Projet

Général

Profil

Révision b0dc3a2e

Ajouté par Julien Enselme il y a plus de 7 ans

Update to Drupal 7.52

Voir les différences:

drupal7/modules/file/file.module
457 457 
      '#markup' => theme('file_link', array('file' => $element['#file'])) . ' ',
458 458 
      '#weight' => -10,
459 459 
    );
460 
    // Anonymous users who have uploaded a temporary file need a
461 
    // non-session-based token added so file_managed_file_value() can check
462 
    // that they have permission to use this file on subsequent submissions of
463 
    // the same form (for example, after an Ajax upload or form validation
464 
    // error).
465 
    if (!$GLOBALS['user']->uid && $element['#file']->status != FILE_STATUS_PERMANENT) {
466 
      $element['fid_token'] = array(
467 
        '#type' => 'hidden',
468 
        '#value' => drupal_hmac_base64('file-' . $fid, drupal_get_private_key() . drupal_get_hash_salt()),
469 
      );
470 
    }
460 471 
  }
461 472 

  		




  462
  473
  
    
  // Add the extension list to the page as JavaScript settings.


  		




  ......




  533
  544
  
    
          $force_default = TRUE;


  		




  534
  545
  
    
        }


  		




  535
  546
  
    
        // Temporary files that belong to other users should never be allowed.


  		




  536
  
  
    
        // Since file ownership can't be determined for anonymous users, they


  		




  537
  
  
    
        // are not allowed to reuse temporary files at all.


  		




  538
  
  
    
        elseif ($file->status != FILE_STATUS_PERMANENT && (!$GLOBALS['user']->uid || $file->uid != $GLOBALS['user']->uid)) {


  		




  539
  
  
    
          $force_default = TRUE;


  		




  
  547
  
    
        elseif ($file->status != FILE_STATUS_PERMANENT) {


  		




  
  548
  
    
          if ($GLOBALS['user']->uid && $file->uid != $GLOBALS['user']->uid) {


  		




  
  549
  
    
            $force_default = TRUE;


  		




  
  550
  
    
          }


  		




  
  551
  
    
          // Since file ownership can't be determined for anonymous users, they


  		




  
  552
  
    
          // are not allowed to reuse temporary files at all. But they do need


  		




  
  553
  
    
          // to be able to reuse their own files from earlier submissions of


  		




  
  554
  
    
          // the same form, so to allow that, check for the token added by


  		




  
  555
  
    
          // file_managed_file_process().


  		




  
  556
  
    
          elseif (!$GLOBALS['user']->uid) {


  		




  
  557
  
    
            $token = drupal_array_get_nested_value($form_state['input'], array_merge($element['#parents'], array('fid_token')));


  		




  
  558
  
    
            if ($token !== drupal_hmac_base64('file-' . $file->fid, drupal_get_private_key() . drupal_get_hash_salt())) {


  		




  
  559
  
    
              $force_default = TRUE;


  		




  
  560
  
    
            }


  		




  
  561
  
    
          }


  		




  540
  562
  
    
        }


  		




  541
  563
  
    
        // If all checks pass, allow the file to be changed.


  		




  542
  
  
    
        else {


  		




  
  564
  
    
        if (!$force_default) {


  		




  543
  565
  
    
          $fid = $file->fid;


  		




  544
  566
  
    
        }


  		




  545
  567
  
    
      }


  		












Formats disponibles :  Unified diff