security update core+modules

sites/all/modules/entity/includes/entity.property.inc

@@ -251,7 +251,11 @@ function entity_property_verify_data_type($data, $type) {
       return TRUE;
     }
     elseif (isset($info[$type]['entity keys']['name'])) {
-      return entity_property_verify_data_type($data, 'token');
+      // Read the data type of the name key from the metadata if available.
+      $key = $info[$type]['entity keys']['name'];
+      $property_info = entity_get_property_info($type);
+      $property_type = isset($property_info['properties'][$key]['type']) ? $property_info['properties'][$key]['type'] : 'token';
+      return entity_property_verify_data_type($data, $property_type);
     }
     return entity_property_verify_data_type($data, empty($info[$type]['fieldable']) ? 'text' : 'integer');
   }
@@ -392,7 +396,12 @@ function entity_property_verbatim_get($data, array $options, $name, $type, $info
  */
 function entity_property_verbatim_date_get($data, array $options, $name, $type, $info) {
   $name = isset($info['schema field']) ? $info['schema field'] : $name;
-  return is_numeric($data[$name]) ? $data[$name] : strtotime($data[$name], REQUEST_TIME);
+  if (is_array($data) || (is_object($data) && $data instanceof ArrayAccess)) {
+    return is_numeric($data[$name]) ? $data[$name] : strtotime($data[$name], REQUEST_TIME);
+  }
+  elseif (is_object($data)) {
+    return is_numeric($data->$name) ? $data->$name : strtotime($data->$name, REQUEST_TIME);
+  }
 }
 
 /**
@@ -503,6 +512,8 @@ function entity_property_text_formatted_info() {
       'label' => t('Text format'),
       'options list' => 'entity_metadata_field_text_formats',
       'getter callback' => 'entity_property_verbatim_get',
+      'setter callback' => 'entity_property_verbatim_set',
+      'setter permissions' => 'administer filters',
     ),
   );
 }