security update core+modules
This commit is contained in:
Bachir Soussi Chiadmi
@@ -4,3 +4,9 @@ package = Core
|
||||
version = VERSION
|
||||
core = 7.x
|
||||
files[] = color.test
|
||||
|
||||
; Information added by Drupal.org packaging script on 2015-04-02
|
||||
version = "7.36"
|
||||
project = "drupal"
|
||||
datestamp = "1427943826"
|
||||
|
||||
|
||||
@@ -240,6 +240,7 @@ function color_scheme_form($complete_form, &$form_state, $theme) {
|
||||
$form['palette'][$name] = array(
|
||||
'#type' => 'textfield',
|
||||
'#title' => check_plain($names[$name]),
|
||||
'#value_callback' => 'color_palette_color_value',
|
||||
'#default_value' => $value,
|
||||
'#size' => 8,
|
||||
);
|
||||
@@ -294,6 +295,52 @@ function theme_color_scheme_form($variables) {
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines the value for a palette color field.
|
||||
*
|
||||
* @param $element
|
||||
* The form element whose value is being populated.
|
||||
* @param $input
|
||||
* The incoming input to populate the form element. If this is FALSE,
|
||||
* the element's default value should be returned.
|
||||
* @param $form_state
|
||||
* A keyed array containing the current state of the form.
|
||||
*
|
||||
* @return
|
||||
* The data that will appear in the $form_state['values'] collection for this
|
||||
* element. Return nothing to use the default.
|
||||
*/
|
||||
function color_palette_color_value($element, $input = FALSE, $form_state = array()) {
|
||||
// If we suspect a possible cross-site request forgery attack, only accept
|
||||
// hexadecimal CSS color strings from user input, to avoid problems when this
|
||||
// value is used in the JavaScript preview.
|
||||
if ($input !== FALSE) {
|
||||
// Start with the provided value for this textfield, and validate that if
|
||||
// necessary, falling back on the default value.
|
||||
$value = form_type_textfield_value($element, $input, $form_state);
|
||||
if (!$value || !isset($form_state['complete form']['#token']) || color_valid_hexadecimal_string($value) || drupal_valid_token($form_state['values']['form_token'], $form_state['complete form']['#token'])) {
|
||||
return $value;
|
||||
}
|
||||
else {
|
||||
return $element['#default_value'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if a hexadecimal CSS color string is valid.
|
||||
*
|
||||
* @param $color
|
||||
* The string to check.
|
||||
*
|
||||
* @return
|
||||
* TRUE if the string is a valid hexadecimal CSS color string, or FALSE if it
|
||||
* isn't.
|
||||
*/
|
||||
function color_valid_hexadecimal_string($color) {
|
||||
return preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color);
|
||||
}
|
||||
|
||||
/**
|
||||
* Form validation handler for color_scheme_form().
|
||||
*
|
||||
@@ -302,7 +349,7 @@ function theme_color_scheme_form($variables) {
|
||||
function color_scheme_form_validate($form, &$form_state) {
|
||||
// Only accept hexadecimal CSS color strings to avoid XSS upon use.
|
||||
foreach ($form_state['values']['palette'] as $key => $color) {
|
||||
if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) {
|
||||
if (!color_valid_hexadecimal_string($color)) {
|
||||
form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title'])));
|
||||
}
|
||||
}
|
||||
@@ -346,9 +393,10 @@ function color_scheme_form_submit($form, &$form_state) {
|
||||
// memory_get_usage(), therefore we won't inadvertently reject a color
|
||||
// scheme change based on a faulty memory calculation.
|
||||
$usage = memory_get_usage(TRUE);
|
||||
$limit = parse_size(ini_get('memory_limit'));
|
||||
if ($usage + $required > $limit) {
|
||||
drupal_set_message(t('There is not enough memory available to PHP to change this theme\'s color scheme. You need at least %size more. Check the <a href="@url">PHP documentation</a> for more information.', array('%size' => format_size($usage + $required - $limit), '@url' => 'http://www.php.net/manual/ini.core.php#ini.sect.resource-limits')), 'error');
|
||||
$memory_limit = ini_get('memory_limit');
|
||||
$size = parse_size($memory_limit);
|
||||
if (!drupal_check_memory_limit($usage + $required, $memory_limit)) {
|
||||
drupal_set_message(t('There is not enough memory available to PHP to change this theme\'s color scheme. You need at least %size more. Check the <a href="@url">PHP documentation</a> for more information.', array('%size' => format_size($usage + $required - $size), '@url' => 'http://www.php.net/manual/ini.core.php#ini.sect.resource-limits')), 'error');
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user