security update for uuid xmlsitemap file_field_path
This commit is contained in:
@@ -32,6 +32,31 @@ function node_entity_uuid_presave(&$entity, $entity_type) {
|
||||
if ($entity_type == 'node') {
|
||||
entity_property_uuid_to_id($entity, 'user', array('uid', 'revision_uid'));
|
||||
entity_property_uuid_to_id($entity, 'node', 'tnid');
|
||||
|
||||
// A node always must have an author.
|
||||
if (empty($entity->uid)) {
|
||||
global $user;
|
||||
$entity->uid = $user->uid;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_entity_uuid_save().
|
||||
*/
|
||||
function node_entity_uuid_save(&$entity, $entity_type) {
|
||||
/*
|
||||
* When a node is translated, the source node's tnid is set to it's own nid.
|
||||
* When deploying the node for the first time the tnid can't be translated
|
||||
* to an nid until after the node has been saved. So if the entity's tnid
|
||||
* is still a uuid at this point it needs to be translated to an nid.
|
||||
*/
|
||||
if ($entity_type == 'node' && uuid_is_valid($entity->tnid)) {
|
||||
entity_property_uuid_to_id($entity, 'node', 'tnid');
|
||||
db_update('node')
|
||||
->fields(array('tnid' => $entity->tnid))
|
||||
->condition('nid', $entity->nid)
|
||||
->execute();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,17 +89,33 @@ function book_entity_uuid_presave(&$entity, $entity_type) {
|
||||
* Implements hook_entity_uuid_presave().
|
||||
*/
|
||||
function user_entity_uuid_presave(&$entity, $entity_type) {
|
||||
if ($entity_type == 'user') {
|
||||
if (!empty($entity->picture)) {
|
||||
$uuids = entity_get_id_by_uuid('file', array($entity->picture['uuid']));
|
||||
$fid = current($uuids);
|
||||
if (!$entity->is_new) {
|
||||
$entity->picture = file_load($fid);
|
||||
}
|
||||
else {
|
||||
$entity->picture = $fid;
|
||||
}
|
||||
}
|
||||
if ($entity_type != 'user') {
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* We need to ensure new user's passwords are encrypted. The Services module
|
||||
* transparently encrypts the password for new users. md5() is used by
|
||||
* users who's accounts were migrated from Drupal 6 and who haven't updated
|
||||
* their password.
|
||||
*/
|
||||
if (isset($entity->pass)
|
||||
&& (!('$S$D' == substr($entity->pass, 0, 4)) || preg_match('/^[a-f0-9]{32}$/', $entity->pass))) {
|
||||
// Ensure user's password is hashed.
|
||||
$entity->pass = user_hash_password($entity->pass);
|
||||
}
|
||||
|
||||
if (empty($entity->picture)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$uuids = entity_get_id_by_uuid('file', array($entity->picture['uuid']));
|
||||
$fid = current($uuids);
|
||||
if (!$entity->is_new) {
|
||||
$entity->picture = file_load($fid);
|
||||
}
|
||||
else {
|
||||
$entity->picture = $fid;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -104,6 +145,10 @@ function comment_entity_uuid_presave(&$entity, $entity_type) {
|
||||
break;
|
||||
|
||||
case 'comment':
|
||||
// entity_make_entity_local() may have unset cid, add back if necessary.
|
||||
if (!isset($entity->cid)) {
|
||||
$entity->cid = NULL;
|
||||
}
|
||||
entity_property_uuid_to_id($entity, 'user', array('uid', 'u_uid'));
|
||||
entity_property_uuid_to_id($entity, 'node', 'nid');
|
||||
break;
|
||||
@@ -124,11 +169,58 @@ function file_entity_uuid_load(&$entities, $entity_type) {
|
||||
*/
|
||||
function file_entity_uuid_presave(&$entity, $entity_type) {
|
||||
if ($entity_type == 'file') {
|
||||
// entity_make_entity_local() may have unset fid, add back if necessary.
|
||||
if (!isset($entity->fid)) {
|
||||
$entity->fid = NULL;
|
||||
}
|
||||
entity_property_uuid_to_id($entity, 'user', 'uid');
|
||||
if (isset($entity->file_contents)) {
|
||||
$directory = drupal_dirname($entity->uri);
|
||||
file_prepare_directory($directory, FILE_CREATE_DIRECTORY);
|
||||
file_unmanaged_save_data(base64_decode($entity->file_contents), $entity->uri, FILE_EXISTS_REPLACE);
|
||||
|
||||
// Write the new file to the local filesystem.
|
||||
if (isset($entity->file_contents) && !empty($entity->filesize)) {
|
||||
// Don't try to write it if it uses a stream wrapper that isn't writeable
|
||||
// (for example, if it is a remotely-hosted video).
|
||||
$scheme = file_uri_scheme($entity->uri);
|
||||
$wrappers = file_get_stream_wrappers(STREAM_WRAPPERS_WRITE);
|
||||
if (empty($wrappers[$scheme])) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Check for an existing file with the same URI.
|
||||
$existing_files = file_load_multiple(array(), array('uri' => $entity->uri));
|
||||
$existing = (object) array('uri' => NULL, 'uuid' => NULL);
|
||||
if (count($existing_files)) {
|
||||
$existing = reset($existing_files);
|
||||
}
|
||||
|
||||
// If this is a new file and there is an existing file with the same URI,
|
||||
// but a different uuid then rename this file.
|
||||
if ($entity->is_new && $entity->uri == $existing->uri && $entity->uuid != $existing->uuid) {
|
||||
$uri = $entity->uri;
|
||||
$replace = FILE_EXISTS_RENAME;
|
||||
}
|
||||
// If this has an id, meaning UUID has already matched the uuid to an
|
||||
// existing file, but it has a URI that matches a file with a different
|
||||
// uuid, then load the file with the matching uuid and use the URI from
|
||||
// that file. The existing file with the matching uuid is most likely a
|
||||
// file that was previously renamed, e.g. as in the condition above, to
|
||||
// avoid conflict. The uuid matches because they are the same file, but
|
||||
// the URI does not because an incrementing number was added as part of
|
||||
// the renaming.
|
||||
elseif ($entity->uri == $existing->uri && $entity->uuid != $existing->uuid) {
|
||||
$file = file_load($entity->fid);
|
||||
$uri = $file->uri;
|
||||
$replace = FILE_EXISTS_REPLACE;
|
||||
}
|
||||
// Otherwise create a new file or replace the existing file contents.
|
||||
else {
|
||||
$uri = $entity->uri;
|
||||
$replace = FILE_EXISTS_REPLACE;
|
||||
}
|
||||
|
||||
$directory = drupal_dirname($uri);
|
||||
if (!empty($directory) && file_prepare_directory($directory, FILE_CREATE_DIRECTORY)) {
|
||||
$entity->uri = file_unmanaged_save_data(base64_decode($entity->file_contents), $uri, $replace);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -172,7 +264,7 @@ function taxonomy_entity_uuid_presave(&$entity, $entity_type) {
|
||||
* Implements hook_entity_uuid_load().
|
||||
*/
|
||||
function field_entity_uuid_load(&$entities, $entity_type) {
|
||||
foreach ($entities as $i => $entity) {
|
||||
foreach ($entities as $entity) {
|
||||
list(, , $bundle_name) = entity_extract_ids($entity_type, $entity);
|
||||
$instances = field_info_instances($entity_type, $bundle_name);
|
||||
|
||||
@@ -269,34 +361,8 @@ function image_field_uuid_presave($entity_type, $entity, $field, $instance, $lan
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_load().
|
||||
*/
|
||||
function node_reference_field_uuid_load($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
entity_property_id_to_uuid($items, 'node', 'nid');
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_presave().
|
||||
*/
|
||||
function node_reference_field_uuid_presave($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
entity_property_uuid_to_id($items, 'node', 'nid');
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_load().
|
||||
*/
|
||||
function user_reference_field_uuid_load($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
entity_property_id_to_uuid($items, 'user', 'uid');
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_presave().
|
||||
*/
|
||||
function user_reference_field_uuid_presave($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
entity_property_uuid_to_id($items, 'user', 'uid');
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_load().
|
||||
*
|
||||
* Kept here because it is in D8 core.
|
||||
*/
|
||||
function entityreference_field_uuid_load($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
// TODO: This is not really good, but as of now 'entity_property_id_to_uuid()'
|
||||
@@ -306,6 +372,8 @@ function entityreference_field_uuid_load($entity_type, $entity, $field, $instanc
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_presave().
|
||||
*
|
||||
* Kept here because it is in D8 core.
|
||||
*/
|
||||
function entityreference_field_uuid_presave($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
// TODO: This is not really good, but as of now 'entity_property_id_to_uuid()'
|
||||
@@ -313,38 +381,6 @@ function entityreference_field_uuid_presave($entity_type, $entity, $field, $inst
|
||||
entity_property_uuid_to_id($items, $field['settings']['target_type'], 'target_id');
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_entity_uuid_load().
|
||||
*/
|
||||
function field_collection_entity_uuid_load(&$entities, $entity_type) {
|
||||
if ($entity_type == 'field_collection_item') {
|
||||
entity_property_id_to_uuid($entities, 'field_collection_item', 'value');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_entity_uuid_presave().
|
||||
*/
|
||||
function field_collection_entity_uuid_presave(&$entity, $entity_type) {
|
||||
if ($entity_type == 'field_collection_item') {
|
||||
entity_property_uuid_to_id($entity, 'field_collection_item', 'value');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_load().
|
||||
*/
|
||||
function field_collection_field_uuid_load($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
entity_property_id_to_uuid($items, 'field_collection_item', 'value');
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_field_uuid_presave().
|
||||
*/
|
||||
function field_collection_field_uuid_presave($entity_type, $entity, $field, $instance, $langcode, &$items) {
|
||||
entity_property_uuid_to_id($items, 'field_collection_item', 'value');
|
||||
}
|
||||
|
||||
/**
|
||||
* @} End of "Field implementations"
|
||||
*/
|
||||
@@ -358,24 +394,35 @@ function field_collection_field_uuid_presave($entity_type, $entity, $field, $ins
|
||||
* Implements hook_uuid_entities_features_export_entity_alter().
|
||||
*/
|
||||
function node_uuid_entities_features_export_entity_alter(&$entity, $entity_type) {
|
||||
if ($entity_type == 'node') {
|
||||
foreach (array('data', 'name', 'picture', 'revision_uid', 'last_comment_timestamp') as $property) {
|
||||
if (property_exists($entity, $property)) {
|
||||
unset($entity->{$property});
|
||||
}
|
||||
if ('node' != $entity_type) {
|
||||
return;
|
||||
}
|
||||
|
||||
$properties = array(
|
||||
'data',
|
||||
'name',
|
||||
'picture',
|
||||
'revision_uid',
|
||||
'last_comment_timestamp',
|
||||
);
|
||||
foreach ($properties as $property) {
|
||||
if (property_exists($entity, $property)) {
|
||||
unset($entity->{$property});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of hook_uuid_entities_features_export_entity_alter().
|
||||
* Implements hook_uuid_entities_features_export_entity_alter().
|
||||
*/
|
||||
function user_uuid_entities_features_export_entity_alter(&$entity, $entity_type) {
|
||||
if ($entity_type == 'user') {
|
||||
foreach (array('data', 'access', 'login') as $property) {
|
||||
if (property_exists($entity, $property)) {
|
||||
unset($entity->{$property});
|
||||
}
|
||||
if ('user' != $entity_type) {
|
||||
return;
|
||||
}
|
||||
|
||||
foreach (array('data', 'access', 'login') as $property) {
|
||||
if (property_exists($entity, $property)) {
|
||||
unset($entity->{$property});
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -391,17 +438,6 @@ function file_uuid_entities_features_export_field_alter($entity_type, $entity, $
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements hook_uuid_entities_features_export_entity_alter().
|
||||
*/
|
||||
function workbench_uuid_entities_features_export_entity_alter(&$entity, $entity_type) {
|
||||
foreach (array('workbench_moderation', 'my_revision', 'workbench_access', 'workbench_access_scheme', 'workbench_access_by_role') as $property) {
|
||||
if (isset($entity->{$property})) {
|
||||
unset($entity->{$property});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @} End of "Export alterations"
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user