mirror of
https://github.com/tag1consulting/d7_to_d10_migration.git
synced 2025-09-06 09:01:23 +00:00
Update Drupal 7 dependencies
This commit is contained in:
Mauricio Dinarte
Janez Urevc
parent
7d902ba1ef
commit
13df912654
391 changed files with 2900 additions and 1502 deletions
|
|
@ -8,7 +8,7 @@
|
|||
/**
|
||||
* The current system version.
|
||||
*/
|
||||
define('VERSION', '7.100');
|
||||
define('VERSION', '7.103');
|
||||
|
||||
/**
|
||||
* Core API compatibility.
|
||||
|
|
@ -729,8 +729,8 @@ function drupal_environment_initialize() {
|
|||
/**
|
||||
* Validates that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
|
||||
*
|
||||
* @return
|
||||
* TRUE if only containing valid characters, or FALSE otherwise.
|
||||
* @return bool
|
||||
* TRUE if it only contains valid characters, FALSE otherwise.
|
||||
*/
|
||||
function drupal_valid_http_host($host) {
|
||||
// Limit the length of the host name to 1000 bytes to prevent DoS attacks with
|
||||
|
|
@ -807,8 +807,8 @@ function drupal_settings_initialize() {
|
|||
// Otherwise use $base_url as session name, without the protocol
|
||||
// to use the same session identifiers across HTTP and HTTPS.
|
||||
list( , $session_name) = explode('://', $base_url, 2);
|
||||
// HTTP_HOST can be modified by a visitor, but we already sanitized it
|
||||
// in drupal_settings_initialize().
|
||||
// HTTP_HOST can be modified by a visitor, but we already sanitized it in
|
||||
// drupal_environment_initialize().
|
||||
if (!empty($_SERVER['HTTP_HOST'])) {
|
||||
$cookie_domain = _drupal_get_cookie_domain($_SERVER['HTTP_HOST']);
|
||||
}
|
||||
|
|
@ -2285,7 +2285,8 @@ function drupal_block_denied($ip) {
|
|||
* The number of random bytes to fetch and base64 encode.
|
||||
*
|
||||
* @return string
|
||||
* The base64 encoded result will have a length of up to 4 * $byte_count.
|
||||
* A base-64 encoded string, with + replaced with -, / with _ and any =
|
||||
* padding characters removed.
|
||||
*/
|
||||
function drupal_random_key($byte_count = 32) {
|
||||
return drupal_base64_encode(drupal_random_bytes($byte_count));
|
||||
|
|
@ -2718,6 +2719,18 @@ function _drupal_bootstrap_configuration() {
|
|||
// Initialize the configuration, including variables from settings.php.
|
||||
drupal_settings_initialize();
|
||||
|
||||
// Check trusted HTTP Host headers to protect against header attacks.
|
||||
if (PHP_SAPI !== 'cli') {
|
||||
$host_patterns = variable_get('trusted_host_patterns', array());
|
||||
if (!empty($host_patterns)) {
|
||||
if (!drupal_check_trusted_hosts($_SERVER['HTTP_HOST'], $host_patterns)) {
|
||||
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
|
||||
print 'The provided host name is not valid for this server.';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Sanitize unsafe keys from the request.
|
||||
DrupalRequestSanitizer::sanitize();
|
||||
}
|
||||
|
|
@ -3947,6 +3960,36 @@ function drupal_clear_opcode_cache($filepath) {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks trusted HTTP Host headers to protect against header injection attacks.
|
||||
*
|
||||
* @param string|null $host
|
||||
* The host name.
|
||||
* @param array $host_patterns
|
||||
* The array of trusted host patterns.
|
||||
*
|
||||
* @return bool
|
||||
* TRUE if the host is trusted, FALSE otherwise.
|
||||
*/
|
||||
function drupal_check_trusted_hosts($host, array $host_patterns) {
|
||||
if (!empty($host) && !empty($host_patterns)) {
|
||||
// Trim and remove the port number from host; host is lowercase as per
|
||||
// RFC 952/2181.
|
||||
$host = strtolower(preg_replace('/:\d+$/', '', trim($host)));
|
||||
|
||||
foreach ($host_patterns as $pattern) {
|
||||
$pattern = sprintf('{%s}i', $pattern);
|
||||
if (preg_match($pattern, $host)) {
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Drupal's wrapper around PHP's setcookie() function.
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue