bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security update core+modules

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-26 18:38:56 +02:00
parent 2f45ea820a
commit 7c96373038
1022 changed files with 30319 additions and 11259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/file/file.field.inc
View File

@@ -92,6 +92,7 @@ function file_field_instance_settings_form($field, $instance) {
'#description' => t('Separate extensions with a space or comma and do not include the leading dot.'),
'#element_validate' => array('_file_generic_settings_extensions'),
'#weight' => 1,
'#maxlength' => 256,
// By making this field required, we prevent a potential security issue
// that would allow files of any type to be uploaded.
'#required' => TRUE,
@@ -186,7 +187,7 @@ function file_field_load($entity_type, $entities, $field, $instances, $langcode,
$items[$id][$delta] = NULL;
}
else {
$items[$id][$delta] = array_merge($item, (array) $files[$item['fid']]);
$items[$id][$delta] = array_merge((array) $files[$item['fid']], $item);
}
}
}
@@ -215,8 +216,16 @@ function file_field_presave($entity_type, $entity, $field, $instance, $langcode,
// Make sure that each file which will be saved with this object has a
// permanent status, so that it will not be removed when temporary files are
// cleaned up.
foreach ($items as $item) {
foreach ($items as $delta => $item) {
if (empty($item['fid'])) {
unset($items[$delta]);
continue;
}
$file = file_load($item['fid']);
if (empty($file)) {
unset($items[$delta]);
continue;
}
if (!$file->status) {
$file->status = FILE_STATUS_PERMANENT;
file_save($file);
@@ -243,6 +252,12 @@ function file_field_insert($entity_type, $entity, $field, $instance, $langcode,
* Checks for files that have been removed from the object.
*/
function file_field_update($entity_type, $entity, $field, $instance, $langcode, &$items) {
// Check whether the field is defined on the object.
if (!isset($entity->{$field['field_name']})) {
// We cannot check for removed files if the field is not defined.
return;
}
list($id, $vid, $bundle) = entity_extract_ids($entity_type, $entity);
// On new revisions, all files are considered to be a new usage and no
@@ -261,8 +276,16 @@ function file_field_update($entity_type, $entity, $field, $instance, $langcode,
$current_fids[] = $item['fid'];
}
// Compare the original field values with the ones that are being saved.
$original = $entity->original;
// Compare the original field values with the ones that are being saved. Use
// $entity->original to check this when possible, but if it isn't available,
// create a bare-bones entity and load its previous values instead.
if (isset($entity->original)) {
$original = $entity->original;
}
else {
$original = entity_create_stub_entity($entity_type, array($id, $vid, $bundle));
field_attach_load($entity_type, array($id => $original), FIELD_LOAD_CURRENT, array('field_id' => $field['id']));
}
$original_fids = array();
if (!empty($original->{$field['field_name']}[$langcode])) {
foreach ($original->{$field['field_name']}[$langcode] as $original_item) {
@@ -752,7 +775,7 @@ function file_field_widget_submit($form, &$form_state) {
$langcode = $element['#language'];
$parents = $element['#field_parents'];
$submitted_values = drupal_array_get_nested_value($form_state['values'], array_slice($button['#array_parents'], 0, -2));
$submitted_values = drupal_array_get_nested_value($form_state['values'], array_slice($button['#parents'], 0, -2));
foreach ($submitted_values as $delta => $submitted_value) {
if (!$submitted_value['fid']) {
unset($submitted_values[$delta]);
@@ -763,7 +786,7 @@ function file_field_widget_submit($form, &$form_state) {
$submitted_values = array_values($submitted_values);
// Update form_state values.
drupal_array_set_nested_value($form_state['values'], array_slice($button['#array_parents'], 0, -2), $submitted_values);
drupal_array_set_nested_value($form_state['values'], array_slice($button['#parents'], 0, -2), $submitted_values);
// Update items.
$field_state = field_form_get_state($parents, $field_name, $langcode, $form_state);