Skip to content

Commit f158e5e

Browse files
committed
Security upgrade 1.21.3. The database upgrade script does not need to be run.
2 parents f2becc3 + 235a488 commit f158e5e

File tree

4 files changed

+21
-12
lines changed

4 files changed

+21
-12
lines changed

core/includes/bootstrap.inc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
/**
88
* The current system version.
99
*/
10-
define('BACKDROP_VERSION', '1.21.2');
10+
define('BACKDROP_VERSION', '1.21.3');
1111

1212
/**
1313
* Core API compatibility.

core/modules/layout/tests/layout.test

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2040,10 +2040,10 @@ class LayoutBlockTest extends BackdropWebTestCase {
20402040
'type' => 'page',
20412041
'title' => "Test node title",
20422042
));
2043+
2044+
// Remove the Page Title Combo block.
20432045
$this->backdropGet('admin/structure/layouts/manage/default');
20442046
$this->clickLink(t('Remove'), 3);
2045-
2046-
// Save the layout.
20472047
$this->backdropPost(NULL, array(), t('Save layout'));
20482048

20492049
// Check page title exists.

core/modules/node/node.install

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1085,8 +1085,15 @@ function node_update_1010() {
10851085
$default_langcode = $site_config->get('language_default');
10861086
$other_languages = db_query("SELECT COUNT(langcode) FROM {node} WHERE langcode NOT IN (:list)", array(':list' => array('und', $default_langcode)))->fetchField();
10871087
if ($language_count == 1 && $other_languages == 0) {
1088-
db_query("UPDATE {node} SET langcode = 'und' WHERE langcode = :default", array('default' => $default_langcode));
1089-
db_query("UPDATE {url_alias} SET langcode = 'und' WHERE source LIKE 'node/%' AND langcode = :default", array('default' => $default_langcode));
1088+
db_update('node')
1089+
->fields(array('langcode' => 'und'))
1090+
->condition('langcode', $default_langcode)
1091+
->execute();
1092+
db_update('url_alias')
1093+
->fields(array('langcode' => 'und'))
1094+
->condition('source', 'node/%', 'LIKE')
1095+
->condition('langcode', $default_langcode)
1096+
->execute();
10901097
}
10911098
}
10921099

core/modules/system/system.module

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4151,7 +4151,7 @@ function path_autocomplete($string = '') {
41514151
->execute();
41524152
foreach ($results as $result) {
41534153
$path = backdrop_get_path_alias('node/' . $result->nid);
4154-
$match = '<span class="autocomplete-suggestion">' . $result->title . '</span>';
4154+
$match = '<span class="autocomplete-suggestion">' . check_plain($result->title) . '</span>';
41554155
$match_description = t('Content: %type', array('%type' => node_type_get_name($result->type)));
41564156
$matches[$path] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
41574157
$match_count++;
@@ -4172,7 +4172,7 @@ function path_autocomplete($string = '') {
41724172
$absolute_path = parse_url($GLOBALS['base_url'], PHP_URL_PATH) . '/';
41734173
$url = file_create_url($result->uri);
41744174
$path = str_replace($GLOBALS['base_url'] . '/', $absolute_path, $url);
4175-
$match = '<span class="autocomplete-suggestion">' . $result->filename . '</span>';
4175+
$match = '<span class="autocomplete-suggestion">' . check_plain($result->filename) . '</span>';
41764176
$match_description = t('File: %type', array('%type' => file_type_get_name($result->type)));
41774177
$matches[$path] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
41784178
$match_count++;
@@ -4196,7 +4196,7 @@ function path_autocomplete($string = '') {
41964196
$users = user_load_multiple($uids);
41974197
foreach ($users as $user) {
41984198
$path = backdrop_get_path_alias('user/' . $user->uid);
4199-
$match = '<span class="autocomplete-suggestion">' . user_format_name($user) . '</span>';
4199+
$match = '<span class="autocomplete-suggestion">' . check_plain(user_format_name($user)) . '</span>';
42004200
$match_description = t('User account');
42014201
$matches[$path] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
42024202
$match_count++;
@@ -4215,7 +4215,7 @@ function path_autocomplete($string = '') {
42154215
->execute();
42164216
foreach ($results as $result) {
42174217
$path = backdrop_get_path_alias('taxonomy/term/' . $result->tid);
4218-
$match = '<span class="autocomplete-suggestion">' . $result->name . '</span>';
4218+
$match = '<span class="autocomplete-suggestion">' . check_plain($result->name) . '</span>';
42194219
$match_description = t('Taxonomy term: %vocabulary', array('%vocabulary' => taxonomy_vocabulary_load($result->vocabulary)->name));
42204220
$matches[$path] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
42214221
$match_count++;
@@ -4230,6 +4230,7 @@ function path_autocomplete($string = '') {
42304230
if ($view->access($display_id) && $display->display_plugin == 'page' && !empty($display->display_options['path'])) {
42314231
$path = backdrop_get_path_alias($display->display_options['path']);
42324232
if (!path_is_admin($path)) {
4233+
$view_title = '';
42334234
$found_match = FALSE;
42344235
// Display title.
42354236
if (!empty($display->display_options['title']) && stripos($display->display_options['title'], $string) !== FALSE) {
@@ -4247,7 +4248,7 @@ function path_autocomplete($string = '') {
42474248
$view_title = $view->human_name;
42484249
}
42494250
if ($found_match) {
4250-
$match = '<span class="autocomplete-suggestion">' . $view_title . '</span>';
4251+
$match = '<span class="autocomplete-suggestion">' . check_plain($view_title) . '</span>';
42514252
$match_description = t('View: %human - %display', array('%human' => $view->human_name, '%display' => $display->display_title));
42524253
$matches[$path] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
42534254
$match_count++;
@@ -4266,6 +4267,7 @@ function path_autocomplete($string = '') {
42664267
$menu_items = layout_get_all_configs('menu_item');
42674268
foreach ($menu_items as $menu_item) {
42684269
if ($match_count < $range) {
4270+
$layout_title = '';
42694271
$found_match = FALSE;
42704272
if (!empty($menu_item['menu']['title']) && stripos($menu_item['menu']['title'], $string) !== FALSE) {
42714273
$found_match = TRUE;
@@ -4276,7 +4278,7 @@ function path_autocomplete($string = '') {
42764278
$layout_title = $menu_item['name'];
42774279
}
42784280
if ($found_match) {
4279-
$match = '<span class="autocomplete-suggestion">' . $layout_title . '</span>';
4281+
$match = '<span class="autocomplete-suggestion">' . check_plain($layout_title) . '</span>';
42804282
$match_description = t('Layout: %display', array('%display' => $menu_item['name']));
42814283
$matches[$menu_item['path']] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
42824284
$match_count++;
@@ -4296,7 +4298,7 @@ function path_autocomplete($string = '') {
42964298
foreach ($results as $result) {
42974299
$path = backdrop_get_path_alias($result->link_path);
42984300
if (!isset($matches[$path]) && !path_is_admin($path)) {
4299-
$match = '<span class="autocomplete-suggestion">' . $result->link_title . '</span>';
4301+
$match = '<span class="autocomplete-suggestion">' . check_plain($result->link_title) . '</span>';
43004302
$match_description = t('Menu item: %path', array('%path' => $path));
43014303
$matches[$path] = $match . ' <span class="autocomplete-description">(' . $match_description . ')</span>';
43024304
$match_count++;

0 commit comments

Comments
 (0)