Drupal security update v. 7.66

bibvagt · Apr 23, 2019 · 2401f95 · 2401f95
1 parent b2eb86b
commit 2401f95
Show file tree

Hide file tree

Showing 134 changed files with 513 additions and 391 deletions.
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '7.65');
+define('VERSION', '7.66');
 
 /**
  * Core API compatibility.

diff --git a/misc/jquery-extend-3.4.0.js b/misc/jquery-extend-3.4.0.js
@@ -0,0 +1,112 @@
+/**
+ * For jQuery versions less than 3.4.0, this replaces the jQuery.extend
+ * function with the one from jQuery 3.4.0, slightly modified (documented
+ * below) to be compatible with older jQuery versions and browsers.
+ *
+ * This provides the Object.prototype pollution vulnerability fix to Drupal
+ * installations running older jQuery versions, including the versions shipped
+ * with Drupal core and https://www.drupal.org/project/jquery_update.
+ *
+ * @see https://github.com/jquery/jquery/pull/4333
+ */
+
+(function (jQuery) {
+
+// Do not override jQuery.extend() if the jQuery version is already >=3.4.0.
+var versionParts = jQuery.fn.jquery.split('.');
+var majorVersion = parseInt(versionParts[0]);
+var minorVersion = parseInt(versionParts[1]);
+var patchVersion = parseInt(versionParts[2]);
+var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);
+if (
+  (majorVersion > 3) ||
+  (majorVersion === 3 && minorVersion > 4) ||
+  (majorVersion === 3 && minorVersion === 4 && patchVersion > 0) ||
+  (majorVersion === 3 && minorVersion === 4 && patchVersion === 0 && !isPreReleaseVersion)
+) {
+  return;
+}
+
+/**
+ * This is almost verbatim copied from jQuery 3.4.0.
+ *
+ * Only two minor changes have been made:
+ * - The call to isFunction() is changed to jQuery.isFunction().
+ * - The two calls to Array.isArray() is changed to jQuery.isArray().
+ *
+ * The above two changes ensure compatibility with all older jQuery versions
+ * (1.4.4 - 3.3.1) and older browser versions (e.g., IE8).
+ */
+jQuery.extend = jQuery.fn.extend = function() {
+  var options, name, src, copy, copyIsArray, clone,
+    target = arguments[ 0 ] || {},
+    i = 1,
+    length = arguments.length,
+    deep = false;
+
+  // Handle a deep copy situation
+  if ( typeof target === "boolean" ) {
+    deep = target;
+
+    // Skip the boolean and the target
+    target = arguments[ i ] || {};
+    i++;
+  }
+
+  // Handle case when target is a string or something (possible in deep copy)
+  if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
+    target = {};
+  }
+
+  // Extend jQuery itself if only one argument is passed
+  if ( i === length ) {
+    target = this;
+    i--;
+  }
+
+  for ( ; i < length; i++ ) {
+
+    // Only deal with non-null/undefined values
+    if ( ( options = arguments[ i ] ) != null ) {
+
+      // Extend the base object
+      for ( name in options ) {
+        copy = options[ name ];
+
+        // Prevent Object.prototype pollution
+        // Prevent never-ending loop
+        if ( name === "__proto__" || target === copy ) {
+          continue;
+        }
+
+        // Recurse if we're merging plain objects or arrays
+        if ( deep && copy && ( jQuery.isPlainObject( copy ) ||
+          ( copyIsArray = jQuery.isArray( copy ) ) ) ) {
+          src = target[ name ];
+
+          // Ensure proper type for the source value
+          if ( copyIsArray && !jQuery.isArray( src ) ) {
+            clone = [];
+          } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) {
+            clone = {};
+          } else {
+            clone = src;
+          }
+          copyIsArray = false;
+
+          // Never move original objects, clone them
+          target[ name ] = jQuery.extend( deep, clone, copy );
+
+          // Don't bring in undefined values
+        } else if ( copy !== undefined ) {
+          target[ name ] = copy;
+        }
+      }
+    }
+  }
+
+  // Return the modified object
+  return target;
+};
+
+})(jQuery);
diff --git a/modules/aggregator/aggregator.info b/modules/aggregator/aggregator.info
@@ -7,7 +7,7 @@ files[] = aggregator.test
 configure = admin/config/services/aggregator/settings
 stylesheets[all][] = aggregator.css
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/aggregator/tests/aggregator_test.info b/modules/aggregator/tests/aggregator_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/block/block.info b/modules/block/block.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = block.test
 configure = admin/structure/block
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/block/tests/block_test.info b/modules/block/tests/block_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/block/tests/themes/block_test_theme/block_test_theme.info b/modules/block/tests/themes/block_test_theme/block_test_theme.info
@@ -13,7 +13,7 @@ regions[footer] = Footer
 regions[highlighted] = Highlighted
 regions[help] = Help
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/blog/blog.info b/modules/blog/blog.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = blog.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/book/book.info b/modules/book/book.info
@@ -7,7 +7,7 @@ files[] = book.test
 configure = admin/content/book/settings
 stylesheets[all][] = book.css
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/color/color.info b/modules/color/color.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = color.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/comment/comment.info b/modules/comment/comment.info
@@ -9,7 +9,7 @@ files[] = comment.test
 configure = admin/content/comment
 stylesheets[all][] = comment.css
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/contact/contact.info b/modules/contact/contact.info
@@ -6,7 +6,7 @@ core = 7.x
 files[] = contact.test
 configure = admin/structure/contact
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/contextual/contextual.info b/modules/contextual/contextual.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = contextual.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/dashboard/dashboard.info b/modules/dashboard/dashboard.info
@@ -7,7 +7,7 @@ files[] = dashboard.test
 dependencies[] = block
 configure = admin/dashboard/customize
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/dblog/dblog.info b/modules/dblog/dblog.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 files[] = dblog.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/field.info b/modules/field/field.info
@@ -11,7 +11,7 @@ dependencies[] = field_sql_storage
 required = TRUE
 stylesheets[all][] = theme/field.css
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/modules/field_sql_storage/field_sql_storage.info b/modules/field/modules/field_sql_storage/field_sql_storage.info
@@ -7,7 +7,7 @@ dependencies[] = field
 files[] = field_sql_storage.test
 required = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/modules/list/list.info b/modules/field/modules/list/list.info
@@ -7,7 +7,7 @@ dependencies[] = field
 dependencies[] = options
 files[] = tests/list.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/modules/list/tests/list_test.info b/modules/field/modules/list/tests/list_test.info
@@ -5,7 +5,7 @@ package = Testing
 version = VERSION
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/modules/number/number.info b/modules/field/modules/number/number.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = number.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/modules/options/options.info b/modules/field/modules/options/options.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = options.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/modules/text/text.info b/modules/field/modules/text/text.info
@@ -7,7 +7,7 @@ dependencies[] = field
 files[] = text.test
 required = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field/tests/field_test.info b/modules/field/tests/field_test.info
@@ -6,7 +6,7 @@ files[] = field_test.entity.inc
 version = VERSION
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/field_ui/field_ui.info b/modules/field_ui/field_ui.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = field_ui.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/file/file.info b/modules/file/file.info
@@ -6,7 +6,7 @@ core = 7.x
 dependencies[] = field
 files[] = tests/file.test
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/file/tests/file_module_test.info b/modules/file/tests/file_module_test.info
@@ -5,7 +5,7 @@ version = VERSION
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"
diff --git a/modules/filter/filter.info b/modules/filter/filter.info
@@ -7,7 +7,7 @@ files[] = filter.test
 required = TRUE
 configure = admin/config/content/formats
 
-; Information added by Drupal.org packaging script on 2019-03-20
-version = "7.65"
+; Information added by Drupal.org packaging script on 2019-04-17
+version = "7.66"
 project = "drupal"
-datestamp = "1553100118"
+datestamp = "1555533576"