upadted l10n_update contrib module

sites/all/modules/contrib/localisation/l10n_update/includes/gettext/PoStreamReader.php

@@ -257,6 +257,12 @@ class PoStreamReader implements PoStreamInterface, PoReaderInterface {
     $line = fgets($this->_fd);
     $this->_finished = ($line === FALSE);
 
+    // Initialize common values for error logging.
+    $log_vars = array(
+      '%uri' => $this->getURI(),
+      '%line' => &$this->_line_number,
+    );
+
     if (!$this->_finished) {
 
       if ($this->_line_number == 0) {
@@ -269,12 +275,6 @@ class PoStreamReader implements PoStreamInterface, PoReaderInterface {
       // Track the line number for error reporting.
       $this->_line_number++;
 
-      // Initialize common values for error logging.
-      $log_vars = array(
-        '%uri' => $this->getURI(),
-        '%line' => $this->_line_number,
-      );
-
       // Trim away the linefeed. \\n might appear at the end of the string if
       // another line continuing the same string follows. We can remove that.
       $line = trim(strtr($line, array("\\\n" => "")));

sites/all/modules/contrib/localisation/l10n_update/l10n_update.admin.inc

@@ -294,8 +294,10 @@ function l10n_update_admin_settings_form($form, &$form_state) {
     '#description' => t('The selected languages will not receive interface translation updates.'),
   );
 
+  $form = system_settings_form($form);
   $form['#submit'][] = 'l10n_update_admin_settings_form_submit';
-  return system_settings_form($form);
+
+  return $form;
 }
 
 /**
@@ -336,6 +338,9 @@ function l10n_update_admin_settings_form_submit($form, &$form_state) {
   $input = strtr($input, array("\r" => '', ' ' => ''));
   $values = array_filter(explode("\n", $input));
   variable_set('l10n_update_disabled_projects', $values);
+
+  // Add .htaccess file to the translations directory.
+  l10n_update_ensure_htaccess();
 }
 
 /**

sites/all/modules/contrib/localisation/l10n_update/l10n_update.fetch.inc

@@ -106,6 +106,7 @@ function _l10n_update_fetch_operations(array $projects, array $langcodes, array
       watchdog('file system', 'The directory %directory does not exist or is not writable.', array('%directory' => $directory), WATCHDOG_ERROR);
       return $operations;
     }
+    l10n_update_ensure_htaccess();
   }
 
   foreach ($projects as $project) {

sites/all/modules/contrib/localisation/l10n_update/l10n_update.info

@@ -33,9 +33,8 @@ files[] = tests/L10nUpdateInterfaceTest.test
 files[] = tests/L10nUpdateTest.test
 files[] = tests/L10nUpdateTestBase.test
 
-; Information added by Drupal.org packaging script on 2017-09-18
-version = "7.x-2.2"
+; Information added by Drupal.org packaging script on 2019-10-01
+version = "7.x-2.3"
 core = "7.x"
 project = "l10n_update"
-datestamp = "1505717347"
-
+datestamp = "1569963490"

sites/all/modules/contrib/localisation/l10n_update/l10n_update.install

@@ -165,6 +165,7 @@ function l10n_update_install() {
   foreach ($directories as $directory) {
     if (file_prepare_directory($directory, FILE_CREATE_DIRECTORY | FILE_MODIFY_PERMISSIONS)) {
       variable_set('l10n_update_download_store', $directory);
+      l10n_update_ensure_htaccess($directory);
       return;
     }
   }
@@ -255,6 +256,21 @@ function l10n_update_requirements($phase) {
         );
       }
     }
+
+    // Test the contents of the .htaccess file in the translations directory.
+    l10n_update_ensure_htaccess();
+    $htaccess_file = 'translations://.htaccess';
+    $directory = variable_get('l10n_update_download_store', L10N_UPDATE_DEFAULT_TRANSLATION_PATH);
+    // Check for the string which was added to the recommended .htaccess file
+    // in the latest security update.
+    if (!file_exists($htaccess_file) || !($contents = @file_get_contents($htaccess_file)) || strpos($contents, 'Drupal_Security_Do_Not_Remove_See_SA_2013_003') === FALSE) {
+      $requirements['l10n_update_htaccess'] = array(
+        'title' => t('Translations directory'),
+        'value' => t('Not fully protected'),
+        'severity' => REQUIREMENT_ERROR,
+        'description' => t('See <a href="@url">@url</a> for information about the recommended .htaccess file which should be added to the %directory directory to help protect against arbitrary code execution.', array('@url' => 'http://drupal.org/SA-CORE-2013-003', '%directory' => $directory)),
+      );
+    }
   }
   if ($phase == 'update') {
     // Make sure the 'translations' stream wrapper class gets registered.
@@ -626,3 +642,10 @@ function l10n_update_update_7209() {
     variable_set('l10n_update_default_update_url', L10N_UPDATE_DEFAULT_SERVER_PATTERN);
   }
 }
+
+/**
+ * Add a .htaccess file to the translations directory.
+ */
+function l10n_update_update_7210() {
+  l10n_update_ensure_htaccess();
+}

sites/all/modules/contrib/localisation/l10n_update/l10n_update.module

@@ -802,3 +802,15 @@ function l10n_update_clear_status() {
 function l10n_update_use_remote_source() {
   return variable_get('l10n_update_check_mode', L10N_UPDATE_USE_SOURCE_REMOTE_AND_LOCAL) == L10N_UPDATE_USE_SOURCE_REMOTE_AND_LOCAL;
 }
+
+/**
+ * Creates a .htaccess file in the translations directory if it is missing.
+ *
+ * @param string $directory
+ *   The translations directory to create the file in. Defaults to the directory
+ *   of the 'translations://' wrapper.
+ */
+function l10n_update_ensure_htaccess($directory = '') {
+  $directory = empty($directory) ? 'translations://' : $directory;
+  file_create_htaccess($directory, FALSE);
+}

sites/all/modules/contrib/localisation/l10n_update/tests/L10nUpdateTest.test

@@ -33,7 +33,7 @@ class L10nUpdateTest extends L10nUpdateTestBase {
     // Exclude drupal core and nl10n_update so no remote translations are
     // fetched.
     $edit = array(
-      'disabled_projects' => 'drupal\nl10n_update',
+      'disabled_projects' => "drupal\nl10n_update",
     );
     $this->drupalPost('admin/config/regional/language/update', $edit, t('Save configuration'));
 

sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test/l10n_update_test.info

@@ -6,9 +6,8 @@ version = '1.2'
 core = 7.x
 hidden = true
 
-; Information added by Drupal.org packaging script on 2017-09-18
-version = "7.x-2.2"
+; Information added by Drupal.org packaging script on 2019-10-01
+version = "7.x-2.3"
 core = "7.x"
 project = "l10n_update"
-datestamp = "1505717347"
-
+datestamp = "1569963490"

sites/all/modules/contrib/localisation/l10n_update/tests/modules/l10n_update_test_translate/l10n_update_test_translate.info

@@ -8,9 +8,8 @@ hidden = true
 interface translation project = l10n_update_test_translate
 l10n path = sites/all/modules/contrib/l10n_update/tests/modules/l10n_update_test_translate/translations/l10n_update_test_translate.%language.po
 
-; Information added by Drupal.org packaging script on 2017-09-18
-version = "7.x-2.2"
+; Information added by Drupal.org packaging script on 2019-10-01
+version = "7.x-2.3"
 core = "7.x"
 project = "l10n_update"
-datestamp = "1505717347"
-
+datestamp = "1569963490"