contrib modules security updates
This commit is contained in:
Bachir Soussi Chiadmi
@@ -18,6 +18,7 @@ function views_bulk_operations_archive_action_info() {
|
||||
// "Create an advanced action" dropdown on admin/config/system/actions.
|
||||
'configurable' => FALSE,
|
||||
'vbo_configurable' => TRUE,
|
||||
'behavior' => array('views_property'),
|
||||
'triggers' => array('any'),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -0,0 +1,79 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @file
|
||||
* Implements actions for managing books (book.module).
|
||||
*/
|
||||
|
||||
function views_bulk_operations_book_action_info() {
|
||||
$actions = array();
|
||||
if (module_exists('book')) {
|
||||
$actions['views_bulk_operations_move_to_book_action'] = array(
|
||||
'type' => 'node',
|
||||
'label' => t('Move to book'),
|
||||
'configurable' => TRUE,
|
||||
'behavior' => array('changes_property'),
|
||||
'triggers' => array('any'),
|
||||
);
|
||||
$actions['views_bulk_operations_remove_from_book_action'] = array(
|
||||
'type' => 'node',
|
||||
'label' => t('Remove from book'),
|
||||
'configurable' => FALSE,
|
||||
'triggers' => array('any'),
|
||||
);
|
||||
}
|
||||
|
||||
return $actions;
|
||||
}
|
||||
|
||||
function views_bulk_operations_move_to_book_action_form($context) {
|
||||
$form = array();
|
||||
if (!isset($context['book'])) {
|
||||
$context['book'] = '';
|
||||
}
|
||||
$options = array();
|
||||
$books = book_get_books();
|
||||
foreach ($books as $value) {
|
||||
$options[$value['nid']] = $value['title'];
|
||||
}
|
||||
|
||||
if (empty($options)) {
|
||||
drupal_set_message(t('You have no books.'), 'error');
|
||||
return array();
|
||||
}
|
||||
|
||||
$form['book'] = array(
|
||||
'#type' => 'select',
|
||||
'#title' => t('Choose a parent book'),
|
||||
'#options' => $options,
|
||||
'#description' => t('Select the parent book page you wish to move the book page into'),
|
||||
);
|
||||
return $form;
|
||||
}
|
||||
|
||||
function views_bulk_operations_move_to_book_action_submit($form, $form_state) {
|
||||
return array('book' => $form_state['values']['book']);
|
||||
}
|
||||
|
||||
function views_bulk_operations_move_to_book_action($node, $context = array()) {
|
||||
if (isset($context['book'])) {
|
||||
$book_node = node_load($context['book']);
|
||||
$mlid = db_select('menu_links' , 'ml')
|
||||
->condition('ml.link_path' , 'node/' . $node->nid)
|
||||
->fields('ml' , array('mlid'))
|
||||
->execute()
|
||||
->fetchField();
|
||||
$node->book['mlid'] = $mlid;
|
||||
$node->book['bid'] = $book_node->nid;
|
||||
$node->book['plid'] = $book_node->book['mlid'];
|
||||
$node->book['module'] = 'book';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds the action 'Remove node from a parent book'
|
||||
*/
|
||||
function views_bulk_operations_remove_from_book_action($node, $context) {
|
||||
$book = $node->book['mlid'];
|
||||
book_node_delete($node);
|
||||
}
|
||||
@@ -14,6 +14,13 @@ function views_bulk_operations_delete_action_info() {
|
||||
'behavior' => array('deletes_property'),
|
||||
'triggers' => array('any'),
|
||||
),
|
||||
'views_bulk_operations_delete_revision' => array(
|
||||
'type' => 'entity',
|
||||
'label' => t('Delete revision'),
|
||||
'configurable' => FALSE,
|
||||
'behavior' => array('deletes_property'),
|
||||
'triggers' => array('any'),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -23,3 +30,9 @@ function views_bulk_operations_delete_item($entity, $context) {
|
||||
|
||||
entity_delete($context['entity_type'], $entity_id);
|
||||
}
|
||||
|
||||
function views_bulk_operations_delete_revision($entity, $context) {
|
||||
$info = entity_get_info($context['entity_type']);
|
||||
$revision_id = $entity->{$info['entity keys']['revision']};
|
||||
entity_revision_delete($context['entity_type'], $revision_id);
|
||||
}
|
||||
|
||||
@@ -29,15 +29,19 @@ function views_bulk_operations_modify_action_info() {
|
||||
*/
|
||||
function views_bulk_operations_modify_action($entity, $context) {
|
||||
list(,,$bundle_name) = entity_extract_ids($context['entity_type'], $entity);
|
||||
|
||||
// Handle Field API fields.
|
||||
if (!empty($context['selected']['bundle_' . $bundle_name])) {
|
||||
// The pseudo entity is cloned so that changes to it don't get carried
|
||||
// over to the next execution.
|
||||
$pseudo_entity = clone $context['entities'][$bundle_name];
|
||||
foreach ($context['selected']['bundle_' . $bundle_name] as $key) {
|
||||
// Get this field's language. We can just pull it from the pseudo entity
|
||||
// as it was created using field_attach_form and entity_language so it's
|
||||
// already been figured out if this field is translatable or not and
|
||||
// applied the appropriate language code to the field
|
||||
$language = key($pseudo_entity->{$key});
|
||||
// Replace any tokens that might exist in the field columns.
|
||||
foreach ($pseudo_entity->{$key}[LANGUAGE_NONE] as $delta => &$item) {
|
||||
foreach ($pseudo_entity->{$key}[$language] as $delta => &$item) {
|
||||
foreach ($item as $column => $value) {
|
||||
if (is_string($value)) {
|
||||
$item[$column] = token_replace($value, array($context['entity_type'] => $entity), array('sanitize' => FALSE));
|
||||
@@ -46,11 +50,11 @@ function views_bulk_operations_modify_action($entity, $context) {
|
||||
}
|
||||
|
||||
if (in_array($key, $context['append']['bundle_' . $bundle_name]) && !empty($entity->$key)) {
|
||||
$entity->{$key}[LANGUAGE_NONE] = array_merge($entity->{$key}[LANGUAGE_NONE], $pseudo_entity->{$key}[LANGUAGE_NONE]);
|
||||
$entity->{$key}[$language] = array_merge($entity->{$key}[$language], $pseudo_entity->{$key}[$language]);
|
||||
|
||||
// Check if we breached cardinality, and notify the user.
|
||||
$field_info = field_info_field($key);
|
||||
$field_count = count($entity->{$key}[LANGUAGE_NONE]);
|
||||
$field_count = count($entity->{$key}[$language]);
|
||||
if ($field_info['cardinality'] != FIELD_CARDINALITY_UNLIMITED && $field_count > $field_info['cardinality']) {
|
||||
$entity_label = entity_label($context['entity_type'], $entity);
|
||||
$warning = t('Tried to set !field_count values for field !field_name that supports a maximum of !cardinality.',
|
||||
@@ -59,9 +63,14 @@ function views_bulk_operations_modify_action($entity, $context) {
|
||||
'!cardinality' => $field_info['cardinality']));
|
||||
drupal_set_message($warning, 'warning', FALSE);
|
||||
}
|
||||
|
||||
// Prevent storing duplicate references.
|
||||
if (strpos($field_info['type'], 'reference') !== FALSE) {
|
||||
$entity->{$key}[$language] = array_unique($entity->{$key}[LANGUAGE_NONE], SORT_REGULAR);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$entity->$key = $pseudo_entity->$key;
|
||||
$entity->{$key}[$language] = $pseudo_entity->{$key}[$language];
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -73,6 +82,11 @@ function views_bulk_operations_modify_action($entity, $context) {
|
||||
// The wrapper will automatically modify $entity itself.
|
||||
$wrapper = entity_metadata_wrapper($context['entity_type'], $entity);
|
||||
foreach ($context['selected']['properties'] as $key) {
|
||||
if (!$wrapper->$key->access('update')) {
|
||||
// No access.
|
||||
continue;
|
||||
}
|
||||
|
||||
if (in_array($key, $context['append']['properties'])) {
|
||||
$old_values = $wrapper->$key->value();
|
||||
$wrapper->$key->set($context['properties'][$key]);
|
||||
@@ -125,7 +139,7 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
if (!empty($properties)) {
|
||||
$form['properties'] = array(
|
||||
'#type' => 'fieldset',
|
||||
'#title' => 'Properties',
|
||||
'#title' => t('Properties'),
|
||||
);
|
||||
$form['properties']['show_value'] = array(
|
||||
'#suffix' => '<div class="clearfix"></div>',
|
||||
@@ -148,6 +162,11 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
),
|
||||
),
|
||||
);
|
||||
// The default #maxlength for textfields is 128, while most varchar
|
||||
// columns hold 255 characters, which makes it a saner default here.
|
||||
if ($determined_type == 'textfield') {
|
||||
$form['properties'][$key]['#maxlength'] = 255;
|
||||
}
|
||||
|
||||
if (!empty($property['options list'])) {
|
||||
$form['properties'][$key]['#type'] = 'select';
|
||||
@@ -170,6 +189,8 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
}
|
||||
}
|
||||
|
||||
// Going to need this for multilingual nodes
|
||||
global $language;
|
||||
foreach ($bundles as $bundle_name => $bundle) {
|
||||
$bundle_key = $info['entity keys']['bundle'];
|
||||
$default_values = array();
|
||||
@@ -177,6 +198,7 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
if (!empty($bundle_key)) {
|
||||
$default_values[$bundle_key] = $bundle_name;
|
||||
}
|
||||
$default_values['language'] = $language->language;
|
||||
$entity = entity_create($context['entity_type'], $default_values);
|
||||
$form_state['entities'][$bundle_name] = $entity;
|
||||
|
||||
@@ -195,7 +217,7 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
'#title' => $label,
|
||||
'#parents' => array($form_key),
|
||||
);
|
||||
field_attach_form($context['entity_type'], $entity, $form[$form_key], $form_state, LANGUAGE_NONE);
|
||||
field_attach_form($context['entity_type'], $entity, $form[$form_key], $form_state, entity_language($context['entity_type'], $entity));
|
||||
// Now that all the widgets have been added, sort them by #weight.
|
||||
// This ensures that they will stay in the correct order when they get
|
||||
// assigned new weights.
|
||||
@@ -206,8 +228,10 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
$weight = 0;
|
||||
foreach (element_get_visible_children($form[$form_key]) as $field_name) {
|
||||
// For our use case it makes no sense for any field widget to be required.
|
||||
$language = $form[$form_key][$field_name]['#language'];
|
||||
_views_bulk_operations_modify_action_unset_required($form[$form_key][$field_name][$language]);
|
||||
if (isset($form[$form_key][$field_name]['#language'])) {
|
||||
$field_language = $form[$form_key][$field_name]['#language'];
|
||||
_views_bulk_operations_modify_action_unset_required($form[$form_key][$field_name][$field_language]);
|
||||
}
|
||||
|
||||
// The admin has specified which fields to display, but this field didn't
|
||||
// make the cut. Hide it with #access => FALSE and move on.
|
||||
@@ -216,32 +240,34 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$field = $instances[$field_name];
|
||||
$form[$form_key]['show_value'][$field_name] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => $field['label'],
|
||||
);
|
||||
$form[$form_key][$field_name]['#states'] = array(
|
||||
'visible' => array(
|
||||
'#edit-bundle-' . str_replace('_', '-', $bundle_name) . '-show-value-' . str_replace('_', '-', $field_name) => array('checked' => TRUE),
|
||||
),
|
||||
);
|
||||
// All field widgets get reassigned weights so that additional elements
|
||||
// added between them (such as "_append") can be properly ordered.
|
||||
$form[$form_key][$field_name]['#weight'] = $weight++;
|
||||
|
||||
$field_info = field_info_field($field_name);
|
||||
if ($field_info['cardinality'] != 1) {
|
||||
$form[$form_key]['_append::' . $field_name] = array(
|
||||
if (isset($instances[$field_name])) {
|
||||
$field = $instances[$field_name];
|
||||
$form[$form_key]['show_value'][$field_name] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Add new value(s) to %label, instead of overwriting the existing values.', array('%label' => $field['label'])),
|
||||
'#states' => array(
|
||||
'visible' => array(
|
||||
'#edit-bundle-' . str_replace('_', '-', $bundle_name) . '-show-value-' . str_replace('_', '-', $field_name) => array('checked' => TRUE),
|
||||
),
|
||||
),
|
||||
'#weight' => $weight++,
|
||||
'#title' => $field['label'],
|
||||
);
|
||||
$form[$form_key][$field_name]['#states'] = array(
|
||||
'visible' => array(
|
||||
'#edit-bundle-' . str_replace('_', '-', $bundle_name) . '-show-value-' . str_replace('_', '-', $field_name) => array('checked' => TRUE),
|
||||
),
|
||||
);
|
||||
// All field widgets get reassigned weights so that additional elements
|
||||
// added between them (such as "_append") can be properly ordered.
|
||||
$form[$form_key][$field_name]['#weight'] = $weight++;
|
||||
|
||||
$field_info = field_info_field($field_name);
|
||||
if ($field_info['cardinality'] != 1) {
|
||||
$form[$form_key]['_append::' . $field_name] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Add new value(s) to %label, instead of overwriting the existing values.', array('%label' => $field['label'])),
|
||||
'#states' => array(
|
||||
'visible' => array(
|
||||
'#edit-bundle-' . str_replace('_', '-', $bundle_name) . '-show-value-' . str_replace('_', '-', $field_name) => array('checked' => TRUE),
|
||||
),
|
||||
),
|
||||
'#weight' => $weight++,
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -277,7 +303,7 @@ function views_bulk_operations_modify_action_form($context, &$form_state) {
|
||||
$token_type = str_replace('_', '-', $entity_type);
|
||||
$form['tokens'] = array(
|
||||
'#type' => 'fieldset',
|
||||
'#title' => 'Available tokens',
|
||||
'#title' => t('Available tokens'),
|
||||
'#collapsible' => TRUE,
|
||||
'#collapsed' => TRUE,
|
||||
'#weight' => 998,
|
||||
@@ -411,8 +437,12 @@ function _views_bulk_operations_modify_action_get_properties($entity_type, $disp
|
||||
// List of supported types.
|
||||
$supported_types = array('text', 'token', 'integer', 'decimal', 'date', 'duration',
|
||||
'boolean', 'uri', 'list');
|
||||
|
||||
$property_info = entity_get_property_info($entity_type);
|
||||
if (empty($property_info['properties'])) {
|
||||
// Stop here if no properties were found.
|
||||
return array();
|
||||
}
|
||||
|
||||
foreach ($property_info['properties'] as $key => $property) {
|
||||
if (in_array($key, $disabled_properties)) {
|
||||
continue;
|
||||
@@ -463,27 +493,38 @@ function _views_bulk_operations_modify_action_get_bundles($entity_type, $context
|
||||
$bundles = array();
|
||||
|
||||
$view = $context['view'];
|
||||
$vbo = _views_bulk_operations_get_field($view);
|
||||
$display_values = $context['settings']['display_values'];
|
||||
$info = entity_get_info($entity_type);
|
||||
$bundle_key = $info['entity keys']['bundle'];
|
||||
|
||||
// Check if this View has a filter on the bundle key and assemble a list
|
||||
// of allowed bundles according to the filter.
|
||||
$filtered_bundles = array();
|
||||
if (!empty($bundle_key) && isset($view->filter[$bundle_key]) && !empty($view->filter[$bundle_key]->value)) {
|
||||
$operator = $view->filter[$bundle_key]->operator;
|
||||
if ($operator == 'in') {
|
||||
$filtered_bundles = $view->filter[$bundle_key]->value;
|
||||
}
|
||||
elseif ($operator == 'not in') {
|
||||
$bundle_names = array_keys($info['bundles']);
|
||||
$filtered_bundles = array_diff($bundle_names, $view->filter[$bundle_key]->value);
|
||||
$filtered_bundles = array_keys($info['bundles']);
|
||||
|
||||
// Go over all the filters and find any relevant ones.
|
||||
foreach ($view->filter as $key => $filter) {
|
||||
// Check it's the right field on the right table.
|
||||
if ($filter->table == $vbo->table && $filter->field == $bundle_key) {
|
||||
// Exposed filters may have no bundles, so check that there is a value.
|
||||
if (empty($filter->value)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$operator = $filter->operator;
|
||||
if ($operator == 'in') {
|
||||
$filtered_bundles = array_intersect($filtered_bundles, $filter->value);
|
||||
}
|
||||
elseif ($operator == 'not in') {
|
||||
$filtered_bundles = array_diff($filtered_bundles, $filter->value);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($info['bundles'] as $bundle_name => $bundle) {
|
||||
// The view is limited to specific bundles, but this bundle isn't one of
|
||||
// them. Ignore it.
|
||||
if (!empty($filtered_bundles) && !in_array($bundle_name, $filtered_bundles)) {
|
||||
if (!in_array($bundle_name, $filtered_bundles)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -575,6 +616,7 @@ function views_bulk_operations_modify_action_views_bulk_operations_form($options
|
||||
'#multiple' => TRUE,
|
||||
'#description' => t('Select which values the action form should present to the user.'),
|
||||
'#default_value' => $options['display_values'],
|
||||
'#size' => 10,
|
||||
);
|
||||
return $form;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,82 @@
|
||||
<?php
|
||||
/**
|
||||
* @file
|
||||
* VBO action to cancel user accounts.
|
||||
*/
|
||||
|
||||
function views_bulk_operations_user_cancel_action_info() {
|
||||
return array('views_bulk_operations_user_cancel_action' => array(
|
||||
'type' => 'user',
|
||||
'label' => t('Cancel user account'),
|
||||
'configurable' => TRUE,
|
||||
'behavior' => array('deletes_property'),
|
||||
'triggers' => array('any'),
|
||||
));
|
||||
}
|
||||
|
||||
function views_bulk_operations_user_cancel_action_form($context) {
|
||||
module_load_include('inc', 'user', 'user.pages');
|
||||
$form['user_cancel_method'] = array(
|
||||
'#type' => 'item',
|
||||
'#title' => t('When cancelling these accounts'),
|
||||
);
|
||||
$form['user_cancel_method'] += user_cancel_methods();
|
||||
// Remove method descriptions.
|
||||
foreach (element_children($form['user_cancel_method']) as $element) {
|
||||
unset($form['user_cancel_method'][$element]['#description']);
|
||||
}
|
||||
$admin_access = user_access('administer users');
|
||||
$default_notify = variable_get('user_mail_status_canceled_notify', FALSE);
|
||||
$form['user_cancel_notify'] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Notify user when account is canceled.'),
|
||||
'#default_value' => ($admin_access ? FALSE : $default_notify),
|
||||
'#access' => $admin_access && $default_notify,
|
||||
'#description' => t('When enabled, the user will receive an e-mail notification after the account has been cancelled.'),
|
||||
);
|
||||
|
||||
return $form;
|
||||
}
|
||||
|
||||
function views_bulk_operations_user_cancel_action_submit($form, $form_state) {
|
||||
return array(
|
||||
'user_cancel_method' => $form_state['values']['user_cancel_method'],
|
||||
'user_cancel_notify' => $form_state['values']['user_cancel_notify'],
|
||||
);
|
||||
}
|
||||
|
||||
function views_bulk_operations_user_cancel_action($account, $context) {
|
||||
global $user;
|
||||
// Prevent the user from cancelling itself.
|
||||
if ($account->uid == $user->uid) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Allow other modules to react on the cancellation.
|
||||
if ($context['user_cancel_method'] != 'user_cancel_delete') {
|
||||
module_invoke_all('user_cancel', array(), $account, $context['user_cancel_method']);
|
||||
}
|
||||
|
||||
switch ($context['user_cancel_method']) {
|
||||
case 'user_cancel_block':
|
||||
case 'user_cancel_block_unpublish':
|
||||
default:
|
||||
// Send account blocked notification if option was checked.
|
||||
if (!empty($context['user_cancel_notify'])) {
|
||||
_user_mail_notify('status_blocked', $account);
|
||||
}
|
||||
user_save($account, array('status' => 0));
|
||||
watchdog('user', 'Blocked user: %name %email.', array('%name' => $account->name, '%email' => '<' . $account->mail . '>'), WATCHDOG_NOTICE);
|
||||
break;
|
||||
|
||||
case 'user_cancel_reassign':
|
||||
case 'user_cancel_delete':
|
||||
// Send account canceled notification if option was checked.
|
||||
if (!empty($context['user_cancel_notify'])) {
|
||||
_user_mail_notify('status_canceled', $account);
|
||||
}
|
||||
user_delete($account->uid);
|
||||
watchdog('user', 'Deleted user: %name %email.', array('%name' => $account->name, '%email' => '<' . $account->mail . '>'), WATCHDOG_NOTICE);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -45,24 +45,19 @@ function views_bulk_operations_user_roles_action_submit($form, $form_state) {
|
||||
);
|
||||
}
|
||||
|
||||
function views_bulk_operations_user_roles_action(&$user, $context) {
|
||||
$roles = $user->roles;
|
||||
$selected = (is_array($context['add_roles']) ? $context['add_roles'] : array()) +
|
||||
(is_array($context['remove_roles']) ? $context['remove_roles'] : array());
|
||||
$result = db_query("SELECT rid, name FROM {role} WHERE rid IN (:selected)", array(':selected' => array_keys($selected)));
|
||||
foreach ($result as $role) {
|
||||
if (isset($context['add_roles'][$role->rid])) {
|
||||
$add_roles[$role->rid] = $role->name;
|
||||
}
|
||||
if (isset($context['remove_roles'][$role->rid])) {
|
||||
$remove_roles[$role->rid] = $role->name;
|
||||
}
|
||||
function views_bulk_operations_user_roles_action($user, $context) {
|
||||
$wrapper = entity_metadata_wrapper('user', $user);
|
||||
if (!$wrapper->roles->access("update")) {
|
||||
// No access.
|
||||
return;
|
||||
}
|
||||
if (!empty($add_roles)) {
|
||||
$roles += $add_roles;
|
||||
$roles = $wrapper->roles->value();
|
||||
if (is_array($context['add_roles'])) {
|
||||
$roles = array_merge($roles, $context['add_roles']);
|
||||
}
|
||||
if (!empty($remove_roles)) {
|
||||
$roles = array_diff($roles, $remove_roles);
|
||||
if (is_array($context['remove_roles'])) {
|
||||
$roles = array_diff($roles, $context['remove_roles']);
|
||||
}
|
||||
user_save($user, array('roles' => $roles));
|
||||
$wrapper->roles->set($roles);
|
||||
$wrapper->save();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user