Skip to content

Commit

Permalink
Update to Drupal 7.80. For more information, see https://www.drupal.o…
Browse files Browse the repository at this point in the history
  • Loading branch information
Pantheon Automation authored and greg-1-anderson committed Apr 21, 2021
1 parent 93a3c77 commit 1d7d6a5
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 13 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
Drupal 7.80, 2021-04-20
-----------------------
- Fixed security issues:
- SA-CORE-2021-002

Drupal 7.79, 2021-04-07
-----------------------
- Initial support for PHP 8
Expand Down
2 changes: 1 addition & 1 deletion includes/bootstrap.inc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.79');
define('VERSION', '7.80');

/**
* Core API compatibility.
Expand Down
8 changes: 7 additions & 1 deletion includes/common.inc
Original file line number Diff line number Diff line change
Expand Up @@ -1618,7 +1618,13 @@ function _filter_xss_attributes($attr) {
// Attribute name, href for instance.
if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) {
$attrname = strtolower($match[1]);
$skip = ($attrname == 'style' || substr($attrname, 0, 2) == 'on');
$skip = (
$attrname == 'style' ||
substr($attrname, 0, 2) == 'on' ||
substr($attrname, 0, 1) == '-' ||
// Ignore long attributes to avoid unnecessary processing overhead.
strlen($attrname) > 96
);
$working = $mode = 1;
$attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
}
Expand Down
42 changes: 31 additions & 11 deletions sites/default/default.settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,7 @@
*
* To see what PHP settings are possible, including whether they can be set at
* runtime (by using ini_set()), read the PHP documentation:
* http://www.php.net/manual/en/ini.list.php
* http://www.php.net/manual/ini.list.php
* See drupal_environment_initialize() in includes/bootstrap.inc for required
* runtime settings and the .htaccess file for non-runtime settings. Settings
* defined there should not be duplicated here so as to avoid conflict issues.
Expand Down Expand Up @@ -359,7 +359,7 @@
* output filter may not have sufficient memory to process it. If you
* experience this issue, you may wish to uncomment the following two lines
* and increase the limits of these variables. For more information, see
* http://php.net/manual/en/pcre.configuration.php.
* http://php.net/manual/pcre.configuration.php.
*/
# ini_set('pcre.backtrack_limit', 200000);
# ini_set('pcre.recursion_limit', 200000);
Expand Down Expand Up @@ -634,15 +634,6 @@
*/
# $conf['allow_authorize_operations'] = FALSE;

/**
* Smart start:
*
* If you would prefer to be redirected to the installation system when a
* valid settings.php file is present but no tables are installed, remove
* the leading hash sign below.
*/
# $conf['pressflow_smart_start'] = TRUE;

/**
* Theme debugging:
*
Expand Down Expand Up @@ -711,6 +702,15 @@
*/
# $conf['variable_initialize_wait_for_lock'] = FALSE;

/**
* Opt in to field_sql_storage_field_storage_write() optimization.
*
* To reduce unnecessary writes field_sql_storage_field_storage_write() can skip
* fields where values have apparently not changed. To opt in to this
* optimization, set this variable to TRUE.
*/
$conf['field_sql_storage_skip_writing_unchanged_fields'] = TRUE;

/**
* Use site name as display-name in outgoing mail.
*
Expand All @@ -725,3 +725,23 @@
* @see drupal_mail()
*/
$conf['mail_display_name_site_name'] = TRUE;

/**
* SameSite cookie attribute.
*
* This variable can be used to set a value for the SameSite cookie attribute.
*
* Versions of PHP before 7.3 have no native support for the SameSite attribute
* so it is emulated.
*
* The session.cookie-samesite setting in PHP 7.3 and later will be overridden
* by this variable for Drupal session cookies, and any other cookies managed
* with drupal_setcookie().
*
* Setting this variable to FALSE disables the SameSite attribute on cookies.
*
* @see drupal_setcookie()
* @see drupal_session_start()
* @see https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-samesite
*/
#$conf['samesite_cookie_value'] = 'None';

0 comments on commit 1d7d6a5

Please sign in to comment.