Compare commits
	
		
			37 Commits
		
	
	
		
			dev
			...
			8f4ce63da5
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 8f4ce63da5 | |||
| 6385bc5267 | |||
| 5656f5a68a | |||
| fd5d68d5e9 | |||
| 7b1e954f7f | |||
| 1be79e1e06 | |||
| be8ccebfac | |||
| 04c585f500 | |||
| 65ff1558e4 | |||
| 6b93e345cd | |||
| 438237e852 | |||
| cc3b64a193 | |||
| aa5c4a5a74 | |||
| 4e0d4316d6 | |||
| 27bffaa4dc | |||
| a8891db014 | |||
| 54c778223d | |||
| a40774a820 | |||
| f466459072 | |||
| d5096cf9ad | |||
| a163542966 | |||
| f7ae17e6c4 | |||
| fdd2f67cc6 | |||
| 8fb74fdf95 | |||
| 870831757c | |||
| 2c2dd76ece | |||
|   | 68e9e90294 | ||
|   | 0bcc558ed5 | ||
|   | 3f7e130321 | ||
|   | 8d8a60b615 | ||
|   | 650c6448e4 | ||
|   | a5c37bec3c | ||
|   | b9ffb21f32 | ||
|   | 44557a31f0 | ||
|   | 1a06561593 | ||
|   | 747127f643 | ||
|   | ffd758abc9 | 
							
								
								
									
										6
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @@ -4,6 +4,8 @@ sites/*/settings*.php | |||||||
| # Ignore paths that contain user-generated content. | # Ignore paths that contain user-generated content. | ||||||
| sites/*/files | sites/*/files | ||||||
| sites/*/private | sites/*/private | ||||||
|  | sites/*/tmp | ||||||
|  |  | ||||||
| *.sublime* | error/ | ||||||
| sites/all/themes/gui/jee/.sass-cache/* |  | ||||||
|  | **.tar.gz | ||||||
|   | |||||||
							
								
								
									
										477
									
								
								CHANGELOG.txt
									
									
									
									
									
								
							
							
						
						
									
										477
									
								
								CHANGELOG.txt
									
									
									
									
									
								
							| @@ -1,3 +1,420 @@ | |||||||
|  | Drupal 7.80, 2021-04-20 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2021-002 | ||||||
|  |  | ||||||
|  | Drupal 7.79, 2021-04-07 | ||||||
|  | ----------------------- | ||||||
|  | - Initial support for PHP 8 | ||||||
|  | - Support for SameSite cookie attribute | ||||||
|  | - Avoid write for unchanged fields (opt-in) | ||||||
|  |  | ||||||
|  | Drupal 7.78, 2021-01-19 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2021-001 | ||||||
|  |  | ||||||
|  | Drupal 7.77, 2020-12-03 | ||||||
|  | ----------------------- | ||||||
|  | - Hotfix for schema.prefixed tables | ||||||
|  |  | ||||||
|  | Drupal 7.76, 2020-12-02 | ||||||
|  | ----------------------- | ||||||
|  | - Support for MySQL 8 | ||||||
|  | - Core tests pass in SQLite | ||||||
|  | - Better user flood control logging | ||||||
|  |  | ||||||
|  | Drupal 7.75, 2020-11-26 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2020-013 | ||||||
|  |  | ||||||
|  | Drupal 7.74, 2020-11-17 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2020-012 | ||||||
|  |  | ||||||
|  | Drupal 7.73, 2020-09-16 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2020-007 | ||||||
|  |  | ||||||
|  | Drupal 7.72, 2020-06-17 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2020-004 | ||||||
|  |  | ||||||
|  | Drupal 7.71, 2020-06-03 | ||||||
|  | ----------------------- | ||||||
|  | - Fix for jQuery Form bug in Chromium-based browsers | ||||||
|  | - Full support for PHP 7.4 | ||||||
|  |  | ||||||
|  | Drupal 7.70, 2020-05-19 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2020-002 | ||||||
|  |    - SA-CORE-2020-003 | ||||||
|  |  | ||||||
|  | Drupal 7.69, 2019-12-18 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2019-012 | ||||||
|  |  | ||||||
|  | Drupal 7.68, 2019-12-04 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed: Hide toolbar when printing | ||||||
|  | - Fixed: Settings returned via ajax are not run through hook_js_alter() | ||||||
|  | - Fixed: Use drupal_http_build_query() in drupal_http_request() | ||||||
|  | - Fixed: DrupalRequestSanitizer not found fatal error when bootstrap phase order is changed | ||||||
|  | - Fixed: Block web.config in .htaccess (and vice-versa) | ||||||
|  | - Fixed: Create "scripts" element to align rendering workflow to how "styles" are handled | ||||||
|  | - PHP 7.3: Fixed 'Cannot change session id when session is active' | ||||||
|  | - PHP 7.1: Fixed 'A non-numeric value encountered in theme_pager()' | ||||||
|  | - PHP 7.x: Fixed file.inc generated .htaccess does not cover PHP 7 | ||||||
|  | - PHP 5.3: Fixed check_plain() 'Invalid multibyte sequence in argument' test failures | ||||||
|  | - Fixed: Allow passing data as array to drupal_http_request() | ||||||
|  | - Fixed: Skip module_invoke/module_hook in calling hook_watchdog (excessive function_exist) | ||||||
|  | - Fixed: HTTP status 200 returned for 'Additional uncaught exception thrown while handling exception' | ||||||
|  | - Fixed: theme_table() should take an optional footer variable and produce <tfoot> | ||||||
|  | - Fixed: 'uasort() expects parameter 1 to be array, null given in node_view_multiple()' | ||||||
|  | - [regression] Fix default.settings.php permission | ||||||
|  |  | ||||||
|  | Drupal 7.67, 2019-05-08 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2019-007 | ||||||
|  |  | ||||||
|  | Drupal 7.66, 2019-04-17 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2019-006 | ||||||
|  |  | ||||||
|  | Drupal 7.65, 2019-03-20 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2019-004 | ||||||
|  |  | ||||||
|  | Drupal 7.64, 2019-02-06 | ||||||
|  | ----------------------- | ||||||
|  | - [regression] Unset the 'host' header in drupal_http_request() during redirect | ||||||
|  | - Fixed: 7.x does not have Phar protection and Phar tests are failing on Drupal 7 | ||||||
|  | - Fixed: Notice: Undefined index: display_field in file_field_widget_value() (line 582 of /module/file/file.field.inc) | ||||||
|  | - Performance improvement: Registry rebuild should not parse the same file twice in the same request | ||||||
|  | - Fixed _registry_update() to clear caches after transaction is committed | ||||||
|  |  | ||||||
|  | Drupal 7.63, 2019-01-16 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed a fatal error for some Drush users introduced by SA-CORE-2019-002. | ||||||
|  |  | ||||||
|  | Drupal 7.62, 2019-01-15 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues: | ||||||
|  |    - SA-CORE-2019-001 | ||||||
|  |    - SA-CORE-2019-002 | ||||||
|  |  | ||||||
|  | Drupal 7.61, 2018-11-07 | ||||||
|  | ----------------------- | ||||||
|  | - File upload validation functions and hook_file_validate() implementations are | ||||||
|  |   now always passed the correct file URI. | ||||||
|  | - The default form cache expiration of 6 hours is now configurable (API | ||||||
|  |   addition: https://www.drupal.org/node/2857751). | ||||||
|  | - Allowed callers of drupal_http_request() to optionally specify an explicit | ||||||
|  |   Host header. | ||||||
|  | - Allowed the + character to appear in usernames. | ||||||
|  | - PHP 7.2: Fixed Archive_Tar incompatibility. | ||||||
|  | - PHP 7.2: Removed deprecated function each(). | ||||||
|  | - PHP 7.2: Avoid count() calls on uncountable variables. | ||||||
|  | - PHP 7.2: Removed deprecated create_function() call. | ||||||
|  | - PHP 7.2: Make sure variables are arrays in theme_links(). | ||||||
|  | - Fixed theme-settings.php not being loaded on cached forms | ||||||
|  | - Fixed problem with IE11 & Chrome(PointerEvents enabled) & some Firefox scroll to the top of the page after dragging the bottom item with jquery 1.5 <-> 1.11 | ||||||
|  |  | ||||||
|  | Drupal 7.60, 2018-10-18 | ||||||
|  | ------------------------ | ||||||
|  | - Fixed security issues. See SA-CORE-2018-006. | ||||||
|  |  | ||||||
|  | Drupal 7.59, 2018-04-25 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (remote code execution). See SA-CORE-2018-004. | ||||||
|  |  | ||||||
|  | Drupal 7.58, 2018-03-28 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (remote code execution). See SA-CORE-2018-002. | ||||||
|  |  | ||||||
|  | Drupal 7.57, 2018-02-21 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2018-001. | ||||||
|  |  | ||||||
|  | Drupal 7.56, 2017-06-21 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (access bypass). See SA-CORE-2017-003. | ||||||
|  |  | ||||||
|  | Drupal 7.55, 2017-06-07 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed incompatibility with PHP versions 7.0.19 and 7.1.5 due to duplicate | ||||||
|  |   DATE_RFC7231 definition. | ||||||
|  | - Made Drupal core pass all automated tests on PHP 7.1. | ||||||
|  | - Allowed services such as Let's Encrypt to work with Drupal on Apache, by | ||||||
|  |   making Drupal's .htaccess file allow access to the .well-known directory | ||||||
|  |   defined by RFC 5785. | ||||||
|  | - Made new Drupal sites work correctly on Apache 2.4 when the mod_access_compat | ||||||
|  |   Apache module is disabled. | ||||||
|  | - Fixed Drupal's URL-generating functions to always encode '[' and ']' so that | ||||||
|  |   the URLs will pass HTML5 validation. | ||||||
|  | - Various additional bug fixes. | ||||||
|  | - Various API documentation improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
|  | Drupal 7.54, 2017-02-01 | ||||||
|  | ----------------------- | ||||||
|  | - Modules are now able to define theme engines (API addition: | ||||||
|  |   https://www.drupal.org/node/2826480). | ||||||
|  | - Logging of searches can now be disabled (new option in the administrative | ||||||
|  |   interface). | ||||||
|  | - Added menu tree render structure to (pre-)process hooks for theme_menu_tree() | ||||||
|  |   (API addition: https://www.drupal.org/node/2827134). | ||||||
|  | - Added new function for determining whether an HTTPS request is being served | ||||||
|  |   (API addition: https://www.drupal.org/node/2824590). | ||||||
|  | - Fixed incorrect default value for short and medium date formats on the date | ||||||
|  |   type configuration page. | ||||||
|  | - File validation error message is now removed after subsequent upload of valid | ||||||
|  |   file. | ||||||
|  | - Numerous bug fixes. | ||||||
|  | - Numerous API documentation improvements. | ||||||
|  | - Additional performance improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
|  | Drupal 7.53, 2016-12-07 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed drag and drop support on newer Chrome/IE 11+ versions after 7.51 update | ||||||
|  |   when jQuery is updated to 1.7-1.11.0. | ||||||
|  |  | ||||||
|  | Drupal 7.52, 2016-11-16 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-005. | ||||||
|  |  | ||||||
|  | Drupal 7.51, 2016-10-05 | ||||||
|  | ----------------------- | ||||||
|  | - The Update module now also checks for updates to a disabled theme that is | ||||||
|  |   used as an admin theme. | ||||||
|  | - Exceptions thrown in dblog_watchdog() are now caught and ignored. | ||||||
|  | - Clarified the warning that appears when modules are missing or have moved. | ||||||
|  | - Log messages are now XSS filtered on display. | ||||||
|  | - Draggable tables now work on touch screen devices. | ||||||
|  | - Added a setting for allowing double underscores in CSS identifiers | ||||||
|  |   (https://www.drupal.org/node/2810369). | ||||||
|  | - If a user navigates away from a page while an Ajax request is running they | ||||||
|  |   will no longer get an error message saying "An Ajax HTTP request terminated | ||||||
|  |   abnormally". | ||||||
|  | - The system_region_list() API function now takes an optional third parameter | ||||||
|  |   which allows region name translations to be skipped when they are not needed | ||||||
|  |   (API addition: https://www.drupal.org/node/2810365). | ||||||
|  | - Numerous performance improvements. | ||||||
|  | - Numerous bug fixes. | ||||||
|  | - Numerous API documentation improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
|  | Drupal 7.50, 2016-07-07  | ||||||
|  | ----------------------- | ||||||
|  | - Added a new "administer fields" permission for trusted users, which is | ||||||
|  |   required in addition to other permissions to use the field UI | ||||||
|  |   (https://www.drupal.org/node/2483307). | ||||||
|  | - Added clickjacking protection to Drupal core by setting the X-Frame-Options | ||||||
|  |   header to SAMEORIGIN by default (https://www.drupal.org/node/2735873). | ||||||
|  | - Added support for full UTF-8 (emojis, Asian symbols, mathematical symbols) on | ||||||
|  |   MySQL and other database drivers when the site and database are configured to | ||||||
|  |   allow it (https://www.drupal.org/node/2761183). | ||||||
|  | - Improved performance by avoiding a re-scan of directories when a file is | ||||||
|  |   missing; instead, trigger a PHP warning (minor API change: | ||||||
|  |   https://www.drupal.org/node/2581445). | ||||||
|  | - Made it possible to use any PHP callable in Ajax form callbacks, form API | ||||||
|  |   form-building functions, and form API wrapper callbacks (API addition: | ||||||
|  |   https://www.drupal.org/node/2761169). | ||||||
|  | - Fixed that following a password reset link while logged in leaves users unable | ||||||
|  |   to change their password (minor user interface change: | ||||||
|  |   https://www.drupal.org/node/2759023). | ||||||
|  | - Implemented various fixes for automated test failures on PHP 5.4+ and PHP 7. | ||||||
|  |   Drupal core automated tests now pass in these environments. | ||||||
|  | - Improved support for PHP 7 by fixing various problems. | ||||||
|  | - Fixed various bugs with PHP 5.5+ imagerotate(), including when incorrect | ||||||
|  |   color indices are passed in. | ||||||
|  | - Fixed a regression introduced in Drupal 7.43 that allowed files uploaded by | ||||||
|  |   anonymous users to be lost after form validation errors, and that also caused | ||||||
|  |   regressions with certain contributed modules. | ||||||
|  | - Fixed a regression introduced in Drupal 7.36 which caused the default value | ||||||
|  |   of hidden textarea fields to be ignored. | ||||||
|  | - Fixed robots.txt to allow search engines to access CSS, JavaScript and image | ||||||
|  |   files. | ||||||
|  | - Changed wording on the Update Manager settings page to clarify that the | ||||||
|  |   option to check for disabled module updates also applies to uninstalled | ||||||
|  |   modules (administrative-facing translatable string change). | ||||||
|  | - Changed the help text when editing menu links and configuring URL redirect | ||||||
|  |   actions so that it does not reference "Drupal" or the drupal.org website | ||||||
|  |   (administrative-facing translatable string change). | ||||||
|  | - Fixed the locale safety check that is used to ensure that translations are | ||||||
|  |   safe to allow for tokens in the href/src attributes of translated strings. | ||||||
|  | - Fixed that URL generation only works on port 80 when using domain based | ||||||
|  |   language negotation. | ||||||
|  | - Made method="get" forms work inside the administrative overlay. The fix adds | ||||||
|  |   a new hidden field to these forms when they appear inside the overlay (minor | ||||||
|  |   data structure change). | ||||||
|  | - Increased maxlength of menu link title input fields in the node form and | ||||||
|  |   menu link form from 128 to 255 characters. | ||||||
|  | - Removed meaningless post-check=0 and pre-check=0 cache control headers from | ||||||
|  |   Drupal HTTP responses. | ||||||
|  | - Added a .editorconfig file to auto-configure editors that support it. | ||||||
|  | - Added --directory option to run-tests.sh for easier test discovery of all | ||||||
|  |   tests within a project. | ||||||
|  | - Made run-tests.sh exit with a failure code when there are test fails or | ||||||
|  |   problems running the script. | ||||||
|  | - Fixed that cookies from previous tests are still present when a new test | ||||||
|  |   starts in DrupalWebTestCase. | ||||||
|  | - Improved performance of queries on the {authmap} database table. | ||||||
|  | - Fixed handling of missing files and functions inside the registry. | ||||||
|  | - Fixed Ajax handling for tableselect form elements that use checkboxes. | ||||||
|  | - Fixed a bug which caused ip_address() to return nothing when the client IP | ||||||
|  |   address and proxy IP address are the same. | ||||||
|  | - Added a new option to format_xml_elements() to allow for already encoded | ||||||
|  |   values. | ||||||
|  | - Changed the {history} table's node ID field to be an unsigned integer, to | ||||||
|  |   match the same field in the {node} table and to prevent errors with very | ||||||
|  |   large node IDs. | ||||||
|  | - Added an explicit page callback to the "admin/people/create" menu item in the | ||||||
|  |   User module (minor data structure change). Previously this automatically | ||||||
|  |   inherited the page callback from the parent "admin/people" menu item, which | ||||||
|  |   broke contributed modules that override the "admin/people" page. | ||||||
|  | - Numerous small bug fixes. | ||||||
|  | - Numerous API documentation improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
|  | Drupal 7.44, 2016-06-15 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (privilege escalation). See SA-CORE-2016-002. | ||||||
|  |  | ||||||
|  | Drupal 7.43, 2016-02-24 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-001. | ||||||
|  |  | ||||||
|  | Drupal 7.42, 2016-02-03 | ||||||
|  | ----------------------- | ||||||
|  | - Stopped invoking hook_flush_caches() on every cron run, since some modules | ||||||
|  |   use that hook for expensive operations that are only needed on cache clears. | ||||||
|  | - Changed the default .htaccess and web.config to block Composer-related files. | ||||||
|  | - Added static caching to module_load_include() to improve performance. | ||||||
|  | - Fixed double-encoding bugs in select field widgets provided by the Options | ||||||
|  |   module. The fix deprecates the 'strip_tags' property on option widgets and | ||||||
|  |   replaces it with a new 'strip_tags_and_unescape' property (minor data | ||||||
|  |   structure change). | ||||||
|  | - Improved MySQL 5.7 support by changing the MySQL database driver to stop | ||||||
|  |   using the ANSI SQL mode alias, which has different meanings for different | ||||||
|  |   MySQL versions. | ||||||
|  | - Fixed a regression introduced in Drupal 7.39 which prevented autocomplete | ||||||
|  |   functionality from working on servers that are not configured to | ||||||
|  |   automatically recognize index.php. | ||||||
|  | - Updated the Archive_Tar PEAR package to the latest 1.4.0 release, to fix bugs | ||||||
|  |   with tar file handling on various operating systems. | ||||||
|  | - Fixed fatal errors on node preview when a field is displayed in the node | ||||||
|  |   teaser but hidden in the full node view. The fix removes a | ||||||
|  |   field_attach_prepare_view() call from the node_preview() function since it is | ||||||
|  |   redundant with one in the node preview theme layer. | ||||||
|  | - Improved the description of the "Trimmed" format option on text fields | ||||||
|  |   (translatable string change, and minor UI and data structure change). | ||||||
|  | - Numerous small bug fixes. | ||||||
|  | - Numerous API documentation improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
|  | Drupal 7.41, 2015-10-21 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (open redirect). See SA-CORE-2015-004. | ||||||
|  |  | ||||||
|  | Drupal 7.40, 2015-10-14 | ||||||
|  | ----------------------- | ||||||
|  | - Made Drupal's code for parsing .info files run much faster and use much less | ||||||
|  |   memory. | ||||||
|  | - Prevented drupal_http_request() from returning an error when it receives a | ||||||
|  |   201 through 206 HTTP status code. | ||||||
|  | - Added support for autoloading traits via the registry on sites running PHP | ||||||
|  |   5.4 or higher. | ||||||
|  | - Allowed the user-picture.tpl.php theme template to have HTML classes besides | ||||||
|  |   the default "user-picture" class printed in it (markup change). | ||||||
|  | - Fixed the URL text filter to convert e-mail addresses with plus signs into | ||||||
|  |   mailto: links. | ||||||
|  | - Added alternate text to file icons displayed by the File module, to improve | ||||||
|  |   accessibility (string change, and minor API addition to theme_file_icon()). | ||||||
|  | - Changed one-time login link failure messages to be displayed as errors or | ||||||
|  |   warnings as appropriate, rather than as regular status messages (minor UI | ||||||
|  |   change and data structure change). | ||||||
|  | - Changed the default settings.php configuration to exclude private files from | ||||||
|  |   the "404_fast_paths" behavior. | ||||||
|  | - Changed the page that displays filter tips for a particular text format, for | ||||||
|  |   example filter/tips/full_html, to return "page not found" or "access denied" | ||||||
|  |   if the format does not exist or the user does not have access to it. This | ||||||
|  |   change adds a new menu item to the Filter module's hook_menu() entry (minor | ||||||
|  |   data structure change). | ||||||
|  | - Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the | ||||||
|  |   cache keys used for caching a particular block. | ||||||
|  | - Made drupal_set_message() display and return messages when "0" is passed in | ||||||
|  |   as the message to set. | ||||||
|  | - Fixed non-functional "Files displayed by default" setting on file fields. | ||||||
|  | - The "worker callback" provided in hook_cron_queue_info() and the "finished" | ||||||
|  |   callback specified during batch processing can now be any PHP callable | ||||||
|  |   instead of just functions. | ||||||
|  | - Prevented drupal_set_time_limit() from decreasing the time limit in the case | ||||||
|  |   where the PHP maximum execution time is already unlimited. | ||||||
|  | - Changed the default thousand marker for numeric fields from a space ("1 000") | ||||||
|  |   to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376). | ||||||
|  | - Prevented malformed theme .info files (without a "name" key) from causing | ||||||
|  |   exceptions during menu rebuilds. If an .info file without a "name" key is | ||||||
|  |   found in a module or theme directory, Drupal will now use the module or | ||||||
|  |   theme's machine name as the display name instead. | ||||||
|  | - Made the format column in the {date_format_locale} database table | ||||||
|  |   case-sensitive, to match the equivalent column in the {date_formats} table. | ||||||
|  | - Fixed a bug in the Statistics module that caused JavaScript files attached to | ||||||
|  |   a node while it is being viewed to be omitted from the page. | ||||||
|  | - Added an optional 'project:' prefix that can be added to dependencies in a | ||||||
|  |   module's .info file to indicate which project the dependency resides in (API | ||||||
|  |   addition: https://www.drupal.org/node/2299747). | ||||||
|  | - Fixed various bugs that occurred after hooks were invoked early in the Drupal | ||||||
|  |   bootstrap and that caused module_implements() and drupal_alter() to cache an | ||||||
|  |   incomplete set of hook implementations for later use. | ||||||
|  | - Set the X-Content-Type-Options header to "nosniff" when possible, to prevent | ||||||
|  |   certain web browsers from picking an unsafe MIME type. | ||||||
|  | - Prevented the database API from executing multiple queries at once on MySQL, | ||||||
|  |   if the site's PHP version is new enough to do so. This is a secondary defense | ||||||
|  |   against SQL injection (API change: https://www.drupal.org/node/2463973). | ||||||
|  | - Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade | ||||||
|  |   to fail when there were multiple file records pointing to the same file. | ||||||
|  | - Numerous small bug fixes. | ||||||
|  | - Numerous API documentation improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
|  | Drupal 7.39, 2015-08-19 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003. | ||||||
|  |  | ||||||
|  | Drupal 7.38, 2015-06-17 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-002. | ||||||
|  |  | ||||||
|  | Drupal 7.37, 2015-05-07 | ||||||
|  | ----------------------- | ||||||
|  | - Fixed a regression in Drupal 7.36 which caused certain kinds of content types | ||||||
|  |   to become disabled if they were defined by a no-longer-enabled module. | ||||||
|  | - Removed a confusing description regarding automatic time zone detection from | ||||||
|  |   the user account form (minor UI and data structure change). | ||||||
|  | - Allowed custom HTML tags with a dash in the name to pass through filter_xss() | ||||||
|  |   when specified in the list of allowed tags. | ||||||
|  | - Allowed hook_field_schema() implementations to specify indexes for fields | ||||||
|  |   based on a fixed-length column prefix (rather than the entire column), as was | ||||||
|  |   already allowed in hook_schema() implementations. | ||||||
|  | - Fixed PDO exceptions on PostgreSQL when accessing invalid entity URLs. | ||||||
|  | - Added a sites/all/libraries folder to the codebase, with instructions for | ||||||
|  |   using it. | ||||||
|  | - Added a description to the "Administer text formats and filters" permission | ||||||
|  |   on the Permissions page (string change). | ||||||
|  | - Numerous small bug fixes. | ||||||
|  | - Numerous API documentation improvements. | ||||||
|  | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.36, 2015-04-01 | Drupal 7.36, 2015-04-01 | ||||||
| ----------------------- | ----------------------- | ||||||
| @@ -58,11 +475,11 @@ Drupal 7.36, 2015-04-01 | |||||||
| - Additional automated test coverage. | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.35, 2015-03-18 | Drupal 7.35, 2015-03-18 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001. | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001. | ||||||
|  |  | ||||||
| Drupal 7.34, 2014-11-19 | Drupal 7.34, 2014-11-19 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006. | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006. | ||||||
|  |  | ||||||
| Drupal 7.33, 2014-11-07 | Drupal 7.33, 2014-11-07 | ||||||
| @@ -131,11 +548,11 @@ Drupal 7.33, 2014-11-07 | |||||||
| - Additional automated test coverage. | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.32, 2014-10-15 | Drupal 7.32, 2014-10-15 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (SQL injection). See SA-CORE-2014-005. | - Fixed security issues (SQL injection). See SA-CORE-2014-005. | ||||||
|  |  | ||||||
| Drupal 7.31, 2014-08-06 | Drupal 7.31, 2014-08-06 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (denial of service). See SA-CORE-2014-004. | - Fixed security issues (denial of service). See SA-CORE-2014-004. | ||||||
|  |  | ||||||
| Drupal 7.30, 2014-07-24 | Drupal 7.30, 2014-07-24 | ||||||
| @@ -150,7 +567,7 @@ Drupal 7.30, 2014-07-24 | |||||||
| - Additional automated test coverage. | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.29, 2014-07-16 | Drupal 7.29, 2014-07-16 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003. | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003. | ||||||
|  |  | ||||||
| Drupal 7.28, 2014-05-08 | Drupal 7.28, 2014-05-08 | ||||||
| @@ -196,11 +613,11 @@ Drupal 7.28, 2014-05-08 | |||||||
| - Additional automated test coverage. | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.27, 2014-04-16 | Drupal 7.27, 2014-04-16 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (information disclosure). See SA-CORE-2014-002. | - Fixed security issues (information disclosure). See SA-CORE-2014-002. | ||||||
|  |  | ||||||
| Drupal 7.26, 2014-01-15 | Drupal 7.26, 2014-01-15 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001. | - Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001. | ||||||
|  |  | ||||||
| Drupal 7.25, 2014-01-02 | Drupal 7.25, 2014-01-02 | ||||||
| @@ -266,7 +683,7 @@ Drupal 7.25, 2014-01-02 | |||||||
| - Additional automated test coverage. | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.24, 2013-11-20 | Drupal 7.24, 2013-11-20 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003. | - Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003. | ||||||
|  |  | ||||||
| Drupal 7.23, 2013-08-07 | Drupal 7.23, 2013-08-07 | ||||||
| @@ -520,8 +937,8 @@ Drupal 7.15, 2012-08-01 | |||||||
| - Numerous API documentation improvements. | - Numerous API documentation improvements. | ||||||
| - Additional automated test coverage. | - Additional automated test coverage. | ||||||
|  |  | ||||||
| Drupal 7.14 2012-05-02 | Drupal 7.14, 2012-05-02 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed "integrity constraint" fatal errors when rebuilding registry. | - Fixed "integrity constraint" fatal errors when rebuilding registry. | ||||||
| - Fixed custom logo and favicon functionality referencing incorrect paths. | - Fixed custom logo and favicon functionality referencing incorrect paths. | ||||||
| - Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL. | - Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL. | ||||||
| @@ -569,12 +986,12 @@ Drupal 7.14 2012-05-02 | |||||||
|   - system_update_7061() converts filepaths too aggressively. |   - system_update_7061() converts filepaths too aggressively. | ||||||
|   - Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25. |   - Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25. | ||||||
|  |  | ||||||
| Drupal 7.13 2012-05-02 | Drupal 7.13, 2012-05-02 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-002. | - Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-002. | ||||||
|  |  | ||||||
| Drupal 7.12, 2012-02-01 | Drupal 7.12, 2012-02-01 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed bug preventing custom menus from receiving an active trail. | - Fixed bug preventing custom menus from receiving an active trail. | ||||||
| - Fixed hook_field_delete() no longer invoked during field_purge_data(). | - Fixed hook_field_delete() no longer invoked during field_purge_data(). | ||||||
| - Fixed bug causing entity info cache to not be cleared with the rest of caches. | - Fixed bug causing entity info cache to not be cleared with the rest of caches. | ||||||
| @@ -608,11 +1025,11 @@ Drupal 7.12, 2012-02-01 | |||||||
|   cache. |   cache. | ||||||
|  |  | ||||||
| Drupal 7.11, 2012-02-01 | Drupal 7.11, 2012-02-01 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001. | - Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001. | ||||||
|  |  | ||||||
| Drupal 7.10, 2011-12-05 | Drupal 7.10, 2011-12-05 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed Content-Language HTTP header to not cause issues with Drush 5.x. | - Fixed Content-Language HTTP header to not cause issues with Drush 5.x. | ||||||
| - Reduce memory usage of theme registry (performance). | - Reduce memory usage of theme registry (performance). | ||||||
| - Fixed PECL upload progress bar for FileField | - Fixed PECL upload progress bar for FileField | ||||||
| @@ -965,7 +1382,7 @@ Drupal 7.0, 2011-01-05 | |||||||
|       requests. |       requests. | ||||||
|  |  | ||||||
| Drupal 6.23-dev, xxxx-xx-xx (development release) | Drupal 6.23-dev, xxxx-xx-xx (development release) | ||||||
| ----------------------- | --------------------------- | ||||||
|  |  | ||||||
| Drupal 6.22, 2011-05-25 | Drupal 6.22, 2011-05-25 | ||||||
| ----------------------- | ----------------------- | ||||||
| @@ -975,25 +1392,25 @@ Drupal 6.22, 2011-05-25 | |||||||
| - Fixed a variety of other bugs. | - Fixed a variety of other bugs. | ||||||
|  |  | ||||||
| Drupal 6.21, 2011-05-25 | Drupal 6.21, 2011-05-25 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Cross site scripting), see SA-CORE-2011-001. | - Fixed security issues (Cross site scripting), see SA-CORE-2011-001. | ||||||
|  |  | ||||||
| Drupal 6.20, 2010-12-15 | Drupal 6.20, 2010-12-15 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed a variety of small bugs, improved code documentation. | - Fixed a variety of small bugs, improved code documentation. | ||||||
|  |  | ||||||
| Drupal 6.19, 2010-08-11 | Drupal 6.19, 2010-08-11 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed a variety of small bugs, improved code documentation. | - Fixed a variety of small bugs, improved code documentation. | ||||||
|  |  | ||||||
| Drupal 6.18, 2010-08-11 | Drupal 6.18, 2010-08-11 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (OpenID authentication bypass, File download access | - Fixed security issues (OpenID authentication bypass, File download access | ||||||
|   bypass, Comment unpublishing bypass, Actions cross site scripting), |   bypass, Comment unpublishing bypass, Actions cross site scripting), | ||||||
|   see SA-CORE-2010-002. |   see SA-CORE-2010-002. | ||||||
|  |  | ||||||
| Drupal 6.17, 2010-06-02 | Drupal 6.17, 2010-06-02 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Improved PostgreSQL compatibility | - Improved PostgreSQL compatibility | ||||||
| - Better PHP 5.3 and PHP 4 compatibility | - Better PHP 5.3 and PHP 4 compatibility | ||||||
| - Better browser compatibility of CSS and JS aggregation | - Better browser compatibility of CSS and JS aggregation | ||||||
| @@ -1002,7 +1419,7 @@ Drupal 6.17, 2010-06-02 | |||||||
| - Fixed a variety of other bugs. | - Fixed a variety of other bugs. | ||||||
|  |  | ||||||
| Drupal 6.16, 2010-03-03 | Drupal 6.16, 2010-03-03 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Installation cross site scripting, Open redirection, | - Fixed security issues (Installation cross site scripting, Open redirection, | ||||||
|   Locale module cross site scripting, Blocked user session regeneration), |   Locale module cross site scripting, Blocked user session regeneration), | ||||||
|   see SA-CORE-2010-001. |   see SA-CORE-2010-001. | ||||||
| @@ -1014,12 +1431,12 @@ Drupal 6.16, 2010-03-03 | |||||||
| - Fixed a variety of other bugs. | - Fixed a variety of other bugs. | ||||||
|  |  | ||||||
| Drupal 6.15, 2009-12-16 | Drupal 6.15, 2009-12-16 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Cross site scripting), see SA-CORE-2009-009. | - Fixed security issues (Cross site scripting), see SA-CORE-2009-009. | ||||||
| - Fixed a variety of other bugs. | - Fixed a variety of other bugs. | ||||||
|  |  | ||||||
| Drupal 6.14, 2009-09-16 | Drupal 6.14, 2009-09-16 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (OpenID association cross site request forgeries, | - Fixed security issues (OpenID association cross site request forgeries, | ||||||
|   OpenID impersonation and File upload), see SA-CORE-2009-008. |   OpenID impersonation and File upload), see SA-CORE-2009-008. | ||||||
| - Changed the system modules page to not run all cache rebuilds; use the | - Changed the system modules page to not run all cache rebuilds; use the | ||||||
| @@ -1028,18 +1445,18 @@ Drupal 6.14, 2009-09-16 | |||||||
| - Fixed a variety of small bugs. | - Fixed a variety of small bugs. | ||||||
|  |  | ||||||
| Drupal 6.13, 2009-07-01 | Drupal 6.13, 2009-07-01 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Cross site scripting, Input format access bypass and | - Fixed security issues (Cross site scripting, Input format access bypass and | ||||||
|   Password leakage in URL), see SA-CORE-2009-007. |   Password leakage in URL), see SA-CORE-2009-007. | ||||||
| - Fixed a variety of small bugs. | - Fixed a variety of small bugs. | ||||||
|  |  | ||||||
| Drupal 6.12, 2009-05-13 | Drupal 6.12, 2009-05-13 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Cross site scripting), see SA-CORE-2009-006. | - Fixed security issues (Cross site scripting), see SA-CORE-2009-006. | ||||||
| - Fixed a variety of small bugs. | - Fixed a variety of small bugs. | ||||||
|  |  | ||||||
| Drupal 6.11, 2009-04-29 | Drupal 6.11, 2009-04-29 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed security issues (Cross site scripting and limited information | - Fixed security issues (Cross site scripting and limited information | ||||||
|   disclosure), see SA-CORE-2009-005 |   disclosure), see SA-CORE-2009-005 | ||||||
| - Fixed performance issues with the menu router cache, the update | - Fixed performance issues with the menu router cache, the update | ||||||
| @@ -1047,7 +1464,7 @@ Drupal 6.11, 2009-04-29 | |||||||
| - Fixed a variety of small bugs. | - Fixed a variety of small bugs. | ||||||
|  |  | ||||||
| Drupal 6.10, 2009-02-25 | Drupal 6.10, 2009-02-25 | ||||||
| ---------------------- | ----------------------- | ||||||
| - Fixed a security issue, (Local file inclusion on Windows), | - Fixed a security issue, (Local file inclusion on Windows), | ||||||
|   see SA-CORE-2009-003 |   see SA-CORE-2009-003 | ||||||
| - Fixed node_feed() so custom fields can show up in RSS feeds. | - Fixed node_feed() so custom fields can show up in RSS feeds. | ||||||
| @@ -1443,7 +1860,7 @@ Drupal 4.7.9, 2007-12-05 | |||||||
| - fixed a security issue (SQL injection), see SA-2007-031 | - fixed a security issue (SQL injection), see SA-2007-031 | ||||||
|  |  | ||||||
| Drupal 4.7.8, 2007-10-17 | Drupal 4.7.8, 2007-10-17 | ||||||
| ---------------------- | ------------------------ | ||||||
| - fixed a security issue (HTTP response splitting), see SA-2007-024 | - fixed a security issue (HTTP response splitting), see SA-2007-024 | ||||||
| - fixed a security issue (Cross site scripting via uploads), see SA-2007-026 | - fixed a security issue (Cross site scripting via uploads), see SA-2007-026 | ||||||
| - fixed a security issue (API handling of unpublished comment), see SA-2007-030 | - fixed a security issue (API handling of unpublished comment), see SA-2007-030 | ||||||
| @@ -1556,7 +1973,7 @@ Drupal 4.6.11, 2007-01-05 | |||||||
| - Fixed security issue (DoS), see SA-2007-002 | - Fixed security issue (DoS), see SA-2007-002 | ||||||
|  |  | ||||||
| Drupal 4.6.10, 2006-10-18 | Drupal 4.6.10, 2006-10-18 | ||||||
| ------------------------ | ------------------------- | ||||||
| - Fixed security issue (XSS), see SA-2006-024 | - Fixed security issue (XSS), see SA-2006-024 | ||||||
| - Fixed security issue (CSRF), see SA-2006-025 | - Fixed security issue (CSRF), see SA-2006-025 | ||||||
| - Fixed security issue (Form action attribute injection), see SA-2006-026 | - Fixed security issue (Form action attribute injection), see SA-2006-026 | ||||||
|   | |||||||
| @@ -23,7 +23,7 @@ Drupal requires: | |||||||
|   - Percona Server 5.1.70 (or greater) (http://www.percona.com/). Percona |   - Percona Server 5.1.70 (or greater) (http://www.percona.com/). Percona | ||||||
|     Server is a backwards-compatible replacement for MySQL. |     Server is a backwards-compatible replacement for MySQL. | ||||||
|   - PostgreSQL 8.3 (or greater) (http://www.postgresql.org/). |   - PostgreSQL 8.3 (or greater) (http://www.postgresql.org/). | ||||||
|   - SQLite 3.4.2 (or greater) (http://www.sqlite.org/). |   - SQLite 3.3.7 (or greater) (http://www.sqlite.org/). | ||||||
|  |  | ||||||
| For more detailed information about Drupal requirements, including a list of | For more detailed information about Drupal requirements, including a list of | ||||||
| PHP extensions and configurations that are required, see "System requirements" | PHP extensions and configurations that are required, see "System requirements" | ||||||
|   | |||||||
							
								
								
									
										209
									
								
								MAINTAINERS.txt
									
									
									
									
									
								
							
							
						
						
									
										209
									
								
								MAINTAINERS.txt
									
									
									
									
									
								
							| @@ -1,7 +1,8 @@ | |||||||
|  |  | ||||||
| Drupal core is built and maintained by the Drupal project community. Everyone is | Drupal core is built and maintained by the Drupal project community. Everyone is | ||||||
| encouraged to submit issues and changes (patches) to improve Drupal, and to | encouraged to submit issues and changes (patches) to improve Drupal, and to | ||||||
| contribute in other ways -- see http://drupal.org/contribute to find out how. | contribute in other ways -- see https://www.drupal.org/contribute to find out | ||||||
|  | how. | ||||||
|  |  | ||||||
| Branch maintainers | Branch maintainers | ||||||
| ------------------ | ------------------ | ||||||
| @@ -9,154 +10,151 @@ Branch maintainers | |||||||
| The Drupal Core branch maintainers oversee the development of Drupal as a whole. | The Drupal Core branch maintainers oversee the development of Drupal as a whole. | ||||||
| The branch maintainers for Drupal 7 are: | The branch maintainers for Drupal 7 are: | ||||||
|  |  | ||||||
| - Dries Buytaert 'dries' http://drupal.org/user/1 | - Dries Buytaert 'dries' https://www.drupal.org/u/dries | ||||||
| - Angela Byron 'webchick' http://drupal.org/user/24967 | - Fabian Franz 'Fabianx' https://www.drupal.org/u/fabianx | ||||||
| - David Rothstein 'David_Rothstein' http://drupal.org/user/124982 | - Drew Webber 'mcdruid' https://www.drupal.org/u/mcdruid | ||||||
|  |  | ||||||
|  |  | ||||||
| Component maintainers | Component maintainers | ||||||
| --------------------- | --------------------- | ||||||
|  |  | ||||||
| The Drupal Core component maintainers oversee the development of Drupal | The Drupal Core component maintainers oversee the development of Drupal | ||||||
| subsystems. See http://drupal.org/contribute/core-maintainers for more | subsystems. See https://www.drupal.org/contribute/core-maintainers for more | ||||||
| information on their responsibilities, and to find out how to become a component | information on their responsibilities, and to find out how to become a component | ||||||
| maintainer. Current component maintainers for Drupal 7: | maintainer. Current component maintainers for Drupal 7: | ||||||
|  |  | ||||||
| Ajax system | Ajax system | ||||||
| - Alex Bronstein 'effulgentsia' http://drupal.org/user/78040 | - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia | ||||||
| - Earl Miles 'merlinofchaos' http://drupal.org/user/26979 | - Earl Miles 'merlinofchaos' https://www.drupal.org/u/merlinofchaos | ||||||
|  |  | ||||||
| Base system | Base system | ||||||
| - Damien Tournoud 'DamZ' http://drupal.org/user/22211 | - Damien Tournoud 'DamZ' https://www.drupal.org/u/damien-tournoud | ||||||
| - Moshe Weitzman 'moshe weitzman' http://drupal.org/user/23 | - Moshe Weitzman 'moshe weitzman' https://www.drupal.org/u/moshe-weitzman | ||||||
|  |  | ||||||
| Batch system | Batch system | ||||||
| - Yves Chedemois 'yched' http://drupal.org/user/39567 | - Yves Chedemois 'yched' https://www.drupal.org/u/yched | ||||||
|  |  | ||||||
| Cache system | Cache system | ||||||
| - Damien Tournoud 'DamZ' http://drupal.org/user/22211 | - Damien Tournoud 'DamZ' https://www.drupal.org/u/damien-tournoud | ||||||
| - Nathaniel Catchpole 'catch' http://drupal.org/user/35733 | - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch | ||||||
|  |  | ||||||
| Cron system | Cron system | ||||||
| - Derek Wright 'dww' http://drupal.org/user/46549 | - Derek Wright 'dww' https://www.drupal.org/u/dww | ||||||
|  |  | ||||||
| Database system | Database system | ||||||
| - Larry Garfield 'Crell' http://drupal.org/user/26398 | - ? | ||||||
|  |  | ||||||
|   - MySQL driver |   - MySQL driver | ||||||
|     - Larry Garfield 'Crell' http://drupal.org/user/26398 |     - David Strauss 'David Strauss' https://www.drupal.org/u/david-strauss | ||||||
|     - David Strauss 'David Strauss' http://drupal.org/user/93254 |  | ||||||
|  |  | ||||||
|   - PostgreSQL driver |   - PostgreSQL driver | ||||||
|     - Damien Tournoud 'DamZ' http://drupal.org/user/22211 |     - Damien Tournoud 'DamZ' https://www.drupal.org/u/damien-tournoud | ||||||
|     - Josh Waihi 'fiasco' http://drupal.org/user/188162 |     - Josh Waihi 'fiasco' https://www.drupal.org/u/josh-waihi | ||||||
|  |  | ||||||
|   - Sqlite driver |   - Sqlite driver | ||||||
|     - Damien Tournoud 'DamZ' http://drupal.org/user/22211 |     - Damien Tournoud 'DamZ' https://www.drupal.org/u/damien-tournoud | ||||||
|  |  | ||||||
| Database update system | Database update system | ||||||
| - Ashok Modi 'BTMash' http://drupal.org/user/60422 | - Ashok Modi 'BTMash' https://www.drupal.org/u/btmash | ||||||
|  |  | ||||||
| Entity system | Entity system | ||||||
| - Wolfgang Ziegler 'fago' http://drupal.org/user/16747 | - Wolfgang Ziegler 'fago' https://www.drupal.org/u/fago | ||||||
| - Nathaniel Catchpole 'catch' http://drupal.org/user/35733 | - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch | ||||||
| - Franz Heinzmann 'Frando' http://drupal.org/user/21850 | - Franz Heinzmann 'Frando' https://www.drupal.org/u/frando | ||||||
|  |  | ||||||
| File system | File system | ||||||
| - Andrew Morton 'drewish' http://drupal.org/user/34869 | - Andrew Morton 'drewish' https://www.drupal.org/u/drewish | ||||||
| - Aaron Winborn 'aaron' http://drupal.org/user/33420 | - Aaron Winborn 'aaron' https://www.drupal.org/u/aaron | ||||||
|  |  | ||||||
| Form system | Form system | ||||||
| - Alex Bronstein 'effulgentsia' http://drupal.org/user/78040 | - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia | ||||||
| - Wolfgang Ziegler 'fago' http://drupal.org/user/16747 | - Wolfgang Ziegler 'fago' https://www.drupal.org/u/fago | ||||||
| - Daniel F. Kudwien 'sun' http://drupal.org/user/54136 | - Daniel F. Kudwien 'sun' https://www.drupal.org/u/sun | ||||||
| - Franz Heinzmann 'Frando' http://drupal.org/user/21850 | - Franz Heinzmann 'Frando' https://www.drupal.org/u/frando | ||||||
|  |  | ||||||
| Image system | Image system | ||||||
| - Andrew Morton 'drewish' http://drupal.org/user/34869 | - Andrew Morton 'drewish' https://www.drupal.org/u/drewish | ||||||
| - Nathan Haug 'quicksketch' http://drupal.org/user/35821 | - Nathan Haug 'quicksketch' https://www.drupal.org/u/quicksketch | ||||||
|  |  | ||||||
| Install system | Install system | ||||||
| - David Rothstein 'David_Rothstein' http://drupal.org/user/124982 | - David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein | ||||||
|  |  | ||||||
| JavaScript | JavaScript | ||||||
| - Théodore Biadala 'nod_' http://drupal.org/user/598310 | - Théodore Biadala 'nod_' https://www.drupal.org/u/nod_ | ||||||
| - Steve De Jonghe 'seutje' http://drupal.org/user/264148 | - Steve De Jonghe 'seutje' https://www.drupal.org/u/seutje | ||||||
| - Jesse Renée Beach 'jessebeach' http://drupal.org/user/748566 |  | ||||||
|  |  | ||||||
| Language system | Language system | ||||||
| - Francesco Placella 'plach' http://drupal.org/user/183211 | - Francesco Placella 'plach' https://www.drupal.org/u/plach | ||||||
| - Daniel F. Kudwien 'sun' http://drupal.org/user/54136 | - Daniel F. Kudwien 'sun' https://www.drupal.org/u/sun | ||||||
|  |  | ||||||
| Lock system | Lock system | ||||||
| - Damien Tournoud 'DamZ' http://drupal.org/user/22211 | - Damien Tournoud 'DamZ' https://www.drupal.org/u/damien-tournoud | ||||||
|  |  | ||||||
| Mail system | Mail system | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Markup | Markup | ||||||
| - Jacine Luisi 'Jacine' http://drupal.org/user/88931 | - Jacine Luisi 'Jacine' https://www.drupal.org/u/jacine | ||||||
| - Daniel F. Kudwien 'sun' http://drupal.org/user/54136 | - Daniel F. Kudwien 'sun' https://www.drupal.org/u/sun | ||||||
|  |  | ||||||
| Menu system | Menu system | ||||||
| - Peter Wolanin 'pwolanin' http://drupal.org/user/49851 | - Peter Wolanin 'pwolanin' https://www.drupal.org/u/pwolanin | ||||||
|  |  | ||||||
| Path system | Path system | ||||||
| - Dave Reid 'davereid' http://drupal.org/user/53892 | - Dave Reid 'davereid' https://www.drupal.org/u/dave-reid | ||||||
| - Nathaniel Catchpole 'catch' http://drupal.org/user/35733 | - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch | ||||||
|  |  | ||||||
| Render system | Render system | ||||||
| - Moshe Weitzman 'moshe weitzman' http://drupal.org/user/23 | - Moshe Weitzman 'moshe weitzman' https://www.drupal.org/u/moshe-weitzman | ||||||
| - Alex Bronstein 'effulgentsia' http://drupal.org/user/78040 | - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia | ||||||
| - Franz Heinzmann 'Frando' http://drupal.org/user/21850 | - Franz Heinzmann 'Frando' https://www.drupal.org/u/frando | ||||||
|  |  | ||||||
| Theme system | Theme system | ||||||
| - Earl Miles 'merlinofchaos' http://drupal.org/user/26979 | - Earl Miles 'merlinofchaos' https://www.drupal.org/u/merlinofchaos | ||||||
| - Alex Bronstein 'effulgentsia' http://drupal.org/user/78040 | - Alex Bronstein 'effulgentsia' https://www.drupal.org/u/effulgentsia | ||||||
| - Joon Park 'dvessel' http://drupal.org/user/56782 | - Joon Park 'dvessel' https://www.drupal.org/u/dvessel | ||||||
| - John Albin Wilkins 'JohnAlbin' http://drupal.org/user/32095 | - John Albin Wilkins 'JohnAlbin' https://www.drupal.org/u/johnalbin | ||||||
|  |  | ||||||
| Token system | Token system | ||||||
| - Dave Reid 'davereid' http://drupal.org/user/53892 | - Dave Reid 'davereid' https://www.drupal.org/u/dave-reid | ||||||
|  |  | ||||||
| XML-RPC system | XML-RPC system | ||||||
| - Frederic G. Marand 'fgm' http://drupal.org/user/27985 | - Frederic G. Marand 'fgm' https://www.drupal.org/u/fgm | ||||||
|  |  | ||||||
|  |  | ||||||
| Topic coordinators | Topic coordinators | ||||||
| ------------------ | ------------------ | ||||||
|  |  | ||||||
| Accessibility | Accessibility | ||||||
| - Everett Zufelt 'Everett Zufelt' http://drupal.org/user/406552 | - Everett Zufelt 'Everett Zufelt' https://www.drupal.org/u/everett-zufelt | ||||||
| - Brandon Bowersox-Johnson 'bowersox' http://drupal.org/user/186415 | - Brandon Bowersox-Johnson 'bowersox' https://www.drupal.org/u/bowersox | ||||||
|  |  | ||||||
| Documentation | Documentation | ||||||
| - Jennifer Hodgdon 'jhodgdon' http://drupal.org/user/155601 | - Jennifer Hodgdon 'jhodgdon' https://www.drupal.org/u/jhodgdon | ||||||
|  |  | ||||||
| Translations | Translations | ||||||
| - Gerhard Killesreiter 'killes' http://drupal.org/user/83 | - Gerhard Killesreiter 'killes' https://www.drupal.org/u/gerhard-killesreiter | ||||||
|  |  | ||||||
| User experience and usability | User experience and usability | ||||||
| - Roy Scholten 'yoroy' http://drupal.org/user/41502 | - Roy Scholten 'yoroy' https://www.drupal.org/u/yoroy | ||||||
| - Bojhan Somers 'Bojhan' http://drupal.org/user/87969 | - Bojhan Somers 'Bojhan' https://www.drupal.org/u/bojhan | ||||||
|  |  | ||||||
| Node Access | Node Access | ||||||
| - Moshe Weitzman 'moshe weitzman' http://drupal.org/user/23 | - Moshe Weitzman 'moshe weitzman' https://www.drupal.org/u/moshe-weitzman | ||||||
| - Ken Rickard 'agentrickard' http://drupal.org/user/20975 | - Ken Rickard 'agentrickard' https://www.drupal.org/u/agentrickard | ||||||
| - Jess Myrbo 'xjm' http://drupal.org/user/65776 |  | ||||||
|  |  | ||||||
|  |  | ||||||
| Security team | Security team | ||||||
| ----------------- | ----------------- | ||||||
|  |  | ||||||
| To report a security issue, see: https://drupal.org/security-team/report-issue | To report a security issue, see: https://www.drupal.org/security-team/report-issue | ||||||
|  |  | ||||||
| The Drupal security team provides Security Advisories for vulnerabilities, | The Drupal security team provides Security Advisories for vulnerabilities, | ||||||
| assists developers in resolving security issues, and provides security | assists developers in resolving security issues, and provides security | ||||||
| documentation. See http://drupal.org/security-team for more information. The | documentation. See https://www.drupal.org/security-team for more information. | ||||||
| security team lead is: | The security team lead is: | ||||||
|  |  | ||||||
| - Michael Hess 'mlhess' https://drupal.org/user/102818 | - Michael Hess 'mlhess' https://www.drupal.org/u/mlhess | ||||||
|  |  | ||||||
|  |  | ||||||
| Module maintainers | Module maintainers | ||||||
| @@ -166,142 +164,141 @@ Aggregator module | |||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Block module | Block module | ||||||
| - John Albin Wilkins 'JohnAlbin' http://drupal.org/user/32095 | - John Albin Wilkins 'JohnAlbin' https://www.drupal.org/u/johnalbin | ||||||
|  |  | ||||||
| Blog module | Blog module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Book module | Book module | ||||||
| - Peter Wolanin 'pwolanin' http://drupal.org/user/49851 | - Peter Wolanin 'pwolanin' https://www.drupal.org/u/pwolanin | ||||||
|  |  | ||||||
| Color module | Color module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Comment module | Comment module | ||||||
| - Nathaniel Catchpole 'catch' http://drupal.org/user/35733 | - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch | ||||||
|  |  | ||||||
| Contact module | Contact module | ||||||
| - Dave Reid 'davereid' http://drupal.org/user/53892 | - Dave Reid 'davereid' https://www.drupal.org/u/dave-reid | ||||||
|  |  | ||||||
| Contextual module | Contextual module | ||||||
| - Daniel F. Kudwien 'sun' http://drupal.org/user/54136 | - Daniel F. Kudwien 'sun' https://www.drupal.org/u/sun | ||||||
|  |  | ||||||
| Dashboard module | Dashboard module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Database logging module | Database logging module | ||||||
| - Khalid Baheyeldin 'kbahey' http://drupal.org/user/4063 | - Khalid Baheyeldin 'kbahey' https://www.drupal.org/u/kbahey | ||||||
|  |  | ||||||
| Field module | Field module | ||||||
| - Yves Chedemois 'yched' http://drupal.org/user/39567 | - Yves Chedemois 'yched' https://www.drupal.org/u/yched | ||||||
| - Barry Jaspan 'bjaspan' http://drupal.org/user/46413 | - Barry Jaspan 'bjaspan' https://www.drupal.org/u/bjaspan | ||||||
|  |  | ||||||
| Field UI module | Field UI module | ||||||
| - Yves Chedemois 'yched' http://drupal.org/user/39567 | - Yves Chedemois 'yched' https://www.drupal.org/u/yched | ||||||
|  |  | ||||||
| File module | File module | ||||||
| - Aaron Winborn 'aaron' http://drupal.org/user/33420 | - Aaron Winborn 'aaron' https://www.drupal.org/u/aaron | ||||||
|  |  | ||||||
| Filter module | Filter module | ||||||
| - Daniel F. Kudwien 'sun' http://drupal.org/user/54136 | - Daniel F. Kudwien 'sun' https://www.drupal.org/u/sun | ||||||
|  |  | ||||||
| Forum module | Forum module | ||||||
| - Lee Rowlands 'larowlan' http://drupal.org/user/395439 | - Lee Rowlands 'larowlan' https://www.drupal.org/u/larowlan | ||||||
|  |  | ||||||
| Help module | Help module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Image module | Image module | ||||||
| - Nathan Haug 'quicksketch' http://drupal.org/user/35821 | - Nathan Haug 'quicksketch' https://www.drupal.org/u/quicksketch | ||||||
|  |  | ||||||
| Locale module | Locale module | ||||||
| - Gábor Hojtsy 'Gábor Hojtsy' http://drupal.org/user/4166 | - Gábor Hojtsy 'Gábor Hojtsy' https://www.drupal.org/u/gábor-hojtsy | ||||||
|  |  | ||||||
| Menu module | Menu module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Node module | Node module | ||||||
| - Moshe Weitzman 'moshe weitzman' http://drupal.org/user/23 | - Moshe Weitzman 'moshe weitzman' https://www.drupal.org/u/moshe-weitzman | ||||||
| - David Strauss 'David Strauss' http://drupal.org/user/93254 | - David Strauss 'David Strauss' https://www.drupal.org/u/david-strauss | ||||||
|  |  | ||||||
| OpenID module | OpenID module | ||||||
| - Vojtech Kusy 'wojtha' http://drupal.org/user/56154 | - Vojtech Kusy 'wojtha' https://www.drupal.org/u/wojtha | ||||||
| - Christian Schmidt 'c960657' http://drupal.org/user/216078 | - Christian Schmidt 'c960657' https://www.drupal.org/u/c960657 | ||||||
| - Damien Tournoud 'DamZ' http://drupal.org/user/22211 | - Damien Tournoud 'DamZ' https://www.drupal.org/u/damien-tournoud | ||||||
|  |  | ||||||
| Overlay module | Overlay module | ||||||
| - Katherine Senzee 'ksenzee' http://drupal.org/user/139855 | - Katherine Senzee 'ksenzee' https://www.drupal.org/u/ksenzee | ||||||
|  |  | ||||||
| Path module | Path module | ||||||
| - Dave Reid 'davereid' http://drupal.org/user/53892 | - Dave Reid 'davereid' https://www.drupal.org/u/dave-reid | ||||||
|  |  | ||||||
| PHP module | PHP module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Poll module | Poll module | ||||||
| - Andrei Mateescu 'amateescu' http://drupal.org/user/729614 | - Andrei Mateescu 'amateescu' https://www.drupal.org/u/amateescu | ||||||
|  |  | ||||||
| Profile module | Profile module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| RDF module | RDF module | ||||||
| - Stéphane Corlosquet 'scor' http://drupal.org/user/52142 | - Stéphane Corlosquet 'scor' https://www.drupal.org/u/scor | ||||||
|  |  | ||||||
| Search module | Search module | ||||||
| - Doug Green 'douggreen' http://drupal.org/user/29191 | - Doug Green 'douggreen' https://www.drupal.org/u/douggreen | ||||||
|  |  | ||||||
| Shortcut module | Shortcut module | ||||||
| - David Rothstein 'David_Rothstein' http://drupal.org/user/124982 | - David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein | ||||||
|  |  | ||||||
| Simpletest module | Simpletest module | ||||||
| - Jimmy Berry 'boombatower' http://drupal.org/user/214218 | - Jimmy Berry 'boombatower' https://www.drupal.org/u/boombatower | ||||||
|  |  | ||||||
| Statistics module | Statistics module | ||||||
| - Tim Millwood 'timmillwood' http://drupal.org/user/227849 | - Tim Millwood 'timmillwood' https://www.drupal.org/u/timmillwood | ||||||
|  |  | ||||||
| Syslog module | Syslog module | ||||||
| - Khalid Baheyeldin 'kbahey' http://drupal.org/user/4063 | - Khalid Baheyeldin 'kbahey' https://www.drupal.org/u/kbahey | ||||||
|  |  | ||||||
| System module | System module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Taxonomy module | Taxonomy module | ||||||
| - Jess Myrbo 'xjm' http://drupal.org/user/65776 | - Nathaniel Catchpole 'catch' https://www.drupal.org/u/catch | ||||||
| - Nathaniel Catchpole 'catch' http://drupal.org/user/35733 | - Benjamin Doherty 'bangpound' https://www.drupal.org/u/bangpound | ||||||
| - Benjamin Doherty 'bangpound' http://drupal.org/user/100456 |  | ||||||
|  |  | ||||||
| Toolbar module | Toolbar module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Tracker module | Tracker module | ||||||
| - David Strauss 'David Strauss' http://drupal.org/user/93254 | - David Strauss 'David Strauss' https://www.drupal.org/u/david-strauss | ||||||
|  |  | ||||||
| Translation module | Translation module | ||||||
| - Francesco Placella 'plach' http://drupal.org/user/183211 | - Francesco Placella 'plach' https://www.drupal.org/u/plach | ||||||
|  |  | ||||||
| Trigger module | Trigger module | ||||||
| - ? | - ? | ||||||
|  |  | ||||||
| Update module | Update module | ||||||
| - Derek Wright 'dww' http://drupal.org/user/46549 | - Derek Wright 'dww' https://www.drupal.org/u/dww | ||||||
|  |  | ||||||
| User module | User module | ||||||
| - Moshe Weitzman 'moshe weitzman' http://drupal.org/user/23 | - Moshe Weitzman 'moshe weitzman' https://www.drupal.org/u/moshe-weitzman | ||||||
| - David Strauss 'David Strauss' http://drupal.org/user/93254 | - David Strauss 'David Strauss' https://www.drupal.org/u/david-strauss | ||||||
|  |  | ||||||
|  |  | ||||||
| Theme maintainers | Theme maintainers | ||||||
| ----------------- | ----------------- | ||||||
|  |  | ||||||
| Bartik theme | Bartik theme | ||||||
| - Jen Simmons 'jensimmons' http://drupal.org/user/140882 | - Jen Simmons 'jensimmons' https://www.drupal.org/u/jensimmons | ||||||
| - Jeff Burns 'Jeff Burnz' http://drupal.org/user/61393 | - Jeff Burns 'Jeff Burnz' https://www.drupal.org/u/jeff-burnz | ||||||
|  |  | ||||||
| Garland theme | Garland theme | ||||||
| - John Albin Wilkins 'JohnAlbin' http://drupal.org/user/32095 | - John Albin Wilkins 'JohnAlbin' https://www.drupal.org/u/johnalbin | ||||||
|  |  | ||||||
| Seven theme | Seven theme | ||||||
| - Jeff Burns 'Jeff Burnz' http://drupal.org/user/61393 | - Jeff Burns 'Jeff Burnz' https://www.drupal.org/u/jeff-burnz | ||||||
|  |  | ||||||
| Stark theme | Stark theme | ||||||
| - John Albin Wilkins 'JohnAlbin' http://drupal.org/user/32095 | - John Albin Wilkins 'JohnAlbin' https://www.drupal.org/u/johnalbin | ||||||
|   | |||||||
							
								
								
									
										10
									
								
								UPGRADE.txt
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								UPGRADE.txt
									
									
									
									
									
								
							| @@ -64,6 +64,9 @@ following the instructions in the INTRODUCTION section at the top of this file: | |||||||
|    Sometimes an update includes changes to default.settings.php (this will be |    Sometimes an update includes changes to default.settings.php (this will be | ||||||
|    noted in the release notes). If that's the case, follow these steps: |    noted in the release notes). If that's the case, follow these steps: | ||||||
|  |  | ||||||
|  |    - Locate your settings.php file in the /sites/* directory. (Typically | ||||||
|  |      sites/default.) | ||||||
|  |  | ||||||
|    - Make a backup copy of your settings.php file, with a different file name. |    - Make a backup copy of your settings.php file, with a different file name. | ||||||
|  |  | ||||||
|    - Make a copy of the new default.settings.php file, and name the copy |    - Make a copy of the new default.settings.php file, and name the copy | ||||||
| @@ -74,6 +77,13 @@ following the instructions in the INTRODUCTION section at the top of this file: | |||||||
|      database information, and you will also want to copy in any other |      database information, and you will also want to copy in any other | ||||||
|      customizations you have added. |      customizations you have added. | ||||||
|  |  | ||||||
|  |    You can find the release notes for your version at | ||||||
|  |    https://www.drupal.org/project/drupal. At bottom of the project page under | ||||||
|  |    "Downloads" use the link for your version of Drupal to view the release | ||||||
|  |    notes. If your version is not listed, use the 'View all releases' link. From | ||||||
|  |    this page you can scroll down or use the filter to find your version and its | ||||||
|  |    release notes. | ||||||
|  |  | ||||||
| 4. Download the latest Drupal 7.x release from http://drupal.org to a | 4. Download the latest Drupal 7.x release from http://drupal.org to a | ||||||
|    directory outside of your web root. Extract the archive and copy the files |    directory outside of your web root. Extract the archive and copy the files | ||||||
|    into your Drupal directory. |    into your Drupal directory. | ||||||
|   | |||||||
| @@ -1 +0,0 @@ | |||||||
| google-site-verification: google5c59d2e455c34eaa.html |  | ||||||
| @@ -230,6 +230,10 @@ | |||||||
|  *   functions. |  *   functions. | ||||||
|  */ |  */ | ||||||
| function ajax_render($commands = array()) { | function ajax_render($commands = array()) { | ||||||
|  |   // Although ajax_deliver() does this, some contributed and custom modules | ||||||
|  |   // render Ajax responses without using that delivery callback. | ||||||
|  |   ajax_set_verification_header(); | ||||||
|  |  | ||||||
|   // Ajax responses aren't rendered with html.tpl.php, so we have to call |   // Ajax responses aren't rendered with html.tpl.php, so we have to call | ||||||
|   // drupal_get_css() and drupal_get_js() here, in order to have new files added |   // drupal_get_css() and drupal_get_js() here, in order to have new files added | ||||||
|   // during this request to be loaded by the page. We only want to send back |   // during this request to be loaded by the page. We only want to send back | ||||||
| @@ -290,6 +294,7 @@ function ajax_render($commands = array()) { | |||||||
|  |  | ||||||
|   // Now add a command to merge changes and additions to Drupal.settings. |   // Now add a command to merge changes and additions to Drupal.settings. | ||||||
|   $scripts = drupal_add_js(); |   $scripts = drupal_add_js(); | ||||||
|  |   drupal_alter('js', $scripts); | ||||||
|   if (!empty($scripts['settings'])) { |   if (!empty($scripts['settings'])) { | ||||||
|     $settings = $scripts['settings']; |     $settings = $scripts['settings']; | ||||||
|     array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE)); |     array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE)); | ||||||
| @@ -390,7 +395,7 @@ function ajax_form_callback() { | |||||||
|   if (!empty($form_state['triggering_element'])) { |   if (!empty($form_state['triggering_element'])) { | ||||||
|     $callback = $form_state['triggering_element']['#ajax']['callback']; |     $callback = $form_state['triggering_element']['#ajax']['callback']; | ||||||
|   } |   } | ||||||
|   if (!empty($callback) && function_exists($callback)) { |   if (!empty($callback) && is_callable($callback)) { | ||||||
|     $result = $callback($form, $form_state); |     $result = $callback($form, $form_state); | ||||||
|  |  | ||||||
|     if (!(is_array($result) && isset($result['#type']) && $result['#type'] == 'ajax')) { |     if (!(is_array($result) && isset($result['#type']) && $result['#type'] == 'ajax')) { | ||||||
| @@ -487,6 +492,9 @@ function ajax_deliver($page_callback_result) { | |||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   // Let ajax.js know that this response is safe to process. | ||||||
|  |   ajax_set_verification_header(); | ||||||
|  |  | ||||||
|   // Print the response. |   // Print the response. | ||||||
|   $commands = ajax_prepare_response($page_callback_result); |   $commands = ajax_prepare_response($page_callback_result); | ||||||
|   $json = ajax_render($commands); |   $json = ajax_render($commands); | ||||||
| @@ -576,6 +584,29 @@ function ajax_prepare_response($page_callback_result) { | |||||||
|   return $commands; |   return $commands; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Sets a response header for ajax.js to trust the response body. | ||||||
|  |  * | ||||||
|  |  * It is not safe to invoke Ajax commands within user-uploaded files, so this | ||||||
|  |  * header protects against those being invoked. | ||||||
|  |  * | ||||||
|  |  * @see Drupal.ajax.options.success() | ||||||
|  |  */ | ||||||
|  | function ajax_set_verification_header() { | ||||||
|  |   $added = &drupal_static(__FUNCTION__); | ||||||
|  |  | ||||||
|  |   // User-uploaded files cannot set any response headers, so a custom header is | ||||||
|  |   // used to indicate to ajax.js that this response is safe. Note that most | ||||||
|  |   // Ajax requests bound using the Form API will be protected by having the URL | ||||||
|  |   // flagged as trusted in Drupal.settings, so this header is used only for | ||||||
|  |   // things like custom markup that gets Ajax behaviors attached. | ||||||
|  |   if (empty($added)) { | ||||||
|  |     drupal_add_http_header('X-Drupal-Ajax-Token', '1'); | ||||||
|  |     // Avoid sending the header twice. | ||||||
|  |     $added = TRUE; | ||||||
|  |   } | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Performs end-of-Ajax-request tasks. |  * Performs end-of-Ajax-request tasks. | ||||||
|  * |  * | ||||||
| @@ -764,7 +795,12 @@ function ajax_pre_render_element($element) { | |||||||
|  |  | ||||||
|     $element['#attached']['js'][] = array( |     $element['#attached']['js'][] = array( | ||||||
|       'type' => 'setting', |       'type' => 'setting', | ||||||
|       'data' => array('ajax' => array($element['#id'] => $settings)), |       'data' => array( | ||||||
|  |         'ajax' => array($element['#id'] => $settings), | ||||||
|  |         'urlIsAjaxTrusted' => array( | ||||||
|  |           $settings['url'] => TRUE, | ||||||
|  |         ), | ||||||
|  |       ), | ||||||
|     ); |     ); | ||||||
|  |  | ||||||
|     // Indicate that Ajax processing was successful. |     // Indicate that Ajax processing was successful. | ||||||
|   | |||||||
| @@ -460,10 +460,10 @@ function _batch_finished() { | |||||||
|       if (isset($batch_set['file']) && is_file($batch_set['file'])) { |       if (isset($batch_set['file']) && is_file($batch_set['file'])) { | ||||||
|         include_once DRUPAL_ROOT . '/' . $batch_set['file']; |         include_once DRUPAL_ROOT . '/' . $batch_set['file']; | ||||||
|       } |       } | ||||||
|       if (function_exists($batch_set['finished'])) { |       if (is_callable($batch_set['finished'])) { | ||||||
|         $queue = _batch_queue($batch_set); |         $queue = _batch_queue($batch_set); | ||||||
|         $operations = $queue->getAllItems(); |         $operations = $queue->getAllItems(); | ||||||
|         $batch_set['finished']($batch_set['success'], $batch_set['results'], $operations, format_interval($batch_set['elapsed'] / 1000)); |         call_user_func($batch_set['finished'], $batch_set['success'], $batch_set['results'], $operations, format_interval($batch_set['elapsed'] / 1000)); | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
| @@ -478,10 +478,6 @@ function _batch_finished() { | |||||||
|         $queue->deleteQueue(); |         $queue->deleteQueue(); | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |  | ||||||
|   $_batch = $batch; |  | ||||||
|   $batch = NULL; |  | ||||||
|  |  | ||||||
|     // Clean-up the session. Not needed for CLI updates. |     // Clean-up the session. Not needed for CLI updates. | ||||||
|     if (isset($_SESSION)) { |     if (isset($_SESSION)) { | ||||||
|       unset($_SESSION['batches'][$batch['id']]); |       unset($_SESSION['batches'][$batch['id']]); | ||||||
| @@ -489,6 +485,9 @@ function _batch_finished() { | |||||||
|         unset($_SESSION['batches']); |         unset($_SESSION['batches']); | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |   } | ||||||
|  |   $_batch = $batch; | ||||||
|  |   $batch = NULL; | ||||||
|  |  | ||||||
|   // Redirect if needed. |   // Redirect if needed. | ||||||
|   if ($_batch['progressive']) { |   if ($_batch['progressive']) { | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ | |||||||
| /** | /** | ||||||
|  * The current system version. |  * The current system version. | ||||||
|  */ |  */ | ||||||
| define('VERSION', '7.36'); | define('VERSION', '7.80'); | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Core API compatibility. |  * Core API compatibility. | ||||||
| @@ -254,8 +254,13 @@ define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*' | |||||||
|  * http://tools.ietf.org/html/rfc7231#section-7.1.1.1 |  * http://tools.ietf.org/html/rfc7231#section-7.1.1.1 | ||||||
|  * |  * | ||||||
|  * Example: Sun, 06 Nov 1994 08:49:37 GMT |  * Example: Sun, 06 Nov 1994 08:49:37 GMT | ||||||
|  |  * | ||||||
|  |  * This constant was introduced in PHP 7.0.19 and PHP 7.1.5 but needs to be | ||||||
|  |  * defined by Drupal for earlier PHP versions. | ||||||
|  */ |  */ | ||||||
| define('DATE_RFC7231', 'D, d M Y H:i:s \G\M\T'); | if (!defined('DATE_RFC7231')) { | ||||||
|  |   define('DATE_RFC7231', 'D, d M Y H:i:s \G\M\T'); | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Provides a caching wrapper to be used in place of large array structures. |  * Provides a caching wrapper to be used in place of large array structures. | ||||||
| @@ -699,6 +704,19 @@ function drupal_environment_initialize() { | |||||||
|   // Set sane locale settings, to ensure consistent string, dates, times and |   // Set sane locale settings, to ensure consistent string, dates, times and | ||||||
|   // numbers handling. |   // numbers handling. | ||||||
|   setlocale(LC_ALL, 'C'); |   setlocale(LC_ALL, 'C'); | ||||||
|  |  | ||||||
|  |   // PHP's built-in phar:// stream wrapper is not sufficiently secure. Override | ||||||
|  |   // it with a more secure one, which requires PHP 5.3.3. For lower versions, | ||||||
|  |   // unregister the built-in one without replacing it. Sites needing phar | ||||||
|  |   // support for lower PHP versions must implement hook_stream_wrappers() to | ||||||
|  |   // register their desired implementation. | ||||||
|  |   if (in_array('phar', stream_get_wrappers(), TRUE)) { | ||||||
|  |     stream_wrapper_unregister('phar'); | ||||||
|  |     if (version_compare(PHP_VERSION, '5.3.3', '>=')) { | ||||||
|  |       include_once DRUPAL_ROOT . '/includes/file.phar.inc'; | ||||||
|  |       file_register_phar_wrapper(); | ||||||
|  |     } | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -718,6 +736,16 @@ function drupal_valid_http_host($host) { | |||||||
|     && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); |     && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Checks whether an HTTPS request is being served. | ||||||
|  |  * | ||||||
|  |  * @return bool | ||||||
|  |  *   TRUE if the request is HTTPS, FALSE otherwise. | ||||||
|  |  */ | ||||||
|  | function drupal_is_https() { | ||||||
|  |   return isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on'; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Sets the base URL, cookie domain, and session name from configuration. |  * Sets the base URL, cookie domain, and session name from configuration. | ||||||
|  */ |  */ | ||||||
| @@ -731,7 +759,7 @@ function drupal_settings_initialize() { | |||||||
|   if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) { |   if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) { | ||||||
|     include_once DRUPAL_ROOT . '/' . conf_path() . '/settings.php'; |     include_once DRUPAL_ROOT . '/' . conf_path() . '/settings.php'; | ||||||
|   } |   } | ||||||
|   $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on'; |   $is_https = drupal_is_https(); | ||||||
|  |  | ||||||
|   if (isset($base_url)) { |   if (isset($base_url)) { | ||||||
|     // Parse fixed base URL from settings.php. |     // Parse fixed base URL from settings.php. | ||||||
| @@ -828,14 +856,21 @@ function drupal_settings_initialize() { | |||||||
|  * @param $filename |  * @param $filename | ||||||
|  *   The filename of the item if it is to be set explicitly rather |  *   The filename of the item if it is to be set explicitly rather | ||||||
|  *   than by consulting the database. |  *   than by consulting the database. | ||||||
|  |  * @param bool $trigger_error | ||||||
|  |  *   Whether to trigger an error when a file is missing or has unexpectedly | ||||||
|  |  *   moved. This defaults to TRUE, but can be set to FALSE by calling code that | ||||||
|  |  *   merely wants to check whether an item exists in the filesystem. | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   The filename of the requested item or NULL if the item is not found. |  *   The filename of the requested item or NULL if the item is not found. | ||||||
|  */ |  */ | ||||||
| function drupal_get_filename($type, $name, $filename = NULL) { | function drupal_get_filename($type, $name, $filename = NULL, $trigger_error = TRUE) { | ||||||
|  |   // The $files static variable will hold the locations of all requested files. | ||||||
|  |   // We can be sure that any file listed in this static variable actually | ||||||
|  |   // exists as all additions have gone through a file_exists() check. | ||||||
|   // The location of files will not change during the request, so do not use |   // The location of files will not change during the request, so do not use | ||||||
|   // drupal_static(). |   // drupal_static(). | ||||||
|   static $files = array(), $dirs = array(); |   static $files = array(); | ||||||
|  |  | ||||||
|   // Profiles are a special case: they have a fixed location and naming. |   // Profiles are a special case: they have a fixed location and naming. | ||||||
|   if ($type == 'profile') { |   if ($type == 'profile') { | ||||||
| @@ -847,32 +882,172 @@ function drupal_get_filename($type, $name, $filename = NULL) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (!empty($filename) && file_exists($filename)) { |   if (!empty($filename) && file_exists($filename)) { | ||||||
|  |     // Prime the static cache with the provided filename. | ||||||
|     $files[$type][$name] = $filename; |     $files[$type][$name] = $filename; | ||||||
|   } |   } | ||||||
|   elseif (isset($files[$type][$name])) { |   elseif (isset($files[$type][$name])) { | ||||||
|     // nothing |     // This item had already been found earlier in the request, either through | ||||||
|  |     // priming of the static cache (for example, in system_list()), through a | ||||||
|  |     // lookup in the {system} table, or through a file scan (cached or not). Do | ||||||
|  |     // nothing. | ||||||
|   } |   } | ||||||
|   // Verify that we have an active database connection, before querying |  | ||||||
|   // the database. This is required because this function is called both |  | ||||||
|   // before we have a database connection (i.e. during installation) and |  | ||||||
|   // when a database connection fails. |  | ||||||
|   else { |   else { | ||||||
|  |     // Look for the filename listed in the {system} table. Verify that we have | ||||||
|  |     // an active database connection before doing so, since this function is | ||||||
|  |     // called both before we have a database connection (i.e. during | ||||||
|  |     // installation) and when a database connection fails. | ||||||
|  |     $database_unavailable = TRUE; | ||||||
|     try { |     try { | ||||||
|       if (function_exists('db_query')) { |       if (function_exists('db_query')) { | ||||||
|         $file = db_query("SELECT filename FROM {system} WHERE name = :name AND type = :type", array(':name' => $name, ':type' => $type))->fetchField(); |         $file = db_query("SELECT filename FROM {system} WHERE name = :name AND type = :type", array(':name' => $name, ':type' => $type))->fetchField(); | ||||||
|         if ($file !== FALSE && file_exists(DRUPAL_ROOT . '/' . $file)) { |         if ($file !== FALSE && file_exists(DRUPAL_ROOT . '/' . $file)) { | ||||||
|           $files[$type][$name] = $file; |           $files[$type][$name] = $file; | ||||||
|         } |         } | ||||||
|  |         $database_unavailable = FALSE; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     catch (Exception $e) { |     catch (Exception $e) { | ||||||
|       // The database table may not exist because Drupal is not yet installed, |       // The database table may not exist because Drupal is not yet installed, | ||||||
|       // or the database might be down. We have a fallback for this case so we |       // the database might be down, or we may have done a non-database cache | ||||||
|       // hide the error completely. |       // flush while $conf['page_cache_without_database'] = TRUE and | ||||||
|  |       // $conf['page_cache_invoke_hooks'] = TRUE. We have a fallback for these | ||||||
|  |       // cases so we hide the error completely. | ||||||
|     } |     } | ||||||
|     // Fallback to searching the filesystem if the database could not find the |     // Fall back to searching the filesystem if the database could not find the | ||||||
|     // file or the file returned by the database is not found. |     // file or the file does not exist at the path returned by the database. | ||||||
|     if (!isset($files[$type][$name])) { |     if (!isset($files[$type][$name])) { | ||||||
|  |       $files[$type][$name] = _drupal_get_filename_fallback($type, $name, $trigger_error, $database_unavailable); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   if (isset($files[$type][$name])) { | ||||||
|  |     return $files[$type][$name]; | ||||||
|  |   } | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Performs a cached file system scan as a fallback when searching for a file. | ||||||
|  |  * | ||||||
|  |  * This function looks for the requested file by triggering a file scan, | ||||||
|  |  * caching the new location if the file has moved and caching the miss | ||||||
|  |  * if the file is missing. If a file had been marked as missing in a previous | ||||||
|  |  * file scan, or if it has been marked as moved and is still in the last known | ||||||
|  |  * location, no new file scan will be performed. | ||||||
|  |  * | ||||||
|  |  * @param string $type | ||||||
|  |  *   The type of the item (theme, theme_engine, module, profile). | ||||||
|  |  * @param string $name | ||||||
|  |  *   The name of the item for which the filename is requested. | ||||||
|  |  * @param bool $trigger_error | ||||||
|  |  *   Whether to trigger an error when a file is missing or has unexpectedly | ||||||
|  |  *   moved. | ||||||
|  |  * @param bool $database_unavailable | ||||||
|  |  *   Whether this function is being called because the Drupal database could | ||||||
|  |  *   not be queried for the file's location. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   The filename of the requested item or NULL if the item is not found. | ||||||
|  |  * | ||||||
|  |  * @see drupal_get_filename() | ||||||
|  |  */ | ||||||
|  | function _drupal_get_filename_fallback($type, $name, $trigger_error, $database_unavailable) { | ||||||
|  |   $file_scans = &_drupal_file_scan_cache(); | ||||||
|  |   $filename = NULL; | ||||||
|  |  | ||||||
|  |   // If the cache indicates that the item is missing, or we can verify that the | ||||||
|  |   // item exists in the location the cache says it exists in, use that. | ||||||
|  |   if (isset($file_scans[$type][$name]) && ($file_scans[$type][$name] === FALSE || file_exists($file_scans[$type][$name]))) { | ||||||
|  |     $filename = $file_scans[$type][$name]; | ||||||
|  |   } | ||||||
|  |   // Otherwise, perform a new file scan to find the item. | ||||||
|  |   else { | ||||||
|  |     $filename = _drupal_get_filename_perform_file_scan($type, $name); | ||||||
|  |     // Update the static cache, and mark the persistent cache for updating at | ||||||
|  |     // the end of the page request. See drupal_file_scan_write_cache(). | ||||||
|  |     $file_scans[$type][$name] = $filename; | ||||||
|  |     $file_scans['#write_cache'] = TRUE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // If requested, trigger a user-level warning about the missing or | ||||||
|  |   // unexpectedly moved file. If the database was unavailable, do not trigger a | ||||||
|  |   // warning in the latter case, though, since if the {system} table could not | ||||||
|  |   // be queried there is no way to know if the location found here was | ||||||
|  |   // "unexpected" or not. | ||||||
|  |   if ($trigger_error) { | ||||||
|  |     $error_type = $filename === FALSE ? 'missing' : 'moved'; | ||||||
|  |     if ($error_type == 'missing' || !$database_unavailable) { | ||||||
|  |       _drupal_get_filename_fallback_trigger_error($type, $name, $error_type); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // The cache stores FALSE for files that aren't found (to be able to | ||||||
|  |   // distinguish them from files that have not yet been searched for), but | ||||||
|  |   // drupal_get_filename() expects NULL for these instead, so convert to NULL | ||||||
|  |   // before returning. | ||||||
|  |   if ($filename === FALSE) { | ||||||
|  |     $filename = NULL; | ||||||
|  |   } | ||||||
|  |   return $filename; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Returns the current list of cached file system scan results. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   An associative array tracking the most recent file scan results for all | ||||||
|  |  *   files that have had scans performed. The keys are the type and name of the | ||||||
|  |  *   item that was searched for, and the values can be either: | ||||||
|  |  *   - Boolean FALSE if the item was not found in the file system. | ||||||
|  |  *   - A string pointing to the location where the item was found. | ||||||
|  |  */ | ||||||
|  | function &_drupal_file_scan_cache() { | ||||||
|  |   $file_scans = &drupal_static(__FUNCTION__, array()); | ||||||
|  |  | ||||||
|  |   // The file scan results are stored in a persistent cache (in addition to the | ||||||
|  |   // static cache) but because this function can be called before the | ||||||
|  |   // persistent cache is available, we must merge any items that were found | ||||||
|  |   // earlier in the page request into the results from the persistent cache. | ||||||
|  |   if (!isset($file_scans['#cache_merge_done'])) { | ||||||
|  |     try { | ||||||
|  |       if (function_exists('cache_get')) { | ||||||
|  |         $cache = cache_get('_drupal_file_scan_cache', 'cache_bootstrap'); | ||||||
|  |         if (!empty($cache->data)) { | ||||||
|  |           // File scan results from the current request should take precedence | ||||||
|  |           // over the results from the persistent cache, since they are newer. | ||||||
|  |           $file_scans = drupal_array_merge_deep($cache->data, $file_scans); | ||||||
|  |         } | ||||||
|  |         // Set a flag to indicate that the persistent cache does not need to be | ||||||
|  |         // merged again. | ||||||
|  |         $file_scans['#cache_merge_done'] = TRUE; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |     catch (Exception $e) { | ||||||
|  |       // Hide the error. | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   return $file_scans; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Performs a file system scan to search for a system resource. | ||||||
|  |  * | ||||||
|  |  * @param $type | ||||||
|  |  *   The type of the item (theme, theme_engine, module, profile). | ||||||
|  |  * @param $name | ||||||
|  |  *   The name of the item for which the filename is requested. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   The filename of the requested item or FALSE if the item is not found. | ||||||
|  |  * | ||||||
|  |  * @see drupal_get_filename() | ||||||
|  |  * @see _drupal_get_filename_fallback() | ||||||
|  |  */ | ||||||
|  | function _drupal_get_filename_perform_file_scan($type, $name) { | ||||||
|  |   // The location of files will not change during the request, so do not use | ||||||
|  |   // drupal_static(). | ||||||
|  |   static $dirs = array(), $files = array(); | ||||||
|  |  | ||||||
|   // We have a consistent directory naming: modules, themes... |   // We have a consistent directory naming: modules, themes... | ||||||
|   $dir = $type . 's'; |   $dir = $type . 's'; | ||||||
|   if ($type == 'theme_engine') { |   if ($type == 'theme_engine') { | ||||||
| @@ -886,7 +1061,10 @@ function drupal_get_filename($type, $name, $filename = NULL) { | |||||||
|     $extension = $type; |     $extension = $type; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   // Check if we had already scanned this directory/extension combination. | ||||||
|   if (!isset($dirs[$dir][$extension])) { |   if (!isset($dirs[$dir][$extension])) { | ||||||
|  |     // Log that we have now scanned this directory/extension combination | ||||||
|  |     // into a static variable so as to prevent unnecessary file scans. | ||||||
|     $dirs[$dir][$extension] = TRUE; |     $dirs[$dir][$extension] = TRUE; | ||||||
|     if (!function_exists('drupal_system_listing')) { |     if (!function_exists('drupal_system_listing')) { | ||||||
|       require_once DRUPAL_ROOT . '/includes/common.inc'; |       require_once DRUPAL_ROOT . '/includes/common.inc'; | ||||||
| @@ -897,14 +1075,103 @@ function drupal_get_filename($type, $name, $filename = NULL) { | |||||||
|     // called more than once in the same page request. |     // called more than once in the same page request. | ||||||
|     $matches = drupal_system_listing("/^" . DRUPAL_PHP_FUNCTION_PATTERN . "\.$extension$/", $dir, 'name', 0); |     $matches = drupal_system_listing("/^" . DRUPAL_PHP_FUNCTION_PATTERN . "\.$extension$/", $dir, 'name', 0); | ||||||
|     foreach ($matches as $matched_name => $file) { |     foreach ($matches as $matched_name => $file) { | ||||||
|  |       // Log the locations found in the file scan into a static variable. | ||||||
|       $files[$type][$matched_name] = $file->uri; |       $files[$type][$matched_name] = $file->uri; | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|     } |  | ||||||
|  |   // Return the results of the file system scan, or FALSE to indicate the file | ||||||
|  |   // was not found. | ||||||
|  |   return isset($files[$type][$name]) ? $files[$type][$name] : FALSE; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Triggers a user-level warning for missing or unexpectedly moved files. | ||||||
|  |  * | ||||||
|  |  * @param $type | ||||||
|  |  *   The type of the item (theme, theme_engine, module, profile). | ||||||
|  |  * @param $name | ||||||
|  |  *   The name of the item for which the filename is requested. | ||||||
|  |  * @param $error_type | ||||||
|  |  *   The type of the error ('missing' or 'moved'). | ||||||
|  |  * | ||||||
|  |  * @see drupal_get_filename() | ||||||
|  |  * @see _drupal_get_filename_fallback() | ||||||
|  |  */ | ||||||
|  | function _drupal_get_filename_fallback_trigger_error($type, $name, $error_type) { | ||||||
|  |   // Hide messages due to known bugs that will appear on a lot of sites. | ||||||
|  |   // @todo Remove this in https://www.drupal.org/node/2383823 | ||||||
|  |   if (empty($name)) { | ||||||
|  |     return; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (isset($files[$type][$name])) { |   // Make sure we only show any missing or moved file errors only once per | ||||||
|     return $files[$type][$name]; |   // request. | ||||||
|  |   static $errors_triggered = array(); | ||||||
|  |   if (empty($errors_triggered[$type][$name][$error_type])) { | ||||||
|  |     // Use _drupal_trigger_error_with_delayed_logging() here since these are | ||||||
|  |     // triggered during low-level operations that cannot necessarily be | ||||||
|  |     // interrupted by a watchdog() call. | ||||||
|  |     if ($error_type == 'missing') { | ||||||
|  |       _drupal_trigger_error_with_delayed_logging(format_string('The following @type is missing from the file system: %name. For information about how to fix this, see <a href="@documentation">the documentation page</a>.', array('@type' => $type, '%name' => $name, '@documentation' => 'https://www.drupal.org/node/2487215')), E_USER_WARNING); | ||||||
|  |     } | ||||||
|  |     elseif ($error_type == 'moved') { | ||||||
|  |       _drupal_trigger_error_with_delayed_logging(format_string('The following @type has moved within the file system: %name. In order to fix this, clear caches or put the @type back in its original location. For more information, see <a href="@documentation">the documentation page</a>.', array('@type' => $type, '%name' => $name, '@documentation' => 'https://www.drupal.org/node/2487215')), E_USER_WARNING); | ||||||
|  |     } | ||||||
|  |     $errors_triggered[$type][$name][$error_type] = TRUE; | ||||||
|  |   } | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Invokes trigger_error() with logging delayed until the end of the request. | ||||||
|  |  * | ||||||
|  |  * This is an alternative to PHP's trigger_error() function which can be used | ||||||
|  |  * during low-level Drupal core operations that need to avoid being interrupted | ||||||
|  |  * by a watchdog() call. | ||||||
|  |  * | ||||||
|  |  * Normally, Drupal's error handler calls watchdog() in response to a | ||||||
|  |  * trigger_error() call. However, this invokes hook_watchdog() which can run | ||||||
|  |  * arbitrary code. If the trigger_error() happens in the middle of an | ||||||
|  |  * operation such as a rebuild operation which should not be interrupted by | ||||||
|  |  * arbitrary code, that could potentially break or trigger the rebuild again. | ||||||
|  |  * This function protects against that by delaying the watchdog() call until | ||||||
|  |  * the end of the current page request. | ||||||
|  |  * | ||||||
|  |  * This is an internal function which should only be called by low-level Drupal | ||||||
|  |  * core functions. It may be removed in a future Drupal 7 release. | ||||||
|  |  * | ||||||
|  |  * @param string $error_msg | ||||||
|  |  *   The error message to trigger. As with trigger_error() itself, this is | ||||||
|  |  *   limited to 1024 bytes; additional characters beyond that will be removed. | ||||||
|  |  * @param int $error_type | ||||||
|  |  *   (optional) The type of error. This should be one of the E_USER family of | ||||||
|  |  *   constants. As with trigger_error() itself, this defaults to E_USER_NOTICE | ||||||
|  |  *   if not provided. | ||||||
|  |  * | ||||||
|  |  * @see _drupal_log_error() | ||||||
|  |  */ | ||||||
|  | function _drupal_trigger_error_with_delayed_logging($error_msg, $error_type = E_USER_NOTICE) { | ||||||
|  |   $delay_logging = &drupal_static(__FUNCTION__, FALSE); | ||||||
|  |   $delay_logging = TRUE; | ||||||
|  |   trigger_error($error_msg, $error_type); | ||||||
|  |   $delay_logging = FALSE; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Writes the file scan cache to the persistent cache. | ||||||
|  |  * | ||||||
|  |  * This cache stores all files marked as missing or moved after a file scan | ||||||
|  |  * to prevent unnecessary file scans in subsequent requests. This cache is | ||||||
|  |  * cleared in system_list_reset() (i.e. after a module/theme rebuild). | ||||||
|  |  */ | ||||||
|  | function drupal_file_scan_write_cache() { | ||||||
|  |   // Only write to the persistent cache if requested, and if we know that any | ||||||
|  |   // data previously in the cache was successfully loaded and merged in by | ||||||
|  |   // _drupal_file_scan_cache(). | ||||||
|  |   $file_scans = &_drupal_file_scan_cache(); | ||||||
|  |   if (isset($file_scans['#write_cache']) && isset($file_scans['#cache_merge_done'])) { | ||||||
|  |     unset($file_scans['#write_cache']); | ||||||
|  |     cache_set('_drupal_file_scan_cache', $file_scans, 'cache_bootstrap'); | ||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -922,21 +1189,23 @@ function variable_initialize($conf = array()) { | |||||||
|     $variables = $cached->data; |     $variables = $cached->data; | ||||||
|   } |   } | ||||||
|   else { |   else { | ||||||
|     // Cache miss. Avoid a stampede. |     // Cache miss. Avoid a stampede by acquiring a lock. If the lock fails to | ||||||
|  |     // acquire, optionally just continue with uncached processing. | ||||||
|     $name = 'variable_init'; |     $name = 'variable_init'; | ||||||
|     if (!lock_acquire($name, 1)) { |     $lock_acquired = lock_acquire($name, 1); | ||||||
|       // Another request is building the variable cache. |     if (!$lock_acquired && variable_get('variable_initialize_wait_for_lock', FALSE)) { | ||||||
|       // Wait, then re-run this function. |  | ||||||
|       lock_wait($name); |       lock_wait($name); | ||||||
|       return variable_initialize($conf); |       return variable_initialize($conf); | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|       // Proceed with variable rebuild. |       // Load the variables from the table. | ||||||
|       $variables = array_map('unserialize', db_query('SELECT name, value FROM {variable}')->fetchAllKeyed()); |       $variables = array_map('unserialize', db_query('SELECT name, value FROM {variable}')->fetchAllKeyed()); | ||||||
|  |       if ($lock_acquired) { | ||||||
|         cache_set('variables', $variables, 'cache_bootstrap'); |         cache_set('variables', $variables, 'cache_bootstrap'); | ||||||
|         lock_release($name); |         lock_release($name); | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|   foreach ($conf as $name => $value) { |   foreach ($conf as $name => $value) { | ||||||
|     $variables[$name] = $value; |     $variables[$name] = $value; | ||||||
| @@ -1055,7 +1324,7 @@ function drupal_page_get_cache($check_only = FALSE) { | |||||||
|  * Determines the cacheability of the current page. |  * Determines the cacheability of the current page. | ||||||
|  * |  * | ||||||
|  * @param $allow_caching |  * @param $allow_caching | ||||||
|  *   Set to FALSE if you want to prevent this page to get cached. |  *   Set to FALSE if you want to prevent this page from being cached. | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   TRUE if the current page can be cached, FALSE otherwise. |  *   TRUE if the current page can be cached, FALSE otherwise. | ||||||
| @@ -1261,7 +1530,11 @@ function drupal_page_header() { | |||||||
|  |  | ||||||
|   $default_headers = array( |   $default_headers = array( | ||||||
|     'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT', |     'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT', | ||||||
|     'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0', |     'Cache-Control' => 'no-cache, must-revalidate', | ||||||
|  |     // Prevent browsers from sniffing a response and picking a MIME type | ||||||
|  |     // different from the declared content-type, since that can lead to | ||||||
|  |     // XSS and other vulnerabilities. | ||||||
|  |     'X-Content-Type-Options' => 'nosniff', | ||||||
|   ); |   ); | ||||||
|   drupal_send_headers($default_headers); |   drupal_send_headers($default_headers); | ||||||
| } | } | ||||||
| @@ -1435,6 +1708,23 @@ function drupal_unpack($obj, $field = 'data') { | |||||||
|  * available to code that needs localization. See st() and get_t() for |  * available to code that needs localization. See st() and get_t() for | ||||||
|  * alternatives. |  * alternatives. | ||||||
|  * |  * | ||||||
|  |  * @section sec_context String context | ||||||
|  |  * Matching source strings are normally only translated once, and the same | ||||||
|  |  * translation is used everywhere that has a matching string. However, in some | ||||||
|  |  * cases, a certain English source string needs to have multiple translations. | ||||||
|  |  * One example of this is the string "May", which could be used as either a | ||||||
|  |  * full month name or a 3-letter abbreviated month. In other languages where | ||||||
|  |  * the month name for May has more than 3 letters, you would need to provide | ||||||
|  |  * two different translations (one for the full name and one abbreviated), and | ||||||
|  |  * the correct form would need to be chosen, depending on how "May" is being | ||||||
|  |  * used. To facilitate this, the "May" string should be provided with two | ||||||
|  |  * different contexts in the $options parameter when calling t(). For example: | ||||||
|  |  * @code | ||||||
|  |  * t('May', array(), array('context' => 'Long month name') | ||||||
|  |  * t('May', array(), array('context' => 'Abbreviated month name') | ||||||
|  |  * @endcode | ||||||
|  |  * See https://localize.drupal.org/node/2109 for more information. | ||||||
|  |  * | ||||||
|  * @param $string |  * @param $string | ||||||
|  *   A string containing the English string to translate. |  *   A string containing the English string to translate. | ||||||
|  * @param $args |  * @param $args | ||||||
| @@ -1445,8 +1735,9 @@ function drupal_unpack($obj, $field = 'data') { | |||||||
|  *   An associative array of additional options, with the following elements: |  *   An associative array of additional options, with the following elements: | ||||||
|  *   - 'langcode' (defaults to the current language): The language code to |  *   - 'langcode' (defaults to the current language): The language code to | ||||||
|  *     translate to a language other than what is used to display the page. |  *     translate to a language other than what is used to display the page. | ||||||
|  *   - 'context' (defaults to the empty context): The context the source string |  *   - 'context' (defaults to the empty context): A string giving the context | ||||||
|  *     belongs to. |  *     that the source string belongs to. See @ref sec_context above for more | ||||||
|  |  *     information. | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   The translated string. |  *   The translated string. | ||||||
| @@ -1709,7 +2000,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO | |||||||
|  |  | ||||||
|   // It is possible that the error handling will itself trigger an error. In that case, we could |   // It is possible that the error handling will itself trigger an error. In that case, we could | ||||||
|   // end up in an infinite loop. To avoid that, we implement a simple static semaphore. |   // end up in an infinite loop. To avoid that, we implement a simple static semaphore. | ||||||
|   if (!$in_error_state && function_exists('module_implements')) { |   if (!$in_error_state && function_exists('module_invoke_all')) { | ||||||
|     $in_error_state = TRUE; |     $in_error_state = TRUE; | ||||||
|  |  | ||||||
|     // The user object may not exist in all conditions, so 0 is substituted if needed. |     // The user object may not exist in all conditions, so 0 is substituted if needed. | ||||||
| @@ -1732,9 +2023,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO | |||||||
|     ); |     ); | ||||||
|  |  | ||||||
|     // Call the logging hooks to log/process the message |     // Call the logging hooks to log/process the message | ||||||
|     foreach (module_implements('watchdog') as $module) { |     module_invoke_all('watchdog', $log_entry); | ||||||
|       module_invoke($module, 'watchdog', $log_entry); |  | ||||||
|     } |  | ||||||
|  |  | ||||||
|     // It is critical that the semaphore is only cleared here, in the parent |     // It is critical that the semaphore is only cleared here, in the parent | ||||||
|     // watchdog() call (not outside the loop), to prevent recursive execution. |     // watchdog() call (not outside the loop), to prevent recursive execution. | ||||||
| @@ -1776,7 +2065,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO | |||||||
|  * @see theme_status_messages() |  * @see theme_status_messages() | ||||||
|  */ |  */ | ||||||
| function drupal_set_message($message = NULL, $type = 'status', $repeat = TRUE) { | function drupal_set_message($message = NULL, $type = 'status', $repeat = TRUE) { | ||||||
|   if ($message) { |   if ($message || $message === '0' || $message === 0) { | ||||||
|     if (!isset($_SESSION['messages'][$type])) { |     if (!isset($_SESSION['messages'][$type])) { | ||||||
|       $_SESSION['messages'][$type] = array(); |       $_SESSION['messages'][$type] = array(); | ||||||
|     } |     } | ||||||
| @@ -2229,6 +2518,7 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) { | |||||||
|  |  | ||||||
|       switch ($current_phase) { |       switch ($current_phase) { | ||||||
|         case DRUPAL_BOOTSTRAP_CONFIGURATION: |         case DRUPAL_BOOTSTRAP_CONFIGURATION: | ||||||
|  |           require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc'; | ||||||
|           _drupal_bootstrap_configuration(); |           _drupal_bootstrap_configuration(); | ||||||
|           break; |           break; | ||||||
|  |  | ||||||
| @@ -2306,13 +2596,10 @@ function drupal_get_hash_salt() { | |||||||
|  *   The filename that the error was raised in. |  *   The filename that the error was raised in. | ||||||
|  * @param $line |  * @param $line | ||||||
|  *   The line number the error was raised at. |  *   The line number the error was raised at. | ||||||
|  * @param $context |  | ||||||
|  *   An array that points to the active symbol table at the point the error |  | ||||||
|  *   occurred. |  | ||||||
|  */ |  */ | ||||||
| function _drupal_error_handler($error_level, $message, $filename, $line, $context) { | function _drupal_error_handler($error_level, $message, $filename, $line) { | ||||||
|   require_once DRUPAL_ROOT . '/includes/errors.inc'; |   require_once DRUPAL_ROOT . '/includes/errors.inc'; | ||||||
|   _drupal_error_handler_real($error_level, $message, $filename, $line, $context); |   _drupal_error_handler_real($error_level, $message, $filename, $line); | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -2333,6 +2620,10 @@ function _drupal_exception_handler($exception) { | |||||||
|     _drupal_log_error(_drupal_decode_exception($exception), TRUE); |     _drupal_log_error(_drupal_decode_exception($exception), TRUE); | ||||||
|   } |   } | ||||||
|   catch (Exception $exception2) { |   catch (Exception $exception2) { | ||||||
|  |     // Add a 500 status code in case an exception was thrown before the 500 | ||||||
|  |     // status could be set (e.g. while loading a maintenance theme from cache). | ||||||
|  |     drupal_add_http_header('Status', '500 Internal Server Error'); | ||||||
|  |  | ||||||
|     // Another uncaught exception was thrown while handling the first one. |     // Another uncaught exception was thrown while handling the first one. | ||||||
|     // If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown. |     // If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown. | ||||||
|     if (error_displayable()) { |     if (error_displayable()) { | ||||||
| @@ -2356,6 +2647,9 @@ function _drupal_bootstrap_configuration() { | |||||||
|   timer_start('page'); |   timer_start('page'); | ||||||
|   // Initialize the configuration, including variables from settings.php. |   // Initialize the configuration, including variables from settings.php. | ||||||
|   drupal_settings_initialize(); |   drupal_settings_initialize(); | ||||||
|  |  | ||||||
|  |   // Sanitize unsafe keys from the request. | ||||||
|  |   DrupalRequestSanitizer::sanitize(); | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -2464,6 +2758,9 @@ function _drupal_bootstrap_database() { | |||||||
|   // the install or upgrade process. |   // the install or upgrade process. | ||||||
|   spl_autoload_register('drupal_autoload_class'); |   spl_autoload_register('drupal_autoload_class'); | ||||||
|   spl_autoload_register('drupal_autoload_interface'); |   spl_autoload_register('drupal_autoload_interface'); | ||||||
|  |   if (version_compare(PHP_VERSION, '5.4') >= 0) { | ||||||
|  |     spl_autoload_register('drupal_autoload_trait'); | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -2495,6 +2792,11 @@ function _drupal_bootstrap_variables() { | |||||||
|       unset($_GET['destination']); |       unset($_GET['destination']); | ||||||
|       unset($_REQUEST['destination']); |       unset($_REQUEST['destination']); | ||||||
|     } |     } | ||||||
|  |     // Use the DrupalRequestSanitizer to ensure that the destination's query | ||||||
|  |     // parameters are not dangerous. | ||||||
|  |     if (isset($_GET['destination'])) { | ||||||
|  |       DrupalRequestSanitizer::cleanDestination(); | ||||||
|  |     } | ||||||
|     // If there's still something in $_REQUEST['destination'] that didn't come |     // If there's still something in $_REQUEST['destination'] that didn't come | ||||||
|     // from $_GET, check it too. |     // from $_GET, check it too. | ||||||
|     if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) { |     if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) { | ||||||
| @@ -2779,10 +3081,14 @@ function language_list($field = 'language') { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Returns the default language used on the site |  * Returns the default language, as an object, or one of its properties. | ||||||
|  * |  * | ||||||
|  * @param $property |  * @param $property | ||||||
|  *   Optional property of the language object to return |  *   (optional) The property of the language object to return. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   Either the language object for the default language used on the site, | ||||||
|  |  *   or the property of that object named in the $property parameter. | ||||||
|  */ |  */ | ||||||
| function language_default($property = NULL) { | function language_default($property = NULL) { | ||||||
|   $language = variable_get('language_default', (object) array('language' => 'en', 'name' => 'English', 'native' => 'English', 'direction' => 0, 'enabled' => 1, 'plurals' => 0, 'formula' => '', 'domain' => '', 'prefix' => '', 'weight' => 0, 'javascript' => '')); |   $language = variable_get('language_default', (object) array('language' => 'en', 'name' => 'English', 'native' => 'English', 'direction' => 0, 'enabled' => 1, 'plurals' => 0, 'formula' => '', 'domain' => '', 'prefix' => '', 'weight' => 0, 'javascript' => '')); | ||||||
| @@ -2934,9 +3240,16 @@ function ip_address() { | |||||||
|         // Eliminate all trusted IPs. |         // Eliminate all trusted IPs. | ||||||
|         $untrusted = array_diff($forwarded, $reverse_proxy_addresses); |         $untrusted = array_diff($forwarded, $reverse_proxy_addresses); | ||||||
|  |  | ||||||
|  |         if (!empty($untrusted)) { | ||||||
|           // The right-most IP is the most specific we can trust. |           // The right-most IP is the most specific we can trust. | ||||||
|           $ip_address = array_pop($untrusted); |           $ip_address = array_pop($untrusted); | ||||||
|         } |         } | ||||||
|  |         else { | ||||||
|  |           // All IP addresses in the forwarded array are configured proxy IPs | ||||||
|  |           // (and thus trusted). We take the leftmost IP. | ||||||
|  |           $ip_address = array_shift($forwarded); | ||||||
|  |         } | ||||||
|  |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -2952,7 +3265,9 @@ function ip_address() { | |||||||
|  * Gets the schema definition of a table, or the whole database schema. |  * Gets the schema definition of a table, or the whole database schema. | ||||||
|  * |  * | ||||||
|  * The returned schema will include any modifications made by any |  * The returned schema will include any modifications made by any | ||||||
|  * module that implements hook_schema_alter(). |  * module that implements hook_schema_alter(). To get the schema without | ||||||
|  |  * modifications, use drupal_get_schema_unprocessed(). | ||||||
|  |  * | ||||||
|  * |  * | ||||||
|  * @param $table |  * @param $table | ||||||
|  *   The name of the table. If not given, the schema of all tables is returned. |  *   The name of the table. If not given, the schema of all tables is returned. | ||||||
| @@ -3107,6 +3422,22 @@ function drupal_autoload_class($class) { | |||||||
|   return _registry_check_code('class', $class); |   return _registry_check_code('class', $class); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Confirms that a trait is available. | ||||||
|  |  * | ||||||
|  |  * This function is rarely called directly. Instead, it is registered as an | ||||||
|  |  * spl_autoload() handler, and PHP calls it for us when necessary. | ||||||
|  |  * | ||||||
|  |  * @param string $trait | ||||||
|  |  *   The name of the trait to check or load. | ||||||
|  |  * | ||||||
|  |  * @return bool | ||||||
|  |  *   TRUE if the trait is currently available, FALSE otherwise. | ||||||
|  |  */ | ||||||
|  | function drupal_autoload_trait($trait) { | ||||||
|  |   return _registry_check_code('trait', $trait); | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Checks for a resource in the registry. |  * Checks for a resource in the registry. | ||||||
|  * |  * | ||||||
| @@ -3125,7 +3456,7 @@ function drupal_autoload_class($class) { | |||||||
| function _registry_check_code($type, $name = NULL) { | function _registry_check_code($type, $name = NULL) { | ||||||
|   static $lookup_cache, $cache_update_needed; |   static $lookup_cache, $cache_update_needed; | ||||||
|  |  | ||||||
|   if ($type == 'class' && class_exists($name) || $type == 'interface' && interface_exists($name)) { |   if ($type == 'class' && class_exists($name) || $type == 'interface' && interface_exists($name) || $type == 'trait' && trait_exists($name)) { | ||||||
|     return TRUE; |     return TRUE; | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -3158,7 +3489,7 @@ function _registry_check_code($type, $name = NULL) { | |||||||
|   $cache_key = $type[0] . $name; |   $cache_key = $type[0] . $name; | ||||||
|   if (isset($lookup_cache[$cache_key])) { |   if (isset($lookup_cache[$cache_key])) { | ||||||
|     if ($lookup_cache[$cache_key]) { |     if ($lookup_cache[$cache_key]) { | ||||||
|       require_once DRUPAL_ROOT . '/' . $lookup_cache[$cache_key]; |       include_once DRUPAL_ROOT . '/' . $lookup_cache[$cache_key]; | ||||||
|     } |     } | ||||||
|     return (bool) $lookup_cache[$cache_key]; |     return (bool) $lookup_cache[$cache_key]; | ||||||
|   } |   } | ||||||
| @@ -3183,7 +3514,7 @@ function _registry_check_code($type, $name = NULL) { | |||||||
|   $lookup_cache[$cache_key] = $file; |   $lookup_cache[$cache_key] = $file; | ||||||
|  |  | ||||||
|   if ($file) { |   if ($file) { | ||||||
|     require_once DRUPAL_ROOT . '/' . $file; |     include_once DRUPAL_ROOT . '/' . $file; | ||||||
|     return TRUE; |     return TRUE; | ||||||
|   } |   } | ||||||
|   else { |   else { | ||||||
| @@ -3468,8 +3799,12 @@ function _drupal_shutdown_function() { | |||||||
|   chdir(DRUPAL_ROOT); |   chdir(DRUPAL_ROOT); | ||||||
|  |  | ||||||
|   try { |   try { | ||||||
|     while (list($key, $callback) = each($callbacks)) { |     // Manually iterate over the array instead of using a foreach loop. | ||||||
|  |     // A foreach operates on a copy of the array, so any shutdown functions that | ||||||
|  |     // were added from other shutdown functions would never be called. | ||||||
|  |     while ($callback = current($callbacks)) { | ||||||
|       call_user_func_array($callback['callback'], $callback['arguments']); |       call_user_func_array($callback['callback'], $callback['arguments']); | ||||||
|  |       next($callbacks); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|   catch (Exception $exception) { |   catch (Exception $exception) { | ||||||
| @@ -3541,3 +3876,85 @@ function drupal_clear_opcode_cache($filepath) { | |||||||
|     @apc_delete_file($filepath); |     @apc_delete_file($filepath); | ||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Drupal's wrapper around PHP's setcookie() function. | ||||||
|  |  * | ||||||
|  |  * This allows the cookie's $value and $options to be altered. | ||||||
|  |  * | ||||||
|  |  * @param $name | ||||||
|  |  *   The name of the cookie. | ||||||
|  |  * @param $value | ||||||
|  |  *   The value of the cookie. | ||||||
|  |  * @param $options | ||||||
|  |  *   An associative array which may have any of the keys expires, path, domain, | ||||||
|  |  *   secure, httponly, samesite. | ||||||
|  |  * | ||||||
|  |  * @see setcookie() | ||||||
|  |  * @ingroup php_wrappers | ||||||
|  |  */ | ||||||
|  | function drupal_setcookie($name, $value, $options) { | ||||||
|  |   $options = _drupal_cookie_params($options); | ||||||
|  |   if (\PHP_VERSION_ID >= 70300) { | ||||||
|  |     setcookie($name, $value, $options); | ||||||
|  |   } | ||||||
|  |   else { | ||||||
|  |     setcookie($name, $value, $options['expires'], $options['path'], $options['domain'], $options['secure'], $options['httponly']); | ||||||
|  |   } | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Process the params for cookies. This emulates support for the SameSite | ||||||
|  |  * attribute in earlier versions of PHP, and allows the value of that attribute | ||||||
|  |  * to be overridden. | ||||||
|  |  * | ||||||
|  |  * @param $options | ||||||
|  |  *   An associative array which may have any of the keys expires, path, domain, | ||||||
|  |  *   secure, httponly, samesite. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   An associative array which may have any of the keys expires, path, domain, | ||||||
|  |  *   secure, httponly, and samesite. | ||||||
|  |  */ | ||||||
|  | function _drupal_cookie_params($options) { | ||||||
|  |   $options['samesite'] = _drupal_samesite_cookie($options); | ||||||
|  |   if (\PHP_VERSION_ID < 70300) { | ||||||
|  |     // Emulate SameSite support in older PHP versions. | ||||||
|  |     if (!empty($options['samesite'])) { | ||||||
|  |       // Ensure the SameSite attribute is only added once. | ||||||
|  |       if (!preg_match('/SameSite=/i', $options['path'])) { | ||||||
|  |         $options['path'] .= '; SameSite=' . $options['samesite']; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |   return $options; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Determine the value for the samesite cookie attribute, in the following order | ||||||
|  |  * of precedence: | ||||||
|  |  * | ||||||
|  |  * 1) A value explicitly passed to drupal_setcookie() | ||||||
|  |  * 2) A value set in $conf['samesite_cookie_value'] | ||||||
|  |  * 3) The setting from php ini | ||||||
|  |  * 4) The default of None, or FALSE (no attribute) if the cookie is not Secure | ||||||
|  |  * | ||||||
|  |  * @param $options | ||||||
|  |  *   An associative array as passed to drupal_setcookie(). | ||||||
|  |  * @return | ||||||
|  |  *   The value for the samesite cookie attribute. | ||||||
|  |  */ | ||||||
|  | function _drupal_samesite_cookie($options) { | ||||||
|  |   if (isset($options['samesite'])) { | ||||||
|  |     return $options['samesite']; | ||||||
|  |   } | ||||||
|  |   $override = variable_get('samesite_cookie_value', NULL); | ||||||
|  |   if ($override !== NULL) { | ||||||
|  |     return $override; | ||||||
|  |   } | ||||||
|  |   $ini_options = session_get_cookie_params(); | ||||||
|  |   if (isset($ini_options['samesite'])) { | ||||||
|  |     return $ini_options['samesite']; | ||||||
|  |   } | ||||||
|  |   return empty($options['secure']) ? FALSE : 'None'; | ||||||
|  | } | ||||||
|   | |||||||
| @@ -14,6 +14,7 @@ | |||||||
|  * |  * | ||||||
|  * @param $bin |  * @param $bin | ||||||
|  *   The cache bin for which the cache object should be returned. |  *   The cache bin for which the cache object should be returned. | ||||||
|  |  * | ||||||
|  * @return DrupalCacheInterface |  * @return DrupalCacheInterface | ||||||
|  *   The cache object associated with the specified bin. |  *   The cache object associated with the specified bin. | ||||||
|  * |  * | ||||||
| @@ -121,7 +122,12 @@ function cache_get_multiple(array &$cids, $bin = 'cache') { | |||||||
|  *     the administrator panel. |  *     the administrator panel. | ||||||
|  *   - cache_path: Stores the system paths that have an alias. |  *   - cache_path: Stores the system paths that have an alias. | ||||||
|  * @param $expire |  * @param $expire | ||||||
|  *   (optional) One of the following values: |  *   (optional) Controls the maximum lifetime of this cache entry. Note that | ||||||
|  |  *   caches might be subject to clearing at any time, so this setting does not | ||||||
|  |  *   guarantee a minimum lifetime. With this in mind, the cache should not be | ||||||
|  |  *   used for data that must be kept during a cache clear, like sessions. | ||||||
|  |  * | ||||||
|  |  *   Use one of the following values: | ||||||
|  *   - CACHE_PERMANENT: Indicates that the item should never be removed unless |  *   - CACHE_PERMANENT: Indicates that the item should never be removed unless | ||||||
|  *     explicitly told to using cache_clear_all() with a cache ID. |  *     explicitly told to using cache_clear_all() with a cache ID. | ||||||
|  *   - CACHE_TEMPORARY: Indicates that the item should be removed at the next |  *   - CACHE_TEMPORARY: Indicates that the item should be removed at the next | ||||||
| @@ -261,7 +267,12 @@ interface DrupalCacheInterface { | |||||||
|    *   1MB in size to be stored by default. When caching large arrays or |    *   1MB in size to be stored by default. When caching large arrays or | ||||||
|    *   similar, take care to ensure $data does not exceed this size. |    *   similar, take care to ensure $data does not exceed this size. | ||||||
|    * @param $expire |    * @param $expire | ||||||
|    *   (optional) One of the following values: |    *   (optional) Controls the maximum lifetime of this cache entry. Note that | ||||||
|  |    *   caches might be subject to clearing at any time, so this setting does not | ||||||
|  |    *   guarantee a minimum lifetime. With this in mind, the cache should not be | ||||||
|  |    *   used for data that must be kept during a cache clear, like sessions. | ||||||
|  |    * | ||||||
|  |    *   Use one of the following values: | ||||||
|    *   - CACHE_PERMANENT: Indicates that the item should never be removed unless |    *   - CACHE_PERMANENT: Indicates that the item should never be removed unless | ||||||
|    *     explicitly told to using cache_clear_all() with a cache ID. |    *     explicitly told to using cache_clear_all() with a cache ID. | ||||||
|    *   - CACHE_TEMPORARY: Indicates that the item should be removed at the next |    *   - CACHE_TEMPORARY: Indicates that the item should be removed at the next | ||||||
|   | |||||||
| @@ -391,7 +391,7 @@ function drupal_add_feed($url = NULL, $title = '') { | |||||||
|  */ |  */ | ||||||
| function drupal_get_feeds($delimiter = "\n") { | function drupal_get_feeds($delimiter = "\n") { | ||||||
|   $feeds = drupal_add_feed(); |   $feeds = drupal_add_feed(); | ||||||
|   return implode($feeds, $delimiter); |   return implode($delimiter, $feeds); | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -487,7 +487,7 @@ function drupal_http_build_query(array $query, $parent = '') { | |||||||
|   $params = array(); |   $params = array(); | ||||||
|  |  | ||||||
|   foreach ($query as $key => $value) { |   foreach ($query as $key => $value) { | ||||||
|     $key = ($parent ? $parent . '[' . rawurlencode($key) . ']' : rawurlencode($key)); |     $key = $parent ? $parent . rawurlencode('[' . $key . ']') : rawurlencode($key); | ||||||
|  |  | ||||||
|     // Recurse into children. |     // Recurse into children. | ||||||
|     if (is_array($value)) { |     if (is_array($value)) { | ||||||
| @@ -611,8 +611,9 @@ function drupal_parse_url($url) { | |||||||
|   } |   } | ||||||
|   // The 'q' parameter contains the path of the current page if clean URLs are |   // The 'q' parameter contains the path of the current page if clean URLs are | ||||||
|   // disabled. It overrides the 'path' of the URL when present, even if clean |   // disabled. It overrides the 'path' of the URL when present, even if clean | ||||||
|   // URLs are enabled, due to how Apache rewriting rules work. |   // URLs are enabled, due to how Apache rewriting rules work. The path | ||||||
|   if (isset($options['query']['q'])) { |   // parameter must be a string. | ||||||
|  |   if (isset($options['query']['q']) && is_string($options['query']['q'])) { | ||||||
|     $options['path'] = $options['query']['q']; |     $options['path'] = $options['query']['q']; | ||||||
|     unset($options['query']['q']); |     unset($options['query']['q']); | ||||||
|   } |   } | ||||||
| @@ -683,11 +684,21 @@ function drupal_goto($path = '', array $options = array(), $http_response_code = | |||||||
|   // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector. |   // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector. | ||||||
|   if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) { |   if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) { | ||||||
|     $destination = drupal_parse_url($_GET['destination']); |     $destination = drupal_parse_url($_GET['destination']); | ||||||
|  |     // Double check the path derived by drupal_parse_url() is not external. | ||||||
|  |     if (!url_is_external($destination['path'])) { | ||||||
|       $path = $destination['path']; |       $path = $destination['path']; | ||||||
|  |     } | ||||||
|     $options['query'] = $destination['query']; |     $options['query'] = $destination['query']; | ||||||
|     $options['fragment'] = $destination['fragment']; |     $options['fragment'] = $destination['fragment']; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   // In some cases modules call drupal_goto(current_path()). We need to ensure | ||||||
|  |   // that such a redirect is not to an external URL. | ||||||
|  |   if ($path === current_path() && empty($options['external']) && url_is_external($path)) { | ||||||
|  |     // Force url() to generate a non-external URL. | ||||||
|  |     $options['external'] = FALSE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   drupal_alter('drupal_goto', $path, $options, $http_response_code); |   drupal_alter('drupal_goto', $path, $options, $http_response_code); | ||||||
|  |  | ||||||
|   // The 'Location' HTTP header must be absolute. |   // The 'Location' HTTP header must be absolute. | ||||||
| @@ -752,8 +763,10 @@ function drupal_access_denied() { | |||||||
|  *   (optional) An array that can have one or more of the following elements: |  *   (optional) An array that can have one or more of the following elements: | ||||||
|  *   - headers: An array containing request headers to send as name/value pairs. |  *   - headers: An array containing request headers to send as name/value pairs. | ||||||
|  *   - method: A string containing the request method. Defaults to 'GET'. |  *   - method: A string containing the request method. Defaults to 'GET'. | ||||||
|  *   - data: A string containing the request body, formatted as |  *   - data: An array containing the values for the request body or a string | ||||||
|  *     'param=value¶m=value&...'. Defaults to NULL. |  *     containing the request body, formatted as | ||||||
|  |  *     'param=value¶m=value&...'; to generate this, use | ||||||
|  |  *     drupal_http_build_query(). Defaults to NULL. | ||||||
|  *   - max_redirects: An integer representing how many times a redirect |  *   - max_redirects: An integer representing how many times a redirect | ||||||
|  *     may be followed. Defaults to 3. |  *     may be followed. Defaults to 3. | ||||||
|  *   - timeout: A float representing the maximum number of seconds the function |  *   - timeout: A float representing the maximum number of seconds the function | ||||||
| @@ -778,6 +791,8 @@ function drupal_access_denied() { | |||||||
|  *     HTTP header names are case-insensitive (RFC 2616, section 4.2), so for |  *     HTTP header names are case-insensitive (RFC 2616, section 4.2), so for | ||||||
|  *     easy access the array keys are returned in lower case. |  *     easy access the array keys are returned in lower case. | ||||||
|  *   - data: A string containing the response body that was received. |  *   - data: A string containing the response body that was received. | ||||||
|  |  * | ||||||
|  |  * @see drupal_http_build_query() | ||||||
|  */ |  */ | ||||||
| function drupal_http_request($url, array $options = array()) { | function drupal_http_request($url, array $options = array()) { | ||||||
|   // Allow an alternate HTTP client library to replace Drupal's default |   // Allow an alternate HTTP client library to replace Drupal's default | ||||||
| @@ -856,8 +871,10 @@ function drupal_http_request($url, array $options = array()) { | |||||||
|       // Make the socket connection to a proxy server. |       // Make the socket connection to a proxy server. | ||||||
|       $socket = 'tcp://' . $proxy_server . ':' . variable_get('proxy_port', 8080); |       $socket = 'tcp://' . $proxy_server . ':' . variable_get('proxy_port', 8080); | ||||||
|       // The Host header still needs to match the real request. |       // The Host header still needs to match the real request. | ||||||
|  |       if (!isset($options['headers']['Host'])) { | ||||||
|         $options['headers']['Host'] = $uri['host']; |         $options['headers']['Host'] = $uri['host']; | ||||||
|         $options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : ''; |         $options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : ''; | ||||||
|  |       } | ||||||
|       break; |       break; | ||||||
|  |  | ||||||
|     case 'http': |     case 'http': | ||||||
| @@ -867,14 +884,18 @@ function drupal_http_request($url, array $options = array()) { | |||||||
|       // RFC 2616: "non-standard ports MUST, default ports MAY be included". |       // RFC 2616: "non-standard ports MUST, default ports MAY be included". | ||||||
|       // We don't add the standard port to prevent from breaking rewrite rules |       // We don't add the standard port to prevent from breaking rewrite rules | ||||||
|       // checking the host that do not take into account the port number. |       // checking the host that do not take into account the port number. | ||||||
|  |       if (!isset($options['headers']['Host'])) { | ||||||
|         $options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : ''); |         $options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : ''); | ||||||
|  |       } | ||||||
|       break; |       break; | ||||||
|  |  | ||||||
|     case 'https': |     case 'https': | ||||||
|       // Note: Only works when PHP is compiled with OpenSSL support. |       // Note: Only works when PHP is compiled with OpenSSL support. | ||||||
|       $port = isset($uri['port']) ? $uri['port'] : 443; |       $port = isset($uri['port']) ? $uri['port'] : 443; | ||||||
|       $socket = 'ssl://' . $uri['host'] . ':' . $port; |       $socket = 'ssl://' . $uri['host'] . ':' . $port; | ||||||
|  |       if (!isset($options['headers']['Host'])) { | ||||||
|         $options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : ''); |         $options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : ''); | ||||||
|  |       } | ||||||
|       break; |       break; | ||||||
|  |  | ||||||
|     default: |     default: | ||||||
| @@ -913,6 +934,11 @@ function drupal_http_request($url, array $options = array()) { | |||||||
|     $path .= '?' . $uri['query']; |     $path .= '?' . $uri['query']; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   // Convert array $options['data'] to query string. | ||||||
|  |   if (is_array($options['data'])) { | ||||||
|  |     $options['data'] = drupal_http_build_query($options['data']); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Only add Content-Length if we actually have any content or if it is a POST |   // Only add Content-Length if we actually have any content or if it is a POST | ||||||
|   // or PUT request. Some non-standard servers get confused by Content-Length in |   // or PUT request. Some non-standard servers get confused by Content-Length in | ||||||
|   // at least HEAD/GET requests, and Squid always requires Content-Length in |   // at least HEAD/GET requests, and Squid always requires Content-Length in | ||||||
| @@ -1057,6 +1083,12 @@ function drupal_http_request($url, array $options = array()) { | |||||||
|  |  | ||||||
|   switch ($code) { |   switch ($code) { | ||||||
|     case 200: // OK |     case 200: // OK | ||||||
|  |     case 201: // Created | ||||||
|  |     case 202: // Accepted | ||||||
|  |     case 203: // Non-Authoritative Information | ||||||
|  |     case 204: // No Content | ||||||
|  |     case 205: // Reset Content | ||||||
|  |     case 206: // Partial Content | ||||||
|     case 304: // Not modified |     case 304: // Not modified | ||||||
|       break; |       break; | ||||||
|     case 301: // Moved permanently |     case 301: // Moved permanently | ||||||
| @@ -1071,6 +1103,11 @@ function drupal_http_request($url, array $options = array()) { | |||||||
|       elseif ($options['max_redirects']) { |       elseif ($options['max_redirects']) { | ||||||
|         // Redirect to the new location. |         // Redirect to the new location. | ||||||
|         $options['max_redirects']--; |         $options['max_redirects']--; | ||||||
|  |  | ||||||
|  |         // We need to unset the 'Host' header | ||||||
|  |         // as we are redirecting to a new location. | ||||||
|  |         unset($options['headers']['Host']); | ||||||
|  |  | ||||||
|         $result = drupal_http_request($location, $options); |         $result = drupal_http_request($location, $options); | ||||||
|         $result->redirect_code = $code; |         $result->redirect_code = $code; | ||||||
|       } |       } | ||||||
| @@ -1522,7 +1559,7 @@ function _filter_xss_split($m, $store = FALSE) { | |||||||
|     return '<'; |     return '<'; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { |   if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9\-]+)\s*([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) { | ||||||
|     // Seriously malformed. |     // Seriously malformed. | ||||||
|     return ''; |     return ''; | ||||||
|   } |   } | ||||||
| @@ -1581,7 +1618,13 @@ function _filter_xss_attributes($attr) { | |||||||
|         // Attribute name, href for instance. |         // Attribute name, href for instance. | ||||||
|         if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) { |         if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) { | ||||||
|           $attrname = strtolower($match[1]); |           $attrname = strtolower($match[1]); | ||||||
|           $skip = ($attrname == 'style' || substr($attrname, 0, 2) == 'on'); |           $skip = ( | ||||||
|  |             $attrname == 'style' || | ||||||
|  |             substr($attrname, 0, 2) == 'on' || | ||||||
|  |             substr($attrname, 0, 1) == '-' || | ||||||
|  |             // Ignore long attributes to avoid unnecessary processing overhead. | ||||||
|  |             strlen($attrname) > 96 | ||||||
|  |           ); | ||||||
|           $working = $mode = 1; |           $working = $mode = 1; | ||||||
|           $attr = preg_replace('/^[-a-zA-Z]+/', '', $attr); |           $attr = preg_replace('/^[-a-zA-Z]+/', '', $attr); | ||||||
|         } |         } | ||||||
| @@ -1754,9 +1797,15 @@ function format_rss_item($title, $link, $description, $args = array()) { | |||||||
|  *     - 'key': element name |  *     - 'key': element name | ||||||
|  *     - 'value': element contents |  *     - 'value': element contents | ||||||
|  *     - 'attributes': associative array of element attributes |  *     - 'attributes': associative array of element attributes | ||||||
|  |  *     - 'encoded': TRUE if 'value' is already encoded | ||||||
|  * |  * | ||||||
|  * In both cases, 'value' can be a simple string, or it can be another array |  * In both cases, 'value' can be a simple string, or it can be another array | ||||||
|  * with the same format as $array itself for nesting. |  * with the same format as $array itself for nesting. | ||||||
|  |  * | ||||||
|  |  * If 'encoded' is TRUE it is up to the caller to ensure that 'value' is either | ||||||
|  |  * entity-encoded or CDATA-escaped. Using this option is not recommended when | ||||||
|  |  * working with untrusted user input, since failing to escape the data | ||||||
|  |  * correctly has security implications. | ||||||
|  */ |  */ | ||||||
| function format_xml_elements($array) { | function format_xml_elements($array) { | ||||||
|   $output = ''; |   $output = ''; | ||||||
| @@ -1769,7 +1818,7 @@ function format_xml_elements($array) { | |||||||
|         } |         } | ||||||
|  |  | ||||||
|         if (isset($value['value']) && $value['value'] != '') { |         if (isset($value['value']) && $value['value'] != '') { | ||||||
|           $output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : check_plain($value['value'])) . '</' . $value['key'] . ">\n"; |           $output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : (!empty($value['encoded']) ? $value['value'] : check_plain($value['value']))) . '</' . $value['key'] . ">\n"; | ||||||
|         } |         } | ||||||
|         else { |         else { | ||||||
|           $output .= " />\n"; |           $output .= " />\n"; | ||||||
| @@ -2214,20 +2263,11 @@ function url($path = NULL, array $options = array()) { | |||||||
|     'prefix' => '' |     'prefix' => '' | ||||||
|   ); |   ); | ||||||
|  |  | ||||||
|   // A duplicate of the code from url_is_external() to avoid needing another |   // Determine whether this is an external link, but ensure that the current | ||||||
|   // function call, since performance inside url() is critical. |   // path is always treated as internal by default (to prevent external link | ||||||
|  |   // injection vulnerabilities). | ||||||
|   if (!isset($options['external'])) { |   if (!isset($options['external'])) { | ||||||
|     // Return an external link if $path contains an allowed absolute URL. Avoid |     $options['external'] = $path === $_GET['q'] ? FALSE : url_is_external($path); | ||||||
|     // calling drupal_strip_dangerous_protocols() if there is any slash (/), |  | ||||||
|     // hash (#) or question_mark (?) before the colon (:) occurrence - if any - |  | ||||||
|     // as this would clearly mean it is not a URL. If the path starts with 2 |  | ||||||
|     // slashes then it is always considered an external URL without an explicit |  | ||||||
|     // protocol part. |  | ||||||
|     $colonpos = strpos($path, ':'); |  | ||||||
|     $options['external'] = (strpos($path, '//') === 0) |  | ||||||
|       || ($colonpos !== FALSE |  | ||||||
|         && !preg_match('![/?#]!', substr($path, 0, $colonpos)) |  | ||||||
|         && drupal_strip_dangerous_protocols($path) == $path); |  | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Preserve the original path before altering or aliasing. |   // Preserve the original path before altering or aliasing. | ||||||
| @@ -2295,9 +2335,13 @@ function url($path = NULL, array $options = array()) { | |||||||
|   } |   } | ||||||
|   elseif (!empty($path) && !$options['alias']) { |   elseif (!empty($path) && !$options['alias']) { | ||||||
|     $language = isset($options['language']) && isset($options['language']->language) ? $options['language']->language : ''; |     $language = isset($options['language']) && isset($options['language']->language) ? $options['language']->language : ''; | ||||||
|  |     require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc'); | ||||||
|     $alias = drupal_get_path_alias($original_path, $language); |     $alias = drupal_get_path_alias($original_path, $language); | ||||||
|     if ($alias != $original_path) { |     if ($alias != $original_path) { | ||||||
|       $path = $alias; |       // Strip leading slashes from internal path aliases to prevent them | ||||||
|  |       // becoming external URLs without protocol. /example.com should not be | ||||||
|  |       // turned into //example.com. | ||||||
|  |       $path = ltrim($alias, '/'); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -2347,12 +2391,18 @@ function url($path = NULL, array $options = array()) { | |||||||
|  */ |  */ | ||||||
| function url_is_external($path) { | function url_is_external($path) { | ||||||
|   $colonpos = strpos($path, ':'); |   $colonpos = strpos($path, ':'); | ||||||
|   // Avoid calling drupal_strip_dangerous_protocols() if there is any slash (/), |   // Some browsers treat \ as / so normalize to forward slashes. | ||||||
|   // hash (#) or question_mark (?) before the colon (:) occurrence - if any - as |   $path = str_replace('\\', '/', $path); | ||||||
|   // this would clearly mean it is not a URL. If the path starts with 2 slashes |   // If the path starts with 2 slashes then it is always considered an external | ||||||
|   // then it is always considered an external URL without an explicit protocol |   // URL without an explicit protocol part. | ||||||
|   // part. |  | ||||||
|   return (strpos($path, '//') === 0) |   return (strpos($path, '//') === 0) | ||||||
|  |     // Leading control characters may be ignored or mishandled by browsers, so | ||||||
|  |     // assume such a path may lead to an external location. The \p{C} character | ||||||
|  |     // class matches all UTF-8 control, unassigned, and private characters. | ||||||
|  |     || (preg_match('/^\p{C}/u', $path) !== 0) | ||||||
|  |     // Avoid calling drupal_strip_dangerous_protocols() if there is any slash | ||||||
|  |     // (/), hash (#) or question_mark (?) before the colon (:) occurrence - if | ||||||
|  |     // any - as this would clearly mean it is not a URL. | ||||||
|     || ($colonpos !== FALSE |     || ($colonpos !== FALSE | ||||||
|       && !preg_match('![/?#]!', substr($path, 0, $colonpos)) |       && !preg_match('![/?#]!', substr($path, 0, $colonpos)) | ||||||
|       && drupal_strip_dangerous_protocols($path) == $path); |       && drupal_strip_dangerous_protocols($path) == $path); | ||||||
| @@ -2637,6 +2687,15 @@ function drupal_deliver_html_page($page_callback_result) { | |||||||
|   global $language; |   global $language; | ||||||
|   drupal_add_http_header('Content-Language', $language->language); |   drupal_add_http_header('Content-Language', $language->language); | ||||||
|  |  | ||||||
|  |   // By default, do not allow the site to be rendered in an iframe on another | ||||||
|  |   // domain, but provide a variable to override this. If the code running for | ||||||
|  |   // this page request already set the X-Frame-Options header earlier, don't | ||||||
|  |   // overwrite it here. | ||||||
|  |   $frame_options = variable_get('x_frame_options', 'SAMEORIGIN'); | ||||||
|  |   if ($frame_options && is_null(drupal_get_http_header('X-Frame-Options'))) { | ||||||
|  |     drupal_add_http_header('X-Frame-Options', $frame_options); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Menu status constants are integers; page content is a string or array. |   // Menu status constants are integers; page content is a string or array. | ||||||
|   if (is_int($page_callback_result)) { |   if (is_int($page_callback_result)) { | ||||||
|     // @todo: Break these up into separate functions? |     // @todo: Break these up into separate functions? | ||||||
| @@ -2751,6 +2810,7 @@ function drupal_page_footer() { | |||||||
|   _registry_check_code(REGISTRY_WRITE_LOOKUP_CACHE); |   _registry_check_code(REGISTRY_WRITE_LOOKUP_CACHE); | ||||||
|   drupal_cache_system_paths(); |   drupal_cache_system_paths(); | ||||||
|   module_implements_write_cache(); |   module_implements_write_cache(); | ||||||
|  |   drupal_file_scan_write_cache(); | ||||||
|   system_run_automated_cron(); |   system_run_automated_cron(); | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -2812,11 +2872,11 @@ function drupal_map_assoc($array, $function = NULL) { | |||||||
|  * into script execution a call such as set_time_limit(20) is made, the |  * into script execution a call such as set_time_limit(20) is made, the | ||||||
|  * script will run for a total of 45 seconds before timing out. |  * script will run for a total of 45 seconds before timing out. | ||||||
|  * |  * | ||||||
|  * It also means that it is possible to decrease the total time limit if |  * If the current time limit is not unlimited it is possible to decrease the | ||||||
|  * the sum of the new time limit and the current time spent running the |  * total time limit if the sum of the new time limit and the current time spent | ||||||
|  * script is inferior to the original time limit. It is inherent to the way |  * running the script is inferior to the original time limit. It is inherent to | ||||||
|  * set_time_limit() works, it should rather be called with an appropriate |  * the way set_time_limit() works, it should rather be called with an | ||||||
|  * value every time you need to allocate a certain amount of time |  * appropriate value every time you need to allocate a certain amount of time | ||||||
|  * to execute a task than only once at the beginning of the script. |  * to execute a task than only once at the beginning of the script. | ||||||
|  * |  * | ||||||
|  * Before calling set_time_limit(), we check if this function is available |  * Before calling set_time_limit(), we check if this function is available | ||||||
| @@ -2833,8 +2893,12 @@ function drupal_map_assoc($array, $function = NULL) { | |||||||
|  */ |  */ | ||||||
| function drupal_set_time_limit($time_limit) { | function drupal_set_time_limit($time_limit) { | ||||||
|   if (function_exists('set_time_limit')) { |   if (function_exists('set_time_limit')) { | ||||||
|  |     $current = ini_get('max_execution_time'); | ||||||
|  |     // Do not set time limit if it is currently unlimited. | ||||||
|  |     if ($current != 0) { | ||||||
|       @set_time_limit($time_limit); |       @set_time_limit($time_limit); | ||||||
|     } |     } | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -3014,6 +3078,13 @@ function drupal_add_html_head_link($attributes, $header = FALSE) { | |||||||
|  */ |  */ | ||||||
| function drupal_add_css($data = NULL, $options = NULL) { | function drupal_add_css($data = NULL, $options = NULL) { | ||||||
|   $css = &drupal_static(__FUNCTION__, array()); |   $css = &drupal_static(__FUNCTION__, array()); | ||||||
|  |   $count = &drupal_static(__FUNCTION__ . '_count', 0); | ||||||
|  |  | ||||||
|  |   // If the $css variable has been reset with drupal_static_reset(), there is | ||||||
|  |   // no longer any CSS being tracked, so set the counter back to 0 also. | ||||||
|  |   if (count($css) === 0) { | ||||||
|  |     $count = 0; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Construct the options, taking the defaults into consideration. |   // Construct the options, taking the defaults into consideration. | ||||||
|   if (isset($options)) { |   if (isset($options)) { | ||||||
| @@ -3049,7 +3120,8 @@ function drupal_add_css($data = NULL, $options = NULL) { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     // Always add a tiny value to the weight, to conserve the insertion order. |     // Always add a tiny value to the weight, to conserve the insertion order. | ||||||
|     $options['weight'] += count($css) / 1000; |     $options['weight'] += $count / 1000; | ||||||
|  |     $count++; | ||||||
|  |  | ||||||
|     // Add the data to the CSS array depending on the type. |     // Add the data to the CSS array depending on the type. | ||||||
|     switch ($options['type']) { |     switch ($options['type']) { | ||||||
| @@ -3678,7 +3750,7 @@ function _drupal_build_css_path($matches, $base = NULL) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Prefix with base and remove '../' segments where possible. |   // Prefix with base and remove '../' segments where possible. | ||||||
|   $path = $_base . $matches[1]; |   $path = $_base . (isset($matches[1]) ? $matches[1] : ''); | ||||||
|   $last = ''; |   $last = ''; | ||||||
|   while ($path != $last) { |   while ($path != $last) { | ||||||
|     $last = $path; |     $last = $path; | ||||||
| @@ -3802,7 +3874,7 @@ function drupal_load_stylesheet_content($contents, $optimize = FALSE) { | |||||||
|  |  | ||||||
|   // Replaces @import commands with the actual stylesheet content. |   // Replaces @import commands with the actual stylesheet content. | ||||||
|   // This happens recursively but omits external files. |   // This happens recursively but omits external files. | ||||||
|   $contents = preg_replace_callback('/@import\s*(?:url\(\s*)?[\'"]?(?![a-z]+:)([^\'"\()]+)[\'"]?\s*\)?\s*;/', '_drupal_load_stylesheet', $contents); |   $contents = preg_replace_callback('/@import\s*(?:url\(\s*)?[\'"]?(?![a-z]+:)(?!\/\/)([^\'"\()]+)[\'"]?\s*\)?\s*;/', '_drupal_load_stylesheet', $contents); | ||||||
|   return $contents; |   return $contents; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -3862,6 +3934,21 @@ function drupal_delete_file_if_stale($uri) { | |||||||
|  *   The cleaned identifier. |  *   The cleaned identifier. | ||||||
|  */ |  */ | ||||||
| function drupal_clean_css_identifier($identifier, $filter = array(' ' => '-', '_' => '-', '/' => '-', '[' => '-', ']' => '')) { | function drupal_clean_css_identifier($identifier, $filter = array(' ' => '-', '_' => '-', '/' => '-', '[' => '-', ']' => '')) { | ||||||
|  |   // Use the advanced drupal_static() pattern, since this is called very often. | ||||||
|  |   static $drupal_static_fast; | ||||||
|  |   if (!isset($drupal_static_fast)) { | ||||||
|  |     $drupal_static_fast['allow_css_double_underscores'] = &drupal_static(__FUNCTION__ . ':allow_css_double_underscores'); | ||||||
|  |   } | ||||||
|  |   $allow_css_double_underscores = &$drupal_static_fast['allow_css_double_underscores']; | ||||||
|  |   if (!isset($allow_css_double_underscores)) { | ||||||
|  |     $allow_css_double_underscores = variable_get('allow_css_double_underscores', FALSE); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Preserve BEM-style double-underscores depending on custom setting. | ||||||
|  |   if ($allow_css_double_underscores) { | ||||||
|  |     $filter['__'] = '__'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // By default, we filter using Drupal's coding standards. |   // By default, we filter using Drupal's coding standards. | ||||||
|   $identifier = strtr($identifier, $filter); |   $identifier = strtr($identifier, $filter); | ||||||
|  |  | ||||||
| @@ -3933,7 +4020,11 @@ function drupal_html_id($id) { | |||||||
|   // be merged with content already on the base page. The HTML IDs must be |   // be merged with content already on the base page. The HTML IDs must be | ||||||
|   // unique for the fully merged content. Therefore, initialize $seen_ids to |   // unique for the fully merged content. Therefore, initialize $seen_ids to | ||||||
|   // take into account IDs that are already in use on the base page. |   // take into account IDs that are already in use on the base page. | ||||||
|   $seen_ids_init = &drupal_static(__FUNCTION__ . ':init'); |   static $drupal_static_fast; | ||||||
|  |   if (!isset($drupal_static_fast['seen_ids_init'])) { | ||||||
|  |     $drupal_static_fast['seen_ids_init'] = &drupal_static(__FUNCTION__ . ':init'); | ||||||
|  |   } | ||||||
|  |   $seen_ids_init = &$drupal_static_fast['seen_ids_init']; | ||||||
|   if (!isset($seen_ids_init)) { |   if (!isset($seen_ids_init)) { | ||||||
|     // Ideally, Drupal would provide an API to persist state information about |     // Ideally, Drupal would provide an API to persist state information about | ||||||
|     // prior page requests in the database, and we'd be able to add this |     // prior page requests in the database, and we'd be able to add this | ||||||
| @@ -3978,7 +4069,10 @@ function drupal_html_id($id) { | |||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|   $seen_ids = &drupal_static(__FUNCTION__, $seen_ids_init); |   if (!isset($drupal_static_fast['seen_ids'])) { | ||||||
|  |     $drupal_static_fast['seen_ids'] = &drupal_static(__FUNCTION__, $seen_ids_init); | ||||||
|  |   } | ||||||
|  |   $seen_ids = &$drupal_static_fast['seen_ids']; | ||||||
|  |  | ||||||
|   $id = strtr(drupal_strtolower($id), array(' ' => '-', '_' => '-', '[' => '-', ']' => '')); |   $id = strtr(drupal_strtolower($id), array(' ' => '-', '_' => '-', '[' => '-', ']' => '')); | ||||||
|  |  | ||||||
| @@ -4363,12 +4457,54 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   $output = ''; |   // Sort the JavaScript so that it appears in the correct order. | ||||||
|   // The index counter is used to keep aggregated and non-aggregated files in |   uasort($items, 'drupal_sort_css_js'); | ||||||
|   // order by weight. |  | ||||||
|   $index = 1; |   // Provide the page with information about the individual JavaScript files | ||||||
|   $processed = array(); |   // used, information not otherwise available when aggregation is enabled. | ||||||
|   $files = array(); |   $setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1); | ||||||
|  |   unset($setting['ajaxPageState']['js']['settings']); | ||||||
|  |   drupal_add_js($setting, 'setting'); | ||||||
|  |  | ||||||
|  |   // If we're outputting the header scope, then this might be the final time | ||||||
|  |   // that drupal_get_js() is running, so add the setting to this output as well | ||||||
|  |   // as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's | ||||||
|  |   // because drupal_get_js() was intentionally passed a $javascript argument | ||||||
|  |   // stripped off settings, potentially in order to override how settings get | ||||||
|  |   // output, so in this case, do not add the setting to this output. | ||||||
|  |   if ($scope == 'header' && isset($items['settings'])) { | ||||||
|  |     $items['settings']['data'][] = $setting; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   $elements = array( | ||||||
|  |     '#type' => 'scripts', | ||||||
|  |     '#items' => $items, | ||||||
|  |   ); | ||||||
|  |  | ||||||
|  |   return drupal_render($elements); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * The #pre_render callback for the "scripts" element. | ||||||
|  |  * | ||||||
|  |  * This callback adds elements needed for <script> tags to be rendered. | ||||||
|  |  * | ||||||
|  |  * @param array $elements | ||||||
|  |  *   A render array containing: | ||||||
|  |  *   - '#items': The JS items as returned by drupal_add_js() and altered by | ||||||
|  |  *     drupal_get_js(). | ||||||
|  |  * | ||||||
|  |  * @return array | ||||||
|  |  *   The $elements variable passed as argument with two more children keys: | ||||||
|  |  *     - "scripts": contains the Javascript items | ||||||
|  |  *     - "settings": contains the Javascript settings items. | ||||||
|  |  *   If those keys are already existing, then the items will be appended and | ||||||
|  |  *   their keys will be preserved. | ||||||
|  |  * | ||||||
|  |  * @see drupal_get_js() | ||||||
|  |  * @see drupal_add_js() | ||||||
|  |  */ | ||||||
|  | function drupal_pre_render_scripts(array $elements) { | ||||||
|   $preprocess_js = (variable_get('preprocess_js', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update')); |   $preprocess_js = (variable_get('preprocess_js', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update')); | ||||||
|  |  | ||||||
|   // A dummy query-string is added to filenames, to gain control over |   // A dummy query-string is added to filenames, to gain control over | ||||||
| @@ -4389,34 +4525,29 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|   // third-party code might require the use of a different query string. |   // third-party code might require the use of a different query string. | ||||||
|   $js_version_string = variable_get('drupal_js_version_query_string', 'v='); |   $js_version_string = variable_get('drupal_js_version_query_string', 'v='); | ||||||
|  |  | ||||||
|   // Sort the JavaScript so that it appears in the correct order. |   $files = array(); | ||||||
|   uasort($items, 'drupal_sort_css_js'); |  | ||||||
|  |  | ||||||
|   // Provide the page with information about the individual JavaScript files |   $scripts = isset($elements['scripts']) ? $elements['scripts'] : array(); | ||||||
|   // used, information not otherwise available when aggregation is enabled. |   $scripts += array('#weight' => 0); | ||||||
|   $setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1); |  | ||||||
|   unset($setting['ajaxPageState']['js']['settings']); |  | ||||||
|   drupal_add_js($setting, 'setting'); |  | ||||||
|  |  | ||||||
|   // If we're outputting the header scope, then this might be the final time |   $settings = isset($elements['settings']) ? $elements['settings'] : array(); | ||||||
|   // that drupal_get_js() is running, so add the setting to this output as well |   $settings += array('#weight' => $scripts['#weight'] + 10); | ||||||
|   // as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's |  | ||||||
|   // because drupal_get_js() was intentionally passed a $javascript argument |   // The index counter is used to keep aggregated and non-aggregated files in | ||||||
|   // stripped off settings, potentially in order to override how settings get |   // order by weight. Use existing scripts count as a starting point. | ||||||
|   // output, so in this case, do not add the setting to this output. |   $index = count(element_children($scripts)) + 1; | ||||||
|   if ($scope == 'header' && isset($items['settings'])) { |  | ||||||
|     $items['settings']['data'][] = $setting; |  | ||||||
|   } |  | ||||||
|  |  | ||||||
|   // Loop through the JavaScript to construct the rendered output. |   // Loop through the JavaScript to construct the rendered output. | ||||||
|   $element = array( |   $element = array( | ||||||
|  |     '#type' => 'html_tag', | ||||||
|     '#tag' => 'script', |     '#tag' => 'script', | ||||||
|     '#value' => '', |     '#value' => '', | ||||||
|     '#attributes' => array( |     '#attributes' => array( | ||||||
|       'type' => 'text/javascript', |       'type' => 'text/javascript', | ||||||
|     ), |     ), | ||||||
|   ); |   ); | ||||||
|   foreach ($items as $item) { |  | ||||||
|  |   foreach ($elements['#items'] as $item) { | ||||||
|     $query_string =  empty($item['version']) ? $default_query_string : $js_version_string . $item['version']; |     $query_string =  empty($item['version']) ? $default_query_string : $js_version_string . $item['version']; | ||||||
|  |  | ||||||
|     switch ($item['type']) { |     switch ($item['type']) { | ||||||
| @@ -4425,7 +4556,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|         $js_element['#value_prefix'] = $embed_prefix; |         $js_element['#value_prefix'] = $embed_prefix; | ||||||
|         $js_element['#value'] = 'jQuery.extend(Drupal.settings, ' . drupal_json_encode(drupal_array_merge_deep_array($item['data'])) . ");"; |         $js_element['#value'] = 'jQuery.extend(Drupal.settings, ' . drupal_json_encode(drupal_array_merge_deep_array($item['data'])) . ");"; | ||||||
|         $js_element['#value_suffix'] = $embed_suffix; |         $js_element['#value_suffix'] = $embed_suffix; | ||||||
|         $output .= theme('html_tag', array('element' => $js_element)); |         $settings[] = $js_element; | ||||||
|         break; |         break; | ||||||
|  |  | ||||||
|       case 'inline': |       case 'inline': | ||||||
| @@ -4436,7 +4567,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|         $js_element['#value_prefix'] = $embed_prefix; |         $js_element['#value_prefix'] = $embed_prefix; | ||||||
|         $js_element['#value'] = $item['data']; |         $js_element['#value'] = $item['data']; | ||||||
|         $js_element['#value_suffix'] = $embed_suffix; |         $js_element['#value_suffix'] = $embed_suffix; | ||||||
|         $processed[$index++] = theme('html_tag', array('element' => $js_element)); |         $scripts[$index++] = $js_element; | ||||||
|         break; |         break; | ||||||
|  |  | ||||||
|       case 'file': |       case 'file': | ||||||
| @@ -4447,7 +4578,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|           } |           } | ||||||
|           $query_string_separator = (strpos($item['data'], '?') !== FALSE) ? '&' : '?'; |           $query_string_separator = (strpos($item['data'], '?') !== FALSE) ? '&' : '?'; | ||||||
|           $js_element['#attributes']['src'] = file_create_url($item['data']) . $query_string_separator . ($item['cache'] ? $query_string : REQUEST_TIME); |           $js_element['#attributes']['src'] = file_create_url($item['data']) . $query_string_separator . ($item['cache'] ? $query_string : REQUEST_TIME); | ||||||
|           $processed[$index++] = theme('html_tag', array('element' => $js_element)); |           $scripts[$index++] = $js_element; | ||||||
|         } |         } | ||||||
|         else { |         else { | ||||||
|           // By increasing the index for each aggregated file, we maintain |           // By increasing the index for each aggregated file, we maintain | ||||||
| @@ -4458,7 +4589,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|           // leading to better front-end performance of a website as a whole. |           // leading to better front-end performance of a website as a whole. | ||||||
|           // See drupal_add_js() for details. |           // See drupal_add_js() for details. | ||||||
|           $key = 'aggregate_' . $item['group'] . '_' . $item['every_page'] . '_' . $index; |           $key = 'aggregate_' . $item['group'] . '_' . $item['every_page'] . '_' . $index; | ||||||
|           $processed[$key] = ''; |           $scripts[$key] = ''; | ||||||
|           $files[$key][$item['data']] = $item; |           $files[$key][$item['data']] = $item; | ||||||
|         } |         } | ||||||
|         break; |         break; | ||||||
| @@ -4470,7 +4601,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|           $js_element['#attributes']['defer'] = 'defer'; |           $js_element['#attributes']['defer'] = 'defer'; | ||||||
|         } |         } | ||||||
|         $js_element['#attributes']['src'] = $item['data']; |         $js_element['#attributes']['src'] = $item['data']; | ||||||
|         $processed[$index++] = theme('html_tag', array('element' => $js_element)); |         $scripts[$index++] = $js_element; | ||||||
|         break; |         break; | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
| @@ -4485,14 +4616,18 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS | |||||||
|         $preprocess_file = file_create_url($uri); |         $preprocess_file = file_create_url($uri); | ||||||
|         $js_element = $element; |         $js_element = $element; | ||||||
|         $js_element['#attributes']['src'] = $preprocess_file; |         $js_element['#attributes']['src'] = $preprocess_file; | ||||||
|         $processed[$key] = theme('html_tag', array('element' => $js_element)); |         $scripts[$key] = $js_element; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Keep the order of JS files consistent as some are preprocessed and others are not. |   // Keep the order of JS files consistent as some are preprocessed and others | ||||||
|   // Make sure any inline or JS setting variables appear last after libraries have loaded. |   // are not. Make sure any inline or JS setting variables appear last after | ||||||
|   return implode('', $processed) . $output; |   // libraries have loaded. | ||||||
|  |   $element['scripts'] = $scripts; | ||||||
|  |   $element['settings'] = $settings; | ||||||
|  |  | ||||||
|  |   return $element; | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -5038,6 +5173,8 @@ function drupal_build_js_cache($files) { | |||||||
|         $contents .= file_get_contents($path) . ";\n"; |         $contents .= file_get_contents($path) . ";\n"; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |     // Remove JS source and source mapping urls or these may cause 404 errors. | ||||||
|  |     $contents = preg_replace('/\/\/(#|@)\s(sourceURL|sourceMappingURL)=\s*(\S*?)\s*$/m', '', $contents); | ||||||
|     // Prefix filename to prevent blocking by firewalls which reject files |     // Prefix filename to prevent blocking by firewalls which reject files | ||||||
|     // starting with "ad*". |     // starting with "ad*". | ||||||
|     $filename = 'js_' . drupal_hash_base64($contents) . '.js'; |     $filename = 'js_' . drupal_hash_base64($contents) . '.js'; | ||||||
| @@ -5212,6 +5349,11 @@ function _drupal_bootstrap_full() { | |||||||
|   fix_gpc_magic(); |   fix_gpc_magic(); | ||||||
|   // Load all enabled modules |   // Load all enabled modules | ||||||
|   module_load_all(); |   module_load_all(); | ||||||
|  |   // Reset drupal_alter() and module_implements() static caches as these | ||||||
|  |   // include implementations for vital modules only when called early on | ||||||
|  |   // in the bootstrap. | ||||||
|  |   drupal_static_reset('drupal_alter'); | ||||||
|  |   drupal_static_reset('module_implements'); | ||||||
|   // Make sure all stream wrappers are registered. |   // Make sure all stream wrappers are registered. | ||||||
|   file_get_stream_wrappers(); |   file_get_stream_wrappers(); | ||||||
|   // Ensure mt_rand is reseeded, to prevent random values from one page load |   // Ensure mt_rand is reseeded, to prevent random values from one page load | ||||||
| @@ -5308,8 +5450,8 @@ function drupal_page_set_cache() { | |||||||
|  * |  * | ||||||
|  * Do not call this function from a test. Use $this->cronRun() instead. |  * Do not call this function from a test. Use $this->cronRun() instead. | ||||||
|  * |  * | ||||||
|  * @return |  * @return bool | ||||||
|  *   TRUE if cron ran successfully. |  *   TRUE if cron ran successfully and FALSE if cron is already running. | ||||||
|  */ |  */ | ||||||
| function drupal_cron_run() { | function drupal_cron_run() { | ||||||
|   // Allow execution to continue even if the request gets canceled. |   // Allow execution to continue even if the request gets canceled. | ||||||
| @@ -5371,12 +5513,12 @@ function drupal_cron_run() { | |||||||
|       // Do not run if queue wants to skip. |       // Do not run if queue wants to skip. | ||||||
|       continue; |       continue; | ||||||
|     } |     } | ||||||
|     $function = $info['worker callback']; |     $callback = $info['worker callback']; | ||||||
|     $end = time() + (isset($info['time']) ? $info['time'] : 15); |     $end = time() + (isset($info['time']) ? $info['time'] : 15); | ||||||
|     $queue = DrupalQueue::get($queue_name); |     $queue = DrupalQueue::get($queue_name); | ||||||
|     while (time() < $end && ($item = $queue->claimItem())) { |     while (time() < $end && ($item = $queue->claimItem())) { | ||||||
|       try { |       try { | ||||||
|         $function($item->data); |         call_user_func($callback, $item->data); | ||||||
|         $queue->deleteItem($item); |         $queue->deleteItem($item); | ||||||
|       } |       } | ||||||
|       catch (Exception $e) { |       catch (Exception $e) { | ||||||
| @@ -6329,13 +6471,21 @@ function drupal_render_cid_parts($granularity = NULL) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (!empty($granularity)) { |   if (!empty($granularity)) { | ||||||
|  |     $cache_per_role = $granularity & DRUPAL_CACHE_PER_ROLE; | ||||||
|  |     $cache_per_user = $granularity & DRUPAL_CACHE_PER_USER; | ||||||
|  |     // User 1 has special permissions outside of the role system, so when | ||||||
|  |     // caching per role is requested, it should cache per user instead. | ||||||
|  |     if ($user->uid == 1 && $cache_per_role) { | ||||||
|  |       $cache_per_user = TRUE; | ||||||
|  |       $cache_per_role = FALSE; | ||||||
|  |     } | ||||||
|     // 'PER_ROLE' and 'PER_USER' are mutually exclusive. 'PER_USER' can be a |     // 'PER_ROLE' and 'PER_USER' are mutually exclusive. 'PER_USER' can be a | ||||||
|     // resource drag for sites with many users, so when a module is being |     // resource drag for sites with many users, so when a module is being | ||||||
|     // equivocal, we favor the less expensive 'PER_ROLE' pattern. |     // equivocal, we favor the less expensive 'PER_ROLE' pattern. | ||||||
|     if ($granularity & DRUPAL_CACHE_PER_ROLE) { |     if ($cache_per_role) { | ||||||
|       $cid_parts[] = 'r.' . implode(',', array_keys($user->roles)); |       $cid_parts[] = 'r.' . implode(',', array_keys($user->roles)); | ||||||
|     } |     } | ||||||
|     elseif ($granularity & DRUPAL_CACHE_PER_USER) { |     elseif ($cache_per_user) { | ||||||
|       $cid_parts[] = "u.$user->uid"; |       $cid_parts[] = "u.$user->uid"; | ||||||
|     } |     } | ||||||
|  |  | ||||||
| @@ -6512,30 +6662,41 @@ function element_children(&$elements, $sort = FALSE) { | |||||||
|   $sort = isset($elements['#sorted']) ? !$elements['#sorted'] : $sort; |   $sort = isset($elements['#sorted']) ? !$elements['#sorted'] : $sort; | ||||||
|  |  | ||||||
|   // Filter out properties from the element, leaving only children. |   // Filter out properties from the element, leaving only children. | ||||||
|   $children = array(); |   $count = count($elements); | ||||||
|  |   $child_weights = array(); | ||||||
|  |   $i = 0; | ||||||
|   $sortable = FALSE; |   $sortable = FALSE; | ||||||
|   foreach ($elements as $key => $value) { |   foreach ($elements as $key => $value) { | ||||||
|     if ($key === '' || $key[0] !== '#') { |     if (is_int($key) || $key === '' || $key[0] !== '#') { | ||||||
|       $children[$key] = $value; |  | ||||||
|       if (is_array($value) && isset($value['#weight'])) { |       if (is_array($value) && isset($value['#weight'])) { | ||||||
|  |         $weight = $value['#weight']; | ||||||
|         $sortable = TRUE; |         $sortable = TRUE; | ||||||
|       } |       } | ||||||
|  |       else { | ||||||
|  |         $weight = 0; | ||||||
|       } |       } | ||||||
|  |       // Support weights with up to three digit precision and conserve the | ||||||
|  |       // insertion order. | ||||||
|  |       $child_weights[$key] = floor($weight * 1000) + $i / $count; | ||||||
|     } |     } | ||||||
|  |     $i++; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Sort the children if necessary. |   // Sort the children if necessary. | ||||||
|   if ($sort && $sortable) { |   if ($sort && $sortable) { | ||||||
|     uasort($children, 'element_sort'); |     asort($child_weights); | ||||||
|     // Put the sorted children back into $elements in the correct order, to |     // Put the sorted children back into $elements in the correct order, to | ||||||
|     // preserve sorting if the same element is passed through |     // preserve sorting if the same element is passed through | ||||||
|     // element_children() twice. |     // element_children() twice. | ||||||
|     foreach ($children as $key => $child) { |     foreach ($child_weights as $key => $weight) { | ||||||
|  |       $value = $elements[$key]; | ||||||
|       unset($elements[$key]); |       unset($elements[$key]); | ||||||
|       $elements[$key] = $child; |       $elements[$key] = $value; | ||||||
|     } |     } | ||||||
|     $elements['#sorted'] = TRUE; |     $elements['#sorted'] = TRUE; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   return array_keys($children); |   return array_keys($child_weights); | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -6861,7 +7022,16 @@ function drupal_common_theme() { | |||||||
|       'variables' => array(), |       'variables' => array(), | ||||||
|     ), |     ), | ||||||
|     'table' => array( |     'table' => array( | ||||||
|       'variables' => array('header' => NULL, 'rows' => NULL, 'attributes' => array(), 'caption' => NULL, 'colgroups' => array(), 'sticky' => TRUE, 'empty' => ''), |       'variables' => array( | ||||||
|  |         'header' => NULL, | ||||||
|  |         'footer' => NULL, | ||||||
|  |         'rows' => NULL, | ||||||
|  |         'attributes' => array(), | ||||||
|  |         'caption' => NULL, | ||||||
|  |         'colgroups' => array(), | ||||||
|  |         'sticky' => TRUE, | ||||||
|  |         'empty' => '', | ||||||
|  |       ), | ||||||
|     ), |     ), | ||||||
|     'tablesort_indicator' => array( |     'tablesort_indicator' => array( | ||||||
|       'variables' => array('style' => NULL), |       'variables' => array('style' => NULL), | ||||||
| @@ -7075,7 +7245,8 @@ function drupal_uninstall_schema($module) { | |||||||
|  * specification of a schema, as it was defined in a module's |  * specification of a schema, as it was defined in a module's | ||||||
|  * hook_schema(). No additional default values will be set, |  * hook_schema(). No additional default values will be set, | ||||||
|  * hook_schema_alter() is not invoked and these unprocessed |  * hook_schema_alter() is not invoked and these unprocessed | ||||||
|  * definitions won't be cached. |  * definitions won't be cached. To retrieve the schema after | ||||||
|  |  * hook_schema_alter() has been invoked use drupal_get_schema(). | ||||||
|  * |  * | ||||||
|  * This function can be used to retrieve a schema specification in |  * This function can be used to retrieve a schema specification in | ||||||
|  * hook_schema(), so it allows you to derive your tables from existing |  * hook_schema(), so it allows you to derive your tables from existing | ||||||
| @@ -7137,6 +7308,24 @@ function _drupal_schema_initialize(&$schema, $module, $remove_descriptions = TRU | |||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Retrieves the type for every field in a table schema. | ||||||
|  |  * | ||||||
|  |  * @param $table | ||||||
|  |  *   The name of the table from which to retrieve type information. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   An array of types, keyed by field name. | ||||||
|  |  */ | ||||||
|  | function drupal_schema_field_types($table) { | ||||||
|  |   $table_schema = drupal_get_schema($table); | ||||||
|  |   $field_types = array(); | ||||||
|  |   foreach ($table_schema['fields'] as $field_name => $field_info) { | ||||||
|  |     $field_types[$field_name] = isset($field_info['type']) ? $field_info['type'] : NULL; | ||||||
|  |   } | ||||||
|  |   return $field_types; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Retrieves a list of fields from a table schema. |  * Retrieves a list of fields from a table schema. | ||||||
|  * |  * | ||||||
| @@ -7338,7 +7527,16 @@ function drupal_write_record($table, &$record, $primary_keys = array()) { | |||||||
|  * Information stored in a module .info file: |  * Information stored in a module .info file: | ||||||
|  * - name: The real name of the module for display purposes. |  * - name: The real name of the module for display purposes. | ||||||
|  * - description: A brief description of the module. |  * - description: A brief description of the module. | ||||||
|  * - dependencies: An array of shortnames of other modules this module requires. |  * - dependencies: An array of dependency strings. Each is in the form | ||||||
|  |  *   'project:module (versions)'; with the following meanings: | ||||||
|  |  *   - project: (optional) Project shortname, recommended to ensure uniqueness, | ||||||
|  |  *     if the module is part of a project hosted on drupal.org. If omitted, | ||||||
|  |  *     also omit the : that follows. The project name is currently ignored by | ||||||
|  |  *     Drupal core but is used for automated testing. | ||||||
|  |  *   - module: (required) Module shortname within the project. | ||||||
|  |  *   - (versions): Optional version information, consisting of one or more | ||||||
|  |  *     comma-separated operator/value pairs or simply version numbers, which | ||||||
|  |  *     can contain "x" as a wildcard. Examples: (>=7.22, <7.28), (7.x-3.x). | ||||||
|  * - package: The name of the package of modules this module belongs to. |  * - package: The name of the package of modules this module belongs to. | ||||||
|  * |  * | ||||||
|  * See forum.info for an example of a module .info file. |  * See forum.info for an example of a module .info file. | ||||||
| @@ -7418,7 +7616,6 @@ function drupal_parse_info_file($filename) { | |||||||
|  */ |  */ | ||||||
| function drupal_parse_info_format($data) { | function drupal_parse_info_format($data) { | ||||||
|   $info = array(); |   $info = array(); | ||||||
|   $constants = get_defined_constants(); |  | ||||||
|  |  | ||||||
|   if (preg_match_all(' |   if (preg_match_all(' | ||||||
|     @^\s*                           # Start at the beginning of a line, ignoring leading whitespace |     @^\s*                           # Start at the beginning of a line, ignoring leading whitespace | ||||||
| @@ -7458,8 +7655,8 @@ function drupal_parse_info_format($data) { | |||||||
|       } |       } | ||||||
|  |  | ||||||
|       // Handle PHP constants. |       // Handle PHP constants. | ||||||
|       if (isset($constants[$value])) { |       if (preg_match('/^\w+$/i', $value) && defined($value)) { | ||||||
|         $value = $constants[$value]; |         $value = constant($value); | ||||||
|       } |       } | ||||||
|  |  | ||||||
|       // Insert actual value. |       // Insert actual value. | ||||||
| @@ -7623,7 +7820,12 @@ function debug($data, $label = NULL, $print_r = FALSE) { | |||||||
|  * Parses a dependency for comparison by drupal_check_incompatibility(). |  * Parses a dependency for comparison by drupal_check_incompatibility(). | ||||||
|  * |  * | ||||||
|  * @param $dependency |  * @param $dependency | ||||||
|  *   A dependency string, for example 'foo (>=7.x-4.5-beta5, 3.x)'. |  *   A dependency string, which specifies a module dependency, and optionally | ||||||
|  |  *   the project it comes from and versions that are supported. Supported | ||||||
|  |  *   formats include: | ||||||
|  |  *   - 'module' | ||||||
|  |  *   - 'project:module' | ||||||
|  |  *   - 'project:module (>=version, version)' | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   An associative array with three keys: |  *   An associative array with three keys: | ||||||
| @@ -7638,6 +7840,12 @@ function debug($data, $label = NULL, $print_r = FALSE) { | |||||||
|  * @see drupal_check_incompatibility() |  * @see drupal_check_incompatibility() | ||||||
|  */ |  */ | ||||||
| function drupal_parse_dependency($dependency) { | function drupal_parse_dependency($dependency) { | ||||||
|  |   $value = array(); | ||||||
|  |   // Split out the optional project name. | ||||||
|  |   if (strpos($dependency, ':')) { | ||||||
|  |     list($project_name, $dependency) = explode(':', $dependency); | ||||||
|  |     $value['project'] = $project_name; | ||||||
|  |   } | ||||||
|   // We use named subpatterns and support every op that version_compare |   // We use named subpatterns and support every op that version_compare | ||||||
|   // supports. Also, op is optional and defaults to equals. |   // supports. Also, op is optional and defaults to equals. | ||||||
|   $p_op = '(?P<operation>!=|==|=|<|<=|>|>=|<>)?'; |   $p_op = '(?P<operation>!=|==|=|<|<=|>|>=|<>)?'; | ||||||
| @@ -7646,7 +7854,6 @@ function drupal_parse_dependency($dependency) { | |||||||
|   $p_major = '(?P<major>\d+)'; |   $p_major = '(?P<major>\d+)'; | ||||||
|   // By setting the minor version to x, branches can be matched. |   // By setting the minor version to x, branches can be matched. | ||||||
|   $p_minor = '(?P<minor>(?:\d+|x)(?:-[A-Za-z]+\d+)?)'; |   $p_minor = '(?P<minor>(?:\d+|x)(?:-[A-Za-z]+\d+)?)'; | ||||||
|   $value = array(); |  | ||||||
|   $parts = explode('(', $dependency, 2); |   $parts = explode('(', $dependency, 2); | ||||||
|   $value['name'] = trim($parts[0]); |   $value['name'] = trim($parts[0]); | ||||||
|   if (isset($parts[1])) { |   if (isset($parts[1])) { | ||||||
| @@ -7761,6 +7968,7 @@ function entity_get_info($entity_type = NULL) { | |||||||
|         // Prepare entity schema fields SQL info for |         // Prepare entity schema fields SQL info for | ||||||
|         // DrupalEntityControllerInterface::buildQuery(). |         // DrupalEntityControllerInterface::buildQuery(). | ||||||
|         if (isset($entity_info[$name]['base table'])) { |         if (isset($entity_info[$name]['base table'])) { | ||||||
|  |           $entity_info[$name]['base table field types'] = drupal_schema_field_types($entity_info[$name]['base table']); | ||||||
|           $entity_info[$name]['schema_fields_sql']['base table'] = drupal_schema_fields_sql($entity_info[$name]['base table']); |           $entity_info[$name]['schema_fields_sql']['base table'] = drupal_schema_fields_sql($entity_info[$name]['base table']); | ||||||
|           if (isset($entity_info[$name]['revision table'])) { |           if (isset($entity_info[$name]['revision table'])) { | ||||||
|             $entity_info[$name]['schema_fields_sql']['revision table'] = drupal_schema_fields_sql($entity_info[$name]['revision table']); |             $entity_info[$name]['schema_fields_sql']['revision table'] = drupal_schema_fields_sql($entity_info[$name]['revision table']); | ||||||
|   | |||||||
| @@ -184,7 +184,7 @@ | |||||||
|  * |  * | ||||||
|  * @see http://php.net/manual/book.pdo.php |  * @see http://php.net/manual/book.pdo.php | ||||||
|  */ |  */ | ||||||
| abstract class DatabaseConnection extends PDO { | abstract class DatabaseConnection { | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * The database target this connection is for. |    * The database target this connection is for. | ||||||
| @@ -261,6 +261,13 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    */ |    */ | ||||||
|   protected $temporaryNameIndex = 0; |   protected $temporaryNameIndex = 0; | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * The actual PDO connection. | ||||||
|  |    * | ||||||
|  |    * @var \PDO | ||||||
|  |    */ | ||||||
|  |   protected $connection; | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * The connection information for this connection object. |    * The connection information for this connection object. | ||||||
|    * |    * | ||||||
| @@ -296,6 +303,27 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    */ |    */ | ||||||
|   protected $prefixReplace = array(); |   protected $prefixReplace = array(); | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * List of escaped database, table, and field names, keyed by unescaped names. | ||||||
|  |    * | ||||||
|  |    * @var array | ||||||
|  |    */ | ||||||
|  |   protected $escapedNames = array(); | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * List of escaped aliases names, keyed by unescaped aliases. | ||||||
|  |    * | ||||||
|  |    * @var array | ||||||
|  |    */ | ||||||
|  |   protected $escapedAliases = array(); | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * List of un-prefixed table names, keyed by prefixed table names. | ||||||
|  |    * | ||||||
|  |    * @var array | ||||||
|  |    */ | ||||||
|  |   protected $unprefixedTablesMap = array(); | ||||||
|  |  | ||||||
|   function __construct($dsn, $username, $password, $driver_options = array()) { |   function __construct($dsn, $username, $password, $driver_options = array()) { | ||||||
|     // Initialize and prepare the connection prefix. |     // Initialize and prepare the connection prefix. | ||||||
|     $this->setPrefix(isset($this->connectionOptions['prefix']) ? $this->connectionOptions['prefix'] : ''); |     $this->setPrefix(isset($this->connectionOptions['prefix']) ? $this->connectionOptions['prefix'] : ''); | ||||||
| @@ -304,14 +332,27 @@ abstract class DatabaseConnection extends PDO { | |||||||
|     $driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; |     $driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; | ||||||
|  |  | ||||||
|     // Call PDO::__construct and PDO::setAttribute. |     // Call PDO::__construct and PDO::setAttribute. | ||||||
|     parent::__construct($dsn, $username, $password, $driver_options); |     $this->connection = new PDO($dsn, $username, $password, $driver_options); | ||||||
|  |  | ||||||
|     // Set a Statement class, unless the driver opted out. |     // Set a Statement class, unless the driver opted out. | ||||||
|     if (!empty($this->statementClass)) { |     if (!empty($this->statementClass)) { | ||||||
|       $this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array($this->statementClass, array($this))); |       $this->connection->setAttribute(PDO::ATTR_STATEMENT_CLASS, array($this->statementClass, array($this))); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Proxy possible direct calls to the \PDO methods. | ||||||
|  |    * | ||||||
|  |    * Since PHP8.0 the signature of the the \PDO::query() method has changed, | ||||||
|  |    * and this class can't extending \PDO any more. | ||||||
|  |    * | ||||||
|  |    * However, for the BC, proxy any calls to the \PDO methods to the actual | ||||||
|  |    * PDO connection object. | ||||||
|  |    */ | ||||||
|  |   public function __call($name, $arguments) { | ||||||
|  |     return call_user_func_array(array($this->connection, $name), $arguments); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Destroys this Connection object. |    * Destroys this Connection object. | ||||||
|    * |    * | ||||||
| @@ -324,7 +365,9 @@ abstract class DatabaseConnection extends PDO { | |||||||
|     // Destroy all references to this connection by setting them to NULL. |     // Destroy all references to this connection by setting them to NULL. | ||||||
|     // The Statement class attribute only accepts a new value that presents a |     // The Statement class attribute only accepts a new value that presents a | ||||||
|     // proper callable, so we reset it to PDOStatement. |     // proper callable, so we reset it to PDOStatement. | ||||||
|     $this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array())); |     if (!empty($this->statementClass)) { | ||||||
|  |       $this->connection->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array())); | ||||||
|  |     } | ||||||
|     $this->schema = NULL; |     $this->schema = NULL; | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -428,6 +471,13 @@ abstract class DatabaseConnection extends PDO { | |||||||
|     $this->prefixReplace[] = $this->prefixes['default']; |     $this->prefixReplace[] = $this->prefixes['default']; | ||||||
|     $this->prefixSearch[] = '}'; |     $this->prefixSearch[] = '}'; | ||||||
|     $this->prefixReplace[] = ''; |     $this->prefixReplace[] = ''; | ||||||
|  |  | ||||||
|  |     // Set up a map of prefixed => un-prefixed tables. | ||||||
|  |     foreach ($this->prefixes as $table_name => $prefix) { | ||||||
|  |       if ($table_name !== 'default') { | ||||||
|  |         $this->unprefixedTablesMap[$prefix . $table_name] = $table_name; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -463,6 +513,17 @@ abstract class DatabaseConnection extends PDO { | |||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Gets a list of individually prefixed table names. | ||||||
|  |    * | ||||||
|  |    * @return array | ||||||
|  |    *   An array of un-prefixed table names, keyed by their fully qualified table | ||||||
|  |    *   names (i.e. prefix + table_name). | ||||||
|  |    */ | ||||||
|  |   public function getUnprefixedTablesMap() { | ||||||
|  |     return $this->unprefixedTablesMap; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Prepares a query string and returns the prepared statement. |    * Prepares a query string and returns the prepared statement. | ||||||
|    * |    * | ||||||
| @@ -480,7 +541,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|     $query = $this->prefixTables($query); |     $query = $this->prefixTables($query); | ||||||
|  |  | ||||||
|     // Call PDO::prepare. |     // Call PDO::prepare. | ||||||
|     return parent::prepare($query); |     return $this->connection->prepare($query); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -626,7 +687,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    *   A sanitized version of the query comment string. |    *   A sanitized version of the query comment string. | ||||||
|    */ |    */ | ||||||
|   protected function filterComment($comment = '') { |   protected function filterComment($comment = '') { | ||||||
|     return preg_replace('/(\/\*\s*)|(\s*\*\/)/', '', $comment); |     return strtr($comment, array('*' => ' * ')); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -656,7 +717,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    * @return DatabaseStatementInterface |    * @return DatabaseStatementInterface | ||||||
|    *   This method will return one of: the executed statement, the number of |    *   This method will return one of: the executed statement, the number of | ||||||
|    *   rows affected by the query (not the number matched), or the generated |    *   rows affected by the query (not the number matched), or the generated | ||||||
|    *   insert IT of the last query, depending on the value of |    *   insert ID of the last query, depending on the value of | ||||||
|    *   $options['return']. Typically that value will be set by default or a |    *   $options['return']. Typically that value will be set by default or a | ||||||
|    *   query builder and should not be set by a user. If there is an error, |    *   query builder and should not be set by a user. If there is an error, | ||||||
|    *   this method will return NULL and may throw an exception if |    *   this method will return NULL and may throw an exception if | ||||||
| @@ -692,7 +753,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|         case Database::RETURN_AFFECTED: |         case Database::RETURN_AFFECTED: | ||||||
|           return $stmt->rowCount(); |           return $stmt->rowCount(); | ||||||
|         case Database::RETURN_INSERT_ID: |         case Database::RETURN_INSERT_ID: | ||||||
|           return $this->lastInsertId(); |           return $this->connection->lastInsertId(); | ||||||
|         case Database::RETURN_NULL: |         case Database::RETURN_NULL: | ||||||
|           return; |           return; | ||||||
|         default: |         default: | ||||||
| @@ -919,11 +980,14 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    * For some database drivers, it may also wrap the table name in |    * For some database drivers, it may also wrap the table name in | ||||||
|    * database-specific escape characters. |    * database-specific escape characters. | ||||||
|    * |    * | ||||||
|    * @return |    * @return string | ||||||
|    *   The sanitized table name string. |    *   The sanitized table name string. | ||||||
|    */ |    */ | ||||||
|   public function escapeTable($table) { |   public function escapeTable($table) { | ||||||
|     return preg_replace('/[^A-Za-z0-9_.]+/', '', $table); |     if (!isset($this->escapedNames[$table])) { | ||||||
|  |       $this->escapedNames[$table] = preg_replace('/[^A-Za-z0-9_.]+/', '', $table); | ||||||
|  |     } | ||||||
|  |     return $this->escapedNames[$table]; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -933,11 +997,14 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    * For some database drivers, it may also wrap the field name in |    * For some database drivers, it may also wrap the field name in | ||||||
|    * database-specific escape characters. |    * database-specific escape characters. | ||||||
|    * |    * | ||||||
|    * @return |    * @return string | ||||||
|    *   The sanitized field name string. |    *   The sanitized field name string. | ||||||
|    */ |    */ | ||||||
|   public function escapeField($field) { |   public function escapeField($field) { | ||||||
|     return preg_replace('/[^A-Za-z0-9_.]+/', '', $field); |     if (!isset($this->escapedNames[$field])) { | ||||||
|  |       $this->escapedNames[$field] = preg_replace('/[^A-Za-z0-9_.]+/', '', $field); | ||||||
|  |     } | ||||||
|  |     return $this->escapedNames[$field]; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -948,11 +1015,14 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    * DatabaseConnection::escapeTable(), this doesn't allow the period (".") |    * DatabaseConnection::escapeTable(), this doesn't allow the period (".") | ||||||
|    * because that is not allowed in aliases. |    * because that is not allowed in aliases. | ||||||
|    * |    * | ||||||
|    * @return |    * @return string | ||||||
|    *   The sanitized field name string. |    *   The sanitized field name string. | ||||||
|    */ |    */ | ||||||
|   public function escapeAlias($field) { |   public function escapeAlias($field) { | ||||||
|     return preg_replace('/[^A-Za-z0-9_]+/', '', $field); |     if (!isset($this->escapedAliases[$field])) { | ||||||
|  |       $this->escapedAliases[$field] = preg_replace('/[^A-Za-z0-9_]+/', '', $field); | ||||||
|  |     } | ||||||
|  |     return $this->escapedAliases[$field]; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -1066,7 +1136,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|         $rolled_back_other_active_savepoints = TRUE; |         $rolled_back_other_active_savepoints = TRUE; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     parent::rollBack(); |     $this->connection->rollBack(); | ||||||
|     if ($rolled_back_other_active_savepoints) { |     if ($rolled_back_other_active_savepoints) { | ||||||
|       throw new DatabaseTransactionOutOfOrderException(); |       throw new DatabaseTransactionOutOfOrderException(); | ||||||
|     } |     } | ||||||
| @@ -1094,7 +1164,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|       $this->query('SAVEPOINT ' . $name); |       $this->query('SAVEPOINT ' . $name); | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|       parent::beginTransaction(); |       $this->connection->beginTransaction(); | ||||||
|     } |     } | ||||||
|     $this->transactionLayers[$name] = $name; |     $this->transactionLayers[$name] = $name; | ||||||
|   } |   } | ||||||
| @@ -1145,7 +1215,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|       // If there are no more layers left then we should commit. |       // If there are no more layers left then we should commit. | ||||||
|       unset($this->transactionLayers[$name]); |       unset($this->transactionLayers[$name]); | ||||||
|       if (empty($this->transactionLayers)) { |       if (empty($this->transactionLayers)) { | ||||||
|         if (!parent::commit()) { |         if (!$this->connection->commit()) { | ||||||
|           throw new DatabaseTransactionCommitFailedException(); |           throw new DatabaseTransactionCommitFailedException(); | ||||||
|         } |         } | ||||||
|       } |       } | ||||||
| @@ -1229,7 +1299,7 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    * Returns the version of the database server. |    * Returns the version of the database server. | ||||||
|    */ |    */ | ||||||
|   public function version() { |   public function version() { | ||||||
|     return $this->getAttribute(PDO::ATTR_SERVER_VERSION); |     return $this->connection->getAttribute(PDO::ATTR_SERVER_VERSION); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -1313,6 +1383,39 @@ abstract class DatabaseConnection extends PDO { | |||||||
|    *   also larger than the $existing_id if one was passed in. |    *   also larger than the $existing_id if one was passed in. | ||||||
|    */ |    */ | ||||||
|   abstract public function nextId($existing_id = 0); |   abstract public function nextId($existing_id = 0); | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Checks whether utf8mb4 support is configurable in settings.php. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    */ | ||||||
|  |   public function utf8mb4IsConfigurable() { | ||||||
|  |     // Since 4 byte UTF-8 is not supported by default, there is nothing to | ||||||
|  |     // configure. | ||||||
|  |     return FALSE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Checks whether utf8mb4 support is currently active. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    */ | ||||||
|  |   public function utf8mb4IsActive() { | ||||||
|  |     // Since 4 byte UTF-8 is not supported by default, there is nothing to | ||||||
|  |     // activate. | ||||||
|  |     return FALSE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Checks whether utf8mb4 support is available on the current database system. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    */ | ||||||
|  |   public function utf8mb4IsSupported() { | ||||||
|  |     // By default we assume that the database backend may not support 4 byte | ||||||
|  |     // UTF-8. | ||||||
|  |     return FALSE; | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -1641,12 +1744,16 @@ abstract class Database { | |||||||
|    * |    * | ||||||
|    * @param $key |    * @param $key | ||||||
|    *   The connection key. |    *   The connection key. | ||||||
|  |    * @param $close | ||||||
|  |    *   Whether to close the connection. | ||||||
|    * @return |    * @return | ||||||
|    *   TRUE in case of success, FALSE otherwise. |    *   TRUE in case of success, FALSE otherwise. | ||||||
|    */ |    */ | ||||||
|   final public static function removeConnection($key) { |   final public static function removeConnection($key, $close = TRUE) { | ||||||
|     if (isset(self::$databaseInfo[$key])) { |     if (isset(self::$databaseInfo[$key])) { | ||||||
|  |       if ($close) { | ||||||
|         self::closeConnection(NULL, $key); |         self::closeConnection(NULL, $key); | ||||||
|  |       } | ||||||
|       unset(self::$databaseInfo[$key]); |       unset(self::$databaseInfo[$key]); | ||||||
|       return TRUE; |       return TRUE; | ||||||
|     } |     } | ||||||
| @@ -2784,7 +2891,6 @@ function db_field_exists($table, $field) { | |||||||
|  * |  * | ||||||
|  * @param $table_expression |  * @param $table_expression | ||||||
|  *   An SQL expression, for example "simpletest%" (without the quotes). |  *   An SQL expression, for example "simpletest%" (without the quotes). | ||||||
|  *   BEWARE: this is not prefixed, the caller should take care of that. |  | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   Array, both the keys and the values are the matching tables. |  *   Array, both the keys and the values are the matching tables. | ||||||
| @@ -2793,6 +2899,23 @@ function db_find_tables($table_expression) { | |||||||
|   return Database::getConnection()->schema()->findTables($table_expression); |   return Database::getConnection()->schema()->findTables($table_expression); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Finds all tables that are like the specified base table name. This is a | ||||||
|  |  * backport of the change made to db_find_tables in Drupal 8 to work with | ||||||
|  |  * virtual, un-prefixed table names. The original function is retained for | ||||||
|  |  * Backwards Compatibility. | ||||||
|  |  * @see https://www.drupal.org/node/2552435 | ||||||
|  |  * | ||||||
|  |  * @param $table_expression | ||||||
|  |  *   An SQL expression, for example "simpletest%" (without the quotes). | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   Array, both the keys and the values are the matching tables. | ||||||
|  |  */ | ||||||
|  | function db_find_tables_d8($table_expression) { | ||||||
|  |   return Database::getConnection()->schema()->findTablesD8($table_expression); | ||||||
|  | } | ||||||
|  |  | ||||||
| function _db_create_keys_sql($spec) { | function _db_create_keys_sql($spec) { | ||||||
|   return Database::getConnection()->schema()->createKeysSql($spec); |   return Database::getConnection()->schema()->createKeysSql($spec); | ||||||
| } | } | ||||||
|   | |||||||
| @@ -5,6 +5,11 @@ | |||||||
|  * Database interface code for MySQL database servers. |  * Database interface code for MySQL database servers. | ||||||
|  */ |  */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * The default character for quoting identifiers in MySQL. | ||||||
|  |  */ | ||||||
|  | define('MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT', '`'); | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * @addtogroup database |  * @addtogroup database | ||||||
|  * @{ |  * @{ | ||||||
| @@ -19,6 +24,277 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|    */ |    */ | ||||||
|   protected $needsCleanup = FALSE; |   protected $needsCleanup = FALSE; | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * The list of MySQL reserved key words. | ||||||
|  |    * | ||||||
|  |    * @link https://dev.mysql.com/doc/refman/8.0/en/keywords.html | ||||||
|  |    */ | ||||||
|  |   private $reservedKeyWords = array( | ||||||
|  |     'accessible', | ||||||
|  |     'add', | ||||||
|  |     'admin', | ||||||
|  |     'all', | ||||||
|  |     'alter', | ||||||
|  |     'analyze', | ||||||
|  |     'and', | ||||||
|  |     'as', | ||||||
|  |     'asc', | ||||||
|  |     'asensitive', | ||||||
|  |     'before', | ||||||
|  |     'between', | ||||||
|  |     'bigint', | ||||||
|  |     'binary', | ||||||
|  |     'blob', | ||||||
|  |     'both', | ||||||
|  |     'by', | ||||||
|  |     'call', | ||||||
|  |     'cascade', | ||||||
|  |     'case', | ||||||
|  |     'change', | ||||||
|  |     'char', | ||||||
|  |     'character', | ||||||
|  |     'check', | ||||||
|  |     'collate', | ||||||
|  |     'column', | ||||||
|  |     'condition', | ||||||
|  |     'constraint', | ||||||
|  |     'continue', | ||||||
|  |     'convert', | ||||||
|  |     'create', | ||||||
|  |     'cross', | ||||||
|  |     'cube', | ||||||
|  |     'cume_dist', | ||||||
|  |     'current_date', | ||||||
|  |     'current_time', | ||||||
|  |     'current_timestamp', | ||||||
|  |     'current_user', | ||||||
|  |     'cursor', | ||||||
|  |     'database', | ||||||
|  |     'databases', | ||||||
|  |     'day_hour', | ||||||
|  |     'day_microsecond', | ||||||
|  |     'day_minute', | ||||||
|  |     'day_second', | ||||||
|  |     'dec', | ||||||
|  |     'decimal', | ||||||
|  |     'declare', | ||||||
|  |     'default', | ||||||
|  |     'delayed', | ||||||
|  |     'delete', | ||||||
|  |     'dense_rank', | ||||||
|  |     'desc', | ||||||
|  |     'describe', | ||||||
|  |     'deterministic', | ||||||
|  |     'distinct', | ||||||
|  |     'distinctrow', | ||||||
|  |     'div', | ||||||
|  |     'double', | ||||||
|  |     'drop', | ||||||
|  |     'dual', | ||||||
|  |     'each', | ||||||
|  |     'else', | ||||||
|  |     'elseif', | ||||||
|  |     'empty', | ||||||
|  |     'enclosed', | ||||||
|  |     'escaped', | ||||||
|  |     'except', | ||||||
|  |     'exists', | ||||||
|  |     'exit', | ||||||
|  |     'explain', | ||||||
|  |     'false', | ||||||
|  |     'fetch', | ||||||
|  |     'first_value', | ||||||
|  |     'float', | ||||||
|  |     'float4', | ||||||
|  |     'float8', | ||||||
|  |     'for', | ||||||
|  |     'force', | ||||||
|  |     'foreign', | ||||||
|  |     'from', | ||||||
|  |     'fulltext', | ||||||
|  |     'function', | ||||||
|  |     'generated', | ||||||
|  |     'get', | ||||||
|  |     'grant', | ||||||
|  |     'group', | ||||||
|  |     'grouping', | ||||||
|  |     'groups', | ||||||
|  |     'having', | ||||||
|  |     'high_priority', | ||||||
|  |     'hour_microsecond', | ||||||
|  |     'hour_minute', | ||||||
|  |     'hour_second', | ||||||
|  |     'if', | ||||||
|  |     'ignore', | ||||||
|  |     'in', | ||||||
|  |     'index', | ||||||
|  |     'infile', | ||||||
|  |     'inner', | ||||||
|  |     'inout', | ||||||
|  |     'insensitive', | ||||||
|  |     'insert', | ||||||
|  |     'int', | ||||||
|  |     'int1', | ||||||
|  |     'int2', | ||||||
|  |     'int3', | ||||||
|  |     'int4', | ||||||
|  |     'int8', | ||||||
|  |     'integer', | ||||||
|  |     'interval', | ||||||
|  |     'into', | ||||||
|  |     'io_after_gtids', | ||||||
|  |     'io_before_gtids', | ||||||
|  |     'is', | ||||||
|  |     'iterate', | ||||||
|  |     'join', | ||||||
|  |     'json_table', | ||||||
|  |     'key', | ||||||
|  |     'keys', | ||||||
|  |     'kill', | ||||||
|  |     'lag', | ||||||
|  |     'last_value', | ||||||
|  |     'lead', | ||||||
|  |     'leading', | ||||||
|  |     'leave', | ||||||
|  |     'left', | ||||||
|  |     'like', | ||||||
|  |     'limit', | ||||||
|  |     'linear', | ||||||
|  |     'lines', | ||||||
|  |     'load', | ||||||
|  |     'localtime', | ||||||
|  |     'localtimestamp', | ||||||
|  |     'lock', | ||||||
|  |     'long', | ||||||
|  |     'longblob', | ||||||
|  |     'longtext', | ||||||
|  |     'loop', | ||||||
|  |     'low_priority', | ||||||
|  |     'master_bind', | ||||||
|  |     'master_ssl_verify_server_cert', | ||||||
|  |     'match', | ||||||
|  |     'maxvalue', | ||||||
|  |     'mediumblob', | ||||||
|  |     'mediumint', | ||||||
|  |     'mediumtext', | ||||||
|  |     'middleint', | ||||||
|  |     'minute_microsecond', | ||||||
|  |     'minute_second', | ||||||
|  |     'mod', | ||||||
|  |     'modifies', | ||||||
|  |     'natural', | ||||||
|  |     'not', | ||||||
|  |     'no_write_to_binlog', | ||||||
|  |     'nth_value', | ||||||
|  |     'ntile', | ||||||
|  |     'null', | ||||||
|  |     'numeric', | ||||||
|  |     'of', | ||||||
|  |     'on', | ||||||
|  |     'optimize', | ||||||
|  |     'optimizer_costs', | ||||||
|  |     'option', | ||||||
|  |     'optionally', | ||||||
|  |     'or', | ||||||
|  |     'order', | ||||||
|  |     'out', | ||||||
|  |     'outer', | ||||||
|  |     'outfile', | ||||||
|  |     'over', | ||||||
|  |     'partition', | ||||||
|  |     'percent_rank', | ||||||
|  |     'persist', | ||||||
|  |     'persist_only', | ||||||
|  |     'precision', | ||||||
|  |     'primary', | ||||||
|  |     'procedure', | ||||||
|  |     'purge', | ||||||
|  |     'range', | ||||||
|  |     'rank', | ||||||
|  |     'read', | ||||||
|  |     'reads', | ||||||
|  |     'read_write', | ||||||
|  |     'real', | ||||||
|  |     'recursive', | ||||||
|  |     'references', | ||||||
|  |     'regexp', | ||||||
|  |     'release', | ||||||
|  |     'rename', | ||||||
|  |     'repeat', | ||||||
|  |     'replace', | ||||||
|  |     'require', | ||||||
|  |     'resignal', | ||||||
|  |     'restrict', | ||||||
|  |     'return', | ||||||
|  |     'revoke', | ||||||
|  |     'right', | ||||||
|  |     'rlike', | ||||||
|  |     'row', | ||||||
|  |     'rows', | ||||||
|  |     'row_number', | ||||||
|  |     'schema', | ||||||
|  |     'schemas', | ||||||
|  |     'second_microsecond', | ||||||
|  |     'select', | ||||||
|  |     'sensitive', | ||||||
|  |     'separator', | ||||||
|  |     'set', | ||||||
|  |     'show', | ||||||
|  |     'signal', | ||||||
|  |     'smallint', | ||||||
|  |     'spatial', | ||||||
|  |     'specific', | ||||||
|  |     'sql', | ||||||
|  |     'sqlexception', | ||||||
|  |     'sqlstate', | ||||||
|  |     'sqlwarning', | ||||||
|  |     'sql_big_result', | ||||||
|  |     'sql_calc_found_rows', | ||||||
|  |     'sql_small_result', | ||||||
|  |     'ssl', | ||||||
|  |     'starting', | ||||||
|  |     'stored', | ||||||
|  |     'straight_join', | ||||||
|  |     'system', | ||||||
|  |     'table', | ||||||
|  |     'terminated', | ||||||
|  |     'then', | ||||||
|  |     'tinyblob', | ||||||
|  |     'tinyint', | ||||||
|  |     'tinytext', | ||||||
|  |     'to', | ||||||
|  |     'trailing', | ||||||
|  |     'trigger', | ||||||
|  |     'true', | ||||||
|  |     'undo', | ||||||
|  |     'union', | ||||||
|  |     'unique', | ||||||
|  |     'unlock', | ||||||
|  |     'unsigned', | ||||||
|  |     'update', | ||||||
|  |     'usage', | ||||||
|  |     'use', | ||||||
|  |     'using', | ||||||
|  |     'utc_date', | ||||||
|  |     'utc_time', | ||||||
|  |     'utc_timestamp', | ||||||
|  |     'values', | ||||||
|  |     'varbinary', | ||||||
|  |     'varchar', | ||||||
|  |     'varcharacter', | ||||||
|  |     'varying', | ||||||
|  |     'virtual', | ||||||
|  |     'when', | ||||||
|  |     'where', | ||||||
|  |     'while', | ||||||
|  |     'window', | ||||||
|  |     'with', | ||||||
|  |     'write', | ||||||
|  |     'xor', | ||||||
|  |     'year_month', | ||||||
|  |     'zerofill', | ||||||
|  |   ); | ||||||
|  |  | ||||||
|   public function __construct(array $connection_options = array()) { |   public function __construct(array $connection_options = array()) { | ||||||
|     // This driver defaults to transaction support, except if explicitly passed FALSE. |     // This driver defaults to transaction support, except if explicitly passed FALSE. | ||||||
|     $this->transactionSupport = !isset($connection_options['transactions']) || ($connection_options['transactions'] !== FALSE); |     $this->transactionSupport = !isset($connection_options['transactions']) || ($connection_options['transactions'] !== FALSE); | ||||||
| @@ -28,6 +304,12 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|  |  | ||||||
|     $this->connectionOptions = $connection_options; |     $this->connectionOptions = $connection_options; | ||||||
|  |  | ||||||
|  |     $charset = 'utf8'; | ||||||
|  |     // Check if the charset is overridden to utf8mb4 in settings.php. | ||||||
|  |     if ($this->utf8mb4IsActive()) { | ||||||
|  |       $charset = 'utf8mb4'; | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // The DSN should use either a socket or a host/port. |     // The DSN should use either a socket or a host/port. | ||||||
|     if (isset($connection_options['unix_socket'])) { |     if (isset($connection_options['unix_socket'])) { | ||||||
|       $dsn = 'mysql:unix_socket=' . $connection_options['unix_socket']; |       $dsn = 'mysql:unix_socket=' . $connection_options['unix_socket']; | ||||||
| @@ -39,7 +321,7 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|     // Character set is added to dsn to ensure PDO uses the proper character |     // Character set is added to dsn to ensure PDO uses the proper character | ||||||
|     // set when escaping. This has security implications. See |     // set when escaping. This has security implications. See | ||||||
|     // https://www.drupal.org/node/1201452 for further discussion. |     // https://www.drupal.org/node/1201452 for further discussion. | ||||||
|     $dsn .= ';charset=utf8'; |     $dsn .= ';charset=' . $charset; | ||||||
|     $dsn .= ';dbname=' . $connection_options['database']; |     $dsn .= ';dbname=' . $connection_options['database']; | ||||||
|     // Allow PDO options to be overridden. |     // Allow PDO options to be overridden. | ||||||
|     $connection_options += array( |     $connection_options += array( | ||||||
| @@ -51,6 +333,11 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|       // Because MySQL's prepared statements skip the query cache, because it's dumb. |       // Because MySQL's prepared statements skip the query cache, because it's dumb. | ||||||
|       PDO::ATTR_EMULATE_PREPARES => TRUE, |       PDO::ATTR_EMULATE_PREPARES => TRUE, | ||||||
|     ); |     ); | ||||||
|  |     if (defined('PDO::MYSQL_ATTR_MULTI_STATEMENTS')) { | ||||||
|  |       // An added connection option in PHP 5.5.21+ to optionally limit SQL to a | ||||||
|  |       // single statement like mysqli. | ||||||
|  |       $connection_options['pdo'] += array(PDO::MYSQL_ATTR_MULTI_STATEMENTS => FALSE); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']); |     parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']); | ||||||
|  |  | ||||||
| @@ -58,10 +345,10 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|     // certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci' |     // certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci' | ||||||
|     // for UTF-8. |     // for UTF-8. | ||||||
|     if (!empty($connection_options['collation'])) { |     if (!empty($connection_options['collation'])) { | ||||||
|       $this->exec('SET NAMES utf8 COLLATE ' . $connection_options['collation']); |       $this->connection->exec('SET NAMES ' . $charset . ' COLLATE ' . $connection_options['collation']); | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|       $this->exec('SET NAMES utf8'); |       $this->connection->exec('SET NAMES ' . $charset); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     // Set MySQL init_commands if not already defined.  Default Drupal's MySQL |     // Set MySQL init_commands if not already defined.  Default Drupal's MySQL | ||||||
| @@ -75,11 +362,93 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|     $connection_options += array( |     $connection_options += array( | ||||||
|       'init_commands' => array(), |       'init_commands' => array(), | ||||||
|     ); |     ); | ||||||
|  |  | ||||||
|  |     $sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO'; | ||||||
|  |     // NO_AUTO_CREATE_USER was removed in MySQL 8.0.11 | ||||||
|  |     // https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-11.html#mysqld-8-0-11-deprecation-removal | ||||||
|  |     if (version_compare($this->connection->getAttribute(PDO::ATTR_SERVER_VERSION), '8.0.11', '<')) { | ||||||
|  |       $sql_mode .= ',NO_AUTO_CREATE_USER'; | ||||||
|  |     } | ||||||
|     $connection_options['init_commands'] += array( |     $connection_options['init_commands'] += array( | ||||||
|       'sql_mode' => "SET sql_mode = 'ANSI,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER'", |       'sql_mode' => "SET sql_mode = '$sql_mode'", | ||||||
|     ); |     ); | ||||||
|     // Set connection options. |  | ||||||
|     $this->exec(implode('; ', $connection_options['init_commands'])); |     // Execute initial commands. | ||||||
|  |     foreach ($connection_options['init_commands'] as $sql) { | ||||||
|  |       $this->connection->exec($sql); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * {@inheritdoc}} | ||||||
|  |    */ | ||||||
|  |   protected function setPrefix($prefix) { | ||||||
|  |     parent::setPrefix($prefix); | ||||||
|  |     // Successive versions of MySQL have become increasingly strict about the | ||||||
|  |     // use of reserved keywords as table names. Drupal 7 uses at least one such | ||||||
|  |     // table (system). Therefore we surround all table names with quotes. | ||||||
|  |     $quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT); | ||||||
|  |     foreach ($this->prefixSearch as $i => $prefixSearch) { | ||||||
|  |       if (substr($prefixSearch, 0, 1) === '{') { | ||||||
|  |         // If the prefix already contains one or more quotes remove them. | ||||||
|  |         // This can happen when - for example - DrupalUnitTestCase sets up a | ||||||
|  |         // "temporary prefixed database". Also if there's a dot in the prefix, | ||||||
|  |         // wrap it in quotes to cater for schema names in prefixes. | ||||||
|  |         $search = array($quote_char, '.'); | ||||||
|  |         $replace = array('', $quote_char . '.' . $quote_char); | ||||||
|  |         $this->prefixReplace[$i] = $quote_char . str_replace($search, $replace, $this->prefixReplace[$i]); | ||||||
|  |       } | ||||||
|  |       if (substr($prefixSearch, -1) === '}') { | ||||||
|  |         $this->prefixReplace[$i] .= $quote_char; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * {@inheritdoc} | ||||||
|  |    */ | ||||||
|  |   public function escapeField($field) { | ||||||
|  |     $field = parent::escapeField($field); | ||||||
|  |     return $this->quoteIdentifier($field); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   public function escapeFields(array $fields) { | ||||||
|  |     foreach ($fields as &$field) { | ||||||
|  |       $field = $this->escapeField($field); | ||||||
|  |     } | ||||||
|  |     return $fields; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * {@inheritdoc} | ||||||
|  |    */ | ||||||
|  |   public function escapeAlias($field) { | ||||||
|  |     $field = parent::escapeAlias($field); | ||||||
|  |     return $this->quoteIdentifier($field); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Quotes an identifier if it matches a MySQL reserved keyword. | ||||||
|  |    * | ||||||
|  |    * @param string $identifier | ||||||
|  |    *   The field to check. | ||||||
|  |    * | ||||||
|  |    * @return string | ||||||
|  |    *   The identifier, quoted if it matches a MySQL reserved keyword. | ||||||
|  |    */ | ||||||
|  |   private function quoteIdentifier($identifier) { | ||||||
|  |     // Quote identifiers so that MySQL reserved words like 'function' can be | ||||||
|  |     // used as column names. Sometimes the 'table.column_name' format is passed | ||||||
|  |     // in. For example, menu_load_links() adds a condition on "ml.menu_name". | ||||||
|  |     if (strpos($identifier, '.') !== FALSE) { | ||||||
|  |       list($table, $identifier) = explode('.', $identifier, 2); | ||||||
|  |     } | ||||||
|  |     if (in_array(strtolower($identifier), $this->reservedKeyWords, TRUE)) { | ||||||
|  |       // Quote the string for MySQL reserved keywords. | ||||||
|  |       $quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT); | ||||||
|  |       $identifier = $quote_char . $identifier . $quote_char; | ||||||
|  |     } | ||||||
|  |     return isset($table) ? $table . '.' . $identifier : $identifier; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   public function __destruct() { |   public function __destruct() { | ||||||
| @@ -167,7 +536,7 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|       // If there are no more layers left then we should commit. |       // If there are no more layers left then we should commit. | ||||||
|       unset($this->transactionLayers[$name]); |       unset($this->transactionLayers[$name]); | ||||||
|       if (empty($this->transactionLayers)) { |       if (empty($this->transactionLayers)) { | ||||||
|         if (!PDO::commit()) { |         if (!$this->doCommit()) { | ||||||
|           throw new DatabaseTransactionCommitFailedException(); |           throw new DatabaseTransactionCommitFailedException(); | ||||||
|         } |         } | ||||||
|       } |       } | ||||||
| @@ -190,7 +559,7 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|             $this->transactionLayers = array(); |             $this->transactionLayers = array(); | ||||||
|             // We also have to explain to PDO that the transaction stack has |             // We also have to explain to PDO that the transaction stack has | ||||||
|             // been cleaned-up. |             // been cleaned-up. | ||||||
|             PDO::commit(); |             $this->doCommit(); | ||||||
|           } |           } | ||||||
|           else { |           else { | ||||||
|             throw $e; |             throw $e; | ||||||
| @@ -199,6 +568,89 @@ class DatabaseConnection_mysql extends DatabaseConnection { | |||||||
|       } |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Do the actual commit, including a workaround for PHP 8 behaviour changes. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   Success or otherwise of the commit. | ||||||
|  |    */ | ||||||
|  |   protected function doCommit() { | ||||||
|  |     if ($this->connection->inTransaction()) { | ||||||
|  |       return $this->connection->commit(); | ||||||
|  |     } | ||||||
|  |     else { | ||||||
|  |       // In PHP 8.0 a PDOException is thrown when a commit is attempted with no | ||||||
|  |       // transaction active. In previous PHP versions this failed silently. | ||||||
|  |       return TRUE; | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * {@inheritdoc} | ||||||
|  |    */ | ||||||
|  |   public function rollback($savepoint_name = 'drupal_transaction') { | ||||||
|  |     // MySQL will automatically commit transactions when tables are altered or | ||||||
|  |     // created (DDL transactions are not supported). Prevent triggering an | ||||||
|  |     // exception to ensure that the error that has caused the rollback is | ||||||
|  |     // properly reported. | ||||||
|  |     if (!$this->connection->inTransaction()) { | ||||||
|  |       // Before PHP 8 $this->connection->inTransaction() will return TRUE and | ||||||
|  |       // $this->connection->rollback() does not throw an exception; the | ||||||
|  |       // following code is unreachable. | ||||||
|  |  | ||||||
|  |       // If \DatabaseConnection::rollback() would throw an | ||||||
|  |       // exception then continue to throw an exception. | ||||||
|  |       if (!$this->inTransaction()) { | ||||||
|  |         throw new DatabaseTransactionNoActiveException(); | ||||||
|  |       } | ||||||
|  |       // A previous rollback to an earlier savepoint may mean that the savepoint | ||||||
|  |       // in question has already been accidentally committed. | ||||||
|  |       if (!isset($this->transactionLayers[$savepoint_name])) { | ||||||
|  |         throw new DatabaseTransactionNoActiveException(); | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       trigger_error('Rollback attempted when there is no active transaction. This can cause data integrity issues.', E_USER_WARNING); | ||||||
|  |       return; | ||||||
|  |     } | ||||||
|  |     return parent::rollback($savepoint_name); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsConfigurable() { | ||||||
|  |     return TRUE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsActive() { | ||||||
|  |     return isset($this->connectionOptions['charset']) && $this->connectionOptions['charset'] === 'utf8mb4'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsSupported() { | ||||||
|  |     // Ensure that the MySQL driver supports utf8mb4 encoding. | ||||||
|  |     $version = $this->connection->getAttribute(PDO::ATTR_CLIENT_VERSION); | ||||||
|  |     if (strpos($version, 'mysqlnd') !== FALSE) { | ||||||
|  |       // The mysqlnd driver supports utf8mb4 starting at version 5.0.9. | ||||||
|  |       $version = preg_replace('/^\D+([\d.]+).*/', '$1', $version); | ||||||
|  |       if (version_compare($version, '5.0.9', '<')) { | ||||||
|  |         return FALSE; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |     else { | ||||||
|  |       // The libmysqlclient driver supports utf8mb4 starting at version 5.5.3. | ||||||
|  |       if (version_compare($version, '5.5.3', '<')) { | ||||||
|  |         return FALSE; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     // Ensure that the MySQL server supports large prefixes and utf8mb4. | ||||||
|  |     try { | ||||||
|  |       $this->query("CREATE TABLE {drupal_utf8mb4_test} (id VARCHAR(255), PRIMARY KEY(id(255))) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci ROW_FORMAT=DYNAMIC ENGINE=INNODB"); | ||||||
|  |     } | ||||||
|  |     catch (Exception $e) { | ||||||
|  |       return FALSE; | ||||||
|  |     } | ||||||
|  |     $this->query("DROP TABLE {drupal_utf8mb4_test}"); | ||||||
|  |     return TRUE; | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -48,6 +48,10 @@ class InsertQuery_mysql extends InsertQuery { | |||||||
|     // Default fields are always placed first for consistency. |     // Default fields are always placed first for consistency. | ||||||
|     $insert_fields = array_merge($this->defaultFields, $this->insertFields); |     $insert_fields = array_merge($this->defaultFields, $this->insertFields); | ||||||
|  |  | ||||||
|  |     if (method_exists($this->connection, 'escapeFields')) { | ||||||
|  |       $insert_fields = $this->connection->escapeFields($insert_fields); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // If we're selecting from a SelectQuery, finish building the query and |     // If we're selecting from a SelectQuery, finish building the query and | ||||||
|     // pass it back, as any remaining options are irrelevant. |     // pass it back, as any remaining options are irrelevant. | ||||||
|     if (!empty($this->fromQuery)) { |     if (!empty($this->fromQuery)) { | ||||||
| @@ -89,6 +93,20 @@ class InsertQuery_mysql extends InsertQuery { | |||||||
|  |  | ||||||
| class TruncateQuery_mysql extends TruncateQuery { } | class TruncateQuery_mysql extends TruncateQuery { } | ||||||
|  |  | ||||||
|  | class UpdateQuery_mysql extends UpdateQuery { | ||||||
|  |   public function __toString() { | ||||||
|  |     if (method_exists($this->connection, 'escapeField')) { | ||||||
|  |       $escapedFields = array(); | ||||||
|  |       foreach ($this->fields as $field => $data) { | ||||||
|  |         $field = $this->connection->escapeField($field); | ||||||
|  |         $escapedFields[$field] = $data; | ||||||
|  |       } | ||||||
|  |       $this->fields = $escapedFields; | ||||||
|  |     } | ||||||
|  |     return parent::__toString(); | ||||||
|  |   } | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * @} End of "addtogroup database". |  * @} End of "addtogroup database". | ||||||
|  */ |  */ | ||||||
|   | |||||||
| @@ -39,8 +39,8 @@ class DatabaseSchema_mysql extends DatabaseSchema { | |||||||
|       $info['table'] = substr($table, ++$pos); |       $info['table'] = substr($table, ++$pos); | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|       $db_info = Database::getConnectionInfo(); |       $db_info = $this->connection->getConnectionOptions(); | ||||||
|       $info['database'] = $db_info[$this->connection->getTarget()]['database']; |       $info['database'] = $db_info['database']; | ||||||
|       $info['table'] = $table; |       $info['table'] = $table; | ||||||
|     } |     } | ||||||
|     return $info; |     return $info; | ||||||
| @@ -57,6 +57,11 @@ class DatabaseSchema_mysql extends DatabaseSchema { | |||||||
|   protected function buildTableNameCondition($table_name, $operator = '=', $add_prefix = TRUE) { |   protected function buildTableNameCondition($table_name, $operator = '=', $add_prefix = TRUE) { | ||||||
|     $info = $this->connection->getConnectionOptions(); |     $info = $this->connection->getConnectionOptions(); | ||||||
|  |  | ||||||
|  |     // Ensure the table name is not surrounded with quotes as that is not | ||||||
|  |     // appropriate for schema queries. | ||||||
|  |     $quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT); | ||||||
|  |     $table_name = str_replace($quote_char, '', $table_name); | ||||||
|  |  | ||||||
|     $table_info = $this->getPrefixInfo($table_name, $add_prefix); |     $table_info = $this->getPrefixInfo($table_name, $add_prefix); | ||||||
|  |  | ||||||
|     $condition = new DatabaseCondition('AND'); |     $condition = new DatabaseCondition('AND'); | ||||||
| @@ -81,7 +86,8 @@ class DatabaseSchema_mysql extends DatabaseSchema { | |||||||
|     // Provide defaults if needed. |     // Provide defaults if needed. | ||||||
|     $table += array( |     $table += array( | ||||||
|       'mysql_engine' => 'InnoDB', |       'mysql_engine' => 'InnoDB', | ||||||
|       'mysql_character_set' => 'utf8', |       // Allow the default charset to be overridden in settings.php. | ||||||
|  |       'mysql_character_set' => $this->connection->utf8mb4IsActive() ? 'utf8mb4' : 'utf8', | ||||||
|     ); |     ); | ||||||
|  |  | ||||||
|     $sql = "CREATE TABLE {" . $name . "} (\n"; |     $sql = "CREATE TABLE {" . $name . "} (\n"; | ||||||
| @@ -109,6 +115,13 @@ class DatabaseSchema_mysql extends DatabaseSchema { | |||||||
|       $sql .= ' COLLATE ' . $info['collation']; |       $sql .= ' COLLATE ' . $info['collation']; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // The row format needs to be either DYNAMIC or COMPRESSED in order to allow | ||||||
|  |     // for the innodb_large_prefix setting to take effect, see | ||||||
|  |     // https://dev.mysql.com/doc/refman/5.6/en/create-table.html | ||||||
|  |     if ($this->connection->utf8mb4IsActive()) { | ||||||
|  |       $sql .= ' ROW_FORMAT=DYNAMIC'; | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // Add table comment. |     // Add table comment. | ||||||
|     if (!empty($table['description'])) { |     if (!empty($table['description'])) { | ||||||
|       $sql .= ' COMMENT ' . $this->prepareComment($table['description'], self::COMMENT_MAX_TABLE); |       $sql .= ' COMMENT ' . $this->prepareComment($table['description'], self::COMMENT_MAX_TABLE); | ||||||
| @@ -486,11 +499,11 @@ class DatabaseSchema_mysql extends DatabaseSchema { | |||||||
|       $condition->condition('column_name', $column); |       $condition->condition('column_name', $column); | ||||||
|       $condition->compile($this->connection, $this); |       $condition->compile($this->connection, $this); | ||||||
|       // Don't use {} around information_schema.columns table. |       // Don't use {} around information_schema.columns table. | ||||||
|       return $this->connection->query("SELECT column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField(); |       return $this->connection->query("SELECT column_comment AS column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField(); | ||||||
|     } |     } | ||||||
|     $condition->compile($this->connection, $this); |     $condition->compile($this->connection, $this); | ||||||
|     // Don't use {} around information_schema.tables table. |     // Don't use {} around information_schema.tables table. | ||||||
|     $comment = $this->connection->query("SELECT table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField(); |     $comment = $this->connection->query("SELECT table_comment AS table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField(); | ||||||
|     // Work-around for MySQL 5.0 bug http://bugs.mysql.com/bug.php?id=11379 |     // Work-around for MySQL 5.0 bug http://bugs.mysql.com/bug.php?id=11379 | ||||||
|     return preg_replace('/; InnoDB free:.*$/', '', $comment); |     return preg_replace('/; InnoDB free:.*$/', '', $comment); | ||||||
|   } |   } | ||||||
|   | |||||||
| @@ -11,7 +11,7 @@ | |||||||
|  */ |  */ | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * The name by which to obtain a lock for retrive the next insert id. |  * The name by which to obtain a lock for retrieving the next insert id. | ||||||
|  */ |  */ | ||||||
| define('POSTGRESQL_NEXTID_LOCK', 1000); | define('POSTGRESQL_NEXTID_LOCK', 1000); | ||||||
|  |  | ||||||
| @@ -55,7 +55,7 @@ class DatabaseConnection_pgsql extends DatabaseConnection { | |||||||
|     $connection_options['pdo'] += array( |     $connection_options['pdo'] += array( | ||||||
|       // Prepared statements are most effective for performance when queries |       // Prepared statements are most effective for performance when queries | ||||||
|       // are recycled (used several times). However, if they are not re-used, |       // are recycled (used several times). However, if they are not re-used, | ||||||
|       // prepared statements become ineffecient. Since most of Drupal's |       // prepared statements become inefficient. Since most of Drupal's | ||||||
|       // prepared queries are not re-used, it should be faster to emulate |       // prepared queries are not re-used, it should be faster to emulate | ||||||
|       // the preparation than to actually ready statements for re-use. If in |       // the preparation than to actually ready statements for re-use. If in | ||||||
|       // doubt, reset to FALSE and measure performance. |       // doubt, reset to FALSE and measure performance. | ||||||
| @@ -66,11 +66,11 @@ class DatabaseConnection_pgsql extends DatabaseConnection { | |||||||
|     parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']); |     parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']); | ||||||
|  |  | ||||||
|     // Force PostgreSQL to use the UTF-8 character set by default. |     // Force PostgreSQL to use the UTF-8 character set by default. | ||||||
|     $this->exec("SET NAMES 'UTF8'"); |     $this->connection->exec("SET NAMES 'UTF8'"); | ||||||
|  |  | ||||||
|     // Execute PostgreSQL init_commands. |     // Execute PostgreSQL init_commands. | ||||||
|     if (isset($connection_options['init_commands'])) { |     if (isset($connection_options['init_commands'])) { | ||||||
|       $this->exec(implode('; ', $connection_options['init_commands'])); |       $this->connection->exec(implode('; ', $connection_options['init_commands'])); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -117,7 +117,7 @@ class DatabaseConnection_pgsql extends DatabaseConnection { | |||||||
|         case Database::RETURN_AFFECTED: |         case Database::RETURN_AFFECTED: | ||||||
|           return $stmt->rowCount(); |           return $stmt->rowCount(); | ||||||
|         case Database::RETURN_INSERT_ID: |         case Database::RETURN_INSERT_ID: | ||||||
|           return $this->lastInsertId($options['sequence_name']); |           return $this->connection->lastInsertId($options['sequence_name']); | ||||||
|         case Database::RETURN_NULL: |         case Database::RETURN_NULL: | ||||||
|           return; |           return; | ||||||
|         default: |         default: | ||||||
| @@ -175,14 +175,14 @@ class DatabaseConnection_pgsql extends DatabaseConnection { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Retrive a the next id in a sequence. |    * Retrieve the next id in a sequence. | ||||||
|    * |    * | ||||||
|    * PostgreSQL has built in sequences. We'll use these instead of inserting |    * PostgreSQL has built in sequences. We'll use these instead of inserting | ||||||
|    * and updating a sequences table. |    * and updating a sequences table. | ||||||
|    */ |    */ | ||||||
|   public function nextId($existing = 0) { |   public function nextId($existing = 0) { | ||||||
|  |  | ||||||
|     // Retrive the name of the sequence. This information cannot be cached |     // Retrieve the name of the sequence. This information cannot be cached | ||||||
|     // because the prefix may change, for example, like it does in simpletests. |     // because the prefix may change, for example, like it does in simpletests. | ||||||
|     $sequence_name = $this->makeSequenceName('sequences', 'value'); |     $sequence_name = $this->makeSequenceName('sequences', 'value'); | ||||||
|  |  | ||||||
| @@ -194,7 +194,7 @@ class DatabaseConnection_pgsql extends DatabaseConnection { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     // PostgreSQL advisory locks are simply locks to be used by an |     // PostgreSQL advisory locks are simply locks to be used by an | ||||||
|     // application such as Drupal. This will prevent other Drupal proccesses |     // application such as Drupal. This will prevent other Drupal processes | ||||||
|     // from altering the sequence while we are. |     // from altering the sequence while we are. | ||||||
|     $this->query("SELECT pg_advisory_lock(" . POSTGRESQL_NEXTID_LOCK . ")"); |     $this->query("SELECT pg_advisory_lock(" . POSTGRESQL_NEXTID_LOCK . ")"); | ||||||
|  |  | ||||||
| @@ -209,13 +209,21 @@ class DatabaseConnection_pgsql extends DatabaseConnection { | |||||||
|     // Reset the sequence to a higher value than the existing id. |     // Reset the sequence to a higher value than the existing id. | ||||||
|     $this->query("ALTER SEQUENCE " . $sequence_name . " RESTART WITH " . ($existing + 1)); |     $this->query("ALTER SEQUENCE " . $sequence_name . " RESTART WITH " . ($existing + 1)); | ||||||
|  |  | ||||||
|     // Retrive the next id. We know this will be as high as we want it. |     // Retrieve the next id. We know this will be as high as we want it. | ||||||
|     $id = $this->query("SELECT nextval('" . $sequence_name . "')")->fetchField(); |     $id = $this->query("SELECT nextval('" . $sequence_name . "')")->fetchField(); | ||||||
|  |  | ||||||
|     $this->query("SELECT pg_advisory_unlock(" . POSTGRESQL_NEXTID_LOCK . ")"); |     $this->query("SELECT pg_advisory_unlock(" . POSTGRESQL_NEXTID_LOCK . ")"); | ||||||
|  |  | ||||||
|     return $id; |     return $id; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsActive() { | ||||||
|  |     return TRUE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsSupported() { | ||||||
|  |     return TRUE; | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|   | |||||||
| @@ -165,7 +165,7 @@ class DatabaseTasks_pgsql extends DatabaseTasks { | |||||||
|         LANGUAGE \'sql\'' |         LANGUAGE \'sql\'' | ||||||
|       ); |       ); | ||||||
|  |  | ||||||
|       // Using || to concatenate in Drupal is not recommeneded because there are |       // Using || to concatenate in Drupal is not recommended because there are | ||||||
|       // database drivers for Drupal that do not support the syntax, however |       // database drivers for Drupal that do not support the syntax, however | ||||||
|       // they do support CONCAT(item1, item2) which we can replicate in |       // they do support CONCAT(item1, item2) which we can replicate in | ||||||
|       // PostgreSQL. PostgreSQL requires the function to be defined for each |       // PostgreSQL. PostgreSQL requires the function to be defined for each | ||||||
|   | |||||||
| @@ -80,7 +80,7 @@ class SelectQuery_pgsql extends SelectQuery { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     // If a table loads all fields, it can not be added again. It would |     // If a table loads all fields, it can not be added again. It would | ||||||
|     // result in an ambigious alias error because that field would be loaded |     // result in an ambiguous alias error because that field would be loaded | ||||||
|     // twice: Once through table_alias.* and once directly. If the field |     // twice: Once through table_alias.* and once directly. If the field | ||||||
|     // actually belongs to a different table, it must be added manually. |     // actually belongs to a different table, it must be added manually. | ||||||
|     foreach ($this->tables as $table) { |     foreach ($this->tables as $table) { | ||||||
| @@ -90,7 +90,7 @@ class SelectQuery_pgsql extends SelectQuery { | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     // If $field contains an characters which are not allowed in a field name |     // If $field contains an characters which are not allowed in a field name | ||||||
|     // it is considered an expression, these can't be handeld automatically |     // it is considered an expression, these can't be handled automatically | ||||||
|     // either. |     // either. | ||||||
|     if ($this->connection->escapeField($field) != $field) { |     if ($this->connection->escapeField($field) != $field) { | ||||||
|       return $return; |       return $return; | ||||||
|   | |||||||
| @@ -845,8 +845,8 @@ class DeleteQuery extends Query implements QueryConditionInterface { | |||||||
|   /** |   /** | ||||||
|    * Executes the DELETE query. |    * Executes the DELETE query. | ||||||
|    * |    * | ||||||
|    * @return |    * @return int | ||||||
|    *   The return value is dependent on the database connection. |    *   The number of rows affected by the delete query. | ||||||
|    */ |    */ | ||||||
|   public function execute() { |   public function execute() { | ||||||
|     $values = array(); |     $values = array(); | ||||||
| @@ -1242,7 +1242,7 @@ class UpdateQuery extends Query implements QueryConditionInterface { | |||||||
|  * MergeQuery::updateFields() and MergeQuery::insertFields() needs to be called |  * MergeQuery::updateFields() and MergeQuery::insertFields() needs to be called | ||||||
|  * instead. MergeQuery::fields() can also be called which calls both of these |  * instead. MergeQuery::fields() can also be called which calls both of these | ||||||
|  * methods as the common case is to use the same column-value pairs for both |  * methods as the common case is to use the same column-value pairs for both | ||||||
|  * INSERT and UPDATE. However, this is not mandatory. Another convinient |  * INSERT and UPDATE. However, this is not mandatory. Another convenient | ||||||
|  * wrapper is MergeQuery::key() which adds the same column-value pairs to the |  * wrapper is MergeQuery::key() which adds the same column-value pairs to the | ||||||
|  * condition and the INSERT query part. |  * condition and the INSERT query part. | ||||||
|  * |  * | ||||||
|   | |||||||
| @@ -92,7 +92,8 @@ require_once dirname(__FILE__) . '/query.inc'; | |||||||
|  *    specification). Each specification is an array containing the name of |  *    specification). Each specification is an array containing the name of | ||||||
|  *    the referenced table ('table'), and an array of column mappings |  *    the referenced table ('table'), and an array of column mappings | ||||||
|  *    ('columns'). Column mappings are defined by key pairs ('source_column' => |  *    ('columns'). Column mappings are defined by key pairs ('source_column' => | ||||||
|  *    'referenced_column'). |  *    'referenced_column'). This key is for documentation purposes only; foreign | ||||||
|  |  *    keys are not created in the database, nor are they enforced by Drupal. | ||||||
|  *  - 'indexes':  An associative array of indexes ('indexname' => |  *  - 'indexes':  An associative array of indexes ('indexname' => | ||||||
|  *    specification). Each specification is an array of one or more |  *    specification). Each specification is an array of one or more | ||||||
|  *    key column specifiers (see below) that form an index on the |  *    key column specifiers (see below) that form an index on the | ||||||
| @@ -144,6 +145,8 @@ require_once dirname(__FILE__) . '/query.inc'; | |||||||
|  *   'unique keys' => array( |  *   'unique keys' => array( | ||||||
|  *     'vid' => array('vid'), |  *     'vid' => array('vid'), | ||||||
|  *   ), |  *   ), | ||||||
|  |  *   // For documentation purposes only; foreign keys are not created in the | ||||||
|  |  *   // database. | ||||||
|  *   'foreign keys' => array( |  *   'foreign keys' => array( | ||||||
|  *     'node_revision' => array( |  *     'node_revision' => array( | ||||||
|  *       'table' => 'node_revision', |  *       'table' => 'node_revision', | ||||||
| @@ -161,8 +164,16 @@ require_once dirname(__FILE__) . '/query.inc'; | |||||||
|  * @see drupal_install_schema() |  * @see drupal_install_schema() | ||||||
|  */ |  */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Base class for database schema definitions. | ||||||
|  |  */ | ||||||
| abstract class DatabaseSchema implements QueryPlaceholderInterface { | abstract class DatabaseSchema implements QueryPlaceholderInterface { | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * The database connection. | ||||||
|  |    * | ||||||
|  |    * @var DatabaseConnection | ||||||
|  |    */ | ||||||
|   protected $connection; |   protected $connection; | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
| @@ -288,7 +299,7 @@ abstract class DatabaseSchema implements QueryPlaceholderInterface { | |||||||
|   protected function buildTableNameCondition($table_name, $operator = '=', $add_prefix = TRUE) { |   protected function buildTableNameCondition($table_name, $operator = '=', $add_prefix = TRUE) { | ||||||
|     $info = $this->connection->getConnectionOptions(); |     $info = $this->connection->getConnectionOptions(); | ||||||
|  |  | ||||||
|     // Retrive the table name and schema |     // Retrieve the table name and schema | ||||||
|     $table_info = $this->getPrefixInfo($table_name, $add_prefix); |     $table_info = $this->getPrefixInfo($table_name, $add_prefix); | ||||||
|  |  | ||||||
|     $condition = new DatabaseCondition('AND'); |     $condition = new DatabaseCondition('AND'); | ||||||
| @@ -337,7 +348,70 @@ abstract class DatabaseSchema implements QueryPlaceholderInterface { | |||||||
|     // couldn't use db_select() here because it would prefix |     // couldn't use db_select() here because it would prefix | ||||||
|     // information_schema.tables and the query would fail. |     // information_schema.tables and the query would fail. | ||||||
|     // Don't use {} around information_schema.tables table. |     // Don't use {} around information_schema.tables table. | ||||||
|     return $this->connection->query("SELECT table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0); |     return $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Finds all tables that are like the specified base table name. This is a | ||||||
|  |    * backport of the change made to findTables in Drupal 8 to work with virtual, | ||||||
|  |    * un-prefixed table names. The original function is retained for Backwards | ||||||
|  |    * Compatibility. | ||||||
|  |    * @see https://www.drupal.org/node/2552435 | ||||||
|  |    * | ||||||
|  |    * @param string $table_expression | ||||||
|  |    *   An SQL expression, for example "cache_%" (without the quotes). | ||||||
|  |    * | ||||||
|  |    * @return array | ||||||
|  |    *   Both the keys and the values are the matching tables. | ||||||
|  |    */ | ||||||
|  |   public function findTablesD8($table_expression) { | ||||||
|  |     // Load all the tables up front in order to take into account per-table | ||||||
|  |     // prefixes. The actual matching is done at the bottom of the method. | ||||||
|  |     $condition = $this->buildTableNameCondition('%', 'LIKE'); | ||||||
|  |     $condition->compile($this->connection, $this); | ||||||
|  |  | ||||||
|  |     $individually_prefixed_tables = $this->connection->getUnprefixedTablesMap(); | ||||||
|  |     $default_prefix = $this->connection->tablePrefix(); | ||||||
|  |     $default_prefix_length = strlen($default_prefix); | ||||||
|  |     $tables = array(); | ||||||
|  |     // Normally, we would heartily discourage the use of string | ||||||
|  |     // concatenation for conditionals like this however, we | ||||||
|  |     // couldn't use db_select() here because it would prefix | ||||||
|  |     // information_schema.tables and the query would fail. | ||||||
|  |     // Don't use {} around information_schema.tables table. | ||||||
|  |     $results = $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments()); | ||||||
|  |     foreach ($results as $table) { | ||||||
|  |       // Take into account tables that have an individual prefix. | ||||||
|  |       if (isset($individually_prefixed_tables[$table->table_name])) { | ||||||
|  |         $prefix_length = strlen($this->connection->tablePrefix($individually_prefixed_tables[$table->table_name])); | ||||||
|  |       } | ||||||
|  |       elseif ($default_prefix && substr($table->table_name, 0, $default_prefix_length) !== $default_prefix) { | ||||||
|  |         // This table name does not start the default prefix, which means that | ||||||
|  |         // it is not managed by Drupal so it should be excluded from the result. | ||||||
|  |         continue; | ||||||
|  |       } | ||||||
|  |       else { | ||||||
|  |         $prefix_length = $default_prefix_length; | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       // Remove the prefix from the returned tables. | ||||||
|  |       $unprefixed_table_name = substr($table->table_name, $prefix_length); | ||||||
|  |  | ||||||
|  |       // The pattern can match a table which is the same as the prefix. That | ||||||
|  |       // will become an empty string when we remove the prefix, which will | ||||||
|  |       // probably surprise the caller, besides not being a prefixed table. So | ||||||
|  |       // remove it. | ||||||
|  |       if (!empty($unprefixed_table_name)) { | ||||||
|  |         $tables[$unprefixed_table_name] = $unprefixed_table_name; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     // Convert the table expression from its SQL LIKE syntax to a regular | ||||||
|  |     // expression and escape the delimiter that will be used for matching. | ||||||
|  |     $table_expression = str_replace(array('%', '_'), array('.*?', '.'), preg_quote($table_expression, '/')); | ||||||
|  |     $tables = preg_grep('/^' . $table_expression . '$/i', $tables); | ||||||
|  |  | ||||||
|  |     return $tables; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|   | |||||||
| @@ -964,7 +964,7 @@ class SelectQuery extends Query implements SelectQueryInterface { | |||||||
|    */ |    */ | ||||||
|   protected $forUpdate = FALSE; |   protected $forUpdate = FALSE; | ||||||
|  |  | ||||||
|   public function __construct($table, $alias = NULL, DatabaseConnection $connection, $options = array()) { |   public function __construct($table, $alias, DatabaseConnection $connection, $options = array()) { | ||||||
|     $options['return'] = Database::RETURN_STATEMENT; |     $options['return'] = Database::RETURN_STATEMENT; | ||||||
|     parent::__construct($connection, $options); |     parent::__construct($connection, $options); | ||||||
|     $this->where = new DatabaseCondition('AND'); |     $this->where = new DatabaseCondition('AND'); | ||||||
| @@ -1231,6 +1231,21 @@ class SelectQuery extends Query implements SelectQueryInterface { | |||||||
|  |  | ||||||
|     // Modules may alter all queries or only those having a particular tag. |     // Modules may alter all queries or only those having a particular tag. | ||||||
|     if (isset($this->alterTags)) { |     if (isset($this->alterTags)) { | ||||||
|  |       // Many contrib modules assume that query tags used for access-checking | ||||||
|  |       // purposes follow the pattern $entity_type . '_access'. But this is | ||||||
|  |       // not the case for taxonomy terms, since core used to add term_access | ||||||
|  |       // instead of taxonomy_term_access to its queries. Provide backwards | ||||||
|  |       // compatibility by adding both tags here instead of attempting to fix | ||||||
|  |       // all contrib modules in a coordinated effort. | ||||||
|  |       // TODO: | ||||||
|  |       // - Extract this mechanism into a hook as part of a public (non-security) | ||||||
|  |       //   issue. | ||||||
|  |       // - Emit E_USER_DEPRECATED if term_access is used. | ||||||
|  |       //   https://www.drupal.org/node/2575081 | ||||||
|  |       $term_access_tags = array('term_access' => 1, 'taxonomy_term_access' => 1); | ||||||
|  |       if (array_intersect_key($this->alterTags, $term_access_tags)) { | ||||||
|  |         $this->alterTags += $term_access_tags; | ||||||
|  |       } | ||||||
|       $hooks = array('query'); |       $hooks = array('query'); | ||||||
|       foreach ($this->alterTags as $tag => $value) { |       foreach ($this->alterTags as $tag => $value) { | ||||||
|         $hooks[] = 'query_' . $tag; |         $hooks[] = 'query_' . $tag; | ||||||
| @@ -1505,13 +1520,16 @@ class SelectQuery extends Query implements SelectQueryInterface { | |||||||
|     $fields = array(); |     $fields = array(); | ||||||
|     foreach ($this->tables as $alias => $table) { |     foreach ($this->tables as $alias => $table) { | ||||||
|       if (!empty($table['all_fields'])) { |       if (!empty($table['all_fields'])) { | ||||||
|         $fields[] = $this->connection->escapeTable($alias) . '.*'; |         $fields[] = $this->connection->escapeAlias($alias) . '.*'; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     foreach ($this->fields as $alias => $field) { |     foreach ($this->fields as $alias => $field) { | ||||||
|  |       // Note that $field['table'] holds the table alias. | ||||||
|  |       // @see \SelectQuery::addField | ||||||
|  |       $table = isset($field['table']) ? $this->connection->escapeAlias($field['table']) . '.' : ''; | ||||||
|       // Always use the AS keyword for field aliases, as some |       // Always use the AS keyword for field aliases, as some | ||||||
|       // databases require it (e.g., PostgreSQL). |       // databases require it (e.g., PostgreSQL). | ||||||
|       $fields[] = (isset($field['table']) ? $this->connection->escapeTable($field['table']) . '.' : '') . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']); |       $fields[] = $table . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']); | ||||||
|     } |     } | ||||||
|     foreach ($this->expressions as $alias => $expression) { |     foreach ($this->expressions as $alias => $expression) { | ||||||
|       $fields[] = $expression['expression'] . ' AS ' . $this->connection->escapeAlias($expression['alias']); |       $fields[] = $expression['expression'] . ' AS ' . $this->connection->escapeAlias($expression['alias']); | ||||||
| @@ -1540,7 +1558,7 @@ class SelectQuery extends Query implements SelectQueryInterface { | |||||||
|  |  | ||||||
|       // Don't use the AS keyword for table aliases, as some |       // Don't use the AS keyword for table aliases, as some | ||||||
|       // databases don't support it (e.g., Oracle). |       // databases don't support it (e.g., Oracle). | ||||||
|       $query .=  $table_string . ' ' . $this->connection->escapeTable($table['alias']); |       $query .=  $table_string . ' ' . $this->connection->escapeAlias($table['alias']); | ||||||
|  |  | ||||||
|       if (!empty($table['condition'])) { |       if (!empty($table['condition'])) { | ||||||
|         $query .= ' ON ' . $table['condition']; |         $query .= ' ON ' . $table['condition']; | ||||||
|   | |||||||
| @@ -107,9 +107,21 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|     $this->sqliteCreateFunction('substring_index', array($this, 'sqlFunctionSubstringIndex'), 3); |     $this->sqliteCreateFunction('substring_index', array($this, 'sqlFunctionSubstringIndex'), 3); | ||||||
|     $this->sqliteCreateFunction('rand', array($this, 'sqlFunctionRand')); |     $this->sqliteCreateFunction('rand', array($this, 'sqlFunctionRand')); | ||||||
|  |  | ||||||
|  |     // Enable the Write-Ahead Logging (WAL) option for SQLite if supported. | ||||||
|  |     // @see https://www.drupal.org/node/2348137 | ||||||
|  |     // @see https://sqlite.org/wal.html | ||||||
|  |     if (version_compare($version, '3.7') >= 0) { | ||||||
|  |       $connection_options += array( | ||||||
|  |         'init_commands' => array(), | ||||||
|  |       ); | ||||||
|  |       $connection_options['init_commands'] += array( | ||||||
|  |         'wal' => "PRAGMA journal_mode=WAL", | ||||||
|  |       ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // Execute sqlite init_commands. |     // Execute sqlite init_commands. | ||||||
|     if (isset($connection_options['init_commands'])) { |     if (isset($connection_options['init_commands'])) { | ||||||
|       $this->exec(implode('; ', $connection_options['init_commands'])); |       $this->connection->exec(implode('; ', $connection_options['init_commands'])); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -128,10 +140,10 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|           $count = $this->query('SELECT COUNT(*) FROM ' . $prefix . '.sqlite_master WHERE type = :type AND name NOT LIKE :pattern', array(':type' => 'table', ':pattern' => 'sqlite_%'))->fetchField(); |           $count = $this->query('SELECT COUNT(*) FROM ' . $prefix . '.sqlite_master WHERE type = :type AND name NOT LIKE :pattern', array(':type' => 'table', ':pattern' => 'sqlite_%'))->fetchField(); | ||||||
|  |  | ||||||
|           // We can prune the database file if it doesn't have any tables. |           // We can prune the database file if it doesn't have any tables. | ||||||
|           if ($count == 0) { |           if ($count == 0 && $this->connectionOptions['database'] != ':memory:') { | ||||||
|             // Detach the database. |             // Detaching the database fails at this point, but no other queries | ||||||
|             $this->query('DETACH DATABASE :schema', array(':schema' => $prefix)); |             // are executed after the connection is destructed so we can simply | ||||||
|             // Destroy the database file. |             // remove the database file. | ||||||
|             unlink($this->connectionOptions['database'] . '-' . $prefix); |             unlink($this->connectionOptions['database'] . '-' . $prefix); | ||||||
|           } |           } | ||||||
|         } |         } | ||||||
| @@ -143,6 +155,18 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Gets all the attached databases. | ||||||
|  |    * | ||||||
|  |    * @return array | ||||||
|  |    *   An array of attached database names. | ||||||
|  |    * | ||||||
|  |    * @see DatabaseConnection_sqlite::__construct(). | ||||||
|  |    */ | ||||||
|  |   public function getAttachedDatabases() { | ||||||
|  |     return $this->attachedDatabases; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * SQLite compatibility implementation for the IF() SQL function. |    * SQLite compatibility implementation for the IF() SQL function. | ||||||
|    */ |    */ | ||||||
| @@ -235,7 +259,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|    * expose this function to the world. |    * expose this function to the world. | ||||||
|    */ |    */ | ||||||
|   public function PDOPrepare($query, array $options = array()) { |   public function PDOPrepare($query, array $options = array()) { | ||||||
|     return parent::prepare($query, $options); |     return $this->connection->prepare($query, $options); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   public function queryRange($query, $from, $count, array $args = array(), array $options = array()) { |   public function queryRange($query, $from, $count, array $args = array(), array $options = array()) { | ||||||
| @@ -326,7 +350,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     if ($this->supportsTransactions()) { |     if ($this->supportsTransactions()) { | ||||||
|       PDO::rollBack(); |       $this->connection->rollBack(); | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -341,7 +365,7 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|       throw new DatabaseTransactionNameNonUniqueException($name . " is already in use."); |       throw new DatabaseTransactionNameNonUniqueException($name . " is already in use."); | ||||||
|     } |     } | ||||||
|     if (!$this->inTransaction()) { |     if (!$this->inTransaction()) { | ||||||
|       PDO::beginTransaction(); |       $this->connection->beginTransaction(); | ||||||
|     } |     } | ||||||
|     $this->transactionLayers[$name] = $name; |     $this->transactionLayers[$name] = $name; | ||||||
|   } |   } | ||||||
| @@ -366,9 +390,9 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|         // If there was any rollback() we should roll back whole transaction. |         // If there was any rollback() we should roll back whole transaction. | ||||||
|         if ($this->willRollback) { |         if ($this->willRollback) { | ||||||
|           $this->willRollback = FALSE; |           $this->willRollback = FALSE; | ||||||
|           PDO::rollBack(); |           $this->connection->rollBack(); | ||||||
|         } |         } | ||||||
|         elseif (!PDO::commit()) { |         elseif (!$this->connection->commit()) { | ||||||
|           throw new DatabaseTransactionCommitFailedException(); |           throw new DatabaseTransactionCommitFailedException(); | ||||||
|         } |         } | ||||||
|       } |       } | ||||||
| @@ -378,6 +402,14 @@ class DatabaseConnection_sqlite extends DatabaseConnection { | |||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsActive() { | ||||||
|  |     return TRUE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   public function utf8mb4IsSupported() { | ||||||
|  |     return TRUE; | ||||||
|  |   } | ||||||
|  |  | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|   | |||||||
| @@ -14,8 +14,6 @@ class DatabaseTasks_sqlite extends DatabaseTasks { | |||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Minimum engine version. |    * Minimum engine version. | ||||||
|    * |  | ||||||
|    * @todo: consider upping to 3.6.8 in Drupal 8 to get SAVEPOINT support. |  | ||||||
|    */ |    */ | ||||||
|   public function minimumVersion() { |   public function minimumVersion() { | ||||||
|     return '3.3.7'; |     return '3.3.7'; | ||||||
|   | |||||||
| @@ -23,7 +23,7 @@ class InsertQuery_sqlite extends InsertQuery { | |||||||
|     if (!$this->preExecute()) { |     if (!$this->preExecute()) { | ||||||
|       return NULL; |       return NULL; | ||||||
|     } |     } | ||||||
|     if (count($this->insertFields)) { |     if (count($this->insertFields) || !empty($this->fromQuery)) { | ||||||
|       return parent::execute(); |       return parent::execute(); | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
| @@ -36,7 +36,10 @@ class InsertQuery_sqlite extends InsertQuery { | |||||||
|     $comments = $this->connection->makeComment($this->comments); |     $comments = $this->connection->makeComment($this->comments); | ||||||
|  |  | ||||||
|     // Produce as many generic placeholders as necessary. |     // Produce as many generic placeholders as necessary. | ||||||
|  |     $placeholders = array(); | ||||||
|  |     if (!empty($this->insertFields)) { | ||||||
|       $placeholders = array_fill(0, count($this->insertFields), '?'); |       $placeholders = array_fill(0, count($this->insertFields), '?'); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // If we're selecting from a SelectQuery, finish building the query and |     // If we're selecting from a SelectQuery, finish building the query and | ||||||
|     // pass it back, as any remaining options are irrelevant. |     // pass it back, as any remaining options are irrelevant. | ||||||
| @@ -99,16 +102,15 @@ class UpdateQuery_sqlite extends UpdateQuery { | |||||||
|  |  | ||||||
| /** | /** | ||||||
|  * SQLite specific implementation of DeleteQuery. |  * SQLite specific implementation of DeleteQuery. | ||||||
|  * |  | ||||||
|  * When the WHERE is omitted from a DELETE statement and the table being deleted |  | ||||||
|  * has no triggers, SQLite uses an optimization to erase the entire table content |  | ||||||
|  * without having to visit each row of the table individually. |  | ||||||
|  * |  | ||||||
|  * Prior to SQLite 3.6.5, SQLite does not return the actual number of rows deleted |  | ||||||
|  * by that optimized "truncate" optimization. |  | ||||||
|  */ |  */ | ||||||
| class DeleteQuery_sqlite extends DeleteQuery { | class DeleteQuery_sqlite extends DeleteQuery { | ||||||
|   public function execute() { |   public function execute() { | ||||||
|  |     // When the WHERE is omitted from a DELETE statement and the table being | ||||||
|  |     // deleted has no triggers, SQLite uses an optimization to erase the entire | ||||||
|  |     // table content without having to visit each row of the table individually. | ||||||
|  |     // Prior to SQLite 3.6.5, SQLite does not return the actual number of rows | ||||||
|  |     // deleted by that optimized "truncate" optimization. But we want to return | ||||||
|  |     // the number of rows affected, so we calculate it directly. | ||||||
|     if (!count($this->condition)) { |     if (!count($this->condition)) { | ||||||
|       $total_rows = $this->connection->query('SELECT COUNT(*) FROM {' . $this->connection->escapeTable($this->table) . '}')->fetchField(); |       $total_rows = $this->connection->query('SELECT COUNT(*) FROM {' . $this->connection->escapeTable($this->table) . '}')->fetchField(); | ||||||
|       parent::execute(); |       parent::execute(); | ||||||
|   | |||||||
| @@ -244,7 +244,7 @@ class DatabaseSchema_sqlite extends DatabaseSchema { | |||||||
|     // database. So the syntax '...RENAME TO database.table' would fail. |     // database. So the syntax '...RENAME TO database.table' would fail. | ||||||
|     // So we must determine the full table name here rather than surrounding |     // So we must determine the full table name here rather than surrounding | ||||||
|     // the table with curly braces incase the db_prefix contains a reference |     // the table with curly braces incase the db_prefix contains a reference | ||||||
|     // to a database outside of our existsing database. |     // to a database outside of our existing database. | ||||||
|     $info = $this->getPrefixInfo($new_name); |     $info = $this->getPrefixInfo($new_name); | ||||||
|     $this->connection->query('ALTER TABLE {' . $table . '} RENAME TO ' . $info['table']); |     $this->connection->query('ALTER TABLE {' . $table . '} RENAME TO ' . $info['table']); | ||||||
|  |  | ||||||
| @@ -668,6 +668,9 @@ class DatabaseSchema_sqlite extends DatabaseSchema { | |||||||
|     $this->alterTable($table, $old_schema, $new_schema); |     $this->alterTable($table, $old_schema, $new_schema); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * {@inheritdoc} | ||||||
|  |    */ | ||||||
|   public function findTables($table_expression) { |   public function findTables($table_expression) { | ||||||
|     // Don't add the prefix, $table_expression already includes the prefix. |     // Don't add the prefix, $table_expression already includes the prefix. | ||||||
|     $info = $this->getPrefixInfo($table_expression, FALSE); |     $info = $this->getPrefixInfo($table_expression, FALSE); | ||||||
| @@ -680,4 +683,32 @@ class DatabaseSchema_sqlite extends DatabaseSchema { | |||||||
|     )); |     )); | ||||||
|     return $result->fetchAllKeyed(0, 0); |     return $result->fetchAllKeyed(0, 0); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * {@inheritdoc} | ||||||
|  |    */ | ||||||
|  |   public function findTablesD8($table_expression) { | ||||||
|  |     $tables = array(); | ||||||
|  |  | ||||||
|  |     // The SQLite implementation doesn't need to use the same filtering strategy | ||||||
|  |     // as the parent one because individually prefixed tables live in their own | ||||||
|  |     // schema (database), which means that neither the main database nor any | ||||||
|  |     // attached one will contain a prefixed table name, so we just need to loop | ||||||
|  |     // over all known schemas and filter by the user-supplied table expression. | ||||||
|  |     $attached_dbs = $this->connection->getAttachedDatabases(); | ||||||
|  |     foreach ($attached_dbs as $schema) { | ||||||
|  |       // Can't use query placeholders for the schema because the query would | ||||||
|  |       // have to be :prefixsqlite_master, which does not work. We also need to | ||||||
|  |       // ignore the internal SQLite tables. | ||||||
|  |       $result = db_query("SELECT name FROM " . $schema . ".sqlite_master WHERE type = :type AND name LIKE :table_name AND name NOT LIKE :pattern", array( | ||||||
|  |         ':type' => 'table', | ||||||
|  |         ':table_name' => $table_expression, | ||||||
|  |         ':pattern' => 'sqlite_%', | ||||||
|  |       )); | ||||||
|  |       $tables += $result->fetchAllKeyed(0, 0); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     return $tables; | ||||||
|  |   } | ||||||
|  |  | ||||||
| } | } | ||||||
|   | |||||||
| @@ -12,11 +12,6 @@ function system_default_date_formats() { | |||||||
|   $formats = array(); |   $formats = array(); | ||||||
|  |  | ||||||
|   // Short date formats. |   // Short date formats. | ||||||
|   $formats[] = array( |  | ||||||
|     'type' => 'short', |  | ||||||
|     'format' => 'Y-m-d H:i', |  | ||||||
|     'locales' => array(), |  | ||||||
|   ); |  | ||||||
|   $formats[] = array( |   $formats[] = array( | ||||||
|     'type' => 'short', |     'type' => 'short', | ||||||
|     'format' => 'm/d/Y - H:i', |     'format' => 'm/d/Y - H:i', | ||||||
| @@ -37,6 +32,11 @@ function system_default_date_formats() { | |||||||
|     'format' => 'd.m.Y - H:i', |     'format' => 'd.m.Y - H:i', | ||||||
|     'locales' => array('de-ch', 'de-de', 'de-lu', 'fi-fi', 'fr-ch', 'is-is', 'pl-pl', 'ro-ro', 'ru-ru'), |     'locales' => array('de-ch', 'de-de', 'de-lu', 'fi-fi', 'fr-ch', 'is-is', 'pl-pl', 'ro-ro', 'ru-ru'), | ||||||
|   ); |   ); | ||||||
|  |   $formats[] = array( | ||||||
|  |     'type' => 'short', | ||||||
|  |     'format' => 'Y-m-d H:i', | ||||||
|  |     'locales' => array(), | ||||||
|  |   ); | ||||||
|   $formats[] = array( |   $formats[] = array( | ||||||
|     'type' => 'short', |     'type' => 'short', | ||||||
|     'format' => 'm/d/Y - g:ia', |     'format' => 'm/d/Y - g:ia', | ||||||
| @@ -84,11 +84,6 @@ function system_default_date_formats() { | |||||||
|   ); |   ); | ||||||
|  |  | ||||||
|   // Medium date formats. |   // Medium date formats. | ||||||
|   $formats[] = array( |  | ||||||
|     'type' => 'medium', |  | ||||||
|     'format' => 'D, Y-m-d H:i', |  | ||||||
|     'locales' => array(), |  | ||||||
|   ); |  | ||||||
|   $formats[] = array( |   $formats[] = array( | ||||||
|     'type' => 'medium', |     'type' => 'medium', | ||||||
|     'format' => 'D, m/d/Y - H:i', |     'format' => 'D, m/d/Y - H:i', | ||||||
| @@ -104,6 +99,11 @@ function system_default_date_formats() { | |||||||
|     'format' => 'D, Y/m/d - H:i', |     'format' => 'D, Y/m/d - H:i', | ||||||
|     'locales' => array('en-ca', 'fr-ca', 'no-no', 'sv-se'), |     'locales' => array('en-ca', 'fr-ca', 'no-no', 'sv-se'), | ||||||
|   ); |   ); | ||||||
|  |   $formats[] = array( | ||||||
|  |     'type' => 'medium', | ||||||
|  |     'format' => 'D, Y-m-d H:i', | ||||||
|  |     'locales' => array(), | ||||||
|  |   ); | ||||||
|   $formats[] = array( |   $formats[] = array( | ||||||
|     'type' => 'medium', |     'type' => 'medium', | ||||||
|     'format' => 'F j, Y - H:i', |     'format' => 'F j, Y - H:i', | ||||||
|   | |||||||
| @@ -183,6 +183,11 @@ class DrupalDefaultEntityController implements DrupalEntityControllerInterface { | |||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // Ensure integer entity IDs are valid. | ||||||
|  |     if (!empty($ids)) { | ||||||
|  |       $this->cleanIds($ids); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // Load any remaining entities from the database. This is the case if $ids |     // Load any remaining entities from the database. This is the case if $ids | ||||||
|     // is set to FALSE (so we load all entities), if there are any ids left to |     // is set to FALSE (so we load all entities), if there are any ids left to | ||||||
|     // load, if loading a revision, or if $conditions was passed without $ids. |     // load, if loading a revision, or if $conditions was passed without $ids. | ||||||
| @@ -223,6 +228,35 @@ class DrupalDefaultEntityController implements DrupalEntityControllerInterface { | |||||||
|     return $entities; |     return $entities; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Ensures integer entity IDs are valid. | ||||||
|  |    * | ||||||
|  |    * The identifier sanitization provided by this method has been introduced | ||||||
|  |    * as Drupal used to rely on the database to facilitate this, which worked | ||||||
|  |    * correctly with MySQL but led to errors with other DBMS such as PostgreSQL. | ||||||
|  |    * | ||||||
|  |    * @param array $ids | ||||||
|  |    *   The entity IDs to verify. Non-integer IDs are removed from this array if | ||||||
|  |    *   the entity type requires IDs to be integers. | ||||||
|  |    */ | ||||||
|  |   protected function cleanIds(&$ids) { | ||||||
|  |     $entity_info = entity_get_info($this->entityType); | ||||||
|  |     if (isset($entity_info['base table field types'])) { | ||||||
|  |       $id_type = $entity_info['base table field types'][$this->idKey]; | ||||||
|  |       if ($id_type == 'serial' || $id_type == 'int') { | ||||||
|  |         $ids = array_filter($ids, array($this, 'filterId')); | ||||||
|  |         $ids = array_map('intval', $ids); | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Callback for array_filter that removes non-integer IDs. | ||||||
|  |    */ | ||||||
|  |   protected function filterId($id) { | ||||||
|  |     return is_numeric($id) && $id == (int) $id; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Builds the query to load the entity. |    * Builds the query to load the entity. | ||||||
|    * |    * | ||||||
| @@ -412,7 +446,7 @@ class EntityFieldQueryException extends Exception {} | |||||||
|  * |  * | ||||||
|  * This class allows finding entities based on entity properties (for example, |  * This class allows finding entities based on entity properties (for example, | ||||||
|  * node->changed), field values, and generic entity meta data (bundle, |  * node->changed), field values, and generic entity meta data (bundle, | ||||||
|  * entity type, entity id, and revision ID). It is not possible to query across |  * entity type, entity ID, and revision ID). It is not possible to query across | ||||||
|  * multiple entity types. For example, there is no facility to find published |  * multiple entity types. For example, there is no facility to find published | ||||||
|  * nodes written by users created in the last hour, as this would require |  * nodes written by users created in the last hour, as this would require | ||||||
|  * querying both node->status and user->created. |  * querying both node->status and user->created. | ||||||
| @@ -654,14 +688,36 @@ class EntityFieldQuery { | |||||||
|    * @param $field |    * @param $field | ||||||
|    *   Either a field name or a field array. |    *   Either a field name or a field array. | ||||||
|    * @param $column |    * @param $column | ||||||
|    *   The column that should hold the value to be matched. |    *   The column that should hold the value to be matched, defined in the | ||||||
|  |    *   hook_field_schema() of this field. If this is omitted then all of the | ||||||
|  |    *   other parameters are ignored, except $field, and this call will just be | ||||||
|  |    *   adding a condition that says that the field has a value, rather than | ||||||
|  |    *   testing the value itself. | ||||||
|    * @param $value |    * @param $value | ||||||
|    *   The value to test the column value against. |    *   The value to test the column value against. In most cases, this is a | ||||||
|  |    *   scalar. For more complex options, it is an array. The meaning of each | ||||||
|  |    *   element in the array is dependent on $operator. | ||||||
|    * @param $operator |    * @param $operator | ||||||
|    *   The operator to be used to test the given value. |    *   The operator to be used to test the given value. The possible values are: | ||||||
|  |    *   - '=', '<>', '>', '>=', '<', '<=', 'STARTS_WITH', 'CONTAINS': These | ||||||
|  |    *     operators expect $value to be a literal of the same type as the | ||||||
|  |    *     column. | ||||||
|  |    *   - 'IN', 'NOT IN': These operators expect $value to be an array of | ||||||
|  |    *     literals of the same type as the column. | ||||||
|  |    *   - 'BETWEEN': This operator expects $value to be an array of two literals | ||||||
|  |    *     of the same type as the column. | ||||||
|  |    *   The operator can be omitted, and will default to 'IN' if the value is an | ||||||
|  |    *   array, or to '=' otherwise. | ||||||
|    * @param $delta_group |    * @param $delta_group | ||||||
|    *   An arbitrary identifier: conditions in the same group must have the same |    *   An arbitrary identifier: conditions in the same group must have the same | ||||||
|    *   $delta_group. |    *   $delta_group. For example, let's presume a multivalue field which has | ||||||
|  |    *   two columns, 'color' and 'shape', and for entity ID 1, there are two | ||||||
|  |    *   values: red/square and blue/circle. Entity ID 1 does not have values | ||||||
|  |    *   corresponding to 'red circle'; however if you pass 'red' and 'circle' as | ||||||
|  |    *   conditions, it will appear in the results -- by default queries will run | ||||||
|  |    *   against any combination of deltas. By passing the conditions with the | ||||||
|  |    *   same $delta_group it will ensure that only values attached to the same | ||||||
|  |    *   delta are matched, and entity 1 would then be excluded from the results. | ||||||
|    * @param $language_group |    * @param $language_group | ||||||
|    *   An arbitrary identifier: conditions in the same group must have the same |    *   An arbitrary identifier: conditions in the same group must have the same | ||||||
|    *   $language_group. |    *   $language_group. | ||||||
| @@ -736,9 +792,11 @@ class EntityFieldQuery { | |||||||
|    * @param $field |    * @param $field | ||||||
|    *   Either a field name or a field array. |    *   Either a field name or a field array. | ||||||
|    * @param $column |    * @param $column | ||||||
|    *   A column defined in the hook_field_schema() of this field. If this is |    *   The column that should hold the value to be matched, defined in the | ||||||
|    *   omitted then the query will find only entities that have data in this |    *   hook_field_schema() of this field. If this is omitted then all of the | ||||||
|    *   field, using the entity and property conditions if there are any. |    *   other parameters are ignored, except $field, and this call will just be | ||||||
|  |    *   adding a condition that says that the field has a value, rather than | ||||||
|  |    *   testing the value itself. | ||||||
|    * @param $value |    * @param $value | ||||||
|    *   The value to test the column value against. In most cases, this is a |    *   The value to test the column value against. In most cases, this is a | ||||||
|    *   scalar. For more complex options, it is an array. The meaning of each |    *   scalar. For more complex options, it is an array. The meaning of each | ||||||
| @@ -757,10 +815,10 @@ class EntityFieldQuery { | |||||||
|    * @param $delta_group |    * @param $delta_group | ||||||
|    *   An arbitrary identifier: conditions in the same group must have the same |    *   An arbitrary identifier: conditions in the same group must have the same | ||||||
|    *   $delta_group. For example, let's presume a multivalue field which has |    *   $delta_group. For example, let's presume a multivalue field which has | ||||||
|    *   two columns, 'color' and 'shape', and for entity id 1, there are two |    *   two columns, 'color' and 'shape', and for entity ID 1, there are two | ||||||
|    *   values: red/square and blue/circle. Entity ID 1 does not have values |    *   values: red/square and blue/circle. Entity ID 1 does not have values | ||||||
|    *   corresponding to 'red circle', however if you pass 'red' and 'circle' as |    *   corresponding to 'red circle', however if you pass 'red' and 'circle' as | ||||||
|    *   conditions, it will appear in the  results - by default queries will run |    *   conditions, it will appear in the results -- by default queries will run | ||||||
|    *   against any combination of deltas. By passing the conditions with the |    *   against any combination of deltas. By passing the conditions with the | ||||||
|    *   same $delta_group it will ensure that only values attached to the same |    *   same $delta_group it will ensure that only values attached to the same | ||||||
|    *   delta are matched, and entity 1 would then be excluded from the results. |    *   delta are matched, and entity 1 would then be excluded from the results. | ||||||
|   | |||||||
| @@ -48,11 +48,8 @@ function drupal_error_levels() { | |||||||
|  *   The filename that the error was raised in. |  *   The filename that the error was raised in. | ||||||
|  * @param $line |  * @param $line | ||||||
|  *   The line number the error was raised at. |  *   The line number the error was raised at. | ||||||
|  * @param $context |  | ||||||
|  *   An array that points to the active symbol table at the point the error |  | ||||||
|  *   occurred. |  | ||||||
|  */ |  */ | ||||||
| function _drupal_error_handler_real($error_level, $message, $filename, $line, $context) { | function _drupal_error_handler_real($error_level, $message, $filename, $line) { | ||||||
|   if ($error_level & error_reporting()) { |   if ($error_level & error_reporting()) { | ||||||
|     $types = drupal_error_levels(); |     $types = drupal_error_levels(); | ||||||
|     list($severity_msg, $severity_level) = $types[$error_level]; |     list($severity_msg, $severity_level) = $types[$error_level]; | ||||||
| @@ -66,7 +63,7 @@ function _drupal_error_handler_real($error_level, $message, $filename, $line, $c | |||||||
|     _drupal_log_error(array( |     _drupal_log_error(array( | ||||||
|       '%type' => isset($types[$error_level]) ? $severity_msg : 'Unknown error', |       '%type' => isset($types[$error_level]) ? $severity_msg : 'Unknown error', | ||||||
|       // The standard PHP error handler considers that the error messages |       // The standard PHP error handler considers that the error messages | ||||||
|       // are HTML. We mimick this behavior here. |       // are HTML. We mimic this behavior here. | ||||||
|       '!message' => filter_xss_admin($message), |       '!message' => filter_xss_admin($message), | ||||||
|       '%function' => $caller['function'], |       '%function' => $caller['function'], | ||||||
|       '%file' => $caller['file'], |       '%file' => $caller['file'], | ||||||
| @@ -114,7 +111,7 @@ function _drupal_decode_exception($exception) { | |||||||
|   return array( |   return array( | ||||||
|     '%type' => get_class($exception), |     '%type' => get_class($exception), | ||||||
|     // The standard PHP exception handler considers that the exception message |     // The standard PHP exception handler considers that the exception message | ||||||
|     // is plain-text. We mimick this behavior here. |     // is plain-text. We mimic this behavior here. | ||||||
|     '!message' => check_plain($message), |     '!message' => check_plain($message), | ||||||
|     '%function' => $caller['function'], |     '%function' => $caller['function'], | ||||||
|     '%file' => $caller['file'], |     '%file' => $caller['file'], | ||||||
| @@ -199,7 +196,16 @@ function _drupal_log_error($error, $fatal = FALSE) { | |||||||
|     $number++; |     $number++; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   // Log the error immediately, unless this is a non-fatal error which has been | ||||||
|  |   // triggered via drupal_trigger_error_with_delayed_logging(); in that case | ||||||
|  |   // trigger it in a shutdown function. Fatal errors are always triggered | ||||||
|  |   // immediately since for a fatal error the page request will end here anyway. | ||||||
|  |   if (!$fatal && drupal_static('_drupal_trigger_error_with_delayed_logging')) { | ||||||
|  |     drupal_register_shutdown_function('watchdog', 'php', '%type: !message in %function (line %line of %file).', $error, $error['severity_level']); | ||||||
|  |   } | ||||||
|  |   else { | ||||||
|     watchdog('php', '%type: !message in %function (line %line of %file).', $error, $error['severity_level']); |     watchdog('php', '%type: !message in %function (line %line of %file).', $error, $error['severity_level']); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   if ($fatal) { |   if ($fatal) { | ||||||
|     drupal_add_http_header('Status', '500 Service unavailable (with message)'); |     drupal_add_http_header('Status', '500 Service unavailable (with message)'); | ||||||
| @@ -224,7 +230,7 @@ function _drupal_log_error($error, $fatal = FALSE) { | |||||||
|   } |   } | ||||||
|   else { |   else { | ||||||
|     // Display the message if the current error reporting level allows this type |     // Display the message if the current error reporting level allows this type | ||||||
|     // of message to be displayed, and unconditionnaly in update.php. |     // of message to be displayed, and unconditionally in update.php. | ||||||
|     if (error_displayable($error)) { |     if (error_displayable($error)) { | ||||||
|       $class = 'error'; |       $class = 'error'; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -273,7 +273,9 @@ function file_default_scheme() { | |||||||
|  *   The normalized URI. |  *   The normalized URI. | ||||||
|  */ |  */ | ||||||
| function file_stream_wrapper_uri_normalize($uri) { | function file_stream_wrapper_uri_normalize($uri) { | ||||||
|   $scheme = file_uri_scheme($uri); |   // Inline file_uri_scheme() function call for performance reasons. | ||||||
|  |   $position = strpos($uri, '://'); | ||||||
|  |   $scheme = $position ? substr($uri, 0, $position) : FALSE; | ||||||
|  |  | ||||||
|   if ($scheme && file_stream_wrapper_valid_scheme($scheme)) { |   if ($scheme && file_stream_wrapper_valid_scheme($scheme)) { | ||||||
|     $target = file_uri_target($uri); |     $target = file_uri_target($uri); | ||||||
| @@ -530,10 +532,24 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 | |||||||
| <IfModule mod_php5.c> | <IfModule mod_php5.c> | ||||||
|   php_flag engine off |   php_flag engine off | ||||||
| </IfModule> | </IfModule> | ||||||
|  | <IfModule mod_php7.c> | ||||||
|  |   php_flag engine off | ||||||
|  | </IfModule> | ||||||
| EOF; | EOF; | ||||||
|  |  | ||||||
|   if ($private) { |   if ($private) { | ||||||
|     $lines = "Deny from all\n\n" . $lines; |     $lines = <<<EOF | ||||||
|  | # Deny all requests from Apache 2.4+. | ||||||
|  | <IfModule mod_authz_core.c> | ||||||
|  |   Require all denied | ||||||
|  | </IfModule> | ||||||
|  |  | ||||||
|  | # Deny all requests from Apache 2.0-2.2. | ||||||
|  | <IfModule !mod_authz_core.c> | ||||||
|  |   Deny from all | ||||||
|  | </IfModule> | ||||||
|  | EOF | ||||||
|  |     . "\n\n" . $lines; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   return $lines; |   return $lines; | ||||||
| @@ -887,7 +903,6 @@ function file_valid_uri($uri) { | |||||||
|  */ |  */ | ||||||
| function file_unmanaged_copy($source, $destination = NULL, $replace = FILE_EXISTS_RENAME) { | function file_unmanaged_copy($source, $destination = NULL, $replace = FILE_EXISTS_RENAME) { | ||||||
|   $original_source = $source; |   $original_source = $source; | ||||||
|   $original_destination = $destination; |  | ||||||
|  |  | ||||||
|   // Assert that the source file actually exists. |   // Assert that the source file actually exists. | ||||||
|   if (!file_exists($source)) { |   if (!file_exists($source)) { | ||||||
| @@ -981,8 +996,15 @@ function file_build_uri($path) { | |||||||
|  * @return |  * @return | ||||||
|  *   The destination filepath, or FALSE if the file already exists |  *   The destination filepath, or FALSE if the file already exists | ||||||
|  *   and FILE_EXISTS_ERROR is specified. |  *   and FILE_EXISTS_ERROR is specified. | ||||||
|  |  * | ||||||
|  |  * @throws RuntimeException | ||||||
|  |  *   Thrown if the filename contains invalid UTF-8. | ||||||
|  */ |  */ | ||||||
| function file_destination($destination, $replace) { | function file_destination($destination, $replace) { | ||||||
|  |   $basename = drupal_basename($destination); | ||||||
|  |   if (!drupal_validate_utf8($basename)) { | ||||||
|  |     throw new RuntimeException(sprintf("Invalid filename '%s'", $basename)); | ||||||
|  |   } | ||||||
|   if (file_exists($destination)) { |   if (file_exists($destination)) { | ||||||
|     switch ($replace) { |     switch ($replace) { | ||||||
|       case FILE_EXISTS_REPLACE: |       case FILE_EXISTS_REPLACE: | ||||||
| @@ -990,7 +1012,6 @@ function file_destination($destination, $replace) { | |||||||
|         break; |         break; | ||||||
|  |  | ||||||
|       case FILE_EXISTS_RENAME: |       case FILE_EXISTS_RENAME: | ||||||
|         $basename = drupal_basename($destination); |  | ||||||
|         $directory = drupal_dirname($destination); |         $directory = drupal_dirname($destination); | ||||||
|         $destination = file_create_filename($basename, $directory); |         $destination = file_create_filename($basename, $directory); | ||||||
|         break; |         break; | ||||||
| @@ -1126,8 +1147,8 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST | |||||||
|  * exploit.php_.pps. |  * exploit.php_.pps. | ||||||
|  * |  * | ||||||
|  * Specifically, this function adds an underscore to all extensions that are |  * Specifically, this function adds an underscore to all extensions that are | ||||||
|  * between 2 and 5 characters in length, internal to the file name, and not |  * between 2 and 5 characters in length, internal to the file name, and either | ||||||
|  * included in $extensions. |  * included in the list of unsafe extensions, or not included in $extensions. | ||||||
|  * |  * | ||||||
|  * Function behavior is also controlled by the Drupal variable |  * Function behavior is also controlled by the Drupal variable | ||||||
|  * 'allow_insecure_uploads'. If 'allow_insecure_uploads' evaluates to TRUE, no |  * 'allow_insecure_uploads'. If 'allow_insecure_uploads' evaluates to TRUE, no | ||||||
| @@ -1136,7 +1157,8 @@ function file_unmanaged_move($source, $destination = NULL, $replace = FILE_EXIST | |||||||
|  * @param $filename |  * @param $filename | ||||||
|  *   File name to modify. |  *   File name to modify. | ||||||
|  * @param $extensions |  * @param $extensions | ||||||
|  *   A space-separated list of extensions that should not be altered. |  *   A space-separated list of extensions that should not be altered. Note that | ||||||
|  |  *   extensions that are unsafe will be altered regardless of this parameter. | ||||||
|  * @param $alerts |  * @param $alerts | ||||||
|  *   If TRUE, drupal_set_message() will be called to display a message if the |  *   If TRUE, drupal_set_message() will be called to display a message if the | ||||||
|  *   file name was changed. |  *   file name was changed. | ||||||
| @@ -1154,6 +1176,10 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) { | |||||||
|  |  | ||||||
|     $whitelist = array_unique(explode(' ', strtolower(trim($extensions)))); |     $whitelist = array_unique(explode(' ', strtolower(trim($extensions)))); | ||||||
|  |  | ||||||
|  |     // Remove unsafe extensions from the list of allowed extensions. The list is | ||||||
|  |     // copied from file_save_upload(). | ||||||
|  |     $whitelist = array_diff($whitelist, explode('|', 'php|phar|pl|py|cgi|asp|js')); | ||||||
|  |  | ||||||
|     // Split the filename up by periods. The first part becomes the basename |     // Split the filename up by periods. The first part becomes the basename | ||||||
|     // the last part the final extension. |     // the last part the final extension. | ||||||
|     $filename_parts = explode('.', $filename); |     $filename_parts = explode('.', $filename); | ||||||
| @@ -1206,11 +1232,20 @@ function file_unmunge_filename($filename) { | |||||||
|  * @return |  * @return | ||||||
|  *   File path consisting of $directory and a unique filename based off |  *   File path consisting of $directory and a unique filename based off | ||||||
|  *   of $basename. |  *   of $basename. | ||||||
|  |  * | ||||||
|  |  * @throws RuntimeException | ||||||
|  |  *   Thrown if the $basename is not valid UTF-8 or another error occurs | ||||||
|  |  *   stripping control characters. | ||||||
|  */ |  */ | ||||||
| function file_create_filename($basename, $directory) { | function file_create_filename($basename, $directory) { | ||||||
|  |   $original = $basename; | ||||||
|   // Strip control characters (ASCII value < 32). Though these are allowed in |   // Strip control characters (ASCII value < 32). Though these are allowed in | ||||||
|   // some filesystems, not many applications handle them well. |   // some filesystems, not many applications handle them well. | ||||||
|   $basename = preg_replace('/[\x00-\x1F]/u', '_', $basename); |   $basename = preg_replace('/[\x00-\x1F]/u', '_', $basename); | ||||||
|  |   if (preg_last_error() !== PREG_NO_ERROR) { | ||||||
|  |     throw new RuntimeException(sprintf("Invalid filename '%s'", $original)); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   if (substr(PHP_OS, 0, 3) == 'WIN') { |   if (substr(PHP_OS, 0, 3) == 'WIN') { | ||||||
|     // These characters are not allowed in Windows filenames |     // These characters are not allowed in Windows filenames | ||||||
|     $basename = str_replace(array(':', '*', '?', '"', '<', '>', '|'), '_', $basename); |     $basename = str_replace(array(':', '*', '?', '"', '<', '>', '|'), '_', $basename); | ||||||
| @@ -1512,6 +1547,7 @@ function file_save_upload($form_field_name, $validators = array(), $destination | |||||||
|     $validators['file_validate_extensions'][0] = $extensions; |     $validators['file_validate_extensions'][0] = $extensions; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   if (!variable_get('allow_insecure_uploads', 0)) { | ||||||
|     if (!empty($extensions)) { |     if (!empty($extensions)) { | ||||||
|       // Munge the filename to protect against possible malicious extension hiding |       // Munge the filename to protect against possible malicious extension hiding | ||||||
|       // within an unknown file type (ie: filename.html.foo). |       // within an unknown file type (ie: filename.html.foo). | ||||||
| @@ -1519,18 +1555,27 @@ function file_save_upload($form_field_name, $validators = array(), $destination | |||||||
|     } |     } | ||||||
|  |  | ||||||
|     // Rename potentially executable files, to help prevent exploits (i.e. will |     // Rename potentially executable files, to help prevent exploits (i.e. will | ||||||
|   // rename filename.php.foo and filename.php to filename.php.foo.txt and |     // rename filename.php.foo and filename.php to filename.php_.foo_.txt and | ||||||
|   // filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads' |     // filename.php_.txt, respectively). Don't rename if 'allow_insecure_uploads' | ||||||
|     // evaluates to TRUE. |     // evaluates to TRUE. | ||||||
|   if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { |     if (preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) { | ||||||
|  |       // If the file will be rejected anyway due to a disallowed extension, it | ||||||
|  |       // should not be renamed; rather, we'll let file_validate_extensions() | ||||||
|  |       // reject it below. | ||||||
|  |       if (!isset($validators['file_validate_extensions']) || !file_validate_extensions($file, $extensions)) { | ||||||
|         $file->filemime = 'text/plain'; |         $file->filemime = 'text/plain'; | ||||||
|     $file->uri .= '.txt'; |         if (substr($file->filename, -4) != '.txt') { | ||||||
|  |           // The destination filename will also later be used to create the URI. | ||||||
|           $file->filename .= '.txt'; |           $file->filename .= '.txt'; | ||||||
|  |         } | ||||||
|  |         $file->filename = file_munge_filename($file->filename, $extensions, FALSE); | ||||||
|  |         drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename))); | ||||||
|         // The .txt extension may not be in the allowed list of extensions. We have |         // The .txt extension may not be in the allowed list of extensions. We have | ||||||
|         // to add it here or else the file upload will fail. |         // to add it here or else the file upload will fail. | ||||||
|     if (!empty($extensions)) { |         if (!empty($validators['file_validate_extensions'][0])) { | ||||||
|           $validators['file_validate_extensions'][0] .= ' txt'; |           $validators['file_validate_extensions'][0] .= ' txt'; | ||||||
|       drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename))); |         } | ||||||
|  |       } | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  |  | ||||||
| @@ -1551,7 +1596,13 @@ function file_save_upload($form_field_name, $validators = array(), $destination | |||||||
|   if (substr($destination, -1) != '/') { |   if (substr($destination, -1) != '/') { | ||||||
|     $destination .= '/'; |     $destination .= '/'; | ||||||
|   } |   } | ||||||
|  |   try { | ||||||
|     $file->destination = file_destination($destination . $file->filename, $replace); |     $file->destination = file_destination($destination . $file->filename, $replace); | ||||||
|  |   } | ||||||
|  |   catch (RuntimeException $e) { | ||||||
|  |     drupal_set_message(t('The file %source could not be uploaded because the name is invalid.', array('%source' => $form_field_name)), 'error'); | ||||||
|  |     return FALSE; | ||||||
|  |   } | ||||||
|   // If file_destination() returns FALSE then $replace == FILE_EXISTS_ERROR and |   // If file_destination() returns FALSE then $replace == FILE_EXISTS_ERROR and | ||||||
|   // there's an existing file so we need to bail. |   // there's an existing file so we need to bail. | ||||||
|   if ($file->destination === FALSE) { |   if ($file->destination === FALSE) { | ||||||
| @@ -1602,6 +1653,20 @@ function file_save_upload($form_field_name, $validators = array(), $destination | |||||||
|  |  | ||||||
|   // If we made it this far it's safe to record this file in the database. |   // If we made it this far it's safe to record this file in the database. | ||||||
|   if ($file = file_save($file)) { |   if ($file = file_save($file)) { | ||||||
|  |     // Track non-public files in the session if they were uploaded by an | ||||||
|  |     // anonymous user. This allows modules such as the File module to only | ||||||
|  |     // grant view access to the specific anonymous user who uploaded the file. | ||||||
|  |     // See file_file_download(). | ||||||
|  |     // The 'file_public_schema' variable is used to allow other publicly | ||||||
|  |     // accessible file schemes to be treated the same as the public:// scheme | ||||||
|  |     // provided by Drupal core and to avoid adding unnecessary data to the | ||||||
|  |     // session (and the resulting bypass of the page cache) in those cases. For | ||||||
|  |     // security reasons, only schemes that are completely publicly accessible, | ||||||
|  |     // with no download restrictions, should be added to this variable. See | ||||||
|  |     // file_managed_file_value(). | ||||||
|  |     if (!$user->uid && !in_array($destination_scheme, variable_get('file_public_schema', array('public')))) { | ||||||
|  |       $_SESSION['anonymous_allowed_file_ids'][$file->fid] = $file->fid; | ||||||
|  |     } | ||||||
|     // Add file to the cache. |     // Add file to the cache. | ||||||
|     $upload_cache[$form_field_name] = $file; |     $upload_cache[$form_field_name] = $file; | ||||||
|     return $file; |     return $file; | ||||||
| @@ -1678,7 +1743,18 @@ function file_validate(stdClass &$file, $validators = array()) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Let other modules perform validation on the new file. |   // Let other modules perform validation on the new file. | ||||||
|   return array_merge($errors, module_invoke_all('file_validate', $file)); |   $errors = array_merge($errors, module_invoke_all('file_validate', $file)); | ||||||
|  |  | ||||||
|  |   // Ensure the file does not contain a malicious extension. At this point | ||||||
|  |   // file_save_upload() will have munged the file so it does not contain a | ||||||
|  |   // malicious extension. Contributed and custom code that calls this method | ||||||
|  |   // needs to take similar steps if they need to permit files with malicious | ||||||
|  |   // extensions to be uploaded. | ||||||
|  |   if (empty($errors) && !variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) { | ||||||
|  |     $errors[] = t('For security reasons, your upload has been rejected.'); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   return $errors; | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -1785,7 +1861,7 @@ function file_validate_is_image(stdClass $file) { | |||||||
| /** | /** | ||||||
|  * Verifies that image dimensions are within the specified maximum and minimum. |  * Verifies that image dimensions are within the specified maximum and minimum. | ||||||
|  * |  * | ||||||
|  * Non-image files will be ignored. If a image toolkit is available the image |  * Non-image files will be ignored. If an image toolkit is available the image | ||||||
|  * will be scaled to fit within the desired maximum dimensions. |  * will be scaled to fit within the desired maximum dimensions. | ||||||
|  * |  * | ||||||
|  * @param $file |  * @param $file | ||||||
| @@ -2022,7 +2098,7 @@ function file_download() { | |||||||
|  * |  * | ||||||
|  * @see file_transfer() |  * @see file_transfer() | ||||||
|  * @see file_download_access() |  * @see file_download_access() | ||||||
|  * @see hook_file_downlaod() |  * @see hook_file_download() | ||||||
|  */ |  */ | ||||||
| function file_download_headers($uri) { | function file_download_headers($uri) { | ||||||
|   // Let other modules provide headers and control access to the file. |   // Let other modules provide headers and control access to the file. | ||||||
| @@ -2104,9 +2180,33 @@ function file_download_access($uri) { | |||||||
|  *   'filename', and 'name' members corresponding to the matching files. |  *   'filename', and 'name' members corresponding to the matching files. | ||||||
|  */ |  */ | ||||||
| function file_scan_directory($dir, $mask, $options = array(), $depth = 0) { | function file_scan_directory($dir, $mask, $options = array(), $depth = 0) { | ||||||
|  |   // Default nomask option. | ||||||
|  |   $nomask = '/(\.\.?|CVS)$/'; | ||||||
|  |  | ||||||
|  |   // Overrides the $nomask variable accordingly if $options['nomask'] is set. | ||||||
|  |   // | ||||||
|  |   // Allow directories specified in settings.php to be ignored. You can use this | ||||||
|  |   // to not check for files in common special-purpose directories. For example, | ||||||
|  |   // node_modules and bower_components. Ignoring irrelevant directories is a | ||||||
|  |   // performance boost. | ||||||
|  |   if (!isset($options['nomask'])) { | ||||||
|  |     $ignore_directories = variable_get( | ||||||
|  |       'file_scan_ignore_directories', | ||||||
|  |       array() | ||||||
|  |     ); | ||||||
|  |  | ||||||
|  |     foreach ($ignore_directories as $index => $ignore_directory) { | ||||||
|  |       $ignore_directories[$index] = preg_quote($ignore_directory, '/'); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     if (!empty($ignore_directories)) { | ||||||
|  |       $nomask = '/^(\.\.?)|CVS|' . implode('|', $ignore_directories) . '$/'; | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Merge in defaults. |   // Merge in defaults. | ||||||
|   $options += array( |   $options += array( | ||||||
|     'nomask' => '/(\.\.?|CVS)$/', |     'nomask' => $nomask, | ||||||
|     'callback' => 0, |     'callback' => 0, | ||||||
|     'recurse' => TRUE, |     'recurse' => TRUE, | ||||||
|     'key' => 'uri', |     'key' => 'uri', | ||||||
| @@ -2551,7 +2651,6 @@ function file_directory_temp() { | |||||||
|  *   An associative array of headers, as expected by file_transfer(). |  *   An associative array of headers, as expected by file_transfer(). | ||||||
|  */ |  */ | ||||||
| function file_get_content_headers($file) { | function file_get_content_headers($file) { | ||||||
|   $name = mime_header_encode($file->filename); |  | ||||||
|   $type = mime_header_encode($file->filemime); |   $type = mime_header_encode($file->filemime); | ||||||
|  |  | ||||||
|   return array( |   return array( | ||||||
|   | |||||||
							
								
								
									
										55
									
								
								includes/file.phar.inc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								includes/file.phar.inc
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | |||||||
|  | <?php | ||||||
|  |  | ||||||
|  | use Drupal\Core\Security\PharExtensionInterceptor; | ||||||
|  | use TYPO3\PharStreamWrapper\Manager as PharStreamWrapperManager; | ||||||
|  | use TYPO3\PharStreamWrapper\Behavior as PharStreamWrapperBehavior; | ||||||
|  | use TYPO3\PharStreamWrapper\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Registers a phar stream wrapper that is more secure than PHP's built-in one. | ||||||
|  |  * | ||||||
|  |  * @see file_get_stream_wrappers() | ||||||
|  |  */ | ||||||
|  | function file_register_phar_wrapper() { | ||||||
|  |   $directory = DRUPAL_ROOT . '/misc/typo3/phar-stream-wrapper/src'; | ||||||
|  |   include_once $directory . '/Assertable.php'; | ||||||
|  |   include_once $directory . '/Behavior.php'; | ||||||
|  |   include_once $directory . '/Exception.php'; | ||||||
|  |   include_once $directory . '/Helper.php'; | ||||||
|  |   include_once $directory . '/Manager.php'; | ||||||
|  |   include_once $directory . '/PharStreamWrapper.php'; | ||||||
|  |   include_once $directory . '/Collectable.php'; | ||||||
|  |   include_once $directory . '/Interceptor/ConjunctionInterceptor.php'; | ||||||
|  |   include_once $directory . '/Interceptor/PharMetaDataInterceptor.php'; | ||||||
|  |   include_once $directory . '/Phar/Container.php'; | ||||||
|  |   include_once $directory . '/Phar/DeserializationException.php'; | ||||||
|  |   include_once $directory . '/Phar/Manifest.php'; | ||||||
|  |   include_once $directory . '/Phar/Reader.php'; | ||||||
|  |   include_once $directory . '/Phar/ReaderException.php'; | ||||||
|  |   include_once $directory . '/Phar/Stub.php'; | ||||||
|  |   include_once $directory . '/Resolvable.php'; | ||||||
|  |   include_once $directory . '/Resolver/PharInvocation.php'; | ||||||
|  |   include_once $directory . '/Resolver/PharInvocationCollection.php'; | ||||||
|  |   include_once $directory . '/Resolver/PharInvocationResolver.php'; | ||||||
|  |   include_once DRUPAL_ROOT . '/misc/typo3/drupal-security/PharExtensionInterceptor.php'; | ||||||
|  |   include_once DRUPAL_ROOT . '/misc/brumann/polyfill-unserialize/src/Unserialize.php'; | ||||||
|  |  | ||||||
|  |   // Set up a stream wrapper to handle insecurities due to PHP's built-in | ||||||
|  |   // phar stream wrapper. | ||||||
|  |   try { | ||||||
|  |     $behavior = new PharStreamWrapperBehavior(); | ||||||
|  |     PharStreamWrapperManager::initialize( | ||||||
|  |       $behavior->withAssertion(new PharExtensionInterceptor()) | ||||||
|  |     ); | ||||||
|  |   } | ||||||
|  |   catch (\LogicException $e) { | ||||||
|  |     // Continue if the PharStreamWrapperManager is already initialized. | ||||||
|  |     // For example, this occurs following a drupal_static_reset(), such | ||||||
|  |     // as during tests. | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   // To prevent file_stream_wrapper_valid_scheme() treating "phar" as a valid | ||||||
|  |   // scheme, this is registered with PHP only, not with  hook_stream_wrappers() | ||||||
|  |   // or the internal storage of file_get_stream_wrappers(). | ||||||
|  |   stream_wrapper_register('phar', '\\TYPO3\\PharStreamWrapper\\PharStreamWrapper'); | ||||||
|  | } | ||||||
| @@ -301,7 +301,7 @@ abstract class FileTransfer { | |||||||
|     $parts = explode('/', $path); |     $parts = explode('/', $path); | ||||||
|     $chroot = ''; |     $chroot = ''; | ||||||
|     while (count($parts)) { |     while (count($parts)) { | ||||||
|       $check = implode($parts, '/'); |       $check = implode('/', $parts); | ||||||
|       if ($this->isFile($check . '/' . drupal_basename(__FILE__))) { |       if ($this->isFile($check . '/' . drupal_basename(__FILE__))) { | ||||||
|         // Remove the trailing slash. |         // Remove the trailing slash. | ||||||
|         return substr($chroot, 0, -1); |         return substr($chroot, 0, -1); | ||||||
|   | |||||||
| @@ -105,7 +105,8 @@ | |||||||
|  *   generate the same form (or very similar forms) using different $form_ids |  *   generate the same form (or very similar forms) using different $form_ids | ||||||
|  *   can implement hook_forms(), which maps different $form_id values to the |  *   can implement hook_forms(), which maps different $form_id values to the | ||||||
|  *   proper form constructor function. Examples may be found in node_forms(), |  *   proper form constructor function. Examples may be found in node_forms(), | ||||||
|  *   and search_forms(). |  *   and search_forms(). hook_forms() can also be used to define forms in | ||||||
|  |  *   classes. | ||||||
|  * @param ... |  * @param ... | ||||||
|  *   Any additional arguments are passed on to the functions called by |  *   Any additional arguments are passed on to the functions called by | ||||||
|  *   drupal_get_form(), including the unique form constructor function. For |  *   drupal_get_form(), including the unique form constructor function. For | ||||||
| @@ -554,8 +555,10 @@ function form_get_cache($form_build_id, &$form_state) { | |||||||
|  * Stores a form in the cache. |  * Stores a form in the cache. | ||||||
|  */ |  */ | ||||||
| function form_set_cache($form_build_id, $form, $form_state) { | function form_set_cache($form_build_id, $form, $form_state) { | ||||||
|   // 6 hours cache life time for forms should be plenty. |   // The default cache_form expiration is 6 hours. On busy sites, the cache_form | ||||||
|   $expire = 21600; |   // table can become very large. A shorter cache lifetime can help to keep the | ||||||
|  |   // table's size under control. | ||||||
|  |   $expire = variable_get('form_cache_expiration', 21600); | ||||||
|  |  | ||||||
|   // Ensure that the form build_id embedded in the form structure is the same as |   // Ensure that the form build_id embedded in the form structure is the same as | ||||||
|   // the one passed in as a parameter. This is an additional safety measure to |   // the one passed in as a parameter. This is an additional safety measure to | ||||||
| @@ -809,7 +812,7 @@ function drupal_retrieve_form($form_id, &$form_state) { | |||||||
|     } |     } | ||||||
|     if (isset($form_definition['callback'])) { |     if (isset($form_definition['callback'])) { | ||||||
|       $callback = $form_definition['callback']; |       $callback = $form_definition['callback']; | ||||||
|       $form_state['build_info']['base_form_id'] = $callback; |       $form_state['build_info']['base_form_id'] = isset($form_definition['base_form_id']) ? $form_definition['base_form_id'] : $callback; | ||||||
|     } |     } | ||||||
|     // In case $form_state['wrapper_callback'] is not defined already, we also |     // In case $form_state['wrapper_callback'] is not defined already, we also | ||||||
|     // allow hook_forms() to define one. |     // allow hook_forms() to define one. | ||||||
| @@ -830,7 +833,7 @@ function drupal_retrieve_form($form_id, &$form_state) { | |||||||
|   // the actual form builder function ($callback) expects. This allows for |   // the actual form builder function ($callback) expects. This allows for | ||||||
|   // pre-populating a form with common elements for certain forms, such as |   // pre-populating a form with common elements for certain forms, such as | ||||||
|   // back/next/save buttons in multi-step form wizards. See drupal_build_form(). |   // back/next/save buttons in multi-step form wizards. See drupal_build_form(). | ||||||
|   if (isset($form_state['wrapper_callback']) && function_exists($form_state['wrapper_callback'])) { |   if (isset($form_state['wrapper_callback']) && is_callable($form_state['wrapper_callback'])) { | ||||||
|     $form = call_user_func_array($form_state['wrapper_callback'], $args); |     $form = call_user_func_array($form_state['wrapper_callback'], $args); | ||||||
|     // Put the prepopulated $form into $args. |     // Put the prepopulated $form into $args. | ||||||
|     $args[0] = $form; |     $args[0] = $form; | ||||||
| @@ -1128,6 +1131,13 @@ function drupal_prepare_form($form_id, &$form, &$form_state) { | |||||||
|   drupal_alter($hooks, $form, $form_state, $form_id); |   drupal_alter($hooks, $form, $form_state, $form_id); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Helper function to call form_set_error() if there is a token error. | ||||||
|  |  */ | ||||||
|  | function _drupal_invalid_token_set_form_error() { | ||||||
|  |   // Setting this error will cause the form to fail validation. | ||||||
|  |   form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.')); | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Validates user-submitted form data in the $form_state array. |  * Validates user-submitted form data in the $form_state array. | ||||||
| @@ -1162,16 +1172,16 @@ function drupal_validate_form($form_id, &$form, &$form_state) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   // If the session token was set by drupal_prepare_form(), ensure that it |   // If the session token was set by drupal_prepare_form(), ensure that it | ||||||
|   // matches the current user's session. |   // matches the current user's session. This is duplicate to code in | ||||||
|   if (isset($form['#token'])) { |   // form_builder() but left to protect any custom form handling code. | ||||||
|     if (!drupal_valid_token($form_state['values']['form_token'], $form['#token'])) { |   if (!empty($form['#token'])) { | ||||||
|       $path = current_path(); |     if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) { | ||||||
|       $query = drupal_get_query_parameters(); |       _drupal_invalid_token_set_form_error(); | ||||||
|       $url = url($path, array('query' => $query)); |       // Ignore all submitted values. | ||||||
|  |       $form_state['input'] = array(); | ||||||
|       // Setting this error will cause the form to fail validation. |       $_POST = array(); | ||||||
|       form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url))); |       // Make sure file uploads do not get processed. | ||||||
|  |       $_FILES = array(); | ||||||
|       // Stop here and don't run any further validation handlers, because they |       // Stop here and don't run any further validation handlers, because they | ||||||
|       // could invoke non-safe operations which opens the door for CSRF |       // could invoke non-safe operations which opens the door for CSRF | ||||||
|       // vulnerabilities. |       // vulnerabilities. | ||||||
| @@ -1351,7 +1361,10 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) { | |||||||
|     // The following errors are always shown. |     // The following errors are always shown. | ||||||
|     if (isset($elements['#needs_validation'])) { |     if (isset($elements['#needs_validation'])) { | ||||||
|       // Verify that the value is not longer than #maxlength. |       // Verify that the value is not longer than #maxlength. | ||||||
|       if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) { |       if (isset($elements['#maxlength']) && (isset($elements['#value']) && !is_scalar($elements['#value']))) { | ||||||
|  |         form_error($elements, $t('An illegal value has been detected. Please contact the site administrator.')); | ||||||
|  |       } | ||||||
|  |       elseif (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) { | ||||||
|         form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value'])))); |         form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value'])))); | ||||||
|       } |       } | ||||||
|  |  | ||||||
| @@ -1431,10 +1444,12 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) { | |||||||
|       // length if it's a string, and the item count if it's an array. |       // length if it's a string, and the item count if it's an array. | ||||||
|       // An unchecked checkbox has a #value of integer 0, different than string |       // An unchecked checkbox has a #value of integer 0, different than string | ||||||
|       // '0', which could be a valid value. |       // '0', which could be a valid value. | ||||||
|       $is_empty_multiple = (!count($elements['#value'])); |       $is_countable = is_array($elements['#value']) || $elements['#value'] instanceof Countable; | ||||||
|  |       $is_empty_multiple = $is_countable && count($elements['#value']) == 0; | ||||||
|       $is_empty_string = (is_string($elements['#value']) && drupal_strlen(trim($elements['#value'])) == 0); |       $is_empty_string = (is_string($elements['#value']) && drupal_strlen(trim($elements['#value'])) == 0); | ||||||
|       $is_empty_value = ($elements['#value'] === 0); |       $is_empty_value = ($elements['#value'] === 0); | ||||||
|       if ($is_empty_multiple || $is_empty_string || $is_empty_value) { |       $is_empty_null = is_null($elements['#value']); | ||||||
|  |       if ($is_empty_multiple || $is_empty_string || $is_empty_value || $is_empty_null) { | ||||||
|         // Although discouraged, a #title is not mandatory for form elements. In |         // Although discouraged, a #title is not mandatory for form elements. In | ||||||
|         // case there is no #title, we cannot set a form error message. |         // case there is no #title, we cannot set a form error message. | ||||||
|         // Instead of setting no #title, form constructors are encouraged to set |         // Instead of setting no #title, form constructors are encouraged to set | ||||||
| @@ -1827,6 +1842,23 @@ function form_builder($form_id, &$element, &$form_state) { | |||||||
|     // from the POST data is set and matches the current form_id. |     // from the POST data is set and matches the current form_id. | ||||||
|     if ($form_state['programmed'] || (!empty($form_state['input']) && (isset($form_state['input']['form_id']) && ($form_state['input']['form_id'] == $form_id)))) { |     if ($form_state['programmed'] || (!empty($form_state['input']) && (isset($form_state['input']['form_id']) && ($form_state['input']['form_id'] == $form_id)))) { | ||||||
|       $form_state['process_input'] = TRUE; |       $form_state['process_input'] = TRUE; | ||||||
|  |       // If the session token was set by drupal_prepare_form(), ensure that it | ||||||
|  |       // matches the current user's session. | ||||||
|  |       $form_state['invalid_token'] = FALSE; | ||||||
|  |       if (!empty($element['#token'])) { | ||||||
|  |         if (empty($form_state['input']['form_token']) || !drupal_valid_token($form_state['input']['form_token'], $element['#token'])) { | ||||||
|  |           // Set an early form error to block certain input processing since that | ||||||
|  |           // opens the door for CSRF vulnerabilities. | ||||||
|  |           _drupal_invalid_token_set_form_error(); | ||||||
|  |           // This value is checked in _form_builder_handle_input_element(). | ||||||
|  |           $form_state['invalid_token'] = TRUE; | ||||||
|  |           // Ignore all submitted values. | ||||||
|  |           $form_state['input'] = array(); | ||||||
|  |           $_POST = array(); | ||||||
|  |           // Make sure file uploads do not get processed. | ||||||
|  |           $_FILES = array(); | ||||||
|  |         } | ||||||
|  |       } | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|       $form_state['process_input'] = FALSE; |       $form_state['process_input'] = FALSE; | ||||||
| @@ -1930,6 +1962,18 @@ function form_builder($form_id, &$element, &$form_state) { | |||||||
|       $element['#attributes']['enctype'] = 'multipart/form-data'; |       $element['#attributes']['enctype'] = 'multipart/form-data'; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // Allow Ajax submissions to the form action to bypass verification. This is | ||||||
|  |     // especially useful for multipart forms, which cannot be verified via a | ||||||
|  |     // response header. | ||||||
|  |     $element['#attached']['js'][] = array( | ||||||
|  |       'type' => 'setting', | ||||||
|  |       'data' => array( | ||||||
|  |         'urlIsAjaxTrusted' => array( | ||||||
|  |           $element['#action'] => TRUE, | ||||||
|  |         ), | ||||||
|  |       ), | ||||||
|  |     ); | ||||||
|  |  | ||||||
|     // If a form contains a single textfield, and the ENTER key is pressed |     // If a form contains a single textfield, and the ENTER key is pressed | ||||||
|     // within it, Internet Explorer submits the form with no POST data |     // within it, Internet Explorer submits the form with no POST data | ||||||
|     // identifying any submit button. Other browsers submit POST data as though |     // identifying any submit button. Other browsers submit POST data as though | ||||||
| @@ -1978,6 +2022,19 @@ function form_builder($form_id, &$element, &$form_state) { | |||||||
|  * Adds the #name and #value properties of an input element before rendering. |  * Adds the #name and #value properties of an input element before rendering. | ||||||
|  */ |  */ | ||||||
| function _form_builder_handle_input_element($form_id, &$element, &$form_state) { | function _form_builder_handle_input_element($form_id, &$element, &$form_state) { | ||||||
|  |   static $safe_core_value_callbacks = array( | ||||||
|  |     'form_type_token_value', | ||||||
|  |     'form_type_textarea_value', | ||||||
|  |     'form_type_textfield_value', | ||||||
|  |     'form_type_checkbox_value', | ||||||
|  |     'form_type_checkboxes_value', | ||||||
|  |     'form_type_radios_value', | ||||||
|  |     'form_type_password_confirm_value', | ||||||
|  |     'form_type_select_value', | ||||||
|  |     'form_type_tableselect_value', | ||||||
|  |     'list_boolean_allowed_values_callback', | ||||||
|  |   ); | ||||||
|  |  | ||||||
|   if (!isset($element['#name'])) { |   if (!isset($element['#name'])) { | ||||||
|     $name = array_shift($element['#parents']); |     $name = array_shift($element['#parents']); | ||||||
|     $element['#name'] = $name; |     $element['#name'] = $name; | ||||||
| @@ -2056,8 +2113,15 @@ function _form_builder_handle_input_element($form_id, &$element, &$form_state) { | |||||||
|       // property, optionally filtered through $value_callback. |       // property, optionally filtered through $value_callback. | ||||||
|       if ($input_exists) { |       if ($input_exists) { | ||||||
|         if (function_exists($value_callback)) { |         if (function_exists($value_callback)) { | ||||||
|  |           // Skip all value callbacks except safe ones like text if the CSRF | ||||||
|  |           // token was invalid. | ||||||
|  |           if (empty($form_state['invalid_token']) || in_array($value_callback, $safe_core_value_callbacks)) { | ||||||
|             $element['#value'] = $value_callback($element, $input, $form_state); |             $element['#value'] = $value_callback($element, $input, $form_state); | ||||||
|           } |           } | ||||||
|  |           else { | ||||||
|  |             $input = NULL; | ||||||
|  |           } | ||||||
|  |         } | ||||||
|         if (!isset($element['#value']) && isset($input)) { |         if (!isset($element['#value']) && isset($input)) { | ||||||
|           $element['#value'] = $input; |           $element['#value'] = $input; | ||||||
|         } |         } | ||||||
| @@ -2519,7 +2583,7 @@ function form_type_select_value($element, $input = FALSE) { | |||||||
|  *   for this element. Return nothing to use the default. |  *   for this element. Return nothing to use the default. | ||||||
|  */ |  */ | ||||||
| function form_type_textarea_value($element, $input = FALSE) { | function form_type_textarea_value($element, $input = FALSE) { | ||||||
|   if ($input !== FALSE) { |   if ($input !== FALSE && $input !== NULL) { | ||||||
|     // This should be a string, but allow other scalars since they might be |     // This should be a string, but allow other scalars since they might be | ||||||
|     // valid input in programmatic form submissions. |     // valid input in programmatic form submissions. | ||||||
|     return is_scalar($input) ? (string) $input : ''; |     return is_scalar($input) ? (string) $input : ''; | ||||||
| @@ -2662,8 +2726,8 @@ function _form_options_flatten($array) { | |||||||
|  *   - #required: (optional) Whether the user needs to select an option (TRUE) |  *   - #required: (optional) Whether the user needs to select an option (TRUE) | ||||||
|  *     or not (FALSE). Defaults to FALSE. |  *     or not (FALSE). Defaults to FALSE. | ||||||
|  *   - #empty_option: (optional) The label to show for the first default option. |  *   - #empty_option: (optional) The label to show for the first default option. | ||||||
|  *     By default, the label is automatically set to "- Please select -" for a |  *     By default, the label is automatically set to "- Select -" for a required | ||||||
|  *     required field and "- None -" for an optional field. |  *     field and "- None -" for an optional field. | ||||||
|  *   - #empty_value: (optional) The value for the first default option, which is |  *   - #empty_value: (optional) The value for the first default option, which is | ||||||
|  *     used to determine whether the user submitted a value or not. |  *     used to determine whether the user submitted a value or not. | ||||||
|  *     - If #required is TRUE, this defaults to '' (an empty string). |  *     - If #required is TRUE, this defaults to '' (an empty string). | ||||||
| @@ -2976,7 +3040,7 @@ function form_process_password_confirm($element) { | |||||||
| function password_confirm_validate($element, &$element_state) { | function password_confirm_validate($element, &$element_state) { | ||||||
|   $pass1 = trim($element['pass1']['#value']); |   $pass1 = trim($element['pass1']['#value']); | ||||||
|   $pass2 = trim($element['pass2']['#value']); |   $pass2 = trim($element['pass2']['#value']); | ||||||
|   if (!empty($pass1) || !empty($pass2)) { |   if (strlen($pass1) > 0 || strlen($pass2) > 0) { | ||||||
|     if (strcmp($pass1, $pass2)) { |     if (strcmp($pass1, $pass2)) { | ||||||
|       form_error($element, t('The specified passwords do not match.')); |       form_error($element, t('The specified passwords do not match.')); | ||||||
|     } |     } | ||||||
| @@ -3333,9 +3397,12 @@ function form_process_container($element, &$form_state) { | |||||||
| /** | /** | ||||||
|  * Returns HTML to wrap child elements in a container. |  * Returns HTML to wrap child elements in a container. | ||||||
|  * |  * | ||||||
|  * Used for grouped form items. Can also be used as a #theme_wrapper for any |  * Used for grouped form items. Can also be used as a theme wrapper for any | ||||||
|  * renderable element, to surround it with a <div> and add attributes such as |  * renderable element, to surround it with a <div> and add attributes such as | ||||||
|  * classes or an HTML id. |  * classes or an HTML ID. | ||||||
|  |  * | ||||||
|  |  * See the @link forms_api_reference.html Form API reference @endlink for more | ||||||
|  |  * information on the #theme_wrappers render array property. | ||||||
|  * |  * | ||||||
|  * @param $variables |  * @param $variables | ||||||
|  *   An associative array containing: |  *   An associative array containing: | ||||||
| @@ -3490,6 +3557,7 @@ function form_process_tableselect($element) { | |||||||
|             '#return_value' => $key, |             '#return_value' => $key, | ||||||
|             '#default_value' => isset($value[$key]) ? $key : NULL, |             '#default_value' => isset($value[$key]) ? $key : NULL, | ||||||
|             '#attributes' => $element['#attributes'], |             '#attributes' => $element['#attributes'], | ||||||
|  |             '#ajax' => isset($element['#ajax']) ? $element['#ajax'] : NULL, | ||||||
|           ); |           ); | ||||||
|         } |         } | ||||||
|         else { |         else { | ||||||
| @@ -3910,6 +3978,34 @@ function theme_hidden($variables) { | |||||||
|   return '<input' . drupal_attributes($element['#attributes']) . " />\n"; |   return '<input' . drupal_attributes($element['#attributes']) . " />\n"; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Process function to prepare autocomplete data. | ||||||
|  |  * | ||||||
|  |  * @param $element | ||||||
|  |  *   A textfield or other element with a #autocomplete_path. | ||||||
|  |  * | ||||||
|  |  * @return array | ||||||
|  |  *   The processed form element. | ||||||
|  |  */ | ||||||
|  | function form_process_autocomplete($element) { | ||||||
|  |   $element['#autocomplete_input'] = array(); | ||||||
|  |   if ($element['#autocomplete_path'] && drupal_valid_path($element['#autocomplete_path'])) { | ||||||
|  |     $element['#autocomplete_input']['#id'] = $element['#id'] .'-autocomplete'; | ||||||
|  |     // Force autocomplete to use non-clean URLs since this protects against the | ||||||
|  |     // browser interpreting the path plus search string as an actual file. | ||||||
|  |     $current_clean_url = isset($GLOBALS['conf']['clean_url']) ? $GLOBALS['conf']['clean_url'] : NULL; | ||||||
|  |     $GLOBALS['conf']['clean_url'] = 0; | ||||||
|  |     // Force the script path to 'index.php', in case the server is not | ||||||
|  |     // configured to find it automatically. Normally it is the responsibility | ||||||
|  |     // of the site to do this themselves using hook_url_outbound_alter() (see | ||||||
|  |     // url()) but since this code is forcing non-clean URLs on sites that don't | ||||||
|  |     // normally use them, it is done here instead. | ||||||
|  |     $element['#autocomplete_input']['#url_value'] = url($element['#autocomplete_path'], array('absolute' => TRUE, 'script' => 'index.php')); | ||||||
|  |     $GLOBALS['conf']['clean_url'] = $current_clean_url; | ||||||
|  |   } | ||||||
|  |   return $element; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Returns HTML for a textfield form element. |  * Returns HTML for a textfield form element. | ||||||
|  * |  * | ||||||
| @@ -3928,14 +4024,14 @@ function theme_textfield($variables) { | |||||||
|   _form_set_class($element, array('form-text')); |   _form_set_class($element, array('form-text')); | ||||||
|  |  | ||||||
|   $extra = ''; |   $extra = ''; | ||||||
|   if ($element['#autocomplete_path'] && drupal_valid_path($element['#autocomplete_path'])) { |   if ($element['#autocomplete_path'] && !empty($element['#autocomplete_input'])) { | ||||||
|     drupal_add_library('system', 'drupal.autocomplete'); |     drupal_add_library('system', 'drupal.autocomplete'); | ||||||
|     $element['#attributes']['class'][] = 'form-autocomplete'; |     $element['#attributes']['class'][] = 'form-autocomplete'; | ||||||
|  |  | ||||||
|     $attributes = array(); |     $attributes = array(); | ||||||
|     $attributes['type'] = 'hidden'; |     $attributes['type'] = 'hidden'; | ||||||
|     $attributes['id'] = $element['#attributes']['id'] . '-autocomplete'; |     $attributes['id'] = $element['#autocomplete_input']['#id']; | ||||||
|     $attributes['value'] = url($element['#autocomplete_path'], array('absolute' => TRUE)); |     $attributes['value'] = $element['#autocomplete_input']['#url_value']; | ||||||
|     $attributes['disabled'] = 'disabled'; |     $attributes['disabled'] = 'disabled'; | ||||||
|     $attributes['class'][] = 'autocomplete'; |     $attributes['class'][] = 'autocomplete'; | ||||||
|     $extra = '<input' . drupal_attributes($attributes) . ' />'; |     $extra = '<input' . drupal_attributes($attributes) . ' />'; | ||||||
| @@ -4031,9 +4127,17 @@ function form_process_weight($element) { | |||||||
|   $max_elements = variable_get('drupal_weight_select_max', DRUPAL_WEIGHT_SELECT_MAX); |   $max_elements = variable_get('drupal_weight_select_max', DRUPAL_WEIGHT_SELECT_MAX); | ||||||
|   if ($element['#delta'] <= $max_elements) { |   if ($element['#delta'] <= $max_elements) { | ||||||
|     $element['#type'] = 'select'; |     $element['#type'] = 'select'; | ||||||
|  |     $weights = array(); | ||||||
|     for ($n = (-1 * $element['#delta']); $n <= $element['#delta']; $n++) { |     for ($n = (-1 * $element['#delta']); $n <= $element['#delta']; $n++) { | ||||||
|       $weights[$n] = $n; |       $weights[$n] = $n; | ||||||
|     } |     } | ||||||
|  |     if (isset($element['#default_value'])) { | ||||||
|  |       $default_value = (int) $element['#default_value']; | ||||||
|  |       if (!isset($weights[$default_value])) { | ||||||
|  |         $weights[$default_value] = $default_value; | ||||||
|  |         ksort($weights); | ||||||
|  |       } | ||||||
|  |     } | ||||||
|     $element['#options'] = $weights; |     $element['#options'] = $weights; | ||||||
|     $element += element_info('select'); |     $element += element_info('select'); | ||||||
|   } |   } | ||||||
| @@ -4409,7 +4513,7 @@ function element_validate_number($element, &$form_state) { | |||||||
|  * |  * | ||||||
|  * Sample callback_batch_finished(): |  * Sample callback_batch_finished(): | ||||||
|  * @code |  * @code | ||||||
|  * function batch_test_finished($success, $results, $operations) { |  * function my_finished_callback($success, $results, $operations) { | ||||||
|  *   // The 'success' parameter means no fatal PHP errors were detected. All |  *   // The 'success' parameter means no fatal PHP errors were detected. All | ||||||
|  *   // other error management should be handled using 'results'. |  *   // other error management should be handled using 'results'. | ||||||
|  *   if ($success) { |  *   if ($success) { | ||||||
|   | |||||||
| @@ -362,7 +362,8 @@ function install_run_tasks(&$install_state) { | |||||||
|  * Runs an individual installation task. |  * Runs an individual installation task. | ||||||
|  * |  * | ||||||
|  * @param $task |  * @param $task | ||||||
|  *   An array of information about the task to be run. |  *   An array of information about the task to be run as returned by | ||||||
|  |  *   hook_install_tasks(). | ||||||
|  * @param $install_state |  * @param $install_state | ||||||
|  *   An array of information about the current installation state. This is |  *   An array of information about the current installation state. This is | ||||||
|  *   passed in by reference so that it can be modified by the task. |  *   passed in by reference so that it can be modified by the task. | ||||||
| @@ -478,11 +479,15 @@ function install_run_task($task, &$install_state) { | |||||||
|  * the page request evolves (for example, if an installation profile hasn't |  * the page request evolves (for example, if an installation profile hasn't | ||||||
|  * been selected yet, we don't yet know which profile tasks need to be run). |  * been selected yet, we don't yet know which profile tasks need to be run). | ||||||
|  * |  * | ||||||
|  |  * You can override this using hook_install_tasks() or | ||||||
|  |  * hook_install_tasks_alter(). | ||||||
|  |  * | ||||||
|  * @param $install_state |  * @param $install_state | ||||||
|  *   An array of information about the current installation state. |  *   An array of information about the current installation state. | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   A list of tasks to be performed, with associated metadata. |  *   A list of tasks to be performed, with associated metadata as returned by | ||||||
|  |  *   hook_install_tasks(). | ||||||
|  */ |  */ | ||||||
| function install_tasks_to_perform($install_state) { | function install_tasks_to_perform($install_state) { | ||||||
|   // Start with a list of all currently available tasks. |   // Start with a list of all currently available tasks. | ||||||
| @@ -804,6 +809,13 @@ function install_system_module(&$install_state) { | |||||||
|  |  | ||||||
|   variable_set('install_profile_modules', array_diff($modules, array('system'))); |   variable_set('install_profile_modules', array_diff($modules, array('system'))); | ||||||
|   $install_state['database_tables_exist'] = TRUE; |   $install_state['database_tables_exist'] = TRUE; | ||||||
|  |  | ||||||
|  |   // Prevent the hook_requirements() check from telling us to convert the | ||||||
|  |   // database to utf8mb4. | ||||||
|  |   $connection = Database::getConnection(); | ||||||
|  |   if ($connection->utf8mb4IsConfigurable() && $connection->utf8mb4IsActive()) { | ||||||
|  |     variable_set('drupal_all_databases_are_utf8mb4', TRUE); | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -1585,7 +1597,9 @@ function install_finished(&$install_state) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Batch callback for batch installation of modules. |  * Implements callback_batch_operation(). | ||||||
|  |  * | ||||||
|  |  * Performs batch installation of modules. | ||||||
|  */ |  */ | ||||||
| function _install_module_batch($module, $module_name, &$context) { | function _install_module_batch($module, $module_name, &$context) { | ||||||
|   // Install and enable the module right away, so that the module will be |   // Install and enable the module right away, so that the module will be | ||||||
| @@ -1598,6 +1612,8 @@ function _install_module_batch($module, $module_name, &$context) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  |  * Implements callback_batch_finished(). | ||||||
|  |  * | ||||||
|  * 'Finished' callback for module installation batch. |  * 'Finished' callback for module installation batch. | ||||||
|  */ |  */ | ||||||
| function _install_profile_modules_finished($success, $results, $operations) { | function _install_profile_modules_finished($success, $results, $operations) { | ||||||
|   | |||||||
| @@ -750,7 +750,7 @@ function drupal_install_system() { | |||||||
| /** | /** | ||||||
|  * Uninstalls a given list of disabled modules. |  * Uninstalls a given list of disabled modules. | ||||||
|  * |  * | ||||||
|  * @param array $module_list |  * @param string[] $module_list | ||||||
|  *   The modules to uninstall. It is the caller's responsibility to ensure that |  *   The modules to uninstall. It is the caller's responsibility to ensure that | ||||||
|  *   all modules in this list have already been disabled before this function |  *   all modules in this list have already been disabled before this function | ||||||
|  *   is called. |  *   is called. | ||||||
| @@ -769,6 +769,7 @@ function drupal_install_system() { | |||||||
|  *   included in $module_list). |  *   included in $module_list). | ||||||
|  * |  * | ||||||
|  * @see module_disable() |  * @see module_disable() | ||||||
|  |  * @see module_enable() | ||||||
|  */ |  */ | ||||||
| function drupal_uninstall_modules($module_list = array(), $uninstall_dependents = TRUE) { | function drupal_uninstall_modules($module_list = array(), $uninstall_dependents = TRUE) { | ||||||
|   if ($uninstall_dependents) { |   if ($uninstall_dependents) { | ||||||
| @@ -778,7 +779,7 @@ function drupal_uninstall_modules($module_list = array(), $uninstall_dependents | |||||||
|     $module_list = array_flip(array_values($module_list)); |     $module_list = array_flip(array_values($module_list)); | ||||||
|  |  | ||||||
|     $profile = drupal_get_profile(); |     $profile = drupal_get_profile(); | ||||||
|     while (list($module) = each($module_list)) { |     foreach (array_keys($module_list) as $module) { | ||||||
|       if (!isset($module_data[$module]) || drupal_get_installed_schema_version($module) == SCHEMA_UNINSTALLED) { |       if (!isset($module_data[$module]) || drupal_get_installed_schema_version($module) == SCHEMA_UNINSTALLED) { | ||||||
|         // This module doesn't exist or is already uninstalled. Skip it. |         // This module doesn't exist or is already uninstalled. Skip it. | ||||||
|         unset($module_list[$module]); |         unset($module_list[$module]); | ||||||
|   | |||||||
| @@ -435,6 +435,13 @@ function locale_language_url_rewrite_url(&$path, &$options) { | |||||||
|     switch (variable_get('locale_language_negotiation_url_part', LOCALE_LANGUAGE_NEGOTIATION_URL_PREFIX)) { |     switch (variable_get('locale_language_negotiation_url_part', LOCALE_LANGUAGE_NEGOTIATION_URL_PREFIX)) { | ||||||
|       case LOCALE_LANGUAGE_NEGOTIATION_URL_DOMAIN: |       case LOCALE_LANGUAGE_NEGOTIATION_URL_DOMAIN: | ||||||
|         if ($options['language']->domain) { |         if ($options['language']->domain) { | ||||||
|  |           // Save the original base URL. If it contains a port, we need to | ||||||
|  |           // retain it below. | ||||||
|  |           if (!empty($options['base_url'])) { | ||||||
|  |             // The colon in the URL scheme messes up the port checking below. | ||||||
|  |             $normalized_base_url = str_replace(array('https://', 'http://'), '', $options['base_url']); | ||||||
|  |           } | ||||||
|  |  | ||||||
|           // Ask for an absolute URL with our modified base_url. |           // Ask for an absolute URL with our modified base_url. | ||||||
|           global $is_https; |           global $is_https; | ||||||
|           $url_scheme = ($is_https) ? 'https://' : 'http://'; |           $url_scheme = ($is_https) ? 'https://' : 'http://'; | ||||||
| @@ -449,6 +456,19 @@ function locale_language_url_rewrite_url(&$path, &$options) { | |||||||
|  |  | ||||||
|           // Apply the appropriate protocol to the URL. |           // Apply the appropriate protocol to the URL. | ||||||
|           $options['base_url'] = $url_scheme . $host; |           $options['base_url'] = $url_scheme . $host; | ||||||
|  |  | ||||||
|  |           // In case either the original base URL or the HTTP host contains a | ||||||
|  |           // port, retain it. | ||||||
|  |           $http_host = $_SERVER['HTTP_HOST']; | ||||||
|  |           if (isset($normalized_base_url) && strpos($normalized_base_url, ':') !== FALSE) { | ||||||
|  |             list($host, $port) = explode(':', $normalized_base_url); | ||||||
|  |             $options['base_url'] .= ':' . $port; | ||||||
|  |           } | ||||||
|  |           elseif (strpos($http_host, ':') !== FALSE) { | ||||||
|  |             list($host, $port) = explode(':', $http_host); | ||||||
|  |             $options['base_url'] .= ':' . $port; | ||||||
|  |           } | ||||||
|  |  | ||||||
|           if (isset($options['https']) && variable_get('https', FALSE)) { |           if (isset($options['https']) && variable_get('https', FALSE)) { | ||||||
|             if ($options['https'] === TRUE) { |             if ($options['https'] === TRUE) { | ||||||
|               $options['base_url'] = str_replace('http://', 'https://', $options['base_url']); |               $options['base_url'] = str_replace('http://', 'https://', $options['base_url']); | ||||||
| @@ -523,6 +543,22 @@ function locale_language_url_rewrite_session(&$path, &$options) { | |||||||
|  * possible attack vector (img). |  * possible attack vector (img). | ||||||
|  */ |  */ | ||||||
| function locale_string_is_safe($string) { | function locale_string_is_safe($string) { | ||||||
|  |   // Some strings have tokens in them. For tokens in the first part of href or | ||||||
|  |   // src HTML attributes, filter_xss() removes part of the token, the part | ||||||
|  |   // before the first colon.  filter_xss() assumes it could be an attempt to | ||||||
|  |   // inject javascript. When filter_xss() removes part of tokens, it causes the | ||||||
|  |   // string to not be translatable when it should be translatable. See | ||||||
|  |   // LocaleStringIsSafeTest::testLocaleStringIsSafe(). | ||||||
|  |   // | ||||||
|  |   // We can recognize tokens since they are wrapped with brackets and are only | ||||||
|  |   // composed of alphanumeric characters, colon, underscore, and dashes. We can | ||||||
|  |   // be sure these strings are safe to strip out before the string is checked in | ||||||
|  |   // filter_xss() because no dangerous javascript will match that pattern. | ||||||
|  |   // | ||||||
|  |   // @todo Do not strip out the token. Fix filter_xss() to not incorrectly | ||||||
|  |   //   alter the string. https://www.drupal.org/node/2372127 | ||||||
|  |   $string = preg_replace('/\[[a-z0-9_-]+(:[a-z0-9_-]+)+\]/i', '', $string); | ||||||
|  |  | ||||||
|   return decode_entities($string) == decode_entities(filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'))); |   return decode_entities($string) == decode_entities(filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'))); | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -631,9 +667,6 @@ function locale_add_language($langcode, $name = NULL, $native = NULL, $direction | |||||||
|  *   translations). |  *   translations). | ||||||
|  */ |  */ | ||||||
| function _locale_import_po($file, $langcode, $mode, $group = NULL) { | function _locale_import_po($file, $langcode, $mode, $group = NULL) { | ||||||
|   // Try to allocate enough time to parse and import the data. |  | ||||||
|   drupal_set_time_limit(240); |  | ||||||
|  |  | ||||||
|   // Check if we have the language already in the database. |   // Check if we have the language already in the database. | ||||||
|   if (!db_query("SELECT COUNT(language) FROM {languages} WHERE language = :language", array(':language' => $langcode))->fetchField()) { |   if (!db_query("SELECT COUNT(language) FROM {languages} WHERE language = :language", array(':language' => $langcode))->fetchField()) { | ||||||
|     drupal_set_message(t('The language selected for import is not supported.'), 'error'); |     drupal_set_message(t('The language selected for import is not supported.'), 'error'); | ||||||
| @@ -717,6 +750,12 @@ function _locale_import_read_po($op, $file, $mode = NULL, $lang = NULL, $group = | |||||||
|   $lineno = 0; |   $lineno = 0; | ||||||
|  |  | ||||||
|   while (!feof($fd)) { |   while (!feof($fd)) { | ||||||
|  |     // Refresh the time limit every 10 parsed rows to ensure there is always | ||||||
|  |     // enough time to import the data for large PO files. | ||||||
|  |     if (!($lineno % 10)) { | ||||||
|  |       drupal_set_time_limit(30); | ||||||
|  |     } | ||||||
|  |  | ||||||
|     // A line should not be longer than 10 * 1024. |     // A line should not be longer than 10 * 1024. | ||||||
|     $line = fgets($fd, 10 * 1024); |     $line = fgets($fd, 10 * 1024); | ||||||
|  |  | ||||||
| @@ -2306,6 +2345,8 @@ function _locale_batch_build($files, $finished = NULL, $components = array()) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  |  * Implements callback_batch_operation(). | ||||||
|  |  * | ||||||
|  * Perform interface translation import as a batch step. |  * Perform interface translation import as a batch step. | ||||||
|  * |  * | ||||||
|  * @param $filepath |  * @param $filepath | ||||||
| @@ -2324,6 +2365,8 @@ function _locale_batch_import($filepath, &$context) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  |  * Implements callback_batch_finished(). | ||||||
|  |  * | ||||||
|  * Finished callback of system page locale import batch. |  * Finished callback of system page locale import batch. | ||||||
|  * Inform the user of translation files imported. |  * Inform the user of translation files imported. | ||||||
|  */ |  */ | ||||||
| @@ -2334,6 +2377,8 @@ function _locale_batch_system_finished($success, $results) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  |  * Implements callback_batch_finished(). | ||||||
|  |  * | ||||||
|  * Finished callback of language addition locale import batch. |  * Finished callback of language addition locale import batch. | ||||||
|  * Inform the user of translation files imported. |  * Inform the user of translation files imported. | ||||||
|  */ |  */ | ||||||
|   | |||||||
| @@ -12,6 +12,12 @@ | |||||||
|  */ |  */ | ||||||
| define('MAIL_LINE_ENDINGS', isset($_SERVER['WINDIR']) || (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) ? "\r\n" : "\n"); | define('MAIL_LINE_ENDINGS', isset($_SERVER['WINDIR']) || (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) ? "\r\n" : "\n"); | ||||||
|  |  | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Special characters, defined in RFC_2822. | ||||||
|  |  */ | ||||||
|  | define('MAIL_RFC_2822_SPECIALS', '()<>[]:;@\,."'); | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Composes and optionally sends an e-mail message. |  * Composes and optionally sends an e-mail message. | ||||||
|  * |  * | ||||||
| @@ -148,8 +154,13 @@ function drupal_mail($module, $key, $to, $language, $params = array(), $from = N | |||||||
|     // Return-Path headers should have a domain authorized to use the originating |     // Return-Path headers should have a domain authorized to use the originating | ||||||
|     // SMTP server. |     // SMTP server. | ||||||
|     $headers['From'] = $headers['Sender'] = $headers['Return-Path'] = $default_from; |     $headers['From'] = $headers['Sender'] = $headers['Return-Path'] = $default_from; | ||||||
|  |  | ||||||
|  |     if (variable_get('mail_display_name_site_name', FALSE)) { | ||||||
|  |       $display_name = variable_get('site_name', 'Drupal'); | ||||||
|  |       $headers['From'] = drupal_mail_format_display_name($display_name) . ' <' . $default_from . '>'; | ||||||
|     } |     } | ||||||
|   if ($from) { |   } | ||||||
|  |   if ($from && $from != $default_from) { | ||||||
|     $headers['From'] = $from; |     $headers['From'] = $from; | ||||||
|   } |   } | ||||||
|   $message['headers'] = $headers; |   $message['headers'] = $headers; | ||||||
| @@ -557,16 +568,65 @@ function drupal_html_to_text($string, $allowed_tags = NULL) { | |||||||
|   return $output . $footnotes; |   return $output . $footnotes; | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Return a RFC-2822 compliant "display-name" component. | ||||||
|  |  * | ||||||
|  |  * The "display-name" component is used in mail header "Originator" fields | ||||||
|  |  * (From, Sender, Reply-to) to give a human-friendly description of the | ||||||
|  |  * address, i.e. From: My Display Name <xyz@example.org>. RFC-822 and | ||||||
|  |  * RFC-2822 define its syntax and rules. This method gets as input a string | ||||||
|  |  * to be used as "display-name" and formats it to be RFC compliant. | ||||||
|  |  * | ||||||
|  |  * @param string $string | ||||||
|  |  *   A string to be used as "display-name". | ||||||
|  |  * | ||||||
|  |  * @return string | ||||||
|  |  *   A RFC compliant version of the string, ready to be used as | ||||||
|  |  *   "display-name" in mail originator header fields. | ||||||
|  |  */ | ||||||
|  | function drupal_mail_format_display_name($string) { | ||||||
|  |   // Make sure we don't process html-encoded characters. They may create | ||||||
|  |   // unneeded trouble if left encoded, besides they will be correctly | ||||||
|  |   // processed if decoded. | ||||||
|  |   $string = decode_entities($string); | ||||||
|  |  | ||||||
|  |   // If string contains non-ASCII characters it must be (short) encoded | ||||||
|  |   // according to RFC-2047. The output of a "B" (Base64) encoded-word is | ||||||
|  |   // always safe to be used as display-name. | ||||||
|  |   $safe_display_name = mime_header_encode($string, TRUE); | ||||||
|  |  | ||||||
|  |   // Encoded-words are always safe to be used as display-name because don't | ||||||
|  |   // contain any RFC 2822 "specials" characters. However | ||||||
|  |   // mimeHeaderEncode() encodes a string only if it contains any | ||||||
|  |   // non-ASCII characters, and leaves its value untouched (un-encoded) if | ||||||
|  |   // ASCII only. For this reason in order to produce a valid display-name we | ||||||
|  |   // still need to make sure there are no "specials" characters left. | ||||||
|  |   if (preg_match('/[' . preg_quote(MAIL_RFC_2822_SPECIALS) . ']/', $safe_display_name)) { | ||||||
|  |  | ||||||
|  |     // If string is already quoted, it may or may not be escaped properly, so | ||||||
|  |     // don't trust it and reset. | ||||||
|  |     if (preg_match('/^"(.+)"$/', $safe_display_name, $matches)) { | ||||||
|  |       $safe_display_name = str_replace(array('\\\\', '\\"'), array('\\', '"'), $matches[1]); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     // Transform the string in a RFC-2822 "quoted-string" by wrapping it in | ||||||
|  |     // double-quotes. Also make sure '"' and '\' occurrences are escaped. | ||||||
|  |     $safe_display_name = '"' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $safe_display_name) . '"'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   return $safe_display_name; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Wraps words on a single line. |  * Wraps words on a single line. | ||||||
|  * |  * | ||||||
|  * Callback for array_walk() winthin drupal_wrap_mail(). |  * Callback for array_walk() within drupal_wrap_mail(). | ||||||
|  */ |  */ | ||||||
| function _drupal_wrap_mail_line(&$line, $key, $values) { | function _drupal_wrap_mail_line(&$line, $key, $values) { | ||||||
|   // Use soft-breaks only for purely quoted or unindented text. |   // Use soft-breaks only for purely quoted or unindented text. | ||||||
|   $line = wordwrap($line, 77 - $values['length'], $values['soft'] ? " \n" : "\n"); |   $line = wordwrap($line, 77 - $values['length'], $values['soft'] ? " \n" : "\n"); | ||||||
|   // Break really long words at the maximum width allowed. |   // Break really long words at the maximum width allowed. | ||||||
|   $line = wordwrap($line, 996 - $values['length'], $values['soft'] ? " \n" : "\n"); |   $line = wordwrap($line, 996 - $values['length'], $values['soft'] ? " \n" : "\n", TRUE); | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|   | |||||||
| @@ -229,12 +229,20 @@ define('MENU_CONTEXT_INLINE', 0x0002); | |||||||
| define('MENU_FOUND', 1); | define('MENU_FOUND', 1); | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Internal menu status code -- Menu item was not found. |  * Menu status code -- Not found. | ||||||
|  |  * | ||||||
|  |  * This can be used as the return value from a page callback, although it is | ||||||
|  |  * preferable to use a load function to accomplish this; see the hook_menu() | ||||||
|  |  * documentation for details. | ||||||
|  */ |  */ | ||||||
| define('MENU_NOT_FOUND', 2); | define('MENU_NOT_FOUND', 2); | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Internal menu status code -- Menu item access is denied. |  * Menu status code -- Access denied. | ||||||
|  |  * | ||||||
|  |  * This can be used as the return value from a page callback, although it is | ||||||
|  |  * preferable to use an access callback to accomplish this; see the hook_menu() | ||||||
|  |  * documentation for details. | ||||||
|  */ |  */ | ||||||
| define('MENU_ACCESS_DENIED', 3); | define('MENU_ACCESS_DENIED', 3); | ||||||
|  |  | ||||||
| @@ -431,7 +439,7 @@ function menu_set_item($path, $router_item) { | |||||||
|  * |  * | ||||||
|  * @param $path |  * @param $path | ||||||
|  *   The path; for example, 'node/5'. The function will find the corresponding |  *   The path; for example, 'node/5'. The function will find the corresponding | ||||||
|  *   node/% item and return that. |  *   node/% item and return that. Defaults to the current path. | ||||||
|  * @param $router_item |  * @param $router_item | ||||||
|  *   Internal use only. |  *   Internal use only. | ||||||
|  * |  * | ||||||
| @@ -568,7 +576,8 @@ function _menu_load_objects(&$item, &$map) { | |||||||
|           // 'load arguments' in the hook_menu() entry, but they need |           // 'load arguments' in the hook_menu() entry, but they need | ||||||
|           // some processing. In this case the $function is the key to the |           // some processing. In this case the $function is the key to the | ||||||
|           // load_function array, and the value is the list of arguments. |           // load_function array, and the value is the list of arguments. | ||||||
|           list($function, $args) = each($function); |           $args = current($function); | ||||||
|  |           $function = key($function); | ||||||
|           $load_functions[$index] = $function; |           $load_functions[$index] = $function; | ||||||
|  |  | ||||||
|           // Some arguments are placeholders for dynamic items to process. |           // Some arguments are placeholders for dynamic items to process. | ||||||
| @@ -1058,7 +1067,7 @@ function menu_tree_output($tree) { | |||||||
|     // the active class accordingly. But local tasks do not appear in menu |     // the active class accordingly. But local tasks do not appear in menu | ||||||
|     // trees, so if the current path is a local task, and this link is its |     // trees, so if the current path is a local task, and this link is its | ||||||
|     // tab root, then we have to set the class manually. |     // tab root, then we have to set the class manually. | ||||||
|     if ($data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) { |     if ($router_item && $data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) { | ||||||
|       $data['link']['localized_options']['attributes']['class'][] = 'active'; |       $data['link']['localized_options']['attributes']['class'][] = 'active'; | ||||||
|     } |     } | ||||||
|  |  | ||||||
| @@ -1487,7 +1496,7 @@ function menu_tree_collect_node_links(&$tree, &$node_links) { | |||||||
|  *   menu_tree_collect_node_links(). |  *   menu_tree_collect_node_links(). | ||||||
|  */ |  */ | ||||||
| function menu_tree_check_access(&$tree, $node_links = array()) { | function menu_tree_check_access(&$tree, $node_links = array()) { | ||||||
|   if ($node_links) { |   if ($node_links && (user_access('access content') || user_access('bypass node access'))) { | ||||||
|     $nids = array_keys($node_links); |     $nids = array_keys($node_links); | ||||||
|     $select = db_select('node', 'n'); |     $select = db_select('node', 'n'); | ||||||
|     $select->addField('n', 'nid'); |     $select->addField('n', 'nid'); | ||||||
| @@ -1598,6 +1607,7 @@ function _menu_tree_data(&$links, $parents, $depth) { | |||||||
|  * Implements template_preprocess_HOOK() for theme_menu_tree(). |  * Implements template_preprocess_HOOK() for theme_menu_tree(). | ||||||
|  */ |  */ | ||||||
| function template_preprocess_menu_tree(&$variables) { | function template_preprocess_menu_tree(&$variables) { | ||||||
|  |   $variables['#tree'] = $variables['tree']; | ||||||
|   $variables['tree'] = $variables['tree']['#children']; |   $variables['tree'] = $variables['tree']['#children']; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -2393,7 +2403,8 @@ function menu_set_active_trail($new_trail = NULL) { | |||||||
|       // a stripped down menu tree containing the active trail only, in case |       // a stripped down menu tree containing the active trail only, in case | ||||||
|       // the given menu has not been built in this request yet. |       // the given menu has not been built in this request yet. | ||||||
|       $tree = menu_tree_page_data($preferred_link['menu_name'], NULL, TRUE); |       $tree = menu_tree_page_data($preferred_link['menu_name'], NULL, TRUE); | ||||||
|       list($key, $curr) = each($tree); |       $curr = current($tree); | ||||||
|  |       next($tree); | ||||||
|     } |     } | ||||||
|     // There is no link for the current path. |     // There is no link for the current path. | ||||||
|     else { |     else { | ||||||
| @@ -2411,7 +2422,7 @@ function menu_set_active_trail($new_trail = NULL) { | |||||||
|           // argument placeholders (%). Such links are not contained in regular |           // argument placeholders (%). Such links are not contained in regular | ||||||
|           // menu trees, and have only been loaded for the additional |           // menu trees, and have only been loaded for the additional | ||||||
|           // translation that happens here, so as to be able to display them in |           // translation that happens here, so as to be able to display them in | ||||||
|           // the breadcumb for the current page. |           // the breadcrumb for the current page. | ||||||
|           // @see _menu_tree_check_access() |           // @see _menu_tree_check_access() | ||||||
|           // @see _menu_link_translate() |           // @see _menu_link_translate() | ||||||
|           if (strpos($link['href'], '%') !== FALSE) { |           if (strpos($link['href'], '%') !== FALSE) { | ||||||
| @@ -2423,7 +2434,8 @@ function menu_set_active_trail($new_trail = NULL) { | |||||||
|         } |         } | ||||||
|         $tree = $curr['below'] ? $curr['below'] : array(); |         $tree = $curr['below'] ? $curr['below'] : array(); | ||||||
|       } |       } | ||||||
|       list($key, $curr) = each($tree); |       $curr = current($tree); | ||||||
|  |       next($tree); | ||||||
|     } |     } | ||||||
|     // Make sure the current page is in the trail to build the page title, by |     // Make sure the current page is in the trail to build the page title, by | ||||||
|     // appending either the preferred link or the menu router item for the |     // appending either the preferred link or the menu router item for the | ||||||
| @@ -2471,6 +2483,9 @@ function menu_link_get_preferred($path = NULL, $selected_menu = NULL) { | |||||||
|     // untranslated paths). Afterwards, the most relevant path is picked from |     // untranslated paths). Afterwards, the most relevant path is picked from | ||||||
|     // the menus, ordered by menu preference. |     // the menus, ordered by menu preference. | ||||||
|     $item = menu_get_item($path); |     $item = menu_get_item($path); | ||||||
|  |     if ($item === FALSE) { | ||||||
|  |       return FALSE; | ||||||
|  |     } | ||||||
|     $path_candidates = array(); |     $path_candidates = array(); | ||||||
|     // 1. The current item href. |     // 1. The current item href. | ||||||
|     $path_candidates[$item['href']] = $item['href']; |     $path_candidates[$item['href']] = $item['href']; | ||||||
| @@ -2580,7 +2595,7 @@ function menu_get_active_breadcrumb() { | |||||||
|  |  | ||||||
|     // Don't show a link to the current page in the breadcrumb trail. |     // Don't show a link to the current page in the breadcrumb trail. | ||||||
|     $end = end($active_trail); |     $end = end($active_trail); | ||||||
|     if ($item['href'] == $end['href']) { |     if (is_array($end) && $item['href'] == $end['href']) { | ||||||
|       array_pop($active_trail); |       array_pop($active_trail); | ||||||
|     } |     } | ||||||
|  |  | ||||||
| @@ -2613,12 +2628,32 @@ function menu_get_active_breadcrumb() { | |||||||
|  */ |  */ | ||||||
| function menu_get_active_title() { | function menu_get_active_title() { | ||||||
|   $active_trail = menu_get_active_trail(); |   $active_trail = menu_get_active_trail(); | ||||||
|  |   $local_task_title = NULL; | ||||||
|  |  | ||||||
|   foreach (array_reverse($active_trail) as $item) { |   foreach (array_reverse($active_trail) as $item) { | ||||||
|     if (!(bool) ($item['type'] & MENU_IS_LOCAL_TASK)) { |     // Local task titles are displayed as tabs and therefore should not be | ||||||
|  |     // repeated as the page title. However, if the local task appears in a | ||||||
|  |     // top-level menu, it is no longer a "local task" anymore (the front page | ||||||
|  |     // of the site does not have tabs) so it is better to use the local task | ||||||
|  |     // title in that case than to fall back on the front page link in the | ||||||
|  |     // active trail (which is usually "Home" and would not make sense in this | ||||||
|  |     // context). | ||||||
|  |     if ((bool) ($item['type'] & MENU_IS_LOCAL_TASK)) { | ||||||
|  |       // A local task title is being skipped; track it in case it needs to be | ||||||
|  |       // used later. | ||||||
|  |       $local_task_title = $item['title']; | ||||||
|  |     } | ||||||
|  |     else { | ||||||
|  |       // This is not a local task, so use it for the page title (unless the | ||||||
|  |       // conditions described above are met). | ||||||
|  |       if (isset($local_task_title) && isset($item['href']) && $item['href'] == '<front>') { | ||||||
|  |         return $local_task_title; | ||||||
|  |       } | ||||||
|  |       else { | ||||||
|         return $item['title']; |         return $item['title']; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -2654,7 +2689,7 @@ function menu_link_load($mlid) { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Clears the cached cached data for a single named menu. |  * Clears the cached data for a single named menu. | ||||||
|  */ |  */ | ||||||
| function menu_cache_clear($menu_name = 'navigation') { | function menu_cache_clear($menu_name = 'navigation') { | ||||||
|   $cache_cleared = &drupal_static(__FUNCTION__, array()); |   $cache_cleared = &drupal_static(__FUNCTION__, array()); | ||||||
|   | |||||||
| @@ -227,6 +227,10 @@ function system_list_reset() { | |||||||
|   drupal_static_reset('list_themes'); |   drupal_static_reset('list_themes'); | ||||||
|   cache_clear_all('bootstrap_modules', 'cache_bootstrap'); |   cache_clear_all('bootstrap_modules', 'cache_bootstrap'); | ||||||
|   cache_clear_all('system_list', 'cache_bootstrap'); |   cache_clear_all('system_list', 'cache_bootstrap'); | ||||||
|  |  | ||||||
|  |   // Clean up the bootstrap file scan cache. | ||||||
|  |   drupal_static_reset('_drupal_file_scan_cache'); | ||||||
|  |   cache_clear_all('_drupal_file_scan_cache', 'cache_bootstrap'); | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -320,16 +324,27 @@ function module_load_install($module) { | |||||||
|  *   The name of the included file, if successful; FALSE otherwise. |  *   The name of the included file, if successful; FALSE otherwise. | ||||||
|  */ |  */ | ||||||
| function module_load_include($type, $module, $name = NULL) { | function module_load_include($type, $module, $name = NULL) { | ||||||
|  |   static $files = array(); | ||||||
|  |  | ||||||
|   if (!isset($name)) { |   if (!isset($name)) { | ||||||
|     $name = $module; |     $name = $module; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   $key = $type . ':' . $module . ':' . $name; | ||||||
|  |   if (isset($files[$key])) { | ||||||
|  |     return $files[$key]; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   if (function_exists('drupal_get_path')) { |   if (function_exists('drupal_get_path')) { | ||||||
|     $file = DRUPAL_ROOT . '/' . drupal_get_path('module', $module) . "/$name.$type"; |     $file = DRUPAL_ROOT . '/' . drupal_get_path('module', $module) . "/$name.$type"; | ||||||
|     if (is_file($file)) { |     if (is_file($file)) { | ||||||
|       require_once $file; |       require_once $file; | ||||||
|  |       $files[$key] = $file; | ||||||
|       return $file; |       return $file; | ||||||
|     } |     } | ||||||
|  |     else { | ||||||
|  |       $files[$key] = FALSE; | ||||||
|  |     } | ||||||
|   } |   } | ||||||
|   return FALSE; |   return FALSE; | ||||||
| } | } | ||||||
| @@ -365,20 +380,22 @@ function module_load_all_includes($type, $name = NULL) { | |||||||
|  * - Invoke hook_modules_installed(). |  * - Invoke hook_modules_installed(). | ||||||
|  * - Invoke hook_modules_enabled(). |  * - Invoke hook_modules_enabled(). | ||||||
|  * |  * | ||||||
|  * @param $module_list |  * @param string[] $module_list | ||||||
|  *   An array of module names. |  *   An array of module names. | ||||||
|  * @param $enable_dependencies |  * @param bool $enable_dependencies | ||||||
|  *   If TRUE, dependencies will automatically be added and enabled in the |  *   If TRUE, dependencies will automatically be added and enabled in the | ||||||
|  *   correct order. This incurs a significant performance cost, so use FALSE |  *   correct order. This incurs a significant performance cost, so use FALSE | ||||||
|  *   if you know $module_list is already complete and in the correct order. |  *   if you know $module_list is already complete and in the correct order. | ||||||
|  * |  * | ||||||
|  * @return |  * @return bool | ||||||
|  *   FALSE if one or more dependencies are missing, TRUE otherwise. |  *   FALSE if one or more dependencies are missing, TRUE otherwise. | ||||||
|  * |  * | ||||||
|  * @see hook_install() |  * @see hook_install() | ||||||
|  * @see hook_enable() |  * @see hook_enable() | ||||||
|  * @see hook_modules_installed() |  * @see hook_modules_installed() | ||||||
|  * @see hook_modules_enabled() |  * @see hook_modules_enabled() | ||||||
|  |  * @see module_disable() | ||||||
|  |  * @see drupal_uninstall_modules() | ||||||
|  */ |  */ | ||||||
| function module_enable($module_list, $enable_dependencies = TRUE) { | function module_enable($module_list, $enable_dependencies = TRUE) { | ||||||
|   if ($enable_dependencies) { |   if ($enable_dependencies) { | ||||||
| @@ -387,7 +404,11 @@ function module_enable($module_list, $enable_dependencies = TRUE) { | |||||||
|     // Create an associative array with weights as values. |     // Create an associative array with weights as values. | ||||||
|     $module_list = array_flip(array_values($module_list)); |     $module_list = array_flip(array_values($module_list)); | ||||||
|  |  | ||||||
|     while (list($module) = each($module_list)) { |     // The array is iterated over manually (instead of using a foreach) because | ||||||
|  |     // modules may be added to the list within the loop and we need to process | ||||||
|  |     // them. | ||||||
|  |     while ($module = key($module_list)) { | ||||||
|  |       next($module_list); | ||||||
|       if (!isset($module_data[$module])) { |       if (!isset($module_data[$module])) { | ||||||
|         // This module is not found in the filesystem, abort. |         // This module is not found in the filesystem, abort. | ||||||
|         return FALSE; |         return FALSE; | ||||||
| @@ -505,12 +526,15 @@ function module_enable($module_list, $enable_dependencies = TRUE) { | |||||||
| /** | /** | ||||||
|  * Disables a given set of modules. |  * Disables a given set of modules. | ||||||
|  * |  * | ||||||
|  * @param $module_list |  * @param string[] $module_list | ||||||
|  *   An array of module names. |  *   An array of module names. | ||||||
|  * @param $disable_dependents |  * @param bool $disable_dependents | ||||||
|  *   If TRUE, dependent modules will automatically be added and disabled in the |  *   If TRUE, dependent modules will automatically be added and disabled in the | ||||||
|  *   correct order. This incurs a significant performance cost, so use FALSE |  *   correct order. This incurs a significant performance cost, so use FALSE | ||||||
|  *   if you know $module_list is already complete and in the correct order. |  *   if you know $module_list is already complete and in the correct order. | ||||||
|  |  * | ||||||
|  |  * @see drupal_uninstall_modules() | ||||||
|  |  * @see module_enable() | ||||||
|  */ |  */ | ||||||
| function module_disable($module_list, $disable_dependents = TRUE) { | function module_disable($module_list, $disable_dependents = TRUE) { | ||||||
|   if ($disable_dependents) { |   if ($disable_dependents) { | ||||||
| @@ -520,7 +544,11 @@ function module_disable($module_list, $disable_dependents = TRUE) { | |||||||
|     $module_list = array_flip(array_values($module_list)); |     $module_list = array_flip(array_values($module_list)); | ||||||
|  |  | ||||||
|     $profile = drupal_get_profile(); |     $profile = drupal_get_profile(); | ||||||
|     while (list($module) = each($module_list)) { |     // The array is iterated over manually (instead of using a foreach) because | ||||||
|  |     // modules may be added to the list within the loop and we need to process | ||||||
|  |     // them. | ||||||
|  |     while ($module = key($module_list)) { | ||||||
|  |       next($module_list); | ||||||
|       if (!isset($module_data[$module]) || !$module_data[$module]->status) { |       if (!isset($module_data[$module]) || !$module_data[$module]->status) { | ||||||
|         // This module doesn't exist or is already disabled, skip it. |         // This module doesn't exist or is already disabled, skip it. | ||||||
|         unset($module_list[$module]); |         unset($module_list[$module]); | ||||||
| @@ -676,12 +704,16 @@ function module_hook($module, $hook) { | |||||||
| /** | /** | ||||||
|  * Determines which modules are implementing a hook. |  * Determines which modules are implementing a hook. | ||||||
|  * |  * | ||||||
|  * @param $hook |  * Lazy-loaded include files specified with "group" via hook_hook_info() or | ||||||
|  |  * hook_module_implements_alter() will be automatically included by this | ||||||
|  |  * function when necessary. | ||||||
|  |  * | ||||||
|  |  * @param string $hook | ||||||
|  *   The name of the hook (e.g. "help" or "menu"). |  *   The name of the hook (e.g. "help" or "menu"). | ||||||
|  * @param $sort |  * @param bool $sort | ||||||
|  *   By default, modules are ordered by weight and filename, settings this option |  *   By default, modules are ordered by weight and filename, settings this option | ||||||
|  *   to TRUE, module list will be ordered by module name. |  *   to TRUE, module list will be ordered by module name. | ||||||
|  * @param $reset |  * @param bool $reset | ||||||
|  *   For internal use only: Whether to force the stored list of hook |  *   For internal use only: Whether to force the stored list of hook | ||||||
|  *   implementations to be regenerated (such as after enabling a new module, |  *   implementations to be regenerated (such as after enabling a new module, | ||||||
|  *   before processing hook_enable). |  *   before processing hook_enable). | ||||||
| @@ -696,8 +728,10 @@ function module_implements($hook, $sort = FALSE, $reset = FALSE) { | |||||||
|   static $drupal_static_fast; |   static $drupal_static_fast; | ||||||
|   if (!isset($drupal_static_fast)) { |   if (!isset($drupal_static_fast)) { | ||||||
|     $drupal_static_fast['implementations'] = &drupal_static(__FUNCTION__); |     $drupal_static_fast['implementations'] = &drupal_static(__FUNCTION__); | ||||||
|  |     $drupal_static_fast['verified'] = &drupal_static(__FUNCTION__ . ':verified'); | ||||||
|   } |   } | ||||||
|   $implementations = &$drupal_static_fast['implementations']; |   $implementations = &$drupal_static_fast['implementations']; | ||||||
|  |   $verified = &$drupal_static_fast['verified']; | ||||||
|  |  | ||||||
|   // We maintain a persistent cache of hook implementations in addition to the |   // We maintain a persistent cache of hook implementations in addition to the | ||||||
|   // static cache to avoid looping through every module and every hook on each |   // static cache to avoid looping through every module and every hook on each | ||||||
| @@ -711,14 +745,19 @@ function module_implements($hook, $sort = FALSE, $reset = FALSE) { | |||||||
|   // per request. |   // per request. | ||||||
|   if ($reset) { |   if ($reset) { | ||||||
|     $implementations = array(); |     $implementations = array(); | ||||||
|  |     $verified = array(); | ||||||
|     cache_set('module_implements', array(), 'cache_bootstrap'); |     cache_set('module_implements', array(), 'cache_bootstrap'); | ||||||
|     drupal_static_reset('module_hook_info'); |     drupal_static_reset('module_hook_info'); | ||||||
|     drupal_static_reset('drupal_alter'); |     drupal_static_reset('drupal_alter'); | ||||||
|     cache_clear_all('hook_info', 'cache_bootstrap'); |     cache_clear_all('hook_info', 'cache_bootstrap'); | ||||||
|  |     cache_clear_all('system_cache_tables', 'cache'); | ||||||
|     return; |     return; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Fetch implementations from cache. |   // Fetch implementations from cache. | ||||||
|  |   // This happens on the first call to module_implements(*, *, FALSE) during a | ||||||
|  |   // request, but also when $implementations have been reset, e.g. after | ||||||
|  |   // module_enable(). | ||||||
|   if (empty($implementations)) { |   if (empty($implementations)) { | ||||||
|     $implementations = cache_get('module_implements', 'cache_bootstrap'); |     $implementations = cache_get('module_implements', 'cache_bootstrap'); | ||||||
|     if ($implementations === FALSE) { |     if ($implementations === FALSE) { | ||||||
| @@ -727,12 +766,17 @@ function module_implements($hook, $sort = FALSE, $reset = FALSE) { | |||||||
|     else { |     else { | ||||||
|       $implementations = $implementations->data; |       $implementations = $implementations->data; | ||||||
|     } |     } | ||||||
|  |     // Forget all previously "verified" hooks, in case that $implementations | ||||||
|  |     // were cleared via drupal_static_reset('module_implements') instead of | ||||||
|  |     // module_implements(*, *, TRUE). | ||||||
|  |     $verified = array(); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (!isset($implementations[$hook])) { |   if (!isset($implementations[$hook])) { | ||||||
|     // The hook is not cached, so ensure that whether or not it has |     // The hook is not cached, so ensure that whether or not it has | ||||||
|     // implementations, that the cache is updated at the end of the request. |     // implementations, that the cache is updated at the end of the request. | ||||||
|     $implementations['#write_cache'] = TRUE; |     $implementations['#write_cache'] = TRUE; | ||||||
|  |     // Discover implementations for this hook. | ||||||
|     $hook_info = module_hook_info(); |     $hook_info = module_hook_info(); | ||||||
|     $implementations[$hook] = array(); |     $implementations[$hook] = array(); | ||||||
|     $list = module_list(FALSE, FALSE, $sort); |     $list = module_list(FALSE, FALSE, $sort); | ||||||
| @@ -744,13 +788,31 @@ function module_implements($hook, $sort = FALSE, $reset = FALSE) { | |||||||
|         $implementations[$hook][$module] = $include_file ? $hook_info[$hook]['group'] : FALSE; |         $implementations[$hook][$module] = $include_file ? $hook_info[$hook]['group'] : FALSE; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     // Allow modules to change the weight of specific implementations but avoid |     // Allow modules to change the weight of specific implementations, but avoid | ||||||
|     // an infinite loop. |     // an infinite loop. | ||||||
|     if ($hook != 'module_implements_alter') { |     if ($hook != 'module_implements_alter') { | ||||||
|  |       // Remember the implementations before hook_module_implements_alter(). | ||||||
|  |       $implementations_before = $implementations[$hook]; | ||||||
|       drupal_alter('module_implements', $implementations[$hook], $hook); |       drupal_alter('module_implements', $implementations[$hook], $hook); | ||||||
|  |       // Verify implementations that were added or modified. | ||||||
|  |       foreach (array_diff_assoc($implementations[$hook], $implementations_before) as $module => $group) { | ||||||
|  |         // If drupal_alter('module_implements') changed or added a $group, the | ||||||
|  |         // respective file needs to be included. | ||||||
|  |         if ($group) { | ||||||
|  |           module_load_include('inc', $module, "$module.$group"); | ||||||
|  |         } | ||||||
|  |         // If a new implementation was added, verify that the function exists. | ||||||
|  |         if (!function_exists($module . '_' . $hook)) { | ||||||
|  |           unset($implementations[$hook][$module]); | ||||||
|         } |         } | ||||||
|       } |       } | ||||||
|   else { |     } | ||||||
|  |     // Implementations for this hook are now "verified". | ||||||
|  |     $verified[$hook] = TRUE; | ||||||
|  |   } | ||||||
|  |   elseif (!isset($verified[$hook])) { | ||||||
|  |     // Implementations for this hook were in the cache, but they are not | ||||||
|  |     // "verified" yet. | ||||||
|     foreach ($implementations[$hook] as $module => $group) { |     foreach ($implementations[$hook] as $module => $group) { | ||||||
|       // If this hook implementation is stored in a lazy-loaded file, so include |       // If this hook implementation is stored in a lazy-loaded file, so include | ||||||
|       // that file first. |       // that file first. | ||||||
| @@ -769,6 +831,7 @@ function module_implements($hook, $sort = FALSE, $reset = FALSE) { | |||||||
|         $implementations['#write_cache'] = TRUE; |         $implementations['#write_cache'] = TRUE; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |     $verified[$hook] = TRUE; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   return array_keys($implementations[$hook]); |   return array_keys($implementations[$hook]); | ||||||
| @@ -833,6 +896,11 @@ function module_hook_info() { | |||||||
|  * @see module_implements() |  * @see module_implements() | ||||||
|  */ |  */ | ||||||
| function module_implements_write_cache() { | function module_implements_write_cache() { | ||||||
|  |   // The list of implementations includes vital modules only before full | ||||||
|  |   // bootstrap, so do not write cache if we are not fully bootstrapped yet. | ||||||
|  |   if (drupal_get_bootstrap_phase() != DRUPAL_BOOTSTRAP_FULL) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|   $implementations = &drupal_static('module_implements'); |   $implementations = &drupal_static('module_implements'); | ||||||
|   if (isset($implementations['#write_cache'])) { |   if (isset($implementations['#write_cache'])) { | ||||||
|     unset($implementations['#write_cache']); |     unset($implementations['#write_cache']); | ||||||
| @@ -880,7 +948,9 @@ function module_invoke($module, $hook) { | |||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   An array of return values of the hook implementations. If modules return |  *   An array of return values of the hook implementations. If modules return | ||||||
|  *   arrays from their implementations, those are merged into one array. |  *   arrays from their implementations, those are merged into one array | ||||||
|  |  *   recursively. Note: integer keys in arrays will be lost, as the merge is | ||||||
|  |  *   done using array_merge_recursive(). | ||||||
|  * |  * | ||||||
|  * @see drupal_alter() |  * @see drupal_alter() | ||||||
|  */ |  */ | ||||||
|   | |||||||
| @@ -321,9 +321,19 @@ function theme_pager($variables) { | |||||||
|   $tags = $variables['tags']; |   $tags = $variables['tags']; | ||||||
|   $element = $variables['element']; |   $element = $variables['element']; | ||||||
|   $parameters = $variables['parameters']; |   $parameters = $variables['parameters']; | ||||||
|   $quantity = $variables['quantity']; |   $quantity = empty($variables['quantity']) ? 0 : $variables['quantity']; | ||||||
|   global $pager_page_array, $pager_total; |   global $pager_page_array, $pager_total; | ||||||
|  |  | ||||||
|  |   // Nothing to do if there is no pager. | ||||||
|  |   if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Nothing to do if there is only one page. | ||||||
|  |   if ($pager_total[$element] <= 1) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Calculate various markers within this pager piece: |   // Calculate various markers within this pager piece: | ||||||
|   // Middle is used to "center" pages around the current page. |   // Middle is used to "center" pages around the current page. | ||||||
|   $pager_middle = ceil($quantity / 2); |   $pager_middle = ceil($quantity / 2); | ||||||
| @@ -455,6 +465,11 @@ function theme_pager_first($variables) { | |||||||
|   global $pager_page_array; |   global $pager_page_array; | ||||||
|   $output = ''; |   $output = ''; | ||||||
|  |  | ||||||
|  |   // Nothing to do if there is no pager. | ||||||
|  |   if (!isset($pager_page_array[$element])) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // If we are anywhere but the first page |   // If we are anywhere but the first page | ||||||
|   if ($pager_page_array[$element] > 0) { |   if ($pager_page_array[$element] > 0) { | ||||||
|     $output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array(0, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters)); |     $output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array(0, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters)); | ||||||
| @@ -485,6 +500,11 @@ function theme_pager_previous($variables) { | |||||||
|   global $pager_page_array; |   global $pager_page_array; | ||||||
|   $output = ''; |   $output = ''; | ||||||
|  |  | ||||||
|  |   // Nothing to do if there is no pager. | ||||||
|  |   if (!isset($pager_page_array[$element])) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // If we are anywhere but the first page |   // If we are anywhere but the first page | ||||||
|   if ($pager_page_array[$element] > 0) { |   if ($pager_page_array[$element] > 0) { | ||||||
|     $page_new = pager_load_array($pager_page_array[$element] - $interval, $element, $pager_page_array); |     $page_new = pager_load_array($pager_page_array[$element] - $interval, $element, $pager_page_array); | ||||||
| @@ -524,6 +544,11 @@ function theme_pager_next($variables) { | |||||||
|   global $pager_page_array, $pager_total; |   global $pager_page_array, $pager_total; | ||||||
|   $output = ''; |   $output = ''; | ||||||
|  |  | ||||||
|  |   // Nothing to do if there is no pager. | ||||||
|  |   if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // If we are anywhere but the last page |   // If we are anywhere but the last page | ||||||
|   if ($pager_page_array[$element] < ($pager_total[$element] - 1)) { |   if ($pager_page_array[$element] < ($pager_total[$element] - 1)) { | ||||||
|     $page_new = pager_load_array($pager_page_array[$element] + $interval, $element, $pager_page_array); |     $page_new = pager_load_array($pager_page_array[$element] + $interval, $element, $pager_page_array); | ||||||
| @@ -560,6 +585,11 @@ function theme_pager_last($variables) { | |||||||
|   global $pager_page_array, $pager_total; |   global $pager_page_array, $pager_total; | ||||||
|   $output = ''; |   $output = ''; | ||||||
|  |  | ||||||
|  |   // Nothing to do if there is no pager. | ||||||
|  |   if (!isset($pager_page_array[$element]) || !isset($pager_total[$element])) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // If we are anywhere but the last page |   // If we are anywhere but the last page | ||||||
|   if ($pager_page_array[$element] < ($pager_total[$element] - 1)) { |   if ($pager_page_array[$element] < ($pager_total[$element] - 1)) { | ||||||
|     $output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array($pager_total[$element] - 1, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters)); |     $output = theme('pager_link', array('text' => $text, 'page_new' => pager_load_array($pager_total[$element] - 1, $element, $pager_page_array), 'element' => $element, 'parameters' => $parameters)); | ||||||
|   | |||||||
| @@ -347,7 +347,8 @@ function drupal_match_path($path, $patterns) { | |||||||
|  * drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL) makes this function available. |  * drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL) makes this function available. | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   The current Drupal URL path. |  *   The current Drupal URL path. The path is untrusted user input and must be | ||||||
|  |  *   treated as such. | ||||||
|  * |  * | ||||||
|  * @see request_path() |  * @see request_path() | ||||||
|  */ |  */ | ||||||
| @@ -465,6 +466,7 @@ function path_delete($criteria) { | |||||||
|     $criteria = array('pid' => $criteria); |     $criteria = array('pid' => $criteria); | ||||||
|   } |   } | ||||||
|   $path = path_load($criteria); |   $path = path_load($criteria); | ||||||
|  |   if (isset($path['source'])) { | ||||||
|     $query = db_delete('url_alias'); |     $query = db_delete('url_alias'); | ||||||
|     foreach ($criteria as $field => $value) { |     foreach ($criteria as $field => $value) { | ||||||
|       $query->condition($field, $value); |       $query->condition($field, $value); | ||||||
| @@ -472,6 +474,7 @@ function path_delete($criteria) { | |||||||
|     $query->execute(); |     $query->execute(); | ||||||
|     module_invoke_all('path_delete', $path); |     module_invoke_all('path_delete', $path); | ||||||
|     drupal_clear_path_cache($path['source']); |     drupal_clear_path_cache($path['source']); | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|   | |||||||
| @@ -19,7 +19,6 @@ | |||||||
|  * Does the work for registry_update(). |  * Does the work for registry_update(). | ||||||
|  */ |  */ | ||||||
| function _registry_update() { | function _registry_update() { | ||||||
|  |  | ||||||
|   // The registry serves as a central autoloader for all classes, including |   // The registry serves as a central autoloader for all classes, including | ||||||
|   // the database query builders. However, the registry rebuild process |   // the database query builders. However, the registry rebuild process | ||||||
|   // requires write ability to the database, which means having access to the |   // requires write ability to the database, which means having access to the | ||||||
| @@ -33,6 +32,11 @@ function _registry_update() { | |||||||
|   require_once DRUPAL_ROOT . '/includes/database/select.inc'; |   require_once DRUPAL_ROOT . '/includes/database/select.inc'; | ||||||
|   require_once DRUPAL_ROOT . '/includes/database/' . $driver . '/query.inc'; |   require_once DRUPAL_ROOT . '/includes/database/' . $driver . '/query.inc'; | ||||||
|  |  | ||||||
|  |   // During the first registry rebuild in a request, we check all the files. | ||||||
|  |   // During subsequent rebuilds, we only add new files. It makes the rebuilding | ||||||
|  |   // process faster during installation of modules. | ||||||
|  |   static $check_existing_files = TRUE; | ||||||
|  |  | ||||||
|   // Get current list of modules and their files. |   // Get current list of modules and their files. | ||||||
|   $modules = db_query("SELECT * FROM {system} WHERE type = 'module'")->fetchAll(); |   $modules = db_query("SELECT * FROM {system} WHERE type = 'module'")->fetchAll(); | ||||||
|   // Get the list of files we are going to parse. |   // Get the list of files we are going to parse. | ||||||
| @@ -55,6 +59,9 @@ function _registry_update() { | |||||||
|     $files["$filename"] = array('module' => '', 'weight' => 0); |     $files["$filename"] = array('module' => '', 'weight' => 0); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   // Initialize an empty array for the unchanged files. | ||||||
|  |   $unchanged_files = array(); | ||||||
|  |  | ||||||
|   $transaction = db_transaction(); |   $transaction = db_transaction(); | ||||||
|   try { |   try { | ||||||
|     // Allow modules to manually modify the list of files before the registry |     // Allow modules to manually modify the list of files before the registry | ||||||
| @@ -63,11 +70,20 @@ function _registry_update() { | |||||||
|     // list can then be added to the list of files that the registry will parse, |     // list can then be added to the list of files that the registry will parse, | ||||||
|     // or modify attributes of a file. |     // or modify attributes of a file. | ||||||
|     drupal_alter('registry_files', $files, $modules); |     drupal_alter('registry_files', $files, $modules); | ||||||
|  |  | ||||||
|     foreach (registry_get_parsed_files() as $filename => $file) { |     foreach (registry_get_parsed_files() as $filename => $file) { | ||||||
|       // Add the hash for those files we have already parsed. |       // Add the hash for those files we have already parsed. | ||||||
|       if (isset($files[$filename])) { |       if (isset($files[$filename])) { | ||||||
|  |         if ($check_existing_files === TRUE) { | ||||||
|           $files[$filename]['hash'] = $file['hash']; |           $files[$filename]['hash'] = $file['hash']; | ||||||
|         } |         } | ||||||
|  |         else { | ||||||
|  |           // Ignore that file for this request, it has been parsed previously | ||||||
|  |           // and it is unlikely it has changed. | ||||||
|  |           unset($files[$filename]); | ||||||
|  |           $unchanged_files[$filename] = $file; | ||||||
|  |         } | ||||||
|  |       } | ||||||
|       else { |       else { | ||||||
|         // Flush the registry of resources in files that are no longer on disc |         // Flush the registry of resources in files that are no longer on disc | ||||||
|         // or are in files that no installed modules require to be parsed. |         // or are in files that no installed modules require to be parsed. | ||||||
| @@ -79,8 +95,12 @@ function _registry_update() { | |||||||
|           ->execute(); |           ->execute(); | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     $parsed_files = _registry_parse_files($files); |     $parsed_files = _registry_parse_files($files); | ||||||
|  |  | ||||||
|  |     // Add unchanged files to the files. | ||||||
|  |     $files += $unchanged_files; | ||||||
|  |  | ||||||
|     $unchanged_resources = array(); |     $unchanged_resources = array(); | ||||||
|     $lookup_cache = array(); |     $lookup_cache = array(); | ||||||
|     if ($cache = cache_get('lookup_cache', 'cache_bootstrap')) { |     if ($cache = cache_get('lookup_cache', 'cache_bootstrap')) { | ||||||
| @@ -89,12 +109,10 @@ function _registry_update() { | |||||||
|     foreach ($lookup_cache as $key => $file) { |     foreach ($lookup_cache as $key => $file) { | ||||||
|       // If the file for this cached resource is carried over unchanged from |       // If the file for this cached resource is carried over unchanged from | ||||||
|       // the last registry build, then we can safely re-cache it. |       // the last registry build, then we can safely re-cache it. | ||||||
|       if ($file && in_array($file, array_keys($files)) && !in_array($file, $parsed_files)) { |       if ($file && isset($files[$file]) && !in_array($file, $parsed_files, TRUE)) { | ||||||
|         $unchanged_resources[$key] = $file; |         $unchanged_resources[$key] = $file; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     module_implements('', FALSE, TRUE); |  | ||||||
|     _registry_check_code(REGISTRY_RESET_LOOKUP_CACHE); |  | ||||||
|   } |   } | ||||||
|   catch (Exception $e) { |   catch (Exception $e) { | ||||||
|     $transaction->rollback(); |     $transaction->rollback(); | ||||||
| @@ -102,6 +120,13 @@ function _registry_update() { | |||||||
|     throw $e; |     throw $e; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   module_implements('', FALSE, TRUE); | ||||||
|  |   _registry_check_code(REGISTRY_RESET_LOOKUP_CACHE); | ||||||
|  |  | ||||||
|  |   // During the next run in this request, don't bother re-checking existing | ||||||
|  |   // files. | ||||||
|  |   $check_existing_files = FALSE; | ||||||
|  |  | ||||||
|   // We have some unchanged resources, warm up the cache - no need to pay |   // We have some unchanged resources, warm up the cache - no need to pay | ||||||
|   // for looking them up again. |   // for looking them up again. | ||||||
|   if (count($unchanged_resources) > 0) { |   if (count($unchanged_resources) > 0) { | ||||||
| @@ -164,7 +189,7 @@ function _registry_parse_files($files) { | |||||||
|  *   (optional) Weight of the module. |  *   (optional) Weight of the module. | ||||||
|  */ |  */ | ||||||
| function _registry_parse_file($filename, $contents, $module = '', $weight = 0) { | function _registry_parse_file($filename, $contents, $module = '', $weight = 0) { | ||||||
|   if (preg_match_all('/^\s*(?:abstract|final)?\s*(class|interface)\s+([a-zA-Z0-9_]+)/m', $contents, $matches)) { |   if (preg_match_all('/^\s*(?:abstract|final)?\s*(class|interface|trait)\s+([a-zA-Z0-9_]+)/m', $contents, $matches)) { | ||||||
|     foreach ($matches[2] as $key => $name) { |     foreach ($matches[2] as $key => $name) { | ||||||
|       db_merge('registry') |       db_merge('registry') | ||||||
|         ->key(array( |         ->key(array( | ||||||
|   | |||||||
							
								
								
									
										114
									
								
								includes/request-sanitizer.inc
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										114
									
								
								includes/request-sanitizer.inc
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,114 @@ | |||||||
|  | <?php | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * @file | ||||||
|  |  * Contains code for sanitizing user input from the request. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Sanitizes user input from the request. | ||||||
|  |  */ | ||||||
|  | class DrupalRequestSanitizer { | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Tracks whether the request was already sanitized. | ||||||
|  |    */ | ||||||
|  |   protected static $sanitized = FALSE; | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Modifies the request to strip dangerous keys from user input. | ||||||
|  |    */ | ||||||
|  |   public static function sanitize() { | ||||||
|  |     if (!self::$sanitized) { | ||||||
|  |       $whitelist = variable_get('sanitize_input_whitelist', array()); | ||||||
|  |       $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE); | ||||||
|  |  | ||||||
|  |       // Process query string parameters. | ||||||
|  |       $get_sanitized_keys = array(); | ||||||
|  |       $_GET = self::stripDangerousValues($_GET, $whitelist, $get_sanitized_keys); | ||||||
|  |       if ($log_sanitized_keys && $get_sanitized_keys) { | ||||||
|  |         _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from query string parameters (GET): @keys', array('@keys' => implode(', ', $get_sanitized_keys))), E_USER_NOTICE); | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       // Process request body parameters. | ||||||
|  |       $post_sanitized_keys = array(); | ||||||
|  |       $_POST = self::stripDangerousValues($_POST, $whitelist, $post_sanitized_keys); | ||||||
|  |       if ($log_sanitized_keys && $post_sanitized_keys) { | ||||||
|  |         _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from request body parameters (POST): @keys', array('@keys' => implode(', ', $post_sanitized_keys))), E_USER_NOTICE); | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       // Process cookie parameters. | ||||||
|  |       $cookie_sanitized_keys = array(); | ||||||
|  |       $_COOKIE = self::stripDangerousValues($_COOKIE, $whitelist, $cookie_sanitized_keys); | ||||||
|  |       if ($log_sanitized_keys && $cookie_sanitized_keys) { | ||||||
|  |         _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from cookie parameters (COOKIE): @keys', array('@keys' => implode(', ', $cookie_sanitized_keys))), E_USER_NOTICE); | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       $request_sanitized_keys = array(); | ||||||
|  |       $_REQUEST = self::stripDangerousValues($_REQUEST, $whitelist, $request_sanitized_keys); | ||||||
|  |  | ||||||
|  |       self::$sanitized = TRUE; | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Removes the destination if it is dangerous. | ||||||
|  |    * | ||||||
|  |    * Note this can only be called after common.inc has been included. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   TRUE if the destination has been removed from $_GET, FALSE if not. | ||||||
|  |    */ | ||||||
|  |   public static function cleanDestination() { | ||||||
|  |     $dangerous_keys = array(); | ||||||
|  |     $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE); | ||||||
|  |  | ||||||
|  |     $parts = drupal_parse_url($_GET['destination']); | ||||||
|  |     // If there is a query string, check its query parameters. | ||||||
|  |     if (!empty($parts['query'])) { | ||||||
|  |       $whitelist = variable_get('sanitize_input_whitelist', array()); | ||||||
|  |  | ||||||
|  |       self::stripDangerousValues($parts['query'], $whitelist, $dangerous_keys); | ||||||
|  |       if (!empty($dangerous_keys)) { | ||||||
|  |         // The destination is removed rather than sanitized to mirror the | ||||||
|  |         // handling of external destinations. | ||||||
|  |         unset($_GET['destination']); | ||||||
|  |         unset($_REQUEST['destination']); | ||||||
|  |         if ($log_sanitized_keys) { | ||||||
|  |           trigger_error(format_string('Potentially unsafe destination removed from query string parameters (GET) because it contained the following keys: @keys', array('@keys' => implode(', ', $dangerous_keys)))); | ||||||
|  |         } | ||||||
|  |         return TRUE; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |     return FALSE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Strips dangerous keys from the provided input. | ||||||
|  |    * | ||||||
|  |    * @param mixed $input | ||||||
|  |    *   The input to sanitize. | ||||||
|  |    * @param string[] $whitelist | ||||||
|  |    *   An array of keys to whitelist as safe. | ||||||
|  |    * @param string[] $sanitized_keys | ||||||
|  |    *   An array of keys that have been removed. | ||||||
|  |    * | ||||||
|  |    * @return mixed | ||||||
|  |    *   The sanitized input. | ||||||
|  |    */ | ||||||
|  |   protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) { | ||||||
|  |     if (is_array($input)) { | ||||||
|  |       foreach ($input as $key => $value) { | ||||||
|  |         if ($key !== '' && is_string($key) && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) { | ||||||
|  |           unset($input[$key]); | ||||||
|  |           $sanitized_keys[] = $key; | ||||||
|  |         } | ||||||
|  |         else { | ||||||
|  |           $input[$key] = self::stripDangerousValues($input[$key], $whitelist, $sanitized_keys); | ||||||
|  |         } | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |     return $input; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  | } | ||||||
| @@ -163,7 +163,7 @@ function _drupal_session_write($sid, $value) { | |||||||
|   try { |   try { | ||||||
|     if (!drupal_save_session()) { |     if (!drupal_save_session()) { | ||||||
|       // We don't have anything to do if we are not allowed to save the session. |       // We don't have anything to do if we are not allowed to save the session. | ||||||
|       return; |       return TRUE; | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     // Check whether $_SESSION has been changed in this request. |     // Check whether $_SESSION has been changed in this request. | ||||||
| @@ -284,6 +284,20 @@ function drupal_session_start() { | |||||||
|     // Save current session data before starting it, as PHP will destroy it. |     // Save current session data before starting it, as PHP will destroy it. | ||||||
|     $session_data = isset($_SESSION) ? $_SESSION : NULL; |     $session_data = isset($_SESSION) ? $_SESSION : NULL; | ||||||
|  |  | ||||||
|  |     // Apply any overrides to the session cookie params. | ||||||
|  |     $params = $original_params = session_get_cookie_params(); | ||||||
|  |     // PHP settings for samesite will be handled by _drupal_cookie_params(). | ||||||
|  |     unset($params['samesite']); | ||||||
|  |     $params = _drupal_cookie_params($params); | ||||||
|  |     if ($params !== $original_params) { | ||||||
|  |       if (\PHP_VERSION_ID >= 70300) { | ||||||
|  |         session_set_cookie_params($params); | ||||||
|  |       } | ||||||
|  |       else { | ||||||
|  |         session_set_cookie_params($params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']); | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |  | ||||||
|     session_start(); |     session_start(); | ||||||
|     drupal_session_started(TRUE); |     drupal_session_started(TRUE); | ||||||
|  |  | ||||||
| @@ -323,7 +337,14 @@ function drupal_session_commit() { | |||||||
|         $insecure_session_name = substr(session_name(), 1); |         $insecure_session_name = substr(session_name(), 1); | ||||||
|         $params = session_get_cookie_params(); |         $params = session_get_cookie_params(); | ||||||
|         $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; |         $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; | ||||||
|         setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); |         $options = array( | ||||||
|  |           'expires' => $expire, | ||||||
|  |           'path' => $params['path'], | ||||||
|  |           'domain' => $params['domain'], | ||||||
|  |           'secure' => FALSE, | ||||||
|  |           'httponly' => $params['httponly'], | ||||||
|  |         ); | ||||||
|  |         drupal_setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $options); | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     // Write the session data. |     // Write the session data. | ||||||
| @@ -365,19 +386,36 @@ function drupal_session_regenerate() { | |||||||
|     // $params['lifetime'] seconds from the current request. If it is not set, |     // $params['lifetime'] seconds from the current request. If it is not set, | ||||||
|     // it will expire when the browser is closed. |     // it will expire when the browser is closed. | ||||||
|     $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; |     $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; | ||||||
|     setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); |     $options = array( | ||||||
|  |       'expires' => $expire, | ||||||
|  |       'path' => $params['path'], | ||||||
|  |       'domain' => $params['domain'], | ||||||
|  |       'secure' => FALSE, | ||||||
|  |       'httponly' => $params['httponly'], | ||||||
|  |     ); | ||||||
|  |     drupal_setcookie($insecure_session_name, $session_id, $options); | ||||||
|     $_COOKIE[$insecure_session_name] = $session_id; |     $_COOKIE[$insecure_session_name] = $session_id; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (drupal_session_started()) { |   if (drupal_session_started()) { | ||||||
|     $old_session_id = session_id(); |     $old_session_id = session_id(); | ||||||
|  |     _drupal_session_regenerate_existing(); | ||||||
|   } |   } | ||||||
|  |   else { | ||||||
|     session_id(drupal_random_key()); |     session_id(drupal_random_key()); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   if (isset($old_session_id)) { |   if (isset($old_session_id)) { | ||||||
|     $params = session_get_cookie_params(); |     $params = session_get_cookie_params(); | ||||||
|     $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; |     $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; | ||||||
|     setcookie(session_name(), session_id(), $expire, $params['path'], $params['domain'], $params['secure'], $params['httponly']); |     $options = array( | ||||||
|  |       'expires' => $expire, | ||||||
|  |       'path' => $params['path'], | ||||||
|  |       'domain' => $params['domain'], | ||||||
|  |       'secure' => $params['secure'], | ||||||
|  |       'httponly' => $params['httponly'], | ||||||
|  |     ); | ||||||
|  |     drupal_setcookie(session_name(), session_id(), $options); | ||||||
|     $fields = array('sid' => session_id()); |     $fields = array('sid' => session_id()); | ||||||
|     if ($is_https) { |     if ($is_https) { | ||||||
|       $fields['ssid'] = session_id(); |       $fields['ssid'] = session_id(); | ||||||
| @@ -412,6 +450,26 @@ function drupal_session_regenerate() { | |||||||
|   date_default_timezone_set(drupal_get_user_timezone()); |   date_default_timezone_set(drupal_get_user_timezone()); | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Regenerates an existing session. | ||||||
|  |  */ | ||||||
|  | function _drupal_session_regenerate_existing() { | ||||||
|  |   global $user; | ||||||
|  |   // Preserve existing settings for the saving of sessions. | ||||||
|  |   $original_save_session_status = drupal_save_session(); | ||||||
|  |   // Turn off saving of sessions. | ||||||
|  |   drupal_save_session(FALSE); | ||||||
|  |   session_write_close(); | ||||||
|  |   drupal_session_started(FALSE); | ||||||
|  |   // Preserve the user object, as starting a new session will reset it. | ||||||
|  |   $original_user = $user; | ||||||
|  |   session_id(drupal_random_key()); | ||||||
|  |   drupal_session_start(); | ||||||
|  |   $user = $original_user; | ||||||
|  |   // Restore the original settings for the saving of sessions. | ||||||
|  |   drupal_save_session($original_save_session_status); | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Session handler assigned by session_set_save_handler(). |  * Session handler assigned by session_set_save_handler(). | ||||||
|  * |  * | ||||||
| @@ -425,7 +483,7 @@ function _drupal_session_destroy($sid) { | |||||||
|  |  | ||||||
|   // Nothing to do if we are not allowed to change the session. |   // Nothing to do if we are not allowed to change the session. | ||||||
|   if (!drupal_save_session()) { |   if (!drupal_save_session()) { | ||||||
|     return; |     return TRUE; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Delete session data. |   // Delete session data. | ||||||
| @@ -446,6 +504,8 @@ function _drupal_session_destroy($sid) { | |||||||
|   elseif (variable_get('https', FALSE)) { |   elseif (variable_get('https', FALSE)) { | ||||||
|     _drupal_session_delete_cookie('S' . session_name(), TRUE); |     _drupal_session_delete_cookie('S' . session_name(), TRUE); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   return TRUE; | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -463,7 +523,14 @@ function _drupal_session_delete_cookie($name, $secure = NULL) { | |||||||
|     if ($secure !== NULL) { |     if ($secure !== NULL) { | ||||||
|       $params['secure'] = $secure; |       $params['secure'] = $secure; | ||||||
|     } |     } | ||||||
|     setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']); |     $options = array( | ||||||
|  |       'expires' => REQUEST_TIME - 3600, | ||||||
|  |       'path' => $params['path'], | ||||||
|  |       'domain' => $params['domain'], | ||||||
|  |       'secure' => $params['secure'], | ||||||
|  |       'httponly' => $params['httponly'], | ||||||
|  |     ); | ||||||
|  |     drupal_setcookie($name, '', $options); | ||||||
|     unset($_COOKIE[$name]); |     unset($_COOKIE[$name]); | ||||||
|   } |   } | ||||||
| } | } | ||||||
|   | |||||||
| @@ -133,7 +133,7 @@ interface DrupalStreamWrapperInterface extends StreamWrapperInterface { | |||||||
|    * @param $uri |    * @param $uri | ||||||
|    *   A string containing the URI that should be used for this instance. |    *   A string containing the URI that should be used for this instance. | ||||||
|    */ |    */ | ||||||
|   function setUri($uri); |   public function setUri($uri); | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Returns the stream resource URI. |    * Returns the stream resource URI. | ||||||
| @@ -219,7 +219,6 @@ interface DrupalStreamWrapperInterface extends StreamWrapperInterface { | |||||||
|   public function dirname($uri = NULL); |   public function dirname($uri = NULL); | ||||||
| } | } | ||||||
|  |  | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Drupal stream wrapper base class for local files. |  * Drupal stream wrapper base class for local files. | ||||||
|  * |  * | ||||||
| @@ -549,6 +548,155 @@ abstract class DrupalLocalStreamWrapper implements DrupalStreamWrapperInterface | |||||||
|     return fclose($this->handle); |     return fclose($this->handle); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Sets metadata on the stream. | ||||||
|  |    * | ||||||
|  |    * WARNING: Do not call this method directly! It will be called internally by | ||||||
|  |    * PHP itself when one of the following functions is called on a stream URL: | ||||||
|  |    * | ||||||
|  |    * @param string $uri | ||||||
|  |    *   A string containing the URI to the file to set metadata on. | ||||||
|  |    * @param int $option | ||||||
|  |    *   One of: | ||||||
|  |    *   - STREAM_META_TOUCH: The method was called in response to touch(). | ||||||
|  |    *   - STREAM_META_OWNER_NAME: The method was called in response to chown() | ||||||
|  |    *     with string parameter. | ||||||
|  |    *   - STREAM_META_OWNER: The method was called in response to chown(). | ||||||
|  |    *   - STREAM_META_GROUP_NAME: The method was called in response to chgrp(). | ||||||
|  |    *   - STREAM_META_GROUP: The method was called in response to chgrp(). | ||||||
|  |    *   - STREAM_META_ACCESS: The method was called in response to chmod(). | ||||||
|  |    * @param mixed $value | ||||||
|  |    *   If option is: | ||||||
|  |    *   - STREAM_META_TOUCH: Array consisting of two arguments of the touch() | ||||||
|  |    *     function. | ||||||
|  |    *   - STREAM_META_OWNER_NAME or STREAM_META_GROUP_NAME: The name of the owner | ||||||
|  |    *     user/group as string. | ||||||
|  |    *   - STREAM_META_OWNER or STREAM_META_GROUP: The value of the owner | ||||||
|  |    *     user/group as integer. | ||||||
|  |    *   - STREAM_META_ACCESS: The argument of the chmod() as integer. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   Returns TRUE on success or FALSE on failure. If $option is not | ||||||
|  |    *   implemented, FALSE should be returned. | ||||||
|  |    * | ||||||
|  |    * @see touch() | ||||||
|  |    * @see chmod() | ||||||
|  |    * @see chown() | ||||||
|  |    * @see chgrp() | ||||||
|  |    * @link http://php.net/manual/streamwrapper.stream-metadata.php | ||||||
|  |    */ | ||||||
|  |   public function stream_metadata($uri, $option, $value) { | ||||||
|  |     $target = $this->getLocalPath($uri); | ||||||
|  |     $return = FALSE; | ||||||
|  |     switch ($option) { | ||||||
|  |       case STREAM_META_TOUCH: | ||||||
|  |         if (!empty($value)) { | ||||||
|  |           $return = touch($target, $value[0], $value[1]); | ||||||
|  |         } | ||||||
|  |         else { | ||||||
|  |           $return = touch($target); | ||||||
|  |         } | ||||||
|  |         break; | ||||||
|  |  | ||||||
|  |       case STREAM_META_OWNER_NAME: | ||||||
|  |       case STREAM_META_OWNER: | ||||||
|  |         $return = chown($target, $value); | ||||||
|  |         break; | ||||||
|  |  | ||||||
|  |       case STREAM_META_GROUP_NAME: | ||||||
|  |       case STREAM_META_GROUP: | ||||||
|  |         $return = chgrp($target, $value); | ||||||
|  |         break; | ||||||
|  |  | ||||||
|  |       case STREAM_META_ACCESS: | ||||||
|  |         $return = chmod($target, $value); | ||||||
|  |         break; | ||||||
|  |     } | ||||||
|  |     if ($return) { | ||||||
|  |       // For convenience clear the file status cache of the underlying file, | ||||||
|  |       // since metadata operations are often followed by file status checks. | ||||||
|  |       clearstatcache(TRUE, $target); | ||||||
|  |     } | ||||||
|  |     return $return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Truncate stream. | ||||||
|  |    * | ||||||
|  |    * Will respond to truncation; e.g., through ftruncate(). | ||||||
|  |    * | ||||||
|  |    * @param int $new_size | ||||||
|  |    *   The new size. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   TRUE on success, FALSE otherwise. | ||||||
|  |    */ | ||||||
|  |   public function stream_truncate($new_size) { | ||||||
|  |     return ftruncate($this->handle, $new_size); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Retrieve the underlying stream resource. | ||||||
|  |    * | ||||||
|  |    * This method is called in response to stream_select(). | ||||||
|  |    * | ||||||
|  |    * @param int $cast_as | ||||||
|  |    *   Can be STREAM_CAST_FOR_SELECT when stream_select() is calling | ||||||
|  |    *   stream_cast() or STREAM_CAST_AS_STREAM when stream_cast() is called for | ||||||
|  |    *   other uses. | ||||||
|  |    * | ||||||
|  |    * @return resource|false | ||||||
|  |    *   The underlying stream resource or FALSE if stream_select() is not | ||||||
|  |    *   supported. | ||||||
|  |    * | ||||||
|  |    * @see stream_select() | ||||||
|  |    * @link http://php.net/manual/streamwrapper.stream-cast.php | ||||||
|  |    */ | ||||||
|  |   public function stream_cast($cast_as) { | ||||||
|  |     return $this->handle ? $this->handle : FALSE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Change stream options. | ||||||
|  |    * | ||||||
|  |    * This method is called to set options on the stream. | ||||||
|  |    * | ||||||
|  |    * Since Windows systems do not allow it and it is not needed for most use | ||||||
|  |    * cases anyway, this method is not supported on local files and will trigger | ||||||
|  |    * an error and return false. If needed, custom subclasses can provide | ||||||
|  |    * OS-specific implementations for advanced use cases. | ||||||
|  |    * | ||||||
|  |    * @param int $option | ||||||
|  |    *   One of: | ||||||
|  |    *   - STREAM_OPTION_BLOCKING: The method was called in response to | ||||||
|  |    *     stream_set_blocking(). | ||||||
|  |    *   - STREAM_OPTION_READ_TIMEOUT: The method was called in response to | ||||||
|  |    *     stream_set_timeout(). | ||||||
|  |    *   - STREAM_OPTION_WRITE_BUFFER: The method was called in response to | ||||||
|  |    *     stream_set_write_buffer(). | ||||||
|  |    * @param int $arg1 | ||||||
|  |    *   If option is: | ||||||
|  |    *   - STREAM_OPTION_BLOCKING: The requested blocking mode: | ||||||
|  |    *     - 1 means blocking. | ||||||
|  |    *     - 0 means not blocking. | ||||||
|  |    *   - STREAM_OPTION_READ_TIMEOUT: The timeout in seconds. | ||||||
|  |    *   - STREAM_OPTION_WRITE_BUFFER: The buffer mode, STREAM_BUFFER_NONE or | ||||||
|  |    *     STREAM_BUFFER_FULL. | ||||||
|  |    * @param int $arg2 | ||||||
|  |    *   If option is: | ||||||
|  |    *   - STREAM_OPTION_BLOCKING: This option is not set. | ||||||
|  |    *   - STREAM_OPTION_READ_TIMEOUT: The timeout in microseconds. | ||||||
|  |    *   - STREAM_OPTION_WRITE_BUFFER: The requested buffer size. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   TRUE on success, FALSE otherwise. If $option is not implemented, FALSE | ||||||
|  |    *   should be returned. | ||||||
|  |    */ | ||||||
|  |   public function stream_set_option($option, $arg1, $arg2) { | ||||||
|  |     trigger_error('stream_set_option() not supported for local file based stream wrappers', E_USER_WARNING); | ||||||
|  |     return FALSE; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Support for unlink(). |    * Support for unlink(). | ||||||
|    * |    * | ||||||
|   | |||||||
| @@ -1248,6 +1248,7 @@ function path_to_theme() { | |||||||
| function drupal_find_theme_functions($cache, $prefixes) { | function drupal_find_theme_functions($cache, $prefixes) { | ||||||
|   $implementations = array(); |   $implementations = array(); | ||||||
|   $functions = get_defined_functions(); |   $functions = get_defined_functions(); | ||||||
|  |   $theme_functions = preg_grep('/^(' . implode(')|(', $prefixes) . ')_/', $functions['user']); | ||||||
|  |  | ||||||
|   foreach ($cache as $hook => $info) { |   foreach ($cache as $hook => $info) { | ||||||
|     foreach ($prefixes as $prefix) { |     foreach ($prefixes as $prefix) { | ||||||
| @@ -1264,7 +1265,7 @@ function drupal_find_theme_functions($cache, $prefixes) { | |||||||
|       // intermediary suggestion. |       // intermediary suggestion. | ||||||
|       $pattern = isset($info['pattern']) ? $info['pattern'] : ($hook . '__'); |       $pattern = isset($info['pattern']) ? $info['pattern'] : ($hook . '__'); | ||||||
|       if (!isset($info['base hook']) && !empty($pattern)) { |       if (!isset($info['base hook']) && !empty($pattern)) { | ||||||
|         $matches = preg_grep('/^' . $prefix . '_' . $pattern . '/', $functions['user']); |         $matches = preg_grep('/^' . $prefix . '_' . $pattern . '/', $theme_functions); | ||||||
|         if ($matches) { |         if ($matches) { | ||||||
|           foreach ($matches as $match) { |           foreach ($matches as $match) { | ||||||
|             $new_hook = substr($match, strlen($prefix) + 1); |             $new_hook = substr($match, strlen($prefix) + 1); | ||||||
| @@ -1710,11 +1711,29 @@ function theme_status_messages($variables) { | |||||||
|  * copy if none of the enabled modules or the active theme implement any |  * copy if none of the enabled modules or the active theme implement any | ||||||
|  * preprocess or process functions or override this theme implementation. |  * preprocess or process functions or override this theme implementation. | ||||||
|  * |  * | ||||||
|  * @param $variables |  * @param array $variables | ||||||
|  *   An associative array containing the keys 'text', 'path', and 'options'. |  *   An associative array containing the keys: | ||||||
|  *   See the l() function for information about these variables. |  *   - text: The text of the link. | ||||||
|  |  *   - path: The internal path or external URL being linked to. It is used as | ||||||
|  |  *     the $path parameter of the url() function. | ||||||
|  |  *   - options: (optional) An array that defaults to empty, but can contain: | ||||||
|  |  *     - attributes: Can contain optional attributes: | ||||||
|  |  *       - class: must be declared in an array. Example: 'class' => | ||||||
|  |  *         array('class_name1','class_name2'). | ||||||
|  |  *       - title: must be a string. Example: 'title' => 'Example title' | ||||||
|  |  *       - Others are more flexible as long as they work with | ||||||
|  |  *         drupal_attributes($variables['options']['attributes]). | ||||||
|  |  *     - html: Boolean flag that tells whether text contains HTML or plain | ||||||
|  |  *       text. If set to TRUE, the text value will not be sanitized so the | ||||||
|  |          calling function must ensure that it already contains safe HTML. | ||||||
|  |  *   The elements $variables['options']['attributes'] and | ||||||
|  |  *   $variables['options']['html'] are used in this function similarly to the | ||||||
|  |  *   way that $options['attributes'] and $options['html'] are used in l(). | ||||||
|  |  *   The link itself is built by the url() function, which takes | ||||||
|  |  *   $variables['path'] and $variables['options'] as arguments. | ||||||
|  * |  * | ||||||
|  * @see l() |  * @see l() | ||||||
|  |  * @see url() | ||||||
|  */ |  */ | ||||||
| function theme_link($variables) { | function theme_link($variables) { | ||||||
|   return '<a href="' . check_plain(url($variables['path'], $variables['options'])) . '"' . drupal_attributes($variables['options']['attributes']) . '>' . ($variables['options']['html'] ? $variables['text'] : check_plain($variables['text'])) . '</a>'; |   return '<a href="' . check_plain(url($variables['path'], $variables['options'])) . '"' . drupal_attributes($variables['options']['attributes']) . '>' . ($variables['options']['html'] ? $variables['text'] : check_plain($variables['text'])) . '</a>'; | ||||||
| @@ -1757,13 +1776,13 @@ function theme_link($variables) { | |||||||
|  *     http://www.w3.org/TR/WCAG-TECHS/H42.html for more information. |  *     http://www.w3.org/TR/WCAG-TECHS/H42.html for more information. | ||||||
|  */ |  */ | ||||||
| function theme_links($variables) { | function theme_links($variables) { | ||||||
|   $links = $variables['links']; |   $links = (array) $variables['links']; | ||||||
|   $attributes = $variables['attributes']; |   $attributes = (array) $variables['attributes']; | ||||||
|   $heading = $variables['heading']; |   $heading = $variables['heading']; | ||||||
|   global $language_url; |   global $language_url; | ||||||
|   $output = ''; |   $output = ''; | ||||||
|  |  | ||||||
|   if (count($links) > 0) { |   if (!empty($links)) { | ||||||
|     // Treat the heading first if it is present to prepend it to the |     // Treat the heading first if it is present to prepend it to the | ||||||
|     // list of links. |     // list of links. | ||||||
|     if (!empty($heading)) { |     if (!empty($heading)) { | ||||||
| @@ -1791,7 +1810,8 @@ function theme_links($variables) { | |||||||
|     foreach ($links as $key => $link) { |     foreach ($links as $key => $link) { | ||||||
|       $class = array($key); |       $class = array($key); | ||||||
|  |  | ||||||
|       // Add first, last and active classes to the list of links to help out themers. |       // Add first, last and active classes to the list of links to help out | ||||||
|  |       // themers. | ||||||
|       if ($i == 1) { |       if ($i == 1) { | ||||||
|         $class[] = 'first'; |         $class[] = 'first'; | ||||||
|       } |       } | ||||||
| @@ -1809,7 +1829,8 @@ function theme_links($variables) { | |||||||
|         $output .= l($link['title'], $link['href'], $link); |         $output .= l($link['title'], $link['href'], $link); | ||||||
|       } |       } | ||||||
|       elseif (!empty($link['title'])) { |       elseif (!empty($link['title'])) { | ||||||
|         // Some links are actually not links, but we wrap these in <span> for adding title and class attributes. |         // Some links are actually not links, but we wrap these in <span> for | ||||||
|  |         // adding title and class attributes. | ||||||
|         if (empty($link['html'])) { |         if (empty($link['html'])) { | ||||||
|           $link['title'] = check_plain($link['title']); |           $link['title'] = check_plain($link['title']); | ||||||
|         } |         } | ||||||
| @@ -1890,7 +1911,7 @@ function theme_breadcrumb($variables) { | |||||||
| /** | /** | ||||||
|  * Returns HTML for a table. |  * Returns HTML for a table. | ||||||
|  * |  * | ||||||
|  * @param $variables |  * @param array $variables | ||||||
|  *   An associative array containing: |  *   An associative array containing: | ||||||
|  *   - header: An array containing the table headers. Each element of the array |  *   - header: An array containing the table headers. Each element of the array | ||||||
|  *     can be either a localized string or an associative array with the |  *     can be either a localized string or an associative array with the | ||||||
| @@ -1927,6 +1948,11 @@ function theme_breadcrumb($variables) { | |||||||
|  *       ) |  *       ) | ||||||
|  *     ); |  *     ); | ||||||
|  *     @endcode |  *     @endcode | ||||||
|  |  *   - footer: An array of table rows which will be printed within a <tfoot> | ||||||
|  |  *     tag, in the same format as the rows element (see above). | ||||||
|  |  *     The structure is the same the one defined for the "rows" key except | ||||||
|  |  *     that the no_striping boolean has no effect, there is no rows striping | ||||||
|  |  *     for the table footer. | ||||||
|  *   - attributes: An array of HTML attributes to apply to the table tag. |  *   - attributes: An array of HTML attributes to apply to the table tag. | ||||||
|  *   - caption: A localized string to use for the <caption> tag. |  *   - caption: A localized string to use for the <caption> tag. | ||||||
|  *   - colgroups: An array of column groups. Each element of the array can be |  *   - colgroups: An array of column groups. Each element of the array can be | ||||||
| @@ -1963,8 +1989,11 @@ function theme_breadcrumb($variables) { | |||||||
|  *   - sticky: Use a "sticky" table header. |  *   - sticky: Use a "sticky" table header. | ||||||
|  *   - empty: The message to display in an extra row if table does not have any |  *   - empty: The message to display in an extra row if table does not have any | ||||||
|  *     rows. |  *     rows. | ||||||
|  |  * | ||||||
|  |  * @return string | ||||||
|  |  *   The HTML output. | ||||||
|  */ |  */ | ||||||
| function theme_table($variables) { | function theme_table(array $variables) { | ||||||
|   $header = $variables['header']; |   $header = $variables['header']; | ||||||
|   $rows = $variables['rows']; |   $rows = $variables['rows']; | ||||||
|   $attributes = $variables['attributes']; |   $attributes = $variables['attributes']; | ||||||
| @@ -1974,7 +2003,7 @@ function theme_table($variables) { | |||||||
|   $empty = $variables['empty']; |   $empty = $variables['empty']; | ||||||
|  |  | ||||||
|   // Add sticky headers, if applicable. |   // Add sticky headers, if applicable. | ||||||
|   if (count($header) && $sticky) { |   if (!empty($header) && $sticky) { | ||||||
|     drupal_add_js('misc/tableheader.js'); |     drupal_add_js('misc/tableheader.js'); | ||||||
|     // Add 'sticky-enabled' class to the table to identify it for JS. |     // Add 'sticky-enabled' class to the table to identify it for JS. | ||||||
|     // This is needed to target tables constructed by this function. |     // This is needed to target tables constructed by this function. | ||||||
| @@ -1988,7 +2017,7 @@ function theme_table($variables) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Format the table columns: |   // Format the table columns: | ||||||
|   if (count($colgroups)) { |   if (!empty($colgroups)) { | ||||||
|     foreach ($colgroups as $number => $colgroup) { |     foreach ($colgroups as $number => $colgroup) { | ||||||
|       $attributes = array(); |       $attributes = array(); | ||||||
|  |  | ||||||
| @@ -2023,46 +2052,74 @@ function theme_table($variables) { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Add the 'empty' row message if available. |   // Add the 'empty' row message if available. | ||||||
|   if (!count($rows) && $empty) { |   if (empty($rows) && $empty) { | ||||||
|     $header_count = 0; |     $header_count = 0; | ||||||
|  |     if (!empty($header)) { | ||||||
|       foreach ($header as $header_cell) { |       foreach ($header as $header_cell) { | ||||||
|         if (is_array($header_cell)) { |         if (is_array($header_cell)) { | ||||||
|         $header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1; |           $header_count += isset($header_cell['colspan']) ? | ||||||
|  |             $header_cell['colspan'] : 1; | ||||||
|         } |         } | ||||||
|         else { |         else { | ||||||
|           $header_count++; |           $header_count++; | ||||||
|         } |         } | ||||||
|       } |       } | ||||||
|     $rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message'))); |     } | ||||||
|  |     $rows[] = array( | ||||||
|  |       array( | ||||||
|  |         'data' => $empty, | ||||||
|  |         'colspan' => $header_count, | ||||||
|  |         'class' => array( | ||||||
|  |           'empty', | ||||||
|  |           'message' | ||||||
|  |         ), | ||||||
|  |       ), | ||||||
|  |     ); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Format the table header: |   // Format the table header. | ||||||
|   if (count($header)) { |   if (!empty($header)) { | ||||||
|     $ts = tablesort_init($header); |     $ts = tablesort_init($header); | ||||||
|     // HTML requires that the thead tag has tr tags in it followed by tbody |     // HTML requires that the thead tag has tr tags in it followed by tbody | ||||||
|     // tags. Using ternary operator to check and see if we have any rows. |     // tags. Using ternary operator to check and see if we have any rows. | ||||||
|     $output .= (count($rows) ? ' <thead><tr>' : ' <tr>'); |     $output .= (!empty($rows) ? ' <thead><tr>' : ' <tr>'); | ||||||
|     foreach ($header as $cell) { |     foreach ($header as $cell) { | ||||||
|       $cell = tablesort_header($cell, $header, $ts); |       $cell = tablesort_header($cell, $header, $ts); | ||||||
|       $output .= _theme_table_cell($cell, TRUE); |       $output .= _theme_table_cell($cell, TRUE); | ||||||
|     } |     } | ||||||
|     // Using ternary operator to close the tags based on whether or not there are rows |     // Using ternary operator to close the tags based on whether | ||||||
|     $output .= (count($rows) ? " </tr></thead>\n" : "</tr>\n"); |     // or not there are rows. | ||||||
|  |     $output .= (!empty($rows) ? " </tr></thead>\n" : "</tr>\n"); | ||||||
|   } |   } | ||||||
|   else { |   else { | ||||||
|     $ts = array(); |     $ts = array(); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   // Format the table rows: |   // Format the table and footer rows. | ||||||
|   if (count($rows)) { |   $sections = array(); | ||||||
|     $output .= "<tbody>\n"; |  | ||||||
|  |   if (!empty($rows)) { | ||||||
|  |     $sections['tbody'] = $rows; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   if (!empty($variables['footer'])) { | ||||||
|  |     $sections['tfoot'] = $variables['footer']; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // tbody and tfoot have the same structure and are built using the same | ||||||
|  |   // procedure. | ||||||
|  |   foreach ($sections as $tag => $content) { | ||||||
|  |     $output .= "<" . $tag . ">\n"; | ||||||
|     $flip = array('even' => 'odd', 'odd' => 'even'); |     $flip = array('even' => 'odd', 'odd' => 'even'); | ||||||
|     $class = 'even'; |     $class = 'even'; | ||||||
|     foreach ($rows as $number => $row) { |     $default_no_striping = ($tag === 'tfoot'); | ||||||
|       // Check if we're dealing with a simple or complex row |  | ||||||
|  |     foreach ($content as $number => $row) { | ||||||
|  |       // Check if we're dealing with a simple or complex row. | ||||||
|       if (isset($row['data'])) { |       if (isset($row['data'])) { | ||||||
|         $cells = $row['data']; |         $cells = $row['data']; | ||||||
|         $no_striping = isset($row['no_striping']) ? $row['no_striping'] : FALSE; |         $no_striping = isset($row['no_striping']) ? | ||||||
|  |           $row['no_striping'] : $default_no_striping; | ||||||
|  |  | ||||||
|         // Set the attributes array and exclude 'data' and 'no_striping'. |         // Set the attributes array and exclude 'data' and 'no_striping'. | ||||||
|         $attributes = $row; |         $attributes = $row; | ||||||
| @@ -2072,16 +2129,17 @@ function theme_table($variables) { | |||||||
|       else { |       else { | ||||||
|         $cells = $row; |         $cells = $row; | ||||||
|         $attributes = array(); |         $attributes = array(); | ||||||
|         $no_striping = FALSE; |         $no_striping = $default_no_striping; | ||||||
|       } |       } | ||||||
|       if (count($cells)) { |  | ||||||
|         // Add odd/even class |       if (!empty($cells)) { | ||||||
|  |         // Add odd/even class. | ||||||
|         if (!$no_striping) { |         if (!$no_striping) { | ||||||
|           $class = $flip[$class]; |           $class = $flip[$class]; | ||||||
|           $attributes['class'][] = $class; |           $attributes['class'][] = $class; | ||||||
|         } |         } | ||||||
|  |  | ||||||
|         // Build row |         // Build row. | ||||||
|         $output .= ' <tr' . drupal_attributes($attributes) . '>'; |         $output .= ' <tr' . drupal_attributes($attributes) . '>'; | ||||||
|         $i = 0; |         $i = 0; | ||||||
|         foreach ($cells as $cell) { |         foreach ($cells as $cell) { | ||||||
| @@ -2091,10 +2149,12 @@ function theme_table($variables) { | |||||||
|         $output .= " </tr>\n"; |         $output .= " </tr>\n"; | ||||||
|       } |       } | ||||||
|     } |     } | ||||||
|     $output .= "</tbody>\n"; |  | ||||||
|  |     $output .= "</" . $tag . ">\n"; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   $output .= "</table>\n"; |   $output .= "</table>\n"; | ||||||
|  |  | ||||||
|   return $output; |   return $output; | ||||||
| } | } | ||||||
|  |  | ||||||
| @@ -2618,7 +2678,7 @@ function template_preprocess_page(&$variables) { | |||||||
|   // Move some variables to the top level for themer convenience and template cleanliness. |   // Move some variables to the top level for themer convenience and template cleanliness. | ||||||
|   $variables['show_messages'] = $variables['page']['#show_messages']; |   $variables['show_messages'] = $variables['page']['#show_messages']; | ||||||
|  |  | ||||||
|   foreach (system_region_list($GLOBALS['theme']) as $region_key => $region_name) { |   foreach (system_region_list($GLOBALS['theme'], REGIONS_ALL, FALSE) as $region_key) { | ||||||
|     if (!isset($variables['page'][$region_key])) { |     if (!isset($variables['page'][$region_key])) { | ||||||
|       $variables['page'][$region_key] = array(); |       $variables['page'][$region_key] = array(); | ||||||
|     } |     } | ||||||
|   | |||||||
| @@ -795,6 +795,14 @@ function update_fix_d7_requirements() { | |||||||
| function update_fix_d7_install_profile() { | function update_fix_d7_install_profile() { | ||||||
|   $profile = drupal_get_profile(); |   $profile = drupal_get_profile(); | ||||||
|  |  | ||||||
|  |   // 'Default' profile has been renamed to 'Standard' in D7. | ||||||
|  |   // We change the profile here to prevent a broken record in the system table. | ||||||
|  |   // See system_update_7049(). | ||||||
|  |   if ($profile == 'default') { | ||||||
|  |     $profile = 'standard'; | ||||||
|  |     variable_set('install_profile', $profile); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   $results = db_select('system', 's') |   $results = db_select('system', 's') | ||||||
|     ->fields('s', array('name', 'schema_version')) |     ->fields('s', array('name', 'schema_version')) | ||||||
|     ->condition('name', $profile) |     ->condition('name', $profile) | ||||||
| @@ -908,6 +916,8 @@ function update_get_d6_session_name() { | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  |  * Implements callback_batch_operation(). | ||||||
|  |  * | ||||||
|  * Performs one update and stores the results for display on the results page. |  * Performs one update and stores the results for display on the results page. | ||||||
|  * |  * | ||||||
|  * If an update function completes successfully, it should return a message |  * If an update function completes successfully, it should return a message | ||||||
| @@ -1078,6 +1088,8 @@ function update_batch($start, $redirect = NULL, $url = NULL, $batch = array(), $ | |||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  |  * Implements callback_batch_finished(). | ||||||
|  |  * | ||||||
|  * Finishes the update process and stores the results for eventual display. |  * Finishes the update process and stores the results for eventual display. | ||||||
|  * |  * | ||||||
|  * After the updates run, all caches are flushed. The update results are |  * After the updates run, all caches are flushed. The update results are | ||||||
|   | |||||||
| @@ -264,6 +264,10 @@ function xmlrpc_server_call($xmlrpc_server, $methodname, $args) { | |||||||
|  */ |  */ | ||||||
| function xmlrpc_server_multicall($methodcalls) { | function xmlrpc_server_multicall($methodcalls) { | ||||||
|   // See http://www.xmlrpc.com/discuss/msgReader$1208 |   // See http://www.xmlrpc.com/discuss/msgReader$1208 | ||||||
|  |   // To avoid multicall expansion attacks, limit the number of duplicate method | ||||||
|  |   // calls allowed with a default of 1. Set to -1 for unlimited. | ||||||
|  |   $duplicate_method_limit = variable_get('xmlrpc_multicall_duplicate_method_limit', 1); | ||||||
|  |   $method_count = array(); | ||||||
|   $return = array(); |   $return = array(); | ||||||
|   $xmlrpc_server = xmlrpc_server_get(); |   $xmlrpc_server = xmlrpc_server_get(); | ||||||
|   foreach ($methodcalls as $call) { |   foreach ($methodcalls as $call) { | ||||||
| @@ -273,10 +277,14 @@ function xmlrpc_server_multicall($methodcalls) { | |||||||
|       $ok = FALSE; |       $ok = FALSE; | ||||||
|     } |     } | ||||||
|     $method = $call['methodName']; |     $method = $call['methodName']; | ||||||
|  |     $method_count[$method] = isset($method_count[$method]) ? $method_count[$method] + 1 : 1; | ||||||
|     $params = $call['params']; |     $params = $call['params']; | ||||||
|     if ($method == 'system.multicall') { |     if ($method == 'system.multicall') { | ||||||
|       $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.')); |       $result = xmlrpc_error(-32600, t('Recursive calls to system.multicall are forbidden.')); | ||||||
|     } |     } | ||||||
|  |     elseif ($duplicate_method_limit > 0 && $method_count[$method] > $duplicate_method_limit) { | ||||||
|  |       $result = xmlrpc_error(-156579, t('Too many duplicate method calls in system.multicall.')); | ||||||
|  |     } | ||||||
|     elseif ($ok) { |     elseif ($ok) { | ||||||
|       $result = xmlrpc_server_call($xmlrpc_server, $method, $params); |       $result = xmlrpc_server_call($xmlrpc_server, $method, $params); | ||||||
|     } |     } | ||||||
|   | |||||||
							
								
								
									
										64
									
								
								misc/ajax.js
									
									
									
									
									
								
							
							
						
						
									
										64
									
								
								misc/ajax.js
									
									
									
									
									
								
							| @@ -14,6 +14,8 @@ | |||||||
|  |  | ||||||
| Drupal.ajax = Drupal.ajax || {}; | Drupal.ajax = Drupal.ajax || {}; | ||||||
|  |  | ||||||
|  | Drupal.settings.urlIsAjaxTrusted = Drupal.settings.urlIsAjaxTrusted || {}; | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Attaches the Ajax behavior to each Ajax form element. |  * Attaches the Ajax behavior to each Ajax form element. | ||||||
|  */ |  */ | ||||||
| @@ -130,6 +132,11 @@ Drupal.ajax = function (base, element, element_settings) { | |||||||
|   // 5. /nojs# - Followed by a fragment. |   // 5. /nojs# - Followed by a fragment. | ||||||
|   //      E.g.: path/nojs#myfragment |   //      E.g.: path/nojs#myfragment | ||||||
|   this.url = element_settings.url.replace(/\/nojs(\/|$|\?|&|#)/g, '/ajax$1'); |   this.url = element_settings.url.replace(/\/nojs(\/|$|\?|&|#)/g, '/ajax$1'); | ||||||
|  |   // If the 'nojs' version of the URL is trusted, also trust the 'ajax' version. | ||||||
|  |   if (Drupal.settings.urlIsAjaxTrusted[element_settings.url]) { | ||||||
|  |     Drupal.settings.urlIsAjaxTrusted[this.url] = true; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   this.wrapper = '#' + element_settings.wrapper; |   this.wrapper = '#' + element_settings.wrapper; | ||||||
|  |  | ||||||
|   // If there isn't a form, jQuery.ajax() will be used instead, allowing us to |   // If there isn't a form, jQuery.ajax() will be used instead, allowing us to | ||||||
| @@ -142,7 +149,7 @@ Drupal.ajax = function (base, element, element_settings) { | |||||||
|   // The 'this' variable will not persist inside of the options object. |   // The 'this' variable will not persist inside of the options object. | ||||||
|   var ajax = this; |   var ajax = this; | ||||||
|   ajax.options = { |   ajax.options = { | ||||||
|     url: ajax.url, |     url: Drupal.sanitizeAjaxUrl(ajax.url), | ||||||
|     data: ajax.submit, |     data: ajax.submit, | ||||||
|     beforeSerialize: function (element_settings, options) { |     beforeSerialize: function (element_settings, options) { | ||||||
|       return ajax.beforeSerialize(element_settings, options); |       return ajax.beforeSerialize(element_settings, options); | ||||||
| @@ -155,26 +162,67 @@ Drupal.ajax = function (base, element, element_settings) { | |||||||
|       ajax.ajaxing = true; |       ajax.ajaxing = true; | ||||||
|       return ajax.beforeSend(xmlhttprequest, options); |       return ajax.beforeSend(xmlhttprequest, options); | ||||||
|     }, |     }, | ||||||
|     success: function (response, status) { |     success: function (response, status, xmlhttprequest) { | ||||||
|       // Sanity check for browser support (object expected). |       // Sanity check for browser support (object expected). | ||||||
|       // When using iFrame uploads, responses must be returned as a string. |       // When using iFrame uploads, responses must be returned as a string. | ||||||
|       if (typeof response == 'string') { |       if (typeof response == 'string') { | ||||||
|         response = $.parseJSON(response); |         response = $.parseJSON(response); | ||||||
|       } |       } | ||||||
|  |  | ||||||
|  |       // Prior to invoking the response's commands, verify that they can be | ||||||
|  |       // trusted by checking for a response header. See | ||||||
|  |       // ajax_set_verification_header() for details. | ||||||
|  |       // - Empty responses are harmless so can bypass verification. This avoids | ||||||
|  |       //   an alert message for server-generated no-op responses that skip Ajax | ||||||
|  |       //   rendering. | ||||||
|  |       // - Ajax objects with trusted URLs (e.g., ones defined server-side via | ||||||
|  |       //   #ajax) can bypass header verification. This is especially useful for | ||||||
|  |       //   Ajax with multipart forms. Because IFRAME transport is used, the | ||||||
|  |       //   response headers cannot be accessed for verification. | ||||||
|  |       if (response !== null && !Drupal.settings.urlIsAjaxTrusted[ajax.url]) { | ||||||
|  |         if (xmlhttprequest.getResponseHeader('X-Drupal-Ajax-Token') !== '1') { | ||||||
|  |           var customMessage = Drupal.t("The response failed verification so will not be processed."); | ||||||
|  |           return ajax.error(xmlhttprequest, ajax.url, customMessage); | ||||||
|  |         } | ||||||
|  |       } | ||||||
|  |  | ||||||
|       return ajax.success(response, status); |       return ajax.success(response, status); | ||||||
|     }, |     }, | ||||||
|     complete: function (response, status) { |     complete: function (xmlhttprequest, status) { | ||||||
|       ajax.ajaxing = false; |       ajax.ajaxing = false; | ||||||
|       if (status == 'error' || status == 'parsererror') { |       if (status == 'error' || status == 'parsererror') { | ||||||
|         return ajax.error(response, ajax.url); |         return ajax.error(xmlhttprequest, ajax.url); | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|     dataType: 'json', |     dataType: 'json', | ||||||
|  |     jsonp: false, | ||||||
|     type: 'POST' |     type: 'POST' | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|  |   // For multipart forms (e.g., file uploads), jQuery Form targets the form | ||||||
|  |   // submission to an iframe instead of using an XHR object. The initial "src" | ||||||
|  |   // of the iframe, prior to the form submission, is set to options.iframeSrc. | ||||||
|  |   // "about:blank" is the semantically correct, standards-compliant, way to | ||||||
|  |   // initialize a blank iframe; however, some old IE versions (possibly only 6) | ||||||
|  |   // incorrectly report a mixed content warning when iframes with an | ||||||
|  |   // "about:blank" src are added to a parent document with an https:// origin. | ||||||
|  |   // jQuery Form works around this by defaulting to "javascript:false" instead, | ||||||
|  |   // but that breaks on Chrome 83, so here we force the semantically correct | ||||||
|  |   // behavior for all browsers except old IE. | ||||||
|  |   // @see https://www.drupal.org/project/drupal/issues/3143016 | ||||||
|  |   // @see https://github.com/jquery-form/form/blob/df9cb101b9c9c085c8d75ad980c7ff1cf62063a1/jquery.form.js#L68 | ||||||
|  |   // @see https://bugs.chromium.org/p/chromium/issues/detail?id=1084874 | ||||||
|  |   // @see https://html.spec.whatwg.org/multipage/browsers.html#creating-browsing-contexts | ||||||
|  |   // @see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy | ||||||
|  |   if (navigator.userAgent.indexOf("MSIE") === -1) { | ||||||
|  |     ajax.options.iframeSrc = 'about:blank'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   // Bind the ajaxSubmit function to the element event. |   // Bind the ajaxSubmit function to the element event. | ||||||
|   $(ajax.element).bind(element_settings.event, function (event) { |   $(ajax.element).bind(element_settings.event, function (event) { | ||||||
|  |     if (!Drupal.settings.urlIsAjaxTrusted[ajax.url] && !Drupal.urlIsLocal(ajax.url)) { | ||||||
|  |       throw new Error(Drupal.t('The callback URL is not local and not trusted: !url', {'!url': ajax.url})); | ||||||
|  |     } | ||||||
|     return ajax.eventResponse(this, event); |     return ajax.eventResponse(this, event); | ||||||
|   }); |   }); | ||||||
|  |  | ||||||
| @@ -360,7 +408,7 @@ Drupal.ajax.prototype.beforeSend = function (xmlhttprequest, options) { | |||||||
|  |  | ||||||
|   // Insert progressbar or throbber. |   // Insert progressbar or throbber. | ||||||
|   if (this.progress.type == 'bar') { |   if (this.progress.type == 'bar') { | ||||||
|     var progressBar = new Drupal.progressBar('ajax-progress-' + this.element.id, eval(this.progress.update_callback), this.progress.method, eval(this.progress.error_callback)); |     var progressBar = new Drupal.progressBar('ajax-progress-' + this.element.id, $.noop, this.progress.method, $.noop); | ||||||
|     if (this.progress.message) { |     if (this.progress.message) { | ||||||
|       progressBar.setProgress(-1, this.progress.message); |       progressBar.setProgress(-1, this.progress.message); | ||||||
|     } |     } | ||||||
| @@ -447,8 +495,8 @@ Drupal.ajax.prototype.getEffect = function (response) { | |||||||
| /** | /** | ||||||
|  * Handler for the form redirection error. |  * Handler for the form redirection error. | ||||||
|  */ |  */ | ||||||
| Drupal.ajax.prototype.error = function (response, uri) { | Drupal.ajax.prototype.error = function (xmlhttprequest, uri, customMessage) { | ||||||
|   alert(Drupal.ajaxError(response, uri)); |   Drupal.displayAjaxError(Drupal.ajaxError(xmlhttprequest, uri, customMessage)); | ||||||
|   // Remove the progress element. |   // Remove the progress element. | ||||||
|   if (this.progress.element) { |   if (this.progress.element) { | ||||||
|     $(this.progress.element).remove(); |     $(this.progress.element).remove(); | ||||||
| @@ -462,7 +510,7 @@ Drupal.ajax.prototype.error = function (response, uri) { | |||||||
|   $(this.element).removeClass('progress-disabled').removeAttr('disabled'); |   $(this.element).removeClass('progress-disabled').removeAttr('disabled'); | ||||||
|   // Reattach behaviors, if they were detached in beforeSerialize(). |   // Reattach behaviors, if they were detached in beforeSerialize(). | ||||||
|   if (this.form) { |   if (this.form) { | ||||||
|     var settings = response.settings || this.settings || Drupal.settings; |     var settings = this.settings || Drupal.settings; | ||||||
|     Drupal.attachBehaviors(this.form, settings); |     Drupal.attachBehaviors(this.form, settings); | ||||||
|   } |   } | ||||||
| }; | }; | ||||||
|   | |||||||
| @@ -271,8 +271,11 @@ Drupal.ACDB.prototype.search = function (searchString) { | |||||||
|   var db = this; |   var db = this; | ||||||
|   this.searchString = searchString; |   this.searchString = searchString; | ||||||
|  |  | ||||||
|   // See if this string needs to be searched for anyway. |   // See if this string needs to be searched for anyway. The pattern ../ is | ||||||
|   searchString = searchString.replace(/^\s+|\s+$/, ''); |   // stripped since it may be misinterpreted by the browser. | ||||||
|  |   searchString = searchString.replace(/^\s+|\.{2,}\/|\s+$/g, ''); | ||||||
|  |   // Skip empty search strings, or search strings ending with a comma, since | ||||||
|  |   // that is the separator between search terms. | ||||||
|   if (searchString.length <= 0 || |   if (searchString.length <= 0 || | ||||||
|     searchString.charAt(searchString.length - 1) == ',') { |     searchString.charAt(searchString.length - 1) == ',') { | ||||||
|     return; |     return; | ||||||
| @@ -294,8 +297,9 @@ Drupal.ACDB.prototype.search = function (searchString) { | |||||||
|     // encodeURIComponent to allow autocomplete search terms to contain slashes. |     // encodeURIComponent to allow autocomplete search terms to contain slashes. | ||||||
|     $.ajax({ |     $.ajax({ | ||||||
|       type: 'GET', |       type: 'GET', | ||||||
|       url: db.uri + '/' + Drupal.encodePath(searchString), |       url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)), | ||||||
|       dataType: 'json', |       dataType: 'json', | ||||||
|  |       jsonp: false, | ||||||
|       success: function (matches) { |       success: function (matches) { | ||||||
|         if (typeof matches.status == 'undefined' || matches.status != 0) { |         if (typeof matches.status == 'undefined' || matches.status != 0) { | ||||||
|           db.cache[searchString] = matches; |           db.cache[searchString] = matches; | ||||||
| @@ -307,7 +311,7 @@ Drupal.ACDB.prototype.search = function (searchString) { | |||||||
|         } |         } | ||||||
|       }, |       }, | ||||||
|       error: function (xmlhttp) { |       error: function (xmlhttp) { | ||||||
|         alert(Drupal.ajaxError(xmlhttp, db.uri)); |         Drupal.displayAjaxError(Drupal.ajaxError(xmlhttp, db.uri)); | ||||||
|       } |       } | ||||||
|     }); |     }); | ||||||
|   }, this.delay); |   }, this.delay); | ||||||
|   | |||||||
							
								
								
									
										4
									
								
								misc/brumann/polyfill-unserialize/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								misc/brumann/polyfill-unserialize/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | /vendor/ | ||||||
|  | /phpunit.xml | ||||||
|  | /.composer.lock | ||||||
|  |  | ||||||
							
								
								
									
										20
									
								
								misc/brumann/polyfill-unserialize/.travis.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								misc/brumann/polyfill-unserialize/.travis.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,20 @@ | |||||||
|  | language: php | ||||||
|  |  | ||||||
|  | sudo: false | ||||||
|  |  | ||||||
|  | php: | ||||||
|  |   - '5.3' | ||||||
|  |   - '5.4' | ||||||
|  |   - '5.5' | ||||||
|  |   - '5.6' | ||||||
|  |   - '7.0' | ||||||
|  |   - '7.1' | ||||||
|  |  | ||||||
|  | before_install: | ||||||
|  |   - phpenv config-rm xdebug.ini | ||||||
|  |   - composer self-update | ||||||
|  |  | ||||||
|  | install: | ||||||
|  |   - composer install | ||||||
|  |  | ||||||
|  | script: phpunit | ||||||
							
								
								
									
										21
									
								
								misc/brumann/polyfill-unserialize/LICENSE
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								misc/brumann/polyfill-unserialize/LICENSE
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | |||||||
|  | MIT License | ||||||
|  |  | ||||||
|  | Copyright (c) 2016 Denis Brumann | ||||||
|  |  | ||||||
|  | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
|  | of this software and associated documentation files (the "Software"), to deal | ||||||
|  | in the Software without restriction, including without limitation the rights | ||||||
|  | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||||
|  | copies of the Software, and to permit persons to whom the Software is | ||||||
|  | furnished to do so, subject to the following conditions: | ||||||
|  |  | ||||||
|  | The above copyright notice and this permission notice shall be included in all | ||||||
|  | copies or substantial portions of the Software. | ||||||
|  |  | ||||||
|  | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||||
|  | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||||
|  | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||||
|  | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||||
|  | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||||
|  | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||||||
|  | SOFTWARE. | ||||||
							
								
								
									
										61
									
								
								misc/brumann/polyfill-unserialize/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										61
									
								
								misc/brumann/polyfill-unserialize/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,61 @@ | |||||||
|  | Polyfill unserialize [](https://travis-ci.org/dbrumann/polyfill-unserialize) | ||||||
|  | === | ||||||
|  |  | ||||||
|  | Backports unserialize options introduced in PHP 7.0 to older PHP versions. | ||||||
|  | This was originally designed as a Proof of Concept for Symfony Issue [#21090](https://github.com/symfony/symfony/pull/21090). | ||||||
|  |  | ||||||
|  | You can use this package in projects that rely on PHP versions older than PHP 7.0. | ||||||
|  | In case you are using PHP 7.0+ the original `unserialize()` will be used instead. | ||||||
|  |  | ||||||
|  | From the [documentation](https://secure.php.net/manual/en/function.unserialize.php): | ||||||
|  |  | ||||||
|  | > Warning: Do not pass untrusted user input to unserialize(). Unserialization can | ||||||
|  | > result in code being loaded and executed due to object instantiation | ||||||
|  | > and autoloading, and a malicious user may be able to exploit this. | ||||||
|  |  | ||||||
|  | This warning holds true even when `allowed_classes` is used. | ||||||
|  |  | ||||||
|  | Requirements | ||||||
|  | ------------ | ||||||
|  |  | ||||||
|  |  - PHP 5.3+ | ||||||
|  |  | ||||||
|  | Installation | ||||||
|  | ------------ | ||||||
|  |  | ||||||
|  | You can install this package via composer: | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | composer require brumann/polyfill-unserialize "^1.0" | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Known Issues | ||||||
|  | ------------ | ||||||
|  |  | ||||||
|  | There is a mismatch in behavior when `allowed_classes` in `$options` is not | ||||||
|  | of the correct type (array or boolean). PHP 7.1 will issue a warning, whereas | ||||||
|  | PHP 7.0 will not. I opted to copy the behavior of the former. | ||||||
|  |  | ||||||
|  | Tests | ||||||
|  | ----- | ||||||
|  |  | ||||||
|  | You can run the test suite using PHPUnit. It is intentionally not bundled as | ||||||
|  | dev dependency to make sure this package has the lowest restrictions on the | ||||||
|  | implementing system as possible. | ||||||
|  |  | ||||||
|  | Please read the [PHPUnit Manual](https://phpunit.de/manual/current/en/installation.html) | ||||||
|  | for information how to install it on your system. | ||||||
|  |  | ||||||
|  | You can run the test suite as follows: | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | phpunit -c phpunit.xml.dist tests/ | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | Contributing | ||||||
|  | ------------ | ||||||
|  |  | ||||||
|  | This package is considered feature complete. As such I will likely not update it | ||||||
|  | unless there are security issues. | ||||||
|  |  | ||||||
|  | Should you find any bugs or have questions, feel free to submit an Issue or a Pull Request. | ||||||
							
								
								
									
										26
									
								
								misc/brumann/polyfill-unserialize/composer.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										26
									
								
								misc/brumann/polyfill-unserialize/composer.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,26 @@ | |||||||
|  | { | ||||||
|  |     "name": "brumann/polyfill-unserialize", | ||||||
|  |     "description": "Backports unserialize options introduced in PHP 7.0 to older PHP versions.", | ||||||
|  |     "type": "library", | ||||||
|  |     "license": "MIT", | ||||||
|  |     "authors": [ | ||||||
|  |         { | ||||||
|  |             "name": "Denis Brumann", | ||||||
|  |             "email": "denis.brumann@sensiolabs.de" | ||||||
|  |         } | ||||||
|  |     ], | ||||||
|  |     "autoload": { | ||||||
|  |         "psr-4": { | ||||||
|  |             "Brumann\\Polyfill\\": "src/" | ||||||
|  |         } | ||||||
|  |     }, | ||||||
|  |     "autoload-dev": { | ||||||
|  |         "psr-4": { | ||||||
|  |             "Tests\\Brumann\\Polyfill\\": "tests/" | ||||||
|  |         } | ||||||
|  |     }, | ||||||
|  |     "minimum-stability": "stable", | ||||||
|  |     "require": { | ||||||
|  |         "php": "^5.3|^7.0" | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										25
									
								
								misc/brumann/polyfill-unserialize/phpunit.xml.dist
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								misc/brumann/polyfill-unserialize/phpunit.xml.dist
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | <?xml version="1.0" encoding="UTF-8"?> | ||||||
|  |  | ||||||
|  | <phpunit | ||||||
|  |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||||||
|  |     xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.1/phpunit.xsd" | ||||||
|  |     backupGlobals="false" | ||||||
|  |     colors="true" | ||||||
|  |     bootstrap="vendor/autoload.php" | ||||||
|  | > | ||||||
|  |     <php> | ||||||
|  |         <ini name="error_reporting" value="-1" /> | ||||||
|  |     </php> | ||||||
|  |  | ||||||
|  |     <testsuites> | ||||||
|  |         <testsuite name="Brumann\Polyfill Test Suite"> | ||||||
|  |             <directory>./tests/</directory> | ||||||
|  |         </testsuite> | ||||||
|  |     </testsuites> | ||||||
|  |  | ||||||
|  |     <filter> | ||||||
|  |         <whitelist> | ||||||
|  |             <directory>./src/</directory> | ||||||
|  |         </whitelist> | ||||||
|  |     </filter> | ||||||
|  | </phpunit> | ||||||
							
								
								
									
										58
									
								
								misc/brumann/polyfill-unserialize/src/Unserialize.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										58
									
								
								misc/brumann/polyfill-unserialize/src/Unserialize.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,58 @@ | |||||||
|  | <?php | ||||||
|  |  | ||||||
|  | namespace Brumann\Polyfill; | ||||||
|  |  | ||||||
|  | final class Unserialize | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @see https://secure.php.net/manual/en/function.unserialize.php | ||||||
|  |      * | ||||||
|  |      * @param string $serialized Serialized data | ||||||
|  |      * @param array $options Associative array containing options | ||||||
|  |      * | ||||||
|  |      * @return mixed | ||||||
|  |      */ | ||||||
|  |     public static function unserialize($serialized, array $options = array()) | ||||||
|  |     { | ||||||
|  |         if (PHP_VERSION_ID >= 70000) { | ||||||
|  |             return \unserialize($serialized, $options); | ||||||
|  |         } | ||||||
|  |         if (!array_key_exists('allowed_classes', $options)) { | ||||||
|  |             $options['allowed_classes'] = true; | ||||||
|  |         } | ||||||
|  |         $allowedClasses = $options['allowed_classes']; | ||||||
|  |         if (true === $allowedClasses) { | ||||||
|  |             return \unserialize($serialized); | ||||||
|  |         } | ||||||
|  |         if (false === $allowedClasses) { | ||||||
|  |             $allowedClasses = array(); | ||||||
|  |         } | ||||||
|  |         if (!is_array($allowedClasses)) { | ||||||
|  |             trigger_error( | ||||||
|  |                 'unserialize(): allowed_classes option should be array or boolean', | ||||||
|  |                 E_USER_WARNING | ||||||
|  |             ); | ||||||
|  |             $allowedClasses = array(); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $sanitizedSerialized = preg_replace_callback( | ||||||
|  |             '/(^|;)O:\d+:"([^"]*)":(\d+):{/', | ||||||
|  |             function ($match) use ($allowedClasses) { | ||||||
|  |                 list($completeMatch, $leftBorder, $className, $objectSize) = $match; | ||||||
|  |                 if (in_array($className, $allowedClasses)) { | ||||||
|  |                     return $completeMatch; | ||||||
|  |                 } else { | ||||||
|  |                     return sprintf( | ||||||
|  |                         '%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s', | ||||||
|  |                         $leftBorder, | ||||||
|  |                         $objectSize + 1, // size of object + 1 for added string | ||||||
|  |                         \serialize($className) | ||||||
|  |                     ); | ||||||
|  |                 } | ||||||
|  |             }, | ||||||
|  |             $serialized | ||||||
|  |         ); | ||||||
|  |  | ||||||
|  |         return \unserialize($sanitizedSerialized); | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										210
									
								
								misc/drupal.js
									
									
									
									
									
								
							
							
						
						
									
										210
									
								
								misc/drupal.js
									
									
									
									
									
								
							| @@ -27,6 +27,42 @@ $.fn.init = function (selector, context, rootjQuery) { | |||||||
| }; | }; | ||||||
| $.fn.init.prototype = jquery_init.prototype; | $.fn.init.prototype = jquery_init.prototype; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Pre-filter Ajax requests to guard against XSS attacks. | ||||||
|  |  * | ||||||
|  |  * See https://github.com/jquery/jquery/issues/2432 | ||||||
|  |  */ | ||||||
|  | if ($.ajaxPrefilter) { | ||||||
|  |   // For newer versions of jQuery, use an Ajax prefilter to prevent | ||||||
|  |   // auto-executing script tags from untrusted domains. This is similar to the | ||||||
|  |   // fix that is built in to jQuery 3.0 and higher. | ||||||
|  |   $.ajaxPrefilter(function (s) { | ||||||
|  |     if (s.crossDomain) { | ||||||
|  |       s.contents.script = false; | ||||||
|  |     } | ||||||
|  |   }); | ||||||
|  | } | ||||||
|  | else if ($.httpData) { | ||||||
|  |   // For the version of jQuery that ships with Drupal core, override | ||||||
|  |   // jQuery.httpData to prevent auto-detecting "script" data types from | ||||||
|  |   // untrusted domains. | ||||||
|  |   var jquery_httpData = $.httpData; | ||||||
|  |   $.httpData = function (xhr, type, s) { | ||||||
|  |     // @todo Consider backporting code from newer jQuery versions to check for | ||||||
|  |     //   a cross-domain request here, rather than using Drupal.urlIsLocal() to | ||||||
|  |     //   block scripts from all URLs that are not on the same site. | ||||||
|  |     if (!type && !Drupal.urlIsLocal(s.url)) { | ||||||
|  |       var content_type = xhr.getResponseHeader('content-type') || ''; | ||||||
|  |       if (content_type.indexOf('javascript') >= 0) { | ||||||
|  |         // Default to a safe data type. | ||||||
|  |         type = 'text'; | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |     return jquery_httpData.call(this, xhr, type, s); | ||||||
|  |   }; | ||||||
|  |   $.httpData.prototype = jquery_httpData.prototype; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Attach all registered behaviors to a page element. |  * Attach all registered behaviors to a page element. | ||||||
|  * |  * | ||||||
| @@ -137,7 +173,7 @@ Drupal.detachBehaviors = function (context, settings, trigger) { | |||||||
|  */ |  */ | ||||||
| Drupal.checkPlain = function (str) { | Drupal.checkPlain = function (str) { | ||||||
|   var character, regex, |   var character, regex, | ||||||
|       replace = { '&': '&', '"': '"', '<': '<', '>': '>' }; |       replace = { '&': '&', "'": ''', '"': '"', '<': '<', '>': '>' }; | ||||||
|   str = String(str); |   str = String(str); | ||||||
|   for (character in replace) { |   for (character in replace) { | ||||||
|     if (replace.hasOwnProperty(character)) { |     if (replace.hasOwnProperty(character)) { | ||||||
| @@ -168,6 +204,7 @@ Drupal.checkPlain = function (str) { | |||||||
| Drupal.formatString = function(str, args) { | Drupal.formatString = function(str, args) { | ||||||
|   // Transform arguments before inserting them. |   // Transform arguments before inserting them. | ||||||
|   for (var key in args) { |   for (var key in args) { | ||||||
|  |     if (args.hasOwnProperty(key)) { | ||||||
|       switch (key.charAt(0)) { |       switch (key.charAt(0)) { | ||||||
|         // Escaped only. |         // Escaped only. | ||||||
|         case '@': |         case '@': | ||||||
| @@ -177,14 +214,66 @@ Drupal.formatString = function(str, args) { | |||||||
|         case '!': |         case '!': | ||||||
|           break; |           break; | ||||||
|         // Escaped and placeholder. |         // Escaped and placeholder. | ||||||
|       case '%': |  | ||||||
|         default: |         default: | ||||||
|           args[key] = Drupal.theme('placeholder', args[key]); |           args[key] = Drupal.theme('placeholder', args[key]); | ||||||
|           break; |           break; | ||||||
|       } |       } | ||||||
|     str = str.replace(key, args[key]); |  | ||||||
|     } |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   return Drupal.stringReplace(str, args, null); | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Replace substring. | ||||||
|  |  * | ||||||
|  |  * The longest keys will be tried first. Once a substring has been replaced, | ||||||
|  |  * its new value will not be searched again. | ||||||
|  |  * | ||||||
|  |  * @param {String} str | ||||||
|  |  *   A string with placeholders. | ||||||
|  |  * @param {Object} args | ||||||
|  |  *   Key-value pairs. | ||||||
|  |  * @param {Array|null} keys | ||||||
|  |  *   Array of keys from the "args".  Internal use only. | ||||||
|  |  * | ||||||
|  |  * @return {String} | ||||||
|  |  *   Returns the replaced string. | ||||||
|  |  */ | ||||||
|  | Drupal.stringReplace = function (str, args, keys) { | ||||||
|  |   if (str.length === 0) { | ||||||
|     return str; |     return str; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // If the array of keys is not passed then collect the keys from the args. | ||||||
|  |   if (!$.isArray(keys)) { | ||||||
|  |     keys = []; | ||||||
|  |     for (var k in args) { | ||||||
|  |       if (args.hasOwnProperty(k)) { | ||||||
|  |         keys.push(k); | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     // Order the keys by the character length. The shortest one is the first. | ||||||
|  |     keys.sort(function (a, b) { return a.length - b.length; }); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   if (keys.length === 0) { | ||||||
|  |     return str; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Take next longest one from the end. | ||||||
|  |   var key = keys.pop(); | ||||||
|  |   var fragments = str.split(key); | ||||||
|  |  | ||||||
|  |   if (keys.length) { | ||||||
|  |     for (var i = 0; i < fragments.length; i++) { | ||||||
|  |       // Process each fragment with a copy of remaining keys. | ||||||
|  |       fragments[i] = Drupal.stringReplace(fragments[i], args, keys.slice(0)); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   return fragments.join(args[key]); | ||||||
| }; | }; | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -251,7 +340,7 @@ Drupal.t = function (str, args, options) { | |||||||
|  *   A translated string. |  *   A translated string. | ||||||
|  */ |  */ | ||||||
| Drupal.formatPlural = function (count, singular, plural, args, options) { | Drupal.formatPlural = function (count, singular, plural, args, options) { | ||||||
|   var args = args || {}; |   args = args || {}; | ||||||
|   args['@count'] = count; |   args['@count'] = count; | ||||||
|   // Determine the index of the plural form. |   // Determine the index of the plural form. | ||||||
|   var index = Drupal.locale.pluralFormula ? Drupal.locale.pluralFormula(args['@count']) : ((args['@count'] == 1) ? 0 : 1); |   var index = Drupal.locale.pluralFormula ? Drupal.locale.pluralFormula(args['@count']) : ((args['@count'] == 1) ? 0 : 1); | ||||||
| @@ -269,6 +358,89 @@ Drupal.formatPlural = function (count, singular, plural, args, options) { | |||||||
|   } |   } | ||||||
| }; | }; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Returns the passed in URL as an absolute URL. | ||||||
|  |  * | ||||||
|  |  * @param url | ||||||
|  |  *   The URL string to be normalized to an absolute URL. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   The normalized, absolute URL. | ||||||
|  |  * | ||||||
|  |  * @see https://github.com/angular/angular.js/blob/v1.4.4/src/ng/urlUtils.js | ||||||
|  |  * @see https://grack.com/blog/2009/11/17/absolutizing-url-in-javascript | ||||||
|  |  * @see https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L53 | ||||||
|  |  */ | ||||||
|  | Drupal.absoluteUrl = function (url) { | ||||||
|  |   var urlParsingNode = document.createElement('a'); | ||||||
|  |  | ||||||
|  |   // Decode the URL first; this is required by IE <= 6. Decoding non-UTF-8 | ||||||
|  |   // strings may throw an exception. | ||||||
|  |   try { | ||||||
|  |     url = decodeURIComponent(url); | ||||||
|  |   } catch (e) {} | ||||||
|  |  | ||||||
|  |   urlParsingNode.setAttribute('href', url); | ||||||
|  |  | ||||||
|  |   // IE <= 7 normalizes the URL when assigned to the anchor node similar to | ||||||
|  |   // the other browsers. | ||||||
|  |   return urlParsingNode.cloneNode(false).href; | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Returns true if the URL is within Drupal's base path. | ||||||
|  |  * | ||||||
|  |  * @param url | ||||||
|  |  *   The URL string to be tested. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   Boolean true if local. | ||||||
|  |  * | ||||||
|  |  * @see https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L58 | ||||||
|  |  */ | ||||||
|  | Drupal.urlIsLocal = function (url) { | ||||||
|  |   // Always use browser-derived absolute URLs in the comparison, to avoid | ||||||
|  |   // attempts to break out of the base path using directory traversal. | ||||||
|  |   var absoluteUrl = Drupal.absoluteUrl(url); | ||||||
|  |   var protocol = location.protocol; | ||||||
|  |  | ||||||
|  |   // Consider URLs that match this site's base URL but use HTTPS instead of HTTP | ||||||
|  |   // as local as well. | ||||||
|  |   if (protocol === 'http:' && absoluteUrl.indexOf('https:') === 0) { | ||||||
|  |     protocol = 'https:'; | ||||||
|  |   } | ||||||
|  |   var baseUrl = protocol + '//' + location.host + Drupal.settings.basePath.slice(0, -1); | ||||||
|  |  | ||||||
|  |   // Decoding non-UTF-8 strings may throw an exception. | ||||||
|  |   try { | ||||||
|  |     absoluteUrl = decodeURIComponent(absoluteUrl); | ||||||
|  |   } catch (e) {} | ||||||
|  |   try { | ||||||
|  |     baseUrl = decodeURIComponent(baseUrl); | ||||||
|  |   } catch (e) {} | ||||||
|  |  | ||||||
|  |   // The given URL matches the site's base URL, or has a path under the site's | ||||||
|  |   // base URL. | ||||||
|  |   return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0; | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Sanitizes a URL for use with jQuery.ajax(). | ||||||
|  |  * | ||||||
|  |  * @param url | ||||||
|  |  *   The URL string to be sanitized. | ||||||
|  |  * | ||||||
|  |  * @return | ||||||
|  |  *   The sanitized URL. | ||||||
|  |  */ | ||||||
|  | Drupal.sanitizeAjaxUrl = function (url) { | ||||||
|  |   var regex = /\=\?(&|$)/; | ||||||
|  |   while (url.match(regex)) { | ||||||
|  |     url = url.replace(regex, ''); | ||||||
|  |   } | ||||||
|  |   return url; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Generate the themed representation of a Drupal object. |  * Generate the themed representation of a Drupal object. | ||||||
|  * |  * | ||||||
| @@ -347,10 +519,33 @@ Drupal.getSelection = function (element) { | |||||||
|   return { 'start': element.selectionStart, 'end': element.selectionEnd }; |   return { 'start': element.selectionStart, 'end': element.selectionEnd }; | ||||||
| }; | }; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Add a global variable which determines if the window is being unloaded. | ||||||
|  |  * | ||||||
|  |  * This is primarily used by Drupal.displayAjaxError(). | ||||||
|  |  */ | ||||||
|  | Drupal.beforeUnloadCalled = false; | ||||||
|  | $(window).bind('beforeunload pagehide', function () { | ||||||
|  |     Drupal.beforeUnloadCalled = true; | ||||||
|  | }); | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Displays a JavaScript error from an Ajax response when appropriate to do so. | ||||||
|  |  */ | ||||||
|  | Drupal.displayAjaxError = function (message) { | ||||||
|  |   // Skip displaying the message if the user deliberately aborted (for example, | ||||||
|  |   // by reloading the page or navigating to a different page) while the Ajax | ||||||
|  |   // request was still ongoing. See, for example, the discussion at | ||||||
|  |   // http://stackoverflow.com/questions/699941/handle-ajax-error-when-a-user-clicks-refresh. | ||||||
|  |   if (!Drupal.beforeUnloadCalled) { | ||||||
|  |     alert(message); | ||||||
|  |   } | ||||||
|  | }; | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * Build an error message from an Ajax response. |  * Build an error message from an Ajax response. | ||||||
|  */ |  */ | ||||||
| Drupal.ajaxError = function (xmlhttp, uri) { | Drupal.ajaxError = function (xmlhttp, uri, customMessage) { | ||||||
|   var statusCode, statusText, pathText, responseText, readyStateText, message; |   var statusCode, statusText, pathText, responseText, readyStateText, message; | ||||||
|   if (xmlhttp.status) { |   if (xmlhttp.status) { | ||||||
|     statusCode = "\n" + Drupal.t("An AJAX HTTP error occurred.") +  "\n" + Drupal.t("HTTP Result Code: !status", {'!status': xmlhttp.status}); |     statusCode = "\n" + Drupal.t("An AJAX HTTP error occurred.") +  "\n" + Drupal.t("HTTP Result Code: !status", {'!status': xmlhttp.status}); | ||||||
| @@ -383,7 +578,10 @@ Drupal.ajaxError = function (xmlhttp, uri) { | |||||||
|   // We don't need readyState except for status == 0. |   // We don't need readyState except for status == 0. | ||||||
|   readyStateText = xmlhttp.status == 0 ? ("\n" + Drupal.t("ReadyState: !readyState", {'!readyState': xmlhttp.readyState})) : ""; |   readyStateText = xmlhttp.status == 0 ? ("\n" + Drupal.t("ReadyState: !readyState", {'!readyState': xmlhttp.readyState})) : ""; | ||||||
|  |  | ||||||
|   message = statusCode + pathText + statusText + responseText + readyStateText; |   // Additional message beyond what the xmlhttp object provides. | ||||||
|  |   customMessage = customMessage ? ("\n" + Drupal.t("CustomMessage: !customMessage", {'!customMessage': customMessage})) : ""; | ||||||
|  |  | ||||||
|  |   message = statusCode + pathText + statusText + customMessage + responseText + readyStateText; | ||||||
|   return message; |   return message; | ||||||
| }; | }; | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										112
									
								
								misc/jquery-extend-3.4.0.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										112
									
								
								misc/jquery-extend-3.4.0.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,112 @@ | |||||||
|  | /** | ||||||
|  |  * For jQuery versions less than 3.4.0, this replaces the jQuery.extend | ||||||
|  |  * function with the one from jQuery 3.4.0, slightly modified (documented | ||||||
|  |  * below) to be compatible with older jQuery versions and browsers. | ||||||
|  |  * | ||||||
|  |  * This provides the Object.prototype pollution vulnerability fix to Drupal | ||||||
|  |  * installations running older jQuery versions, including the versions shipped | ||||||
|  |  * with Drupal core and https://www.drupal.org/project/jquery_update. | ||||||
|  |  * | ||||||
|  |  * @see https://github.com/jquery/jquery/pull/4333 | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | (function (jQuery) { | ||||||
|  |  | ||||||
|  | // Do not override jQuery.extend() if the jQuery version is already >=3.4.0. | ||||||
|  | var versionParts = jQuery.fn.jquery.split('.'); | ||||||
|  | var majorVersion = parseInt(versionParts[0]); | ||||||
|  | var minorVersion = parseInt(versionParts[1]); | ||||||
|  | var patchVersion = parseInt(versionParts[2]); | ||||||
|  | var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]); | ||||||
|  | if ( | ||||||
|  |   (majorVersion > 3) || | ||||||
|  |   (majorVersion === 3 && minorVersion > 4) || | ||||||
|  |   (majorVersion === 3 && minorVersion === 4 && patchVersion > 0) || | ||||||
|  |   (majorVersion === 3 && minorVersion === 4 && patchVersion === 0 && !isPreReleaseVersion) | ||||||
|  | ) { | ||||||
|  |   return; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * This is almost verbatim copied from jQuery 3.4.0. | ||||||
|  |  * | ||||||
|  |  * Only two minor changes have been made: | ||||||
|  |  * - The call to isFunction() is changed to jQuery.isFunction(). | ||||||
|  |  * - The two calls to Array.isArray() is changed to jQuery.isArray(). | ||||||
|  |  * | ||||||
|  |  * The above two changes ensure compatibility with all older jQuery versions | ||||||
|  |  * (1.4.4 - 3.3.1) and older browser versions (e.g., IE8). | ||||||
|  |  */ | ||||||
|  | jQuery.extend = jQuery.fn.extend = function() { | ||||||
|  |   var options, name, src, copy, copyIsArray, clone, | ||||||
|  |     target = arguments[ 0 ] || {}, | ||||||
|  |     i = 1, | ||||||
|  |     length = arguments.length, | ||||||
|  |     deep = false; | ||||||
|  |  | ||||||
|  |   // Handle a deep copy situation | ||||||
|  |   if ( typeof target === "boolean" ) { | ||||||
|  |     deep = target; | ||||||
|  |  | ||||||
|  |     // Skip the boolean and the target | ||||||
|  |     target = arguments[ i ] || {}; | ||||||
|  |     i++; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Handle case when target is a string or something (possible in deep copy) | ||||||
|  |   if ( typeof target !== "object" && !jQuery.isFunction( target ) ) { | ||||||
|  |     target = {}; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Extend jQuery itself if only one argument is passed | ||||||
|  |   if ( i === length ) { | ||||||
|  |     target = this; | ||||||
|  |     i--; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   for ( ; i < length; i++ ) { | ||||||
|  |  | ||||||
|  |     // Only deal with non-null/undefined values | ||||||
|  |     if ( ( options = arguments[ i ] ) != null ) { | ||||||
|  |  | ||||||
|  |       // Extend the base object | ||||||
|  |       for ( name in options ) { | ||||||
|  |         copy = options[ name ]; | ||||||
|  |  | ||||||
|  |         // Prevent Object.prototype pollution | ||||||
|  |         // Prevent never-ending loop | ||||||
|  |         if ( name === "__proto__" || target === copy ) { | ||||||
|  |           continue; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         // Recurse if we're merging plain objects or arrays | ||||||
|  |         if ( deep && copy && ( jQuery.isPlainObject( copy ) || | ||||||
|  |           ( copyIsArray = jQuery.isArray( copy ) ) ) ) { | ||||||
|  |           src = target[ name ]; | ||||||
|  |  | ||||||
|  |           // Ensure proper type for the source value | ||||||
|  |           if ( copyIsArray && !jQuery.isArray( src ) ) { | ||||||
|  |             clone = []; | ||||||
|  |           } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { | ||||||
|  |             clone = {}; | ||||||
|  |           } else { | ||||||
|  |             clone = src; | ||||||
|  |           } | ||||||
|  |           copyIsArray = false; | ||||||
|  |  | ||||||
|  |           // Never move original objects, clone them | ||||||
|  |           target[ name ] = jQuery.extend( deep, clone, copy ); | ||||||
|  |  | ||||||
|  |           // Don't bring in undefined values | ||||||
|  |         } else if ( copy !== undefined ) { | ||||||
|  |           target[ name ] = copy; | ||||||
|  |         } | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Return the modified object | ||||||
|  |   return target; | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | })(jQuery); | ||||||
							
								
								
									
										251
									
								
								misc/jquery-html-prefilter-3.5.0-backport.js
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										251
									
								
								misc/jquery-html-prefilter-3.5.0-backport.js
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,251 @@ | |||||||
|  | /** | ||||||
|  |  * For jQuery versions less than 3.5.0, this replaces the jQuery.htmlPrefilter() | ||||||
|  |  * function with one that fixes these security vulnerabilities while also | ||||||
|  |  * retaining the pre-3.5.0 behavior where it's safe to do so. | ||||||
|  |  * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022 | ||||||
|  |  * - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023 | ||||||
|  |  * | ||||||
|  |  * Additionally, for jQuery versions that do not have a jQuery.htmlPrefilter() | ||||||
|  |  * function (1.x prior to 1.12 and 2.x prior to 2.2), this adds it, and | ||||||
|  |  * extends the functions that need to call it to do so. | ||||||
|  |  * | ||||||
|  |  * Drupal core's jQuery version is 1.4.4, but jQuery Update can provide a | ||||||
|  |  * different version, so this covers all versions between 1.4.4 and 3.4.1. | ||||||
|  |  * The GitHub links in the code comments below link to jQuery 1.5 code, because | ||||||
|  |  * 1.4.4 isn't on GitHub, but the referenced code didn't change from 1.4.4 to | ||||||
|  |  * 1.5. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | (function (jQuery) { | ||||||
|  |  | ||||||
|  |   // Parts of this backport differ by jQuery version. | ||||||
|  |   var versionParts = jQuery.fn.jquery.split('.'); | ||||||
|  |   var majorVersion = parseInt(versionParts[0]); | ||||||
|  |   var minorVersion = parseInt(versionParts[1]); | ||||||
|  |  | ||||||
|  |   // No backport is needed if we're already on jQuery 3.5 or higher. | ||||||
|  |   if ( (majorVersion > 3) || (majorVersion === 3 && minorVersion >= 5) ) { | ||||||
|  |     return; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Prior to jQuery 3.5, jQuery converted XHTML-style self-closing tags to | ||||||
|  |   // their XML equivalent: e.g., "<div />" to "<div></div>". This is | ||||||
|  |   // problematic for several reasons, including that it's vulnerable to XSS | ||||||
|  |   // attacks. However, since this was jQuery's behavior for many years, many | ||||||
|  |   // Drupal modules and jQuery plugins may be relying on it. Therefore, we | ||||||
|  |   // preserve that behavior, but for a limited set of tags only, that we believe | ||||||
|  |   // to not be vulnerable. This is the set of HTML tags that satisfy all of the | ||||||
|  |   // following conditions: | ||||||
|  |   // - In DOMPurify's list of HTML tags. If an HTML tag isn't safe enough to | ||||||
|  |   //   appear in that list, then we don't want to mess with it here either. | ||||||
|  |   //   @see https://github.com/cure53/DOMPurify/blob/2.0.11/dist/purify.js#L128 | ||||||
|  |   // - A normal element (not a void, template, text, or foreign element). | ||||||
|  |   //   @see https://html.spec.whatwg.org/multipage/syntax.html#elements-2 | ||||||
|  |   // - An element that is still defined by the current HTML specification | ||||||
|  |   //   (not a deprecated element), because we do not want to rely on how | ||||||
|  |   //   browsers parse deprecated elements. | ||||||
|  |   //   @see https://developer.mozilla.org/en-US/docs/Web/HTML/Element | ||||||
|  |   // - Not 'html', 'head', or 'body', because this pseudo-XHTML expansion is | ||||||
|  |   //   designed for fragments, not entire documents. | ||||||
|  |   // - Not 'colgroup', because due to an idiosyncrasy of jQuery's original | ||||||
|  |   //   regular expression, it didn't match on colgroup, and we don't want to | ||||||
|  |   //   introduce a behavior change for that. | ||||||
|  |   var selfClosingTagsToReplace = [ | ||||||
|  |     'a', 'abbr', 'address', 'article', 'aside', 'audio', 'b', 'bdi', 'bdo', | ||||||
|  |     'blockquote', 'button', 'canvas', 'caption', 'cite', 'code', 'data', | ||||||
|  |     'datalist', 'dd', 'del', 'details', 'dfn', 'div', 'dl', 'dt', 'em', | ||||||
|  |     'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3', | ||||||
|  |     'h4', 'h5', 'h6', 'header', 'hgroup', 'i', 'ins', 'kbd', 'label', 'legend', | ||||||
|  |     'li', 'main', 'map', 'mark', 'menu', 'meter', 'nav', 'ol', 'optgroup', | ||||||
|  |     'option', 'output', 'p', 'picture', 'pre', 'progress', 'q', 'rp', 'rt', | ||||||
|  |     'ruby', 's', 'samp', 'section', 'select', 'small', 'source', 'span', | ||||||
|  |     'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', | ||||||
|  |     'thead', 'time', 'tr', 'u', 'ul', 'var', 'video' | ||||||
|  |   ]; | ||||||
|  |  | ||||||
|  |   // Define regular expressions for <TAG/> and <TAG ATTRIBUTES/>. Doing this as | ||||||
|  |   // two expressions makes it easier to target <a/> without also targeting | ||||||
|  |   // every tag that starts with "a". | ||||||
|  |   var xhtmlRegExpGroup = '(' + selfClosingTagsToReplace.join('|') + ')'; | ||||||
|  |   var whitespace = '[\\x20\\t\\r\\n\\f]'; | ||||||
|  |   var rxhtmlTagWithoutSpaceOrAttributes = new RegExp('<' + xhtmlRegExpGroup + '\\/>', 'gi'); | ||||||
|  |   var rxhtmlTagWithSpaceAndMaybeAttributes = new RegExp('<' + xhtmlRegExpGroup + '(' + whitespace + '[^>]*)\\/>', 'gi'); | ||||||
|  |  | ||||||
|  |   // jQuery 3.5 also fixed a vulnerability for when </select> appears within | ||||||
|  |   // an <option> or <optgroup>, but it did that in local code that we can't | ||||||
|  |   // backport directly. Instead, we filter such cases out. To do so, we need to | ||||||
|  |   // determine when jQuery would otherwise invoke the vulnerable code, which it | ||||||
|  |   // uses this regular expression to determine. The regular expression changed | ||||||
|  |   // for version 3.0.0 and changed again for 3.4.0. | ||||||
|  |   // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4958 | ||||||
|  |   // @see https://github.com/jquery/jquery/blob/3.0.0/dist/jquery.js#L4584 | ||||||
|  |   // @see https://github.com/jquery/jquery/blob/3.4.0/dist/jquery.js#L4712 | ||||||
|  |   var rtagName; | ||||||
|  |   if (majorVersion < 3) { | ||||||
|  |     rtagName = /<([\w:]+)/; | ||||||
|  |   } | ||||||
|  |   else if (minorVersion < 4) { | ||||||
|  |     rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]+)/i; | ||||||
|  |   } | ||||||
|  |   else { | ||||||
|  |     rtagName = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // The regular expression that jQuery uses to determine which self-closing | ||||||
|  |   // tags to expand to open and close tags. This is vulnerable, because it | ||||||
|  |   // matches all tag names except the few excluded ones. We only use this | ||||||
|  |   // expression for determining vulnerability. The expression changed for | ||||||
|  |   // version 3, but we only need to check for vulnerability in versions 1 and 2, | ||||||
|  |   // so we use the expression from those versions. | ||||||
|  |   // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4957 | ||||||
|  |   var rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi; | ||||||
|  |  | ||||||
|  |   jQuery.extend({ | ||||||
|  |     htmlPrefilter: function (html) { | ||||||
|  |       // This is how jQuery determines the first tag in the HTML. | ||||||
|  |       // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5521 | ||||||
|  |       var tag = ( rtagName.exec( html ) || [ "", "" ] )[ 1 ].toLowerCase(); | ||||||
|  |  | ||||||
|  |       // It is not valid HTML for <option> or <optgroup> to have <select> as | ||||||
|  |       // either a descendant or sibling, and attempts to inject one can cause | ||||||
|  |       // XSS on jQuery versions before 3.5. Since this is invalid HTML and a | ||||||
|  |       // possible XSS attack, reject the entire string. | ||||||
|  |       // @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023 | ||||||
|  |       if ((tag === 'option' || tag === 'optgroup') && html.match(/<\/?select/i)) { | ||||||
|  |         html = ''; | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       // Retain jQuery's prior to 3.5 conversion of pseudo-XHTML, but for only | ||||||
|  |       // the tags in the `selfClosingTagsToReplace` list defined above. | ||||||
|  |       // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5518 | ||||||
|  |       // @see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022 | ||||||
|  |       html = html.replace(rxhtmlTagWithoutSpaceOrAttributes, "<$1></$1>"); | ||||||
|  |       html = html.replace(rxhtmlTagWithSpaceAndMaybeAttributes, "<$1$2></$1>"); | ||||||
|  |  | ||||||
|  |       // Prior to jQuery 1.12 and 2.2, this function gets called (via code later | ||||||
|  |       // in this file) in addition to, rather than instead of, the unsafe | ||||||
|  |       // expansion of self-closing tags (including ones not in the list above). | ||||||
|  |       // We can't prevent that unsafe expansion from running, so instead we | ||||||
|  |       // check to make sure that it doesn't affect the DOM returned by the | ||||||
|  |       // browser's parsing logic. If it does affect it, then it's vulnerable to | ||||||
|  |       // XSS, so we reject the entire string. | ||||||
|  |       if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) { | ||||||
|  |         var htmlRisky = html.replace(rxhtmlTag, "<$1></$2>"); | ||||||
|  |         if (htmlRisky !== html) { | ||||||
|  |           // Even though htmlRisky and html are different strings, they might | ||||||
|  |           // represent the same HTML structure once parsed, in which case, | ||||||
|  |           // htmlRisky is actually safe. We can ask the browser to parse both | ||||||
|  |           // to find out, but the browser can't parse table fragments (e.g., a | ||||||
|  |           // root-level "<td>"), so we need to wrap them. We just need this | ||||||
|  |           // technique to work on all supported browsers; we don't need to | ||||||
|  |           // copy from the specific jQuery version we're using. | ||||||
|  |           // @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L4939 | ||||||
|  |           var wrapMap = { | ||||||
|  |             thead: [ 1, "<table>", "</table>" ], | ||||||
|  |             col: [ 2, "<table><colgroup>", "</colgroup></table>" ], | ||||||
|  |             tr: [ 2, "<table><tbody>", "</tbody></table>" ], | ||||||
|  |             td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ], | ||||||
|  |           }; | ||||||
|  |           wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; | ||||||
|  |           wrapMap.th = wrapMap.td; | ||||||
|  |  | ||||||
|  |           // Function to wrap HTML into something that a browser can parse. | ||||||
|  |           // @see https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L5032 | ||||||
|  |           var getWrappedHtml = function (html) { | ||||||
|  |             var wrap = wrapMap[tag]; | ||||||
|  |             if (wrap) { | ||||||
|  |               html = wrap[1] + html + wrap[2]; | ||||||
|  |             } | ||||||
|  |             return html; | ||||||
|  |           }; | ||||||
|  |  | ||||||
|  |           // Function to return canonical HTML after parsing it. This parses | ||||||
|  |           // only; it doesn't execute scripts. | ||||||
|  |           // @see https://github.com/jquery/jquery-migrate/blob/3.3.0/src/jquery/manipulation.js#L5 | ||||||
|  |           var getParsedHtml = function (html) { | ||||||
|  |             var doc = window.document.implementation.createHTMLDocument( "" ); | ||||||
|  |             doc.body.innerHTML = html; | ||||||
|  |             return doc.body ? doc.body.innerHTML : ''; | ||||||
|  |           }; | ||||||
|  |  | ||||||
|  |           // If the browser couldn't parse either one successfully, or if | ||||||
|  |           // htmlRisky parses differently than html, then html is vulnerable, | ||||||
|  |           // so reject it. | ||||||
|  |           var htmlParsed = getParsedHtml(getWrappedHtml(html)); | ||||||
|  |           var htmlRiskyParsed = getParsedHtml(getWrappedHtml(htmlRisky)); | ||||||
|  |           if (htmlRiskyParsed === '' || htmlParsed === '' || (htmlRiskyParsed !== htmlParsed)) { | ||||||
|  |             html = ''; | ||||||
|  |           } | ||||||
|  |         } | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       return html; | ||||||
|  |     } | ||||||
|  |   }); | ||||||
|  |  | ||||||
|  |   // Prior to jQuery 1.12 and 2.2, jQuery.clean(), jQuery.buildFragment(), and | ||||||
|  |   // jQuery.fn.html() did not call jQuery.htmlPrefilter(), so we add that. | ||||||
|  |   if ( (majorVersion === 1 && minorVersion < 12) || (majorVersion === 2 && minorVersion < 2) ) { | ||||||
|  |     // Filter the HTML coming into jQuery.fn.html(). | ||||||
|  |     var fnOriginalHtml = jQuery.fn.html; | ||||||
|  |     jQuery.fn.extend({ | ||||||
|  |       // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5147 | ||||||
|  |       html: function (value) { | ||||||
|  |         if (typeof value === "string") { | ||||||
|  |           value = jQuery.htmlPrefilter(value); | ||||||
|  |         } | ||||||
|  |         // .html() can be called as a setter (with an argument) or as a getter | ||||||
|  |         // (without an argument), so invoke fnOriginalHtml() the same way that | ||||||
|  |         // we were invoked. | ||||||
|  |         return fnOriginalHtml.apply(this, arguments.length ? [value] : []); | ||||||
|  |       } | ||||||
|  |     }); | ||||||
|  |  | ||||||
|  |     // The regular expression that jQuery uses to determine if a string is HTML. | ||||||
|  |     // Used by both clean() and buildFragment(). | ||||||
|  |     // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L4960 | ||||||
|  |     var rhtml = /<|&#?\w+;/; | ||||||
|  |  | ||||||
|  |     // Filter HTML coming into: | ||||||
|  |     // - jQuery.clean() for versions prior to 1.9. | ||||||
|  |     // - jQuery.buildFragment() for 1.9 and above. | ||||||
|  |     // | ||||||
|  |     // The looping constructs in the two functions might be essentially | ||||||
|  |     // identical, but they're each expressed here in the way that most closely | ||||||
|  |     // matches their original expression in jQuery, so that we filter all of | ||||||
|  |     // the items and only the items that jQuery will treat as HTML strings. | ||||||
|  |     if (majorVersion === 1 && minorVersion < 9) { | ||||||
|  |       var originalClean = jQuery.clean; | ||||||
|  |       jQuery.extend({ | ||||||
|  |         // @see https://github.com/jquery/jquery/blob/1.5/jquery.js#L5493 | ||||||
|  |         'clean': function (elems, context, fragment, scripts) { | ||||||
|  |           for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) { | ||||||
|  |             if ( typeof elem === "string" && rhtml.test( elem ) ) { | ||||||
|  |               elems[i] = elem = jQuery.htmlPrefilter(elem); | ||||||
|  |             } | ||||||
|  |           } | ||||||
|  |           return originalClean.call(this, elems, context, fragment, scripts); | ||||||
|  |         } | ||||||
|  |       }); | ||||||
|  |     } | ||||||
|  |     else { | ||||||
|  |       var originalBuildFragment = jQuery.buildFragment; | ||||||
|  |       jQuery.extend({ | ||||||
|  |         // @see https://github.com/jquery/jquery/blob/1.9.0/jquery.js#L6419 | ||||||
|  |         'buildFragment': function (elems, context, scripts, selection) { | ||||||
|  |           var l = elems.length; | ||||||
|  |           for ( var i = 0; i < l; i++ ) { | ||||||
|  |             var elem = elems[i]; | ||||||
|  |             if (elem || elem === 0) { | ||||||
|  |               if ( jQuery.type( elem ) !== "object" && rhtml.test( elem ) ) { | ||||||
|  |                 elems[i] = elem = jQuery.htmlPrefilter(elem); | ||||||
|  |               } | ||||||
|  |             } | ||||||
|  |           } | ||||||
|  |           return originalBuildFragment.call(this, elems, context, scripts, selection); | ||||||
|  |         } | ||||||
|  |       }); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  | })(jQuery); | ||||||
							
								
								
									
										1
									
								
								misc/jquery.js
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								misc/jquery.js
									
									
									
									
										vendored
									
									
								
							| @@ -1,4 +1,3 @@ | |||||||
|  |  | ||||||
| /*! | /*! | ||||||
|  * jQuery JavaScript Library v1.4.4 |  * jQuery JavaScript Library v1.4.4 | ||||||
|  * http://jquery.com/ |  * http://jquery.com/ | ||||||
|   | |||||||
| @@ -493,7 +493,11 @@ $(document).bind('state:disabled', function(e) { | |||||||
| $(document).bind('state:required', function(e) { | $(document).bind('state:required', function(e) { | ||||||
|   if (e.trigger) { |   if (e.trigger) { | ||||||
|     if (e.value) { |     if (e.value) { | ||||||
|       $(e.target).closest('.form-item, .form-wrapper').find('label').append('<span class="form-required">*</span>'); |       var $label = $(e.target).closest('.form-item, .form-wrapper').find('label'); | ||||||
|  |       // Avoids duplicate required markers on initialization. | ||||||
|  |       if (!$label.find('.form-required').length) { | ||||||
|  |         $label.append('<span class="form-required">*</span>'); | ||||||
|  |       } | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|       $(e.target).closest('.form-item, .form-wrapper').find('label .form-required').remove(); |       $(e.target).closest('.form-item, .form-wrapper').find('label .form-required').remove(); | ||||||
|   | |||||||
| @@ -106,8 +106,10 @@ Drupal.tableDrag = function (table, tableSettings) { | |||||||
|  |  | ||||||
|   // Add mouse bindings to the document. The self variable is passed along |   // Add mouse bindings to the document. The self variable is passed along | ||||||
|   // as event handlers do not have direct access to the tableDrag object. |   // as event handlers do not have direct access to the tableDrag object. | ||||||
|   $(document).bind('mousemove', function (event) { return self.dragRow(event, self); }); |   $(document).bind('mousemove pointermove', function (event) { return self.dragRow(event, self); }); | ||||||
|   $(document).bind('mouseup', function (event) { return self.dropRow(event, self); }); |   $(document).bind('mouseup pointerup', function (event) { return self.dropRow(event, self); }); | ||||||
|  |   $(document).bind('touchmove', function (event) { return self.dragRow(event.originalEvent.touches[0], self); }); | ||||||
|  |   $(document).bind('touchend', function (event) { return self.dropRow(event.originalEvent.touches[0], self); }); | ||||||
| }; | }; | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -274,7 +276,10 @@ Drupal.tableDrag.prototype.makeDraggable = function (item) { | |||||||
|   }); |   }); | ||||||
|  |  | ||||||
|   // Add the mousedown action for the handle. |   // Add the mousedown action for the handle. | ||||||
|   handle.mousedown(function (event) { |   handle.bind('mousedown touchstart pointerdown', function (event) { | ||||||
|  |     if (event.originalEvent.type == "touchstart") { | ||||||
|  |       event = event.originalEvent.touches[0]; | ||||||
|  |     } | ||||||
|     // Create a new dragObject recording the event information. |     // Create a new dragObject recording the event information. | ||||||
|     self.dragObject = {}; |     self.dragObject = {}; | ||||||
|     self.dragObject.initMouseOffset = self.getMouseOffset(item, event); |     self.dragObject.initMouseOffset = self.getMouseOffset(item, event); | ||||||
| @@ -575,13 +580,43 @@ Drupal.tableDrag.prototype.dropRow = function (event, self) { | |||||||
|  * Get the mouse coordinates from the event (allowing for browser differences). |  * Get the mouse coordinates from the event (allowing for browser differences). | ||||||
|  */ |  */ | ||||||
| Drupal.tableDrag.prototype.mouseCoords = function (event) { | Drupal.tableDrag.prototype.mouseCoords = function (event) { | ||||||
|   if (event.pageX || event.pageY) { |  | ||||||
|     return { x: event.pageX, y: event.pageY }; |   // Match both null and undefined, but not zero, by using != null. | ||||||
|  |   // See https://stackoverflow.com/questions/2647867/how-to-determine-if-variable-is-undefined-or-null | ||||||
|  |   if (event.pageX != null && event.pageY != null) { | ||||||
|  |     return {x: event.pageX, y: event.pageY}; | ||||||
|   } |   } | ||||||
|   return { |  | ||||||
|     x: event.clientX + document.body.scrollLeft - document.body.clientLeft, |   // Complete support for pointer events was only introduced to jQuery in | ||||||
|     y: event.clientY + document.body.scrollTop  - document.body.clientTop |   // version 1.11.1; between versions 1.7 and 1.11.0 pointer events have the | ||||||
|   }; |   // pageX and pageY properties undefined. In those cases, the properties must | ||||||
|  |   // be retrieved from the event.originalEvent object instead. | ||||||
|  |   if (event.originalEvent && event.originalEvent.pageX != null && event.originalEvent.pageY != null) { | ||||||
|  |     return {x: event.originalEvent.pageX, y: event.originalEvent.pageY}; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Some old browsers do not support MouseEvent.pageX and *.pageY at all. | ||||||
|  |   // See https://developer.mozilla.org/en-US/docs/Web/API/MouseEvent/pageY | ||||||
|  |   // For those, we look at event.clientX and event.clientY instead. | ||||||
|  |   if (event.clientX == null || event.clientY == null) { | ||||||
|  |     // In some jQuery versions, some events created by jQuery do not have | ||||||
|  |     // clientX and clientY. But the original event might have. | ||||||
|  |     if (!event.originalEvent) { | ||||||
|  |       throw new Error("The event has no coordinates, and no event.originalEvent."); | ||||||
|  |     } | ||||||
|  |     event = event.originalEvent; | ||||||
|  |     if (event.clientX == null || event.clientY == null) { | ||||||
|  |       throw new Error("The original event has no coordinates."); | ||||||
|  |     } | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   // Copied from jQuery.event.fix() in jQuery 1.4.1. | ||||||
|  |   // In newer jQuery versions, this code is in jQuery.event.mouseHooks.filter(). | ||||||
|  |   var doc = document.documentElement, body = document.body; | ||||||
|  |   var pageX = event.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && body.clientLeft || 0 ); | ||||||
|  |   var pageY = event.clientY + ( doc && doc.scrollTop  || body && body.scrollTop  || 0 ) - ( doc && doc.clientTop  || body && body.clientTop  || 0 ); | ||||||
|  |  | ||||||
|  |   return {x: pageX, y: pageY}; | ||||||
| }; | }; | ||||||
|  |  | ||||||
| /** | /** | ||||||
|   | |||||||
							
								
								
									
										79
									
								
								misc/typo3/drupal-security/PharExtensionInterceptor.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										79
									
								
								misc/typo3/drupal-security/PharExtensionInterceptor.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,79 @@ | |||||||
|  | <?php | ||||||
|  |  | ||||||
|  | namespace Drupal\Core\Security; | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Assertable; | ||||||
|  | use TYPO3\PharStreamWrapper\Helper; | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * An alternate PharExtensionInterceptor to support phar-based CLI tools. | ||||||
|  |  * | ||||||
|  |  * @see \TYPO3\PharStreamWrapper\Interceptor\PharExtensionInterceptor | ||||||
|  |  */ | ||||||
|  | class PharExtensionInterceptor implements Assertable { | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Determines whether phar file is allowed to execute. | ||||||
|  |    * | ||||||
|  |    * The phar file is allowed to execute if: | ||||||
|  |    * - the base file name has a ".phar" suffix. | ||||||
|  |    * - it is the CLI tool that has invoked the interceptor. | ||||||
|  |    * | ||||||
|  |    * @param string $path | ||||||
|  |    *   The path of the phar file to check. | ||||||
|  |    * @param string $command | ||||||
|  |    *   The command being carried out. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   TRUE if the phar file is allowed to execute. | ||||||
|  |    * | ||||||
|  |    * @throws Exception | ||||||
|  |    *   Thrown when the file is not allowed to execute. | ||||||
|  |    */ | ||||||
|  |   public function assert($path, $command) { | ||||||
|  |     if ($this->baseFileContainsPharExtension($path)) { | ||||||
|  |       return TRUE; | ||||||
|  |     } | ||||||
|  |     throw new Exception( | ||||||
|  |       sprintf( | ||||||
|  |         'Unexpected file extension in "%s"', | ||||||
|  |         $path | ||||||
|  |       ), | ||||||
|  |       1535198703 | ||||||
|  |     ); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   /** | ||||||
|  |    * Determines if a path has a .phar extension or invoked execution. | ||||||
|  |    * | ||||||
|  |    * @param string $path | ||||||
|  |    *   The path of the phar file to check. | ||||||
|  |    * | ||||||
|  |    * @return bool | ||||||
|  |    *   TRUE if the file has a .phar extension or if the execution has been | ||||||
|  |    *   invoked by the phar file. | ||||||
|  |    */ | ||||||
|  |   private function baseFileContainsPharExtension($path) { | ||||||
|  |     $baseFile = Helper::determineBaseFile($path); | ||||||
|  |     if ($baseFile === NULL) { | ||||||
|  |       return FALSE; | ||||||
|  |     } | ||||||
|  |     // If the stream wrapper is registered by invoking a phar file that does | ||||||
|  |     // not not have .phar extension then this should be allowed. For | ||||||
|  |     // example, some CLI tools recommend removing the extension. | ||||||
|  |     $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); | ||||||
|  |     // Find the last entry in the backtrace containing a 'file' key as | ||||||
|  |     // sometimes the last caller is executed outside the scope of a file. For | ||||||
|  |     // example, this occurs with shutdown functions. | ||||||
|  |     do { | ||||||
|  |       $caller = array_pop($backtrace); | ||||||
|  |     } while (empty($caller['file']) && !empty($backtrace)); | ||||||
|  |     if (isset($caller['file']) && $baseFile === Helper::determineBaseFile($caller['file'])) { | ||||||
|  |       return TRUE; | ||||||
|  |     } | ||||||
|  |     $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); | ||||||
|  |     return strtolower($fileExtension) === 'phar'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  | } | ||||||
							
								
								
									
										3
									
								
								misc/typo3/phar-stream-wrapper/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								misc/typo3/phar-stream-wrapper/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | |||||||
|  | .idea | ||||||
|  | vendor/ | ||||||
|  | composer.lock | ||||||
							
								
								
									
										21
									
								
								misc/typo3/phar-stream-wrapper/LICENSE
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								misc/typo3/phar-stream-wrapper/LICENSE
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | |||||||
|  | MIT License | ||||||
|  |  | ||||||
|  | Copyright (c) 2018 TYPO3 project - https://typo3.org/ | ||||||
|  |  | ||||||
|  | Permission is hereby granted, free of charge, to any person obtaining a copy | ||||||
|  | of this software and associated documentation files (the "Software"), to deal | ||||||
|  | in the Software without restriction, including without limitation the rights | ||||||
|  | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||||||
|  | copies of the Software, and to permit persons to whom the Software is | ||||||
|  | furnished to do so, subject to the following conditions: | ||||||
|  |  | ||||||
|  | The above copyright notice and this permission notice shall be included in all | ||||||
|  | copies or substantial portions of the Software. | ||||||
|  |  | ||||||
|  | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||||||
|  | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||||||
|  | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||||||
|  | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||||||
|  | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||||||
|  | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||||||
|  | SOFTWARE. | ||||||
							
								
								
									
										221
									
								
								misc/typo3/phar-stream-wrapper/README.md
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										221
									
								
								misc/typo3/phar-stream-wrapper/README.md
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,221 @@ | |||||||
|  | [](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/?branch=v2) | ||||||
|  | [](https://travis-ci.org/TYPO3/phar-stream-wrapper) | ||||||
|  | [](https://ci.appveyor.com/project/ohader/phar-stream-wrapper) | ||||||
|  |  | ||||||
|  | # PHP Phar Stream Wrapper | ||||||
|  |  | ||||||
|  | ## Abstract & History | ||||||
|  |  | ||||||
|  | Based on Sam Thomas' findings concerning | ||||||
|  | [insecure deserialization in combination with obfuscation strategies](https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are) | ||||||
|  | allowing to hide Phar files inside valid image resources, the TYPO3 project | ||||||
|  | decided back then to introduce a `PharStreamWrapper` to intercept invocations | ||||||
|  | of the `phar://` stream in PHP and only allow usage for defined locations in | ||||||
|  | the file system. | ||||||
|  |  | ||||||
|  | Since the TYPO3 mission statement is **inspiring people to share**, we thought | ||||||
|  | it would be helpful for others to release our `PharStreamWrapper` as standalone | ||||||
|  | package to the PHP community. | ||||||
|  |  | ||||||
|  | The mentioned security issue was reported to TYPO3 on 10th June 2018 by Sam Thomas | ||||||
|  | and has been addressed concerning the specific attack vector and for this generic | ||||||
|  | `PharStreamWrapper` in TYPO3 versions 7.6.30 LTS, 8.7.17 LTS and 9.3.1 on 12th | ||||||
|  | July 2018. | ||||||
|  |  | ||||||
|  | * https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are | ||||||
|  | * https://youtu.be/GePBmsNJw6Y | ||||||
|  | * https://typo3.org/security/advisory/typo3-psa-2018-001/ | ||||||
|  | * https://typo3.org/security/advisory/typo3-psa-2019-007/ | ||||||
|  | * https://typo3.org/security/advisory/typo3-psa-2019-008/ | ||||||
|  |  | ||||||
|  | ## License | ||||||
|  |  | ||||||
|  | In general the TYPO3 core is released under the GNU General Public License version | ||||||
|  | 2 or any later version (`GPL-2.0-or-later`). In order to avoid licensing issues and | ||||||
|  | incompatibilities this `PharStreamWrapper` is licenced under the MIT License. In case | ||||||
|  | you duplicate or modify source code, credits are not required but really appreciated. | ||||||
|  |  | ||||||
|  | ## Credits | ||||||
|  |  | ||||||
|  | Thanks to [Alex Pott](https://github.com/alexpott), Drupal for creating | ||||||
|  | back-ports of all sources in order to provide compatibility with PHP v5.3. | ||||||
|  |  | ||||||
|  | ## Installation | ||||||
|  |  | ||||||
|  | The `PharStreamWrapper` is provided as composer package `typo3/phar-stream-wrapper` | ||||||
|  | and has minimum requirements of PHP v5.3 ([`v2`](https://github.com/TYPO3/phar-stream-wrapper/tree/v2) branch) and PHP v7.0 ([`master`](https://github.com/TYPO3/phar-stream-wrapper) branch). | ||||||
|  |  | ||||||
|  | ### Installation for PHP v7.0 | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | composer require typo3/phar-stream-wrapper ^3.0 | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### Installation for PHP v5.3 | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | composer require typo3/phar-stream-wrapper ^2.0 | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Example | ||||||
|  |  | ||||||
|  | The following example is bundled within this package, the shown | ||||||
|  | `PharExtensionInterceptor` denies all stream wrapper invocations files | ||||||
|  | not having the `.phar` suffix. Interceptor logic has to be individual and | ||||||
|  | adjusted to according requirements. | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | $behavior = new \TYPO3\PharStreamWrapper\Behavior(); | ||||||
|  | \TYPO3\PharStreamWrapper\Manager::initialize( | ||||||
|  |     $behavior->withAssertion(new PharExtensionInterceptor()) | ||||||
|  | ); | ||||||
|  |  | ||||||
|  | if (in_array('phar', stream_get_wrappers())) { | ||||||
|  |     stream_wrapper_unregister('phar'); | ||||||
|  |     stream_wrapper_register('phar', 'TYPO3\\PharStreamWrapper\\PharStreamWrapper'); | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | * `PharStreamWrapper` defined as class reference will be instantiated each time | ||||||
|  |   `phar://` streams shall be processed. | ||||||
|  | * `Manager` as singleton pattern being called by `PharStreamWrapper` instances | ||||||
|  |   in order to retrieve individual behavior and settings. | ||||||
|  | * `Behavior` holds reference to interceptor(s) that shall assert correct/allowed | ||||||
|  |   invocation of a given `$path` for a given `$command`. Interceptors implement | ||||||
|  |   the interface `Assertable`. Interceptors can act individually on following | ||||||
|  |   commands or handle all of them in case not defined specifically:   | ||||||
|  |   + `COMMAND_DIR_OPENDIR` | ||||||
|  |   + `COMMAND_MKDIR` | ||||||
|  |   + `COMMAND_RENAME` | ||||||
|  |   + `COMMAND_RMDIR` | ||||||
|  |   + `COMMAND_STEAM_METADATA` | ||||||
|  |   + `COMMAND_STREAM_OPEN` | ||||||
|  |   + `COMMAND_UNLINK` | ||||||
|  |   + `COMMAND_URL_STAT` | ||||||
|  |  | ||||||
|  | ## Interceptors | ||||||
|  |  | ||||||
|  | The following interceptor is shipped with the package and ready to use in order | ||||||
|  | to block any Phar invocation of files not having a `.phar` suffix. Besides that | ||||||
|  | individual interceptors are possible of course. | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | class PharExtensionInterceptor implements Assertable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * Determines whether the base file name has a ".phar" suffix. | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      * @throws Exception | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         if ($this->baseFileContainsPharExtension($path)) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         throw new Exception( | ||||||
|  |             sprintf( | ||||||
|  |                 'Unexpected file extension in "%s"', | ||||||
|  |                 $path | ||||||
|  |             ), | ||||||
|  |             1535198703 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private function baseFileContainsPharExtension($path) | ||||||
|  |     { | ||||||
|  |         $baseFile = Helper::determineBaseFile($path); | ||||||
|  |         if ($baseFile === null) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); | ||||||
|  |         return strtolower($fileExtension) === 'phar'; | ||||||
|  |     } | ||||||
|  | } | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### ConjunctionInterceptor | ||||||
|  |  | ||||||
|  | This interceptor combines multiple interceptors implementing `Assertable`. | ||||||
|  | It succeeds when all nested interceptors succeed as well (logical `AND`). | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | $behavior = new \TYPO3\PharStreamWrapper\Behavior(); | ||||||
|  | \TYPO3\PharStreamWrapper\Manager::initialize( | ||||||
|  |     $behavior->withAssertion(new ConjunctionInterceptor(array( | ||||||
|  |         new PharExtensionInterceptor(), | ||||||
|  |         new PharMetaDataInterceptor() | ||||||
|  |     ))) | ||||||
|  | ); | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### PharExtensionInterceptor | ||||||
|  |  | ||||||
|  | This (basic) interceptor just checks whether the invoked Phar archive has | ||||||
|  | an according `.phar` file extension. Resolving symbolic links as well as | ||||||
|  | Phar internal alias resolving are considered as well. | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | $behavior = new \TYPO3\PharStreamWrapper\Behavior(); | ||||||
|  | \TYPO3\PharStreamWrapper\Manager::initialize( | ||||||
|  |     $behavior->withAssertion(new PharExtensionInterceptor()) | ||||||
|  | ); | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ### PharMetaDataInterceptor | ||||||
|  |  | ||||||
|  | This interceptor is actually checking serialized Phar meta-data against | ||||||
|  | PHP objects and would consider a Phar archive malicious in case not only | ||||||
|  | scalar values are found. A custom low-level `Phar\Reader` is used in order to | ||||||
|  | avoid using PHP's `Phar` object which would trigger the initial vulnerability. | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | $behavior = new \TYPO3\PharStreamWrapper\Behavior(); | ||||||
|  | \TYPO3\PharStreamWrapper\Manager::initialize( | ||||||
|  |     $behavior->withAssertion(new PharMetaDataInterceptor()) | ||||||
|  | ); | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Reader | ||||||
|  |  | ||||||
|  | * `Phar\Reader::__construct(string $fileName)`: Creates low-level reader for Phar archive | ||||||
|  | * `Phar\Reader::resolveContainer(): Phar\Container`: Resolves model representing Phar archive | ||||||
|  | * `Phar\Container::getStub(): Phar\Stub`: Resolves (plain PHP) stub section of Phar archive | ||||||
|  | * `Phar\Container::getManifest(): Phar\Manifest`: Resolves parsed Phar archive manifest as | ||||||
|  |   documented at http://php.net/manual/en/phar.fileformat.manifestfile.php | ||||||
|  | * `Phar\Stub::getMappedAlias(): string`: Resolves internal Phar archive alias defined in stub | ||||||
|  |   using `Phar::mapPhar('alias.phar')` - actually the plain PHP source is analyzed here | ||||||
|  | * `Phar\Manifest::getAlias(): string` - Resolves internal Phar archive alias defined in manifest | ||||||
|  |   using `Phar::setAlias('alias.phar')` | ||||||
|  | * `Phar\Manifest::getMetaData(): string`: Resolves serialized Phar archive meta-data | ||||||
|  | * `Phar\Manifest::deserializeMetaData(): mixed`: Resolves deserialized Phar archive meta-data | ||||||
|  |   containing only scalar values - in case an object is determined, an according | ||||||
|  |   `Phar\DeserializationException` will be thrown | ||||||
|  |  | ||||||
|  | ``` | ||||||
|  | $reader = new Phar\Reader('example.phar'); | ||||||
|  | var_dump($reader->resolveContainer()->getManifest()->deserializeMetaData()); | ||||||
|  | ``` | ||||||
|  |  | ||||||
|  | ## Helper | ||||||
|  |  | ||||||
|  | * `Helper::determineBaseFile(string $path): string`: Determines base file that can be | ||||||
|  |   accessed using the regular file system. For instance the following path | ||||||
|  |   `phar:///home/user/bundle.phar/content.txt` would be resolved to | ||||||
|  |   `/home/user/bundle.phar`. | ||||||
|  | * `Helper::resetOpCache()`: Resets PHP's OPcache if enabled as work-around for | ||||||
|  |   issues in `include()` or `require()` calls and OPcache delivering wrong | ||||||
|  |   results. More details can be found in PHP's bug tracker, for instance like | ||||||
|  |   https://bugs.php.net/bug.php?id=66569 | ||||||
|  |  | ||||||
|  | ## Security Contact | ||||||
|  |  | ||||||
|  | In case of finding additional security issues in the TYPO3 project or in this | ||||||
|  | `PharStreamWrapper` package in particular, please get in touch with the | ||||||
|  | [TYPO3 Security Team](mailto:security@typo3.org). | ||||||
							
								
								
									
										30
									
								
								misc/typo3/phar-stream-wrapper/composer.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								misc/typo3/phar-stream-wrapper/composer.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,30 @@ | |||||||
|  | { | ||||||
|  |     "name": "typo3/phar-stream-wrapper", | ||||||
|  |     "description": "Interceptors for PHP's native phar:// stream handling", | ||||||
|  |     "type": "library", | ||||||
|  |     "license": "MIT", | ||||||
|  |     "homepage": "https://typo3.org/", | ||||||
|  |     "keywords": ["php", "phar", "stream-wrapper", "security"], | ||||||
|  |     "require": { | ||||||
|  |         "php": "^5.3.3|^7.0", | ||||||
|  |         "ext-json": "*", | ||||||
|  |         "brumann/polyfill-unserialize": "^1.0" | ||||||
|  |     }, | ||||||
|  |     "require-dev": { | ||||||
|  |         "ext-xdebug": "*", | ||||||
|  |         "phpunit/phpunit": "^4.8.36" | ||||||
|  |     }, | ||||||
|  |     "suggest": { | ||||||
|  |         "ext-fileinfo": "For PHP builtin file type guessing, otherwise uses internal processing" | ||||||
|  |     }, | ||||||
|  |     "autoload": { | ||||||
|  |         "psr-4": { | ||||||
|  |             "TYPO3\\PharStreamWrapper\\": "src/" | ||||||
|  |         } | ||||||
|  |     }, | ||||||
|  |     "autoload-dev": { | ||||||
|  |         "psr-4": { | ||||||
|  |             "TYPO3\\PharStreamWrapper\\Tests\\": "tests/" | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										22
									
								
								misc/typo3/phar-stream-wrapper/src/Assertable.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								misc/typo3/phar-stream-wrapper/src/Assertable.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,22 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | interface Assertable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command); | ||||||
|  | } | ||||||
							
								
								
									
										124
									
								
								misc/typo3/phar-stream-wrapper/src/Behavior.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										124
									
								
								misc/typo3/phar-stream-wrapper/src/Behavior.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,124 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | class Behavior implements Assertable | ||||||
|  | { | ||||||
|  |     const COMMAND_DIR_OPENDIR = 'dir_opendir'; | ||||||
|  |     const COMMAND_MKDIR = 'mkdir'; | ||||||
|  |     const COMMAND_RENAME = 'rename'; | ||||||
|  |     const COMMAND_RMDIR = 'rmdir'; | ||||||
|  |     const COMMAND_STEAM_METADATA = 'stream_metadata'; | ||||||
|  |     const COMMAND_STREAM_OPEN = 'stream_open'; | ||||||
|  |     const COMMAND_UNLINK = 'unlink'; | ||||||
|  |     const COMMAND_URL_STAT = 'url_stat'; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string[] | ||||||
|  |      */ | ||||||
|  |     private $availableCommands = array( | ||||||
|  |         self::COMMAND_DIR_OPENDIR, | ||||||
|  |         self::COMMAND_MKDIR, | ||||||
|  |         self::COMMAND_RENAME, | ||||||
|  |         self::COMMAND_RMDIR, | ||||||
|  |         self::COMMAND_STEAM_METADATA, | ||||||
|  |         self::COMMAND_STREAM_OPEN, | ||||||
|  |         self::COMMAND_UNLINK, | ||||||
|  |         self::COMMAND_URL_STAT, | ||||||
|  |     ); | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var Assertable[] | ||||||
|  |      */ | ||||||
|  |     private $assertions; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param Assertable $assertable | ||||||
|  |      * @return static | ||||||
|  |      */ | ||||||
|  |     public function withAssertion(Assertable $assertable) | ||||||
|  |     { | ||||||
|  |         $commands = func_get_args(); | ||||||
|  |         array_shift($commands); | ||||||
|  |         $this->assertCommands($commands); | ||||||
|  |         $commands = $commands ?: $this->availableCommands; | ||||||
|  |  | ||||||
|  |         $target = clone $this; | ||||||
|  |         foreach ($commands as $command) { | ||||||
|  |             $target->assertions[$command] = $assertable; | ||||||
|  |         } | ||||||
|  |         return $target; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         $this->assertCommand($command); | ||||||
|  |         $this->assertAssertionCompleteness(); | ||||||
|  |  | ||||||
|  |         return $this->assertions[$command]->assert($path, $command); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param array $commands | ||||||
|  |      */ | ||||||
|  |     private function assertCommands(array $commands) | ||||||
|  |     { | ||||||
|  |         $unknownCommands = array_diff($commands, $this->availableCommands); | ||||||
|  |         if (empty($unknownCommands)) { | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |         throw new \LogicException( | ||||||
|  |             sprintf( | ||||||
|  |                 'Unknown commands: %s', | ||||||
|  |                 implode(', ', $unknownCommands) | ||||||
|  |             ), | ||||||
|  |             1535189881 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     private function assertCommand($command) | ||||||
|  |     { | ||||||
|  |         if (in_array($command, $this->availableCommands, true)) { | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |         throw new \LogicException( | ||||||
|  |             sprintf( | ||||||
|  |                 'Unknown command "%s"', | ||||||
|  |                 $command | ||||||
|  |             ), | ||||||
|  |             1535189882 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     private function assertAssertionCompleteness() | ||||||
|  |     { | ||||||
|  |         $undefinedAssertions = array_diff( | ||||||
|  |             $this->availableCommands, | ||||||
|  |             array_keys($this->assertions) | ||||||
|  |         ); | ||||||
|  |         if (empty($undefinedAssertions)) { | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |         throw new \LogicException( | ||||||
|  |             sprintf( | ||||||
|  |                 'Missing assertions for commands: %s', | ||||||
|  |                 implode(', ', $undefinedAssertions) | ||||||
|  |             ), | ||||||
|  |             1535189883 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										37
									
								
								misc/typo3/phar-stream-wrapper/src/Collectable.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								misc/typo3/phar-stream-wrapper/src/Collectable.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,37 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Resolver\PharInvocation; | ||||||
|  |  | ||||||
|  | interface Collectable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function has(PharInvocation $invocation); | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @param null $flags | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function collect(PharInvocation $invocation, $flags = null); | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param callable $callback | ||||||
|  |      * @param bool $reverse | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      */ | ||||||
|  |     public function findByCallback($callback, $reverse = false); | ||||||
|  | } | ||||||
							
								
								
									
										16
									
								
								misc/typo3/phar-stream-wrapper/src/Exception.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								misc/typo3/phar-stream-wrapper/src/Exception.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | class Exception extends \RuntimeException | ||||||
|  | { | ||||||
|  | } | ||||||
							
								
								
									
										199
									
								
								misc/typo3/phar-stream-wrapper/src/Helper.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										199
									
								
								misc/typo3/phar-stream-wrapper/src/Helper.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,199 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Helper provides low-level tools on file name resolving. However it does not | ||||||
|  |  * (and should not) maintain any runtime state information. In order to resolve | ||||||
|  |  * Phar archive paths according resolvers have to be used. | ||||||
|  |  * | ||||||
|  |  * @see \TYPO3\PharStreamWrapper\Resolvable::resolve() | ||||||
|  |  */ | ||||||
|  | class Helper | ||||||
|  | { | ||||||
|  |     /* | ||||||
|  |      * Resets PHP's OPcache if enabled as work-around for issues in `include()` | ||||||
|  |      * or `require()` calls and OPcache delivering wrong results. | ||||||
|  |      * | ||||||
|  |      * @see https://bugs.php.net/bug.php?id=66569 | ||||||
|  |      */ | ||||||
|  |     public static function resetOpCache() | ||||||
|  |     { | ||||||
|  |         if (function_exists('opcache_reset') | ||||||
|  |             && function_exists('opcache_get_status') | ||||||
|  |         ) { | ||||||
|  |             $status = opcache_get_status(); | ||||||
|  |             if (!empty($status['opcache_enabled'])) { | ||||||
|  |                 opcache_reset(); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Determines base file that can be accessed using the regular file system. | ||||||
|  |      * For e.g. "phar:///home/user/bundle.phar/content.txt" that would result | ||||||
|  |      * into "/home/user/bundle.phar". | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @return string|null | ||||||
|  |      */ | ||||||
|  |     public static function determineBaseFile($path) | ||||||
|  |     { | ||||||
|  |         $parts = explode('/', static::normalizePath($path)); | ||||||
|  |  | ||||||
|  |         while (count($parts)) { | ||||||
|  |             $currentPath = implode('/', $parts); | ||||||
|  |             if (@is_file($currentPath) && realpath($currentPath) !== false) { | ||||||
|  |                 return $currentPath; | ||||||
|  |             } | ||||||
|  |             array_pop($parts); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public static function hasPharPrefix($path) | ||||||
|  |     { | ||||||
|  |         return stripos($path, 'phar://') === 0; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public static function removePharPrefix($path) | ||||||
|  |     { | ||||||
|  |         $path = trim($path); | ||||||
|  |         if (!static::hasPharPrefix($path)) { | ||||||
|  |             return $path; | ||||||
|  |         } | ||||||
|  |         return substr($path, 7); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Normalizes a path, removes phar:// prefix, fixes Windows directory | ||||||
|  |      * separators. Result is without trailing slash. | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public static function normalizePath($path) | ||||||
|  |     { | ||||||
|  |         return rtrim( | ||||||
|  |             static::normalizeWindowsPath( | ||||||
|  |                 static::removePharPrefix($path) | ||||||
|  |             ), | ||||||
|  |             '/' | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Fixes a path for windows-backslashes and reduces double-slashes to single slashes | ||||||
|  |      * | ||||||
|  |      * @param string $path File path to process | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public static function normalizeWindowsPath($path) | ||||||
|  |     { | ||||||
|  |         return str_replace('\\', '/', $path); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Resolves all dots, slashes and removes spaces after or before a path... | ||||||
|  |      * | ||||||
|  |      * @param string $path Input string | ||||||
|  |      * @return string Canonical path, always without trailing slash | ||||||
|  |      */ | ||||||
|  |     private static function getCanonicalPath($path) | ||||||
|  |     { | ||||||
|  |         $path = static::normalizeWindowsPath($path); | ||||||
|  |  | ||||||
|  |         $absolutePathPrefix = ''; | ||||||
|  |         if (static::isAbsolutePath($path)) { | ||||||
|  |             if (static::isWindows() && strpos($path, ':/') === 1) { | ||||||
|  |                 $absolutePathPrefix = substr($path, 0, 3); | ||||||
|  |                 $path = substr($path, 3); | ||||||
|  |             } else { | ||||||
|  |                 $path = ltrim($path, '/'); | ||||||
|  |                 $absolutePathPrefix = '/'; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $pathParts = explode('/', $path); | ||||||
|  |         $pathPartsLength = count($pathParts); | ||||||
|  |         for ($partCount = 0; $partCount < $pathPartsLength; $partCount++) { | ||||||
|  |             // double-slashes in path: remove element | ||||||
|  |             if ($pathParts[$partCount] === '') { | ||||||
|  |                 array_splice($pathParts, $partCount, 1); | ||||||
|  |                 $partCount--; | ||||||
|  |                 $pathPartsLength--; | ||||||
|  |             } | ||||||
|  |             // "." in path: remove element | ||||||
|  |             if ((isset($pathParts[$partCount]) ? $pathParts[$partCount] : '') === '.') { | ||||||
|  |                 array_splice($pathParts, $partCount, 1); | ||||||
|  |                 $partCount--; | ||||||
|  |                 $pathPartsLength--; | ||||||
|  |             } | ||||||
|  |             // ".." in path: | ||||||
|  |             if ((isset($pathParts[$partCount]) ? $pathParts[$partCount] : '') === '..') { | ||||||
|  |                 if ($partCount === 0) { | ||||||
|  |                     array_splice($pathParts, $partCount, 1); | ||||||
|  |                     $partCount--; | ||||||
|  |                     $pathPartsLength--; | ||||||
|  |                 } elseif ($partCount >= 1) { | ||||||
|  |                     // Rremove this and previous element | ||||||
|  |                     array_splice($pathParts, $partCount - 1, 2); | ||||||
|  |                     $partCount -= 2; | ||||||
|  |                     $pathPartsLength -= 2; | ||||||
|  |                 } elseif ($absolutePathPrefix) { | ||||||
|  |                     // can't go higher than root dir | ||||||
|  |                     // simply remove this part and continue | ||||||
|  |                     array_splice($pathParts, $partCount, 1); | ||||||
|  |                     $partCount--; | ||||||
|  |                     $pathPartsLength--; | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return $absolutePathPrefix . implode('/', $pathParts); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Checks if the $path is absolute or relative (detecting either '/' or | ||||||
|  |      * 'x:/' as first part of string) and returns TRUE if so. | ||||||
|  |      * | ||||||
|  |      * @param string $path File path to evaluate | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private static function isAbsolutePath($path) | ||||||
|  |     { | ||||||
|  |         // Path starting with a / is always absolute, on every system | ||||||
|  |         // On Windows also a path starting with a drive letter is absolute: X:/ | ||||||
|  |         return (isset($path[0]) ? $path[0] : null) === '/' | ||||||
|  |             || static::isWindows() && ( | ||||||
|  |                 strpos($path, ':/') === 1 | ||||||
|  |                 || strpos($path, ':\\') === 1 | ||||||
|  |             ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private static function isWindows() | ||||||
|  |     { | ||||||
|  |         return stripos(PHP_OS, 'WIN') === 0; | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -0,0 +1,88 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Interceptor; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Assertable; | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  |  | ||||||
|  | class ConjunctionInterceptor implements Assertable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @var Assertable[] | ||||||
|  |      */ | ||||||
|  |     private $assertions; | ||||||
|  |  | ||||||
|  |     public function __construct(array $assertions) | ||||||
|  |     { | ||||||
|  |         $this->assertAssertions($assertions); | ||||||
|  |         $this->assertions = $assertions; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Executes assertions based on all contained assertions. | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      * @throws Exception | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         if ($this->invokeAssertions($path, $command)) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         throw new Exception( | ||||||
|  |             sprintf( | ||||||
|  |                 'Assertion failed in "%s"', | ||||||
|  |                 $path | ||||||
|  |             ), | ||||||
|  |             1539625084 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param Assertable[] $assertions | ||||||
|  |      */ | ||||||
|  |     private function assertAssertions(array $assertions) | ||||||
|  |     { | ||||||
|  |         foreach ($assertions as $assertion) { | ||||||
|  |             if (!$assertion instanceof Assertable) { | ||||||
|  |                 throw new \InvalidArgumentException( | ||||||
|  |                     sprintf( | ||||||
|  |                         'Instance %s must implement Assertable', | ||||||
|  |                         get_class($assertion) | ||||||
|  |                     ), | ||||||
|  |                     1539624719 | ||||||
|  |                 ); | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private function invokeAssertions($path, $command) | ||||||
|  |     { | ||||||
|  |         try { | ||||||
|  |             foreach ($this->assertions as $assertion) { | ||||||
|  |                 if (!$assertion->assert($path, $command)) { | ||||||
|  |                     return false; | ||||||
|  |                 } | ||||||
|  |             } | ||||||
|  |         } catch (Exception $exception) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         return true; | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -0,0 +1,55 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Interceptor; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Assertable; | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  | use TYPO3\PharStreamWrapper\Manager; | ||||||
|  |  | ||||||
|  | class PharExtensionInterceptor implements Assertable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * Determines whether the base file name has a ".phar" suffix. | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      * @throws Exception | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         if ($this->baseFileContainsPharExtension($path)) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         throw new Exception( | ||||||
|  |             sprintf( | ||||||
|  |                 'Unexpected file extension in "%s"', | ||||||
|  |                 $path | ||||||
|  |             ), | ||||||
|  |             1535198703 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private function baseFileContainsPharExtension($path) | ||||||
|  |     { | ||||||
|  |         $invocation = Manager::instance()->resolve($path); | ||||||
|  |         if ($invocation === null) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         $fileExtension = pathinfo($invocation->getBaseName(), PATHINFO_EXTENSION); | ||||||
|  |         return strtolower($fileExtension) === 'phar'; | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -0,0 +1,73 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Interceptor; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Assertable; | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  | use TYPO3\PharStreamWrapper\Manager; | ||||||
|  | use TYPO3\PharStreamWrapper\Phar\DeserializationException; | ||||||
|  | use TYPO3\PharStreamWrapper\Phar\Reader; | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * @internal Experimental implementation of checking against serialized objects in Phar meta-data | ||||||
|  |  * @internal This functionality has not been 100% pentested... | ||||||
|  |  */ | ||||||
|  | class PharMetaDataInterceptor implements Assertable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * Determines whether the according Phar archive contains | ||||||
|  |      * (potential insecure) serialized objects. | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      * @throws Exception | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         if ($this->baseFileDoesNotHaveMetaDataIssues($path)) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         throw new Exception( | ||||||
|  |             sprintf( | ||||||
|  |                 'Problematic meta-data in "%s"', | ||||||
|  |                 $path | ||||||
|  |             ), | ||||||
|  |             1539632368 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private function baseFileDoesNotHaveMetaDataIssues($path) | ||||||
|  |     { | ||||||
|  |         $invocation = Manager::instance()->resolve($path); | ||||||
|  |         if ($invocation === null) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         // directly return in case invocation was checked before | ||||||
|  |         if ($invocation->getVariable(__CLASS__) === true) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         // otherwise analyze meta-data | ||||||
|  |         try { | ||||||
|  |             $reader = new Reader($invocation->getBaseName()); | ||||||
|  |             $reader->resolveContainer()->getManifest()->deserializeMetaData(); | ||||||
|  |             $invocation->setVariable(__CLASS__, true); | ||||||
|  |         } catch (DeserializationException $exception) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         return true; | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										135
									
								
								misc/typo3/phar-stream-wrapper/src/Manager.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										135
									
								
								misc/typo3/phar-stream-wrapper/src/Manager.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,135 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Resolver\PharInvocation; | ||||||
|  | use TYPO3\PharStreamWrapper\Resolver\PharInvocationCollection; | ||||||
|  | use TYPO3\PharStreamWrapper\Resolver\PharInvocationResolver; | ||||||
|  |  | ||||||
|  | class Manager | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @var self | ||||||
|  |      */ | ||||||
|  |     private static $instance; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var Behavior | ||||||
|  |      */ | ||||||
|  |     private $behavior; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var Resolvable | ||||||
|  |      */ | ||||||
|  |     private $resolver; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var Collectable | ||||||
|  |      */ | ||||||
|  |     private $collection; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param Behavior $behaviour | ||||||
|  |      * @param Resolvable $resolver | ||||||
|  |      * @param Collectable $collection | ||||||
|  |      * @return self | ||||||
|  |      */ | ||||||
|  |     public static function initialize( | ||||||
|  |         Behavior $behaviour, | ||||||
|  |         Resolvable $resolver = null, | ||||||
|  |         Collectable $collection = null | ||||||
|  |     ) { | ||||||
|  |         if (self::$instance === null) { | ||||||
|  |             self::$instance = new self($behaviour, $resolver, $collection); | ||||||
|  |             return self::$instance; | ||||||
|  |         } | ||||||
|  |         throw new \LogicException( | ||||||
|  |             'Manager can only be initialized once', | ||||||
|  |             1535189871 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return self | ||||||
|  |      */ | ||||||
|  |     public static function instance() | ||||||
|  |     { | ||||||
|  |         if (self::$instance !== null) { | ||||||
|  |             return self::$instance; | ||||||
|  |         } | ||||||
|  |         throw new \LogicException( | ||||||
|  |             'Manager needs to be initialized first', | ||||||
|  |             1535189872 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public static function destroy() | ||||||
|  |     { | ||||||
|  |         if (self::$instance === null) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         self::$instance = null; | ||||||
|  |         return true; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param Behavior $behaviour | ||||||
|  |      * @param Resolvable $resolver | ||||||
|  |      * @param Collectable $collection | ||||||
|  |      */ | ||||||
|  |     private function __construct( | ||||||
|  |         Behavior $behaviour, | ||||||
|  |         Resolvable $resolver = null, | ||||||
|  |         Collectable $collection = null | ||||||
|  |     ) { | ||||||
|  |         if ($collection === null) { | ||||||
|  |             $collection = new PharInvocationCollection(); | ||||||
|  |         } | ||||||
|  |         if ($resolver === null) { | ||||||
|  |             $resolver = new PharInvocationResolver(); | ||||||
|  |         } | ||||||
|  |         $this->collection = $collection; | ||||||
|  |         $this->resolver = $resolver; | ||||||
|  |         $this->behavior = $behaviour; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         return $this->behavior->assert($path, $command); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param null|int $flags | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      */ | ||||||
|  |     public function resolve($path, $flags = null) | ||||||
|  |     { | ||||||
|  |         return $this->resolver->resolve($path, $flags); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return Collectable | ||||||
|  |      */ | ||||||
|  |     public function getCollection() | ||||||
|  |     { | ||||||
|  |         return $this->collection; | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										59
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Container.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										59
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Container.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,59 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Phar; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | class Container | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @var Stub | ||||||
|  |      */ | ||||||
|  |     private $stub; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var Manifest | ||||||
|  |      */ | ||||||
|  |     private $manifest; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param Stub $stub | ||||||
|  |      * @param Manifest $manifest | ||||||
|  |      */ | ||||||
|  |     public function __construct(Stub $stub, Manifest $manifest) | ||||||
|  |     { | ||||||
|  |         $this->stub = $stub; | ||||||
|  |         $this->manifest = $manifest; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return Stub | ||||||
|  |      */ | ||||||
|  |     public function getStub() | ||||||
|  |     { | ||||||
|  |         return $this->stub; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return Manifest | ||||||
|  |      */ | ||||||
|  |     public function getManifest() | ||||||
|  |     { | ||||||
|  |         return $this->manifest; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getAlias() | ||||||
|  |     { | ||||||
|  |         return $this->manifest->getAlias() ?: $this->stub->getMappedAlias(); | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -0,0 +1,18 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Phar; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  |  | ||||||
|  | class DeserializationException extends Exception | ||||||
|  | { | ||||||
|  | } | ||||||
							
								
								
									
										176
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Manifest.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										176
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Manifest.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,176 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Phar; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use Brumann\Polyfill\Unserialize; | ||||||
|  |  | ||||||
|  | class Manifest | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @param string $content | ||||||
|  |      * @return self | ||||||
|  |      * @see http://php.net/manual/en/phar.fileformat.phar.php | ||||||
|  |      */ | ||||||
|  |     public static function fromContent($content) | ||||||
|  |     { | ||||||
|  |         $target = new static(); | ||||||
|  |         $target->manifestLength = Reader::resolveFourByteLittleEndian($content, 0); | ||||||
|  |         $target->amountOfFiles = Reader::resolveFourByteLittleEndian($content, 4); | ||||||
|  |         $target->flags = Reader::resolveFourByteLittleEndian($content, 10); | ||||||
|  |         $target->aliasLength = Reader::resolveFourByteLittleEndian($content, 14); | ||||||
|  |         $target->alias = substr($content, 18, $target->aliasLength); | ||||||
|  |         $target->metaDataLength = Reader::resolveFourByteLittleEndian($content, 18 + $target->aliasLength); | ||||||
|  |         $target->metaData = substr($content, 22 + $target->aliasLength, $target->metaDataLength); | ||||||
|  |  | ||||||
|  |         $apiVersionNibbles = Reader::resolveTwoByteBigEndian($content, 8); | ||||||
|  |         $target->apiVersion = implode('.', array( | ||||||
|  |             ($apiVersionNibbles & 0xf000) >> 12, | ||||||
|  |             ($apiVersionNibbles & 0x0f00) >> 8, | ||||||
|  |             ($apiVersionNibbles & 0x00f0) >> 4, | ||||||
|  |         )); | ||||||
|  |  | ||||||
|  |         return $target; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var int | ||||||
|  |      */ | ||||||
|  |     private $manifestLength; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var int | ||||||
|  |      */ | ||||||
|  |     private $amountOfFiles; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $apiVersion; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var int | ||||||
|  |      */ | ||||||
|  |     private $flags; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var int | ||||||
|  |      */ | ||||||
|  |     private $aliasLength; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $alias; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var int | ||||||
|  |      */ | ||||||
|  |     private $metaDataLength; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $metaData; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Avoid direct instantiation. | ||||||
|  |      */ | ||||||
|  |     private function __construct() | ||||||
|  |     { | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function getManifestLength() | ||||||
|  |     { | ||||||
|  |         return $this->manifestLength; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function getAmountOfFiles() | ||||||
|  |     { | ||||||
|  |         return $this->amountOfFiles; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getApiVersion() | ||||||
|  |     { | ||||||
|  |         return $this->apiVersion; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function getFlags() | ||||||
|  |     { | ||||||
|  |         return $this->flags; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function getAliasLength() | ||||||
|  |     { | ||||||
|  |         return $this->aliasLength; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getAlias() | ||||||
|  |     { | ||||||
|  |         return $this->alias; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function getMetaDataLength() | ||||||
|  |     { | ||||||
|  |         return $this->metaDataLength; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getMetaData() | ||||||
|  |     { | ||||||
|  |         return $this->metaData; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return mixed|null | ||||||
|  |      */ | ||||||
|  |     public function deserializeMetaData() | ||||||
|  |     { | ||||||
|  |         if (empty($this->metaData)) { | ||||||
|  |             return null; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $result = Unserialize::unserialize($this->metaData, array('allowed_classes' => false)); | ||||||
|  |  | ||||||
|  |         $serialized = json_encode($result); | ||||||
|  |         if (strpos($serialized, '__PHP_Incomplete_Class_Name') !== false) { | ||||||
|  |             throw new DeserializationException( | ||||||
|  |                 'Meta-data contains serialized object', | ||||||
|  |                 1539623382 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return $result; | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										254
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Reader.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										254
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Reader.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,254 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Phar; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | class Reader | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $fileName; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Mime-type in order to use zlib, bzip2 or no compression. | ||||||
|  |      * In case ext-fileinfo is not present only the relevant types | ||||||
|  |      * 'application/x-gzip' and 'application/x-bzip2' are assigned | ||||||
|  |      * to this class property. | ||||||
|  |      * | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $fileType; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $fileName | ||||||
|  |      */ | ||||||
|  |     public function __construct($fileName) | ||||||
|  |     { | ||||||
|  |         if (strpos($fileName, '://') !== false) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 'File name must not contain stream prefix', | ||||||
|  |                 1539623708 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $this->fileName = $fileName; | ||||||
|  |         $this->fileType = $this->determineFileType(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return Container | ||||||
|  |      */ | ||||||
|  |     public function resolveContainer() | ||||||
|  |     { | ||||||
|  |         $data = $this->extractData($this->resolveStream() . $this->fileName); | ||||||
|  |  | ||||||
|  |         if ($data['stubContent'] === null) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 'Cannot resolve stub', | ||||||
|  |                 1547807881 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if ($data['manifestContent'] === null || $data['manifestLength'] === null) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 'Cannot resolve manifest', | ||||||
|  |                 1547807882 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if (strlen($data['manifestContent']) < $data['manifestLength']) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf( | ||||||
|  |                     'Exected manifest length %d, got %d', | ||||||
|  |                     strlen($data['manifestContent']), | ||||||
|  |                     $data['manifestLength'] | ||||||
|  |                 ), | ||||||
|  |                 1547807883 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return new Container( | ||||||
|  |             Stub::fromContent($data['stubContent']), | ||||||
|  |             Manifest::fromContent($data['manifestContent']) | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $fileName e.g. '/path/file.phar' or 'compress.zlib:///path/file.phar' | ||||||
|  |      * @return array | ||||||
|  |      */ | ||||||
|  |     private function extractData($fileName) | ||||||
|  |     { | ||||||
|  |         $stubContent = null; | ||||||
|  |         $manifestContent = null; | ||||||
|  |         $manifestLength = null; | ||||||
|  |  | ||||||
|  |         $resource = fopen($fileName, 'r'); | ||||||
|  |         if (!is_resource($resource)) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf('Resource %s could not be opened', $fileName), | ||||||
|  |                 1547902055 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         while (!feof($resource)) { | ||||||
|  |             $line = fgets($resource); | ||||||
|  |             // stop reading file when manifest can be extracted | ||||||
|  |             if ($manifestLength !== null && $manifestContent !== null && strlen($manifestContent) >= $manifestLength) { | ||||||
|  |                 break; | ||||||
|  |             } | ||||||
|  |  | ||||||
|  |             $manifestPosition = strpos($line, '__HALT_COMPILER();'); | ||||||
|  |  | ||||||
|  |             // first line contains start of manifest | ||||||
|  |             if ($stubContent === null && $manifestContent === null && $manifestPosition !== false) { | ||||||
|  |                 $stubContent = substr($line, 0, $manifestPosition - 1); | ||||||
|  |                 $manifestContent = preg_replace('#^.*__HALT_COMPILER\(\);(?>[ \n]\?>(?>\r\n|\n)?)?#', '', $line); | ||||||
|  |                 $manifestLength = $this->resolveManifestLength($manifestContent); | ||||||
|  |             // line contains start of stub | ||||||
|  |             } elseif ($stubContent === null) { | ||||||
|  |                 $stubContent = $line; | ||||||
|  |             // line contains start of manifest | ||||||
|  |             } elseif ($manifestContent === null && $manifestPosition !== false) { | ||||||
|  |                 $manifestContent = preg_replace('#^.*__HALT_COMPILER\(\);(?>[ \n]\?>(?>\r\n|\n)?)?#', '', $line); | ||||||
|  |                 $manifestLength = $this->resolveManifestLength($manifestContent); | ||||||
|  |             // manifest has been started (thus is cannot be stub anymore), add content | ||||||
|  |             } elseif ($manifestContent !== null) { | ||||||
|  |                 $manifestContent .= $line; | ||||||
|  |                 $manifestLength = $this->resolveManifestLength($manifestContent); | ||||||
|  |             // stub has been started (thus cannot be manifest here, yet), add content | ||||||
|  |             } elseif ($stubContent !== null) { | ||||||
|  |                 $stubContent .= $line; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |         fclose($resource); | ||||||
|  |  | ||||||
|  |         return array( | ||||||
|  |             'stubContent' => $stubContent, | ||||||
|  |             'manifestContent' => $manifestContent, | ||||||
|  |             'manifestLength' => $manifestLength, | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Resolves stream in order to handle compressed Phar archives. | ||||||
|  |      * | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     private function resolveStream() | ||||||
|  |     { | ||||||
|  |         if ($this->fileType === 'application/x-gzip' || $this->fileType === 'application/gzip') { | ||||||
|  |             return 'compress.zlib://'; | ||||||
|  |         } elseif ($this->fileType === 'application/x-bzip2') { | ||||||
|  |             return 'compress.bzip2://'; | ||||||
|  |         } | ||||||
|  |         return ''; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     private function determineFileType() | ||||||
|  |     { | ||||||
|  |         if (class_exists('\\finfo')) { | ||||||
|  |             $fileInfo = new \finfo(); | ||||||
|  |             return $fileInfo->file($this->fileName, FILEINFO_MIME_TYPE); | ||||||
|  |         } | ||||||
|  |         return $this->determineFileTypeByHeader(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * In case ext-fileinfo is not present only the relevant types | ||||||
|  |      * 'application/x-gzip' and 'application/x-bzip2' are resolved. | ||||||
|  |      * | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     private function determineFileTypeByHeader() | ||||||
|  |     { | ||||||
|  |         $resource = fopen($this->fileName, 'r'); | ||||||
|  |         if (!is_resource($resource)) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf('Resource %s could not be opened', $this->fileName), | ||||||
|  |                 1557753055 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         $header = fgets($resource, 4); | ||||||
|  |         fclose($resource); | ||||||
|  |         $mimeType = ''; | ||||||
|  |         if (strpos($header, "\x42\x5a\x68") === 0) { | ||||||
|  |             $mimeType = 'application/x-bzip2'; | ||||||
|  |         } elseif (strpos($header, "\x1f\x8b") === 0) { | ||||||
|  |             $mimeType = 'application/x-gzip'; | ||||||
|  |         } | ||||||
|  |         return $mimeType; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $content | ||||||
|  |      * @return int|null | ||||||
|  |      */ | ||||||
|  |     private function resolveManifestLength($content) | ||||||
|  |     { | ||||||
|  |         if (strlen($content) < 4) { | ||||||
|  |             return null; | ||||||
|  |         } | ||||||
|  |         return static::resolveFourByteLittleEndian($content, 0); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $content | ||||||
|  |      * @param int $start | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public static function resolveFourByteLittleEndian($content, $start) | ||||||
|  |     { | ||||||
|  |         $payload = substr($content, $start, 4); | ||||||
|  |         if (!is_string($payload)) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf('Cannot resolve value at offset %d', $start), | ||||||
|  |                 1539614260 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $value = unpack('V', $payload); | ||||||
|  |         if (!isset($value[1])) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf('Cannot resolve value at offset %d', $start), | ||||||
|  |                 1539614261 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         return $value[1]; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $content | ||||||
|  |      * @param int $start | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public static function resolveTwoByteBigEndian($content, $start) | ||||||
|  |     { | ||||||
|  |         $payload = substr($content, $start, 2); | ||||||
|  |         if (!is_string($payload)) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf('Cannot resolve value at offset %d', $start), | ||||||
|  |                 1539614263 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $value = unpack('n', $payload); | ||||||
|  |         if (!isset($value[1])) { | ||||||
|  |             throw new ReaderException( | ||||||
|  |                 sprintf('Cannot resolve value at offset %d', $start), | ||||||
|  |                 1539614264 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         return $value[1]; | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										18
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/ReaderException.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/ReaderException.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Phar; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  |  | ||||||
|  | class ReaderException extends Exception | ||||||
|  | { | ||||||
|  | } | ||||||
							
								
								
									
										65
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Stub.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										65
									
								
								misc/typo3/phar-stream-wrapper/src/Phar/Stub.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,65 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Phar; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * @internal Experimental implementation of Phar archive internals | ||||||
|  |  */ | ||||||
|  | class Stub | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @param string $content | ||||||
|  |      * @return self | ||||||
|  |      */ | ||||||
|  |     public static function fromContent($content) | ||||||
|  |     { | ||||||
|  |         $target = new static(); | ||||||
|  |         $target->content = $content; | ||||||
|  |  | ||||||
|  |         if ( | ||||||
|  |             stripos($content, 'Phar::mapPhar(') !== false | ||||||
|  |             && preg_match('#Phar\:\:mapPhar\(([^)]+)\)#', $content, $matches) | ||||||
|  |         ) { | ||||||
|  |             // remove spaces, single & double quotes | ||||||
|  |             // @todo `'my' . 'alias' . '.phar'` is not evaluated here | ||||||
|  |             $target->mappedAlias = trim($matches[1], ' \'"'); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return $target; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $content; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $mappedAlias = ''; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getContent() | ||||||
|  |     { | ||||||
|  |         return $this->content; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getMappedAlias() | ||||||
|  |     { | ||||||
|  |         return $this->mappedAlias; | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										511
									
								
								misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										511
									
								
								misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,511 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Resolver\PharInvocation; | ||||||
|  |  | ||||||
|  | class PharStreamWrapper | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * Internal stream constants that are not exposed to PHP, but used... | ||||||
|  |      * @see https://github.com/php/php-src/blob/e17fc0d73c611ad0207cac8a4a01ded38251a7dc/main/php_streams.h | ||||||
|  |      */ | ||||||
|  |     const STREAM_OPEN_FOR_INCLUDE = 128; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var resource | ||||||
|  |      */ | ||||||
|  |     public $context; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var resource | ||||||
|  |      */ | ||||||
|  |     protected $internalResource; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var PharInvocation | ||||||
|  |      */ | ||||||
|  |     protected $invocation; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function dir_closedir() | ||||||
|  |     { | ||||||
|  |         if (!is_resource($this->internalResource)) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $this->invokeInternalStreamWrapper( | ||||||
|  |             'closedir', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |         return !is_resource($this->internalResource); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int $options | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function dir_opendir($path, $options) | ||||||
|  |     { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_DIR_OPENDIR); | ||||||
|  |         $this->internalResource = $this->invokeInternalStreamWrapper( | ||||||
|  |             'opendir', | ||||||
|  |             $path, | ||||||
|  |             $this->context | ||||||
|  |         ); | ||||||
|  |         return is_resource($this->internalResource); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string|false | ||||||
|  |      */ | ||||||
|  |     public function dir_readdir() | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'readdir', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function dir_rewinddir() | ||||||
|  |     { | ||||||
|  |         if (!is_resource($this->internalResource)) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $this->invokeInternalStreamWrapper( | ||||||
|  |             'rewinddir', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |         return is_resource($this->internalResource); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int $mode | ||||||
|  |      * @param int $options | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function mkdir($path, $mode, $options) | ||||||
|  |     { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_MKDIR); | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'mkdir', | ||||||
|  |             $path, | ||||||
|  |             $mode, | ||||||
|  |             (bool) ($options & STREAM_MKDIR_RECURSIVE), | ||||||
|  |             $this->context | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path_from | ||||||
|  |      * @param string $path_to | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function rename($path_from, $path_to) | ||||||
|  |     { | ||||||
|  |         $this->assert($path_from, Behavior::COMMAND_RENAME); | ||||||
|  |         $this->assert($path_to, Behavior::COMMAND_RENAME); | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'rename', | ||||||
|  |             $path_from, | ||||||
|  |             $path_to, | ||||||
|  |             $this->context | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int $options | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function rmdir($path, $options) | ||||||
|  |     { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_RMDIR); | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'rmdir', | ||||||
|  |             $path, | ||||||
|  |             $this->context | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param int $cast_as | ||||||
|  |      */ | ||||||
|  |     public function stream_cast($cast_as) | ||||||
|  |     { | ||||||
|  |         throw new Exception( | ||||||
|  |             'Method stream_select() cannot be used', | ||||||
|  |             1530103999 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     public function stream_close() | ||||||
|  |     { | ||||||
|  |         $this->invokeInternalStreamWrapper( | ||||||
|  |             'fclose', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_eof() | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'feof', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_flush() | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'fflush', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param int $operation | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_lock($operation) | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'flock', | ||||||
|  |             $this->internalResource, | ||||||
|  |             $operation | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int $option | ||||||
|  |      * @param string|int $value | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_metadata($path, $option, $value) | ||||||
|  |     { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_STEAM_METADATA); | ||||||
|  |         if ($option === STREAM_META_TOUCH) { | ||||||
|  |             return call_user_func_array( | ||||||
|  |                 array($this, 'invokeInternalStreamWrapper'), | ||||||
|  |                 array_merge(array('touch', $path), (array) $value) | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if ($option === STREAM_META_OWNER_NAME || $option === STREAM_META_OWNER) { | ||||||
|  |             return $this->invokeInternalStreamWrapper( | ||||||
|  |                 'chown', | ||||||
|  |                 $path, | ||||||
|  |                 $value | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if ($option === STREAM_META_GROUP_NAME || $option === STREAM_META_GROUP) { | ||||||
|  |             return $this->invokeInternalStreamWrapper( | ||||||
|  |                 'chgrp', | ||||||
|  |                 $path, | ||||||
|  |                 $value | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if ($option === STREAM_META_ACCESS) { | ||||||
|  |             return $this->invokeInternalStreamWrapper( | ||||||
|  |                 'chmod', | ||||||
|  |                 $path, | ||||||
|  |                 $value | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         return false; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $mode | ||||||
|  |      * @param int $options | ||||||
|  |      * @param string|null $opened_path | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_open( | ||||||
|  |         $path, | ||||||
|  |         $mode, | ||||||
|  |         $options, | ||||||
|  |         &$opened_path = null | ||||||
|  |     ) { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_STREAM_OPEN); | ||||||
|  |         $arguments = array($path, $mode, (bool) ($options & STREAM_USE_PATH)); | ||||||
|  |         // only add stream context for non include/require calls | ||||||
|  |         if (!($options & static::STREAM_OPEN_FOR_INCLUDE)) { | ||||||
|  |             $arguments[] = $this->context; | ||||||
|  |         // work around https://bugs.php.net/bug.php?id=66569 | ||||||
|  |         // for including files from Phar stream with OPcache enabled | ||||||
|  |         } else { | ||||||
|  |             Helper::resetOpCache(); | ||||||
|  |         } | ||||||
|  |         $this->internalResource = call_user_func_array( | ||||||
|  |             array($this, 'invokeInternalStreamWrapper'), | ||||||
|  |             array_merge(array('fopen'), $arguments) | ||||||
|  |         ); | ||||||
|  |         if (!is_resource($this->internalResource)) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         if ($opened_path !== null) { | ||||||
|  |             $metaData = stream_get_meta_data($this->internalResource); | ||||||
|  |             $opened_path = $metaData['uri']; | ||||||
|  |         } | ||||||
|  |         return true; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param int $count | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function stream_read($count) | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'fread', | ||||||
|  |             $this->internalResource, | ||||||
|  |             $count | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param int $offset | ||||||
|  |      * @param int $whence | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_seek($offset, $whence = SEEK_SET) | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'fseek', | ||||||
|  |             $this->internalResource, | ||||||
|  |             $offset, | ||||||
|  |             $whence | ||||||
|  |         ) !== -1; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param int $option | ||||||
|  |      * @param int $arg1 | ||||||
|  |      * @param int $arg2 | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_set_option($option, $arg1, $arg2) | ||||||
|  |     { | ||||||
|  |         if ($option === STREAM_OPTION_BLOCKING) { | ||||||
|  |             return $this->invokeInternalStreamWrapper( | ||||||
|  |                 'stream_set_blocking', | ||||||
|  |                 $this->internalResource, | ||||||
|  |                 $arg1 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if ($option === STREAM_OPTION_READ_TIMEOUT) { | ||||||
|  |             return $this->invokeInternalStreamWrapper( | ||||||
|  |                 'stream_set_timeout', | ||||||
|  |                 $this->internalResource, | ||||||
|  |                 $arg1, | ||||||
|  |                 $arg2 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         if ($option === STREAM_OPTION_WRITE_BUFFER) { | ||||||
|  |             return $this->invokeInternalStreamWrapper( | ||||||
|  |                 'stream_set_write_buffer', | ||||||
|  |                 $this->internalResource, | ||||||
|  |                 $arg2 | ||||||
|  |             ) === 0; | ||||||
|  |         } | ||||||
|  |         return false; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return array | ||||||
|  |      */ | ||||||
|  |     public function stream_stat() | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'fstat', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function stream_tell() | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'ftell', | ||||||
|  |             $this->internalResource | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param int $new_size | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function stream_truncate($new_size) | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'ftruncate', | ||||||
|  |             $this->internalResource, | ||||||
|  |             $new_size | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $data | ||||||
|  |      * @return int | ||||||
|  |      */ | ||||||
|  |     public function stream_write($data) | ||||||
|  |     { | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'fwrite', | ||||||
|  |             $this->internalResource, | ||||||
|  |             $data | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function unlink($path) | ||||||
|  |     { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_UNLINK); | ||||||
|  |         return $this->invokeInternalStreamWrapper( | ||||||
|  |             'unlink', | ||||||
|  |             $path, | ||||||
|  |             $this->context | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int $flags | ||||||
|  |      * @return array|false | ||||||
|  |      */ | ||||||
|  |     public function url_stat($path, $flags) | ||||||
|  |     { | ||||||
|  |         $this->assert($path, Behavior::COMMAND_URL_STAT); | ||||||
|  |         $functionName = $flags & STREAM_URL_STAT_QUIET ? '@stat' : 'stat'; | ||||||
|  |         return $this->invokeInternalStreamWrapper($functionName, $path); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param string $command | ||||||
|  |      */ | ||||||
|  |     protected function assert($path, $command) | ||||||
|  |     { | ||||||
|  |         if (Manager::instance()->assert($path, $command) === true) { | ||||||
|  |             $this->collectInvocation($path); | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         throw new Exception( | ||||||
|  |             sprintf( | ||||||
|  |                 'Denied invocation of "%s" for command "%s"', | ||||||
|  |                 $path, | ||||||
|  |                 $command | ||||||
|  |             ), | ||||||
|  |             1535189880 | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      */ | ||||||
|  |     protected function collectInvocation($path) | ||||||
|  |     { | ||||||
|  |         if (isset($this->invocation)) { | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $manager = Manager::instance(); | ||||||
|  |         $this->invocation = $manager->resolve($path); | ||||||
|  |         if ($this->invocation === null) { | ||||||
|  |             throw new Exception( | ||||||
|  |                 'Expected invocation could not be resolved', | ||||||
|  |                 1556389591 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         // confirm, previous interceptor(s) validated invocation | ||||||
|  |         $this->invocation->confirm(); | ||||||
|  |         $collection = $manager->getCollection(); | ||||||
|  |         if (!$collection->has($this->invocation)) { | ||||||
|  |             $collection->collect($this->invocation); | ||||||
|  |         } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return Manager|Assertable | ||||||
|  |      * @deprecated Use Manager::instance() directly | ||||||
|  |      */ | ||||||
|  |     protected function resolveAssertable() | ||||||
|  |     { | ||||||
|  |         return Manager::instance(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Invokes commands on the native PHP Phar stream wrapper. | ||||||
|  |      * | ||||||
|  |      * @param string $functionName | ||||||
|  |      * @param mixed ...$arguments | ||||||
|  |      * @return mixed | ||||||
|  |      */ | ||||||
|  |     private function invokeInternalStreamWrapper($functionName) | ||||||
|  |     { | ||||||
|  |         $arguments = func_get_args(); | ||||||
|  |         array_shift($arguments); | ||||||
|  |         $silentExecution = $functionName[0] === '@'; | ||||||
|  |         $functionName = ltrim($functionName, '@'); | ||||||
|  |         $this->restoreInternalSteamWrapper(); | ||||||
|  |  | ||||||
|  |         try { | ||||||
|  |             if ($silentExecution) { | ||||||
|  |                 $result = @call_user_func_array($functionName, $arguments); | ||||||
|  |             } else { | ||||||
|  |                 $result = call_user_func_array($functionName, $arguments); | ||||||
|  |             } | ||||||
|  |         } catch (\Exception $exception) { | ||||||
|  |             $this->registerStreamWrapper(); | ||||||
|  |             throw $exception; | ||||||
|  |         } catch (\Throwable $throwable) { | ||||||
|  |             $this->registerStreamWrapper(); | ||||||
|  |             throw $throwable; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $this->registerStreamWrapper(); | ||||||
|  |         return $result; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     private function restoreInternalSteamWrapper() | ||||||
|  |     { | ||||||
|  |         stream_wrapper_restore('phar'); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     private function registerStreamWrapper() | ||||||
|  |     { | ||||||
|  |         stream_wrapper_unregister('phar'); | ||||||
|  |         stream_wrapper_register('phar', get_class($this)); | ||||||
|  |     } | ||||||
|  | } | ||||||
							
								
								
									
										24
									
								
								misc/typo3/phar-stream-wrapper/src/Resolvable.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										24
									
								
								misc/typo3/phar-stream-wrapper/src/Resolvable.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,24 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Resolver\PharInvocation; | ||||||
|  |  | ||||||
|  | interface Resolvable | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param null|int $flags | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      */ | ||||||
|  |     public function resolve($path, $flags = null); | ||||||
|  | } | ||||||
							
								
								
									
										125
									
								
								misc/typo3/phar-stream-wrapper/src/Resolver/PharInvocation.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										125
									
								
								misc/typo3/phar-stream-wrapper/src/Resolver/PharInvocation.php
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,125 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Resolver; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Exception; | ||||||
|  |  | ||||||
|  | class PharInvocation | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $baseName; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string | ||||||
|  |      */ | ||||||
|  |     private $alias; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var bool | ||||||
|  |      * @see \TYPO3\PharStreamWrapper\PharStreamWrapper::collectInvocation() | ||||||
|  |      */ | ||||||
|  |     private $confirmed = false; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Arbitrary variables to be used by interceptors as registry | ||||||
|  |      * (e.g. in order to avoid duplicate processing and assertions) | ||||||
|  |      * | ||||||
|  |      * @var array | ||||||
|  |      */ | ||||||
|  |     private $variables; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $baseName | ||||||
|  |      * @param string $alias | ||||||
|  |      */ | ||||||
|  |     public function __construct($baseName, $alias = '') | ||||||
|  |     { | ||||||
|  |         if ($baseName === '') { | ||||||
|  |             throw new Exception( | ||||||
|  |                 'Base-name cannot be empty', | ||||||
|  |                 1551283689 | ||||||
|  |             ); | ||||||
|  |         } | ||||||
|  |         $this->baseName = $baseName; | ||||||
|  |         $this->alias = $alias; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function __toString() | ||||||
|  |     { | ||||||
|  |         return $this->baseName; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return string | ||||||
|  |      */ | ||||||
|  |     public function getBaseName() | ||||||
|  |     { | ||||||
|  |         return $this->baseName; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return null|string | ||||||
|  |      */ | ||||||
|  |     public function getAlias() | ||||||
|  |     { | ||||||
|  |         return $this->alias; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function isConfirmed() | ||||||
|  |     { | ||||||
|  |         return $this->confirmed; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     public function confirm() | ||||||
|  |     { | ||||||
|  |         $this->confirmed = true; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $name | ||||||
|  |      * @return mixed|null | ||||||
|  |      */ | ||||||
|  |     public function getVariable($name) | ||||||
|  |     { | ||||||
|  |         if (!isset($this->variables[$name])) { | ||||||
|  |             return null; | ||||||
|  |         } | ||||||
|  |         return $this->variables[$name]; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $name | ||||||
|  |      * @param mixed $value | ||||||
|  |      */ | ||||||
|  |     public function setVariable($name, $value) | ||||||
|  |     { | ||||||
|  |         $this->variables[$name] = $value; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param PharInvocation $other | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function equals(PharInvocation $other) | ||||||
|  |     { | ||||||
|  |         return $other->baseName === $this->baseName | ||||||
|  |             && $other->alias === $this->alias; | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -0,0 +1,156 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Resolver; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Collectable; | ||||||
|  |  | ||||||
|  | class PharInvocationCollection implements Collectable | ||||||
|  | { | ||||||
|  |     const UNIQUE_INVOCATION = 1; | ||||||
|  |     const UNIQUE_BASE_NAME = 2; | ||||||
|  |     const DUPLICATE_ALIAS_WARNING = 32; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var PharInvocation[] | ||||||
|  |      */ | ||||||
|  |     private $invocations = array(); | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function has(PharInvocation $invocation) | ||||||
|  |     { | ||||||
|  |         return in_array($invocation, $this->invocations, true); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @param null|int $flags | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     public function collect(PharInvocation $invocation, $flags = null) | ||||||
|  |     { | ||||||
|  |         if ($flags === null) { | ||||||
|  |             $flags = static::UNIQUE_INVOCATION | static::DUPLICATE_ALIAS_WARNING; | ||||||
|  |         } | ||||||
|  |         if ($invocation->getBaseName() === '' | ||||||
|  |             || $invocation->getAlias() === '' | ||||||
|  |             || !$this->assertUniqueBaseName($invocation, $flags) | ||||||
|  |             || !$this->assertUniqueInvocation($invocation, $flags) | ||||||
|  |         ) { | ||||||
|  |             return false; | ||||||
|  |         } | ||||||
|  |         if ($flags & static::DUPLICATE_ALIAS_WARNING) { | ||||||
|  |             $this->triggerDuplicateAliasWarning($invocation); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $this->invocations[] = $invocation; | ||||||
|  |         return true; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param callable $callback | ||||||
|  |      * @param bool $reverse | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      */ | ||||||
|  |     public function findByCallback($callback, $reverse = false) | ||||||
|  |     { | ||||||
|  |         foreach ($this->getInvocations($reverse) as $invocation) { | ||||||
|  |             if (call_user_func($callback, $invocation) === true) { | ||||||
|  |                 return $invocation; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |         return null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Asserts that base-name is unique. This disallows having multiple invocations for | ||||||
|  |      * same base-name but having different alias names. | ||||||
|  |      * | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @param int $flags | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private function assertUniqueBaseName(PharInvocation $invocation, $flags) | ||||||
|  |     { | ||||||
|  |         if (!($flags & static::UNIQUE_BASE_NAME)) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         return $this->findByCallback( | ||||||
|  |                 function (PharInvocation $candidate) use ($invocation) { | ||||||
|  |                     return $candidate->getBaseName() === $invocation->getBaseName(); | ||||||
|  |                 } | ||||||
|  |             ) === null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Asserts that combination of base-name and alias is unique. This allows having multiple | ||||||
|  |      * invocations for same base-name but having different alias names (for whatever reason). | ||||||
|  |      * | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @param int $flags | ||||||
|  |      * @return bool | ||||||
|  |      */ | ||||||
|  |     private function assertUniqueInvocation(PharInvocation $invocation, $flags) | ||||||
|  |     { | ||||||
|  |         if (!($flags & static::UNIQUE_INVOCATION)) { | ||||||
|  |             return true; | ||||||
|  |         } | ||||||
|  |         return $this->findByCallback( | ||||||
|  |                 function (PharInvocation $candidate) use ($invocation) { | ||||||
|  |                     return $candidate->equals($invocation); | ||||||
|  |                 } | ||||||
|  |             ) === null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Triggers warning for invocations with same alias and same confirmation state. | ||||||
|  |      * | ||||||
|  |      * @param PharInvocation $invocation | ||||||
|  |      * @see \TYPO3\PharStreamWrapper\PharStreamWrapper::collectInvocation() | ||||||
|  |      */ | ||||||
|  |     private function triggerDuplicateAliasWarning(PharInvocation $invocation) | ||||||
|  |     { | ||||||
|  |         $sameAliasInvocation = $this->findByCallback( | ||||||
|  |             function (PharInvocation $candidate) use ($invocation) { | ||||||
|  |                 return $candidate->isConfirmed() === $invocation->isConfirmed() | ||||||
|  |                     && $candidate->getAlias() === $invocation->getAlias(); | ||||||
|  |             }, | ||||||
|  |             true | ||||||
|  |         ); | ||||||
|  |         if ($sameAliasInvocation === null) { | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |         trigger_error( | ||||||
|  |             sprintf( | ||||||
|  |                 'Alias %s cannot be used by %s, already used by %s', | ||||||
|  |                 $invocation->getAlias(), | ||||||
|  |                 $invocation->getBaseName(), | ||||||
|  |                 $sameAliasInvocation->getBaseName() | ||||||
|  |             ), | ||||||
|  |             E_USER_WARNING | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param bool $reverse | ||||||
|  |      * @return PharInvocation[] | ||||||
|  |      */ | ||||||
|  |     private function getInvocations($reverse = false) | ||||||
|  |     { | ||||||
|  |         if ($reverse) { | ||||||
|  |             return array_reverse($this->invocations); | ||||||
|  |         } | ||||||
|  |         return $this->invocations; | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -0,0 +1,249 @@ | |||||||
|  | <?php | ||||||
|  | namespace TYPO3\PharStreamWrapper\Resolver; | ||||||
|  |  | ||||||
|  | /* | ||||||
|  |  * This file is part of the TYPO3 project. | ||||||
|  |  * | ||||||
|  |  * It is free software; you can redistribute it and/or modify it under the terms | ||||||
|  |  * of the MIT License (MIT). For the full copyright and license information, | ||||||
|  |  * please read the LICENSE file that was distributed with this source code. | ||||||
|  |  * | ||||||
|  |  * The TYPO3 project - inspiring people to share! | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | use TYPO3\PharStreamWrapper\Helper; | ||||||
|  | use TYPO3\PharStreamWrapper\Manager; | ||||||
|  | use TYPO3\PharStreamWrapper\Phar\Reader; | ||||||
|  | use TYPO3\PharStreamWrapper\Phar\ReaderException; | ||||||
|  | use TYPO3\PharStreamWrapper\Resolvable; | ||||||
|  |  | ||||||
|  | class PharInvocationResolver implements Resolvable | ||||||
|  | { | ||||||
|  |     const RESOLVE_REALPATH = 1; | ||||||
|  |     const RESOLVE_ALIAS = 2; | ||||||
|  |     const ASSERT_INTERNAL_INVOCATION = 32; | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @var string[] | ||||||
|  |      */ | ||||||
|  |     private $invocationFunctionNames = array( | ||||||
|  |         'include', | ||||||
|  |         'include_once', | ||||||
|  |         'require', | ||||||
|  |         'require_once' | ||||||
|  |     ); | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Contains resolved base names in order to reduce file IO. | ||||||
|  |      * | ||||||
|  |      * @var string[] | ||||||
|  |      */ | ||||||
|  |     private $baseNames = array(); | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Resolves PharInvocation value object (baseName and optional alias). | ||||||
|  |      * | ||||||
|  |      * Phar aliases are intended to be used only inside Phar archives, however | ||||||
|  |      * PharStreamWrapper needs this information exposed outside of Phar as well | ||||||
|  |      * It is possible that same alias is used for different $baseName values. | ||||||
|  |      * That's why PharInvocationCollection behaves like a stack when resolving | ||||||
|  |      * base-name for a given alias. On the other hand it is not possible that | ||||||
|  |      * one $baseName is referring to multiple aliases. | ||||||
|  |      * @see https://secure.php.net/manual/en/phar.setalias.php | ||||||
|  |      * @see https://secure.php.net/manual/en/phar.mapphar.php | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int|null $flags | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      */ | ||||||
|  |     public function resolve($path, $flags = null) | ||||||
|  |     { | ||||||
|  |         $hasPharPrefix = Helper::hasPharPrefix($path); | ||||||
|  |         if ($flags === null) { | ||||||
|  |             $flags = static::RESOLVE_REALPATH | static::RESOLVE_ALIAS; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         if ($hasPharPrefix && $flags & static::RESOLVE_ALIAS) { | ||||||
|  |             $invocation = $this->findByAlias($path); | ||||||
|  |             if ($invocation !== null) { | ||||||
|  |                 return $invocation; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $baseName = $this->resolveBaseName($path, $flags); | ||||||
|  |         if ($baseName === null) { | ||||||
|  |             return null; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         if ($flags & static::RESOLVE_REALPATH) { | ||||||
|  |             $baseName = $this->baseNames[$baseName]; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return $this->retrieveInvocation($baseName, $flags); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Retrieves PharInvocation, either existing in collection or created on demand | ||||||
|  |      * with resolving a potential alias name used in the according Phar archive. | ||||||
|  |      * | ||||||
|  |      * @param string $baseName | ||||||
|  |      * @param int $flags | ||||||
|  |      * @return PharInvocation | ||||||
|  |      */ | ||||||
|  |     private function retrieveInvocation($baseName, $flags) | ||||||
|  |     { | ||||||
|  |         $invocation = $this->findByBaseName($baseName); | ||||||
|  |         if ($invocation !== null) { | ||||||
|  |             return $invocation; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         if ($flags & static::RESOLVE_ALIAS) { | ||||||
|  |             $reader = new Reader($baseName); | ||||||
|  |             $alias = $reader->resolveContainer()->getAlias(); | ||||||
|  |         } else { | ||||||
|  |             $alias = ''; | ||||||
|  |         } | ||||||
|  |         // add unconfirmed(!) new invocation to collection | ||||||
|  |         $invocation = new PharInvocation($baseName, $alias); | ||||||
|  |         Manager::instance()->getCollection()->collect($invocation); | ||||||
|  |         return $invocation; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @param int $flags | ||||||
|  |      * @return null|string | ||||||
|  |      */ | ||||||
|  |     private function resolveBaseName($path, $flags) | ||||||
|  |     { | ||||||
|  |         $baseName = $this->findInBaseNames($path); | ||||||
|  |         if ($baseName !== null) { | ||||||
|  |             return $baseName; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $baseName = Helper::determineBaseFile($path); | ||||||
|  |         if ($baseName !== null) { | ||||||
|  |             $this->addBaseName($baseName); | ||||||
|  |             return $baseName; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $possibleAlias = $this->resolvePossibleAlias($path); | ||||||
|  |         if (!($flags & static::RESOLVE_ALIAS) || $possibleAlias === null) { | ||||||
|  |             return null; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $trace = debug_backtrace(); | ||||||
|  |         foreach ($trace as $item) { | ||||||
|  |             if (!isset($item['function']) || !isset($item['args'][0]) | ||||||
|  |                 || !in_array($item['function'], $this->invocationFunctionNames, true)) { | ||||||
|  |                 continue; | ||||||
|  |             } | ||||||
|  |             $currentPath = $item['args'][0]; | ||||||
|  |             if (Helper::hasPharPrefix($currentPath)) { | ||||||
|  |                 continue; | ||||||
|  |             } | ||||||
|  |             $currentBaseName = Helper::determineBaseFile($currentPath); | ||||||
|  |             if ($currentBaseName === null) { | ||||||
|  |                 continue; | ||||||
|  |             } | ||||||
|  |             // ensure the possible alias name (how we have been called initially) matches | ||||||
|  |             // the resolved alias name that was retrieved by the current possible base name | ||||||
|  |             try { | ||||||
|  |                 $reader = new Reader($currentBaseName); | ||||||
|  |                 $currentAlias = $reader->resolveContainer()->getAlias(); | ||||||
|  |             } catch (ReaderException $exception) { | ||||||
|  |                 // most probably that was not a Phar file | ||||||
|  |                 continue; | ||||||
|  |             } | ||||||
|  |             if (empty($currentAlias) || $currentAlias !== $possibleAlias) { | ||||||
|  |                 continue; | ||||||
|  |             } | ||||||
|  |             $this->addBaseName($currentBaseName); | ||||||
|  |             return $currentBaseName; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return null|string | ||||||
|  |      */ | ||||||
|  |     private function resolvePossibleAlias($path) | ||||||
|  |     { | ||||||
|  |         $normalizedPath = Helper::normalizePath($path); | ||||||
|  |         return strstr($normalizedPath, '/', true) ?: null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $baseName | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      */ | ||||||
|  |     private function findByBaseName($baseName) | ||||||
|  |     { | ||||||
|  |         return Manager::instance()->getCollection()->findByCallback( | ||||||
|  |             function (PharInvocation $candidate) use ($baseName) { | ||||||
|  |                 return $candidate->getBaseName() === $baseName; | ||||||
|  |             }, | ||||||
|  |             true | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $path | ||||||
|  |      * @return null|string | ||||||
|  |      */ | ||||||
|  |     private function findInBaseNames($path) | ||||||
|  |     { | ||||||
|  |         // return directly if the resolved base name was submitted | ||||||
|  |         if (in_array($path, $this->baseNames, true)) { | ||||||
|  |             return $path; | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         $parts = explode('/', Helper::normalizePath($path)); | ||||||
|  |  | ||||||
|  |         while (count($parts)) { | ||||||
|  |             $currentPath = implode('/', $parts); | ||||||
|  |             if (isset($this->baseNames[$currentPath])) { | ||||||
|  |                 return $currentPath; | ||||||
|  |             } | ||||||
|  |             array_pop($parts); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         return null; | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * @param string $baseName | ||||||
|  |      */ | ||||||
|  |     private function addBaseName($baseName) | ||||||
|  |     { | ||||||
|  |         if (isset($this->baseNames[$baseName])) { | ||||||
|  |             return; | ||||||
|  |         } | ||||||
|  |         $this->baseNames[$baseName] = Helper::normalizeWindowsPath( | ||||||
|  |             realpath($baseName) | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     /** | ||||||
|  |      * Finds confirmed(!) invocations by alias. | ||||||
|  |      * | ||||||
|  |      * @param string $path | ||||||
|  |      * @return null|PharInvocation | ||||||
|  |      * @see \TYPO3\PharStreamWrapper\PharStreamWrapper::collectInvocation() | ||||||
|  |      */ | ||||||
|  |     private function findByAlias($path) | ||||||
|  |     { | ||||||
|  |         $possibleAlias = $this->resolvePossibleAlias($path); | ||||||
|  |         if ($possibleAlias === null) { | ||||||
|  |             return null; | ||||||
|  |         } | ||||||
|  |         return Manager::instance()->getCollection()->findByCallback( | ||||||
|  |             function (PharInvocation $candidate) use ($possibleAlias) { | ||||||
|  |                 return $candidate->isConfirmed() && $candidate->getAlias() === $possibleAlias; | ||||||
|  |             }, | ||||||
|  |             true | ||||||
|  |         ); | ||||||
|  |     } | ||||||
|  | } | ||||||
| @@ -7,8 +7,7 @@ files[] = aggregator.test | |||||||
| configure = admin/config/services/aggregator/settings | configure = admin/config/services/aggregator/settings | ||||||
| stylesheets[all][] = aggregator.css | stylesheets[all][] = aggregator.css | ||||||
|  |  | ||||||
| ; Information added by Drupal.org packaging script on 2015-04-02 | ; Information added by Drupal.org packaging script on 2021-04-21 | ||||||
| version = "7.36" | version = "7.80" | ||||||
| project = "drupal" | project = "drupal" | ||||||
| datestamp = "1427943826" | datestamp = "1619021862" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -455,6 +455,14 @@ function aggregator_save_category($edit) { | |||||||
|       db_delete('aggregator_category') |       db_delete('aggregator_category') | ||||||
|         ->condition('cid', $edit['cid']) |         ->condition('cid', $edit['cid']) | ||||||
|         ->execute(); |         ->execute(); | ||||||
|  |       // Remove category from feeds. | ||||||
|  |       db_delete('aggregator_category_feed') | ||||||
|  |         ->condition('cid', $edit['cid']) | ||||||
|  |         ->execute(); | ||||||
|  |       // Remove category from feed items. | ||||||
|  |       db_delete('aggregator_category_item') | ||||||
|  |         ->condition('cid', $edit['cid']) | ||||||
|  |         ->execute(); | ||||||
|       // Make sure there is no active block for this category. |       // Make sure there is no active block for this category. | ||||||
|       if (module_exists('block')) { |       if (module_exists('block')) { | ||||||
|         db_delete('block') |         db_delete('block') | ||||||
|   | |||||||
| @@ -72,7 +72,7 @@ function aggregator_aggregator_remove($feed) { | |||||||
|  */ |  */ | ||||||
| function aggregator_form_aggregator_admin_form_alter(&$form, $form_state) { | function aggregator_form_aggregator_admin_form_alter(&$form, $form_state) { | ||||||
|   if (in_array('aggregator', variable_get('aggregator_processors', array('aggregator')))) { |   if (in_array('aggregator', variable_get('aggregator_processors', array('aggregator')))) { | ||||||
|     $info = module_invoke('aggregator', 'aggregator_process', 'info'); |     $info = module_invoke('aggregator', 'aggregator_process_info'); | ||||||
|     $items = drupal_map_assoc(array(3, 5, 10, 15, 20, 25), '_aggregator_items'); |     $items = drupal_map_assoc(array(3, 5, 10, 15, 20, 25), '_aggregator_items'); | ||||||
|     $period = drupal_map_assoc(array(3600, 10800, 21600, 32400, 43200, 86400, 172800, 259200, 604800, 1209600, 2419200, 4838400, 9676800), 'format_interval'); |     $period = drupal_map_assoc(array(3600, 10800, 21600, 32400, 43200, 86400, 172800, 259200, 604800, 1209600, 2419200, 4838400, 9676800), 'format_interval'); | ||||||
|     $period[AGGREGATOR_CLEAR_NEVER] = t('Never'); |     $period[AGGREGATOR_CLEAR_NEVER] = t('Never'); | ||||||
|   | |||||||
| @@ -418,7 +418,7 @@ class CategorizeFeedTestCase extends AggregatorTestCase { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   /** |   /** | ||||||
|    * Creates a feed and makes sure you can add more than one category to it. |    * Creates a feed and makes sure you can add/delete categories to it. | ||||||
|    */ |    */ | ||||||
|   function testCategorizeFeed() { |   function testCategorizeFeed() { | ||||||
|  |  | ||||||
| @@ -448,7 +448,31 @@ class CategorizeFeedTestCase extends AggregatorTestCase { | |||||||
|     // Assert the feed has two categories. |     // Assert the feed has two categories. | ||||||
|     $this->getFeedCategories($db_feed); |     $this->getFeedCategories($db_feed); | ||||||
|     $this->assertEqual(count($db_feed->categories), 2, 'Feed has 2 categories'); |     $this->assertEqual(count($db_feed->categories), 2, 'Feed has 2 categories'); | ||||||
|  |  | ||||||
|  |     // Use aggregator_save_feed() to delete a category. | ||||||
|  |     $category = reset($categories); | ||||||
|  |     aggregator_save_category(array('cid' => $category->cid)); | ||||||
|  |  | ||||||
|  |     // Assert that category is deleted. | ||||||
|  |     $db_category = db_query("SELECT COUNT(*) FROM {aggregator_category} WHERE cid = :cid", array(':cid' => $category->cid))->fetchField(); | ||||||
|  |     $this->assertFalse($db_category, format_string('The category %title has been deleted.', array('%title' => $category->title))); | ||||||
|  |  | ||||||
|  |     // Assert that category has been removed from feed. | ||||||
|  |     $categorized_feeds = db_query("SELECT COUNT(*) FROM {aggregator_category_feed} WHERE cid = :cid", array(':cid' => $category->cid))->fetchField(); | ||||||
|  |     $this->assertFalse($categorized_feeds, format_string('The category %title has been removed from feed %feed_title.', array('%title' => $category->title, '%feed_title' => $feed['title']))); | ||||||
|  |  | ||||||
|  |     // Assert that no broken links (associated with the deleted category) | ||||||
|  |     // appear on one of the other category pages. | ||||||
|  |     $this->createSampleNodes(); | ||||||
|  |     $this->drupalGet('admin/config/services/aggregator'); | ||||||
|  |     $this->clickLink('update items'); | ||||||
|  |     $categories = $this->getCategories(); | ||||||
|  |     $category = reset($categories); | ||||||
|  |     $this->drupalGet('aggregator/categories/' . $category->cid); | ||||||
|  |     global $base_path; | ||||||
|  |     $this->assertNoRaw('<a href="' . $base_path . 'aggregator/categories/"></a>,'); | ||||||
|   } |   } | ||||||
|  |  | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
| @@ -685,9 +709,21 @@ class CategorizeFeedItemTestCase extends AggregatorTestCase { | |||||||
|       } |       } | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // Delete category from feed items when category is deleted. | ||||||
|  |     $cid = reset($feed->categories); | ||||||
|  |     $categories = $this->getCategories(); | ||||||
|  |     $category_title = $categories[$cid]->title; | ||||||
|  |  | ||||||
|  |     // Delete category. | ||||||
|  |     aggregator_save_category(array('cid' => $cid)); | ||||||
|  |  | ||||||
|  |     // Assert category has been removed from feed items. | ||||||
|  |     $categorized_count = db_query("SELECT COUNT(*) FROM {aggregator_category_item} WHERE cid = :cid", array(':cid' => $cid))->fetchField(); | ||||||
|  |     $this->assertFalse($categorized_count, format_string('The category %title has been removed from feed items.', array('%title' => $category_title))); | ||||||
|     // Delete feed. |     // Delete feed. | ||||||
|     $this->deleteFeed($feed); |     $this->deleteFeed($feed); | ||||||
|   } |   } | ||||||
|  |  | ||||||
| } | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|   | |||||||
| @@ -5,8 +5,7 @@ version = VERSION | |||||||
| core = 7.x | core = 7.x | ||||||
| hidden = TRUE | hidden = TRUE | ||||||
|  |  | ||||||
| ; Information added by Drupal.org packaging script on 2015-04-02 | ; Information added by Drupal.org packaging script on 2021-04-21 | ||||||
| version = "7.36" | version = "7.80" | ||||||
| project = "drupal" | project = "drupal" | ||||||
| datestamp = "1427943826" | datestamp = "1619021862" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -363,6 +363,31 @@ function hook_block_list_alter(&$blocks) { | |||||||
|   } |   } | ||||||
| } | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Act on block cache ID (cid) parts before the cid is generated. | ||||||
|  |  * | ||||||
|  |  * This hook allows you to add, remove or modify the custom keys used to | ||||||
|  |  * generate a block cache ID (by default, these keys are set to the block | ||||||
|  |  * module and delta). These keys will be combined with the standard ones | ||||||
|  |  * provided by drupal_render_cid_parts() to generate the final block cache ID. | ||||||
|  |  * | ||||||
|  |  * To change the cache granularity used by drupal_render_cid_parts(), this hook | ||||||
|  |  * cannot be used; instead, set the 'cache' key in the block's definition in | ||||||
|  |  * hook_block_info(). | ||||||
|  |  * | ||||||
|  |  * @params $cid_parts | ||||||
|  |  *   An array of elements used to build the cid. | ||||||
|  |  * @param $block | ||||||
|  |  *   The block object being acted on. | ||||||
|  |  * | ||||||
|  |  * @see _block_get_cache_id() | ||||||
|  |  */ | ||||||
|  | function hook_block_cid_parts_alter(&$cid_parts, $block) { | ||||||
|  |   global $user; | ||||||
|  |   // This example shows how to cache a block based on the user's timezone. | ||||||
|  |   $cid_parts[] = $user->timezone; | ||||||
|  | } | ||||||
|  |  | ||||||
| /** | /** | ||||||
|  * @} End of "addtogroup hooks". |  * @} End of "addtogroup hooks". | ||||||
|  */ |  */ | ||||||
|   | |||||||
| @@ -6,8 +6,7 @@ core = 7.x | |||||||
| files[] = block.test | files[] = block.test | ||||||
| configure = admin/structure/block | configure = admin/structure/block | ||||||
|  |  | ||||||
| ; Information added by Drupal.org packaging script on 2015-04-02 | ; Information added by Drupal.org packaging script on 2021-04-21 | ||||||
| version = "7.36" | version = "7.80" | ||||||
| project = "drupal" | project = "drupal" | ||||||
| datestamp = "1427943826" | datestamp = "1619021862" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -24,7 +24,7 @@ Drupal.behaviors.blockSettingsSummary = { | |||||||
|     $('fieldset#edit-node-type', context).drupalSetSummary(function (context) { |     $('fieldset#edit-node-type', context).drupalSetSummary(function (context) { | ||||||
|       var vals = []; |       var vals = []; | ||||||
|       $('input[type="checkbox"]:checked', context).each(function () { |       $('input[type="checkbox"]:checked', context).each(function () { | ||||||
|         vals.push($.trim($(this).next('label').text())); |         vals.push($.trim($(this).next('label').html())); | ||||||
|       }); |       }); | ||||||
|       if (!vals.length) { |       if (!vals.length) { | ||||||
|         vals.push(Drupal.t('Not restricted')); |         vals.push(Drupal.t('Not restricted')); | ||||||
| @@ -35,7 +35,7 @@ Drupal.behaviors.blockSettingsSummary = { | |||||||
|     $('fieldset#edit-role', context).drupalSetSummary(function (context) { |     $('fieldset#edit-role', context).drupalSetSummary(function (context) { | ||||||
|       var vals = []; |       var vals = []; | ||||||
|       $('input[type="checkbox"]:checked', context).each(function () { |       $('input[type="checkbox"]:checked', context).each(function () { | ||||||
|         vals.push($.trim($(this).next('label').text())); |         vals.push($.trim($(this).next('label').html())); | ||||||
|       }); |       }); | ||||||
|       if (!vals.length) { |       if (!vals.length) { | ||||||
|         vals.push(Drupal.t('Not restricted')); |         vals.push(Drupal.t('Not restricted')); | ||||||
| @@ -49,7 +49,7 @@ Drupal.behaviors.blockSettingsSummary = { | |||||||
|         return Drupal.t('Not customizable'); |         return Drupal.t('Not customizable'); | ||||||
|       } |       } | ||||||
|       else { |       else { | ||||||
|         return $radio.next('label').text(); |         return $radio.next('label').html(); | ||||||
|       } |       } | ||||||
|     }); |     }); | ||||||
|   } |   } | ||||||
|   | |||||||
| @@ -59,6 +59,7 @@ function block_help($path, $arg) { | |||||||
|       $output .= '<dd>' . t('Users with the <em>Administer blocks</em> permission can <a href="@block-add">add custom blocks</a>, which are then listed on the <a href="@blocks">Blocks administration page</a>. Once created, custom blocks behave just like default and module-generated blocks.', array('@blocks' => url('admin/structure/block'), '@block-add' => url('admin/structure/block/add'))) . '</dd>'; |       $output .= '<dd>' . t('Users with the <em>Administer blocks</em> permission can <a href="@block-add">add custom blocks</a>, which are then listed on the <a href="@blocks">Blocks administration page</a>. Once created, custom blocks behave just like default and module-generated blocks.', array('@blocks' => url('admin/structure/block'), '@block-add' => url('admin/structure/block/add'))) . '</dd>'; | ||||||
|       $output .= '</dl>'; |       $output .= '</dl>'; | ||||||
|       return $output; |       return $output; | ||||||
|  |  | ||||||
|     case 'admin/structure/block/add': |     case 'admin/structure/block/add': | ||||||
|       return '<p>' . t('Use this page to create a new custom block.') . '</p>'; |       return '<p>' . t('Use this page to create a new custom block.') . '</p>'; | ||||||
|   } |   } | ||||||
| @@ -189,6 +190,7 @@ function _block_themes_access($theme) { | |||||||
|  * @param $theme |  * @param $theme | ||||||
|  *   The theme whose blocks are being configured. If not set, the default theme |  *   The theme whose blocks are being configured. If not set, the default theme | ||||||
|  *   is assumed. |  *   is assumed. | ||||||
|  |  * | ||||||
|  * @return |  * @return | ||||||
|  *   The theme that should be used for the block configuration page, or NULL |  *   The theme that should be used for the block configuration page, or NULL | ||||||
|  *   to indicate that the default theme should be used. |  *   to indicate that the default theme should be used. | ||||||
| @@ -261,7 +263,7 @@ function block_page_build(&$page) { | |||||||
|   $all_regions = system_region_list($theme); |   $all_regions = system_region_list($theme); | ||||||
|  |  | ||||||
|   $item = menu_get_item(); |   $item = menu_get_item(); | ||||||
|   if ($item['path'] != 'admin/structure/block/demo/' . $theme) { |   if ($item === FALSE || $item['path'] != 'admin/structure/block/demo/' . $theme) { | ||||||
|     // Load all region content assigned via blocks. |     // Load all region content assigned via blocks. | ||||||
|     foreach (array_keys($all_regions) as $region) { |     foreach (array_keys($all_regions) as $region) { | ||||||
|       // Assign blocks to region. |       // Assign blocks to region. | ||||||
| @@ -281,10 +283,8 @@ function block_page_build(&$page) { | |||||||
|   } |   } | ||||||
|   else { |   else { | ||||||
|     // Append region description if we are rendering the regions demo page. |     // Append region description if we are rendering the regions demo page. | ||||||
|     $item = menu_get_item(); |  | ||||||
|     if ($item['path'] == 'admin/structure/block/demo/' . $theme) { |     if ($item['path'] == 'admin/structure/block/demo/' . $theme) { | ||||||
|       $visible_regions = array_keys(system_region_list($theme, REGIONS_VISIBLE)); |       foreach (system_region_list($theme, REGIONS_VISIBLE, FALSE) as $region) { | ||||||
|       foreach ($visible_regions as $region) { |  | ||||||
|         $description = '<div class="block-region">' . $all_regions[$region] . '</div>'; |         $description = '<div class="block-region">' . $all_regions[$region] . '</div>'; | ||||||
|         $page[$region]['block_description'] = array( |         $page[$region]['block_description'] = array( | ||||||
|           '#markup' => $description, |           '#markup' => $description, | ||||||
| @@ -343,14 +343,17 @@ function _block_get_renderable_array($list = array()) { | |||||||
|     // to perform contextual actions on the help block, and the links needlessly |     // to perform contextual actions on the help block, and the links needlessly | ||||||
|     // draw attention on it. |     // draw attention on it. | ||||||
|     if ($key != 'system_main' && $key != 'system_help') { |     if ($key != 'system_main' && $key != 'system_help') { | ||||||
|       $build[$key]['#contextual_links']['block'] = array('admin/structure/block/manage', array($block->module, $block->delta)); |       $build[$key]['#contextual_links']['block'] = array( | ||||||
|  |         'admin/structure/block/manage', | ||||||
|  |         array($block->module, $block->delta), | ||||||
|  |       ); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     $build[$key] += array( |     $build[$key] += array( | ||||||
|       '#block' => $block, |       '#block' => $block, | ||||||
|       '#weight' => ++$weight, |       '#weight' => ++$weight, | ||||||
|     ); |     ); | ||||||
|     $build[$key]['#theme_wrappers'][] ='block'; |     $build[$key]['#theme_wrappers'][] = 'block'; | ||||||
|   } |   } | ||||||
|   $build['#sorted'] = TRUE; |   $build['#sorted'] = TRUE; | ||||||
|   return $build; |   return $build; | ||||||
| @@ -386,18 +389,20 @@ function _block_rehash($theme = NULL) { | |||||||
|   // Gather the blocks defined by modules. |   // Gather the blocks defined by modules. | ||||||
|   foreach (module_implements('block_info') as $module) { |   foreach (module_implements('block_info') as $module) { | ||||||
|     $module_blocks = module_invoke($module, 'block_info'); |     $module_blocks = module_invoke($module, 'block_info'); | ||||||
|  |     $delta_list = array(); | ||||||
|     foreach ($module_blocks as $delta => $block) { |     foreach ($module_blocks as $delta => $block) { | ||||||
|       // Compile a condition to retrieve this block from the database. |       // Compile a condition to retrieve this block from the database. | ||||||
|       $condition = db_and() |  | ||||||
|         ->condition('module', $module) |  | ||||||
|         ->condition('delta', $delta); |  | ||||||
|       $or->condition($condition); |  | ||||||
|       // Add identifiers. |       // Add identifiers. | ||||||
|  |       $delta_list[] = $delta; | ||||||
|       $block['module'] = $module; |       $block['module'] = $module; | ||||||
|       $block['delta'] = $delta; |       $block['delta'] = $delta; | ||||||
|       $block['theme'] = $theme; |       $block['theme'] = $theme; | ||||||
|       $current_blocks[$module][$delta] = $block; |       $current_blocks[$module][$delta] = $block; | ||||||
|     } |     } | ||||||
|  |     if (!empty($delta_list)) { | ||||||
|  |       $condition = db_and()->condition('module', $module)->condition('delta', $delta_list); | ||||||
|  |       $or->condition($condition); | ||||||
|  |     } | ||||||
|   } |   } | ||||||
|   // Save the blocks defined in code for alter context. |   // Save the blocks defined in code for alter context. | ||||||
|   $code_blocks = $current_blocks; |   $code_blocks = $current_blocks; | ||||||
| @@ -426,23 +431,20 @@ function _block_rehash($theme = NULL) { | |||||||
|   drupal_alter('block_info', $current_blocks, $theme, $code_blocks); |   drupal_alter('block_info', $current_blocks, $theme, $code_blocks); | ||||||
|   foreach ($current_blocks as $module => $module_blocks) { |   foreach ($current_blocks as $module => $module_blocks) { | ||||||
|     foreach ($module_blocks as $delta => $block) { |     foreach ($module_blocks as $delta => $block) { | ||||||
|       if (!isset($block['pages'])) { |       // Make sure certain attributes are set. | ||||||
|         // {block}.pages is type 'text', so it cannot have a |       $block += array( | ||||||
|         // default value, and not null, so we need to provide |         'pages' => '', | ||||||
|         // value if the module did not. |         'weight' => 0, | ||||||
|         $block['pages']  = ''; |         'status' => 0, | ||||||
|       } |       ); | ||||||
|       // Make sure weight is set. |       // Check for active blocks in regions that are not available. | ||||||
|       if (!isset($block['weight'])) { |  | ||||||
|         $block['weight'] = 0; |  | ||||||
|       } |  | ||||||
|       if (!empty($block['region']) && $block['region'] != BLOCK_REGION_NONE && !isset($regions[$block['region']]) && $block['status'] == 1) { |       if (!empty($block['region']) && $block['region'] != BLOCK_REGION_NONE && !isset($regions[$block['region']]) && $block['status'] == 1) { | ||||||
|         drupal_set_message(t('The block %info was assigned to the invalid region %region and has been disabled.', array('%info' => $block['info'], '%region' => $block['region'])), 'warning'); |         drupal_set_message(t('The block %info was assigned to the invalid region %region and has been disabled.', array('%info' => $block['info'], '%region' => $block['region'])), 'warning'); | ||||||
|         // Disabled modules are moved into the BLOCK_REGION_NONE later so no |         // Disabled modules are moved into the BLOCK_REGION_NONE later so no | ||||||
|         // need to move the block to another region. |         // need to move the block to another region. | ||||||
|         $block['status'] = 0; |         $block['status'] = 0; | ||||||
|       } |       } | ||||||
|       // Set region to none if not enabled and make sure status is set. |       // Set region to none if not enabled. | ||||||
|       if (empty($block['status'])) { |       if (empty($block['status'])) { | ||||||
|         $block['status'] = 0; |         $block['status'] = 0; | ||||||
|         $block['region'] = BLOCK_REGION_NONE; |         $block['region'] = BLOCK_REGION_NONE; | ||||||
| @@ -644,7 +646,8 @@ function block_theme_initialize($theme) { | |||||||
|     $regions = system_region_list($theme, REGIONS_VISIBLE); |     $regions = system_region_list($theme, REGIONS_VISIBLE); | ||||||
|     $result = db_query("SELECT * FROM {block} WHERE theme = :theme", array(':theme' => $default_theme), array('fetch' => PDO::FETCH_ASSOC)); |     $result = db_query("SELECT * FROM {block} WHERE theme = :theme", array(':theme' => $default_theme), array('fetch' => PDO::FETCH_ASSOC)); | ||||||
|     foreach ($result as $block) { |     foreach ($result as $block) { | ||||||
|       // If the region isn't supported by the theme, assign the block to the theme's default region. |       // If the region isn't supported by the theme, assign the block to the | ||||||
|  |       // theme's default region. | ||||||
|       if ($block['status'] && !isset($regions[$block['region']])) { |       if ($block['status'] && !isset($regions[$block['region']])) { | ||||||
|         $block['region'] = system_default_region($theme); |         $block['region'] = system_default_region($theme); | ||||||
|       } |       } | ||||||
| @@ -812,17 +815,18 @@ function block_block_list_alter(&$blocks) { | |||||||
|       // with different case. Ex: /Page, /page, /PAGE. |       // with different case. Ex: /Page, /page, /PAGE. | ||||||
|       $pages = drupal_strtolower($block->pages); |       $pages = drupal_strtolower($block->pages); | ||||||
|       if ($block->visibility < BLOCK_VISIBILITY_PHP) { |       if ($block->visibility < BLOCK_VISIBILITY_PHP) { | ||||||
|         // Convert the Drupal path to lowercase |         // Convert the Drupal path to lowercase. | ||||||
|         $path = drupal_strtolower(drupal_get_path_alias($_GET['q'])); |         $path = drupal_strtolower(drupal_get_path_alias($_GET['q'])); | ||||||
|         // Compare the lowercase internal and lowercase path alias (if any). |         // Compare the lowercase internal and lowercase path alias (if any). | ||||||
|         $page_match = drupal_match_path($path, $pages); |         $page_match = drupal_match_path($path, $pages); | ||||||
|         if ($path != $_GET['q']) { |         if ($path != $_GET['q']) { | ||||||
|           $page_match = $page_match || drupal_match_path($_GET['q'], $pages); |           $page_match = $page_match || drupal_match_path($_GET['q'], $pages); | ||||||
|         } |         } | ||||||
|         // When $block->visibility has a value of 0 (BLOCK_VISIBILITY_NOTLISTED), |         // When $block->visibility has a value of 0 | ||||||
|         // the block is displayed on all pages except those listed in $block->pages. |         // (BLOCK_VISIBILITY_NOTLISTED), the block is displayed on all pages | ||||||
|         // When set to 1 (BLOCK_VISIBILITY_LISTED), it is displayed only on those |         // except those listed in $block->pages. When set to 1 | ||||||
|         // pages listed in $block->pages. |         // (BLOCK_VISIBILITY_LISTED), it is displayed only on those pages | ||||||
|  |         // listed in $block->pages. | ||||||
|         $page_match = !($block->visibility xor $page_match); |         $page_match = !($block->visibility xor $page_match); | ||||||
|       } |       } | ||||||
|       elseif (module_exists('php')) { |       elseif (module_exists('php')) { | ||||||
| @@ -845,7 +849,8 @@ function block_block_list_alter(&$blocks) { | |||||||
|  * Render the content and subject for a set of blocks. |  * Render the content and subject for a set of blocks. | ||||||
|  * |  * | ||||||
|  * @param $region_blocks |  * @param $region_blocks | ||||||
|  *   An array of block objects such as returned for one region by _block_load_blocks(). |  *   An array of block objects such as returned for one region by | ||||||
|  |  *   _block_load_blocks(). | ||||||
|  * |  * | ||||||
|  * @return |  * @return | ||||||
|  *   An array of visible blocks as expected by drupal_render(). |  *   An array of visible blocks as expected by drupal_render(). | ||||||
| @@ -953,6 +958,8 @@ function _block_render_blocks($region_blocks) { | |||||||
|  * Theme and language contexts are automatically differentiated. |  * Theme and language contexts are automatically differentiated. | ||||||
|  * |  * | ||||||
|  * @param $block |  * @param $block | ||||||
|  |  *   The block to get the cache_id from. | ||||||
|  |  * | ||||||
|  * @return |  * @return | ||||||
|  *   The string used as cache_id for the block. |  *   The string used as cache_id for the block. | ||||||
|  */ |  */ | ||||||
| @@ -967,6 +974,7 @@ function _block_get_cache_id($block) { | |||||||
|     // Start with common sub-patterns: block identification, theme, language. |     // Start with common sub-patterns: block identification, theme, language. | ||||||
|     $cid_parts[] = $block->module; |     $cid_parts[] = $block->module; | ||||||
|     $cid_parts[] = $block->delta; |     $cid_parts[] = $block->delta; | ||||||
|  |     drupal_alter('block_cid_parts', $cid_parts, $block); | ||||||
|     $cid_parts = array_merge($cid_parts, drupal_render_cid_parts($block->cache)); |     $cid_parts = array_merge($cid_parts, drupal_render_cid_parts($block->cache)); | ||||||
|  |  | ||||||
|     return implode(':', $cid_parts); |     return implode(':', $cid_parts); | ||||||
|   | |||||||
| @@ -5,8 +5,7 @@ version = VERSION | |||||||
| core = 7.x | core = 7.x | ||||||
| hidden = TRUE | hidden = TRUE | ||||||
|  |  | ||||||
| ; Information added by Drupal.org packaging script on 2015-04-02 | ; Information added by Drupal.org packaging script on 2021-04-21 | ||||||
| version = "7.36" | version = "7.80" | ||||||
| project = "drupal" | project = "drupal" | ||||||
| datestamp = "1427943826" | datestamp = "1619021862" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -13,8 +13,7 @@ regions[footer] = Footer | |||||||
| regions[highlighted] = Highlighted | regions[highlighted] = Highlighted | ||||||
| regions[help] = Help | regions[help] = Help | ||||||
|  |  | ||||||
| ; Information added by Drupal.org packaging script on 2015-04-02 | ; Information added by Drupal.org packaging script on 2021-04-21 | ||||||
| version = "7.36" | version = "7.80" | ||||||
| project = "drupal" | project = "drupal" | ||||||
| datestamp = "1427943826" | datestamp = "1619021862" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -5,8 +5,7 @@ version = VERSION | |||||||
| core = 7.x | core = 7.x | ||||||
| files[] = blog.test | files[] = blog.test | ||||||
|  |  | ||||||
| ; Information added by Drupal.org packaging script on 2015-04-02 | ; Information added by Drupal.org packaging script on 2021-04-21 | ||||||
| version = "7.36" | version = "7.80" | ||||||
| project = "drupal" | project = "drupal" | ||||||
| datestamp = "1427943826" | datestamp = "1619021862" | ||||||
|  |  | ||||||
|   | |||||||
| @@ -152,7 +152,7 @@ function blog_menu_local_tasks_alter(&$data, $router_item, $root_path) { | |||||||
|     } |     } | ||||||
|   } |   } | ||||||
|   // Provide a helper action link to the author on the 'blog/%' page. |   // Provide a helper action link to the author on the 'blog/%' page. | ||||||
|   elseif ($root_path == 'blog/%' && $router_item['page_arguments'][0]->uid == $user->uid) { |   elseif ($root_path == 'blog/%' && isset($router_item['page_arguments'][0]->uid) && $router_item['page_arguments'][0]->uid == $user->uid) { | ||||||
|     $data['actions']['output']['blog'] = array( |     $data['actions']['output']['blog'] = array( | ||||||
|       '#theme' => 'menu_local_action', |       '#theme' => 'menu_local_action', | ||||||
|     ); |     ); | ||||||
|   | |||||||
Some files were not shown because too many files have changed in this diff Show More
		Reference in New Issue
	
	Block a user