Commit 0b8ef15a authored by Andrei Ivnitskii's avatar Andrei Ivnitskii Committed by Arthur Vakorin

issue #1247: Обновить ядро до версии 7.61 (#1250)

parent 8e184a54
Drupal 7.61, 2018-11-07
-----------------------
- File upload validation functions and hook_file_validate() implementations are
now always passed the correct file URI.
- The default form cache expiration of 6 hours is now configurable (API
addition: https://www.drupal.org/node/2857751).
- Allowed callers of drupal_http_request() to optionally specify an explicit
Host header.
- Allowed the + character to appear in usernames.
- PHP 7.2: Fixed Archive_Tar incompatibility.
- PHP 7.2: Removed deprecated function each().
- PHP 7.2: Avoid count() calls on uncountable variables.
- PHP 7.2: Removed deprecated create_function() call.
- PHP 7.2: Make sure variables are arrays in theme_links().
- Fixed theme-settings.php not being loaded on cached forms
- Fixed problem with IE11 & Chrome(PointerEvents enabled) & some Firefox scroll to the top of the page after dragging the bottom item with jquery 1.5 <-> 1.11
Drupal 7.60, 2018-10-18
------------------------
- Fixed security issues. See SA-CORE-2018-006.
......@@ -8,7 +25,7 @@ Drupal 7.59, 2018-04-25
Drupal 7.58, 2018-03-28
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2018-002.
- Fixed security issues (remote code execution). See SA-CORE-2018-002.
Drupal 7.57, 2018-02-21
-----------------------
......
......@@ -15,6 +15,7 @@ The branch maintainers for Drupal 7 are:
- Fabian Franz 'Fabianx' https://www.drupal.org/u/fabianx
- David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein
- Stefan Ruijsenaars 'stefan.r' https://www.drupal.org/u/stefanr-0
- (provisional) Pol Dellaiera 'Pol' https://www.drupal.org/u/pol
Component maintainers
......@@ -44,10 +45,9 @@ Cron system
- Derek Wright 'dww' https://www.drupal.org/u/dww
Database system
- Larry Garfield 'Crell' https://www.drupal.org/u/crell
- ?
- MySQL driver
- Larry Garfield 'Crell' https://www.drupal.org/u/crell
- David Strauss 'David Strauss' https://www.drupal.org/u/david-strauss
- PostgreSQL driver
......
......@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.60');
define('VERSION', '7.61');
/**
* Core API compatibility.
......@@ -3785,8 +3785,12 @@ function _drupal_shutdown_function() {
chdir(DRUPAL_ROOT);
try {
while (list($key, $callback) = each($callbacks)) {
// Manually iterate over the array instead of using a foreach loop.
// A foreach operates on a copy of the array, so any shutdown functions that
// were added from other shutdown functions would never be called.
while ($callback = current($callbacks)) {
call_user_func_array($callback['callback'], $callback['arguments']);
next($callbacks);
}
}
catch (Exception $exception) {
......
......@@ -867,8 +867,10 @@ function drupal_http_request($url, array $options = array()) {
// Make the socket connection to a proxy server.
$socket = 'tcp://' . $proxy_server . ':' . variable_get('proxy_port', 8080);
// The Host header still needs to match the real request.
$options['headers']['Host'] = $uri['host'];
$options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : '';
if (!isset($options['headers']['Host'])) {
$options['headers']['Host'] = $uri['host'];
$options['headers']['Host'] .= isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : '';
}
break;
case 'http':
......@@ -878,14 +880,18 @@ function drupal_http_request($url, array $options = array()) {
// RFC 2616: "non-standard ports MUST, default ports MAY be included".
// We don't add the standard port to prevent from breaking rewrite rules
// checking the host that do not take into account the port number.
$options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : '');
if (!isset($options['headers']['Host'])) {
$options['headers']['Host'] = $uri['host'] . ($port != 80 ? ':' . $port : '');
}
break;
case 'https':
// Note: Only works when PHP is compiled with OpenSSL support.
$port = isset($uri['port']) ? $uri['port'] : 443;
$socket = 'ssl://' . $uri['host'] . ':' . $port;
$options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : '');
if (!isset($options['headers']['Host'])) {
$options['headers']['Host'] = $uri['host'] . ($port != 443 ? ':' . $port : '');
}
break;
default:
......
......@@ -1536,7 +1536,7 @@ function file_save_upload($form_field_name, $validators = array(), $destination
// evaluates to TRUE.
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
$file->filemime = 'text/plain';
$file->uri .= '.txt';
// The destination filename will also later be used to create the URI.
$file->filename .= '.txt';
// The .txt extension may not be in the allowed list of extensions. We have
// to add it here or else the file upload will fail.
......
......@@ -555,8 +555,10 @@ function form_get_cache($form_build_id, &$form_state) {
* Stores a form in the cache.
*/
function form_set_cache($form_build_id, $form, $form_state) {
// 6 hours cache life time for forms should be plenty.
$expire = 21600;
// The default cache_form expiration is 6 hours. On busy sites, the cache_form
// table can become very large. A shorter cache lifetime can help to keep the
// table's size under control.
$expire = variable_get('form_cache_expiration', 21600);
// Ensure that the form build_id embedded in the form structure is the same as
// the one passed in as a parameter. This is an additional safety measure to
......@@ -1438,10 +1440,12 @@ function _form_validate(&$elements, &$form_state, $form_id = NULL) {
// length if it's a string, and the item count if it's an array.
// An unchecked checkbox has a #value of integer 0, different than string
// '0', which could be a valid value.
$is_empty_multiple = (!count($elements['#value']));
$is_countable = is_array($elements['#value']) || $elements['#value'] instanceof Countable;
$is_empty_multiple = $is_countable && count($elements['#value']) == 0;
$is_empty_string = (is_string($elements['#value']) && drupal_strlen(trim($elements['#value'])) == 0);
$is_empty_value = ($elements['#value'] === 0);
if ($is_empty_multiple || $is_empty_string || $is_empty_value) {
$is_empty_null = is_null($elements['#value']);
if ($is_empty_multiple || $is_empty_string || $is_empty_value || $is_empty_null) {
// Although discouraged, a #title is not mandatory for form elements. In
// case there is no #title, we cannot set a form error message.
// Instead of setting no #title, form constructors are encouraged to set
......
......@@ -779,7 +779,7 @@ function drupal_uninstall_modules($module_list = array(), $uninstall_dependents
$module_list = array_flip(array_values($module_list));
$profile = drupal_get_profile();
while (list($module) = each($module_list)) {
foreach (array_keys($module_list) as $module) {
if (!isset($module_data[$module]) || drupal_get_installed_schema_version($module) == SCHEMA_UNINSTALLED) {
// This module doesn't exist or is already uninstalled. Skip it.
unset($module_list[$module]);
......
......@@ -576,7 +576,8 @@ function _menu_load_objects(&$item, &$map) {
// 'load arguments' in the hook_menu() entry, but they need
// some processing. In this case the $function is the key to the
// load_function array, and the value is the list of arguments.
list($function, $args) = each($function);
$args = current($function);
$function = key($function);
$load_functions[$index] = $function;
// Some arguments are placeholders for dynamic items to process.
......@@ -2402,7 +2403,8 @@ function menu_set_active_trail($new_trail = NULL) {
// a stripped down menu tree containing the active trail only, in case
// the given menu has not been built in this request yet.
$tree = menu_tree_page_data($preferred_link['menu_name'], NULL, TRUE);
list($key, $curr) = each($tree);
$curr = current($tree);
next($tree);
}
// There is no link for the current path.
else {
......@@ -2432,7 +2434,8 @@ function menu_set_active_trail($new_trail = NULL) {
}
$tree = $curr['below'] ? $curr['below'] : array();
}
list($key, $curr) = each($tree);
$curr = current($tree);
next($tree);
}
// Make sure the current page is in the trail to build the page title, by
// appending either the preferred link or the menu router item for the
......
......@@ -404,7 +404,11 @@ function module_enable($module_list, $enable_dependencies = TRUE) {
// Create an associative array with weights as values.
$module_list = array_flip(array_values($module_list));
while (list($module) = each($module_list)) {
// The array is iterated over manually (instead of using a foreach) because
// modules may be added to the list within the loop and we need to process
// them.
while ($module = key($module_list)) {
next($module_list);
if (!isset($module_data[$module])) {
// This module is not found in the filesystem, abort.
return FALSE;
......@@ -540,7 +544,11 @@ function module_disable($module_list, $disable_dependents = TRUE) {
$module_list = array_flip(array_values($module_list));
$profile = drupal_get_profile();
while (list($module) = each($module_list)) {
// The array is iterated over manually (instead of using a foreach) because
// modules may be added to the list within the loop and we need to process
// them.
while ($module = key($module_list)) {
next($module_list);
if (!isset($module_data[$module]) || !$module_data[$module]->status) {
// This module doesn't exist or is already disabled, skip it.
unset($module_list[$module]);
......
......@@ -1776,13 +1776,13 @@ function theme_link($variables) {
* http://www.w3.org/TR/WCAG-TECHS/H42.html for more information.
*/
function theme_links($variables) {
$links = $variables['links'];
$attributes = $variables['attributes'];
$links = (array) $variables['links'];
$attributes = (array) $variables['attributes'];
$heading = $variables['heading'];
global $language_url;
$output = '';
if (count($links) > 0) {
if (!empty($links)) {
// Treat the heading first if it is present to prepend it to the
// list of links.
if (!empty($heading)) {
......@@ -1995,7 +1995,7 @@ function theme_table($variables) {
$empty = $variables['empty'];
// Add sticky headers, if applicable.
if (count($header) && $sticky) {
if (!empty($header) && $sticky) {
drupal_add_js('misc/tableheader.js');
// Add 'sticky-enabled' class to the table to identify it for JS.
// This is needed to target tables constructed by this function.
......@@ -2009,7 +2009,7 @@ function theme_table($variables) {
}
// Format the table columns:
if (count($colgroups)) {
if (!empty($colgroups)) {
foreach ($colgroups as $number => $colgroup) {
$attributes = array();
......@@ -2044,38 +2044,40 @@ function theme_table($variables) {
}
// Add the 'empty' row message if available.
if (!count($rows) && $empty) {
if (empty($rows) && $empty) {
$header_count = 0;
foreach ($header as $header_cell) {
if (is_array($header_cell)) {
$header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
}
else {
$header_count++;
if (!empty($header)) {
foreach ($header as $header_cell) {
if (is_array($header_cell)) {
$header_count += isset($header_cell['colspan']) ? $header_cell['colspan'] : 1;
}
else {
$header_count++;
}
}
}
$rows[] = array(array('data' => $empty, 'colspan' => $header_count, 'class' => array('empty', 'message')));
}
// Format the table header:
if (count($header)) {
if (!empty($header)) {
$ts = tablesort_init($header);
// HTML requires that the thead tag has tr tags in it followed by tbody
// tags. Using ternary operator to check and see if we have any rows.
$output .= (count($rows) ? ' <thead><tr>' : ' <tr>');
$output .= (!empty($rows) ? ' <thead><tr>' : ' <tr>');
foreach ($header as $cell) {
$cell = tablesort_header($cell, $header, $ts);
$output .= _theme_table_cell($cell, TRUE);
}
// Using ternary operator to close the tags based on whether or not there are rows
$output .= (count($rows) ? " </tr></thead>\n" : "</tr>\n");
$output .= (!empty($rows) ? " </tr></thead>\n" : "</tr>\n");
}
else {
$ts = array();
}
// Format the table rows:
if (count($rows)) {
if (!empty($rows)) {
$output .= "<tbody>\n";
$flip = array('even' => 'odd', 'odd' => 'even');
$class = 'even';
......@@ -2095,7 +2097,7 @@ function theme_table($variables) {
$attributes = array();
$no_striping = FALSE;
}
if (count($cells)) {
if (!empty($cells)) {
// Add odd/even class
if (!$no_striping) {
$class = $flip[$class];
......
......@@ -580,21 +580,43 @@ Drupal.tableDrag.prototype.dropRow = function (event, self) {
* Get the mouse coordinates from the event (allowing for browser differences).
*/
Drupal.tableDrag.prototype.mouseCoords = function (event) {
// Match both null and undefined, but not zero, by using != null.
// See https://stackoverflow.com/questions/2647867/how-to-determine-if-variable-is-undefined-or-null
if (event.pageX != null && event.pageY != null) {
return {x: event.pageX, y: event.pageY};
}
// Complete support for pointer events was only introduced to jQuery in
// version 1.11.1; between versions 1.7 and 1.11.0 pointer events have the
// clientX and clientY properties undefined. In those cases, the properties
// must be retrieved from the event.originalEvent object instead.
var clientX = event.clientX || event.originalEvent.clientX;
var clientY = event.clientY || event.originalEvent.clientY;
// pageX and pageY properties undefined. In those cases, the properties must
// be retrieved from the event.originalEvent object instead.
if (event.originalEvent && event.originalEvent.pageX != null && event.originalEvent.pageY != null) {
return {x: event.originalEvent.pageX, y: event.originalEvent.pageY};
}
if (event.pageX || event.pageY) {
return { x: event.pageX, y: event.pageY };
// Some old browsers do not support MouseEvent.pageX and *.pageY at all.
// See https://developer.mozilla.org/en-US/docs/Web/API/MouseEvent/pageY
// For those, we look at event.clientX and event.clientY instead.
if (event.clientX == null || event.clientY == null) {
// In some jQuery versions, some events created by jQuery do not have
// clientX and clientY. But the original event might have.
if (!event.originalEvent) {
throw new Error("The event has no coordinates, and no event.originalEvent.");
}
event = event.originalEvent;
if (event.clientX == null || event.clientY == null) {
throw new Error("The original event has no coordinates.");
}
}
return {
x: clientX + document.body.scrollLeft - document.body.clientLeft,
y: clientY + document.body.scrollTop - document.body.clientTop
};
// Copied from jQuery.event.fix() in jQuery 1.4.1.
// In newer jQuery versions, this code is in jQuery.event.mouseHooks.filter().
var doc = document.documentElement, body = document.body;
var pageX = event.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && body.clientLeft || 0 );
var pageY = event.clientY + ( doc && doc.scrollTop || body && body.scrollTop || 0 ) - ( doc && doc.clientTop || body && body.clientTop || 0 );
return {x: pageX, y: pageY};
};
/**
......
......@@ -7,7 +7,7 @@ files[] = aggregator.test
configure = admin/config/services/aggregator/settings
stylesheets[all][] = aggregator.css
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -6,7 +6,7 @@ core = 7.x
files[] = block.test
configure = admin/structure/block
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -13,7 +13,7 @@ regions[footer] = Footer
regions[highlighted] = Highlighted
regions[help] = Help
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = blog.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -7,7 +7,7 @@ files[] = book.test
configure = admin/content/book/settings
stylesheets[all][] = book.css
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -768,11 +768,13 @@ function book_prev($book_link) {
return NULL;
}
$flat = book_get_flat_menu($book_link);
// Assigning the array to $flat resets the array pointer for use with each().
reset($flat);
$curr = NULL;
do {
$prev = $curr;
list($key, $curr) = each($flat);
$curr = current($flat);
$key = key($flat);
next($flat);
} while ($key && $key != $book_link['mlid']);
if ($key == $book_link['mlid']) {
......@@ -806,9 +808,10 @@ function book_prev($book_link) {
*/
function book_next($book_link) {
$flat = book_get_flat_menu($book_link);
// Assigning the array to $flat resets the array pointer for use with each().
reset($flat);
do {
list($key, $curr) = each($flat);
$key = key($flat);
next($flat);
}
while ($key && $key != $book_link['mlid']);
......
......@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = color.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -9,7 +9,7 @@ files[] = comment.test
configure = admin/content/comment
stylesheets[all][] = comment.css
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -6,7 +6,7 @@ core = 7.x
files[] = contact.test
configure = admin/structure/contact
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = contextual.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -7,7 +7,7 @@ files[] = dashboard.test
dependencies[] = block
configure = admin/dashboard/customize
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = dblog.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
required = TRUE
stylesheets[all][] = theme/field.css
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -7,7 +7,7 @@ dependencies[] = field
files[] = field_sql_storage.test
required = TRUE
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -7,7 +7,7 @@ dependencies[] = field
dependencies[] = options
files[] = tests/list.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -61,7 +61,7 @@ function list_update_7001() {
// Additionally, float keys need to be disambiguated ('.5' is '0.5').
if ($field['type'] == 'list_number' && !empty($allowed_values)) {
$keys = array_map(create_function('$a', 'return (string) (float) $a;'), array_keys($allowed_values));
$keys = array_map('_list_update_7001_float_string_cast', array_keys($allowed_values));
$allowed_values = array_combine($keys, array_values($allowed_values));
}
......@@ -88,6 +88,13 @@ function list_update_7001() {
}
}
/**
* Helper callback function to cast the array element.
*/
function _list_update_7001_float_string_cast($element) {
return (string) (float) $element;
}
/**
* Helper function for list_update_7001: extract allowed values from a string.
*
......
......@@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = number.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = options.test
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -7,7 +7,7 @@ dependencies[] = field
files[] = text.test
required = TRUE
; Information added by Drupal.org packaging script on 2018-10-17
version = "7.60"
; Information added by Drupal.org packaging script on 2018-11-08
version = "7.61"
project = "drupal"
datestamp = "1539816636"
datestamp = "1541684322"
......@@ -6,7 +6,7 @@ files[] = field_test.entity.inc