security upadtes
This commit is contained in:
Bachir Soussi Chiadmi
@@ -289,7 +289,14 @@ class views_plugin_cache extends views_plugin {
|
||||
|
||||
function get_results_key() {
|
||||
if (!isset($this->_results_key)) {
|
||||
$this->_results_key = $this->view->name . ':' . $this->display->id . ':results:' . $this->get_cache_key();
|
||||
$key_data = array();
|
||||
foreach (array('exposed_info', 'page', 'sort', 'order', 'items_per_page', 'offset') as $key) {
|
||||
if (isset($_GET[$key])) {
|
||||
$key_data[$key] = $_GET[$key];
|
||||
}
|
||||
}
|
||||
|
||||
$this->_results_key = $this->view->name . ':' . $this->display->id . ':results:' . $this->get_cache_key($key_data);
|
||||
}
|
||||
|
||||
return $this->_results_key;
|
||||
@@ -298,6 +305,7 @@ class views_plugin_cache extends views_plugin {
|
||||
function get_output_key() {
|
||||
if (!isset($this->_output_key)) {
|
||||
$key_data = array(
|
||||
'result' => $this->view->result,
|
||||
'theme' => $GLOBALS['theme'],
|
||||
);
|
||||
$this->_output_key = $this->view->name . ':' . $this->display->id . ':output:' . $this->get_cache_key($key_data);
|
||||
|
||||
@@ -41,7 +41,7 @@ class views_plugin_cache_time extends views_plugin_cache {
|
||||
'#maxlength' => '30',
|
||||
'#description' => t('Length of time in seconds raw query results should be cached.'),
|
||||
'#default_value' => $this->options['results_lifespan_custom'],
|
||||
'#process' => array('form_process_select','ctools_dependent_process'),
|
||||
'#process' => array('ctools_dependent_process'),
|
||||
'#dependency' => array(
|
||||
'edit-cache-options-results-lifespan' => array('custom'),
|
||||
),
|
||||
@@ -60,7 +60,7 @@ class views_plugin_cache_time extends views_plugin_cache {
|
||||
'#maxlength' => '30',
|
||||
'#description' => t('Length of time in seconds rendered HTML output should be cached.'),
|
||||
'#default_value' => $this->options['output_lifespan_custom'],
|
||||
'#process' => array('form_process_select','ctools_dependent_process'),
|
||||
'#process' => array('ctools_dependent_process'),
|
||||
'#dependency' => array(
|
||||
'edit-cache-options-output-lifespan' => array('custom'),
|
||||
),
|
||||
|
||||
@@ -365,6 +365,19 @@ class views_plugin_display extends views_plugin {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Should the enabled display more link being opened in an new window?
|
||||
*
|
||||
* @codingStandardsIgnoreStart
|
||||
*/
|
||||
function use_more_open_new_window() {
|
||||
// @codingStandardsIgnoreEnd
|
||||
if (!empty($this->definition['use more'])) {
|
||||
return $this->get_option('open_new_window');
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Does the display have custom link text?
|
||||
*/
|
||||
@@ -414,9 +427,29 @@ class views_plugin_display extends views_plugin {
|
||||
'hide_admin_links' => array('hide_admin_links'),
|
||||
'group_by' => array('group_by'),
|
||||
'query' => array('query'),
|
||||
'use_more' => array('use_more', 'use_more_always', 'use_more_text'),
|
||||
'use_more_always' => array('use_more', 'use_more_always', 'use_more_text'),
|
||||
'use_more_text' => array('use_more', 'use_more_always', 'use_more_text'),
|
||||
'use_more' => array('use_more',
|
||||
'use_more_always',
|
||||
'open_new_window',
|
||||
'use_more_text',
|
||||
),
|
||||
'use_more_always' => array(
|
||||
'use_more',
|
||||
'use_more_always',
|
||||
'open_new_window',
|
||||
'use_more_text',
|
||||
),
|
||||
'use_more_text' => array(
|
||||
'use_more',
|
||||
'use_more_always',
|
||||
'open_new_window',
|
||||
'use_more_text',
|
||||
),
|
||||
'open_new_window' => array(
|
||||
'use_more',
|
||||
'use_more_always',
|
||||
'open_new_window',
|
||||
'use_more_text',
|
||||
),
|
||||
'link_display' => array('link_display', 'link_url'),
|
||||
|
||||
// Force these to cascade properly.
|
||||
@@ -481,6 +514,7 @@ class views_plugin_display extends views_plugin {
|
||||
'pager_options' => TRUE,
|
||||
'use_more' => TRUE,
|
||||
'use_more_always' => TRUE,
|
||||
'open_new_window' => FALSE,
|
||||
'use_more_text' => TRUE,
|
||||
'exposed_form' => TRUE,
|
||||
'exposed_form_options' => TRUE,
|
||||
@@ -1061,6 +1095,11 @@ class views_plugin_display extends views_plugin {
|
||||
$title = $text;
|
||||
}
|
||||
|
||||
// Truncate the path as it is displayed as a link.
|
||||
if ($section == 'path') {
|
||||
$text = views_ui_truncate($text, 24);
|
||||
}
|
||||
|
||||
return l($text, 'admin/structure/views/nojs/display/' . $this->view->name . '/' . $this->display->id . '/' . $section, array('attributes' => array('class' => 'views-ajax-link ' . $class, 'title' => $title, 'id' => drupal_html_id('views-' . $this->display->id . '-' . $section)), 'html' => TRUE));
|
||||
}
|
||||
|
||||
@@ -1468,7 +1507,7 @@ class views_plugin_display extends views_plugin {
|
||||
$form['#title'] .= t('The title of this view');
|
||||
$form['title'] = array(
|
||||
'#type' => 'textfield',
|
||||
'#description' => t('This title will be displayed with the view, wherever titles are normally displayed; i.e, as the page title, block title, etc.'),
|
||||
'#description' => t('This title will be displayed with the view, wherever titles are normally displayed; i.e, as the page title, block title, etc. Use <none> to not assign a title; this can allow other modules to control the page title.'),
|
||||
'#default_value' => $this->get_option('title'),
|
||||
);
|
||||
break;
|
||||
@@ -1524,6 +1563,17 @@ class views_plugin_display extends views_plugin {
|
||||
'edit-use-more' => array(TRUE),
|
||||
),
|
||||
);
|
||||
|
||||
$form['open_new_window'] = array(
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t("Open 'more' link in new window (target='blank')"),
|
||||
'#description' => t("Leave this unchecked to open the more link in the same window."),
|
||||
'#default_value' => $this->get_option('open_new_window'),
|
||||
'#dependency' => array(
|
||||
'edit-use-more' => array(TRUE),
|
||||
),
|
||||
);
|
||||
|
||||
$form['use_more_text'] = array(
|
||||
'#type' => 'textfield',
|
||||
'#title' => t('More link text'),
|
||||
@@ -2381,6 +2431,7 @@ class views_plugin_display extends views_plugin {
|
||||
case 'use_more':
|
||||
$this->set_option($section, intval($form_state['values'][$section]));
|
||||
$this->set_option('use_more_always', !intval($form_state['values']['use_more_always']));
|
||||
$this->set_option('open_new_window', $form_state['values']['open_new_window']) == '1';
|
||||
$this->set_option('use_more_text', $form_state['values']['use_more_text']);
|
||||
case 'distinct':
|
||||
$this->set_option($section, $form_state['values'][$section]);
|
||||
@@ -2594,7 +2645,7 @@ class views_plugin_display extends views_plugin {
|
||||
|
||||
$path = check_url(url($path, $url_options));
|
||||
|
||||
return theme($theme, array('more_url' => $path, 'link_text' => check_plain($this->use_more_text()), 'view' => $this->view));
|
||||
return theme($theme, array('more_url' => $path, 'new_window' => $this->use_more_open_new_window(), 'link_text' => check_plain($this->use_more_text()), 'view' => $this->view));
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2798,7 +2849,7 @@ class views_plugin_display extends views_plugin {
|
||||
}
|
||||
}
|
||||
else {
|
||||
if ($id != $key && $identifier == $handler->options['expose']['identifier']) {
|
||||
if ($id != $key && isset($handler->options['expose']['identifier']) && $identifier == $handler->options['expose']['identifier']) {
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -52,7 +52,8 @@ class views_plugin_display_block extends views_plugin_display {
|
||||
// Prior to this being called, the $view should already be set to this
|
||||
// display, and arguments should be set on the view.
|
||||
$info['content'] = $this->view->render();
|
||||
$info['subject'] = filter_xss_admin($this->view->get_title());
|
||||
$title = $this->view->get_title();
|
||||
$info['subject'] = ($title == '<none>') ? '' : filter_xss_admin($title);
|
||||
if (!empty($this->view->result) || $this->get_option('empty') || !empty($this->view->style_plugin->definition['even empty'])) {
|
||||
return $info;
|
||||
}
|
||||
|
||||
@@ -118,6 +118,8 @@ class views_plugin_display_page extends views_plugin_display {
|
||||
'access arguments' => $access_arguments,
|
||||
// Identify URL embedded arguments and correlate them to a handler
|
||||
'load arguments' => array($this->view->name, $this->display->id, '%index'),
|
||||
// Make sure the menu router knows where views_page is.
|
||||
'module' => 'views',
|
||||
);
|
||||
$menu = $this->get_option('menu');
|
||||
if (empty($menu)) {
|
||||
@@ -182,6 +184,8 @@ class views_plugin_display_page extends views_plugin_display {
|
||||
'title' => $tab_options['title'],
|
||||
'description' => $tab_options['description'],
|
||||
'menu_name' => $tab_options['name'],
|
||||
// Make sure the menu router knows where views_page is.
|
||||
'module' => 'views',
|
||||
);
|
||||
switch ($tab_options['type']) {
|
||||
default:
|
||||
@@ -231,7 +235,13 @@ class views_plugin_display_page extends views_plugin_display {
|
||||
|
||||
// First execute the view so it's possible to get tokens for the title.
|
||||
// And the title, which is much easier.
|
||||
drupal_set_title(filter_xss_admin($this->view->get_title()), PASS_THROUGH);
|
||||
$title = $this->view->get_title();
|
||||
// Support the core method of using '<none>' to indicate nothing should be
|
||||
// assigned to the title, so only process the title value if it is not that
|
||||
// value.
|
||||
if ($title != '<none>') {
|
||||
drupal_set_title(filter_xss_admin($title), PASS_THROUGH);
|
||||
}
|
||||
return $render;
|
||||
}
|
||||
|
||||
@@ -263,7 +273,7 @@ class views_plugin_display_page extends views_plugin_display {
|
||||
$options['path'] = array(
|
||||
'category' => 'page',
|
||||
'title' => t('Path'),
|
||||
'value' => views_ui_truncate($path, 24),
|
||||
'value' => $path,
|
||||
);
|
||||
|
||||
$menu = $this->get_option('menu');
|
||||
|
||||
@@ -417,7 +417,7 @@ class views_plugin_pager_full extends views_plugin_pager {
|
||||
function exposed_form_validate(&$form, &$form_state) {
|
||||
if (!empty($form_state['values']['offset']) && trim($form_state['values']['offset'])) {
|
||||
if (!is_numeric($form_state['values']['offset']) || $form_state['values']['offset'] < 0) {
|
||||
form_set_error('offset', t('Offset must be an number greather or equal than 0.'));
|
||||
form_set_error('offset', t('Offset must be an number greater or equal than 0.'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -39,6 +39,9 @@ class views_plugin_query extends views_plugin {
|
||||
*
|
||||
* @param $get_count
|
||||
* Provide a countquery if this is true, otherwise provide a normal query.
|
||||
*
|
||||
* @return SelectQuery
|
||||
* A SelectQuery object.
|
||||
*/
|
||||
function query($get_count = FALSE) { }
|
||||
|
||||
|
||||
@@ -1244,6 +1244,9 @@ class views_plugin_query_default extends views_plugin_query {
|
||||
*
|
||||
* @param $get_count
|
||||
* Provide a countquery if this is true, otherwise provide a normal query.
|
||||
*
|
||||
* @return SelectQuery
|
||||
* A SelectQuery object.
|
||||
*/
|
||||
function query($get_count = FALSE) {
|
||||
// Check query distinct value.
|
||||
@@ -1367,7 +1370,7 @@ class views_plugin_query_default extends views_plugin_query {
|
||||
}
|
||||
|
||||
// Add all query substitutions as metadata.
|
||||
$query->addMetaData('views_substitutions', module_invoke_all('views_query_substitutions', $this));
|
||||
$query->addMetaData('views_substitutions', module_invoke_all('views_query_substitutions', $this->view));
|
||||
|
||||
if (!$get_count) {
|
||||
if (!empty($this->limit) || !empty($this->offset)) {
|
||||
|
||||
@@ -130,7 +130,7 @@ class views_plugin_style extends views_plugin {
|
||||
// Explode the value by whitespace, this allows the function to handle
|
||||
// a single class name and multiple class names that are then tokenized.
|
||||
foreach(explode(' ', $class) as $token_class) {
|
||||
$classes[] = strip_tags($this->tokenize_value($token_class, $row_index));
|
||||
$classes = array_merge($classes, explode(' ', strip_tags($this->tokenize_value($token_class, $row_index))));
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -139,7 +139,7 @@ class views_plugin_style extends views_plugin {
|
||||
|
||||
// Convert whatever the result is to a nice clean class name
|
||||
foreach ($classes as &$class) {
|
||||
$class = drupal_html_class($class);
|
||||
$class = drupal_clean_css_identifier($class);
|
||||
}
|
||||
return implode(' ', $classes);
|
||||
}
|
||||
@@ -237,6 +237,7 @@ class views_plugin_style extends views_plugin {
|
||||
'#type' => 'checkbox',
|
||||
'#title' => t('Remove tags from rendered output'),
|
||||
'#default_value' => $grouping['rendered_strip'],
|
||||
'#description' => t('Some modules add HTML to the rendered output and prevent the rows from grouping correctly. Stripping the HTML tags should correct this.'),
|
||||
'#dependency' => array(
|
||||
'edit-style-options-grouping-' . $i . '-field' => array_keys($field_labels),
|
||||
)
|
||||
|
||||
@@ -146,7 +146,7 @@ class views_plugin_style_jump_menu extends views_plugin_style {
|
||||
$lookup_options = array();
|
||||
// We need to check if the path is absolute
|
||||
// or else language is not taken in account.
|
||||
if ($this->view->display[$this->view->current_display]->display_options['fields'][$this->options['path']]['absolute']) {
|
||||
if (!empty($this->view->display[$this->view->current_display]->display_options['fields'][$this->options['path']]['absolute'])) {
|
||||
$lookup_options['absolute'] = TRUE;
|
||||
}
|
||||
$lookup_url = url($_GET['q'], $lookup_options);
|
||||
|
||||
@@ -84,7 +84,8 @@ abstract class views_plugin_style_mapping extends views_plugin_style {
|
||||
// Optionally filter the available fields.
|
||||
if (isset($mapping[$key]['#filter'])) {
|
||||
$this->view->init_handlers();
|
||||
$this::$mapping[$key]['#filter']($field_options);
|
||||
$filter = $mapping[$key]['#filter'];
|
||||
$this::$filter($field_options);
|
||||
unset($mapping[$key]['#filter']);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user