Skip to content

Commit

Permalink
Update to Drupal 7.68. For more information, see https://www.drupal.o…
Browse files Browse the repository at this point in the history
  • Loading branch information
Pantheon Automation committed Dec 4, 2019
1 parent bb896ee commit 5923f90
Show file tree
Hide file tree
Showing 24 changed files with 315 additions and 74 deletions.
2 changes: 1 addition & 1 deletion .htaccess
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
#

# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
Expand Down
19 changes: 19 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,25 @@
Drupal 7.xx, xxxx-xx-xx (development version)
-----------------------

Drupal 7.68, 2019-12-04
-----------------------
- Fixed: Hide toolbar when printing
- Fixed: Settings returned via ajax are not run through hook_js_alter()
- Fixed: Use drupal_http_build_query() in drupal_http_request()
- Fixed: DrupalRequestSanitizer not found fatal error when bootstrap phase order is changed
- Fixed: Block web.config in .htaccess (and vice-versa)
- Fixed: Create "scripts" element to align rendering workflow to how "styles" are handled
- PHP 7.3: Fixed 'Cannot change session id when session is active'
- PHP 7.1: Fixed 'A non-numeric value encountered in theme_pager()'
- PHP 7.x: Fixed file.inc generated .htaccess does not cover PHP 7
- PHP 5.3: Fixed check_plain() 'Invalid multibyte sequence in argument' test failures
- Fixed: Allow passing data as array to drupal_http_request()
- Fixed: Skip module_invoke/module_hook in calling hook_watchdog (excessive function_exist)
- Fixed: HTTP status 200 returned for 'Additional uncaught exception thrown while handling exception'
- Fixed: theme_table() should take an optional footer variable and produce <tfoot>
- Fixed: 'uasort() expects parameter 1 to be array, null given in node_view_multiple()'
- [regression] Fix default.settings.php permission

Drupal 7.67, 2019-05-08
-----------------------
- Fixed security issues:
Expand Down
5 changes: 1 addition & 4 deletions MAINTAINERS.txt
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,8 @@ The Drupal Core branch maintainers oversee the development of Drupal as a whole.
The branch maintainers for Drupal 7 are:

- Dries Buytaert 'dries' https://www.drupal.org/u/dries
- Angela Byron 'webchick' https://www.drupal.org/u/webchick
- Fabian Franz 'Fabianx' https://www.drupal.org/u/fabianx
- David Rothstein 'David_Rothstein' https://www.drupal.org/u/david_rothstein
- Stefan Ruijsenaars 'stefan.r' https://www.drupal.org/u/stefanr-0
- (provisional) Pol Dellaiera 'Pol' https://www.drupal.org/u/pol
- (provisional) Drew Webber 'mcdruid' https://www.drupal.org/u/mcdruid


Component maintainers
Expand Down
1 change: 1 addition & 0 deletions includes/ajax.inc
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,7 @@ function ajax_render($commands = array()) {

// Now add a command to merge changes and additions to Drupal.settings.
$scripts = drupal_add_js();
drupal_alter('js', $scripts);
if (!empty($scripts['settings'])) {
$settings = $scripts['settings'];
array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE));
Expand Down
14 changes: 8 additions & 6 deletions includes/bootstrap.inc
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.67');
define('VERSION', '7.68');

/**
* Core API compatibility.
Expand Down Expand Up @@ -2023,7 +2023,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO

// It is possible that the error handling will itself trigger an error. In that case, we could
// end up in an infinite loop. To avoid that, we implement a simple static semaphore.
if (!$in_error_state && function_exists('module_implements')) {
if (!$in_error_state && function_exists('module_invoke_all')) {
$in_error_state = TRUE;

// The user object may not exist in all conditions, so 0 is substituted if needed.
Expand All @@ -2046,9 +2046,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
);

// Call the logging hooks to log/process the message
foreach (module_implements('watchdog') as $module) {
module_invoke($module, 'watchdog', $log_entry);
}
module_invoke_all('watchdog', $log_entry);

// It is critical that the semaphore is only cleared here, in the parent
// watchdog() call (not outside the loop), to prevent recursive execution.
Expand Down Expand Up @@ -2543,6 +2541,7 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) {

switch ($current_phase) {
case DRUPAL_BOOTSTRAP_CONFIGURATION:
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
_drupal_bootstrap_configuration();
break;

Expand Down Expand Up @@ -2647,6 +2646,10 @@ function _drupal_exception_handler($exception) {
_drupal_log_error(_drupal_decode_exception($exception), TRUE);
}
catch (Exception $exception2) {
// Add a 500 status code in case an exception was thrown before the 500
// status could be set (e.g. while loading a maintenance theme from cache).
drupal_add_http_header('Status', '500 Internal Server Error');

// Another uncaught exception was thrown while handling the first one.
// If we are displaying errors, then do so with no possibility of a further uncaught exception being thrown.
if (error_displayable()) {
Expand All @@ -2672,7 +2675,6 @@ function _drupal_bootstrap_configuration() {
drupal_settings_initialize();

// Sanitize unsafe keys from the request.
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
DrupalRequestSanitizer::sanitize();
}

Expand Down
130 changes: 93 additions & 37 deletions includes/common.inc
Original file line number Diff line number Diff line change
Expand Up @@ -760,9 +760,10 @@ function drupal_access_denied() {
* (optional) An array that can have one or more of the following elements:
* - headers: An array containing request headers to send as name/value pairs.
* - method: A string containing the request method. Defaults to 'GET'.
* - data: A string containing the request body, formatted as
* 'param=value&param=value&...'; to generate this, use http_build_query().
* Defaults to NULL.
* - data: An array containing the values for the request body or a string
* containing the request body, formatted as
* 'param=value&param=value&...'; to generate this, use
* drupal_http_build_query(). Defaults to NULL.
* - max_redirects: An integer representing how many times a redirect
* may be followed. Defaults to 3.
* - timeout: A float representing the maximum number of seconds the function
Expand All @@ -788,7 +789,7 @@ function drupal_access_denied() {
* easy access the array keys are returned in lower case.
* - data: A string containing the response body that was received.
*
* @see http_build_query()
* @see drupal_http_build_query()
*/
function drupal_http_request($url, array $options = array()) {
// Allow an alternate HTTP client library to replace Drupal's default
Expand Down Expand Up @@ -930,6 +931,11 @@ function drupal_http_request($url, array $options = array()) {
$path .= '?' . $uri['query'];
}

// Convert array $options['data'] to query string.
if (is_array($options['data'])) {
$options['data'] = drupal_http_build_query($options['data']);
}

// Only add Content-Length if we actually have any content or if it is a POST
// or PUT request. Some non-standard servers get confused by Content-Length in
// at least HEAD/GET requests, and Squid always requires Content-Length in
Expand Down Expand Up @@ -4441,12 +4447,54 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
}
}

$output = '';
// The index counter is used to keep aggregated and non-aggregated files in
// order by weight.
$index = 1;
$processed = array();
$files = array();
// Sort the JavaScript so that it appears in the correct order.
uasort($items, 'drupal_sort_css_js');

// Provide the page with information about the individual JavaScript files
// used, information not otherwise available when aggregation is enabled.
$setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
unset($setting['ajaxPageState']['js']['settings']);
drupal_add_js($setting, 'setting');

// If we're outputting the header scope, then this might be the final time
// that drupal_get_js() is running, so add the setting to this output as well
// as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
// because drupal_get_js() was intentionally passed a $javascript argument
// stripped off settings, potentially in order to override how settings get
// output, so in this case, do not add the setting to this output.
if ($scope == 'header' && isset($items['settings'])) {
$items['settings']['data'][] = $setting;
}

$elements = array(
'#type' => 'scripts',
'#items' => $items,
);

return drupal_render($elements);
}

/**
* The #pre_render callback for the "scripts" element.
*
* This callback adds elements needed for <script> tags to be rendered.
*
* @param array $elements
* A render array containing:
* - '#items': The JS items as returned by drupal_add_js() and altered by
* drupal_get_js().
*
* @return array
* The $elements variable passed as argument with two more children keys:
* - "scripts": contains the Javascript items
* - "settings": contains the Javascript settings items.
* If those keys are already existing, then the items will be appended and
* their keys will be preserved.
*
* @see drupal_get_js()
* @see drupal_add_js()
*/
function drupal_pre_render_scripts(array $elements) {
$preprocess_js = (variable_get('preprocess_js', FALSE) && (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update'));

// A dummy query-string is added to filenames, to gain control over
Expand All @@ -4467,34 +4515,29 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
// third-party code might require the use of a different query string.
$js_version_string = variable_get('drupal_js_version_query_string', 'v=');

// Sort the JavaScript so that it appears in the correct order.
uasort($items, 'drupal_sort_css_js');
$files = array();

// Provide the page with information about the individual JavaScript files
// used, information not otherwise available when aggregation is enabled.
$setting['ajaxPageState']['js'] = array_fill_keys(array_keys($items), 1);
unset($setting['ajaxPageState']['js']['settings']);
drupal_add_js($setting, 'setting');
$scripts = isset($elements['scripts']) ? $elements['scripts'] : array();
$scripts += array('#weight' => 0);

// If we're outputting the header scope, then this might be the final time
// that drupal_get_js() is running, so add the setting to this output as well
// as to the drupal_add_js() cache. If $items['settings'] doesn't exist, it's
// because drupal_get_js() was intentionally passed a $javascript argument
// stripped off settings, potentially in order to override how settings get
// output, so in this case, do not add the setting to this output.
if ($scope == 'header' && isset($items['settings'])) {
$items['settings']['data'][] = $setting;
}
$settings = isset($elements['settings']) ? $elements['settings'] : array();
$settings += array('#weight' => $scripts['#weight'] + 10);

// The index counter is used to keep aggregated and non-aggregated files in
// order by weight. Use existing scripts count as a starting point.
$index = count(element_children($scripts)) + 1;

// Loop through the JavaScript to construct the rendered output.
$element = array(
'#type' => 'html_tag',
'#tag' => 'script',
'#value' => '',
'#attributes' => array(
'type' => 'text/javascript',
),
);
foreach ($items as $item) {

foreach ($elements['#items'] as $item) {
$query_string = empty($item['version']) ? $default_query_string : $js_version_string . $item['version'];

switch ($item['type']) {
Expand All @@ -4503,7 +4546,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#value_prefix'] = $embed_prefix;
$js_element['#value'] = 'jQuery.extend(Drupal.settings, ' . drupal_json_encode(drupal_array_merge_deep_array($item['data'])) . ");";
$js_element['#value_suffix'] = $embed_suffix;
$output .= theme('html_tag', array('element' => $js_element));
$settings[] = $js_element;
break;

case 'inline':
Expand All @@ -4514,7 +4557,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#value_prefix'] = $embed_prefix;
$js_element['#value'] = $item['data'];
$js_element['#value_suffix'] = $embed_suffix;
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
break;

case 'file':
Expand All @@ -4525,7 +4568,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
}
$query_string_separator = (strpos($item['data'], '?') !== FALSE) ? '&' : '?';
$js_element['#attributes']['src'] = file_create_url($item['data']) . $query_string_separator . ($item['cache'] ? $query_string : REQUEST_TIME);
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
}
else {
// By increasing the index for each aggregated file, we maintain
Expand All @@ -4536,7 +4579,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
// leading to better front-end performance of a website as a whole.
// See drupal_add_js() for details.
$key = 'aggregate_' . $item['group'] . '_' . $item['every_page'] . '_' . $index;
$processed[$key] = '';
$scripts[$key] = '';
$files[$key][$item['data']] = $item;
}
break;
Expand All @@ -4548,7 +4591,7 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$js_element['#attributes']['defer'] = 'defer';
}
$js_element['#attributes']['src'] = $item['data'];
$processed[$index++] = theme('html_tag', array('element' => $js_element));
$scripts[$index++] = $js_element;
break;
}
}
Expand All @@ -4563,14 +4606,18 @@ function drupal_get_js($scope = 'header', $javascript = NULL, $skip_alter = FALS
$preprocess_file = file_create_url($uri);
$js_element = $element;
$js_element['#attributes']['src'] = $preprocess_file;
$processed[$key] = theme('html_tag', array('element' => $js_element));
$scripts[$key] = $js_element;
}
}
}

// Keep the order of JS files consistent as some are preprocessed and others are not.
// Make sure any inline or JS setting variables appear last after libraries have loaded.
return implode('', $processed) . $output;
// Keep the order of JS files consistent as some are preprocessed and others
// are not. Make sure any inline or JS setting variables appear last after
// libraries have loaded.
$element['scripts'] = $scripts;
$element['settings'] = $settings;

return $element;
}

/**
Expand Down Expand Up @@ -6969,7 +7016,16 @@ function drupal_common_theme() {
'variables' => array(),
),
'table' => array(
'variables' => array('header' => NULL, 'rows' => NULL, 'attributes' => array(), 'caption' => NULL, 'colgroups' => array(), 'sticky' => TRUE, 'empty' => ''),
'variables' => array(
'header' => NULL,
'footer' => NULL,
'rows' => NULL,
'attributes' => array(),
'caption' => NULL,
'colgroups' => array(),
'sticky' => TRUE,
'empty' => '',
),
),
'tablesort_indicator' => array(
'variables' => array('style' => NULL),
Expand Down
3 changes: 3 additions & 0 deletions includes/file.inc
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,9 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
EOF;

if ($private) {
Expand Down
2 changes: 1 addition & 1 deletion includes/pager.inc
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@ function theme_pager($variables) {
$tags = $variables['tags'];
$element = $variables['element'];
$parameters = $variables['parameters'];
$quantity = $variables['quantity'];
$quantity = empty($variables['quantity']) ? 0 : $variables['quantity'];
global $pager_page_array, $pager_total;

// Calculate various markers within this pager piece:
Expand Down
25 changes: 24 additions & 1 deletion includes/session.inc
Original file line number Diff line number Diff line change
Expand Up @@ -371,8 +371,11 @@ function drupal_session_regenerate() {

if (drupal_session_started()) {
$old_session_id = session_id();
_drupal_session_regenerate_existing();
}
else {
session_id(drupal_random_key());
}
session_id(drupal_random_key());

if (isset($old_session_id)) {
$params = session_get_cookie_params();
Expand Down Expand Up @@ -412,6 +415,26 @@ function drupal_session_regenerate() {
date_default_timezone_set(drupal_get_user_timezone());
}

/**
* Regenerates an existing session.
*/
function _drupal_session_regenerate_existing() {
global $user;
// Preserve existing settings for the saving of sessions.
$original_save_session_status = drupal_save_session();
// Turn off saving of sessions.
drupal_save_session(FALSE);
session_write_close();
drupal_session_started(FALSE);
// Preserve the user object, as starting a new session will reset it.
$original_user = $user;
session_id(drupal_random_key());
drupal_session_start();
$user = $original_user;
// Restore the original settings for the saving of sessions.
drupal_save_session($original_save_session_status);
}

/**
* Session handler assigned by session_set_save_handler().
*
Expand Down
Loading

0 comments on commit 5923f90

Please sign in to comment.