security update for entity api

sites/all/modules/contrib/dev/entity/entity.info

@@ -25,9 +25,9 @@ files[] = views/handlers/entity_views_handler_field_uri.inc
 files[] = views/handlers/entity_views_handler_relationship_by_bundle.inc
 files[] = views/handlers/entity_views_handler_relationship.inc
 files[] = views/plugins/entity_views_plugin_row_entity_view.inc
-; Information added by Drupal.org packaging script on 2016-09-22
-version = "7.x-1.8"
+; Information added by Drupal.org packaging script on 2018-02-14
+version = "7.x-1.9"
 core = "7.x"
 project = "entity"
-datestamp = "1474546503"
+datestamp = "1518620551"
 

sites/all/modules/contrib/dev/entity/entity.module

@@ -1088,9 +1088,10 @@ function entity_flush_caches() {
   // Care about entitycache tables.
   if (module_exists('entitycache')) {
     $tables = array();
-    foreach (entity_crud_get_info() as $entity_type => $entity_info) {
-      if (isset($entity_info['module']) && !empty($entity_info['entity cache'])) {
-        $tables[] = 'cache_entity_' . $entity_type;
+    $tables_created = variable_get('entity_cache_tables_created');
+    if (is_array($tables_created)) {
+      foreach ($tables_created as $module => $entity_cache_tables) {
+        $tables = array_merge($tables, $entity_cache_tables);
       }
     }
     return $tables;

sites/all/modules/contrib/dev/entity/entity_token.info

@@ -5,9 +5,9 @@ files[] = entity_token.tokens.inc
 files[] = entity_token.module
 dependencies[] = entity
 
-; Information added by Drupal.org packaging script on 2016-09-22
-version = "7.x-1.8"
+; Information added by Drupal.org packaging script on 2018-02-14
+version = "7.x-1.9"
 core = "7.x"
 project = "entity"
-datestamp = "1474546503"
+datestamp = "1518620551"
 

sites/all/modules/contrib/dev/entity/includes/entity.wrapper.inc

@@ -121,7 +121,7 @@ abstract class EntityMetadataWrapper {
     if (!$this->validate($value)) {
       throw new EntityMetadataWrapperException(t('Invalid data value given. Be sure it matches the required data type and format. Value at !location: !value.', array(
         // An exception's message is output through check_plain().
-        '!value' => is_array($value) || is_object($value) ? var_export($value) : $value,
+        '!value' => is_array($value) || is_object($value) ? var_export($value, TRUE) : $value,
         '!location' => $this->debugIdentifierLocation(),
       )));
     }
@@ -755,7 +755,7 @@ class EntityDrupalWrapper extends EntityStructureWrapper {
     if (!$this->validate($value)) {
       throw new EntityMetadataWrapperException(t('Invalid data value given. Be sure it matches the required data type and format. Value at !location: !value.', array(
         // An exception's message is output through check_plain().
-        '!value' => is_array($value) || is_object($value) ? var_export($value) : $value,
+        '!value' => is_array($value) || is_object($value) ? var_export($value, TRUE) : $value,
         '!location' => $this->debugIdentifierLocation(),
       )));
     }
@@ -1116,7 +1116,7 @@ class EntityListWrapper extends EntityMetadataWrapper implements IteratorAggrega
    */
   public function getIterator() {
     // In case there is no data available, just iterate over the first item.
-    return new EntityMetadataWrapperIterator($this, $this->dataAvailable() ? array_keys(parent::value()) : array(0));
+    return new EntityMetadataWrapperIterator($this, ($this->dataAvailable() && is_array(parent::value())) ? array_keys(parent::value()) : array(0));
   }
 
   /**

sites/all/modules/contrib/dev/entity/modules/callbacks.inc

@@ -673,7 +673,7 @@ function entity_metadata_no_hook_node_access($op, $node = NULL, $account = NULL)
     if (empty($node->vid) && in_array($op, array('create', 'update'))) {
       // This is a new node or the original node.
       if (isset($node->type)) {
-        $op = !empty($node->is_new) && $node->is_new ? 'create' : 'update';
+        $op = empty($node->nid) || !empty($node->is_new) ? 'create' : 'update';
         return node_access($op, $op == 'create' ? $node->type : $node, $account);
       }
       else {

sites/all/modules/contrib/dev/entity/tests/entity_feature.info

@@ -6,9 +6,9 @@ files[] = entity_feature.module
 dependencies[] = entity_test
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2016-09-22
-version = "7.x-1.8"
+; Information added by Drupal.org packaging script on 2018-02-14
+version = "7.x-1.9"
 core = "7.x"
 project = "entity"
-datestamp = "1474546503"
+datestamp = "1518620551"
 

sites/all/modules/contrib/dev/entity/tests/entity_test.info

@@ -7,9 +7,9 @@ files[] = entity_test.install
 dependencies[] = entity
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2016-09-22
-version = "7.x-1.8"
+; Information added by Drupal.org packaging script on 2018-02-14
+version = "7.x-1.9"
 core = "7.x"
 project = "entity"
-datestamp = "1474546503"
+datestamp = "1518620551"
 

sites/all/modules/contrib/dev/entity/tests/entity_test_i18n.info

@@ -5,9 +5,9 @@ dependencies[] = i18n_string
 package = Multilingual - Internationalization
 core = 7.x
 hidden = TRUE
-; Information added by Drupal.org packaging script on 2016-09-22
-version = "7.x-1.8"
+; Information added by Drupal.org packaging script on 2018-02-14
+version = "7.x-1.9"
 core = "7.x"
 project = "entity"
-datestamp = "1474546503"
+datestamp = "1518620551"
 

sites/all/modules/contrib/dev/entity/views/handlers/entity_views_handler_area_entity.inc

@@ -40,7 +40,7 @@ class entity_views_handler_area_entity extends views_handler_area {
     $form['entity_id'] = array(
       '#type' => 'textfield',
       '#title' => t('Entity id'),
-      '#description' => t('Choose the entity you want to display in the area.'),
+      '#description' => t('Choose the entity you want to display in the area. To render an entity given by a contextual filter use "%1" for the first argument, "%2" for the second, etc.'),
       '#default_value' => $this->options['entity_id'],
     );
 
@@ -105,6 +105,9 @@ class entity_views_handler_area_entity extends views_handler_area {
    * Render an entity using the view mode.
    */
   public function render_entity($entity_type, $entity_id, $view_mode) {
+    $tokens = $this->get_render_tokens();
+    // Replace argument tokens in entity id.
+    $entity_id = strtr($entity_id, $tokens);
     if (!empty($entity_type) && !empty($entity_id) && !empty($view_mode)) {
       $entity = entity_load_single($entity_type, $entity_id);
       if (!empty($this->options['bypass_access']) || entity_access('view', $entity_type, $entity)) {
@@ -117,4 +120,31 @@ class entity_views_handler_area_entity extends views_handler_area {
       return '';
     }
   }
+
+  /**
+   * Get the 'render' tokens to use for advanced rendering.
+   *
+   * This runs through all of the fields and arguments that
+   * are available and gets their values. This will then be
+   * used in one giant str_replace().
+   */
+  function get_render_tokens() {
+    $tokens = array();
+    if (!empty($this->view->build_info['substitutions'])) {
+      $tokens = $this->view->build_info['substitutions'];
+    }
+    $count = 0;
+    foreach ($this->view->display_handler->get_handlers('argument') as $arg => $handler) {
+      $token = '%' . ++$count;
+      if (!isset($tokens[$token])) {
+        $tokens[$token] = '';
+      }
+      // Use strip tags as there should never be HTML in the path.
+      // However, we need to preserve special characters like " that
+      // were removed by check_plain().
+      $tokens['%' . $count] = $handler->argument;
+    }
+
+    return $tokens;
+  }
 }