bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security upadtes

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2017-09-25 15:16:35 +02:00
parent 650c6448e4
commit 8d8a60b615
240 changed files with 3022 additions and 1300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
sites/all/modules/views/includes/handlers.inc
View File

@@ -1544,9 +1544,16 @@ class views_join {
// Tack on the extra.
if (isset($this->extra)) {
if (is_array($this->extra)) {
$extras = array();
foreach ($this->extra as $info) {
// If extra has been provided as string instead of an array, convert it
// to an array.
if (!is_array($this->extra)) {
$this->extra = array($this->extra);
}
$extras = array();
foreach ($this->extra as $info) {
if (is_array($info)) {
$extra = '';
// Figure out the table name. Remember, only use aliases provided
// if at all possible.
$join_table = '';
@@ -1564,76 +1571,49 @@ class views_join {
}
}
// If left_field is set use it for a field-to-field condition.
if (!empty($info['left_field'])) {
$operator = !empty($info['operator']) ? $info['operator'] : '=';
$left_table = (isset($info['left_table'])) ? $info['left_table'] : $left['alias'];
$extras[] = "$join_table$info[field] $operator $left_table.$info[left_field]";
}
// Else if formula is set, us it for a flexible on clause.
elseif (!empty($info['formula'])) {
// If a field is given, we build a "$field $op $formula".
// Without it would only be "$formula".
$extra = '';
if (isset($info['field'])) {
// With a single value, the '=' operator is implicit.
$operator = !empty($info['operator']) ? $info['operator'] : '=';
$extra .= "$join_table$info[field] $operator ";
}
$extra .= $info['formula'];
// Add placeholder arguments.
if (isset($info['formula_arguments']) && is_array($info['formula_arguments'])) {
$arguments = array_merge($arguments, $info['formula_arguments']);
}
$extras[] = $extra;
}
// Otherwise - and if we have a value - use it for a field-to-value condition.
elseif (!empty($info['value'])) {
// Convert a single-valued array of values to the single-value case,
// and transform from IN() notation to = notation
if (is_array($info['value']) && count($info['value']) == 1) {
if (empty($info['operator'])) {
$operator = '=';
}
else {
$operator = $info['operator'] == 'NOT IN' ? '!=' : '=';
}
$info['value'] = array_shift($info['value']);
}
if (is_array($info['value'])) {
// With an array of values, we need multiple placeholders and the
// 'IN' operator is implicit.
foreach ($info['value'] as $value) {
$placeholder_i = ':views_join_condition_' . $select_query->nextPlaceholder();
$arguments[$placeholder_i] = $value;
}
$operator = !empty($info['operator']) ? $info['operator'] : 'IN';
$placeholder = '( ' . implode(', ', array_keys($arguments)) . ' )';
// Convert a single-valued array of values to the single-value case,
// and transform from IN() notation to = notation
if (is_array($info['value']) && count($info['value']) == 1) {
if (empty($info['operator'])) {
$operator = '=';
}
else {
// With a single value, the '=' operator is implicit.
$operator = !empty($info['operator']) ? $info['operator'] : '=';
$placeholder = ':views_join_condition_' . $select_query->nextPlaceholder();
$arguments[$placeholder] = $info['value'];
$operator = $info['operator'] == 'NOT IN' ? '!=' : '=';
}
$info['value'] = array_shift($info['value']);
}
if (is_array($info['value'])) {
// With an array of values, we need multiple placeholders and the
// 'IN' operator is implicit.
foreach ($info['value'] as $value) {
$placeholder_i = $view_query->placeholder('views_join_condition_');
$arguments[$placeholder_i] = $value;
}
$extras[] = "$join_table$info[field] $operator $placeholder";
}
}
if ($extras) {
if (count($extras) == 1) {
$condition .= ' AND ' . array_shift($extras);
$operator = !empty($info['operator']) ? $info['operator'] : 'IN';
$placeholder = '( ' . implode(', ', array_keys($arguments)) . ' )';
}
else {
$condition .= ' AND (' . implode(' ' . $this->extra_type . ' ', $extras) . ')';
// With a single value, the '=' operator is implicit.
$operator = !empty($info['operator']) ? $info['operator'] : '=';
$placeholder = $view_query->placeholder('views_join_condition_');
$arguments[$placeholder] = $info['value'];
}
$extras[] = "$join_table$info[field] $operator $placeholder";
}
elseif (is_string($info)) {
$extras[] = $info;
}
}
elseif ($this->extra && is_string($this->extra)) {
$condition .= " AND ($this->extra)";
if ($extras) {
if (count($extras) == 1) {
$condition .= ' AND ' . array_shift($extras);
}
else {
$condition .= ' AND (' . implode(' ' . $this->extra_type . ' ', $extras) . ')';
}
}
}
@@ -1681,11 +1661,19 @@ class views_join_subquery extends views_join {
$arguments = array();
// Tack on the extra.
// This is just copied verbatim from the parent class, which itself has a bug: http://drupal.org/node/1118100
// This is just copied verbatim from the parent class, which itself has a
// bug: http://drupal.org/node/1118100
if (isset($this->extra)) {
if (is_array($this->extra)) {
$extras = array();
foreach ($this->extra as $info) {
// If extra has been provided as string instead of an array, convert it
// to an array.
if (!is_array($this->extra)) {
$this->extra = array($this->extra);
}
$extras = array();
foreach ($this->extra as $info) {
if (is_array($info)) {
$extra = '';
// Figure out the table name. Remember, only use aliases provided
// if at all possible.
$join_table = '';
@@ -1713,18 +1701,18 @@ class views_join_subquery extends views_join {
$extras[] = "$join_table$info[field] $operator $placeholder";
$arguments[$placeholder] = $info['value'];
}
if ($extras) {
if (count($extras) == 1) {
$condition .= ' AND ' . array_shift($extras);
}
else {
$condition .= ' AND (' . implode(' ' . $this->extra_type . ' ', $extras) . ')';
}
elseif (is_string($info)) {
$extras[] = $info;
}
}
elseif ($this->extra && is_string($this->extra)) {
$condition .= " AND ($this->extra)";
if ($extras) {
if (count($extras) == 1) {
$condition .= ' AND ' . array_shift($extras);
}
else {
$condition .= ' AND (' . implode(' ' . $this->extra_type . ' ', $extras) . ')';
}
}
}