kolab.org/www
Torsten Grote
grote at kolabsys.com
Tue Sep 18 10:14:07 CEST 2012
kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info | 6 -
kolab.org/www/drupal-7.15/sites/all/modules/token/token.info | 6 -
kolab.org/www/drupal-7.15/sites/all/modules/token/token.module | 28 +++++---
kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc | 32 +++++++++-
4 files changed, 51 insertions(+), 21 deletions(-)
New commits:
commit 23c35448e11bc52b2379a1de498de8d2c66bd2cb
Author: Torsten Grote <grote at kolabsys.com>
Date: Tue Sep 18 09:52:36 2012 +0200
applied security update for token module
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info b/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info
index 873f716..9c7d245 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info
@@ -5,9 +5,9 @@ core = 7.x
files[] = token_test.module
hidden = TRUE
-; Information added by drupal.org packaging script on 2012-08-10
-version = "7.x-1.2"
+; Information added by drupal.org packaging script on 2012-09-12
+version = "7.x-1.3"
core = "7.x"
project = "token"
-datestamp = "1344634643"
+datestamp = "1347466790"
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info
index c6d512e..17a4b57 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info
@@ -7,9 +7,9 @@ files[] = token.tokens.inc
files[] = token.pages.inc
files[] = token.test
-; Information added by drupal.org packaging script on 2012-08-10
-version = "7.x-1.2"
+; Information added by drupal.org packaging script on 2012-09-12
+version = "7.x-1.3"
core = "7.x"
project = "token"
-datestamp = "1344634643"
+datestamp = "1347466790"
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module
index 509a4da..7bba8a7 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module
@@ -11,7 +11,7 @@
define('TOKEN_MAX_DEPTH', 9);
/**
- * Impelements hook_help().
+ * Implements hook_help().
*/
function token_help($path, $arg) {
if ($path == 'admin/help#token') {
@@ -182,7 +182,6 @@ function token_theme() {
),
'file' => 'token.pages.inc',
);
- $info['token_tree_link']['variables'] += $info['token_tree']['variables'];
return $info;
}
@@ -314,14 +313,17 @@ function token_field_display_alter(&$display, $context) {
// use the default token formatter.
if (empty($view_mode_settings[$context['view_mode']]['custom_settings'])) {
$field_type_info = field_info_field_types($context['field']['type']);
- if (!empty($field_type_info['default_token_formatter'])) {
- $display['type'] = $field_type_info['default_token_formatter'];
- $formatter_info = field_info_formatter_types($display['type']);
- $display['settings'] = isset($formatter_info['settings']) ? $formatter_info['settings'] : array();
- $display['settings']['label'] = 'hidden';
- $display['module'] = $formatter_info['module'];
- }
+ // If the field has specified a specific formatter to be used by default
+ // with tokens, use that, otherwise use the default formatter.
+ $formatter = !empty($field_type_info['default_token_formatter']) ? $field_type_info['default_token_formatter'] : $field_type_info['default_formatter'];
+
+ // Now that we have a formatter, fill in all the settings.
+ $display['type'] = $formatter;
+ $formatter_info = field_info_formatter_types($formatter);
+ $display['settings'] = isset($formatter_info['settings']) ? $formatter_info['settings'] : array();
+ $display['settings']['label'] = 'hidden';
+ $display['module'] = $formatter_info['module'];
}
}
}
@@ -440,10 +442,12 @@ function token_entity_info_alter(&$info) {
* Adds missing token support for core modules.
*/
function token_module_implements_alter(&$implementations, $hook) {
- if ($hook == 'tokens' || $hook == 'token_info') {
+ module_load_include('inc', 'token', 'token.tokens');
+
+ if ($hook == 'tokens' || $hook == 'token_info' || $hook == 'token_info_alter' || $hook == 'tokens_alter') {
foreach (_token_core_supported_modules() as $module) {
- if (module_exists($module)) {
- $implementations[$module] = TRUE;
+ if (module_exists($module) && function_exists($module . '_' . $hook)) {
+ $implementations[$module] = FALSE;
}
}
// Move token.module to get included first since it is responsible for
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc
index 264a14a..4e281af 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc
@@ -19,7 +19,22 @@ function theme_token_tree_link($variables) {
}
$info = token_theme();
- $variables['options']['query']['token_tree'] = array_intersect_key($variables, $info['token_tree']['variables']);
+ $variables['options']['query']['options'] = array_intersect_key($variables, $info['token_tree']['variables']);
+
+ // We should never pass the dialog option to theme_token_tree(). It is only
+ // used for this function.
+ unset($variables['options']['query']['options']['dialog']);
+
+ // Add a security token so that the tree page should only work when used
+ // when the dialog link is output with theme('token_tree_link').
+ $variables['options']['query']['token'] = drupal_get_token('token-tree:' . serialize($variables['options']['query']['options']));
+
+ // Because PHP converts query strings with arrays into a different syntax on
+ // the next request, the options have to be encoded with JSON in the query
+ // string so that we can reliably decode it for token comparison.
+ $variables['options']['query']['options'] = drupal_json_encode($variables['options']['query']['options']);
+
+ // Set the token tree to open in a separate window.
$variables['options']['attributes'] + array('target' => '_blank');
return l($variables['text'], 'token/tree', $variables['options']);
@@ -29,8 +44,19 @@ function theme_token_tree_link($variables) {
* Page callback to output a token tree as an empty page.
*/
function token_page_output_tree() {
- $options = isset($_GET['token_tree']) ? $_GET['token_tree'] : array();
- $output = theme('token_tree', array('dialog' => FALSE) + $options);
+ $options = isset($_GET['options']) ? drupal_json_decode($_GET['options']) : array();
+
+ // Check the token against the serialized options to prevent random access to
+ // the token browser page.
+ if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'token-tree:' . serialize($options))) {
+ return MENU_ACCESS_DENIED;
+ }
+
+ // Force the dialog option to be false so we're not creating a dialog within
+ // a dialog.
+ $options['dialog'] = FALSE;
+
+ $output = theme('token_tree', array($options));
print '<html><head><title></title>' . drupal_get_css() . drupal_get_js() . '</head>';
print '<body class="token-tree">' . $output . '</body></html>';
drupal_exit();
More information about the commits
mailing list