bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security update core+modules

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-26 18:38:56 +02:00
parent 2f45ea820a
commit 7c96373038
1022 changed files with 30319 additions and 11259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
modules/system/system.install
View File

@@ -6,12 +6,7 @@
*/
/**
* Test and report Drupal installation requirements.
*
* @param $phase
* The current system installation phase.
* @return
* An array of system requirements.
* Implements hook_requirements().
*/
function system_requirements($phase) {
global $base_url;
@@ -208,7 +203,7 @@ function system_requirements($phase) {
'value' => $memory_limit == -1 ? t('-1 (Unlimited)') : $memory_limit,
);
if ($memory_limit && $memory_limit != -1 && parse_size($memory_limit) < parse_size(DRUPAL_MINIMUM_PHP_MEMORY_LIMIT)) {
if (!drupal_check_memory_limit(DRUPAL_MINIMUM_PHP_MEMORY_LIMIT, $memory_limit)) {
$description = '';
if ($phase == 'install') {
$description = $t('Consider increasing your PHP memory limit to %memory_minimum_limit to help prevent errors in the installation process.', array('%memory_minimum_limit' => DRUPAL_MINIMUM_PHP_MEMORY_LIMIT));
@@ -258,6 +253,39 @@ function system_requirements($phase) {
$requirements['settings.php']['title'] = $t('Configuration file');
}
// Test the contents of the .htaccess files.
if ($phase == 'runtime') {
// Try to write the .htaccess files first, to prevent false alarms in case
// (for example) the /tmp directory was wiped.
file_ensure_htaccess();
$htaccess_files['public://.htaccess'] = array(
'title' => $t('Public files directory'),
'directory' => variable_get('file_public_path', conf_path() . '/files'),
);
if ($private_files_directory = variable_get('file_private_path')) {
$htaccess_files['private://.htaccess'] = array(
'title' => $t('Private files directory'),
'directory' => $private_files_directory,
);
}
$htaccess_files['temporary://.htaccess'] = array(
'title' => $t('Temporary files directory'),
'directory' => variable_get('file_temporary_path', file_directory_temp()),
);
foreach ($htaccess_files as $htaccess_file => $info) {
// Check for the string which was added to the recommended .htaccess file
// in the latest security update.
if (!file_exists($htaccess_file) || !($contents = @file_get_contents($htaccess_file)) || strpos($contents, 'Drupal_Security_Do_Not_Remove_See_SA_2013_003') === FALSE) {
$requirements[$htaccess_file] = array(
'title' => $info['title'],
'value' => $t('Not fully protected'),
'severity' => REQUIREMENT_ERROR,
'description' => $t('See <a href="@url">@url</a> for information about the recommended .htaccess file which should be added to the %directory directory to help protect against arbitrary code execution.', array('@url' => 'http://drupal.org/SA-CORE-2013-003', '%directory' => $info['directory'])),
);
}
}
}
// Report cron status.
if ($phase == 'runtime') {
// Cron warning threshold defaults to two days.
@@ -516,7 +544,7 @@ function system_install() {
->execute();
// Populate the cron key variable.
$cron_key = drupal_hash_base64(drupal_random_bytes(55));
$cron_key = drupal_random_key();
variable_set('cron_key', $cron_key);
}
@@ -744,6 +772,7 @@ function system_schema() {
'type' => 'varchar',
'length' => 100,
'not null' => TRUE,
'binary' => TRUE,
),
'type' => array(
'description' => 'The date format type, e.g. medium.',
@@ -829,6 +858,7 @@ function system_schema() {
'filesize' => array(
'description' => 'The size of the file in bytes.',
'type' => 'int',
'size' => 'big',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0,
@@ -1742,7 +1772,7 @@ function system_update_7000() {
* Generate a cron key and save it in the variables table.
*/
function system_update_7001() {
variable_set('cron_key', drupal_hash_base64(drupal_random_bytes(55)));
variable_set('cron_key', drupal_random_key());
}
/**
@@ -1889,7 +1919,7 @@ function system_update_7007() {
$result = db_query("SELECT rid, perm FROM {permission} ORDER BY rid ASC");
$query = db_insert('role_permission')->fields(array('rid', 'permission'));
foreach ($result as $role) {
foreach (explode(', ', $role->perm) as $perm) {
foreach (array_unique(explode(', ', $role->perm)) as $perm) {
$query->values(array(
'rid' => $role->rid,
'permission' => $perm,
@@ -1982,7 +2012,7 @@ function system_update_7013() {
$timezone = 'UTC';
}
variable_set('date_default_timezone', $timezone);
drupal_set_message('The default time zone has been set to <em>' . check_plain($timezone) . '</em>. Check the ' . l('date and time configuration page', 'admin/config/regional/settings') . ' to configure it correctly.', 'warning');
drupal_set_message(format_string('The default time zone has been set to %timezone. Check the <a href="@config-url">date and time configuration page</a> to configure it correctly.', array('%timezone' => $timezone, '@config-url' => url('admin/config/regional/settings'))), 'warning');
// Remove temporary override.
variable_del('date_temporary_timezone');
}
@@ -2758,12 +2788,14 @@ function system_update_7061(&$sandbox) {
// Retrieve a list of node revisions that have uploaded files attached.
// DISTINCT queries are expensive, especially when paged, so we store the
// data in its own table for the duration of the update.
$table = array(
'description' => t('Stores temporary data for system_update_7061.'),
'fields' => array('vid' => array('type' => 'int')),
'primary key' => array('vid'),
);
db_create_table('system_update_7061', $table);
if (!db_table_exists('system_update_7061')) {
$table = array(
'description' => t('Stores temporary data for system_update_7061.'),
'fields' => array('vid' => array('type' => 'int')),
'primary key' => array('vid'),
);
db_create_table('system_update_7061', $table);
}
$query = db_select('upload', 'u');
$query->distinct();
$query->addField('u','vid');
@@ -2822,7 +2854,14 @@ function system_update_7061(&$sandbox) {
// We will convert filepaths to URI using the default scheme
// and stripping off the existing file directory path.
$file['uri'] = $scheme . preg_replace('!^' . preg_quote($basename) . '!', '', $file['filepath']);
$file['uri'] = file_stream_wrapper_uri_normalize($file['uri']);
// Normalize the URI but don't call file_stream_wrapper_uri_normalize()
// directly, since that is a higher-level API function which invokes
// hooks while validating the scheme, and those will not work during
// the upgrade. Instead, use a simpler version that just assumes the
// scheme from above is already valid.
if (($file_uri_scheme = file_uri_scheme($file['uri'])) && ($file_uri_target = file_uri_target($file['uri']))) {
$file['uri'] = $file_uri_scheme . '://' . $file_uri_target;
}
unset($file['filepath']);
// Insert into the file_managed table.
// Each fid should only be stored once in file_managed.
@@ -3032,6 +3071,7 @@ function system_update_7073() {
'default' => '',
'binary' => TRUE,
));
db_drop_unique_key('file_managed', 'uri');
db_change_field('file_managed', 'uri', 'uri', array(
'description' => 'The URI to access the file (either local or remote).',
'type' => 'varchar',
@@ -3040,6 +3080,7 @@ function system_update_7073() {
'default' => '',
'binary' => TRUE,
));
db_add_unique_key('file_managed', 'uri', array('uri'));
}
/**
@@ -3086,6 +3127,36 @@ function system_update_7077() {
));
}
/**
* Add binary to {date_formats}.format.
*/
function system_update_7078() {
db_drop_unique_key('date_formats', 'formats');
db_change_field('date_formats', 'format', 'format', array(
'description' => 'The date format string.',
'type' => 'varchar',
'length' => 100,
'not null' => TRUE,
'binary' => TRUE,
), array('unique keys' => array('formats' => array('format', 'type'))));
}
/**
* Convert the 'filesize' column in {file_managed} to a bigint.
*/
function system_update_7079() {
$spec = array(
'description' => 'The size of the file in bytes.',
'type' => 'int',
'size' => 'big',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0,
);
db_change_field('file_managed', 'filesize', 'filesize', $spec);
}
/**
* @} End of "defgroup updates-7.x-extra".
* The next series of updates should start at 8000.