Club Drupal

Drupal 7.77, 2020-12-03

-----------------------

- Hotfix for schema.prefixed tables

Drupal 7.76, 2020-12-02

-----------------------

- Support for MySQL 8

- Core tests pass in SQLite

- Better user flood control logging

Drupal 7.75, 2020-11-26

-----------------------

- Fixed security issues:

   - SA-CORE-2020-013

- Drew Webber 'mcdruid' https://www.drupal.org/u/mcdruid

define('VERSION', '7.77');

    // Cache miss. Avoid a stampede by acquiring a lock. If the lock fails to

    // acquire, optionally just continue with uncached processing.

    $lock_acquired = lock_acquire($name, 1);

    if (!$lock_acquired && variable_get('variable_initialize_wait_for_lock', FALSE)) {

      // Load the variables from the table.

      if ($lock_acquired) {

        cache_set('variables', $variables, 'cache_bootstrap');

        lock_release($name);

      }

  $count = count($elements);

  $child_weights = array();

  $i = 0;

        $weight = $value['#weight'];

      else {

        $weight = 0;

      }

      // Support weights with up to three digit precision and conserve the

      // insertion order.

      $child_weights[$key] = floor($weight * 1000) + $i / $count;

    $i++;

    asort($child_weights);

    foreach ($child_weights as $key => $weight) {

      $value = $elements[$key];

      $elements[$key] = $value;

  return array_keys($child_weights);

  /**

   * List of un-prefixed table names, keyed by prefixed table names.

   *

   * @var array

   */

  protected $unprefixedTablesMap = array();

    if (!empty($this->statementClass)) {

      $this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('PDOStatement', array()));

    }

    // Set up a map of prefixed => un-prefixed tables.

    foreach ($this->prefixes as $table_name => $prefix) {

      if ($table_name !== 'default') {

        $this->unprefixedTablesMap[$prefix . $table_name] = $table_name;

      }

    }

  /**

   * Gets a list of individually prefixed table names.

   *

   * @return array

   *   An array of un-prefixed table names, keyed by their fully qualified table

   *   names (i.e. prefix + table_name).

   */

  public function getUnprefixedTablesMap() {

    return $this->unprefixedTablesMap;

  }

/**

 * Finds all tables that are like the specified base table name. This is a

 * backport of the change made to db_find_tables in Drupal 8 to work with

 * virtual, un-prefixed table names. The original function is retained for

 * Backwards Compatibility.

 * @see https://www.drupal.org/node/2552435

 *

 * @param $table_expression

 *   An SQL expression, for example "simpletest%" (without the quotes).

 *

 * @return

 *   Array, both the keys and the values are the matching tables.

 */

function db_find_tables_d8($table_expression) {

  return Database::getConnection()->schema()->findTablesD8($table_expression);

}

/**

 * The default character for quoting identifiers in MySQL.

 */

define('MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT', '`');

  /**

   * The list of MySQL reserved key words.

   *

   * @link https://dev.mysql.com/doc/refman/8.0/en/keywords.html

   */

  private $reservedKeyWords = array(

    'accessible',

    'add',

    'admin',

    'all',

    'alter',

    'analyze',

    'and',

    'as',

    'asc',

    'asensitive',

    'before',

    'between',

    'bigint',

    'binary',

    'blob',

    'both',

    'by',

    'call',

    'cascade',

    'case',

    'change',

    'char',

    'character',

    'check',

    'collate',

    'column',

    'condition',

    'constraint',

    'continue',

    'convert',

    'create',

    'cross',

    'cube',

    'cume_dist',

    'current_date',

    'current_time',

    'current_timestamp',

    'current_user',

    'cursor',

    'database',

    'databases',

    'day_hour',

    'day_microsecond',

    'day_minute',

    'day_second',

    'dec',

    'decimal',

    'declare',

    'default',

    'delayed',

    'delete',

    'dense_rank',

    'desc',

    'describe',

    'deterministic',

    'distinct',

    'distinctrow',

    'div',

    'double',

    'drop',

    'dual',

    'each',

    'else',

    'elseif',

    'empty',

    'enclosed',

    'escaped',

    'except',

    'exists',

    'exit',

    'explain',

    'false',

    'fetch',

    'first_value',

    'float',

    'float4',

    'float8',

    'for',

    'force',

    'foreign',

    'from',

    'fulltext',

    'function',

    'generated',

    'get',

    'grant',

    'group',

    'grouping',

    'groups',

    'having',

    'high_priority',

    'hour_microsecond',

    'hour_minute',

    'hour_second',

    'if',

    'ignore',

    'in',

    'index',

    'infile',

    'inner',

    'inout',

    'insensitive',

    'insert',

    'int',

    'int1',

    'int2',

    'int3',

    'int4',

    'int8',

    'integer',

    'interval',

    'into',

    'io_after_gtids',

    'io_before_gtids',

    'is',

    'iterate',

    'join',

    'json_table',

    'key',

    'keys',

    'kill',

    'lag',

    'last_value',

    'lead',

    'leading',

    'leave',

    'left',

    'like',

    'limit',

    'linear',

    'lines',

    'load',

    'localtime',

    'localtimestamp',

    'lock',

    'long',

    'longblob',

    'longtext',

    'loop',

    'low_priority',

    'master_bind',

    'master_ssl_verify_server_cert',

    'match',

    'maxvalue',

    'mediumblob',

    'mediumint',

    'mediumtext',

    'middleint',

    'minute_microsecond',

    'minute_second',

    'mod',

    'modifies',

    'natural',

    'not',

    'no_write_to_binlog',

    'nth_value',

    'ntile',

    'null',

    'numeric',

    'of',

    'on',

    'optimize',

    'optimizer_costs',

    'option',

    'optionally',

    'or',

    'order',

    'out',

    'outer',

    'outfile',

    'over',

    'partition',

    'percent_rank',

    'persist',

    'persist_only',

    'precision',

    'primary',

    'procedure',

    'purge',

    'range',

    'rank',

    'read',

    'reads',

    'read_write',

    'real',

    'recursive',

    'references',

    'regexp',

    'release',

    'rename',

    'repeat',

    'replace',

    'require',

    'resignal',

    'restrict',

    'return',

    'revoke',

    'right',

    'rlike',

    'row',

    'rows',

    'row_number',

    'schema',

    'schemas',

    'second_microsecond',

    'select',

    'sensitive',

    'separator',

    'set',

    'show',

    'signal',

    'smallint',

    'spatial',

    'specific',

    'sql',

    'sqlexception',

    'sqlstate',

    'sqlwarning',

    'sql_big_result',

    'sql_calc_found_rows',

    'sql_small_result',

    'ssl',

    'starting',

    'stored',

    'straight_join',

    'system',

    'table',

    'terminated',

    'then',

    'tinyblob',

    'tinyint',

    'tinytext',

    'to',

    'trailing',

    'trigger',

    'true',

    'undo',

    'union',

    'unique',

    'unlock',

    'unsigned',

    'update',

    'usage',

    'use',

    'using',

    'utc_date',

    'utc_time',

    'utc_timestamp',

    'values',

    'varbinary',

    'varchar',

    'varcharacter',

    'varying',

    'virtual',

    'when',

    'where',

    'while',

    'window',

    'with',

    'write',

    'xor',

    'year_month',

    'zerofill',

  );

    $sql_mode = 'REAL_AS_FLOAT,PIPES_AS_CONCAT,ANSI_QUOTES,IGNORE_SPACE,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO';

    // NO_AUTO_CREATE_USER was removed in MySQL 8.0.11

    // https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-11.html#mysqld-8-0-11-deprecation-removal

    if (version_compare($this->getAttribute(PDO::ATTR_SERVER_VERSION), '8.0.11', '<')) {

      $sql_mode .= ',NO_AUTO_CREATE_USER';

    }

      'sql_mode' => "SET sql_mode = '$sql_mode'",

  /**

   * {@inheritdoc}}

   */

  protected function setPrefix($prefix) {

    parent::setPrefix($prefix);

    // Successive versions of MySQL have become increasingly strict about the

    // use of reserved keywords as table names. Drupal 7 uses at least one such

    // table (system). Therefore we surround all table names with quotes.

    $quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);

    foreach ($this->prefixSearch as $i => $prefixSearch) {

      if (substr($prefixSearch, 0, 1) === '{') {

        // If the prefix already contains one or more quotes remove them.

        // This can happen when - for example - DrupalUnitTestCase sets up a

        // "temporary prefixed database". Also if there's a dot in the prefix,

        // wrap it in quotes to cater for schema names in prefixes.

        $search = array($quote_char, '.');

        $replace = array('', $quote_char . '.' . $quote_char);

        $this->prefixReplace[$i] = $quote_char . str_replace($search, $replace, $this->prefixReplace[$i]);

      }

      if (substr($prefixSearch, -1) === '}') {

        $this->prefixReplace[$i] .= $quote_char;

      }

    }

  }

  /**

   * {@inheritdoc}

   */

  public function escapeField($field) {

    $field = parent::escapeField($field);

    return $this->quoteIdentifier($field);

  }

  public function escapeFields(array $fields) {

    foreach ($fields as &$field) {

      $field = $this->escapeField($field);

    }

    return $fields;

  }

  /**

   * {@inheritdoc}

   */

  public function escapeAlias($field) {

    $field = parent::escapeAlias($field);

    return $this->quoteIdentifier($field);

  }

  /**

   * Quotes an identifier if it matches a MySQL reserved keyword.

   *

   * @param string $identifier

   *   The field to check.

   *

   * @return string

   *   The identifier, quoted if it matches a MySQL reserved keyword.

   */

  private function quoteIdentifier($identifier) {

    // Quote identifiers so that MySQL reserved words like 'function' can be

    // used as column names. Sometimes the 'table.column_name' format is passed

    // in. For example, menu_load_links() adds a condition on "ml.menu_name".

    if (strpos($identifier, '.') !== FALSE) {

      list($table, $identifier) = explode('.', $identifier, 2);

    }

    if (in_array(strtolower($identifier), $this->reservedKeyWords, TRUE)) {

      // Quote the string for MySQL reserved keywords.

      $quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);

      $identifier = $quote_char . $identifier . $quote_char;

    }

    return isset($table) ? $table . '.' . $identifier : $identifier;

  }

    if (method_exists($this->connection, 'escapeFields')) {

      $insert_fields = $this->connection->escapeFields($insert_fields);

    }

class UpdateQuery_mysql extends UpdateQuery {

  public function __toString() {

    if (method_exists($this->connection, 'escapeField')) {

      $escapedFields = array();

      foreach ($this->fields as $field => $data) {

        $field = $this->connection->escapeField($field);

        $escapedFields[$field] = $data;

      }

      $this->fields = $escapedFields;

    }

    return parent::__toString();

  }

}

    // Ensure the table name is not surrounded with quotes as that is not

    // appropriate for schema queries.

    $quote_char = variable_get('mysql_identifier_quote_character', MYSQL_IDENTIFIER_QUOTE_CHARACTER_DEFAULT);

    $table_name = str_replace($quote_char, '', $table_name);

      return $this->connection->query("SELECT column_comment AS column_comment FROM information_schema.columns WHERE " . (string) $condition, $condition->arguments())->fetchField();

    $comment = $this->connection->query("SELECT table_comment AS table_comment FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchField();

  /**

   * The database connection.

   *

   * @var DatabaseConnection

   */

    return $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments())->fetchAllKeyed(0, 0);

  }

  /**

   * Finds all tables that are like the specified base table name. This is a

   * backport of the change made to findTables in Drupal 8 to work with virtual,

   * un-prefixed table names. The original function is retained for Backwards

   * Compatibility.

   * @see https://www.drupal.org/node/2552435

   *

   * @param string $table_expression

   *   An SQL expression, for example "cache_%" (without the quotes).

   *

   * @return array

   *   Both the keys and the values are the matching tables.

   */

  public function findTablesD8($table_expression) {

    // Load all the tables up front in order to take into account per-table

    // prefixes. The actual matching is done at the bottom of the method.

    $condition = $this->buildTableNameCondition('%', 'LIKE');

    $condition->compile($this->connection, $this);

    $individually_prefixed_tables = $this->connection->getUnprefixedTablesMap();

    $default_prefix = $this->connection->tablePrefix();

    $default_prefix_length = strlen($default_prefix);

    $tables = array();

    // Normally, we would heartily discourage the use of string

    // concatenation for conditionals like this however, we

    // couldn't use db_select() here because it would prefix

    // information_schema.tables and the query would fail.

    // Don't use {} around information_schema.tables table.

    $results = $this->connection->query("SELECT table_name AS table_name FROM information_schema.tables WHERE " . (string) $condition, $condition->arguments());

    foreach ($results as $table) {

      // Take into account tables that have an individual prefix.

      if (isset($individually_prefixed_tables[$table->table_name])) {

        $prefix_length = strlen($this->connection->tablePrefix($individually_prefixed_tables[$table->table_name]));

      }

      elseif ($default_prefix && substr($table->table_name, 0, $default_prefix_length) !== $default_prefix) {

        // This table name does not start the default prefix, which means that

        // it is not managed by Drupal so it should be excluded from the result.

        continue;

      }

      else {

        $prefix_length = $default_prefix_length;

      }

      // Remove the prefix from the returned tables.

      $unprefixed_table_name = substr($table->table_name, $prefix_length);

      // The pattern can match a table which is the same as the prefix. That

      // will become an empty string when we remove the prefix, which will

      // probably surprise the caller, besides not being a prefixed table. So

      // remove it.

      if (!empty($unprefixed_table_name)) {

        $tables[$unprefixed_table_name] = $unprefixed_table_name;

      }

    }

    // Convert the table expression from its SQL LIKE syntax to a regular

    // expression and escape the delimiter that will be used for matching.

    $table_expression = str_replace(array('%', '_'), array('.*?', '.'), preg_quote($table_expression, '/'));

    $tables = preg_grep('/^' . $table_expression . '$/i', $tables);

    return $tables;

        $fields[] = $this->connection->escapeAlias($alias) . '.*';

      // Note that $field['table'] holds the table alias.

      // @see \SelectQuery::addField

      $table = isset($field['table']) ? $this->connection->escapeAlias($field['table']) . '.' : '';

      $fields[] = $table . $this->connection->escapeField($field['field']) . ' AS ' . $this->connection->escapeAlias($field['alias']);

      $query .=  $table_string . ' ' . $this->connection->escapeAlias($table['alias']);

    // Enable the Write-Ahead Logging (WAL) option for SQLite if supported.

    // @see https://www.drupal.org/node/2348137

    // @see https://sqlite.org/wal.html

    if (version_compare($version, '3.7') >= 0) {

      $connection_options += array(

        'init_commands' => array(),

      );

      $connection_options['init_commands'] += array(

        'wal' => "PRAGMA journal_mode=WAL",

      );

    }

          if ($count == 0 && $this->connectionOptions['database'] != ':memory:') {

            // Detaching the database fails at this point, but no other queries

            // are executed after the connection is destructed so we can simply

            // remove the database file.

  /**

   * Gets all the attached databases.

   *

   * @return array

   *   An array of attached database names.

   *

   * @see DatabaseConnection_sqlite::__construct().

   */

  public function getAttachedDatabases() {

    return $this->attachedDatabases;

  }

    if (count($this->insertFields) || !empty($this->fromQuery)) {

    $placeholders = array();

    if (!empty($this->insertFields)) {

      $placeholders = array_fill(0, count($this->insertFields), '?');

    }

  /**

   * {@inheritdoc}

   */

  /**

   * {@inheritdoc}

   */

  public function findTablesD8($table_expression) {

    $tables = array();

    // The SQLite implementation doesn't need to use the same filtering strategy

    // as the parent one because individually prefixed tables live in their own

    // schema (database), which means that neither the main database nor any

    // attached one will contain a prefixed table name, so we just need to loop

    // over all known schemas and filter by the user-supplied table expression.

    $attached_dbs = $this->connection->getAttachedDatabases();

    foreach ($attached_dbs as $schema) {

      // Can't use query placeholders for the schema because the query would

      // have to be :prefixsqlite_master, which does not work. We also need to

      // ignore the internal SQLite tables.

      $result = db_query("SELECT name FROM " . $schema . ".sqlite_master WHERE type = :type AND name LIKE :table_name AND name NOT LIKE :pattern", array(

        ':type' => 'table',

        ':table_name' => $table_expression,

        ':pattern' => 'sqlite_%',

      ));

      $tables += $result->fetchAllKeyed(0, 0);

    }

    return $tables;

  }

      if (isset($elements['#maxlength']) && (isset($elements['#value']) && !is_scalar($elements['#value']))) {

        form_error($elements, $t('An illegal value has been detected. Please contact the site administrator.'));

      }

      elseif (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {

    $weights = array();

    if (isset($element['#default_value'])) {

      $default_value = (int) $element['#default_value'];

      if (!isset($weights[$default_value])) {

        $weights[$default_value] = $default_value;

        ksort($weights);

      }

    }

/**

 * Special characters, defined in RFC_2822.

 */

define('MAIL_RFC_2822_SPECIALS', '()<>[]:;@\,."');

    if (variable_get('mail_display_name_site_name', FALSE)) {

      $display_name = variable_get('site_name', 'Drupal');

      $headers['From'] = drupal_mail_format_display_name($display_name) . ' <' . $default_from . '>';

    }

  if ($from && $from != $default_from) {

/**

 * Return a RFC-2822 compliant "display-name" component.

 *

 * The "display-name" component is used in mail header "Originator" fields

 * (From, Sender, Reply-to) to give a human-friendly description of the

 * address, i.e. From: My Display Name <xyz@example.org>. RFC-822 and

 * RFC-2822 define its syntax and rules. This method gets as input a string

 * to be used as "display-name" and formats it to be RFC compliant.

 *

 * @param string $string

 *   A string to be used as "display-name".

 *

 * @return string

 *   A RFC compliant version of the string, ready to be used as

 *   "display-name" in mail originator header fields.

 */

function drupal_mail_format_display_name($string) {

  // Make sure we don't process html-encoded characters. They may create

  // unneeded trouble if left encoded, besides they will be correctly

  // processed if decoded.

  $string = decode_entities($string);

  // If string contains non-ASCII characters it must be (short) encoded

  // according to RFC-2047. The output of a "B" (Base64) encoded-word is

  // always safe to be used as display-name.

  $safe_display_name = mime_header_encode($string, TRUE);

  // Encoded-words are always safe to be used as display-name because don't

  // contain any RFC 2822 "specials" characters. However

  // mimeHeaderEncode() encodes a string only if it contains any

  // non-ASCII characters, and leaves its value untouched (un-encoded) if

  // ASCII only. For this reason in order to produce a valid display-name we

  // still need to make sure there are no "specials" characters left.

  if (preg_match('/[' . preg_quote(MAIL_RFC_2822_SPECIALS) . ']/', $safe_display_name)) {

    // If string is already quoted, it may or may not be escaped properly, so

    // don't trust it and reset.

    if (preg_match('/^"(.+)"$/', $safe_display_name, $matches)) {

      $safe_display_name = str_replace(array('\\\\', '\\"'), array('\\', '"'), $matches[1]);

    }

    // Transform the string in a RFC-2822 "quoted-string" by wrapping it in

    // double-quotes. Also make sure '"' and '\' occurrences are escaped.

    $safe_display_name = '"' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $safe_display_name) . '"';

  }

  return $safe_display_name;

}

 * Callback for array_walk() within drupal_wrap_mail().

    if ($router_item && $data['link']['href'] == $router_item['tab_root_href'] && $data['link']['href'] != $_GET['q']) {

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

    // Attempt to update the field in a way that would break the storage. The

    // parenthesis suffix is needed because SQLite has *very* relaxed rules for

    // data types, so we actually need to provide an invalid SQL syntax in order

    // to break it.

    // @see https://www.sqlite.org/datatype3.html

    $field['settings']['max_length'] = '-1)';

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

    $form['#suffix'] = (isset($form['#suffix']) ? $form['#suffix'] : '') . '<span class="ajax-new-content"></span>';

  $form['#prefix'] = (isset($form['#prefix']) ? $form['#prefix'] : '') . theme('status_messages');

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"

; Information added by Drupal.org packaging script on 2020-12-03

version = "7.77"

datestamp = "1607003447"