security update core+modules

2015-04-26 18:38:56 +02:00
parent 2f45ea820a
commit 7c96373038
1022 changed files with 30319 additions and 11259 deletions
--- a/sites/all/modules/ctools/ctools.module
+++ b/sites/all/modules/ctools/ctools.module
@@ -9,7 +9,21 @@
 * must be implemented in the module file.
 */

-define('CTOOLS_API_VERSION', '2.0.7');
+define('CTOOLS_API_VERSION', '2.0.8');
+
+/**
+ * The current working ctools version.
+ *
+ * In a release, it should be 7.x-1.x, which should match what drush make will
+ * create. In a dev format, it should be 7.x-1.(x+1)-dev, which will allow
+ * modules depending on new features in ctools to depend on ctools > 7.x-1.x.
+ *
+ * To define a specific version of CTools as a dependency for another module,
+ * simply include a dependency line in that module's info file, e.g.:
+ *   ; Requires CTools v7.x-1.4 or newer.
+ *   dependencies[] = ctools (>=1.4)
+ */
+define('CTOOLS_MODULE_VERSION', '7.x-1.7');

 /**
 * Test the CTools API version.
@@ -298,7 +312,7 @@ function ctools_break_phrase($str) {

 /**
 * Set a token/value pair to be replaced later in the request, specifically in
- * ctools_preprocess_page().
+ * ctools_page_token_processing().
 *
 * @param $token
 *   The token to be replaced later, during page rendering.  This should
@@ -367,6 +381,105 @@ function ctools_set_no_blocks($blocks = FALSE) {
  $status = $blocks;
 }

+/**
+ * Wrapper function to create UUIDs via ctools, falls back on UUID module
+ * if it is enabled. This code is a copy of uuid.inc from the uuid module.
+ * @see http://php.net/uniqid#65879
+ */
+
+function ctools_uuid_generate() {
+  if (!module_exists('uuid')) {
+    ctools_include('uuid');
+
+    $callback = drupal_static(__FUNCTION__);
+
+    if (empty($callback)) {
+      if (function_exists('uuid_create') && !function_exists('uuid_make')) {
+        $callback = '_ctools_uuid_generate_pecl';
+      }
+      elseif (function_exists('com_create_guid')) {
+        $callback = '_ctools_uuid_generate_com';
+      }
+      else {
+        $callback = '_ctools_uuid_generate_php';
+      }
+    }
+    return $callback();
+  }
+  else {
+    return uuid_generate();
+  }
+}
+
+/**
+ * Check that a string appears to be in the format of a UUID.
+ * @see http://drupal.org/project/uuid
+ *
+ * @param $uuid
+ *   The string to test.
+ *
+ * @return
+ *   TRUE if the string is well formed.
+ */
+function ctools_uuid_is_valid($uuid = '') {
+  if (empty($uuid)) {
+    return FALSE;
+  }
+  if (function_exists('uuid_is_valid') || module_exists('uuid')) {
+    return uuid_is_valid($uuid);
+  }
+  else {
+    ctools_include('uuid');
+    return uuid_is_valid($uuid);
+  }
+}
+
+/**
+ * Add an array of classes to the body.
+ *
+ * @param mixed $classes
+ *   A string or an array of class strings to add.
+ * @param string $hook
+ *   The theme hook to add the class to. The default is 'html' which will
+ *   affect the body tag.
+ */
+function ctools_class_add($classes, $hook = 'html') {
+  if (!is_array($classes)) {
+    $classes = array($classes);
+  }
+
+  $static = &drupal_static('ctools_process_classes', array());
+  if (!isset($static[$hook]['add'])) {
+    $static[$hook]['add'] = array();
+  }
+  foreach ($classes as $class) {
+    $static[$hook]['add'][] = $class;
+  }
+}
+
+/**
+ * Remove an array of classes from the body.
+ *
+ * @param mixed $classes
+ *   A string or an array of class strings to remove.
+ * @param string $hook
+ *   The theme hook to remove the class from. The default is 'html' which will
+ *   affect the body tag.
+ */
+function ctools_class_remove($classes, $hook = 'html') {
+  if (!is_array($classes)) {
+    $classes = array($classes);
+  }
+
+  $static = &drupal_static('ctools_process_classes', array());
+  if (!isset($static[$hook]['remove'])) {
+    $static[$hook]['remove'] = array();
+  }
+  foreach ($classes as $class) {
+    $static[$hook]['remove'][] = $class;
+  }
+}
+
 // -----------------------------------------------------------------------
 // Drupal core hooks

@@ -437,6 +550,19 @@ function ctools_menu() {
  return $items;
 }

+/**
+ * Implements hook_permission().
+ */
+function ctools_permission() {
+  return array(
+    'use ctools import' => array(
+      'title' => t('Use CTools importer'),
+      'description' => t('The import functionality allows users to execute arbitrary PHP code, so extreme caution must be taken.'),
+      'restrict access' => TRUE,
+    ),
+  );
+}
+
 /**
 * Implementation of hook_cron. Clean up old caches.
 */
@@ -447,19 +573,12 @@ function ctools_cron() {
 }

 /**
- * Ensure the CTools CSS cache is flushed whenever hook_flush_caches is invoked.
+ * Implements hook_flush_caches().
 */
 function ctools_flush_caches() {
-  // Do not actually flush caches if running on cron. Drupal uses this hook
-  // in an inconsistent fashion and it does not necessarily mean to *flush*
-  // caches when running from cron. Instead it's just getting a list of cache
-  // tables and may not do any flushing.
-  if (!empty($GLOBALS['locks']['cron'])) {
-    return;
-  }
-
-  ctools_include('css');
-  ctools_css_flush_caches();
+  // Only return the CSS cache bin if it has been activated, to avoid
+  // drupal_flush_all_caches() from trying to truncate a non-existing table.
+  return variable_get('cache_class_cache_ctools_css', FALSE) ? array('cache_ctools_css') : array();
 }

 /**
@@ -539,7 +658,26 @@ function ctools_preprocess_node(&$vars) {
  }
 }

+
+/**
+ * Implements hook_page_alter().
+ *
+ * Last ditch attempt to remove sidebar regions if the "no blocks"
+ * functionality has been activated.
+ *
+ * @see ctools_block_list_alter().
+ */
 function ctools_page_alter(&$page) {
+  $check = drupal_static('ctools_set_no_blocks', TRUE);
+  if (!$check) {
+    foreach ($page as $region_id => $region) {
+      // @todo -- possibly we can set configuration for this so that users can
+      // specify which blocks will not get rendered.
+      if (strpos($region_id, 'sidebar') !== FALSE) {
+        unset($page[$region_id]);
+      }
+    }
+  }
  $page['#post_render'][] = 'ctools_page_token_processing';
 }

@@ -555,15 +693,15 @@ function ctools_page_token_processing($children, $elements) {
      list($type, $argument) = $key;
      switch ($type) {
        case 'variable':
-          $tokens[$token] = isset($variables[$argument]) ? $variables[$argument] : '';
+          $tokens[$token] = isset($elements[$argument]) ? $elements[$argument] : '';
          break;
        case 'callback':
          if (is_string($argument) && function_exists($argument)) {
-            $tokens[$token] = $argument($variables);
+            $tokens[$token] = $argument($elements);
          }
          if (is_array($argument) && function_exists($argument[0])) {
            $function = array_shift($argument);
-            $argument = array_merge(array(&$variables), $argument);
+            $argument = array_merge(array(&$elements), $argument);
            $tokens[$token] = call_user_func_array($function, $argument);
          }
          break;
@@ -574,6 +712,36 @@ function ctools_page_token_processing($children, $elements) {
  return $children;
 }

+/**
+ * Implements hook_process().
+ *
+ * Add and remove CSS classes from the variables array. We use process so that
+ * we alter anything added in the preprocess hooks.
+ */
+function ctools_process(&$variables, $hook) {
+  if (!isset($variables['classes'])) {
+    return;
+  }
+
+  $classes = drupal_static('ctools_process_classes', array());
+
+  // Process the classses to add.
+  if (!empty($classes[$hook]['add'])) {
+    $add_classes = array_map('drupal_clean_css_identifier', $classes[$hook]['add']);
+    $variables['classes_array'] = array_unique(array_merge($variables['classes_array'], $add_classes));
+  }
+
+  // Process the classes to remove.
+  if (!empty($classes[$hook]['remove'])) {
+    $remove_classes = array_map('drupal_clean_css_identifier', $classes[$hook]['remove']);
+    $variables['classes_array'] = array_diff($variables['classes_array'], $remove_classes);
+  }
+
+  // Since this runs after template_process(), we need to re-implode the
+  // classes array.
+  $variables['classes'] = implode(' ', $variables['classes_array']);
+}
+
 // -----------------------------------------------------------------------
 // Menu callbacks that must be in the .module file.

@@ -657,6 +825,15 @@ function ctools_js_load($js) {
  return 0;
 }

+/**
+ * Provides the default value for %ctools_js.
+ *
+ * This allows drupal_valid_path() to work with %ctools_js.
+ */
+function ctools_js_to_arg($arg) {
+  return empty($arg) || $arg == '%' ? 'nojs' : $arg;
+}
+
 /**
 * Menu _load hook.
 *
@@ -698,22 +875,6 @@ function ctools_export_ui_task_access($plugin_name, $op, $item = NULL) {
  return FALSE;
 }

-/**
- * Cache callback on behalf of ctools_export_ui.
- */
-function ctools_export_ui_context_cache_get($plugin_name, $key) {
-  dsm('should not be called!');
-  return;
-}
-
-/**
- * Cache callback on behalf of ctools_export_ui.
- */
-function ctools_export_ui_context_cache_set($plugin_name, $key, $item) {
-  dsm('should not be called!');
-  return;
-}
-
 /**
 * Callback for access control ajax form on behalf of export ui.
 *
@@ -792,11 +953,25 @@ function ctools_block_list_alter(&$blocks) {
 }

 /**
- * Implement hook_modules_enabled to clear static caches for detecting new plugins
+ * Implements hook_modules_enabled().
+ *
+ * Clear caches for detecting new plugins.
 */
 function ctools_modules_enabled($modules) {
  ctools_include('plugins');
  ctools_get_plugins_reset();
+  cache_clear_all('ctools_plugin_files:', 'cache', TRUE);
+}
+
+/**
+ * Implements hook_modules_disabled().
+ *
+ * Clear caches for removing disabled plugins.
+ */
+function ctools_modules_disabled($modules) {
+  ctools_include('plugins');
+  ctools_get_plugins_reset();
+  cache_clear_all('ctools_plugin_files:', 'cache', TRUE);
 }

 /**