Révision cee0424c
Ajouté par Assos Assos il y a plus de 3 ans
drupal7/CHANGELOG.txt | ||
---|---|---|
1 |
Drupal 7.74, 2020-11-17 |
|
2 |
----------------------- |
|
3 |
- Fixed security issues: |
|
4 |
- SA-CORE-2020-012 |
|
5 |
|
|
6 |
Drupal 7.73, 2020-09-16 |
|
7 |
----------------------- |
|
8 |
- Fixed security issues: |
|
9 |
- SA-CORE-2020-007 |
|
10 |
|
|
1 | 11 |
Drupal 7.72, 2020-06-17 |
2 | 12 |
----------------------- |
3 | 13 |
- Fixed security issues: |
drupal7/includes/bootstrap.inc | ||
---|---|---|
8 | 8 |
/** |
9 | 9 |
* The current system version. |
10 | 10 |
*/ |
11 |
define('VERSION', '7.72');
|
|
11 |
define('VERSION', '7.74');
|
|
12 | 12 |
|
13 | 13 |
/** |
14 | 14 |
* Core API compatibility. |
drupal7/includes/file.inc | ||
---|---|---|
1147 | 1147 |
* exploit.php_.pps. |
1148 | 1148 |
* |
1149 | 1149 |
* Specifically, this function adds an underscore to all extensions that are |
1150 |
* between 2 and 5 characters in length, internal to the file name, and not
|
|
1151 |
* included in $extensions. |
|
1150 |
* between 2 and 5 characters in length, internal to the file name, and either
|
|
1151 |
* included in the list of unsafe extensions, or not included in $extensions.
|
|
1152 | 1152 |
* |
1153 | 1153 |
* Function behavior is also controlled by the Drupal variable |
1154 | 1154 |
* 'allow_insecure_uploads'. If 'allow_insecure_uploads' evaluates to TRUE, no |
... | ... | |
1157 | 1157 |
* @param $filename |
1158 | 1158 |
* File name to modify. |
1159 | 1159 |
* @param $extensions |
1160 |
* A space-separated list of extensions that should not be altered. |
|
1160 |
* A space-separated list of extensions that should not be altered. Note that |
|
1161 |
* extensions that are unsafe will be altered regardless of this parameter. |
|
1161 | 1162 |
* @param $alerts |
1162 | 1163 |
* If TRUE, drupal_set_message() will be called to display a message if the |
1163 | 1164 |
* file name was changed. |
... | ... | |
1175 | 1176 |
|
1176 | 1177 |
$whitelist = array_unique(explode(' ', strtolower(trim($extensions)))); |
1177 | 1178 |
|
1179 |
// Remove unsafe extensions from the list of allowed extensions. The list is |
|
1180 |
// copied from file_save_upload(). |
|
1181 |
$whitelist = array_diff($whitelist, explode('|', 'php|phar|pl|py|cgi|asp|js')); |
|
1182 |
|
|
1178 | 1183 |
// Split the filename up by periods. The first part becomes the basename |
1179 | 1184 |
// the last part the final extension. |
1180 | 1185 |
$filename_parts = explode('.', $filename); |
... | ... | |
1542 | 1547 |
$validators['file_validate_extensions'][0] = $extensions; |
1543 | 1548 |
} |
1544 | 1549 |
|
1545 |
if (!empty($extensions)) { |
|
1546 |
// Munge the filename to protect against possible malicious extension hiding |
|
1547 |
// within an unknown file type (ie: filename.html.foo). |
|
1548 |
$file->filename = file_munge_filename($file->filename, $extensions); |
|
1549 |
} |
|
1550 |
|
|
1551 |
// Rename potentially executable files, to help prevent exploits (i.e. will |
|
1552 |
// rename filename.php.foo and filename.php to filename.php.foo.txt and |
|
1553 |
// filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads' |
|
1554 |
// evaluates to TRUE. |
|
1555 |
if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { |
|
1556 |
$file->filemime = 'text/plain'; |
|
1557 |
// The destination filename will also later be used to create the URI. |
|
1558 |
$file->filename .= '.txt'; |
|
1559 |
// The .txt extension may not be in the allowed list of extensions. We have |
|
1560 |
// to add it here or else the file upload will fail. |
|
1550 |
if (!variable_get('allow_insecure_uploads', 0)) { |
|
1561 | 1551 |
if (!empty($extensions)) { |
1562 |
$validators['file_validate_extensions'][0] .= ' txt'; |
|
1563 |
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename))); |
|
1552 |
// Munge the filename to protect against possible malicious extension hiding |
|
1553 |
// within an unknown file type (ie: filename.html.foo). |
|
1554 |
$file->filename = file_munge_filename($file->filename, $extensions); |
|
1555 |
} |
|
1556 |
|
|
1557 |
// Rename potentially executable files, to help prevent exploits (i.e. will |
|
1558 |
// rename filename.php.foo and filename.php to filename.php_.foo_.txt and |
|
1559 |
// filename.php_.txt, respectively). Don't rename if 'allow_insecure_uploads' |
|
1560 |
// evaluates to TRUE. |
|
1561 |
if (preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) { |
|
1562 |
// If the file will be rejected anyway due to a disallowed extension, it |
|
1563 |
// should not be renamed; rather, we'll let file_validate_extensions() |
|
1564 |
// reject it below. |
|
1565 |
if (!isset($validators['file_validate_extensions']) || !file_validate_extensions($file, $extensions)) { |
|
1566 |
$file->filemime = 'text/plain'; |
|
1567 |
if (substr($file->filename, -4) != '.txt') { |
|
1568 |
// The destination filename will also later be used to create the URI. |
|
1569 |
$file->filename .= '.txt'; |
|
1570 |
} |
|
1571 |
$file->filename = file_munge_filename($file->filename, $extensions, FALSE); |
|
1572 |
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $file->filename))); |
|
1573 |
// The .txt extension may not be in the allowed list of extensions. We have |
|
1574 |
// to add it here or else the file upload will fail. |
|
1575 |
if (!empty($validators['file_validate_extensions'][0])) { |
|
1576 |
$validators['file_validate_extensions'][0] .= ' txt'; |
|
1577 |
} |
|
1578 |
} |
|
1564 | 1579 |
} |
1565 | 1580 |
} |
1566 | 1581 |
|
... | ... | |
1728 | 1743 |
} |
1729 | 1744 |
|
1730 | 1745 |
// Let other modules perform validation on the new file. |
1731 |
return array_merge($errors, module_invoke_all('file_validate', $file)); |
|
1746 |
$errors = array_merge($errors, module_invoke_all('file_validate', $file)); |
|
1747 |
|
|
1748 |
// Ensure the file does not contain a malicious extension. At this point |
|
1749 |
// file_save_upload() will have munged the file so it does not contain a |
|
1750 |
// malicious extension. Contributed and custom code that calls this method |
|
1751 |
// needs to take similar steps if they need to permit files with malicious |
|
1752 |
// extensions to be uploaded. |
|
1753 |
if (empty($errors) && !variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename)) { |
|
1754 |
$errors[] = t('For security reasons, your upload has been rejected.'); |
|
1755 |
} |
|
1756 |
|
|
1757 |
return $errors; |
|
1732 | 1758 |
} |
1733 | 1759 |
|
1734 | 1760 |
/** |
drupal7/index.php | ||
---|---|---|
1 | 1 |
<?php |
2 |
header('location: https://my.centrale-assos.fr/'); exit; |
|
2 |
|
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 | 5 |
* The PHP page that serves all page requests on a Drupal installation. |
drupal7/misc/ajax.js | ||
---|---|---|
149 | 149 |
// The 'this' variable will not persist inside of the options object. |
150 | 150 |
var ajax = this; |
151 | 151 |
ajax.options = { |
152 |
url: ajax.url,
|
|
152 |
url: Drupal.sanitizeAjaxUrl(ajax.url),
|
|
153 | 153 |
data: ajax.submit, |
154 | 154 |
beforeSerialize: function (element_settings, options) { |
155 | 155 |
return ajax.beforeSerialize(element_settings, options); |
... | ... | |
195 | 195 |
} |
196 | 196 |
}, |
197 | 197 |
dataType: 'json', |
198 |
jsonp: false, |
|
198 | 199 |
type: 'POST' |
199 | 200 |
}; |
200 | 201 |
|
drupal7/misc/autocomplete.js | ||
---|---|---|
297 | 297 |
// encodeURIComponent to allow autocomplete search terms to contain slashes. |
298 | 298 |
$.ajax({ |
299 | 299 |
type: 'GET', |
300 |
url: db.uri + '/' + Drupal.encodePath(searchString),
|
|
300 |
url: Drupal.sanitizeAjaxUrl(db.uri + '/' + Drupal.encodePath(searchString)),
|
|
301 | 301 |
dataType: 'json', |
302 |
jsonp: false, |
|
302 | 303 |
success: function (matches) { |
303 | 304 |
if (typeof matches.status == 'undefined' || matches.status != 0) { |
304 | 305 |
db.cache[searchString] = matches; |
drupal7/misc/drupal.js | ||
---|---|---|
424 | 424 |
return absoluteUrl === baseUrl || absoluteUrl.indexOf(baseUrl + '/') === 0; |
425 | 425 |
}; |
426 | 426 |
|
427 |
/** |
|
428 |
* Sanitizes a URL for use with jQuery.ajax(). |
|
429 |
* |
|
430 |
* @param url |
|
431 |
* The URL string to be sanitized. |
|
432 |
* |
|
433 |
* @return |
|
434 |
* The sanitized URL. |
|
435 |
*/ |
|
436 |
Drupal.sanitizeAjaxUrl = function (url) { |
|
437 |
var regex = /\=\?(&|$)/; |
|
438 |
while (url.match(regex)) { |
|
439 |
url = url.replace(regex, ''); |
|
440 |
} |
|
441 |
return url; |
|
442 |
} |
|
443 |
|
|
427 | 444 |
/** |
428 | 445 |
* Generate the themed representation of a Drupal object. |
429 | 446 |
* |
drupal7/modules/aggregator/aggregator.info | ||
---|---|---|
7 | 7 |
configure = admin/config/services/aggregator/settings |
8 | 8 |
stylesheets[all][] = aggregator.css |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/aggregator/tests/aggregator_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/block/block.info | ||
---|---|---|
6 | 6 |
files[] = block.test |
7 | 7 |
configure = admin/structure/block |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/block/tests/block_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/block/tests/themes/block_test_theme/block_test_theme.info | ||
---|---|---|
13 | 13 |
regions[highlighted] = Highlighted |
14 | 14 |
regions[help] = Help |
15 | 15 |
|
16 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
17 |
version = "7.72"
|
|
16 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
17 |
version = "7.74"
|
|
18 | 18 |
project = "drupal" |
19 |
datestamp = "1592419104" |
|
19 |
datestamp = "1605718477" |
drupal7/modules/blog/blog.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = blog.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/book/book.info | ||
---|---|---|
7 | 7 |
configure = admin/content/book/settings |
8 | 8 |
stylesheets[all][] = book.css |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/color/color.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = color.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/comment/comment.info | ||
---|---|---|
9 | 9 |
configure = admin/content/comment |
10 | 10 |
stylesheets[all][] = comment.css |
11 | 11 |
|
12 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
13 |
version = "7.72"
|
|
12 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
13 |
version = "7.74"
|
|
14 | 14 |
project = "drupal" |
15 |
datestamp = "1592419104" |
|
15 |
datestamp = "1605718477" |
drupal7/modules/contact/contact.info | ||
---|---|---|
6 | 6 |
files[] = contact.test |
7 | 7 |
configure = admin/structure/contact |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/contextual/contextual.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = contextual.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/dashboard/dashboard.info | ||
---|---|---|
7 | 7 |
dependencies[] = block |
8 | 8 |
configure = admin/dashboard/customize |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/dblog/dblog.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = dblog.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/field/field.info | ||
---|---|---|
11 | 11 |
required = TRUE |
12 | 12 |
stylesheets[all][] = theme/field.css |
13 | 13 |
|
14 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
15 |
version = "7.72"
|
|
14 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
15 |
version = "7.74"
|
|
16 | 16 |
project = "drupal" |
17 |
datestamp = "1592419104" |
|
17 |
datestamp = "1605718477" |
drupal7/modules/field/modules/field_sql_storage/field_sql_storage.info | ||
---|---|---|
7 | 7 |
files[] = field_sql_storage.test |
8 | 8 |
required = TRUE |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/field/modules/list/list.info | ||
---|---|---|
7 | 7 |
dependencies[] = options |
8 | 8 |
files[] = tests/list.test |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/field/modules/list/tests/list_test.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/field/modules/number/number.info | ||
---|---|---|
6 | 6 |
dependencies[] = field |
7 | 7 |
files[] = number.test |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/field/modules/options/options.info | ||
---|---|---|
6 | 6 |
dependencies[] = field |
7 | 7 |
files[] = options.test |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/field/modules/text/text.info | ||
---|---|---|
7 | 7 |
files[] = text.test |
8 | 8 |
required = TRUE |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/field/tests/field_test.info | ||
---|---|---|
6 | 6 |
version = VERSION |
7 | 7 |
hidden = TRUE |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/field_ui/field_ui.info | ||
---|---|---|
6 | 6 |
dependencies[] = field |
7 | 7 |
files[] = field_ui.test |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/file/file.info | ||
---|---|---|
6 | 6 |
dependencies[] = field |
7 | 7 |
files[] = tests/file.test |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/file/tests/file_module_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/filter/filter.info | ||
---|---|---|
7 | 7 |
required = TRUE |
8 | 8 |
configure = admin/config/content/formats |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/forum/forum.info | ||
---|---|---|
9 | 9 |
configure = admin/structure/forum |
10 | 10 |
stylesheets[all][] = forum.css |
11 | 11 |
|
12 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
13 |
version = "7.72"
|
|
12 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
13 |
version = "7.74"
|
|
14 | 14 |
project = "drupal" |
15 |
datestamp = "1592419104" |
|
15 |
datestamp = "1605718477" |
drupal7/modules/help/help.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = help.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/image/image.info | ||
---|---|---|
7 | 7 |
files[] = image.test |
8 | 8 |
configure = admin/config/media/image-styles |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/image/tests/image_module_test.info | ||
---|---|---|
6 | 6 |
files[] = image_module_test.module |
7 | 7 |
hidden = TRUE |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/locale/locale.info | ||
---|---|---|
6 | 6 |
files[] = locale.test |
7 | 7 |
configure = admin/config/regional/language |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/locale/tests/locale_test.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/menu/menu.info | ||
---|---|---|
6 | 6 |
files[] = menu.test |
7 | 7 |
configure = admin/structure/menu |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/node/node.info | ||
---|---|---|
9 | 9 |
configure = admin/structure/types |
10 | 10 |
stylesheets[all][] = node.css |
11 | 11 |
|
12 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
13 |
version = "7.72"
|
|
12 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
13 |
version = "7.74"
|
|
14 | 14 |
project = "drupal" |
15 |
datestamp = "1592419104" |
|
15 |
datestamp = "1605718477" |
drupal7/modules/node/tests/node_access_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/node/tests/node_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/node/tests/node_test_exception.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/openid/openid.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = openid.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/openid/tests/openid_test.info | ||
---|---|---|
6 | 6 |
dependencies[] = openid |
7 | 7 |
hidden = TRUE |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/overlay/overlay.info | ||
---|---|---|
4 | 4 |
version = VERSION |
5 | 5 |
core = 7.x |
6 | 6 |
|
7 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
8 |
version = "7.72"
|
|
7 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
8 |
version = "7.74"
|
|
9 | 9 |
project = "drupal" |
10 |
datestamp = "1592419104" |
|
10 |
datestamp = "1605718477" |
drupal7/modules/path/path.info | ||
---|---|---|
6 | 6 |
files[] = path.test |
7 | 7 |
configure = admin/config/search/path |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/php/php.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = php.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/poll/poll.info | ||
---|---|---|
6 | 6 |
files[] = poll.test |
7 | 7 |
stylesheets[all][] = poll.css |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/profile/profile.info | ||
---|---|---|
11 | 11 |
; See user_system_info_alter(). |
12 | 12 |
hidden = TRUE |
13 | 13 |
|
14 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
15 |
version = "7.72"
|
|
14 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
15 |
version = "7.74"
|
|
16 | 16 |
project = "drupal" |
17 |
datestamp = "1592419104" |
|
17 |
datestamp = "1605718477" |
drupal7/modules/rdf/rdf.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
files[] = rdf.test |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/rdf/tests/rdf_test.info | ||
---|---|---|
6 | 6 |
hidden = TRUE |
7 | 7 |
dependencies[] = blog |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/search/search.info | ||
---|---|---|
8 | 8 |
configure = admin/config/search/settings |
9 | 9 |
stylesheets[all][] = search.css |
10 | 10 |
|
11 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
12 |
version = "7.72"
|
|
11 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
12 |
version = "7.74"
|
|
13 | 13 |
project = "drupal" |
14 |
datestamp = "1592419104" |
|
14 |
datestamp = "1605718477" |
drupal7/modules/search/tests/search_embedded_form.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/search/tests/search_extra_type.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/search/tests/search_node_tags.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/shortcut/shortcut.info | ||
---|---|---|
6 | 6 |
files[] = shortcut.test |
7 | 7 |
configure = admin/config/user-interface/shortcut |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/simpletest/simpletest.info | ||
---|---|---|
58 | 58 |
files[] = tests/upgrade/update.field.test |
59 | 59 |
files[] = tests/upgrade/update.user.test |
60 | 60 |
|
61 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
62 |
version = "7.72"
|
|
61 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
62 |
version = "7.74"
|
|
63 | 63 |
project = "drupal" |
64 |
datestamp = "1592419104" |
|
64 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/actions_loop_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/ajax_forms_test.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/ajax_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/batch_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/boot_test_1.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/boot_test_2.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/common_test.info | ||
---|---|---|
7 | 7 |
stylesheets[print][] = common_test.print.css |
8 | 8 |
hidden = TRUE |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/common_test_cron_helper.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/database_test.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info | ||
---|---|---|
7 | 7 |
core = 7.x |
8 | 8 |
hidden = TRUE |
9 | 9 |
|
10 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
11 |
version = "7.72"
|
|
10 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
11 |
version = "7.74"
|
|
12 | 12 |
project = "drupal" |
13 |
datestamp = "1592419104" |
|
13 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/drupal_system_listing_compatible_test/drupal_system_listing_compatible_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/drupal_system_listing_incompatible_test/drupal_system_listing_incompatible_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/entity_cache_test.info | ||
---|---|---|
6 | 6 |
dependencies[] = entity_cache_test_dependency |
7 | 7 |
hidden = TRUE |
8 | 8 |
|
9 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
10 |
version = "7.72"
|
|
9 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
10 |
version = "7.74"
|
|
11 | 11 |
project = "drupal" |
12 |
datestamp = "1592419104" |
|
12 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/entity_cache_test_dependency.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/entity_crud_hook_test.info | ||
---|---|---|
5 | 5 |
version = VERSION |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/entity_query_access_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/error_test.info | ||
---|---|---|
5 | 5 |
core = 7.x |
6 | 6 |
hidden = TRUE |
7 | 7 |
|
8 |
; Information added by Drupal.org packaging script on 2020-06-17
|
|
9 |
version = "7.72"
|
|
8 |
; Information added by Drupal.org packaging script on 2020-11-18
|
|
9 |
version = "7.74"
|
|
10 | 10 |
project = "drupal" |
11 |
datestamp = "1592419104" |
|
11 |
datestamp = "1605718477" |
drupal7/modules/simpletest/tests/file.test | ||
---|---|---|
706 | 706 |
$edit = array( |
707 | 707 |
'file_test_replace' => FILE_EXISTS_REPLACE, |
708 | 708 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
709 |
'allow_all_extensions' => TRUE,
|
|
709 |
'allow_all_extensions' => 'empty_array',
|
|
710 | 710 |
); |
711 | 711 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
712 | 712 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
... | ... | |
715 | 715 |
|
716 | 716 |
// Check that the correct hooks were called. |
717 | 717 |
$this->assertFileHooksCalled(array('validate', 'load', 'update')); |
718 |
|
|
719 |
// Reset the hook counters. |
|
720 |
file_test_reset(); |
|
721 |
|
|
722 |
// Now tell file_save_upload() to allow any extension and try and upload a |
|
723 |
// malicious file. |
|
724 |
$edit = array( |
|
725 |
'file_test_replace' => FILE_EXISTS_REPLACE, |
|
726 |
'files[file_test_upload]' => drupal_realpath($this->phpfile->uri), |
|
727 |
'is_image_file' => FALSE, |
|
728 |
'allow_all_extensions' => 'empty_array', |
|
729 |
); |
|
730 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
731 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
732 |
$message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '_.txt' . '</em>'; |
|
733 |
$this->assertRaw($message, 'Dangerous file was renamed.'); |
|
734 |
$this->assertText('File name is php-2.php_.txt.'); |
|
735 |
$this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed."); |
|
736 |
$this->assertRaw(t('You WIN!'), 'Found the success message.'); |
|
737 |
// Check that the correct hooks were called. |
|
738 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
|
718 | 739 |
} |
719 | 740 |
|
720 | 741 |
/** |
721 | 742 |
* Test dangerous file handling. |
722 | 743 |
*/ |
723 | 744 |
function testHandleDangerousFile() { |
724 |
// Allow the .php extension and make sure it gets renamed to .txt for
|
|
725 |
// safety. Also check to make sure its MIME type was changed. |
|
745 |
// Allow the .php extension and make sure it gets munged and given a .txt
|
|
746 |
// extension for safety. Also check to make sure its MIME type was changed.
|
|
726 | 747 |
$edit = array( |
727 | 748 |
'file_test_replace' => FILE_EXISTS_REPLACE, |
728 | 749 |
'files[file_test_upload]' => drupal_realpath($this->phpfile->uri), |
... | ... | |
732 | 753 |
|
733 | 754 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
734 | 755 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
735 |
$message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '.txt' . '</em>'; |
|
756 |
$message = t('For security reasons, your upload has been renamed to') . ' <em class="placeholder">' . $this->phpfile->filename . '_.txt' . '</em>';
|
|
736 | 757 |
$this->assertRaw($message, 'Dangerous file was renamed.'); |
758 |
$this->assertRaw('File name is php-2.php_.txt.'); |
|
737 | 759 |
$this->assertRaw(t('File MIME type is text/plain.'), "Dangerous file's MIME type was changed."); |
738 | 760 |
$this->assertRaw(t('You WIN!'), 'Found the success message.'); |
739 | 761 |
|
... | ... | |
755 | 777 |
// Check that the correct hooks were called. |
756 | 778 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
757 | 779 |
|
758 |
// Turn off insecure uploads. |
|
780 |
// Reset the hook counters. |
|
781 |
file_test_reset(); |
|
782 |
|
|
783 |
// Even with insecure uploads allowed, the .php file should not be uploaded |
|
784 |
// if it is not explicitly included in the list of allowed extensions. |
|
785 |
$edit['extensions'] = 'foo'; |
|
786 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
787 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
788 |
$message = t('Only files with the following extensions are allowed:') . ' <em class="placeholder">' . $edit['extensions'] . '</em>'; |
|
789 |
$this->assertRaw($message, 'Cannot upload a disallowed extension'); |
|
790 |
$this->assertRaw(t('Epic upload FAIL!'), 'Found the failure message.'); |
|
791 |
|
|
792 |
// Check that the correct hooks were called. |
|
793 |
$this->assertFileHooksCalled(array('validate')); |
|
794 |
|
|
795 |
// Reset the hook counters. |
|
796 |
file_test_reset(); |
|
797 |
|
|
798 |
// Turn off insecure uploads, then try the same thing as above (ensure that |
|
799 |
// the .php file is still rejected since it's not in the list of allowed |
|
800 |
// extensions). |
|
759 | 801 |
variable_set('allow_insecure_uploads', 0); |
802 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
803 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
804 |
$message = t('Only files with the following extensions are allowed:') . ' <em class="placeholder">' . $edit['extensions'] . '</em>'; |
|
805 |
$this->assertRaw($message, 'Cannot upload a disallowed extension'); |
|
806 |
$this->assertRaw(t('Epic upload FAIL!'), 'Found the failure message.'); |
|
807 |
|
|
808 |
// Check that the correct hooks were called. |
|
809 |
$this->assertFileHooksCalled(array('validate')); |
|
810 |
|
|
811 |
// Reset the hook counters. |
|
812 |
file_test_reset(); |
|
760 | 813 |
} |
761 | 814 |
|
762 | 815 |
/** |
... | ... | |
765 | 818 |
function testHandleFileMunge() { |
766 | 819 |
// Ensure insecure uploads are disabled for this test. |
767 | 820 |
variable_set('allow_insecure_uploads', 0); |
821 |
$original_image_uri = $this->image->uri; |
|
768 | 822 |
$this->image = file_move($this->image, $this->image->uri . '.foo.' . $this->image_extension); |
769 | 823 |
|
770 | 824 |
// Reset the hook counters to get rid of the 'move' we just called. |
... | ... | |
789 | 843 |
// Check that the correct hooks were called. |
790 | 844 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
791 | 845 |
|
846 |
// Reset the hook counters. |
|
847 |
file_test_reset(); |
|
848 |
|
|
849 |
// Ensure we don't munge the .foo extension if it is in the list of allowed |
|
850 |
// extensions. |
|
851 |
$extensions = 'foo ' . $this->image_extension; |
|
852 |
$edit = array( |
|
853 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
|
854 |
'extensions' => $extensions, |
|
855 |
); |
|
856 |
|
|
857 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
858 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
859 |
$this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found no security message.'); |
|
860 |
$this->assertRaw(t('File name is @filename', array('@filename' => 'image-test.png.foo.png')), 'File was not munged when all extensions within it are allowed.'); |
|
861 |
$this->assertRaw(t('You WIN!'), 'Found the success message.'); |
|
862 |
|
|
863 |
// Check that the correct hooks were called. |
|
864 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
|
865 |
|
|
792 | 866 |
// Ensure we don't munge files if we're allowing any extension. |
793 | 867 |
// Reset the hook counters. |
794 | 868 |
file_test_reset(); |
795 | 869 |
|
796 | 870 |
$edit = array( |
797 | 871 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
798 |
'allow_all_extensions' => TRUE,
|
|
872 |
'allow_all_extensions' => 'empty_array',
|
|
799 | 873 |
); |
800 | 874 |
|
801 | 875 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
... | ... | |
806 | 880 |
|
807 | 881 |
// Check that the correct hooks were called. |
808 | 882 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
883 |
|
|
884 |
// Test that a dangerous extension such as .php is munged even if it is in |
|
885 |
// the list of allowed extensions. |
|
886 |
$this->image = file_move($this->image, $original_image_uri . '.php.' . $this->image_extension); |
|
887 |
// Reset the hook counters. |
|
888 |
file_test_reset(); |
|
889 |
|
|
890 |
$extensions = 'php ' . $this->image_extension; |
|
891 |
$edit = array( |
|
892 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
|
893 |
'extensions' => $extensions, |
|
894 |
); |
|
895 |
|
|
896 |
$munged_filename = $this->image->filename; |
|
897 |
$munged_filename = substr($munged_filename, 0, strrpos($munged_filename, '.')); |
|
898 |
$munged_filename .= '_.' . $this->image_extension; |
|
899 |
|
|
900 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
901 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
902 |
$this->assertRaw(t('For security reasons, your upload has been renamed'), 'Found security message.'); |
|
903 |
$this->assertRaw(t('File name is @filename', array('@filename' => $munged_filename)), 'File was successfully munged.'); |
|
904 |
$this->assertRaw(t('You WIN!'), 'Found the success message.'); |
|
905 |
|
|
906 |
// Check that the correct hooks were called. |
|
907 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
|
908 |
|
|
909 |
// Reset the hook counters. |
|
910 |
file_test_reset(); |
|
911 |
|
|
912 |
// Dangerous extensions are munged even when all extensions are allowed. |
|
913 |
$edit = array( |
|
914 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
|
915 |
'allow_all_extensions' => 'empty_array', |
|
916 |
); |
|
917 |
|
|
918 |
$munged_filename = $this->image->filename; |
|
919 |
$munged_filename = substr($munged_filename, 0, strrpos($munged_filename, '.')); |
|
920 |
$munged_filename .= '_.' . $this->image_extension; |
|
921 |
|
|
922 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
923 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
924 |
$this->assertRaw(t('For security reasons, your upload has been renamed'), 'Found security message.'); |
|
925 |
$this->assertRaw(t('File name is @filename.', array('@filename' => 'image-test.png_.php_.png_.txt')), 'File was successfully munged.'); |
|
926 |
$this->assertRaw(t('You WIN!'), 'Found the success message.'); |
|
927 |
|
|
928 |
// Check that the correct hooks were called. |
|
929 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
|
930 |
|
|
931 |
// Dangerous extensions are munged if is renamed to end in .txt. |
|
932 |
$this->image = file_move($this->image, $original_image_uri . '.cgi.' . $this->image_extension . '.txt'); |
|
933 |
// Reset the hook counters. |
|
934 |
file_test_reset(); |
|
935 |
|
|
936 |
$edit = array( |
|
937 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
|
938 |
'allow_all_extensions' => 'empty_array', |
|
939 |
); |
|
940 |
|
|
941 |
$munged_filename = $this->image->filename; |
|
942 |
$munged_filename = substr($munged_filename, 0, strrpos($munged_filename, '.')); |
|
943 |
$munged_filename .= '_.' . $this->image_extension; |
|
944 |
|
|
945 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
946 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
947 |
$this->assertRaw(t('For security reasons, your upload has been renamed'), 'Found security message.'); |
|
948 |
$this->assertRaw(t('File name is @filename.', array('@filename' => 'image-test.png_.cgi_.png_.txt')), 'File was successfully munged.'); |
|
949 |
$this->assertRaw(t('You WIN!'), 'Found the success message.'); |
|
950 |
|
|
951 |
// Check that the correct hooks were called. |
|
952 |
$this->assertFileHooksCalled(array('validate', 'insert')); |
|
953 |
|
|
954 |
// Reset the hook counters. |
|
955 |
file_test_reset(); |
|
956 |
|
|
957 |
// Ensure that setting $validators['file_validate_extensions'] = array('') |
|
958 |
// rejects all files without munging or renaming. |
|
959 |
$edit = array( |
|
960 |
'files[file_test_upload]' => drupal_realpath($this->image->uri), |
|
961 |
'allow_all_extensions' => 'empty_string', |
|
962 |
); |
|
963 |
|
|
964 |
$this->drupalPost('file-test/upload', $edit, t('Submit')); |
|
965 |
$this->assertResponse(200, 'Received a 200 response for posted test file.'); |
|
966 |
$this->assertNoRaw(t('For security reasons, your upload has been renamed'), 'Found security message.'); |
|
967 |
$this->assertRaw(t('Epic upload FAIL!'), 'Found the failure message.'); |
|
968 |
|
|
969 |
// Check that the correct hooks were called. |
|
970 |
$this->assertFileHooksCalled(array('validate')); |
|
809 | 971 |
} |
810 | 972 |
|
811 | 973 |
/** |
... | ... | |
2192 | 2354 |
$this->assertEqual(file_validate($file, $failing), array('Failed', 'Badly', 'Epic fail'), 'Validating returns errors.'); |
2193 | 2355 |
$this->assertFileHooksCalled(array('validate')); |
2194 | 2356 |
} |
2357 |
|
|
2358 |
/** |
|
2359 |
* Tests hard-coded security check in file_validate(). |
|
2360 |
*/ |
|
2361 |
public function testInsecureExtensions() { |
|
2362 |
$file = $this->createFile('test.php', 'Invalid PHP'); |
|
2363 |
|
|
2364 |
// Test that file_validate() will check for insecure extensions by default. |
|
2365 |
$errors = file_validate($file, array()); |
|
2366 |
$this->assertEqual('For security reasons, your upload has been rejected.', $errors[0]); |
|
2367 |
$this->assertFileHooksCalled(array('validate')); |
|
2368 |
file_test_reset(); |
|
2369 |
|
|
2370 |
// Test that the 'allow_insecure_uploads' is respected. |
Formats disponibles : Unified diff
-a