage_write_compare_filter($field, $array) {
foreach ($array as $language => $items) {
if (empty($items)) {
unset($array[$language]);
}
else {
foreach ($items as $delta => $item) {
// This should not happen but some modules provide invalid data to the
// field API.
if (!is_array($item)) {
continue;
}
// Let's start by pruning empty values and non storable values.
$array[$language][$delta] = array_filter(array_intersect_key($item, $field['columns']), '_field_sql_storage_write_compare_filter_callback');
// Ordering is important because for widget elements and loaded columns
// from database order might differ and give false positives on field
// value change, especially with complex fields such as image fields.
ksort($array[$language][$delta]);
}
}
}
return $array;
}
/**
* Compare a single field value for both entities and tell us if it changed.
*
* @param array $field
* Loaded field structure.
* @param object $entity1
* First entity to compare.
* @param object $entity2
* Second entity to compare.
*
* @return bool
* True if field value changed, false otherwise.
*/
function _field_sql_storage_write_compare($field, $entity1, $entity2) {
$field_name = $field['field_name'];
if (empty($entity1->$field_name) && empty($entity2->$field_name)) {
// Both are empty we can safely assume that it did not change.
return FALSE;
}
if (!isset($entity1->$field_name) || !isset($entity2->$field_name)) {
// One of them is missing but not the other the value changed.
return TRUE;
}
// We need to proceed to deep array comparison, but we cannot do it naively:
// in most cases the field values come from the edit form, and some Form API
// widget values that are not field columns may be present. We need to clean
// up both original and new field values before comparison.
$items1 = _field_sql_storage_write_compare_filter($field, (array) $entity1->$field_name);
$items2 = _field_sql_storage_write_compare_filter($field, (array) $entity2->$field_name);
return $items1 != $items2;
}
/**
* Implements hook_field_storage_write().
*/
@@ -443,8 +518,29 @@ function field_sql_storage_field_storage_write($entity_type, $entity, $op, $fiel
$vid = $id;
}
// Check if the given entity is a new revision or not. In case of a new
// revision creation, we cannot skip any field.
if (!empty($vid) && !empty($entity->original)) {
list(, $original_vid) = entity_extract_ids($entity_type, $entity->original);
if (NULL === $original_vid) {
$original_vid = $id;
}
$is_new_revision = $original_vid != $vid;
}
else {
$is_new_revision = FALSE;
}
// Allow this optimization to be optional.
$skip_unchanged_fields = variable_get('field_sql_storage_skip_writing_unchanged_fields', FALSE);
foreach ($fields as $field_id) {
$field = field_info_field_by_id($field_id);
if ($skip_unchanged_fields && !$is_new_revision && !empty($entity->original) && !_field_sql_storage_write_compare($field, $entity, $entity->original)) {
continue;
}
$field_name = $field['field_name'];
$table_name = _field_sql_storage_tablename($field);
$revision_name = _field_sql_storage_revision_tablename($field);

71
modules/field/modules/field_sql_storage/field_sql_storage.test
View File

@@ -281,6 +281,69 @@ class FieldSqlStorageTestCase extends DrupalWebTestCase {
$this->assertEqual($count, 1, 'NULL field translation is wiped.');
}
/**
* Tests the expected return values of _field_sql_storage_write_compare().
*/
public function testFieldCompareDataModification() {
$langcode = LANGUAGE_NONE;
$field_info = field_info_field($this->field_name);
// Make sure we have 2 sample field values that are unique.
$value1 = 0;
$value2 = 0;
while ($value1 == $value2) {
$value1 = mt_rand();
$value2 = (string) mt_rand();
}
// Create the 2 entities to compare.
$entity = field_test_create_stub_entity();
$entity->{$this->field_name}[$langcode][]['value'] = $value1;
$entity1 = clone $entity;
$entity2 = clone $entity;
// Make sure that it correctly compares identical entities.
$this->assert(!_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'The entities are identical.');
// Compare to an empty object.
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, new stdClass()), 'The entity is not the same as an empty object.');
// Change one of the values.
$entity2->{$this->field_name}[$langcode][0]['value'] = $value2;
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'The values are not the same.');
// Reset $entity2.
$entity2 = clone $entity;
// Duplicate the value on one of the entities.
$entity1->{$this->field_name}[$langcode][]['value'] = $value1;
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'The fields do not have the same number of values.');
// Add a second value to both entities.
$entity2->{$this->field_name}[$langcode][]['value'] = $value2;
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'The values are not the same.');
// Replace the array containing the value with the actual value.
$entity2->{$this->field_name}[$langcode] = $entity2->{$this->field_name}[$langcode][0];
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'The array to hold field values is replaced by the value.');
// Null one value.
$entity2->{$this->field_name}[$langcode] = NULL;
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'One field is NULL and the other is not.');
// Null both values.
$entity1->{$this->field_name}[$langcode] = NULL;
$this->assert(!_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'Both fields are NULL.');
// Unset one of the fields.
unset($entity2->{$this->field_name});
$this->assert(_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'One field structure is unset.');
// Unset both of the fields.
unset($entity1->{$this->field_name});
$this->assert(!_field_sql_storage_write_compare($field_info, $entity1, $entity2), 'Both field structures are unset.');
}
/**
* Test trying to update a field with data.
*/
@@ -313,9 +376,13 @@ class FieldSqlStorageTestCase extends DrupalWebTestCase {
$field = array('field_name' => 'test_text', 'type' => 'text', 'settings' => array('max_length' => 255));
$field = field_create_field($field);
// Attempt to update the field in a way that would break the storage.
// Attempt to update the field in a way that would break the storage. The
// parenthesis suffix is needed because SQLite has *very* relaxed rules for
// data types, so we actually need to provide an invalid SQL syntax in order
// to break it.
// @see https://www.sqlite.org/datatype3.html
$prior_field = $field;
$field['settings']['max_length'] = -1;
$field['settings']['max_length'] = '-1)';
try {
field_update_field($field);
$this->fail(t('Update succeeded.'));

6
modules/field/modules/list/list.info
View File

@@ -7,7 +7,7 @@ dependencies[] = field
dependencies[] = options
files[] = tests/list.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/field/modules/list/tests/list_test.info
View File

@@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/field/modules/number/number.info
View File

@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = number.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

2
modules/field/modules/number/number.test
View File

@@ -174,7 +174,7 @@ class NumberFieldTestCase extends DrupalWebTestCase {
),
'display' => array(
'default' => array(
'type' => 'number_float',
'type' => 'number_decimal',
),
),
);

6
modules/field/modules/options/options.info
View File

@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = options.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/field/modules/text/text.info
View File

@@ -7,7 +7,7 @@ dependencies[] = field
files[] = text.test
required = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/field/tests/field_test.info
View File

@@ -6,7 +6,7 @@ files[] = field_test.entity.inc
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

111
modules/field/tests/field_test.storage.inc
View File

@@ -240,111 +240,6 @@ function field_test_field_storage_delete_revision($entity_type, $entity, $fields
_field_test_storage_data($data);
}
/**
* Implements hook_field_storage_query().
*/
function field_test_field_storage_query($field_id, $conditions, $count, &$cursor = NULL, $age) {
$data = _field_test_storage_data();
$load_current = $age == FIELD_LOAD_CURRENT;
$field = field_info_field_by_id($field_id);
$field_columns = array_keys($field['columns']);
$field_data = $data[$field['id']];
$sub_table = $load_current ? 'current' : 'revisions';
// We need to sort records by entity type and entity id.
usort($field_data[$sub_table], '_field_test_field_storage_query_sort_helper');
// Initialize results array.
$return = array();
$entity_count = 0;
$rows_count = 0;
$rows_total = count($field_data[$sub_table]);
$skip = $cursor;
$skipped = 0;
foreach ($field_data[$sub_table] as $row) {
if ($count != FIELD_QUERY_NO_LIMIT && $entity_count >= $count) {
break;
}
if ($row->field_id == $field['id']) {
$match = TRUE;
$condition_deleted = FALSE;
// Add conditions.
foreach ($conditions as $condition) {
@list($column, $value, $operator) = $condition;
if (empty($operator)) {
$operator = is_array($value) ? 'IN' : '=';
}
switch ($operator) {
case '=':
$match = $match && $row->{$column} == $value;
break;
case '<>':
case '<':
case '<=':
case '>':
case '>=':
eval('$match = $match && ' . $row->{$column} . ' ' . $operator . ' '. $value);
break;
case 'IN':
$match = $match && in_array($row->{$column}, $value);
break;
case 'NOT IN':
$match = $match && !in_array($row->{$column}, $value);
break;
case 'BETWEEN':
$match = $match && $row->{$column} >= $value[0] && $row->{$column} <= $value[1];
break;
case 'STARTS_WITH':
case 'ENDS_WITH':
case 'CONTAINS':
// Not supported.
$match = FALSE;
break;
}
// Track condition on 'deleted'.
if ($column == 'deleted') {
$condition_deleted = TRUE;
}
}
// Exclude deleted data unless we have a condition on it.
if (!$condition_deleted && $row->deleted) {
$match = FALSE;
}
if ($match) {
if (!isset($skip) || $skipped >= $skip) {
$cursor++;
// If querying all revisions and the entity type has revisions, we need
// to key the results by revision_ids.
$entity_type = entity_get_info($row->type);
$id = ($load_current || empty($entity_type['entity keys']['revision'])) ? $row->entity_id : $row->revision_id;
if (!isset($return[$row->type][$id])) {
$return[$row->type][$id] = entity_create_stub_entity($row->type, array($row->entity_id, $row->revision_id, $row->bundle));
$entity_count++;
}
}
else {
$skipped++;
}
}
}
$rows_count++;
// The query is complete if we walked the whole array.
if ($count != FIELD_QUERY_NO_LIMIT && $rows_count >= $rows_total) {
$cursor = FIELD_QUERY_COMPLETE;
}
}
return $return;
}
/**
* Sort helper for field_test_field_storage_query().
*
@@ -455,13 +350,13 @@ function field_test_field_attach_rename_bundle($bundle_old, $bundle_new) {
function field_test_field_attach_delete_bundle($entity_type, $bundle, $instances) {
$data = _field_test_storage_data();
foreach ($instances as $field_name => $instance) {
$field = field_info_field($field_name);
foreach ($instances as $instance) {
$field = field_info_field_by_id($instance['field_id']);
if ($field['storage']['type'] == 'field_test_storage') {
$field_data = &$data[$field['id']];
foreach (array('current', 'revisions') as $sub_table) {
foreach ($field_data[$sub_table] as &$row) {
if ($row->bundle == $bundle_old) {
if ($row->bundle == $bundle) {
$row->deleted = TRUE;
}
}

4
modules/field_ui/field_ui.admin.inc
View File

@@ -1026,6 +1026,10 @@ function field_ui_display_overview_form($form, &$form_state, $entity_type, $bund
$instance['display'][$view_mode]['type'] = $formatter_type;
$formatter = field_info_formatter_types($formatter_type);
// For hidden fields, $formatter will be NULL, but we expect an array later.
// To maintain BC, but avoid PHP 7.4 Notices, ensure $formatter is an array
// with a 'module' element.
$formatter['module'] = isset($formatter['module']) ? $formatter['module'] : '';
$instance['display'][$view_mode]['module'] = $formatter['module'];
$instance['display'][$view_mode]['settings'] = $settings;

6
modules/field_ui/field_ui.info
View File

@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = field_ui.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

7
modules/field_ui/field_ui.module
View File

@@ -265,6 +265,12 @@ function field_ui_menu_title($instance) {
* Menu access callback for the 'view mode display settings' pages.
*/
function _field_ui_view_mode_menu_access($entity_type, $bundle, $view_mode, $access_callback) {
// It's good practice to call func_get_args() at the beginning of a function
// to avoid problems with function parameters being modified later. The
// behavior of func_get_args() changed in PHP7.
// @see https://www.php.net/manual/en/migration70.incompatible.php#migration70.incompatible.other.func-parameter-modified
$all_args = func_get_args();
// First, determine visibility according to the 'use custom display'
// setting for the view mode.
$bundle = field_extract_bundle($entity_type, $bundle);
@@ -275,7 +281,6 @@ function _field_ui_view_mode_menu_access($entity_type, $bundle, $view_mode, $acc
// part of _menu_check_access().
if ($visibility) {
// Grab the variable 'access arguments' part.
$all_args = func_get_args();
$args = array_slice($all_args, 4);
$callback = empty($access_callback) ? 0 : trim($access_callback);
if (is_numeric($callback)) {

13
modules/file/file.field.inc
View File

@@ -593,7 +593,7 @@ function file_field_widget_uri($field, $instance, $data = array()) {
/**
* The #value_callback for the file_generic field element.
*/
function file_field_widget_value($element, $input = FALSE, $form_state) {
function file_field_widget_value($element, $input = FALSE, $form_state = array()) {
if ($input) {
// Checkboxes lose their value when empty.
// If the display field is present make sure its unchecked value is saved.
@@ -955,17 +955,14 @@ function theme_file_upload_help($variables) {
if (isset($upload_validators['file_validate_image_resolution'])) {
$max = $upload_validators['file_validate_image_resolution'][0];
$min = $upload_validators['file_validate_image_resolution'][1];
if ($min && $max && $min == $max) {
$descriptions[] = t('Images must be exactly !size pixels.', array('!size' => '<strong>' . $max . '</strong>'));
}
elseif ($min && $max) {
$descriptions[] = t('Images must be between !min and !max pixels.', array('!min' => '<strong>' . $min . '</strong>', '!max' => '<strong>' . $max . '</strong>'));
if ($min && $max) {
$descriptions[] = t('Images must be at least !min pixels. Images larger than !max pixels will be resized.', array('!min' => '<strong>' . $min . '</strong>', '!max' => '<strong>' . $max . '</strong>'));
}
elseif ($min) {
$descriptions[] = t('Images must be larger than !min pixels.', array('!min' => '<strong>' . $min . '</strong>'));
$descriptions[] = t('Images must be at least !min pixels.', array('!min' => '<strong>' . $min . '</strong>'));
}
elseif ($max) {
$descriptions[] = t('Images must be smaller than !max pixels.', array('!max' => '<strong>' . $max . '</strong>'));
$descriptions[] = t('Images larger than !max pixels will be resized.', array('!max' => '<strong>' . $max . '</strong>'));
}
}

6
modules/file/file.info
View File

@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = tests/file.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

5
modules/file/file.module
View File

@@ -281,10 +281,11 @@ function file_ajax_upload() {
}
// Otherwise just add the new content class on a placeholder.
else {
$form['#suffix'] .= '<span class="ajax-new-content"></span>';
$form['#suffix'] = (isset($form['#suffix']) ? $form['#suffix'] : '') . '<span class="ajax-new-content"></span>';
}
$form['#prefix'] .= theme('status_messages');
$form['#prefix'] = (isset($form['#prefix']) ? $form['#prefix'] : '') . theme('status_messages');
$output = drupal_render($form);
$js = drupal_add_js();
$settings = drupal_array_merge_deep_array($js['settings']['data']);

2
modules/file/tests/file.test
View File

@@ -409,7 +409,7 @@ class FileManagedFileElementTestCase extends FileFieldTestCase {
'form_token' => 'invalid token',
);
$this->drupalPost($path, $edit, t('Save'));
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertText('The form has become outdated.');
$last_fid = $this->getLastFileId();
$this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');

6
modules/file/tests/file_module_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

4
modules/filter/filter.api.php
View File

@@ -202,7 +202,7 @@ function callback_filter_settings($form, &$form_state, $filter, $format, $defaul
*/
function callback_filter_prepare($text, $filter, $format, $langcode, $cache, $cache_id) {
// Escape <code> and </code> tags.
$text = preg_replace('|<code>(.+?)</code>|se', "[codefilter_code]$1[/codefilter_code]", $text);
$text = preg_replace('|<code>(.+?)</code>|s', "[codefilter_code]$1[/codefilter_code]", $text);
return $text;
}
@@ -234,7 +234,7 @@ function callback_filter_prepare($text, $filter, $format, $langcode, $cache, $ca
* @ingroup callbacks
*/
function callback_filter_process($text, $filter, $format, $langcode, $cache, $cache_id) {
$text = preg_replace('|\[codefilter_code\](.+?)\[/codefilter_code\]|se', "<pre>$1</pre>", $text);
$text = preg_replace('|\[codefilter_code\](.+?)\[/codefilter_code\]|s', "<pre>$1</pre>", $text);
return $text;
}

6
modules/filter/filter.info
View File

@@ -7,7 +7,7 @@ files[] = filter.test
required = TRUE
configure = admin/config/content/formats
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/forum/forum.info
View File

@@ -9,7 +9,7 @@ files[] = forum.test
configure = admin/structure/forum
stylesheets[all][] = forum.css
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

3
modules/forum/forum.module
View File

@@ -922,7 +922,8 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
);
$order = _forum_get_topic_order($sortby);
for ($i = 0; $i < count($forum_topic_list_header); $i++) {
// Skip element with index 0 which is NULL.
for ($i = 1; $i < count($forum_topic_list_header); $i++) {
if ($forum_topic_list_header[$i]['field'] == $order['field']) {
$forum_topic_list_header[$i]['sort'] = $order['sort'];
}

6
modules/help/help.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = help.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/image/image.info
View File

@@ -7,7 +7,7 @@ dependencies[] = file
files[] = image.test
configure = admin/config/media/image-styles
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

2
modules/image/image.test
View File

@@ -1022,7 +1022,7 @@ class ImageFieldDisplayTestCase extends ImageFieldTestCase {
$this->drupalGet('node/add/article');
$this->assertText(t('Files must be less than 50 KB.'), 'Image widget max file size is displayed on article form.');
$this->assertText(t('Allowed file types: ' . $test_image_extension . '.'), 'Image widget allowed file types displayed on article form.');
$this->assertText(t('Images must be between 10x10 and 100x100 pixels.'), 'Image widget allowed resolution displayed on article form.');
$this->assertText(t('Images must be at least 10x10 pixels. Images larger than 100x100 pixels will be resized.'), 'Image widget allowed resolution displayed on article form.');
// We have to create the article first and then edit it because the alt
// and title fields do not display until the image has been attached.

6
modules/image/tests/image_module_test.info
View File

@@ -6,7 +6,7 @@ core = 7.x
files[] = image_module_test.module
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/locale/locale.info
View File

@@ -6,7 +6,7 @@ core = 7.x
files[] = locale.test
configure = admin/config/regional/language
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

1
modules/locale/locale.module
View File

@@ -564,6 +564,7 @@ function locale_language_types_info() {
* Implements hook_language_negotiation_info().
*/
function locale_language_negotiation_info() {
require_once DRUPAL_ROOT . '/includes/locale.inc';
$file = 'includes/locale.inc';
$providers = array();

6
modules/locale/tests/locale_test.info
View File

@@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/menu/menu.info
View File

@@ -6,7 +6,7 @@ core = 7.x
files[] = menu.test
configure = admin/structure/menu
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/node/node.info
View File

@@ -9,7 +9,7 @@ required = TRUE
configure = admin/structure/types
stylesheets[all][] = node.css
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

2
modules/node/node.module
View File

@@ -2659,7 +2659,7 @@ function node_feed($nids = FALSE, $channel = array()) {
* An array in the format expected by drupal_render().
*/
function node_view_multiple($nodes, $view_mode = 'teaser', $weight = 0, $langcode = NULL) {
$build = array();
$build = array('nodes' => array());
$entities_by_view_mode = entity_view_mode_prepare('node', $nodes, $view_mode, $langcode);
foreach ($entities_by_view_mode as $entity_view_mode => $entities) {
field_attach_prepare_view('node', $entities, $entity_view_mode, $langcode);

6
modules/node/tests/node_access_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/node/tests/node_test.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/node/tests/node_test_exception.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

3
modules/openid/openid.inc
View File

@@ -142,7 +142,8 @@ function _openid_xrds_parse($raw_xml) {
// For PHP version >= 5.2.11, we can use this function to protect against
// malicious doctype declarations and other unexpected entity loading.
// However, we will not rely on it, and reject any XML with a DOCTYPE.
$disable_entity_loader = function_exists('libxml_disable_entity_loader');
// libxml_disable_entity_loader() is deprecated in PHP >= 8.0.
$disable_entity_loader = function_exists('libxml_disable_entity_loader') && PHP_VERSION_ID < 80000;
if ($disable_entity_loader) {
$load_entities = libxml_disable_entity_loader(TRUE);
}

6
modules/openid/openid.info
View File

@@ -5,7 +5,7 @@ package = Core
core = 7.x
files[] = openid.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

2
modules/openid/openid.module
View File

@@ -743,7 +743,7 @@ function openid_association_request($public) {
return $request;
}
function openid_authentication_request($claimed_id, $identity, $return_to = '', $assoc_handle = '', $service) {
function openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $service) {
global $base_url;
module_load_include('inc', 'openid');

6
modules/openid/tests/openid_test.info
View File

@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = openid
hidden = TRUE
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/overlay/overlay.info
View File

@@ -4,7 +4,7 @@ package = Core
version = VERSION
core = 7.x
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/path/path.info
View File

@@ -6,7 +6,7 @@ core = 7.x
files[] = path.test
configure = admin/config/search/path
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

6
modules/php/php.info
View File

@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = php.test
; Information added by Drupal.org packaging script on 2019-05-08
version = "7.67"
; Information added by Drupal.org packaging script on 2021-04-21
version = "7.80"
project = "drupal"
datestamp = "1557336079"
datestamp = "1619021862"

Some files were not shown because too many files have changed in this diff Show More