security update core+modules
This commit is contained in:
Bachir Soussi Chiadmi
@@ -42,13 +42,19 @@ class context_reaction_block extends context_reaction {
|
||||
$group = isset($block->context_group) ? $block->context_group : $block->module;
|
||||
if (!isset($form['selector'][$group])) {
|
||||
$form['selector'][$group] = array(
|
||||
'#type' => 'checkboxes',
|
||||
'#type' => 'fieldset',
|
||||
'#collapsible' => TRUE,
|
||||
'#collapsed' => TRUE,
|
||||
'#title' => isset($block->context_group) ? $block->context_group : $modules[$block->module],
|
||||
);
|
||||
$form['selector'][$group]['checkboxes'] = array(
|
||||
'#type' => 'checkboxes',
|
||||
'#options' => array(),
|
||||
);
|
||||
}
|
||||
$form['selector'][$group]['#options'][$block->bid] = check_plain($block->info);
|
||||
$form['selector'][$group]['checkboxes']['#options'][$block->bid] = check_plain($block->info);
|
||||
}
|
||||
|
||||
ksort($form['selector']);
|
||||
|
||||
/**
|
||||
@@ -58,7 +64,7 @@ class context_reaction_block extends context_reaction {
|
||||
'#tree' => TRUE,
|
||||
'#theme' => 'context_block_regions_form',
|
||||
);
|
||||
foreach (system_region_list($theme_key, REGIONS_VISIBLE) as $region => $label) {
|
||||
foreach ($this->system_region_list($theme_key, REGIONS_VISIBLE) as $region => $label) {
|
||||
$form['blocks'][$region] = array(
|
||||
'#type' => 'item',
|
||||
'#title' => $label,
|
||||
@@ -215,7 +221,7 @@ class context_reaction_block extends context_reaction {
|
||||
}
|
||||
|
||||
// Populate all block regions
|
||||
$all_regions = system_region_list($theme);
|
||||
$all_regions = $this->system_region_list($theme);
|
||||
|
||||
// Load all region content assigned via blocks.
|
||||
foreach (array_keys($all_regions) as $region) {
|
||||
@@ -255,7 +261,7 @@ class context_reaction_block extends context_reaction {
|
||||
*/
|
||||
protected function is_enabled_region($region) {
|
||||
global $theme;
|
||||
$regions = array_keys(system_region_list($theme));
|
||||
$regions = array_keys($this->system_region_list($theme));
|
||||
return in_array($region, $regions, TRUE);
|
||||
}
|
||||
|
||||
@@ -272,7 +278,7 @@ class context_reaction_block extends context_reaction {
|
||||
static $requirements;
|
||||
if (!isset($requirements) || $reset) {
|
||||
global $user;
|
||||
if ($user->uid) {
|
||||
if ($user->uid && user_access('administer contexts') && variable_get('context_ui_dialog_enabled', FALSE)) {
|
||||
$requirements = TRUE;
|
||||
drupal_add_library('system', 'ui.droppable');
|
||||
drupal_add_library('system', 'ui.sortable');
|
||||
@@ -290,7 +296,7 @@ class context_reaction_block extends context_reaction {
|
||||
return FALSE;
|
||||
}
|
||||
// Check that this region is not hidden
|
||||
$visible = system_region_list($theme, REGIONS_VISIBLE);
|
||||
$visible = $this->system_region_list($theme, REGIONS_VISIBLE);
|
||||
return $requirements && $this->is_enabled_region($region) && isset($visible[$region]);
|
||||
}
|
||||
|
||||
@@ -299,15 +305,7 @@ class context_reaction_block extends context_reaction {
|
||||
*/
|
||||
protected function editable_block($block) {
|
||||
if (!empty($block->content)) {
|
||||
$block->content = array(
|
||||
'content' => $block->content,
|
||||
'context' => array('#markup' => "<a id='context-block-{$block->module}-{$block->delta}' class='context-block editable edit-{$block->context}'></a>"),
|
||||
);
|
||||
//Contextual links are in the wrong spot in the render array once we've nested them
|
||||
if (isset($block->content['content']['#contextual_links'])) {
|
||||
$block->content['#contextual_links'] = $block->content['content']['#contextual_links'];
|
||||
unset($block->content['content']['#contextual_links']);
|
||||
}
|
||||
$block->content['#theme_wrappers'][] = 'context_block_edit_wrap';
|
||||
}
|
||||
else {
|
||||
// the block alter in context.module should ensure that blocks are never
|
||||
@@ -328,7 +326,7 @@ class context_reaction_block extends context_reaction {
|
||||
context_isset('context_ui', 'context_ui_editor_present'))
|
||||
) {
|
||||
global $theme;
|
||||
$regions = system_region_list($theme);
|
||||
$regions = $this->system_region_list($theme);
|
||||
$name = isset($regions[$region]) ? $regions[$region] : $region;
|
||||
// The negative weight + sorted will push our region marker to the top of the region
|
||||
$build['context'] = array(
|
||||
@@ -388,13 +386,29 @@ class context_reaction_block extends context_reaction {
|
||||
}
|
||||
|
||||
$this->is_editable_check($context_blocks);
|
||||
foreach ($context_blocks as $r => $blocks) {
|
||||
$context_blocks[$r] = _block_render_blocks($blocks);
|
||||
global $theme;
|
||||
$active_regions = $this->system_region_list($theme);
|
||||
|
||||
// Make blocks editable if allowed.
|
||||
if ($this->is_editable_region($r)) {
|
||||
foreach ($context_blocks[$r] as $key => $block) {
|
||||
$context_blocks[$r][$key] = $this->editable_block($block);
|
||||
// Make context renders regions in the same order as core.
|
||||
$_context_blocks = array();
|
||||
foreach ($active_regions as $r => $name) {
|
||||
if (isset($context_blocks[$r])) {
|
||||
$_context_blocks[$r] = $context_blocks[$r];
|
||||
}
|
||||
}
|
||||
$context_blocks = $_context_blocks;
|
||||
unset($_context_blocks);
|
||||
|
||||
foreach ($context_blocks as $r => $blocks) {
|
||||
//only render blocks in an active region
|
||||
if (array_key_exists($r, $active_regions)) {
|
||||
$context_blocks[$r] = _block_render_blocks($blocks);
|
||||
|
||||
// Make blocks editable if allowed.
|
||||
if ($this->is_editable_region($r)) {
|
||||
foreach ($context_blocks[$r] as $key => $block) {
|
||||
$context_blocks[$r][$key] = $this->editable_block($block);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -514,13 +528,17 @@ class context_reaction_block extends context_reaction {
|
||||
$result = db_select('block')
|
||||
->fields('block')
|
||||
->condition('theme', $theme_key)
|
||||
->execute();
|
||||
->execute()
|
||||
->fetchAllAssoc('bid');
|
||||
|
||||
drupal_alter('block_list', $result);
|
||||
drupal_alter('context_block_list', $result);
|
||||
|
||||
foreach ($result as $row) {
|
||||
if (isset($block_info["{$row->module}-{$row->delta}"])) {
|
||||
$block_info["{$row->module}-{$row->delta}"] = (object) array_merge((array) $row, (array) $block_info["{$row->module}-{$row->delta}"]);
|
||||
unset($block_info["{$row->module}-{$row->delta}"]->status);
|
||||
unset($block_info["{$row->module}-{$row->delta}"]->visibility);
|
||||
unset($block_info["{$row->module}-{$row->delta}"]->cache);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -577,50 +595,9 @@ class context_reaction_block extends context_reaction {
|
||||
if (function_exists('json_decode')) {
|
||||
return json_decode($json, $assoc);
|
||||
}
|
||||
return context_reaction_block::_json_decode($json);
|
||||
}
|
||||
|
||||
/**
|
||||
* From http://www.php.net/manual/en/function.json-decode.php#91216
|
||||
* with modifications for consistency with output of json_decode().
|
||||
*
|
||||
* Original author: walidator.info 2009.
|
||||
*/
|
||||
static function _json_decode($json) {
|
||||
$comment = FALSE;
|
||||
$out = '$x = ';
|
||||
for ($i=0; $i < strlen($json); $i++) {
|
||||
if (!$comment) {
|
||||
switch ($json[$i]) {
|
||||
case '{':
|
||||
$out .= ' (object) array(';
|
||||
break;
|
||||
case '}':
|
||||
$out .= ')';
|
||||
break;
|
||||
case '[':
|
||||
$out .= ' array(';
|
||||
break;
|
||||
case ']':
|
||||
$out .= ')';
|
||||
break;
|
||||
case ':';
|
||||
$out .= '=>';
|
||||
break;
|
||||
default:
|
||||
$out .= $json[$i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$out .= $json[$i];
|
||||
}
|
||||
if ($json[$i] == '"') {
|
||||
$comment = !$comment;
|
||||
}
|
||||
else {
|
||||
watchdog('context', 'Please upgrade your PHP version to one that supports json_decode.');
|
||||
}
|
||||
eval($out . ';');
|
||||
return $x;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -641,7 +618,7 @@ class context_reaction_block extends context_reaction {
|
||||
list($bid, $context) = explode(',', $param);
|
||||
list($module, $delta) = explode('-', $bid, 2);
|
||||
// Check token to make sure user has access to block.
|
||||
if (empty($_GET['context_token']) || $_GET['context_token'] != drupal_get_token($bid)) {
|
||||
if (!(user_access('administer contexts') || user_access('context ajax block access') || $this->context_block_ajax_rendering_allowed($bid))) {
|
||||
echo drupal_json_encode(array('status' => 0));
|
||||
exit;
|
||||
}
|
||||
@@ -671,4 +648,34 @@ class context_reaction_block extends context_reaction {
|
||||
echo drupal_json_encode(array('status' => 0));
|
||||
drupal_exit();
|
||||
}
|
||||
|
||||
/**
|
||||
* Provide caching for system_region_list since it can get called
|
||||
* frequently. Evaluate for removal once https://drupal.org/node/1873450
|
||||
* lands or system_region_list is otherwise cached in core
|
||||
*/
|
||||
protected function system_region_list($theme_key, $show = REGIONS_ALL) {
|
||||
static $cache = array();
|
||||
if (!isset($cache[$theme_key])) {
|
||||
$cache[$theme_key] = array();
|
||||
}
|
||||
if (!isset($cache[$theme_key][$show])) {
|
||||
$cache[$theme_key][$show] = system_region_list($theme_key, $show);
|
||||
}
|
||||
return $cache[$theme_key][$show];
|
||||
}
|
||||
|
||||
/**
|
||||
* Allow modules to selectively allow ajax rendering of a specific block
|
||||
*/
|
||||
private function context_block_ajax_rendering_allowed($bid) {
|
||||
$allowed = FALSE;
|
||||
foreach (module_invoke_all('context_allow_ajax_block_access', $bid) as $module_allow) {
|
||||
$allowed = $allow || $module_allow;
|
||||
if ($allowed) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
return $allowed;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user