Révision 388c412d
Ajouté par Assos Assos il y a environ 7 ans
| drupal7/sites/all/modules/media/media.module | ||
|---|---|---|
| 368 | 368 |
// Add a validation function to any field instance which uses the media widget |
| 369 | 369 |
// to ensure that the upload destination scheme is one of the allowed schemes |
| 370 | 370 |
// if any defined by settings. |
| 371 |
if ($form['instance']['widget']['type']['#value'] == 'media_generic' && isset($form['#field']['settings']['uri_scheme'])) {
|
|
| 371 |
if (isset($form['instance']['widget']) && $form['instance']['widget']['type']['#value'] == 'media_generic' && isset($form['#field']['settings']['uri_scheme'])) {
|
|
| 372 | 372 |
$form['#validate'][] = 'media_field_instance_validate'; |
| 373 | 373 |
} |
| 374 | 374 |
} |
| ... | ... | |
| 833 | 833 |
$element_js_class = drupal_html_class('js-media-element-' . $element['#id']);
|
| 834 | 834 |
$element['upload']['#attributes']['class'][] = $element_js_class; |
| 835 | 835 |
|
| 836 |
// Add the media options to the page as JavaScript settings. |
|
| 836 |
// Cache the media options and pass the cache ID as a JavaScript setting. |
|
| 837 |
$cid = drupal_get_token(drupal_random_bytes(32)); |
|
| 838 |
cache_set('media_options:' . $cid, $element['#media_options']['global'], 'cache_form', REQUEST_TIME + 21600);
|
|
| 839 |
|
|
| 837 | 840 |
$element['browse_button']['#attached']['js'] = array( |
| 838 | 841 |
array( |
| 839 | 842 |
'type' => 'setting', |
| 840 |
'data' => array('media' => array('elements' => array('.' . $element_js_class => $element['#media_options'])))
|
|
| 843 |
'data' => array('media' => array('elements' => array('.' . $element_js_class => array('global' => array('options' => $cid))))),
|
|
| 841 | 844 |
) |
| 842 | 845 |
); |
| 843 | 846 |
|
| ... | ... | |
| 1202 | 1205 |
if (empty($params)) {
|
| 1203 | 1206 |
// Build out browser settings. Permissions- and security-related behaviors |
| 1204 | 1207 |
// should not rely on these parameters, since they come from the HTTP query. |
| 1205 |
// @TODO make sure we treat parameters as user input. |
|
| 1206 |
$params = drupal_get_query_parameters() + array( |
|
| 1207 |
'types' => array(), |
|
| 1208 |
'multiselect' => FALSE, |
|
| 1209 |
); |
|
| 1208 |
// There are two ways of passing secure data: |
|
| 1209 |
// - Store the options in the 'cache_form' cache bin, using a random key |
|
| 1210 |
// prefixed with 'media_options:'. Pass the random key in the 'options' |
|
| 1211 |
// query argument. |
|
| 1212 |
// - Inject the options by altering the browser parameters. |
|
| 1213 |
// @see hook_media_browser_params_alter() |
|
| 1214 |
$params = drupal_get_query_parameters(); |
|
| 1215 |
|
|
| 1216 |
$insecure_settings = array( |
|
| 1217 |
'file_directory', |
|
| 1218 |
'file_extensions', |
|
| 1219 |
'max_filesize', |
|
| 1220 |
'uri_scheme', |
|
| 1221 |
); |
|
| 1222 |
|
|
| 1223 |
// Filter out insecure_settings. |
|
| 1224 |
foreach(array_keys($params) as $key) {
|
|
| 1225 |
if (in_array($key, $insecure_settings)) {
|
|
| 1226 |
unset($params[$key]); |
|
| 1227 |
} |
|
| 1228 |
} |
|
| 1229 |
|
|
| 1230 |
// Retrieve the security sensitive options from the cache. |
|
| 1231 |
if (!empty($params['options']) && is_string($params['options']) && $options = cache_get('media_options:' . $params['options'], 'cache_form')) {
|
|
| 1232 |
$params = array_merge($options->data, $params); |
|
| 1233 |
} |
|
| 1210 | 1234 |
|
| 1211 | 1235 |
// Transform text 'true' and 'false' to actual booleans. |
| 1212 | 1236 |
foreach ($params as $k => $v) {
|
| ... | ... | |
| 1220 | 1244 |
|
| 1221 | 1245 |
array_walk_recursive($params, 'media_recursive_check_plain'); |
| 1222 | 1246 |
|
| 1247 |
// Provide some default parameters. |
|
| 1248 |
$params += array( |
|
| 1249 |
'types' => array(), |
|
| 1250 |
'multiselect' => FALSE, |
|
| 1251 |
); |
|
| 1252 |
|
|
| 1223 | 1253 |
// Allow modules to alter the parameters. |
| 1224 | 1254 |
drupal_alter('media_browser_params', $params);
|
| 1225 | 1255 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules