/ - Diff - Club Drupal - Forge Centrale Marseille

     Drupal 7.74, 2020-11-17
     -----------------------
     - Fixed security issues:
        - SA-CORE-2020-012
     Drupal 7.73, 2020-09-16
     -----------------------
     - Fixed security issues:
        - SA-CORE-2020-007
     Drupal 7.72, 2020-06-17
     -----------------------
     - Fixed security issues:

     /**
      * The current system version.
      */
     define('VERSION', '7.72');
     define('VERSION', '7.74');
     /**
      * Core API compatibility.

      * exploit.php_.pps.
+     *
      * Specifically, this function adds an underscore to all extensions that are
      * between 2 and 5 characters in length, internal to the file name, and not
      * included in $extensions.
      * between 2 and 5 characters in length, internal to the file name, and either
      * included in the list of unsafe extensions, or not included in $extensions.
+     *
      * Function behavior is also controlled by the Drupal variable
      * 'allow_insecure_uploads'. If 'allow_insecure_uploads' evaluates to TRUE, no
-...
      * @param $filename
      *   File name to modify.
      * @param $extensions
      *   A space-separated list of extensions that should not be altered.
      *   A space-separated list of extensions that should not be altered. Note that
      *   extensions that are unsafe will be altered regardless of this parameter.
      * @param $alerts
      *   If TRUE, drupal_set_message() will be called to display a message if the
      *   file name was changed.
-...
         $whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
         // Remove unsafe extensions from the list of allowed extensions. The list is
         // copied from file_save_upload().
         $whitelist = array_diff($whitelist, explode('|', 'php|phar|pl|py|cgi|asp|js'));
         // Split the filename up by periods. The first part becomes the basename
         // the last part the final extension.
         $filename_parts = explode('.', $filename);
-...
         $validators['file_validate_extensions'][0] = $extensions;
+      }
       if (!empty($extensions)) {
         // Munge the filename to protect against possible malicious extension hiding
         // within an unknown file type (ie: filename.html.foo).
         $file->filename = file_munge_filename($file->filename, $extensions);
+      }
       // Rename potentially executable files, to help prevent exploits (i.e. will
       // rename filename.php.foo and filename.php to filename.php.foo.txt and
       // filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads'
       // evaluates to TRUE.
       if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
         $file->filemime = 'text/plain';
         // The destination filename will also later be used to create the URI.
         $file->filename .= '.txt';
         // The .txt extension may not be in the allowed list of extensions. We have
         // to add it here or else the file upload will fail.
       if (!variable_get('allow_insecure_uploads', 0)) {
         if (!empty($extensions)) {
           $validators['file_validate_extensions'][0] .= ' txt';
           drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename)));
           // Munge the filename to protect against possible malicious extension hiding
           // within an unknown file type (ie: filename.html.foo).
           $file->filename = file_munge_filename($file->filename, $extensions);
+        }
         // Rename potentially executable files, to help prevent exploits (i.e. will
         // rename filename.php.foo and filename.php to filename.php_.foo_.txt and
         // filename.php_.txt, respectively). Don't rename if 'allow_insecure_uploads'
         // evaluates to TRUE.
         if (preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) {
           // If the file will be rejected anyway due to a disallowed extension, it
           // should not be renamed; rather, we'll let file_validate_extensions()
           // reject it below.
           if (!isset($validators['file_validate_extensions']) || !file_validate_extensions($file, $extensions)) {
             $file->filemime = 'text/plain';
             if (substr($file->filename, -4) != '.txt') {
               // The destination filename will also later be used to create the URI.
               $file->filename .= '.txt';
+            }
             $file->filename = file_munge_filename($file->filename, $extensions, FALSE);
             drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename)));
             // The .txt extension may not be in the allowed list of extensions. We have
             // to add it here or else the file upload will fail.
             if (!empty($validators['file_validate_extensions'][0])) {
               $validators['file_validate_extensions'][0] .= ' txt';
+            }
+          }
+        }
+      }
-...
+      }
       // Let other modules perform validation on the new file.
       return array_merge($errors, module_invoke_all('file_validate', $file));
       $errors = array_merge($errors, module_invoke_all('file_validate', $file));
       // Ensure the file does not contain a malicious extension. At this point
       // file_save_upload() will have munged the file so it does not contain a
       // malicious extension. Contributed and custom code that calls this method
       // needs to take similar steps if they need to permit files with malicious
       // extensions to be uploaded.
       if (empty($errors) && !variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) {
         $errors[] = t('For security reasons, your upload has been rejected.');
+      }
       return $errors;
+    }
     /**

drupal7/index.php
1	1	<?php
2		header('location: https://my.centrale-assos.fr/'); exit;
	2
3	3	/**
4	4	* @file
5	5	* The PHP page that serves all page requests on a Drupal installation.

       // The 'this' variable will not persist inside of the options object.
       var ajax = this;
       ajax.options = {
         url: ajax.url,
         url: Drupal.sanitizeAjaxUrl(ajax.url),
         data: ajax.submit,
         beforeSerialize: function (element_settings, options) {
           return ajax.beforeSerialize(element_settings, options);
-...
+          }
         },
         dataType: 'json',
         jsonp: false,
         type: 'POST'
       };

         // encodeURIComponent to allow autocomplete search terms to contain slashes.
         $.ajax({
           type: 'GET',
           url: db.uri + '/' + Drupal.encodePath(searchString),
           url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)),
           dataType: 'json',
           jsonp: false,
           success: function (matches) {
             if (typeof matches.status == 'undefined' || matches.status != 0) {
               db.cache[searchString] = matches;

       return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0;
     };
     /**
      * Sanitizes a URL for use with jQuery.ajax().
+     *
      * @param url
      *   The URL string to be sanitized.
+     *
      * @return
      *   The sanitized URL.
      */
     Drupal.sanitizeAjaxUrl = function (url) {
       var regex = /\=\?(&|$)/;
       while (url.match(regex)) {
         url = url.replace(regex, '');
+      }
       return url;
+    }
     /**
      * Generate the themed representation of a Drupal object.
+     *

     configure = admin/config/services/aggregator/settings
     stylesheets[all][] = aggregator.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = block.test
     configure = admin/structure/block
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     regions[highlighted] = Highlighted
     regions[help] = Help
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = blog.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     configure = admin/content/book/settings
     stylesheets[all][] = book.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = color.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     configure = admin/content/comment
     stylesheets[all][] = comment.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = contact.test
     configure = admin/structure/contact
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = contextual.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = block
     configure = admin/dashboard/customize
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = dblog.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     required = TRUE
     stylesheets[all][] = theme/field.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = field_sql_storage.test
     required = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = options
     files[] = tests/list.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = field
     files[] = number.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = field
     files[] = options.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = text.test
     required = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = field
     files[] = field_ui.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = field
     files[] = tests/file.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     required = TRUE
     configure = admin/config/content/formats
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     configure = admin/structure/forum
     stylesheets[all][] = forum.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = help.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = image.test
     configure = admin/config/media/image-styles
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = image_module_test.module
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = locale.test
     configure = admin/config/regional/language
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = menu.test
     configure = admin/structure/menu
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     configure = admin/structure/types
     stylesheets[all][] = node.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = openid.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = openid
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     core = 7.x
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = path.test
     configure = admin/config/search/path
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = php.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = poll.test
     stylesheets[all][] = poll.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     ; See user_system_info_alter().
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     files[] = rdf.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     hidden = TRUE
     dependencies[] = blog
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     configure = admin/config/search/settings
     stylesheets[all][] = search.css
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = shortcut.test
     configure = admin/config/user-interface/shortcut
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     files[] = tests/upgrade/update.field.test
     files[] = tests/upgrade/update.user.test
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     stylesheets[print][] = common_test.print.css
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     dependencies[] = entity_cache_test_dependency
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     version = VERSION
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

     core = 7.x
     hidden = TRUE
     ; Information added by Drupal.org packaging script on 2020-06-17
     version = "7.72"
     ; Information added by Drupal.org packaging script on 2020-11-18
     version = "7.74"
     project = "drupal"
     datestamp = "1592419104"
     datestamp = "1605718477"

         $edit = array(
           'file_test_replace' => FILE_EXISTS_REPLACE,
           'files[file_test_upload]' => drupal_realpath($this->image->uri),
           'allow_all_extensions' => TRUE,
           'allow_all_extensions' => 'empty_array',
         );
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
-...
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'load', 'update'));
         // Reset the hook counters.
         file_test_reset();
         // Now tell file_save_upload() to allow any extension and try and upload a
         // malicious file.
         $edit = array(
           'file_test_replace' => FILE_EXISTS_REPLACE,
           'files[file_test_upload]' => drupal_realpath($this->phpfile->uri),
           'is_image_file' => FALSE,
           'allow_all_extensions' => 'empty_array',
         );
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '_.txt' . '</em>';
         $this->assertRaw($message, 'Dangerous file was renamed.');
         $this->assertText('File name is php-2.php_.txt.');
         $this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed.");
         $this->assertRaw(t('You WIN!'), 'Found the success message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
+      }
       /**
        * Test dangerous file handling.
        */
       function testHandleDangerousFile() {
         // Allow the .php extension and make sure it gets renamed to .txt for
         // safety. Also check to make sure its MIME type was changed.
         // Allow the .php extension and make sure it gets munged and given a .txt
         // extension for safety. Also check to make sure its MIME type was changed.
         $edit = array(
           'file_test_replace' => FILE_EXISTS_REPLACE,
           'files[file_test_upload]' => drupal_realpath($this->phpfile->uri),
-...
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '.txt' . '</em>';
         $message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '_.txt' . '</em>';
         $this->assertRaw($message, 'Dangerous file was renamed.');
         $this->assertRaw('File name is php-2.php_.txt.');
         $this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed.");
         $this->assertRaw(t('You WIN!'), 'Found the success message.');
-...
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Turn off insecure uploads.
         // Reset the hook counters.
         file_test_reset();
         // Even with insecure uploads allowed, the .php file should not be uploaded
         // if it is not explicitly included in the list of allowed extensions.
         $edit['extensions'] = 'foo';
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $message = t('Only files with the following extensions are allowed:') . ' <em class="placeholder">' . $edit['extensions'] . '</em>';
         $this->assertRaw($message, 'Cannot upload a disallowed extension');
         $this->assertRaw(t('Epic upload FAIL!'), 'Found the failure message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate'));
         // Reset the hook counters.
         file_test_reset();
         // Turn off insecure uploads, then try the same thing as above (ensure that
         // the .php file is still rejected since it's not in the list of allowed
         // extensions).
         variable_set('allow_insecure_uploads', 0);
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $message = t('Only files with the following extensions are allowed:') . ' <em class="placeholder">' . $edit['extensions'] . '</em>';
         $this->assertRaw($message, 'Cannot upload a disallowed extension');
         $this->assertRaw(t('Epic upload FAIL!'), 'Found the failure message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate'));
         // Reset the hook counters.
         file_test_reset();
+      }
       /**
-...
       function testHandleFileMunge() {
         // Ensure insecure uploads are disabled for this test.
         variable_set('allow_insecure_uploads', 0);
         $original_image_uri = $this->image->uri;
         $this->image = file_move($this->image, $this->image->uri . '.foo.' . $this->image_extension);
         // Reset the hook counters to get rid of the 'move' we just called.
-...
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Reset the hook counters.
         file_test_reset();
         // Ensure we don't munge the .foo extension if it is in the list of allowed
         // extensions.
         $extensions = 'foo ' . $this->image_extension;
         $edit = array(
           'files[file_test_upload]' => drupal_realpath($this->image->uri),
           'extensions' => $extensions,
         );
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found no security message.');
         $this->assertRaw(t('File name is @filename', array('@filename' => 'image-test.png.foo.png')), 'File was not munged when all extensions within it are allowed.');
         $this->assertRaw(t('You WIN!'), 'Found the success message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Ensure we don't munge files if we're allowing any extension.
         // Reset the hook counters.
         file_test_reset();
         $edit = array(
           'files[file_test_upload]' => drupal_realpath($this->image->uri),
           'allow_all_extensions' => TRUE,
           'allow_all_extensions' => 'empty_array',
         );
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
-...
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Test that a dangerous extension such as .php is munged even if it is in
         // the list of allowed extensions.
         $this->image = file_move($this->image, $original_image_uri . '.php.' . $this->image_extension);
         // Reset the hook counters.
         file_test_reset();
         $extensions = 'php ' . $this->image_extension;
         $edit = array(
           'files[file_test_upload]' => drupal_realpath($this->image->uri),
           'extensions' => $extensions,
         );
         $munged_filename = $this->image->filename;
         $munged_filename = substr($munged_filename, 0, strrpos($munged_filename, '.'));
         $munged_filename .= '_.' . $this->image_extension;
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $this->assertRaw(t('For security reasons, your upload has been renamed'), 'Found security message.');
         $this->assertRaw(t('File name is @filename', array('@filename' => $munged_filename)), 'File was successfully munged.');
         $this->assertRaw(t('You WIN!'), 'Found the success message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Reset the hook counters.
         file_test_reset();
         // Dangerous extensions are munged even when all extensions are allowed.
         $edit = array(
           'files[file_test_upload]' => drupal_realpath($this->image->uri),
           'allow_all_extensions' => 'empty_array',
         );
         $munged_filename = $this->image->filename;
         $munged_filename = substr($munged_filename, 0, strrpos($munged_filename, '.'));
         $munged_filename .= '_.' . $this->image_extension;
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $this->assertRaw(t('For security reasons, your upload has been renamed'), 'Found security message.');
         $this->assertRaw(t('File name is @filename.', array('@filename' => 'image-test.png_.php_.png_.txt')), 'File was successfully munged.');
         $this->assertRaw(t('You WIN!'), 'Found the success message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Dangerous extensions are munged if is renamed to end in .txt.
         $this->image = file_move($this->image, $original_image_uri . '.cgi.' . $this->image_extension . '.txt');
         // Reset the hook counters.
         file_test_reset();
         $edit = array(
           'files[file_test_upload]' => drupal_realpath($this->image->uri),
           'allow_all_extensions' => 'empty_array',
         );
         $munged_filename = $this->image->filename;
         $munged_filename = substr($munged_filename, 0, strrpos($munged_filename, '.'));
         $munged_filename .= '_.' . $this->image_extension;
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $this->assertRaw(t('For security reasons, your upload has been renamed'), 'Found security message.');
         $this->assertRaw(t('File name is @filename.', array('@filename' => 'image-test.png_.cgi_.png_.txt')), 'File was successfully munged.');
         $this->assertRaw(t('You WIN!'), 'Found the success message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate', 'insert'));
         // Reset the hook counters.
         file_test_reset();
         // Ensure that setting $validators['file_validate_extensions'] = array('')
         // rejects all files without munging or renaming.
         $edit = array(
             'files[file_test_upload]' => drupal_realpath($this->image->uri),
             'allow_all_extensions' => 'empty_string',
         );
         $this->drupalPost('file-test/upload', $edit, t('Submit'));
         $this->assertResponse(200, 'Received a 200 response for posted test file.');
         $this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found security message.');
         $this->assertRaw(t('Epic upload FAIL!'), 'Found the failure message.');
         // Check that the correct hooks were called.
         $this->assertFileHooksCalled(array('validate'));
+      }
       /**
-...
         $this->assertEqual(file_validate($file, $failing), array('Failed', 'Badly', 'Epic fail'), 'Validating returns errors.');
         $this->assertFileHooksCalled(array('validate'));
+      }
       /**
        * Tests hard-coded security check in file_validate().
        */
       public function testInsecureExtensions() {
         $file = $this->createFile('test.php', 'Invalid PHP');
         // Test that file_validate() will check for insecure extensions by default.
         $errors = file_validate($file, array());
         $this->assertEqual('For security reasons, your upload has been rejected.', $errors[0]);
         $this->assertFileHooksCalled(array('validate'));
         file_test_reset();
         // Test that the 'allow_insecure_uploads' is respected.

Projet

Général

Profil

Club Drupal

Révision cee0424c

Ajouté par Assos Assos il y a plus de 3 ans