Unverified Commit ec1aae91 authored by Maksim Baev's avatar Maksim Baev Committed by GitHub

issue #1052: Обновить drupal.ru до 7.59

parent 96023d59
# Drupal
# Ignore configuration files that may contain sensitive information.
sites/**/*settings.php
sites/local.sites.php
# Ignore paths that contain user-generated content.
sites/*/files
sites/local
sites/local.sites.php
/*.txt
!/robots.txt
......
......@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.58');
define('VERSION', '7.59');
/**
* Core API compatibility.
......@@ -2778,6 +2778,11 @@ function _drupal_bootstrap_variables() {
unset($_GET['destination']);
unset($_REQUEST['destination']);
}
// Use the DrupalRequestSanitizer to ensure that the destination's query
// parameters are not dangerous.
if (isset($_GET['destination'])) {
DrupalRequestSanitizer::cleanDestination();
}
// If there's still something in $_REQUEST['destination'] that didn't come
// from $_GET, check it too.
if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) {
......
......@@ -611,8 +611,9 @@ function drupal_parse_url($url) {
}
// The 'q' parameter contains the path of the current page if clean URLs are
// disabled. It overrides the 'path' of the URL when present, even if clean
// URLs are enabled, due to how Apache rewriting rules work.
if (isset($options['query']['q'])) {
// URLs are enabled, due to how Apache rewriting rules work. The path
// parameter must be a string.
if (isset($options['query']['q']) && is_string($options['query']['q'])) {
$options['path'] = $options['query']['q'];
unset($options['query']['q']);
}
......
......@@ -51,6 +51,38 @@ class DrupalRequestSanitizer {
}
}
/**
* Removes the destination if it is dangerous.
*
* Note this can only be called after common.inc has been included.
*
* @return bool
* TRUE if the destination has been removed from $_GET, FALSE if not.
*/
public static function cleanDestination() {
$dangerous_keys = array();
$log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
$parts = drupal_parse_url($_GET['destination']);
// If there is a query string, check its query parameters.
if (!empty($parts['query'])) {
$whitelist = variable_get('sanitize_input_whitelist', array());
self::stripDangerousValues($parts['query'], $whitelist, $dangerous_keys);
if (!empty($dangerous_keys)) {
// The destination is removed rather than sanitized to mirror the
// handling of external destinations.
unset($_GET['destination']);
unset($_REQUEST['destination']);
if ($log_sanitized_keys) {
trigger_error(format_string('Potentially unsafe destination removed from query string parameters (GET) because it contained the following keys: @keys', array('@keys' => implode(', ', $dangerous_keys))));
}
return TRUE;
}
}
return FALSE;
}
/**
* Strips dangerous keys from the provided input.
*
......
......@@ -7,8 +7,7 @@ files[] = aggregator.test
configure = admin/config/services/aggregator/settings
stylesheets[all][] = aggregator.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = block.test
configure = admin/structure/block
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -13,8 +13,7 @@ regions[footer] = Footer
regions[highlighted] = Highlighted
regions[help] = Help
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = blog.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ files[] = book.test
configure = admin/content/book/settings
stylesheets[all][] = book.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = color.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -9,8 +9,7 @@ files[] = comment.test
configure = admin/content/comment
stylesheets[all][] = comment.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = contact.test
configure = admin/structure/contact
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = contextual.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ files[] = dashboard.test
dependencies[] = block
configure = admin/dashboard/customize
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = dblog.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -11,8 +11,7 @@ dependencies[] = field_sql_storage
required = TRUE
stylesheets[all][] = theme/field.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ dependencies[] = field
files[] = field_sql_storage.test
required = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ dependencies[] = field
dependencies[] = options
files[] = tests/list.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
dependencies[] = field
files[] = number.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
dependencies[] = field
files[] = options.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ dependencies[] = field
files[] = text.test
required = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ files[] = field_test.entity.inc
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
dependencies[] = field
files[] = field_ui.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
dependencies[] = field
files[] = tests/file.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -239,6 +239,9 @@ function file_ajax_upload() {
$form_parents = func_get_args();
$form_build_id = (string) array_pop($form_parents);
// Sanitize form parents before using them.
$form_parents = array_filter($form_parents, 'element_child');
if (empty($_POST['form_build_id']) || $form_build_id != $_POST['form_build_id']) {
// Invalid request.
drupal_set_message(t('An unrecoverable error occurred. The uploaded file likely exceeded the maximum file size (@size) that this server supports.', array('@size' => format_size(file_upload_max_size()))), 'error');
......
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ files[] = filter.test
required = TRUE
configure = admin/config/content/formats
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -9,8 +9,7 @@ files[] = forum.test
configure = admin/structure/forum
stylesheets[all][] = forum.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = help.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -7,8 +7,7 @@ dependencies[] = file
files[] = image.test
configure = admin/config/media/image-styles
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = image_module_test.module
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = locale.test
configure = admin/config/regional/language
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = menu.test
configure = admin/structure/menu
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -9,8 +9,7 @@ required = TRUE
configure = admin/structure/types
stylesheets[all][] = node.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ package = Core
core = 7.x
files[] = openid.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
dependencies[] = openid
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -4,8 +4,7 @@ package = Core
version = VERSION
core = 7.x
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = path.test
configure = admin/config/search/path
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = php.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
files[] = poll.test
stylesheets[all][] = poll.css
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -11,8 +11,7 @@ configure = admin/config/people/profile
; See user_system_info_alter().
hidden = TRUE
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -5,8 +5,7 @@ version = VERSION
core = 7.x
files[] = rdf.test
; Information added by Drupal.org packaging script on 2018-03-28
version = "7.58"
; Information added by Drupal.org packaging script on 2018-04-25
version = "7.59"
project = "drupal"
datestamp = "1522264019"
datestamp = "1524673284"
......@@ -6,8 +6,7 @@ core = 7.x
hidden = TRUE
dependencies[] = blog
; Information added by Drupal.org packaging script on 2018-03-28