diff -Naur drupal-7.61/CHANGELOG.txt drupal-7.66/CHANGELOG.txt --- drupal-7.61/CHANGELOG.txt 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/CHANGELOG.txt 2019-04-17 22:20:46.000000000 +0200 @@ -1,3 +1,34 @@ +Drupal 7.xx, xxxx-xx-xx (development version) +----------------------- + +Drupal 7.66, 2019-04-17 +----------------------- +- Fixed security issues: + - SA-CORE-2019-006 + +Drupal 7.65, 2019-03-20 +----------------------- +- Fixed security issues: + - SA-CORE-2019-004 + +Drupal 7.64, 2019-02-06 +----------------------- +- [regression] Unset the 'host' header in drupal_http_request() during redirect +- Fixed: 7.x does not have Phar protection and Phar tests are failing on Drupal 7 +- Fixed: Notice: Undefined index: display_field in file_field_widget_value() (line 582 of /module/file/file.field.inc) +- Performance improvement: Registry rebuild should not parse the same file twice in the same request +- Fixed _registry_update() to clear caches after transaction is committed + +Drupal 7.63, 2019-01-16 +----------------------- +- Fixed a fatal error for some Drush users introduced by SA-CORE-2019-002. + +Drupal 7.62, 2019-01-15 +----------------------- +- Fixed security issues: + - SA-CORE-2019-001 + - SA-CORE-2019-002 + Drupal 7.61, 2018-11-07 ----------------------- - File upload validation functions and hook_file_validate() implementations are diff -Naur drupal-7.61/includes/bootstrap.inc drupal-7.66/includes/bootstrap.inc --- drupal-7.61/includes/bootstrap.inc 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/includes/bootstrap.inc 2019-04-17 22:20:46.000000000 +0200 @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.61'); +define('VERSION', '7.66'); /** * Core API compatibility. @@ -704,6 +704,19 @@ // Set sane locale settings, to ensure consistent string, dates, times and // numbers handling. setlocale(LC_ALL, 'C'); + + // PHP's built-in phar:// stream wrapper is not sufficiently secure. Override + // it with a more secure one, which requires PHP 5.3.3. For lower versions, + // unregister the built-in one without replacing it. Sites needing phar + // support for lower PHP versions must implement hook_stream_wrappers() to + // register their desired implementation. + if (in_array('phar', stream_get_wrappers(), TRUE)) { + stream_wrapper_unregister('phar'); + if (version_compare(PHP_VERSION, '5.3.3', '>=')) { + include_once DRUPAL_ROOT . '/includes/file.phar.inc'; + file_register_phar_wrapper(); + } + } } /** diff -Naur drupal-7.61/includes/common.inc drupal-7.66/includes/common.inc --- drupal-7.61/includes/common.inc 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/includes/common.inc 2019-04-17 22:20:46.000000000 +0200 @@ -1094,6 +1094,11 @@ elseif ($options['max_redirects']) { // Redirect to the new location. $options['max_redirects']--; + + // We need to unset the 'Host' header + // as we are redirecting to a new location. + unset($options['headers']['Host']); + $result = drupal_http_request($location, $options); $result->redirect_code = $code; } diff -Naur drupal-7.61/includes/file.inc drupal-7.66/includes/file.inc --- drupal-7.61/includes/file.inc 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/includes/file.inc 2019-04-17 22:20:46.000000000 +0200 @@ -993,8 +993,15 @@ * @return * The destination filepath, or FALSE if the file already exists * and FILE_EXISTS_ERROR is specified. + * + * @throws RuntimeException + * Thrown if the filename contains invalid UTF-8. */ function file_destination($destination, $replace) { + $basename = drupal_basename($destination); + if (!drupal_validate_utf8($basename)) { + throw new RuntimeException(sprintf("Invalid filename '%s'", $basename)); + } if (file_exists($destination)) { switch ($replace) { case FILE_EXISTS_REPLACE: @@ -1002,7 +1009,6 @@ break; case FILE_EXISTS_RENAME: - $basename = drupal_basename($destination); $directory = drupal_dirname($destination); $destination = file_create_filename($basename, $directory); break; @@ -1218,11 +1224,20 @@ * @return * File path consisting of $directory and a unique filename based off * of $basename. + * + * @throws RuntimeException + * Thrown if the $basename is not valid UTF-8 or another error occurs + * stripping control characters. */ function file_create_filename($basename, $directory) { + $original = $basename; // Strip control characters (ASCII value < 32). Though these are allowed in // some filesystems, not many applications handle them well. $basename = preg_replace('/[\x00-\x1F]/u', '_', $basename); + if (preg_last_error() !== PREG_NO_ERROR) { + throw new RuntimeException(sprintf("Invalid filename '%s'", $original)); + } + if (substr(PHP_OS, 0, 3) == 'WIN') { // These characters are not allowed in Windows filenames $basename = str_replace(array(':', '*', '?', '"', '<', '>', '|'), '_', $basename); @@ -1534,7 +1549,7 @@ // rename filename.php.foo and filename.php to filename.php.foo.txt and // filename.php.txt, respectively). Don't rename if 'allow_insecure_uploads' // evaluates to TRUE. - if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { + if (!variable_get('allow_insecure_uploads', 0) && preg_match('/\.(php|phar|pl|py|cgi|asp|js)(\.|$)/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { $file->filemime = 'text/plain'; // The destination filename will also later be used to create the URI. $file->filename .= '.txt'; @@ -1563,7 +1578,13 @@ if (substr($destination, -1) != '/') { $destination .= '/'; } - $file->destination = file_destination($destination . $file->filename, $replace); + try { + $file->destination = file_destination($destination . $file->filename, $replace); + } + catch (RuntimeException $e) { + drupal_set_message(t('The file %source could not be uploaded because the name is invalid.', array('%source' => $form_field_name)), 'error'); + return FALSE; + } // If file_destination() returns FALSE then $replace == FILE_EXISTS_ERROR and // there's an existing file so we need to bail. if ($file->destination === FALSE) { @@ -2130,9 +2151,33 @@ * 'filename', and 'name' members corresponding to the matching files. */ function file_scan_directory($dir, $mask, $options = array(), $depth = 0) { + // Default nomask option. + $nomask = '/(\.\.?|CVS)$/'; + + // Overrides the $nomask variable accordingly if $options['nomask'] is set. + // + // Allow directories specified in settings.php to be ignored. You can use this + // to not check for files in common special-purpose directories. For example, + // node_modules and bower_components. Ignoring irrelevant directories is a + // performance boost. + if (!isset($options['nomask'])) { + $ignore_directories = variable_get( + 'file_scan_ignore_directories', + array() + ); + + foreach ($ignore_directories as $index => $ignore_directory) { + $ignore_directories[$index] = preg_quote($ignore_directory, '/'); + } + + if (!empty($ignore_directories)) { + $nomask = '/^(\.\.?)|CVS|' . implode('|', $ignore_directories) . '$/'; + } + } + // Merge in defaults. $options += array( - 'nomask' => '/(\.\.?|CVS)$/', + 'nomask' => $nomask, 'callback' => 0, 'recurse' => TRUE, 'key' => 'uri', diff -Naur drupal-7.61/includes/file.phar.inc drupal-7.66/includes/file.phar.inc --- drupal-7.61/includes/file.phar.inc 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/includes/file.phar.inc 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,41 @@ +withAssertion(new PharExtensionInterceptor()) + ); + } + catch (\LogicException $e) { + // Continue if the PharStreamWrapperManager is already initialized. + // For example, this occurs following a drupal_static_reset(), such + // as during tests. + }; + + // To prevent file_stream_wrapper_valid_scheme() treating "phar" as a valid + // scheme, this is registered with PHP only, not with hook_stream_wrappers() + // or the internal storage of file_get_stream_wrappers(). + stream_wrapper_register('phar', '\\TYPO3\\PharStreamWrapper\\PharStreamWrapper'); +} diff -Naur drupal-7.61/includes/registry.inc drupal-7.66/includes/registry.inc --- drupal-7.61/includes/registry.inc 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/includes/registry.inc 2019-04-17 22:20:46.000000000 +0200 @@ -19,7 +19,6 @@ * Does the work for registry_update(). */ function _registry_update() { - // The registry serves as a central autoloader for all classes, including // the database query builders. However, the registry rebuild process // requires write ability to the database, which means having access to the @@ -33,6 +32,11 @@ require_once DRUPAL_ROOT . '/includes/database/select.inc'; require_once DRUPAL_ROOT . '/includes/database/' . $driver . '/query.inc'; + // During the first registry rebuild in a request, we check all the files. + // During subsequent rebuilds, we only add new files. It makes the rebuilding + // process faster during installation of modules. + static $check_existing_files = TRUE; + // Get current list of modules and their files. $modules = db_query("SELECT * FROM {system} WHERE type = 'module'")->fetchAll(); // Get the list of files we are going to parse. @@ -55,6 +59,9 @@ $files["$filename"] = array('module' => '', 'weight' => 0); } + // Initialize an empty array for the unchanged files. + $unchanged_files = array(); + $transaction = db_transaction(); try { // Allow modules to manually modify the list of files before the registry @@ -63,10 +70,19 @@ // list can then be added to the list of files that the registry will parse, // or modify attributes of a file. drupal_alter('registry_files', $files, $modules); + foreach (registry_get_parsed_files() as $filename => $file) { // Add the hash for those files we have already parsed. if (isset($files[$filename])) { - $files[$filename]['hash'] = $file['hash']; + if ($check_existing_files === TRUE) { + $files[$filename]['hash'] = $file['hash']; + } + else { + // Ignore that file for this request, it has been parsed previously + // and it is unlikely it has changed. + unset($files[$filename]); + $unchanged_files[$filename] = $file; + } } else { // Flush the registry of resources in files that are no longer on disc @@ -79,8 +95,12 @@ ->execute(); } } + $parsed_files = _registry_parse_files($files); + // Add unchanged files to the files. + $files += $unchanged_files; + $unchanged_resources = array(); $lookup_cache = array(); if ($cache = cache_get('lookup_cache', 'cache_bootstrap')) { @@ -89,12 +109,10 @@ foreach ($lookup_cache as $key => $file) { // If the file for this cached resource is carried over unchanged from // the last registry build, then we can safely re-cache it. - if ($file && in_array($file, array_keys($files)) && !in_array($file, $parsed_files)) { + if ($file && isset($files[$file]) && !in_array($file, $parsed_files, TRUE)) { $unchanged_resources[$key] = $file; } } - module_implements('', FALSE, TRUE); - _registry_check_code(REGISTRY_RESET_LOOKUP_CACHE); } catch (Exception $e) { $transaction->rollback(); @@ -102,6 +120,13 @@ throw $e; } + module_implements('', FALSE, TRUE); + _registry_check_code(REGISTRY_RESET_LOOKUP_CACHE); + + // During the next run in this request, don't bother re-checking existing + // files. + $check_existing_files = FALSE; + // We have some unchanged resources, warm up the cache - no need to pay // for looking them up again. if (count($unchanged_resources) > 0) { diff -Naur drupal-7.61/misc/jquery-extend-3.4.0.js drupal-7.66/misc/jquery-extend-3.4.0.js --- drupal-7.61/misc/jquery-extend-3.4.0.js 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/jquery-extend-3.4.0.js 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,112 @@ +/** + * For jQuery versions less than 3.4.0, this replaces the jQuery.extend + * function with the one from jQuery 3.4.0, slightly modified (documented + * below) to be compatible with older jQuery versions and browsers. + * + * This provides the Object.prototype pollution vulnerability fix to Drupal + * installations running older jQuery versions, including the versions shipped + * with Drupal core and https://www.drupal.org/project/jquery_update. + * + * @see https://github.com/jquery/jquery/pull/4333 + */ + +(function (jQuery) { + +// Do not override jQuery.extend() if the jQuery version is already >=3.4.0. +var versionParts = jQuery.fn.jquery.split('.'); +var majorVersion = parseInt(versionParts[0]); +var minorVersion = parseInt(versionParts[1]); +var patchVersion = parseInt(versionParts[2]); +var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]); +if ( + (majorVersion > 3) || + (majorVersion === 3 && minorVersion > 4) || + (majorVersion === 3 && minorVersion === 4 && patchVersion > 0) || + (majorVersion === 3 && minorVersion === 4 && patchVersion === 0 && !isPreReleaseVersion) +) { + return; +} + +/** + * This is almost verbatim copied from jQuery 3.4.0. + * + * Only two minor changes have been made: + * - The call to isFunction() is changed to jQuery.isFunction(). + * - The two calls to Array.isArray() is changed to jQuery.isArray(). + * + * The above two changes ensure compatibility with all older jQuery versions + * (1.4.4 - 3.3.1) and older browser versions (e.g., IE8). + */ +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[ 0 ] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + + // Skip the boolean and the target + target = arguments[ i ] || {}; + i++; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !jQuery.isFunction( target ) ) { + target = {}; + } + + // Extend jQuery itself if only one argument is passed + if ( i === length ) { + target = this; + i--; + } + + for ( ; i < length; i++ ) { + + // Only deal with non-null/undefined values + if ( ( options = arguments[ i ] ) != null ) { + + // Extend the base object + for ( name in options ) { + copy = options[ name ]; + + // Prevent Object.prototype pollution + // Prevent never-ending loop + if ( name === "__proto__" || target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject( copy ) || + ( copyIsArray = jQuery.isArray( copy ) ) ) ) { + src = target[ name ]; + + // Ensure proper type for the source value + if ( copyIsArray && !jQuery.isArray( src ) ) { + clone = []; + } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { + clone = {}; + } else { + clone = src; + } + copyIsArray = false; + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +})(jQuery); diff -Naur drupal-7.61/misc/typo3/drupal-security/PharExtensionInterceptor.php drupal-7.66/misc/typo3/drupal-security/PharExtensionInterceptor.php --- drupal-7.61/misc/typo3/drupal-security/PharExtensionInterceptor.php 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/drupal-security/PharExtensionInterceptor.php 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,79 @@ +baseFileContainsPharExtension($path)) { + return TRUE; + } + throw new Exception( + sprintf( + 'Unexpected file extension in "%s"', + $path + ), + 1535198703 + ); + } + + /** + * Determines if a path has a .phar extension or invoked execution. + * + * @param string $path + * The path of the phar file to check. + * + * @return bool + * TRUE if the file has a .phar extension or if the execution has been + * invoked by the phar file. + */ + private function baseFileContainsPharExtension($path) { + $baseFile = Helper::determineBaseFile($path); + if ($baseFile === NULL) { + return FALSE; + } + // If the stream wrapper is registered by invoking a phar file that does + // not not have .phar extension then this should be allowed. For + // example, some CLI tools recommend removing the extension. + $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); + // Find the last entry in the backtrace containing a 'file' key as + // sometimes the last caller is executed outside the scope of a file. For + // example, this occurs with shutdown functions. + do { + $caller = array_pop($backtrace); + } while (empty($caller['file']) && !empty($backtrace)); + if (isset($caller['file']) && $baseFile === Helper::determineBaseFile($caller['file'])) { + return TRUE; + } + $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); + return strtolower($fileExtension) === 'phar'; + } + +} diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/LICENSE drupal-7.66/misc/typo3/phar-stream-wrapper/LICENSE --- drupal-7.61/misc/typo3/phar-stream-wrapper/LICENSE 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/LICENSE 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 TYPO3 project - https://typo3.org/ + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/README.md drupal-7.66/misc/typo3/phar-stream-wrapper/README.md --- drupal-7.61/misc/typo3/phar-stream-wrapper/README.md 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/README.md 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,155 @@ +[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/badges/quality-score.png?b=v2)](https://scrutinizer-ci.com/g/TYPO3/phar-stream-wrapper/?branch=v2) +[![Travis CI Build Status](https://travis-ci.org/TYPO3/phar-stream-wrapper.svg?branch=v2)](https://travis-ci.org/TYPO3/phar-stream-wrapper) + +# PHP Phar Stream Wrapper + +## Abstract & History + +Based on Sam Thomas' findings concerning +[insecure deserialization in combination with obfuscation strategies](https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are) +allowing to hide Phar files inside valid image resources, the TYPO3 project +decided back then to introduce a `PharStreamWrapper` to intercept invocations +of the `phar://` stream in PHP and only allow usage for defined locations in +the file system. + +Since the TYPO3 mission statement is **inspiring people to share**, we thought +it would be helpful for others to release our `PharStreamWrapper` as standalone +package to the PHP community. + +The mentioned security issue was reported to TYPO3 on 10th June 2018 by Sam Thomas +and has been addressed concerning the specific attack vector and for this generic +`PharStreamWrapper` in TYPO3 versions 7.6.30 LTS, 8.7.17 LTS and 9.3.1 on 12th +July 2018. + +* https://typo3.org/security/advisory/typo3-core-sa-2018-002/ +* https://blog.secarma.co.uk/labs/near-phar-dangerous-unserialization-wherever-you-are +* https://youtu.be/GePBmsNJw6Y + +## License + +In general the TYPO3 core is released under the GNU General Public License version +2 or any later version (`GPL-2.0-or-later`). In order to avoid licensing issues and +incompatibilities this `PharStreamWrapper` is licenced under the MIT License. In case +you duplicate or modify source code, credits are not required but really appreciated. + +## Credits + +Thanks to [Alex Pott](https://github.com/alexpott), Drupal for creating +back-ports of all sources in order to provide compatibility with PHP v5.3. + +## Installation + +The `PharStreamWrapper` is provided as composer package `typo3/phar-stream-wrapper` +and has minimum requirements of PHP v5.3 ([`v2`](https://github.com/TYPO3/phar-stream-wrapper/tree/v2) branch) and PHP v7.0 ([`master`](https://github.com/TYPO3/phar-stream-wrapper) branch). + +### Installation for PHP v7.0 + +``` +composer require typo3/phar-stream-wrapper ^3.0 +``` + +### Installation for PHP v5.3 + +``` +composer require typo3/phar-stream-wrapper ^2.0 +``` + +## Example + +The following example is bundled within this package, the shown +`PharExtensionInterceptor` denies all stream wrapper invocations files +not having the `.phar` suffix. Interceptor logic has to be individual and +adjusted to according requirements. + +``` +$behavior = new \TYPO3\PharStreamWrapper\Behavior(); +Manager::initialize( + $behavior->withAssertion(new PharExtensionInterceptor()) +); + +if (in_array('phar', stream_get_wrappers())) { + stream_wrapper_unregister('phar'); + stream_wrapper_register('phar', 'TYPO3\\PharStreamWrapper\\PharStreamWrapper'); +} +``` + +* `PharStreamWrapper` defined as class reference will be instantiated each time + `phar://` streams shall be processed. +* `Manager` as singleton pattern being called by `PharStreamWrapper` instances + in order to retrieve individual behavior and settings. +* `Behavior` holds reference to interceptor(s) that shall assert correct/allowed + invocation of a given `$path` for a given `$command`. Interceptors implement + the interface `Assertable`. Interceptors can act individually on following + commands or handle all of them in case not defined specifically: + + `COMMAND_DIR_OPENDIR` + + `COMMAND_MKDIR` + + `COMMAND_RENAME` + + `COMMAND_RMDIR` + + `COMMAND_STEAM_METADATA` + + `COMMAND_STREAM_OPEN` + + `COMMAND_UNLINK` + + `COMMAND_URL_STAT` + +## Interceptor + +The following interceptor is shipped with the package and ready to use in order +to block any Phar invocation of files not having a `.phar` suffix. Besides that +individual interceptors are possible of course. + +``` +class PharExtensionInterceptor implements Assertable +{ + /** + * Determines whether the base file name has a ".phar" suffix. + * + * @param string $path + * @param string $command + * @return bool + * @throws Exception + */ + public function assert($path, $command) + { + if ($this->baseFileContainsPharExtension($path)) { + return true; + } + throw new Exception( + sprintf( + 'Unexpected file extension in "%s"', + $path + ), + 1535198703 + ); + } + + /** + * @param string $path + * @return bool + */ + private function baseFileContainsPharExtension($path) + { + $baseFile = Helper::determineBaseFile($path); + if ($baseFile === null) { + return false; + } + $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); + return strtolower($fileExtension) === 'phar'; + } +} +``` + +## Helper + +* `Helper::determineBaseFile(string $path)`: Determines base file that can be + accessed using the regular file system. For instance the following path + `phar:///home/user/bundle.phar/content.txt` would be resolved to + `/home/user/bundle.phar`. +* `Helper::resetOpCache()`: Resets PHP's OPcache if enabled as work-around for + issues in `include()` or `require()` calls and OPcache delivering wrong + results. More details can be found in PHP's bug tracker, for instance like + https://bugs.php.net/bug.php?id=66569 + +## Security Contact + +In case of finding additional security issues in the TYPO3 project or in this +`PharStreamWrapper` package in particular, please get in touch with the +[TYPO3 Security Team](mailto:security@typo3.org). diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/composer.json drupal-7.66/misc/typo3/phar-stream-wrapper/composer.json --- drupal-7.61/misc/typo3/phar-stream-wrapper/composer.json 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/composer.json 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,24 @@ +{ + "name": "typo3/phar-stream-wrapper", + "description": "Interceptors for PHP's native phar:// stream handling", + "type": "library", + "license": "MIT", + "homepage": "https://typo3.org/", + "keywords": ["php", "phar", "stream-wrapper", "security"], + "require": { + "php": "^5.3.3|^7.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.8.36" + }, + "autoload": { + "psr-4": { + "TYPO3\\PharStreamWrapper\\": "src/" + } + }, + "autoload-dev": { + "psr-4": { + "TYPO3\\PharStreamWrapper\\Tests\\": "tests/" + } + } +} diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/src/Assertable.php drupal-7.66/misc/typo3/phar-stream-wrapper/src/Assertable.php --- drupal-7.61/misc/typo3/phar-stream-wrapper/src/Assertable.php 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/src/Assertable.php 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,22 @@ +assertCommands($commands); + $commands = $commands ?: $this->availableCommands; + + $target = clone $this; + foreach ($commands as $command) { + $target->assertions[$command] = $assertable; + } + return $target; + } + + /** + * @param string $path + * @param string $command + * @return bool + */ + public function assert($path, $command) + { + $this->assertCommand($command); + $this->assertAssertionCompleteness(); + + return $this->assertions[$command]->assert($path, $command); + } + + /** + * @param array $commands + */ + private function assertCommands(array $commands) + { + $unknownCommands = array_diff($commands, $this->availableCommands); + if (empty($unknownCommands)) { + return; + } + throw new \LogicException( + sprintf( + 'Unknown commands: %s', + implode(', ', $unknownCommands) + ), + 1535189881 + ); + } + + private function assertCommand($command) + { + if (in_array($command, $this->availableCommands, true)) { + return; + } + throw new \LogicException( + sprintf( + 'Unknown command "%s"', + $command + ), + 1535189882 + ); + } + + private function assertAssertionCompleteness() + { + $undefinedAssertions = array_diff( + $this->availableCommands, + array_keys($this->assertions) + ); + if (empty($undefinedAssertions)) { + return; + } + throw new \LogicException( + sprintf( + 'Missing assertions for commands: %s', + implode(', ', $undefinedAssertions) + ), + 1535189883 + ); + } +} diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/src/Exception.php drupal-7.66/misc/typo3/phar-stream-wrapper/src/Exception.php --- drupal-7.61/misc/typo3/phar-stream-wrapper/src/Exception.php 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/src/Exception.php 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,16 @@ += 1) { + // Rremove this and previous element + array_splice($pathParts, $partCount - 1, 2); + $partCount -= 2; + $pathPartsLength -= 2; + } elseif ($absolutePathPrefix) { + // can't go higher than root dir + // simply remove this part and continue + array_splice($pathParts, $partCount, 1); + $partCount--; + $pathPartsLength--; + } + } + } + + return $absolutePathPrefix . implode('/', $pathParts); + } + + /** + * Checks if the $path is absolute or relative (detecting either '/' or + * 'x:/' as first part of string) and returns TRUE if so. + * + * @param string $path File path to evaluate + * @return bool + */ + private static function isAbsolutePath($path) + { + // Path starting with a / is always absolute, on every system + // On Windows also a path starting with a drive letter is absolute: X:/ + return (isset($path[0]) ? $path[0] : null) === '/' + || static::isWindows() && ( + strpos($path, ':/') === 1 + || strpos($path, ':\\') === 1 + ); + } + + /** + * @return bool + */ + private static function isWindows() + { + return stripos(PHP_OS, 'WIN') === 0; + } +} \ No newline at end of file diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php drupal-7.66/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php --- drupal-7.61/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/src/Interceptor/PharExtensionInterceptor.php 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,55 @@ +baseFileContainsPharExtension($path)) { + return true; + } + throw new Exception( + sprintf( + 'Unexpected file extension in "%s"', + $path + ), + 1535198703 + ); + } + + /** + * @param string $path + * @return bool + */ + private function baseFileContainsPharExtension($path) + { + $baseFile = Helper::determineBaseFile($path); + if ($baseFile === null) { + return false; + } + $fileExtension = pathinfo($baseFile, PATHINFO_EXTENSION); + return strtolower($fileExtension) === 'phar'; + } +} diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/src/Manager.php drupal-7.66/misc/typo3/phar-stream-wrapper/src/Manager.php --- drupal-7.61/misc/typo3/phar-stream-wrapper/src/Manager.php 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/src/Manager.php 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,85 @@ +behavior = $behaviour; + } + + /** + * @param string $path + * @param string $command + * @return bool + */ + public function assert($path, $command) + { + return $this->behavior->assert($path, $command); + } +} diff -Naur drupal-7.61/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php drupal-7.66/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php --- drupal-7.61/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/misc/typo3/phar-stream-wrapper/src/PharStreamWrapper.php 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,477 @@ +internalResource)) { + return false; + } + + $this->invokeInternalStreamWrapper( + 'closedir', + $this->internalResource + ); + return !is_resource($this->internalResource); + } + + /** + * @param string $path + * @param int $options + * @return bool + */ + public function dir_opendir($path, $options) + { + $this->assert($path, Behavior::COMMAND_DIR_OPENDIR); + $this->internalResource = $this->invokeInternalStreamWrapper( + 'opendir', + $path, + $this->context + ); + return is_resource($this->internalResource); + } + + /** + * @return string|false + */ + public function dir_readdir() + { + return $this->invokeInternalStreamWrapper( + 'readdir', + $this->internalResource + ); + } + + /** + * @return bool + */ + public function dir_rewinddir() + { + if (!is_resource($this->internalResource)) { + return false; + } + + $this->invokeInternalStreamWrapper( + 'rewinddir', + $this->internalResource + ); + return is_resource($this->internalResource); + } + + /** + * @param string $path + * @param int $mode + * @param int $options + * @return bool + */ + public function mkdir($path, $mode, $options) + { + $this->assert($path, Behavior::COMMAND_MKDIR); + return $this->invokeInternalStreamWrapper( + 'mkdir', + $path, + $mode, + (bool) ($options & STREAM_MKDIR_RECURSIVE), + $this->context + ); + } + + /** + * @param string $path_from + * @param string $path_to + * @return bool + */ + public function rename($path_from, $path_to) + { + $this->assert($path_from, Behavior::COMMAND_RENAME); + $this->assert($path_to, Behavior::COMMAND_RENAME); + return $this->invokeInternalStreamWrapper( + 'rename', + $path_from, + $path_to, + $this->context + ); + } + + /** + * @param string $path + * @param int $options + * @return bool + */ + public function rmdir($path, $options) + { + $this->assert($path, Behavior::COMMAND_RMDIR); + return $this->invokeInternalStreamWrapper( + 'rmdir', + $path, + $this->context + ); + } + + /** + * @param int $cast_as + */ + public function stream_cast($cast_as) + { + throw new Exception( + 'Method stream_select() cannot be used', + 1530103999 + ); + } + + public function stream_close() + { + $this->invokeInternalStreamWrapper( + 'fclose', + $this->internalResource + ); + } + + /** + * @return bool + */ + public function stream_eof() + { + return $this->invokeInternalStreamWrapper( + 'feof', + $this->internalResource + ); + } + + /** + * @return bool + */ + public function stream_flush() + { + return $this->invokeInternalStreamWrapper( + 'fflush', + $this->internalResource + ); + } + + /** + * @param int $operation + * @return bool + */ + public function stream_lock($operation) + { + return $this->invokeInternalStreamWrapper( + 'flock', + $this->internalResource, + $operation + ); + } + + /** + * @param string $path + * @param int $option + * @param string|int $value + * @return bool + */ + public function stream_metadata($path, $option, $value) + { + $this->assert($path, Behavior::COMMAND_STEAM_METADATA); + if ($option === STREAM_META_TOUCH) { + return call_user_func_array( + array($this, 'invokeInternalStreamWrapper'), + array_merge(array('touch', $path), (array) $value) + ); + } + if ($option === STREAM_META_OWNER_NAME || $option === STREAM_META_OWNER) { + return $this->invokeInternalStreamWrapper( + 'chown', + $path, + $value + ); + } + if ($option === STREAM_META_GROUP_NAME || $option === STREAM_META_GROUP) { + return $this->invokeInternalStreamWrapper( + 'chgrp', + $path, + $value + ); + } + if ($option === STREAM_META_ACCESS) { + return $this->invokeInternalStreamWrapper( + 'chmod', + $path, + $value + ); + } + return false; + } + + /** + * @param string $path + * @param string $mode + * @param int $options + * @param string|null $opened_path + * @return bool + */ + public function stream_open( + $path, + $mode, + $options, + &$opened_path = null + ) { + $this->assert($path, Behavior::COMMAND_STREAM_OPEN); + $arguments = array($path, $mode, (bool) ($options & STREAM_USE_PATH)); + // only add stream context for non include/require calls + if (!($options & static::STREAM_OPEN_FOR_INCLUDE)) { + $arguments[] = $this->context; + // work around https://bugs.php.net/bug.php?id=66569 + // for including files from Phar stream with OPcache enabled + } else { + Helper::resetOpCache(); + } + $this->internalResource = call_user_func_array( + array($this, 'invokeInternalStreamWrapper'), + array_merge(array('fopen'), $arguments) + ); + if (!is_resource($this->internalResource)) { + return false; + } + if ($opened_path !== null) { + $metaData = stream_get_meta_data($this->internalResource); + $opened_path = $metaData['uri']; + } + return true; + } + + /** + * @param int $count + * @return string + */ + public function stream_read($count) + { + return $this->invokeInternalStreamWrapper( + 'fread', + $this->internalResource, + $count + ); + } + + /** + * @param int $offset + * @param int $whence + * @return bool + */ + public function stream_seek($offset, $whence = SEEK_SET) + { + return $this->invokeInternalStreamWrapper( + 'fseek', + $this->internalResource, + $offset, + $whence + ) !== -1; + } + + /** + * @param int $option + * @param int $arg1 + * @param int $arg2 + * @return bool + */ + public function stream_set_option($option, $arg1, $arg2) + { + if ($option === STREAM_OPTION_BLOCKING) { + return $this->invokeInternalStreamWrapper( + 'stream_set_blocking', + $this->internalResource, + $arg1 + ); + } + if ($option === STREAM_OPTION_READ_TIMEOUT) { + return $this->invokeInternalStreamWrapper( + 'stream_set_timeout', + $this->internalResource, + $arg1, + $arg2 + ); + } + if ($option === STREAM_OPTION_WRITE_BUFFER) { + return $this->invokeInternalStreamWrapper( + 'stream_set_write_buffer', + $this->internalResource, + $arg2 + ) === 0; + } + return false; + } + + /** + * @return array + */ + public function stream_stat() + { + return $this->invokeInternalStreamWrapper( + 'fstat', + $this->internalResource + ); + } + + /** + * @return int + */ + public function stream_tell() + { + return $this->invokeInternalStreamWrapper( + 'ftell', + $this->internalResource + ); + } + + /** + * @param int $new_size + * @return bool + */ + public function stream_truncate($new_size) + { + return $this->invokeInternalStreamWrapper( + 'ftruncate', + $this->internalResource, + $new_size + ); + } + + /** + * @param string $data + * @return int + */ + public function stream_write($data) + { + return $this->invokeInternalStreamWrapper( + 'fwrite', + $this->internalResource, + $data + ); + } + + /** + * @param string $path + * @return bool + */ + public function unlink($path) + { + $this->assert($path, Behavior::COMMAND_UNLINK); + return $this->invokeInternalStreamWrapper( + 'unlink', + $path, + $this->context + ); + } + + /** + * @param string $path + * @param int $flags + * @return array|false + */ + public function url_stat($path, $flags) + { + $this->assert($path, Behavior::COMMAND_URL_STAT); + $functionName = $flags & STREAM_URL_STAT_QUIET ? '@stat' : 'stat'; + return $this->invokeInternalStreamWrapper($functionName, $path); + } + + /** + * @param string $path + * @param string $command + */ + protected function assert($path, $command) + { + if ($this->resolveAssertable()->assert($path, $command) === true) { + return; + } + + throw new Exception( + sprintf( + 'Denied invocation of "%s" for command "%s"', + $path, + $command + ), + 1535189880 + ); + } + + /** + * @return Assertable + */ + protected function resolveAssertable() + { + return Manager::instance(); + } + + /** + * Invokes commands on the native PHP Phar stream wrapper. + * + * @param string $functionName + * @param mixed ...$arguments + * @return mixed + */ + private function invokeInternalStreamWrapper($functionName) + { + $arguments = func_get_args(); + array_shift($arguments); + $silentExecution = $functionName{0} === '@'; + $functionName = ltrim($functionName, '@'); + $this->restoreInternalSteamWrapper(); + + try { + if ($silentExecution) { + $result = @call_user_func_array($functionName, $arguments); + } else { + $result = call_user_func_array($functionName, $arguments); + } + } catch (\Exception $exception) { + $this->registerStreamWrapper(); + throw $exception; + } catch (\Throwable $throwable) { + $this->registerStreamWrapper(); + throw $throwable; + } + + $this->registerStreamWrapper(); + return $result; + } + + private function restoreInternalSteamWrapper() + { + stream_wrapper_restore('phar'); + } + + private function registerStreamWrapper() + { + stream_wrapper_unregister('phar'); + stream_wrapper_register('phar', get_class($this)); + } +} diff -Naur drupal-7.61/modules/aggregator/aggregator.info drupal-7.66/modules/aggregator/aggregator.info --- drupal-7.61/modules/aggregator/aggregator.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/aggregator/aggregator.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ configure = admin/config/services/aggregator/settings stylesheets[all][] = aggregator.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/aggregator/tests/aggregator_test.info drupal-7.66/modules/aggregator/tests/aggregator_test.info --- drupal-7.61/modules/aggregator/tests/aggregator_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/aggregator/tests/aggregator_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/block/block.info drupal-7.66/modules/block/block.info --- drupal-7.61/modules/block/block.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/block/block.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = block.test configure = admin/structure/block -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/block/tests/block_test.info drupal-7.66/modules/block/tests/block_test.info --- drupal-7.61/modules/block/tests/block_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/block/tests/block_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/block/tests/themes/block_test_theme/block_test_theme.info drupal-7.66/modules/block/tests/themes/block_test_theme/block_test_theme.info --- drupal-7.61/modules/block/tests/themes/block_test_theme/block_test_theme.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/block/tests/themes/block_test_theme/block_test_theme.info 2019-04-17 22:39:36.000000000 +0200 @@ -13,7 +13,7 @@ regions[highlighted] = Highlighted regions[help] = Help -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/blog/blog.info drupal-7.66/modules/blog/blog.info --- drupal-7.61/modules/blog/blog.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/blog/blog.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = blog.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/book/book.info drupal-7.66/modules/book/book.info --- drupal-7.61/modules/book/book.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/book/book.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ configure = admin/content/book/settings stylesheets[all][] = book.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/color/color.info drupal-7.66/modules/color/color.info --- drupal-7.61/modules/color/color.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/color/color.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = color.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/comment/comment.info drupal-7.66/modules/comment/comment.info --- drupal-7.61/modules/comment/comment.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/comment/comment.info 2019-04-17 22:39:36.000000000 +0200 @@ -9,7 +9,7 @@ configure = admin/content/comment stylesheets[all][] = comment.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/contact/contact.info drupal-7.66/modules/contact/contact.info --- drupal-7.61/modules/contact/contact.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/contact/contact.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = contact.test configure = admin/structure/contact -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/contextual/contextual.info drupal-7.66/modules/contextual/contextual.info --- drupal-7.61/modules/contextual/contextual.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/contextual/contextual.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = contextual.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/dashboard/dashboard.info drupal-7.66/modules/dashboard/dashboard.info --- drupal-7.61/modules/dashboard/dashboard.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/dashboard/dashboard.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ dependencies[] = block configure = admin/dashboard/customize -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/dblog/dblog.info drupal-7.66/modules/dblog/dblog.info --- drupal-7.61/modules/dblog/dblog.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/dblog/dblog.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = dblog.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/field.info drupal-7.66/modules/field/field.info --- drupal-7.61/modules/field/field.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/field.info 2019-04-17 22:39:36.000000000 +0200 @@ -11,7 +11,7 @@ required = TRUE stylesheets[all][] = theme/field.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/modules/field_sql_storage/field_sql_storage.info drupal-7.66/modules/field/modules/field_sql_storage/field_sql_storage.info --- drupal-7.61/modules/field/modules/field_sql_storage/field_sql_storage.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/modules/field_sql_storage/field_sql_storage.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ files[] = field_sql_storage.test required = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/modules/list/list.info drupal-7.66/modules/field/modules/list/list.info --- drupal-7.61/modules/field/modules/list/list.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/modules/list/list.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ dependencies[] = options files[] = tests/list.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/modules/list/tests/list_test.info drupal-7.66/modules/field/modules/list/tests/list_test.info --- drupal-7.61/modules/field/modules/list/tests/list_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/modules/list/tests/list_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/modules/number/number.info drupal-7.66/modules/field/modules/number/number.info --- drupal-7.61/modules/field/modules/number/number.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/modules/number/number.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ dependencies[] = field files[] = number.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/modules/number/number.test drupal-7.66/modules/field/modules/number/number.test --- drupal-7.61/modules/field/modules/number/number.test 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/modules/field/modules/number/number.test 2019-04-17 22:20:46.000000000 +0200 @@ -69,7 +69,7 @@ preg_match('|test-entity/manage/(\d+)/edit|', $this->url, $match); $id = $match[1]; $this->assertRaw(t('test_entity @id has been created.', array('@id' => $id)), 'Entity was created'); - $this->assertRaw(round($value, 2), 'Value is displayed.'); + $this->assertRaw($value, 'Value is displayed.'); // Try to create entries with more than one decimal separator; assert fail. $wrong_entries = array( diff -Naur drupal-7.61/modules/field/modules/options/options.info drupal-7.66/modules/field/modules/options/options.info --- drupal-7.61/modules/field/modules/options/options.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/modules/options/options.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ dependencies[] = field files[] = options.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/modules/text/text.info drupal-7.66/modules/field/modules/text/text.info --- drupal-7.61/modules/field/modules/text/text.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/modules/text/text.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ files[] = text.test required = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field/tests/field_test.info drupal-7.66/modules/field/tests/field_test.info --- drupal-7.61/modules/field/tests/field_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field/tests/field_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/field_ui/field_ui.info drupal-7.66/modules/field_ui/field_ui.info --- drupal-7.61/modules/field_ui/field_ui.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/field_ui/field_ui.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ dependencies[] = field files[] = field_ui.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/file/file.field.inc drupal-7.66/modules/file/file.field.inc --- drupal-7.61/modules/file/file.field.inc 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/modules/file/file.field.inc 2019-04-17 22:20:46.000000000 +0200 @@ -599,7 +599,7 @@ // If the display field is present make sure its unchecked value is saved. $field = field_widget_field($element, $form_state); if (empty($input['display'])) { - $input['display'] = $field['settings']['display_field'] ? 0 : 1; + $input['display'] = !empty($field['settings']['display_field']) ? 0 : 1; } } diff -Naur drupal-7.61/modules/file/file.info drupal-7.66/modules/file/file.info --- drupal-7.61/modules/file/file.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/file/file.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ dependencies[] = field files[] = tests/file.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/file/tests/file.test drupal-7.66/modules/file/tests/file.test --- drupal-7.61/modules/file/tests/file.test 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/modules/file/tests/file.test 2019-04-17 22:20:46.000000000 +0200 @@ -1875,3 +1875,60 @@ } } + +/** + * Tests the file_scan_directory() function. + */ +class FileScanDirectory extends FileFieldTestCase { + + /** + * @var string + */ + protected $path; + + /** + * {@inheritdoc} + */ + public static function getInfo() { + return array( + 'name' => 'File ScanDirectory', + 'description' => 'Tests the file_scan_directory() function.', + 'group' => 'File', + ); + } + + /** + * {@inheritdoc} + */ + function setUp() { + parent::setUp(); + + $this->path = 'modules/file/tests/fixtures/file_scan_ignore'; + } + + /** + * Tests file_scan_directory() obeys 'file_scan_ignore_directories' setting. + * If nomask is not passed as argument, it should use the default settings. + * If nomask is passed as argument, it should obey this rule. + */ + public function testNoMask() { + $files = file_scan_directory($this->path, '/\.txt$/'); + $this->assertEqual(3, count($files), '3 text files found when not ignoring directories.'); + + global $conf; + $conf['file_scan_ignore_directories'] = array('frontend_framework'); + + $files = file_scan_directory($this->path, '/\.txt$/'); + $this->assertEqual(1, count($files), '1 text files found when ignoring directories called "frontend_framework".'); + + // Make that directories specified by default still work when a new nomask is provided. + $files = file_scan_directory($this->path, '/\.txt$/', array('nomask' => '/^c.txt/')); + $this->assertEqual(2, count($files), '2 text files found when an "nomask" option is passed in.'); + + // Ensure that the directories in file_scan_ignore_directories are escaped using preg_quote. + $conf['file_scan_ignore_directories'] = array('frontend.*'); + $files = file_scan_directory($this->path, '/\.txt$/'); + $this->assertEqual(3, count($files), '2 text files found when ignoring a directory that is not there.'); + } + +} diff -Naur drupal-7.61/modules/file/tests/file_module_test.info drupal-7.66/modules/file/tests/file_module_test.info --- drupal-7.61/modules/file/tests/file_module_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/file/tests/file_module_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/filter/filter.info drupal-7.66/modules/filter/filter.info --- drupal-7.61/modules/filter/filter.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/filter/filter.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ required = TRUE configure = admin/config/content/formats -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/forum/forum.info drupal-7.66/modules/forum/forum.info --- drupal-7.61/modules/forum/forum.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/forum/forum.info 2019-04-17 22:39:36.000000000 +0200 @@ -9,7 +9,7 @@ configure = admin/structure/forum stylesheets[all][] = forum.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/help/help.info drupal-7.66/modules/help/help.info --- drupal-7.61/modules/help/help.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/help/help.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = help.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/image/image.info drupal-7.66/modules/image/image.info --- drupal-7.61/modules/image/image.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/image/image.info 2019-04-17 22:39:36.000000000 +0200 @@ -7,7 +7,7 @@ files[] = image.test configure = admin/config/media/image-styles -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/image/tests/image_module_test.info drupal-7.66/modules/image/tests/image_module_test.info --- drupal-7.61/modules/image/tests/image_module_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/image/tests/image_module_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = image_module_test.module hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/locale/locale.info drupal-7.66/modules/locale/locale.info --- drupal-7.61/modules/locale/locale.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/locale/locale.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = locale.test configure = admin/config/regional/language -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/locale/tests/locale_test.info drupal-7.66/modules/locale/tests/locale_test.info --- drupal-7.61/modules/locale/tests/locale_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/locale/tests/locale_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ version = VERSION hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/menu/menu.info drupal-7.66/modules/menu/menu.info --- drupal-7.61/modules/menu/menu.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/menu/menu.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = menu.test configure = admin/structure/menu -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/node/node.info drupal-7.66/modules/node/node.info --- drupal-7.61/modules/node/node.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/node/node.info 2019-04-17 22:39:36.000000000 +0200 @@ -9,7 +9,7 @@ configure = admin/structure/types stylesheets[all][] = node.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/node/tests/node_access_test.info drupal-7.66/modules/node/tests/node_access_test.info --- drupal-7.61/modules/node/tests/node_access_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/node/tests/node_access_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/node/tests/node_test.info drupal-7.66/modules/node/tests/node_test.info --- drupal-7.61/modules/node/tests/node_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/node/tests/node_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/node/tests/node_test_exception.info drupal-7.66/modules/node/tests/node_test_exception.info --- drupal-7.61/modules/node/tests/node_test_exception.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/node/tests/node_test_exception.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/openid/openid.info drupal-7.66/modules/openid/openid.info --- drupal-7.61/modules/openid/openid.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/openid/openid.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = openid.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/openid/tests/openid_test.info drupal-7.66/modules/openid/tests/openid_test.info --- drupal-7.61/modules/openid/tests/openid_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/openid/tests/openid_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ dependencies[] = openid hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/overlay/overlay.info drupal-7.66/modules/overlay/overlay.info --- drupal-7.61/modules/overlay/overlay.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/overlay/overlay.info 2019-04-17 22:39:36.000000000 +0200 @@ -4,7 +4,7 @@ version = VERSION core = 7.x -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/path/path.info drupal-7.66/modules/path/path.info --- drupal-7.61/modules/path/path.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/path/path.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = path.test configure = admin/config/search/path -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/php/php.info drupal-7.66/modules/php/php.info --- drupal-7.61/modules/php/php.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/php/php.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = php.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/poll/poll.info drupal-7.66/modules/poll/poll.info --- drupal-7.61/modules/poll/poll.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/poll/poll.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = poll.test stylesheets[all][] = poll.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/profile/profile.info drupal-7.66/modules/profile/profile.info --- drupal-7.61/modules/profile/profile.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/profile/profile.info 2019-04-17 22:39:36.000000000 +0200 @@ -11,7 +11,7 @@ ; See user_system_info_alter(). hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/rdf/rdf.info drupal-7.66/modules/rdf/rdf.info --- drupal-7.61/modules/rdf/rdf.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/rdf/rdf.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x files[] = rdf.test -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/rdf/tests/rdf_test.info drupal-7.66/modules/rdf/tests/rdf_test.info --- drupal-7.61/modules/rdf/tests/rdf_test.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/rdf/tests/rdf_test.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ hidden = TRUE dependencies[] = blog -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/search/search.info drupal-7.66/modules/search/search.info --- drupal-7.61/modules/search/search.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/search/search.info 2019-04-17 22:39:36.000000000 +0200 @@ -8,7 +8,7 @@ configure = admin/config/search/settings stylesheets[all][] = search.css -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/search/tests/search_embedded_form.info drupal-7.66/modules/search/tests/search_embedded_form.info --- drupal-7.61/modules/search/tests/search_embedded_form.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/search/tests/search_embedded_form.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/search/tests/search_extra_type.info drupal-7.66/modules/search/tests/search_extra_type.info --- drupal-7.61/modules/search/tests/search_extra_type.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/search/tests/search_extra_type.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/search/tests/search_node_tags.info drupal-7.66/modules/search/tests/search_node_tags.info --- drupal-7.61/modules/search/tests/search_node_tags.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/search/tests/search_node_tags.info 2019-04-17 22:39:36.000000000 +0200 @@ -5,7 +5,7 @@ core = 7.x hidden = TRUE -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/shortcut/shortcut.info drupal-7.66/modules/shortcut/shortcut.info --- drupal-7.61/modules/shortcut/shortcut.info 2018-11-08 14:38:42.000000000 +0100 +++ drupal-7.66/modules/shortcut/shortcut.info 2019-04-17 22:39:36.000000000 +0200 @@ -6,7 +6,7 @@ files[] = shortcut.test configure = admin/config/user-interface/shortcut -; Information added by Drupal.org packaging script on 2018-11-08 -version = "7.61" +; Information added by Drupal.org packaging script on 2019-04-17 +version = "7.66" project = "drupal" -datestamp = "1541684322" +datestamp = "1555533576" diff -Naur drupal-7.61/modules/simpletest/drupal_web_test_case.php drupal-7.66/modules/simpletest/drupal_web_test_case.php --- drupal-7.61/modules/simpletest/drupal_web_test_case.php 2018-11-08 14:18:15.000000000 +0100 +++ drupal-7.66/modules/simpletest/drupal_web_test_case.php 2019-04-17 22:20:46.000000000 +0200 @@ -3012,7 +3012,7 @@ if (!$message) { $message = t('Raw "@raw" found', array('@raw' => $raw)); } - return $this->assert(strpos($this->drupalGetContent(), $raw) !== FALSE, $message, $group); + return $this->assert(strpos($this->drupalGetContent(), (string) $raw) !== FALSE, $message, $group); } /** @@ -3032,7 +3032,7 @@ if (!$message) { $message = t('Raw "@raw" not found', array('@raw' => $raw)); } - return $this->assert(strpos($this->drupalGetContent(), $raw) === FALSE, $message, $group); + return $this->assert(strpos($this->drupalGetContent(), (string) $raw) === FALSE, $message, $group); } /** diff -Naur drupal-7.61/modules/simpletest/files/phar-1.phar drupal-7.66/modules/simpletest/files/phar-1.phar --- drupal-7.61/modules/simpletest/files/phar-1.phar 1970-01-01 01:00:00.000000000 +0100 +++ drupal-7.66/modules/simpletest/files/phar-1.phar 2019-04-17 22:20:46.000000000 +0200 @@ -0,0 +1,301 @@ + 2, +'c' => 'text/plain', +'cc' => 'text/plain', +'cpp' => 'text/plain', +'c++' => 'text/plain', +'dtd' => 'text/plain', +'h' => 'text/plain', +'log' => 'text/plain', +'rng' => 'text/plain', +'txt' => 'text/plain', +'xsd' => 'text/plain', +'php' => 1, +'inc' => 1, +'avi' => 'video/avi', +'bmp' => 'image/bmp', +'css' => 'text/css', +'gif' => 'image/gif', +'htm' => 'text/html', +'html' => 'text/html', +'htmls' => 'text/html', +'ico' => 'image/x-ico', +'jpe' => 'image/jpeg', +'jpg' => 'image/jpeg', +'jpeg' => 'image/jpeg', +'js' => 'application/x-javascript', +'midi' => 'audio/midi', +'mid' => 'audio/midi', +'mod' => 'audio/mod', +'mov' => 'movie/quicktime', +'mp3' => 'audio/mp3', +'mpg' => 'video/mpeg', +'mpeg' => 'video/mpeg', +'pdf' => 'application/pdf', +'png' => 'image/png', +'swf' => 'application/shockwave-flash', +'tif' => 'image/tiff', +'tiff' => 'image/tiff', +'wav' => 'audio/wav', +'xbm' => 'image/xbm', +'xml' => 'text/xml', +); + +header("Cache-Control: no-cache, must-revalidate"); +header("Pragma: no-cache"); + +$basename = basename(__FILE__); +if (!strpos($_SERVER['REQUEST_URI'], $basename)) { +chdir(Extract_Phar::$temp); +include $web; +return; +} +$pt = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], $basename) + strlen($basename)); +if (!$pt || $pt == '/') { +$pt = $web; +header('HTTP/1.1 301 Moved Permanently'); +header('Location: ' . $_SERVER['REQUEST_URI'] . '/' . $pt); +exit; +} +$a = realpath(Extract_Phar::$temp . DIRECTORY_SEPARATOR . $pt); +if (!$a || strlen(dirname($a)) < strlen(Extract_Phar::$temp)) { +header('HTTP/1.0 404 Not Found'); +echo "\n
\n