security update core+modules
This commit is contained in:
Bachir Soussi Chiadmi
@@ -379,6 +379,7 @@ class EntityDefaultViewsController {
|
||||
$label = isset($this->info['plural label']) ? $this->info['plural label'] : $this->info['label'];
|
||||
$data[$table]['table']['base'] = array(
|
||||
'field' => $this->info['entity keys']['id'],
|
||||
'access query tag' => $this->type . '_access',
|
||||
'title' => drupal_ucfirst($label),
|
||||
'help' => isset($this->info['description']) ? $this->info['description'] : '',
|
||||
);
|
||||
@@ -388,6 +389,50 @@ class EntityDefaultViewsController {
|
||||
// Add in any reverse-relationships which have been determined.
|
||||
$data += $this->relationships;
|
||||
}
|
||||
if (!empty($this->info['revision table']) && !empty($this->info['entity keys']['revision'])) {
|
||||
$revision_table = $this->info['revision table'];
|
||||
|
||||
$data[$table]['table']['default_relationship'] = array(
|
||||
$revision_table => array(
|
||||
'table' => $revision_table,
|
||||
'field' => $this->info['entity keys']['revision'],
|
||||
),
|
||||
);
|
||||
|
||||
// Define the base group of this table. Fields that don't
|
||||
// have a group defined will go into this field by default.
|
||||
$data[$revision_table]['table']['group'] = drupal_ucfirst($this->info['label']) . ' ' . t('Revisions');
|
||||
$data[$revision_table]['table']['entity type'] = $this->type;
|
||||
|
||||
// If the plural label isn't available, use the regular label.
|
||||
$label = isset($this->info['plural label']) ? $this->info['plural label'] : $this->info['label'];
|
||||
$data[$revision_table]['table']['base'] = array(
|
||||
'field' => $this->info['entity keys']['revision'],
|
||||
'access query tag' => $this->type . '_access',
|
||||
'title' => drupal_ucfirst($label) . ' ' . t('Revisions'),
|
||||
'help' => (isset($this->info['description']) ? $this->info['description'] . ' ' : '') . t('Revisions'),
|
||||
);
|
||||
$data[$revision_table]['table']['entity type'] = $this->type;
|
||||
$data[$revision_table] += $this->schema_revision_fields();
|
||||
|
||||
// Add in any reverse-relationships which have been determined.
|
||||
$data += $this->relationships;
|
||||
|
||||
// For other base tables, explain how we join.
|
||||
$data[$revision_table]['table']['join'] = array(
|
||||
// Directly links to base table.
|
||||
$table => array(
|
||||
'left_field' => $this->info['entity keys']['revision'],
|
||||
'field' => $this->info['entity keys']['revision'],
|
||||
),
|
||||
);
|
||||
$data[$revision_table]['table']['default_relationship'] = array(
|
||||
$table => array(
|
||||
'table' => $table,
|
||||
'field' => $this->info['entity keys']['id'],
|
||||
),
|
||||
);
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
@@ -410,6 +455,27 @@ class EntityDefaultViewsController {
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to come up with some views fields with the help of the revision schema
|
||||
* and the entity property information.
|
||||
*/
|
||||
protected function schema_revision_fields() {
|
||||
$data = array();
|
||||
if (!empty($this->info['revision table'])) {
|
||||
$schema = drupal_get_schema($this->info['revision table']);
|
||||
$properties = entity_get_property_info($this->type) + array('properties' => array());
|
||||
|
||||
foreach ($properties['properties'] as $name => $property_info) {
|
||||
if (isset($property_info['schema field']) && isset($schema['fields'][$property_info['schema field']])) {
|
||||
if ($views_info = $this->map_from_schema_info($name, $schema['fields'][$property_info['schema field']], $property_info)) {
|
||||
$data[$name] = $views_info;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Comes up with views information based on the given schema and property
|
||||
* info.
|
||||
|
||||
@@ -196,8 +196,14 @@ class EntityFieldHandlerHelper {
|
||||
if ($handler->relationship) {
|
||||
$current_handler = $handler;
|
||||
$view = $current_handler->view;
|
||||
while (!empty($current_handler->relationship) && !empty($view->relationship[$current_handler->relationship])) {
|
||||
$current_handler = $view->relationship[$current_handler->relationship];
|
||||
$relationships = array();
|
||||
// Collect all relationships, keyed by alias.
|
||||
foreach ($view->relationship as $key => $relationship) {
|
||||
$key = $relationship->alias ? $relationship->alias : $key;
|
||||
$relationships[$key] = $relationship;
|
||||
}
|
||||
while (!empty($current_handler->relationship) && !empty($relationships[$current_handler->relationship])) {
|
||||
$current_handler = $relationships[$current_handler->relationship];
|
||||
$return = $current_handler->real_field . ($return ? ":$return" : '');
|
||||
}
|
||||
}
|
||||
@@ -337,7 +343,7 @@ class EntityFieldHandlerHelper {
|
||||
$values->_entity_properties[$selector] = $wrapper->value();
|
||||
}
|
||||
else {
|
||||
$values->_entity_properties[$selector] = isset($wrapper->$field) ? $wrapper->$field->value(array('identifier' => TRUE)) : $default;
|
||||
$values->_entity_properties[$selector] = isset($wrapper->$field) ? $wrapper->$field->value(array('identifier' => TRUE, 'sanitize' => TRUE)) : $default;
|
||||
}
|
||||
}
|
||||
catch (EntityMetadataWrapperException $e) {
|
||||
|
||||
@@ -10,6 +10,7 @@ class entity_views_handler_area_entity extends views_handler_area {
|
||||
$options['entity_type'] = array('default' => 'node');
|
||||
$options['entity_id'] = array('default' => '');
|
||||
$options['view_mode'] = array('default' => 'full');
|
||||
$options['bypass_access'] = array('default' => FALSE);
|
||||
return $options;
|
||||
}
|
||||
|
||||
@@ -73,6 +74,12 @@ class entity_views_handler_area_entity extends views_handler_area {
|
||||
);
|
||||
}
|
||||
}
|
||||
$form['bypass_access'] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Bypass access checks'),
|
||||
'#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
|
||||
'#default_value' => !empty($this->options['bypass_access']),
|
||||
);
|
||||
return $form;
|
||||
}
|
||||
|
||||
@@ -99,10 +106,12 @@ class entity_views_handler_area_entity extends views_handler_area {
|
||||
*/
|
||||
public function render_entity($entity_type, $entity_id, $view_mode) {
|
||||
if (!empty($entity_type) && !empty($entity_id) && !empty($view_mode)) {
|
||||
$entities = entity_load($entity_type, array($entity_id));
|
||||
$render = entity_view($entity_type, $entities, $view_mode);
|
||||
$render_entity = reset($render);
|
||||
return drupal_render($render_entity);
|
||||
$entity = entity_load_single($entity_type, $entity_id);
|
||||
if (!empty($this->options['bypass_access']) || entity_access('view', $entity_type, $entity)) {
|
||||
$render = entity_view($entity_type, array($entity), $view_mode);
|
||||
$render_entity = reset($render);
|
||||
return drupal_render($render_entity);
|
||||
}
|
||||
}
|
||||
else {
|
||||
return '';
|
||||
|
||||
@@ -122,8 +122,10 @@ class entity_views_handler_field_duration extends views_handler_field {
|
||||
if ($this->options['format_interval']) {
|
||||
$value = format_interval($value, (int) $this->options['granularity']);
|
||||
}
|
||||
// Value sanitization is handled by the wrapper, see
|
||||
// EntityFieldHandlerHelper::get_value().
|
||||
return $this->sanitize_value($this->options['prefix'], 'xss') .
|
||||
$this->sanitize_value($value) .
|
||||
$value .
|
||||
$this->sanitize_value($this->options['suffix'], 'xss');
|
||||
}
|
||||
|
||||
|
||||
@@ -80,6 +80,7 @@ class entity_views_handler_field_entity extends views_handler_field {
|
||||
$options['display'] = array('default' => 'label');
|
||||
$options['link_to_entity']['default'] = TRUE;
|
||||
$options['view_mode'] = array('default' => 'default');
|
||||
$options['bypass_access'] = array('default' => FALSE);
|
||||
|
||||
return $options;
|
||||
}
|
||||
@@ -134,6 +135,12 @@ class entity_views_handler_field_entity extends views_handler_field {
|
||||
'#value' => $options ? key($options) : 'default',
|
||||
);
|
||||
}
|
||||
$form['bypass_access'] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Bypass access checks'),
|
||||
'#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
|
||||
'#default_value' => !empty($this->options['bypass_access']),
|
||||
);
|
||||
}
|
||||
|
||||
public function render($values) {
|
||||
@@ -175,7 +182,8 @@ class entity_views_handler_field_entity extends views_handler_field {
|
||||
if (!is_object($entity) && isset($entity) && $entity !== FALSE) {
|
||||
$entity = entity_load_single($type, $entity);
|
||||
}
|
||||
if (!$entity) {
|
||||
// Make sure the entity exists and access is either given or bypassed.
|
||||
if (!$entity || !(!empty($this->options['bypass_access']) || entity_access('view', $type, $entity))) {
|
||||
return '';
|
||||
}
|
||||
|
||||
|
||||
@@ -112,8 +112,9 @@ class entity_views_handler_field_options extends views_handler_field {
|
||||
if ($this->options['format_name'] && isset($this->option_list[$value])) {
|
||||
$value = $this->option_list[$value];
|
||||
}
|
||||
|
||||
return $this->sanitize_value($value);
|
||||
// Sanitization is handled by the wrapper, see
|
||||
// EntityFieldHandlerHelper::get_value().
|
||||
return $value;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -93,7 +93,9 @@ class entity_views_handler_field_text extends views_handler_field {
|
||||
* Render a single field value.
|
||||
*/
|
||||
public function render_single_value($value, $values) {
|
||||
return $this->sanitize_value($value, 'xss');
|
||||
// Sanitization is handled by the wrapper, see
|
||||
// EntityFieldHandlerHelper::get_value().
|
||||
return $value;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -93,7 +93,7 @@ class entity_views_handler_relationship_by_bundle extends views_handler_relation
|
||||
$def['extra'] = array(
|
||||
array(
|
||||
// The table and the IN operator are implicit.
|
||||
'field' => $entity_info['bundle keys']['bundle'],
|
||||
'field' => $entity_info['entity keys']['bundle'],
|
||||
'value' => $this->options['bundle_types'],
|
||||
),
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user