Révision 388c412d
Ajouté par Assos Assos il y a environ 7 ans
drupal7/sites/all/modules/media/media.module | ||
---|---|---|
368 | 368 |
// Add a validation function to any field instance which uses the media widget |
369 | 369 |
// to ensure that the upload destination scheme is one of the allowed schemes |
370 | 370 |
// if any defined by settings. |
371 |
if ($form['instance']['widget']['type']['#value'] == 'media_generic' && isset($form['#field']['settings']['uri_scheme'])) { |
|
371 |
if (isset($form['instance']['widget']) && $form['instance']['widget']['type']['#value'] == 'media_generic' && isset($form['#field']['settings']['uri_scheme'])) {
|
|
372 | 372 |
$form['#validate'][] = 'media_field_instance_validate'; |
373 | 373 |
} |
374 | 374 |
} |
... | ... | |
833 | 833 |
$element_js_class = drupal_html_class('js-media-element-' . $element['#id']); |
834 | 834 |
$element['upload']['#attributes']['class'][] = $element_js_class; |
835 | 835 |
|
836 |
// Add the media options to the page as JavaScript settings. |
|
836 |
// Cache the media options and pass the cache ID as a JavaScript setting. |
|
837 |
$cid = drupal_get_token(drupal_random_bytes(32)); |
|
838 |
cache_set('media_options:' . $cid, $element['#media_options']['global'], 'cache_form', REQUEST_TIME + 21600); |
|
839 |
|
|
837 | 840 |
$element['browse_button']['#attached']['js'] = array( |
838 | 841 |
array( |
839 | 842 |
'type' => 'setting', |
840 |
'data' => array('media' => array('elements' => array('.' . $element_js_class => $element['#media_options'])))
|
|
843 |
'data' => array('media' => array('elements' => array('.' . $element_js_class => array('global' => array('options' => $cid))))),
|
|
841 | 844 |
) |
842 | 845 |
); |
843 | 846 |
|
... | ... | |
1202 | 1205 |
if (empty($params)) { |
1203 | 1206 |
// Build out browser settings. Permissions- and security-related behaviors |
1204 | 1207 |
// should not rely on these parameters, since they come from the HTTP query. |
1205 |
// @TODO make sure we treat parameters as user input. |
|
1206 |
$params = drupal_get_query_parameters() + array( |
|
1207 |
'types' => array(), |
|
1208 |
'multiselect' => FALSE, |
|
1209 |
); |
|
1208 |
// There are two ways of passing secure data: |
|
1209 |
// - Store the options in the 'cache_form' cache bin, using a random key |
|
1210 |
// prefixed with 'media_options:'. Pass the random key in the 'options' |
|
1211 |
// query argument. |
|
1212 |
// - Inject the options by altering the browser parameters. |
|
1213 |
// @see hook_media_browser_params_alter() |
|
1214 |
$params = drupal_get_query_parameters(); |
|
1215 |
|
|
1216 |
$insecure_settings = array( |
|
1217 |
'file_directory', |
|
1218 |
'file_extensions', |
|
1219 |
'max_filesize', |
|
1220 |
'uri_scheme', |
|
1221 |
); |
|
1222 |
|
|
1223 |
// Filter out insecure_settings. |
|
1224 |
foreach(array_keys($params) as $key) { |
|
1225 |
if (in_array($key, $insecure_settings)) { |
|
1226 |
unset($params[$key]); |
|
1227 |
} |
|
1228 |
} |
|
1229 |
|
|
1230 |
// Retrieve the security sensitive options from the cache. |
|
1231 |
if (!empty($params['options']) && is_string($params['options']) && $options = cache_get('media_options:' . $params['options'], 'cache_form')) { |
|
1232 |
$params = array_merge($options->data, $params); |
|
1233 |
} |
|
1210 | 1234 |
|
1211 | 1235 |
// Transform text 'true' and 'false' to actual booleans. |
1212 | 1236 |
foreach ($params as $k => $v) { |
... | ... | |
1220 | 1244 |
|
1221 | 1245 |
array_walk_recursive($params, 'media_recursive_check_plain'); |
1222 | 1246 |
|
1247 |
// Provide some default parameters. |
|
1248 |
$params += array( |
|
1249 |
'types' => array(), |
|
1250 |
'multiselect' => FALSE, |
|
1251 |
); |
|
1252 |
|
|
1223 | 1253 |
// Allow modules to alter the parameters. |
1224 | 1254 |
drupal_alter('media_browser_params', $params); |
1225 | 1255 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules