security upadtes
This commit is contained in:
Bachir Soussi Chiadmi
@@ -6,9 +6,9 @@ dependencies[] = field
|
||||
dependencies[] = references
|
||||
dependencies[] = options
|
||||
|
||||
; Information added by drupal.org packaging script on 2011-12-22
|
||||
version = "7.x-2.0"
|
||||
; Information added by Drupal.org packaging script on 2017-04-18
|
||||
version = "7.x-2.2"
|
||||
core = "7.x"
|
||||
project = "references"
|
||||
datestamp = "1324596643"
|
||||
datestamp = "1492534745"
|
||||
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @file
|
||||
* Install, update and uninstall functions for the user_reference module.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Implements hook_field_schema();
|
||||
*/
|
||||
function user_reference_field_schema($field) {
|
||||
$columns = array(
|
||||
'uid' => array(
|
||||
'type' => 'int',
|
||||
'unsigned' => TRUE,
|
||||
'not null' => FALSE,
|
||||
),
|
||||
);
|
||||
return array(
|
||||
'columns' => $columns,
|
||||
'indexes' => array('uid' => array('uid')),
|
||||
'foreign keys' => array(
|
||||
'uid' => array(
|
||||
'table' => 'users',
|
||||
'columns' => array('uid' => 'uid'),
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
@@ -46,29 +46,6 @@ function user_reference_field_info() {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_schema();
|
||||
*/
|
||||
function user_reference_field_schema($field) {
|
||||
$columns = array(
|
||||
'uid' => array(
|
||||
'type' => 'int',
|
||||
'unsigned' => TRUE,
|
||||
'not null' => FALSE,
|
||||
),
|
||||
);
|
||||
return array(
|
||||
'columns' => $columns,
|
||||
'indexes' => array('uid' => array('uid')),
|
||||
'foreign keys' => array(
|
||||
'uid' => array(
|
||||
'table' => 'users',
|
||||
'columns' => array('uid' => 'uid'),
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_settings_form().
|
||||
*/
|
||||
@@ -250,6 +227,8 @@ function user_reference_field_prepare_view($entity_type, $entities, $field, $ins
|
||||
$ids_to_check = array_diff($ids, array_keys($checked_ids));
|
||||
if (!empty($ids_to_check)) {
|
||||
$query = db_select('users', 'u')
|
||||
->addMetaData('id', 'user_reference_field_prepare_view')
|
||||
->addMetaData('field', $field)
|
||||
->fields('u', array('uid'))
|
||||
->condition('u.uid', $ids_to_check, 'IN');
|
||||
$accessible_ids = $query->execute()->fetchAllAssoc('uid');
|
||||
@@ -415,7 +394,7 @@ function user_reference_field_formatter_prepare_view($entity_type, $entities, $f
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -766,14 +745,18 @@ function _user_reference_options($field, $flat = TRUE) {
|
||||
|
||||
$options = array();
|
||||
foreach ($references as $key => $value) {
|
||||
// The label, displayed in selects and checkboxes/radios, should have HTML
|
||||
// entities unencoded. The widgets (core's options.module) take care of
|
||||
// applying the relevant filters (strip_tags() or filter_xss()).
|
||||
$label = html_entity_decode($value['rendered'], ENT_QUOTES);
|
||||
if (empty($value['group']) || $flat) {
|
||||
$options[$key] = $value['rendered'];
|
||||
$options[$key] = $label;
|
||||
}
|
||||
else {
|
||||
// The group name, displayed in selects, cannot contain tags, and should
|
||||
// have HTML entities unencoded.
|
||||
$group = html_entity_decode(strip_tags($value['group']), ENT_QUOTES);
|
||||
$options[$group][$key] = $value['rendered'];
|
||||
$options[$group][$key] = $label;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -929,8 +912,8 @@ function _user_reference_potential_references_standard($field, $options) {
|
||||
* Menu callback; Retrieve a pipe delimited string of autocomplete suggestions for existing users
|
||||
*/
|
||||
function user_reference_autocomplete($entity_type, $bundle, $field_name, $string = '') {
|
||||
$field = field_info_field($field_name);
|
||||
$instance = field_info_instance($entity_type, $field_name, $bundle);
|
||||
$field = field_info_field($field_name);
|
||||
|
||||
$options = array(
|
||||
'string' => $string,
|
||||
@@ -1062,7 +1045,7 @@ function user_reference_content_migrate_field_alter(&$field_value, $instance_val
|
||||
'args' => $view_args,
|
||||
);
|
||||
if ($view_name) {
|
||||
$field_value['messages'][] = t("The field uses the view @view_name to determine referenceable users. You will need to manually edit the view and add a display of type 'References'.");
|
||||
$field_value['messages'][] = t("The field uses the view @view_name to determine referenceable users. You will need to manually edit the view and add a display of type 'References'.", array('@view_name' => $view_name));
|
||||
}
|
||||
unset($field_value['settings']['advanced_view']);
|
||||
unset($field_value['settings']['advanced_view_args']);
|
||||
@@ -1197,7 +1180,7 @@ function user_reference_field_views_data_views_data_alter(&$data, $field) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper callback for the views_handler_filter_in_operator filter.
|
||||
* 'options callback' for the views_handler_filter_in_operator filter.
|
||||
*
|
||||
* @param $field_name
|
||||
* The field name.
|
||||
@@ -1210,10 +1193,14 @@ function user_reference_views_filter_options($field_name) {
|
||||
|
||||
if ($field = field_info_field($field_name)) {
|
||||
$options = _user_reference_options($field, TRUE);
|
||||
// The options will be used as is in checkboxes, and thus need to be
|
||||
// sanitized first.
|
||||
|
||||
// The options are displayed in checkboxes within the filter admin form, and
|
||||
// in a select within an exposed filter. Checkboxes accept HTML, other
|
||||
// entities should be encoded; selects require the exact opposite: no HTML,
|
||||
// no encoding. We go for a middle ground: strip tags, leave entities
|
||||
// unencoded.
|
||||
foreach ($options as $key => $value) {
|
||||
$options[$key] = field_filter_xss($value);
|
||||
$options[$key] = strip_tags($value);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user