Skip to content

Commit

Permalink
Merge pull request #2758 from NYCComptroller/feature/NYCCHKBK-12891
Browse files Browse the repository at this point in the history
NYCCHKBK-12891: Drupal Core update to 7.96
  • Loading branch information
sgade-reisys authored Apr 20, 2023
2 parents 02f6c92 + 85c7a73 commit 351b83f
Show file tree
Hide file tree
Showing 149 changed files with 527 additions and 433 deletions.
5 changes: 5 additions & 0 deletions source/webapp/CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
Drupal 7.96, 2023-04-19
-----------------------
- Fixed security issues:
- SA-CORE-2023-005

Drupal 7.95, 2023-03-15
-----------------------
- Fixed security issues:
Expand Down
2 changes: 1 addition & 1 deletion source/webapp/includes/bootstrap.inc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.95');
define('VERSION', '7.96');

/**
* Core API compatibility.
Expand Down
53 changes: 53 additions & 0 deletions source/webapp/includes/file.inc
Original file line number Diff line number Diff line change
Expand Up @@ -2073,6 +2073,7 @@ function file_download() {
$scheme = array_shift($args);
$target = implode('/', $args);
$uri = $scheme . '://' . $target;
$uri = file_uri_normalize_dot_segments($uri);
if (file_stream_wrapper_valid_scheme($scheme) && file_exists($uri)) {
$headers = file_download_headers($uri);
if (count($headers)) {
Expand Down Expand Up @@ -2730,6 +2731,58 @@ function file_get_content_headers($file) {
);
}

/**
* Normalize dot segments in a URI.
*
* @param $uri
* A stream, referenced as "scheme://target".
*
* @return string
* The URI with dot segments removed and slashes as directory separator.
*/
function file_uri_normalize_dot_segments($uri) {
$scheme = file_uri_scheme($uri);

if (file_stream_wrapper_valid_scheme($scheme)) {
$target = file_uri_target($uri);

if ($target !== FALSE) {
if (!in_array($scheme, variable_get('file_sa_core_2023_005_schemes', array()))) {
$class = file_stream_wrapper_get_class($scheme);
$is_local = is_subclass_of($class, DrupalLocalStreamWrapper::class);
if ($is_local) {
$target = str_replace(DIRECTORY_SEPARATOR, '/', $target);
}

$parts = explode('/', $target);
$normalized_parts = array();
while ($parts) {
$part = array_shift($parts);
if ($part === '' || $part === '.') {
continue;
}
elseif ($part === '..' && $is_local && $normalized_parts === array()) {
$normalized_parts[] = $part;
break;
}
elseif ($part === '..') {
array_pop($normalized_parts);
}
else {
$normalized_parts[] = $part;
}
}

$target = implode('/', array_merge($normalized_parts, $parts));
}

$uri = $scheme . '://' . $target;
}
}

return $uri;
}

/**
* @} End of "defgroup file".
*/
6 changes: 3 additions & 3 deletions source/webapp/modules/aggregator/aggregator.info
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ files[] = aggregator.test
configure = admin/config/services/aggregator/settings
stylesheets[all][] = aggregator.css

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/aggregator/tests/aggregator_test.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/block/block.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ core = 7.x
files[] = block.test
configure = admin/structure/block

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/block/tests/block_test.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ regions[footer] = Footer
regions[highlighted] = Highlighted
regions[help] = Help

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/blog/blog.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = blog.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/book/book.info
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ files[] = book.test
configure = admin/content/book/settings
stylesheets[all][] = book.css

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/color/color.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = color.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/comment/comment.info
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ files[] = comment.test
configure = admin/content/comment
stylesheets[all][] = comment.css

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/comment/tests/comment_hook_test.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/contact/contact.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ core = 7.x
files[] = contact.test
configure = admin/structure/contact

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/contextual/contextual.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = contextual.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/dashboard/dashboard.info
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ files[] = dashboard.test
dependencies[] = block
configure = admin/dashboard/customize

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/dblog/dblog.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = dblog.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/field.info
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
required = TRUE
stylesheets[all][] = theme/field.css

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ dependencies[] = field
files[] = field_sql_storage.test
required = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/modules/list/list.info
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ dependencies[] = field
dependencies[] = options
files[] = tests/list.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/modules/list/tests/list_test.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ package = Testing
version = VERSION
hidden = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/modules/number/number.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = number.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/modules/options/options.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = options.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/modules/text/text.info
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ dependencies[] = field
files[] = text.test
required = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field/tests/field_test.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ files[] = field_test.entity.inc
version = VERSION
hidden = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/field_ui/field_ui.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = field_ui.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/file/file.info
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ core = 7.x
dependencies[] = field
files[] = tests/file.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/file/tests/file_module_test.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
hidden = TRUE

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/filter/filter.info
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ files[] = filter.test
required = TRUE
configure = admin/config/content/formats

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/forum/forum.info
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ files[] = forum.test
configure = admin/structure/forum
stylesheets[all][] = forum.css

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
6 changes: 3 additions & 3 deletions source/webapp/modules/help/help.info
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ version = VERSION
core = 7.x
files[] = help.test

; Information added by Drupal.org packaging script on 2023-03-15
version = "7.95"
; Information added by Drupal.org packaging script on 2023-04-19
version = "7.96"
project = "drupal"
datestamp = "1678902530"
datestamp = "1681921915"
Loading

0 comments on commit 351b83f

Please sign in to comment.