bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security update core+modules

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-26 18:38:56 +02:00
parent 2f45ea820a
commit 7c96373038
1022 changed files with 30319 additions and 11259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
modules/image/image.module
View File

@@ -254,7 +254,7 @@ function image_form_system_file_system_settings_alter(&$form, &$form_state) {
}
/**
* Submit handler for the file system settings form.
* Form submission handler for system_file_system_settings().
*
* Adds a menu rebuild after the public file path has been changed, so that the
* menu router item depending on that file path will be regenerated.
@@ -312,9 +312,9 @@ function image_file_download($uri) {
return -1;
}
// Private file access for the original files. Note that we only
// check access for non-temporary images, since file.module will
// grant access for all temporary files.
// Private file access for the original files. Note that we only check access
// for non-temporary images, since file.module will grant access for all
// temporary files.
$files = file_load_multiple(array(), array('uri' => $uri));
if (count($files)) {
$file = reset($files);
@@ -347,6 +347,7 @@ function image_image_default_styles() {
$styles = array();
$styles['thumbnail'] = array(
'label' => 'Thumbnail (100x100)',
'effects' => array(
array(
'name' => 'image_scale',
@@ -357,6 +358,7 @@ function image_image_default_styles() {
);
$styles['medium'] = array(
'label' => 'Medium (220x220)',
'effects' => array(
array(
'name' => 'image_scale',
@@ -367,6 +369,7 @@ function image_image_default_styles() {
);
$styles['large'] = array(
'label' => 'Large (480x480)',
'effects' => array(
array(
'name' => 'image_scale',
@@ -537,7 +540,7 @@ function image_field_update_instance($instance, $prior_instance) {
}
/**
* Clear cached versions of a specific file in all styles.
* Clears cached versions of a specific file in all styles.
*
* @param $path
* The Drupal file path to the original image.
@@ -553,7 +556,7 @@ function image_path_flush($path) {
}
/**
* Get an array of all styles and their settings.
* Gets an array of all styles and their settings.
*
* @return
* An array of styles keyed by the image style ID (isid).
@@ -575,6 +578,7 @@ function image_styles() {
$module_styles = module_invoke($module, 'image_default_styles');
foreach ($module_styles as $style_name => $style) {
$style['name'] = $style_name;
$style['label'] = empty($style['label']) ? $style_name : $style['label'];
$style['module'] = $module;
$style['storage'] = IMAGE_STORAGE_DEFAULT;
foreach ($style['effects'] as $key => $effect) {
@@ -614,7 +618,9 @@ function image_styles() {
}
/**
* Load a style by style name or ID. May be used as a loader for menu items.
* Loads a style by style name or ID.
*
* May be used as a loader for menu items.
*
* @param $name
* The name of the style.
@@ -623,6 +629,7 @@ function image_styles() {
* @param $include
* If set, this loader will restrict to a specific type of image style, may be
* one of the defined Image style storage constants.
*
* @return
* An image style array containing the following keys:
* - "isid": The unique image style ID.
@@ -660,12 +667,20 @@ function image_style_load($name = NULL, $isid = NULL, $include = NULL) {
}
/**
* Save an image style.
* Saves an image style.
*
* @param style
* An image style array.
* @return
* An image style array. In the case of a new style, 'isid' will be populated.
* @param array $style
* An image style array containing:
* - name: A unique name for the style.
* - isid: (optional) An image style ID.
*
* @return array
* An image style array containing:
* - name: An unique name for the style.
* - old_name: The original name for the style.
* - isid: An image style ID.
* - is_new: TRUE if this is a new style, and FALSE if it is an existing
* style.
*/
function image_style_save($style) {
if (isset($style['isid']) && is_numeric($style['isid'])) {
@@ -678,6 +693,10 @@ function image_style_save($style) {
}
}
else {
// Add a default label when not given.
if (empty($style['label'])) {
$style['label'] = $style['name'];
}
drupal_write_record('image_styles', $style);
$style['is_new'] = TRUE;
}
@@ -692,13 +711,14 @@ function image_style_save($style) {
}
/**
* Delete an image style.
* Deletes an image style.
*
* @param $style
* An image style array.
* @param $replacement_style_name
* (optional) When deleting a style, specify a replacement style name so
* that existing settings (if any) may be converted to a new style.
*
* @return
* TRUE on success.
*/
@@ -717,14 +737,17 @@ function image_style_delete($style, $replacement_style_name = '') {
}
/**
* Load all the effects for an image style.
* Loads all the effects for an image style.
*
* @param $style
* An image style array.
* @return
* @param array $style
* An image style array containing:
* - isid: The unique image style ID that contains this image effect.
*
* @return array
* An array of image effects associated with specified image style in the
* format array('isid' => array()), or an empty array if the specified style
* has no effects.
* @see image_effects()
*/
function image_style_effects($style) {
$effects = image_effects();
@@ -739,23 +762,32 @@ function image_style_effects($style) {
}
/**
* Get an array of image styles suitable for using as select list options.
* Gets an array of image styles suitable for using as select list options.
*
* @param $include_empty
* If TRUE a <none> option will be inserted in the options array.
* @param $output
* Optional flag determining how the options will be sanitized on output.
* Leave this at the default (CHECK_PLAIN) if you are using the output of
* this function directly in an HTML context, such as for checkbox or radio
* button labels, and do not plan to sanitize it on your own. If using the
* output of this function as select list options (its primary use case), you
* should instead set this flag to PASS_THROUGH to avoid double-escaping of
* the output (the form API sanitizes select list options by default).
*
* @return
* Array of image styles both key and value are set to style name.
* Array of image styles with the machine name as key and the label as value.
*/
function image_style_options($include_empty = TRUE) {
function image_style_options($include_empty = TRUE, $output = CHECK_PLAIN) {
$styles = image_styles();
$options = array();
if ($include_empty && !empty($styles)) {
$options[''] = t('<none>');
}
// Use the array concatenation operator '+' here instead of array_merge(),
// because the latter loses the datatype of the array keys, turning
// associative string keys into numeric ones without warning.
$options = $options + drupal_map_assoc(array_keys($styles));
foreach ($styles as $name => $style) {
$options[$name] = ($output == PASS_THROUGH) ? $style['label'] : check_plain($style['label']);
}
if (empty($options)) {
$options[''] = t('No defined styles');
}
@@ -763,7 +795,7 @@ function image_style_options($include_empty = TRUE) {
}
/**
* Menu callback; Given a style and image path, generate a derivative.
* Page callback: Generates a derivative, given a style and image path.
*
* After generating an image, transfer it to the requesting agent.
*
@@ -780,9 +812,11 @@ function image_style_deliver($style, $scheme) {
// derivative token is valid. (Sites which require image derivatives to be
// generated without a token can set the 'image_allow_insecure_derivatives'
// variable to TRUE to bypass the latter check, but this will increase the
// site's vulnerability to denial-of-service attacks.)
// site's vulnerability to denial-of-service attacks. To prevent this
// variable from leaving the site vulnerable to the most serious attacks, a
// token is always required when a derivative of a derivative is requested.)
$valid = !empty($style) && file_stream_wrapper_valid_scheme($scheme);
if (!variable_get('image_allow_insecure_derivatives', FALSE)) {
if (!variable_get('image_allow_insecure_derivatives', FALSE) || strpos(ltrim($target, '\/'), 'styles/') === 0) {
$valid = $valid && isset($_GET[IMAGE_DERIVATIVE_TOKEN]) && $_GET[IMAGE_DERIVATIVE_TOKEN] === image_style_path_token($style['name'], $scheme . '://' . $target);
}
if (!$valid) {
@@ -801,7 +835,7 @@ function image_style_deliver($style, $scheme) {
else {
$headers = module_invoke_all('file_download', $image_uri);
if (in_array(-1, $headers) || empty($headers)) {
return drupal_access_denied();
return MENU_ACCESS_DENIED;
}
if (count($headers)) {
foreach ($headers as $name => $value) {
@@ -811,6 +845,12 @@ function image_style_deliver($style, $scheme) {
}
}
// Confirm that the original source image exists before trying to process it.
if (!is_file($image_uri)) {
watchdog('image', 'Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', array('%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri));
return MENU_NOT_FOUND;
}
// Don't start generating the image if the derivative already exists or if
// generation is in progress in another thread.
$lock_name = 'image_style_deliver:' . $style['name'] . ':' . drupal_hash_base64($image_uri);
@@ -820,6 +860,7 @@ function image_style_deliver($style, $scheme) {
// Tell client to retry again in 3 seconds. Currently no browsers are known
// to support Retry-After.
drupal_add_http_header('Status', '503 Service Unavailable');
drupal_add_http_header('Content-Type', 'text/html; charset=utf-8');
drupal_add_http_header('Retry-After', 3);
print t('Image generation in progress. Try again shortly.');
drupal_exit();
@@ -841,6 +882,7 @@ function image_style_deliver($style, $scheme) {
else {
watchdog('image', 'Unable to generate the derived image located at %path.', array('%path' => $derivative_uri));
drupal_add_http_header('Status', '500 Internal Server Error');
drupal_add_http_header('Content-Type', 'text/html; charset=utf-8');
print t('Error generating image.');
drupal_exit();
}
@@ -867,6 +909,11 @@ function image_style_deliver($style, $scheme) {
* @see image_style_load()
*/
function image_style_create_derivative($style, $source, $destination) {
// If the source file doesn't exist, return FALSE without creating folders.
if (!$image = image_load($source)) {
return FALSE;
}
// Get the folder for the final location of this style.
$directory = drupal_dirname($destination);
@@ -876,10 +923,6 @@ function image_style_create_derivative($style, $source, $destination) {
return FALSE;
}
if (!$image = image_load($source)) {
return FALSE;
}
foreach ($style['effects'] as $effect) {
image_effect_apply($image, $effect);
}
@@ -928,15 +971,18 @@ function image_style_transform_dimensions($style_name, array &$dimensions) {
}
/**
* Flush cached media for a style.
* Flushes cached media for a style.
*
* @param $style
* An image style array.
*/
function image_style_flush($style) {
$style_directory = drupal_realpath(file_default_scheme() . '://styles/' . $style['name']);
if (is_dir($style_directory)) {
file_unmanaged_delete_recursive($style_directory);
// Delete the style directory in each registered wrapper.
$wrappers = file_get_stream_wrappers(STREAM_WRAPPERS_WRITE_VISIBLE);
foreach ($wrappers as $wrapper => $wrapper_data) {
if (file_exists($directory = $wrapper . '://styles/' . $style['name'])) {
file_unmanaged_delete_recursive($directory);
}
}
// Let other modules update as necessary on flush.
@@ -960,12 +1006,13 @@ function image_style_flush($style) {
}
/**
* Return the URL for an image derivative given a style and image path.
* Returns the URL for an image derivative given a style and image path.
*
* @param $style_name
* The name of the style to be used with this image.
* @param $path
* The path to the image.
*
* @return
* The absolute URL where a style image can be downloaded, suitable for use
* in an <img> tag. Requesting the URL will cause the image to be created.
@@ -973,10 +1020,22 @@ function image_style_flush($style) {
*/
function image_style_url($style_name, $path) {
$uri = image_style_path($style_name, $path);
// The passed-in $path variable can be either a relative path or a full URI.
$original_uri = file_uri_scheme($path) ? file_stream_wrapper_uri_normalize($path) : file_build_uri($path);
// The token query is added even if the 'image_allow_insecure_derivatives'
// variable is TRUE, so that the emitted links remain valid if it is changed
// back to the default FALSE.
$token_query = array(IMAGE_DERIVATIVE_TOKEN => image_style_path_token($style_name, $path));
// However, sites which need to prevent the token query from being emitted at
// all can additionally set the 'image_suppress_itok_output' variable to TRUE
// to achieve that (if both are set, the security token will neither be
// emitted in the image derivative URL nor checked for in
// image_style_deliver()).
$token_query = array();
if (!variable_get('image_suppress_itok_output', FALSE)) {
$token_query = array(IMAGE_DERIVATIVE_TOKEN => image_style_path_token($style_name, $original_uri));
}
// If not using clean URLs, the image derivative callback is only available
// with the query string. If the file does not exist, use url() to ensure
@@ -988,8 +1047,12 @@ function image_style_url($style_name, $path) {
}
$file_url = file_create_url($uri);
// Append the query string with the token.
return $file_url . (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
// Append the query string with the token, if necessary.
if ($token_query) {
$file_url .= (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);
}
return $file_url;
}
/**
@@ -1014,7 +1077,7 @@ function image_style_path_token($style_name, $uri) {
}
/**
* Return the URI of an image when using a style.
* Returns the URI of an image when using a style.
*
* The path returned by this function may not exist. The default generation
* method only creates images when they are requested by a user's browser.
@@ -1023,6 +1086,7 @@ function image_style_path_token($style_name, $uri) {
* The name of the style to be used with this image.
* @param $uri
* The URI or path to the image.
*
* @return
* The URI to an image style image.
* @see image_style_url()
@@ -1040,10 +1104,11 @@ function image_style_path($style_name, $uri) {
}
/**
* Save a default image style to the database.
* Saves a default image style to the database.
*
* @param style
* An image style array provided by a module.
*
* @return
* An image style array. The returned style array will include the new 'isid'
* assigned to the style.
@@ -1061,7 +1126,7 @@ function image_default_style_save($style) {
}
/**
* Revert the changes made by users to a default image style.
* Reverts the changes made by users to a default image style.
*
* @param style
* An image style array.
@@ -1078,7 +1143,10 @@ function image_default_style_revert($style) {
}
/**
* Pull in image effects exposed by modules implementing hook_image_effect_info().
* Returns a set of image effects.
*
* These image effects are exposed by modules implementing
* hook_image_effect_info().
*
* @return
* An array of image effects to be used when transforming images.
@@ -1120,7 +1188,7 @@ function image_effect_definitions() {
}
/**
* Load the definition for an image effect.
* Loads the definition for an image effect.
*
* The effect definition is a set of core properties for an image effect, not
* containing any user-settings. The definition defines various functions to
@@ -1132,6 +1200,7 @@ function image_effect_definitions() {
* The name of the effect definition to load.
* @param $style
* An image style array to which this effect will be added.
*
* @return
* An array containing the image effect definition with the following keys:
* - "effect": The unique name for the effect being performed. Usually prefixed
@@ -1159,7 +1228,7 @@ function image_effect_definition_load($effect, $style_name = NULL) {
}
/**
* Load all image effects from the database.
* Loads all image effects from the database.
*
* @return
* An array of all image effects.
@@ -1191,7 +1260,7 @@ function image_effects() {
}
/**
* Load a single image effect.
* Loads a single image effect.
*
* @param $ieid
* The image effect ID.
@@ -1200,6 +1269,7 @@ function image_effects() {
* @param $include
* If set, this loader will restrict to a specific type of image style, may be
* one of the defined Image style storage constants.
*
* @return
* An image effect array, consisting of the following keys:
* - "ieid": The unique image effect ID.
@@ -1221,10 +1291,11 @@ function image_effect_load($ieid, $style_name, $include = NULL) {
}
/**
* Save an image effect.
* Saves an image effect.
*
* @param $effect
* An image effect array.
*
* @return
* An image effect array. In the case of a new effect, 'ieid' will be set.
*/
@@ -1241,7 +1312,7 @@ function image_effect_save($effect) {
}
/**
* Delete an image effect.
* Deletes an image effect.
*
* @param $effect
* An image effect array.
@@ -1253,12 +1324,13 @@ function image_effect_delete($effect) {
}
/**
* Given an image object and effect, perform the effect on the file.
* Applies an image effect to the image object.
*
* @param $image
* An image object returned by image_load().
* @param $effect
* An image effect array.
*
* @return
* TRUE on success. FALSE if unable to perform the image effect on the image.
*/
@@ -1309,7 +1381,7 @@ function theme_image_style($variables) {
}
/**
* Accept a keyword (center, top, left, etc) and return it as a pixel offset.
* Accepts a keyword (center, top, left, etc) and returns it as a pixel offset.
*
* @param $value
* @param $current_pixels