bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

contrib modules security updates

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2016-10-13 12:10:40 +02:00
parent ffd758abc9
commit 747127f643
732 changed files with 67976 additions and 23207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
sites/all/modules/views/handlers/views_handler_area_view.inc
View File

@@ -51,33 +51,48 @@ class views_handler_area_view extends views_handler_area {
* Render the area
*/
function render($empty = FALSE) {
if (!empty($this->options['view_to_insert'])) {
list($view_name, $display_id) = explode(':', $this->options['view_to_insert']);
$view = views_get_view($view_name);
if (empty($view) || !$view->access($display_id)) {
return;
}
$view->set_display($display_id);
// Avoid recursion
$view->parent_views += $this->view->parent_views;
$view->parent_views[] = "$view_name:$display_id";
// Check if the view is part of the parent views of this view
$search = "$view_name:$display_id";
if (in_array($search, $this->view->parent_views)) {
drupal_set_message(t("Recursion detected in view @view display @display.", array('@view' => $view_name, '@display' => $display_id)), 'error');
if ($view = $this->loadView()) {
if (!empty($this->options['inherit_arguments']) && !empty($this->view->args)) {
return $view->preview(NULL, $this->view->args);
}
else {
if (!empty($this->options['inherit_arguments']) && !empty($this->view->args)) {
return $view->preview($display_id, $this->view->args);
}
else {
return $view->preview($display_id);
}
return $view->preview(NULL);
}
}
return '';
}
/**
* Loads the used view for rendering.
*
* @return \view|NULL
* The loaded view or NULL, in case the view was not loadable / recursion
* got detected / access got denied.
*/
protected function loadView() {
if (empty($this->options['view_to_insert'])) {
return NULL;
}
list($view_name, $display_id) = explode(':', $this->options['view_to_insert']);
$view = views_get_view($view_name);
if (empty($view) || !$view->access($display_id)) {
return NULL;
}
$view->set_display($display_id);
// Avoid recursion.
$view->parent_views += $this->view->parent_views;
$view->parent_views[] = "$view_name:$display_id";
// Check if the view is part of the parent views of this view.
$search = "$view_name:$display_id";
if (in_array($search, $this->view->parent_views)) {
drupal_set_message(t("Recursion detected in view @view display @display.", array('@view' => $view_name, '@display' => $display_id)), 'error');
return NULL;
}
return $view;
}
}

5
sites/all/modules/views/handlers/views_handler_argument.inc
View File

@@ -419,7 +419,7 @@ class views_handler_argument extends views_handler {
// Let the plugins do validation.
$default_id = $form_state['values']['options']['default_argument_type'];
$plugin = $this->get_plugin('argument default', $default_id);
if ($plugin) {
if ($plugin && isset($form['argument_default'][$default_id]) && isset($form_state['values']['options']['argument_default'][$default_id])) {
$plugin->options_validate($form['argument_default'][$default_id], $form_state, $form_state['values']['options']['argument_default'][$default_id]);
}
@@ -1075,9 +1075,6 @@ class views_handler_argument extends views_handler {
$argument = clone $this;
if (!isset($arg) && $argument->has_default_argument()) {
$arg = $argument->get_default_argument();
// remember that this argument was computed, not passed on the URL.
$this->is_default = TRUE;
}
// Set the argument, which will also validate that the argument can be set.
if ($argument->set_argument($arg)) {

65
sites/all/modules/views/handlers/views_handler_field_contextual_links.inc
View File

@@ -10,35 +10,7 @@
*
* @ingroup views_field_handlers
*/
class views_handler_field_contextual_links extends views_handler_field {
function option_definition() {
$options = parent::option_definition();
$options['fields'] = array('default' => array());
$options['destination'] = array('default' => TRUE, 'bool' => TRUE);
return $options;
}
function options_form(&$form, &$form_state) {
$all_fields = $this->view->display_handler->get_field_labels();
// Offer to include only those fields that follow this one.
$field_options = array_slice($all_fields, 0, array_search($this->options['id'], array_keys($all_fields)));
$form['fields'] = array(
'#type' => 'checkboxes',
'#title' => t('Fields'),
'#description' => t('Fields to be included as contextual links.'),
'#options' => $field_options,
'#default_value' => $this->options['fields'],
);
$form['destination'] = array(
'#type' => 'checkbox',
'#title' => t('Include destination'),
'#description' => t('Include a "destination" parameter in the link to return the user to the original view upon completing the contextual action.'),
'#default_value' => $this->options['destination'],
);
}
class views_handler_field_contextual_links extends views_handler_field_links {
function pre_render(&$values) {
// Add a row plugin css class for the contextual link.
$class = 'contextual-links-region';
@@ -50,35 +22,18 @@ class views_handler_field_contextual_links extends views_handler_field {
}
}
function options_form(&$form, &$form_state) {
parent::options_form($form, $form_state);
$form['fields']['#description'] = t('Fields to be included as contextual links.');
$form['destination']['#description'] = t('Include a "destination" parameter in the link to return the user to the original view upon completing the contextual action.');
}
/**
* Render the contextual fields.
*/
function render($values) {
$links = array();
foreach ($this->options['fields'] as $field) {
if (empty($this->view->style_plugin->rendered_fields[$this->view->row_index][$field])) {
continue;
}
$title = $this->view->field[$field]->last_render_text;
$path = '';
if (!empty($this->view->field[$field]->options['alter']['path'])) {
$path = $this->view->field[$field]->options['alter']['path'];
}
if (!empty($title) && !empty($path)) {
// Make sure that tokens are replaced for this paths as well.
$tokens = $this->get_render_tokens(array());
$path = strip_tags(decode_entities(strtr($path, $tokens)));
$links[$field] = array(
'href' => $path,
'title' => $title,
);
if (!empty($this->options['destination'])) {
$links[$field]['query'] = drupal_get_destination();
}
}
}
$links = $this->get_links();
if (!empty($links)) {
$build = array(
'#prefix' => '<div class="contextual-links-wrapper">',
@@ -97,6 +52,4 @@ class views_handler_field_contextual_links extends views_handler_field {
return '';
}
}
function query() { }
}

55
sites/all/modules/views/handlers/views_handler_field_ctools_dropdown.inc Normal file
View File

@@ -0,0 +1,55 @@
<?php
/**
* @file
* Definition of views_handler_field_ctools_dropdown.
*/
/**
* Field handler which displays some amount of links as ctools dropdown button.
*
* @ingroup views_field_handlers
*/
class views_handler_field_ctools_dropdown extends views_handler_field_links {
function option_definition() {
$options = parent::option_definition();
$options['views_admin_css'] = array('default' => TRUE, 'bool' => TRUE);
return $options;
}
function options_form(&$form, &$form_state) {
parent::options_form($form, $form_state);
$form['fields']['#description'] = t('Fields to be included as ctools dropdown button.');
$form['destination']['#description'] = t('Include a "destination" parameter in the link to return the user to the original view upon completing a link action.');
$form['views_admin_css'] = array(
'#type' => 'checkbox',
'#title' => t('Include Views admin CSS'),
'#description' => t("Add additional css to match the style of the Views admin screen."),
'#default_value' => $this->options['views_admin_css'],
);
}
/**
* Render the dropdown button.
*/
function render($values) {
static $added_admin_css;
$links = $this->get_links();
if (!empty($links)) {
if (!empty($this->options['views_admin_css']) && !$added_admin_css) {
views_include('admin');
views_ui_add_admin_css();
$added_admin_css = TRUE;
}
return theme('links__ctools_dropbutton', array('links' => $links, 'attributes' => array('class' => array('links', 'inline'))));
}
else {
return '';
}
}
}

155
sites/all/modules/views/handlers/views_handler_field_links.inc Normal file
View File

@@ -0,0 +1,155 @@
<?php
/**
* @file
* Definition of views_handler_field_links.
*/
/**
* A abstract handler which provides a collection of links.
*
* @ingroup views_field_handlers
*/
class views_handler_field_links extends views_handler_field {
/**
* Overrides views_handler_field::option_definition().
*/
function option_definition() {
$options = parent::option_definition();
$options['fields'] = array('default' => array());
$options['check_access'] = array('default' => FALSE);
$options['destination'] = array('default' => TRUE, 'bool' => TRUE);
return $options;
}
/**
* Overrides views_handler_field::options_form().
*/
function options_form(&$form, &$form_state) {
parent::options_form($form, $form_state);
$all_fields = $this->view->display_handler->get_field_labels();
// Offer to include only those fields that follow this one.
$field_options = array_slice($all_fields, 0, array_search($this->options['id'], array_keys($all_fields)));
$form['fields'] = array(
'#type' => 'checkboxes',
'#title' => t('Fields'),
'#description' => t('Fields to be included as links.'),
'#options' => $field_options,
'#default_value' => $this->options['fields'],
'#required' => TRUE,
);
$form['check_access'] = array(
'#type' => 'checkbox',
'#title' => t('Evaluate router path for access'),
'#default_value' => $this->options['check_access'],
'#description' => t('Will check if the path exists and is accessible for the current user. Might be useful, might be slow.'),
);
$form['destination'] = array(
'#type' => 'checkbox',
'#title' => t('Include destination'),
'#description' => t('Include a "destination" parameter in the link to return the user to the original view upon completing the link action.'),
'#default_value' => $this->options['destination'],
);
}
/**
* Overrides views_handler_field::options_form().
*/
function options_submit(&$form, &$form_state) {
// Remove unselected options.
$form_state['values']['options']['fields'] = array_filter($form_state['values']['options']['fields']);
}
/**
* Return the list of links of this field.
*
* @return array
* The links which are used by the render function.
*/
function get_links() {
$links = array();
foreach ($this->options['fields'] as $field) {
if (empty($this->view->field[$field]->last_render_text)) {
continue;
}
$title = $this->view->field[$field]->last_render_text;
// Use the alter settings for the link field source not this links field.
$alter = $this->view->field[$field]->options['alter'];
$url = array('query' => array());
// Copy code from views_handler_field::render_as_link().
$path = $alter['path'];
if (!empty($path) && $path != '<front>') {
// Leave path alone on <front> as strip_tags() would remove this.
// Replace tokens and strip any HTML tags in the path.
$tokens = $this->get_render_tokens(array());
$path = strip_tags(decode_entities(strtr($path, $tokens)));
if (!empty($alter['path_case']) && $alter['path_case'] != 'none') {
$path = $this->case_transform($path, $alter['path_case']);
}
if (!empty($alter['replace_spaces'])) {
$path = str_replace(' ', '-', $path);
}
$url = drupal_parse_url($path);
if (empty($url)) {
// Seriously malformed URLs may return FALSE or empty arrays.
continue;
}
$path = $url['path'];
// Check router menu item access for the current user.
if ($this->options['check_access']) {
$menu_item = menu_get_item($path);
if (!$menu_item || empty($menu_item['access'])) {
continue;
}
}
if (!empty($this->options['destination']) && empty($alter['external'])) {
// Override any destination argument included in URL.
$url['query'] = array_merge($url['query'], drupal_get_destination());
}
// Omit tweaks of query, fragment, and link_class.
$alt = strtr($alter['alt'], $tokens);
if ($alt && $alt != $title) {
// Set the title attribute only if it improves accessibility.
$url['attributes']['title'] = decode_entities($alt);
}
if (!empty($alter['rel']) && $rel = strtr($alter['rel'], $tokens)) {
$url['attributes']['rel'] = $rel;
}
$target = check_plain(trim(strtr($alter['target'], $tokens)));
if (!empty($target)) {
$url['attributes']['target'] = $target;
}
}
$links[$field] = array(
'href' => $path,
'title' => $title,
) + $url;
}
return $links;
}
/**
* Overrides views_handler_field::query().
*/
function query() { }
}

2
sites/all/modules/views/handlers/views_handler_field_math.inc
View File

@@ -26,7 +26,7 @@ class views_handler_field_math extends views_handler_field_numeric {
$form['expression'] = array(
'#type' => 'textarea',
'#title' => t('Expression'),
'#description' => t('Enter mathematical expressions such as 2 + 2 or sqrt(5). You may assign variables and create mathematical functions and evaluate them. Use the ; to separate these. For example: f(x) = x + 2; f(2).'),
'#description' => t("Enter mathematical expressions such as 2 + 2 or sqrt(5). You may assign variables and create mathematical functions and evaluate them. Use the ; to separate these. For example: f(x) = x + 2; f(2). The result of the previous row's mathematical expression can be accessed by using the [expression] token itself."),
'#default_value' => $this->options['expression'],
);

11
sites/all/modules/views/handlers/views_handler_field_numeric.inc
View File

@@ -107,6 +107,12 @@ class views_handler_field_numeric extends views_handler_field {
function render($values) {
$value = $this->get_value($values);
// Hiding should happen before rounding or adding prefix/suffix.
if ($this->options['hide_empty'] && empty($value) && ($value !== 0 || $this->options['empty_zero'])) {
return '';
}
if (!empty($this->options['set_precision'])) {
$value = number_format($value, $this->options['precision'], $this->options['decimal'], $this->options['separator']);
}
@@ -120,11 +126,6 @@ class views_handler_field_numeric extends views_handler_field {
}
}
// Check to see if hiding should happen before adding prefix and suffix.
if ($this->options['hide_empty'] && empty($value) && ($value !== 0 || $this->options['empty_zero'])) {
return '';
}
// Should we format as a plural.
if (!empty($this->options['format_plural'])) {
$value = format_plural($value, $this->options['format_plural_singular'], $this->options['format_plural_plural']);

5
sites/all/modules/views/handlers/views_handler_filter_combine.inc
View File

@@ -54,6 +54,11 @@ class views_handler_filter_combine extends views_handler_filter_string {
$fields = array();
// Only add the fields if they have a proper field and table alias.
foreach ($this->options['fields'] as $id) {
// Field access checks may have removed this handler.
if (!isset($this->view->field[$id])) {
continue;
}
$field = $this->view->field[$id];
// Always add the table of the selected fields to be sure a table alias
// exists.

18
sites/all/modules/views/handlers/views_handler_filter_date.inc
View File

@@ -158,13 +158,11 @@ class views_handler_filter_date extends views_handler_filter_numeric {
}
function op_between($field) {
$a = intval(strtotime($this->value['min'], 0));
$b = intval(strtotime($this->value['max'], 0));
// Use the substitutions to ensure a consistent timestamp.
$query_substitutions = views_views_query_substitutions($this->view);
$a = intval(strtotime($this->value['min'], $query_substitutions['***CURRENT_TIME***']));
$b = intval(strtotime($this->value['max'], $query_substitutions['***CURRENT_TIME***']));
if ($this->value['type'] == 'offset') {
$a = '***CURRENT_TIME***' . sprintf('%+d', $a); // keep sign
$b = '***CURRENT_TIME***' . sprintf('%+d', $b); // keep sign
}
// This is safe because we are manually scrubbing the values.
// It is necessary to do it this way because $a and $b are formulas when using an offset.
$operator = strtoupper($this->operator);
@@ -172,10 +170,10 @@ class views_handler_filter_date extends views_handler_filter_numeric {
}
function op_simple($field) {
$value = intval(strtotime($this->value['value'], 0));
if (!empty($this->value['type']) && $this->value['type'] == 'offset') {
$value = '***CURRENT_TIME***' . sprintf('%+d', $value); // keep sign
}
// Use the substitutions to ensure a consistent timestamp.
$query_substitutions = views_views_query_substitutions($this->view);
$value = intval(strtotime($this->value['value'], $query_substitutions['***CURRENT_TIME***']));
// This is safe because we are manually scrubbing the value.
// It is necessary to do it this way because $value is a formula when using an offset.
$this->query->add_where_expression($this->options['group'], "$field $this->operator $value");