bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security upadtes

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2017-09-25 15:16:35 +02:00
parent 650c6448e4
commit 8d8a60b615
240 changed files with 3022 additions and 1300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sites/all/modules/views/includes/ajax.inc
View File

@@ -40,15 +40,18 @@ function views_ajax() {
// Load the view.
$view = views_get_view($name);
if ($view && $view->access($display_id)) {
if ($view && $view->access($display_id) && $view->set_display($display_id) && $view->display_handler->use_ajax()) {
// Fix 'q' for paging.
if (!empty($path)) {
$_GET['q'] = $path;
}
// Add all $_POST data, because AJAX is always a post and many things,
// If page parameter is in the $_POST exclude it from $_GET,
// otherwise support views_ajax requests using $_GET.
$exclude = isset($_POST['page']) ? array('page') : array();
// Add all $_POST data to $_GET as many things,
// such as tablesorts, exposed filters and paging assume $_GET.
$_GET = $_POST + drupal_get_query_parameters($_GET, array('page'));
$_GET = $_POST + drupal_get_query_parameters($_GET, $exclude);
// Overwrite the destination.
// @see drupal_get_destination()
@@ -343,7 +346,7 @@ function views_ajax_autocomplete_taxonomy($vid, $tags_typed = '') {
$query = db_select('taxonomy_term_data', 't');
$query->addTag('translatable');
$query->addTag('term_access');
$query->addTag('taxonomy_term_access');
// Do not select already entered terms.
if (!empty($tags_typed)) {