security update core+modules
This commit is contained in:
Bachir Soussi Chiadmi
@@ -246,7 +246,7 @@ function file_ajax_upload() {
|
||||
return array('#type' => 'ajax', '#commands' => $commands);
|
||||
}
|
||||
|
||||
list($form, $form_state) = ajax_get_form();
|
||||
list($form, $form_state, $form_id, $form_build_id, $commands) = ajax_get_form();
|
||||
|
||||
if (!$form) {
|
||||
// Invalid form_build_id.
|
||||
@@ -284,7 +284,6 @@ function file_ajax_upload() {
|
||||
$js = drupal_add_js();
|
||||
$settings = call_user_func_array('array_merge_recursive', $js['settings']['data']);
|
||||
|
||||
$commands = array();
|
||||
$commands[] = ajax_command_replace(NULL, $output, $settings);
|
||||
return array('#type' => 'ajax', '#commands' => $commands);
|
||||
}
|
||||
@@ -358,6 +357,10 @@ function file_file_delete($file) {
|
||||
* support for a default value.
|
||||
*/
|
||||
function file_managed_file_process($element, &$form_state, $form) {
|
||||
// Append the '-upload' to the #id so the field label's 'for' attribute
|
||||
// corresponds with the file element.
|
||||
$original_id = $element['#id'];
|
||||
$element['#id'] .= '-upload';
|
||||
$fid = isset($element['#value']['fid']) ? $element['#value']['fid'] : 0;
|
||||
|
||||
// Set some default element properties.
|
||||
@@ -367,7 +370,7 @@ function file_managed_file_process($element, &$form_state, $form) {
|
||||
|
||||
$ajax_settings = array(
|
||||
'path' => 'file/ajax/' . implode('/', $element['#array_parents']) . '/' . $form['form_build_id']['#value'],
|
||||
'wrapper' => $element['#id'] . '-ajax-wrapper',
|
||||
'wrapper' => $original_id . '-ajax-wrapper',
|
||||
'effect' => 'fade',
|
||||
'progress' => array(
|
||||
'type' => $element['#progress_indicator'],
|
||||
@@ -462,13 +465,13 @@ function file_managed_file_process($element, &$form_state, $form) {
|
||||
$element['upload']['#attached']['js'] = array(
|
||||
array(
|
||||
'type' => 'setting',
|
||||
'data' => array('file' => array('elements' => array('#' . $element['#id'] . '-upload' => $extension_list)))
|
||||
'data' => array('file' => array('elements' => array('#' . $element['#id'] => $extension_list)))
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
// Prefix and suffix used for Ajax replacement.
|
||||
$element['#prefix'] = '<div id="' . $element['#id'] . '-ajax-wrapper">';
|
||||
$element['#prefix'] = '<div id="' . $original_id . '-ajax-wrapper">';
|
||||
$element['#suffix'] = '</div>';
|
||||
|
||||
return $element;
|
||||
@@ -479,6 +482,7 @@ function file_managed_file_process($element, &$form_state, $form) {
|
||||
*/
|
||||
function file_managed_file_value(&$element, $input = FALSE, $form_state = NULL) {
|
||||
$fid = 0;
|
||||
$force_default = FALSE;
|
||||
|
||||
// Find the current value of this field from the form state.
|
||||
$form_state_fid = $form_state['values'];
|
||||
@@ -511,15 +515,35 @@ function file_managed_file_value(&$element, $input = FALSE, $form_state = NULL)
|
||||
$callback($element, $input, $form_state);
|
||||
}
|
||||
}
|
||||
// Load file if the FID has changed to confirm it exists.
|
||||
if (isset($input['fid']) && $file = file_load($input['fid'])) {
|
||||
$fid = $file->fid;
|
||||
// If a FID was submitted, load the file (and check access if it's not a
|
||||
// public file) to confirm it exists and that the current user has access
|
||||
// to it.
|
||||
if (isset($input['fid']) && ($file = file_load($input['fid']))) {
|
||||
// By default the public:// file scheme provided by Drupal core is the
|
||||
// only one that allows files to be publicly accessible to everyone, so
|
||||
// it is the only one for which the file access checks are bypassed.
|
||||
// Other modules which provide publicly accessible streams of their own
|
||||
// in hook_stream_wrappers() can add the corresponding scheme to the
|
||||
// 'file_public_schema' variable to bypass file access checks for those
|
||||
// as well. This should only be done for schemes that are completely
|
||||
// publicly accessible, with no download restrictions; for security
|
||||
// reasons all other schemes must go through the file_download_access()
|
||||
// check.
|
||||
if (in_array(file_uri_scheme($file->uri), variable_get('file_public_schema', array('public'))) || file_download_access($file->uri)) {
|
||||
$fid = $file->fid;
|
||||
}
|
||||
// If the current user doesn't have access, don't let the file be
|
||||
// changed.
|
||||
else {
|
||||
$force_default = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If there is no input, set the default value.
|
||||
else {
|
||||
// If there is no input or if the default value was requested above, use the
|
||||
// default value.
|
||||
if ($input === FALSE || $force_default) {
|
||||
if ($element['#extended']) {
|
||||
$default_fid = isset($element['#default_value']['fid']) ? $element['#default_value']['fid'] : 0;
|
||||
$return = isset($element['#default_value']) ? $element['#default_value'] : array('fid' => 0);
|
||||
|
||||
Reference in New Issue
Block a user