Skip to content

Commit

Permalink
Merge branch 'develop' into release-versions/v3.4.11
Browse files Browse the repository at this point in the history
  • Loading branch information
berliner committed Feb 22, 2024
2 parents b302a89 + bcf0f15 commit 845ff23
Show file tree
Hide file tree
Showing 9 changed files with 198 additions and 603 deletions.
1 change: 0 additions & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@
"drupal/replicate_ui": "^1.0",
"drupal/social_auth_hid": "^3.1",
"drupal/stage_file_proxy": "^2",
"drupal/upgrade_status": "^4.0",
"drupal/user_expire": "^1.0",
"drupal/username_enumeration_prevention": "^1.3",
"drush/drush": "^12.0",
Expand Down
728 changes: 160 additions & 568 deletions composer.lock

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion composer.patches.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"patches": {
"drupal/core": {
"https://www.drupal.org/project/drupal/issues/2544110": "./patches/2544110.patch",
"https://www.drupal.org/project/drupal/issues/2544110": "./patches/2544110-2024-02-15.patch",
"Issue #3392572: strnatcasecmp(): Passing null to parameter #2 in LayoutPluginManager": "https://www.drupal.org/files/issues/2023-10-25/drupal-strnatcasecmp_string_only-3392572-10.patch",
"Issue #3413079: Cannot read properties of null (reading 'nodeType') on node.page.body": "https://www.drupal.org/files/issues/2024-01-08/3413079-9.patch",
"Issue #3413508: Admin page access denied even when access is given to child items": "./patches/3413508.patch"
Expand Down
6 changes: 3 additions & 3 deletions config/admin_dialogs.settings.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
_core:
default_config_hash: srQdbmKHrvRxR6vFtEFbCHIT_Ae5obHqc-Hkh7b3_sw
delete_ops: 1
delete_buttons: 1
other_buttons: 1
delete_ops: true
delete_buttons: true
other_buttons: true
Original file line number Diff line number Diff line change
Expand Up @@ -24,16 +24,6 @@ content:
third_party_settings: { }
weight: 2
region: content
field_hide_from_navigation:
type: boolean
label: above
settings:
format: default
format_custom_false: ''
format_custom_true: ''
third_party_settings: { }
weight: 3
region: content
field_summary:
type: basic_string
label: hidden
Expand All @@ -50,5 +40,6 @@ content:
weight: 0
region: content
hidden:
field_hide_from_navigation: true
field_short_title: true
field_tags: true
7 changes: 3 additions & 4 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,9 @@ WORKDIR /srv/www

# Clean up previous composer installation and run new one.
RUN rm -rf ./vendor && \
# Update composer to avoid issues with missing drupal files.
# @see https://github.com/drupal-composer/drupal-project/issues/282
composer self-update && \
COMPOSER_MEMORY_LIMIT=-1 composer install --no-dev --no-interaction --prefer-dist
COMPOSER_ALLOW_SUPERUSER=1 \
COMPOSER_MEMORY_LIMIT=-1 \
composer install --no-dev --no-interaction --prefer-dist

# Copy settings to default site location.
RUN mkdir -m 0775 -p html/sites/default && \
Expand Down
37 changes: 25 additions & 12 deletions patches/2544110.patch → patches/2544110-2024-02-15.patch
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
From 3cf003dbb423405425d79c5dccde327669b801bc Mon Sep 17 00:00:00 2001
From: Lucas D Hedding <[email protected]>
Date: Tue, 26 Dec 2023 12:37:36 -0600
Subject: [PATCH] rebase

---
core/lib/Drupal/Component/Utility/Xss.php | 107 +++++++++++++++---
.../Tests/Component/Utility/XssTest.php | 97 +++++++++++++++-
2 files changed, 190 insertions(+), 14 deletions(-)

diff --git a/core/lib/Drupal/Component/Utility/Xss.php b/core/lib/Drupal/Component/Utility/Xss.php
index 7480c3793eeba30cf8926df645d1d0f37bb9aa4b..e16f021b4d05b4e7b2ff3ffe9409227e5eb48d80 100644
index 2c143cddf84b..b0e77605194f 100644
--- a/core/lib/Drupal/Component/Utility/Xss.php
+++ b/core/lib/Drupal/Component/Utility/Xss.php
@@ -2,7 +2,7 @@
Expand Down Expand Up @@ -66,33 +76,33 @@ index 7480c3793eeba30cf8926df645d1d0f37bb9aa4b..e16f021b4d05b4e7b2ff3ffe9409227e

while (strlen($attributes) != 0) {
// Was the last operation successful?
@@ -229,17 +270,16 @@ protected static function attributes($attributes) {
@@ -229,18 +270,16 @@ protected static function attributes($attributes) {
// starting with "javascript:"). However, for some non-URI
// attributes performing this filtering causes valid and safe data
// to be mangled. We prevent this by skipping protocol filtering on
- // such attributes.
+ // such attributes. Adding check to skip angular attributes (ng).
// @see \Drupal\Component\Utility\UrlHelper::filterBadProtocol()
// @see http://www.w3.org/TR/html4/index/attributes.html
- $skip_protocol_filtering = substr($attribute_name, 0, 5) === 'data-' || in_array($attribute_name, [
- $skip_protocol_filtering = str_starts_with($attribute_name, 'data-') || in_array($attribute_name, [
- 'title',
- 'alt',
- 'rel',
- 'property',
- 'class',
- 'datetime',
- ]);
+ $skip_protocol_filtering = substr($attribute_name, 0, 5) === 'data-' ||
+ substr($attribute_name, 0, 3) === 'ng-' ||
+ $skip_protocol_filtering = str_starts_with($attribute_name, 'data-') ||
+ str_starts_with($attribute_name, 'ng-') ||
+ in_array($attribute_name, static::$safeAttributes);
+
+ // There are also certain attributes that we want to make sure we
+ // filter no matter what.
+ $enforce_protocol_filtering = in_array($attribute_name, static::$unSafeAttributes);

$working = $mode = 1;
$attributes = preg_replace('/^[-a-zA-Z][-a-zA-Z0-9]*/', '', $attributes);
@@ -272,7 +312,12 @@ protected static function attributes($attributes) {
}
@@ -272,7 +311,12 @@ protected static function attributes($attributes) {
$working = 1;
// Attribute value, a URL after href= for instance.
if (preg_match('/^"([^"]*)"(\s+|$)/', $attributes, $match)) {
Expand All @@ -106,7 +116,7 @@ index 7480c3793eeba30cf8926df645d1d0f37bb9aa4b..e16f021b4d05b4e7b2ff3ffe9409227e

if (!$skip) {
$attributes_array[] = "$attribute_name=\"$value\"";
@@ -282,7 +327,12 @@ protected static function attributes($attributes) {
@@ -282,7 +326,12 @@ protected static function attributes($attributes) {
}

if (preg_match("/^'([^']*)'(\s+|$)/", $attributes, $match)) {
Expand All @@ -120,7 +130,7 @@ index 7480c3793eeba30cf8926df645d1d0f37bb9aa4b..e16f021b4d05b4e7b2ff3ffe9409227e

if (!$skip) {
$attributes_array[] = "$attribute_name='$value'";
@@ -292,7 +342,12 @@ protected static function attributes($attributes) {
@@ -292,7 +341,12 @@ protected static function attributes($attributes) {
}

if (preg_match("%^([^\s\"']+)(\s+|$)%", $attributes, $match)) {
Expand All @@ -134,7 +144,7 @@ index 7480c3793eeba30cf8926df645d1d0f37bb9aa4b..e16f021b4d05b4e7b2ff3ffe9409227e

if (!$skip) {
$attributes_array[] = "$attribute_name=\"$value\"";
@@ -341,6 +396,33 @@ protected static function needsRemoval(array $html_tags, $elem) {
@@ -341,6 +395,33 @@ protected static function needsRemoval(array $html_tags, $elem) {
return !isset($html_tags[strtolower($elem)]);
}

Expand Down Expand Up @@ -169,7 +179,7 @@ index 7480c3793eeba30cf8926df645d1d0f37bb9aa4b..e16f021b4d05b4e7b2ff3ffe9409227e
* Gets the list of HTML tags allowed by Xss::filterAdmin().
*
diff --git a/core/tests/Drupal/Tests/Component/Utility/XssTest.php b/core/tests/Drupal/Tests/Component/Utility/XssTest.php
index 2cf89d233e6aa1656a09ae1b1386dd5a414f2c4b..63a5a0bef36f837ebeaddad0cf3f1e48fd6667e7 100644
index 0f242959ebee..6c024b0ac818 100644
--- a/core/tests/Drupal/Tests/Component/Utility/XssTest.php
+++ b/core/tests/Drupal/Tests/Component/Utility/XssTest.php
@@ -8,10 +8,11 @@
Expand Down Expand Up @@ -300,3 +310,6 @@ index 2cf89d233e6aa1656a09ae1b1386dd5a414f2c4b..63a5a0bef36f837ebeaddad0cf3f1e48
];
}

--
GitLab

6 changes: 5 additions & 1 deletion scripts/composer/ScriptHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
use Composer\Script\Event;
use Composer\Semver\Comparator;
use Drupal\Core\Site\Settings;
use Drupal\Core\Site\SettingsEditor;
use DrupalFinder\DrupalFinder;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\Filesystem\Exception\IOException;
Expand Down Expand Up @@ -49,7 +50,10 @@ public static function createRequiredFiles(Event $event) {
'required' => TRUE,
],
];
drupal_rewrite_settings($settings, $drupalRoot . '/sites/default/settings.php');
SettingsEditor::rewrite(
$drupalRoot . '/sites/default/settings.php',
$settings
);
$fs->chmod($drupalRoot . '/sites/default/settings.php', 0666);
$event->getIO()->write("Create a sites/default/settings.php file with chmod 0666");

Expand Down
3 changes: 0 additions & 3 deletions symfony.lock
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,6 @@
"composer/xdebug-handler": {
"version": "1.4.5"
},
"container-interop/container-interop": {
"version": "1.2.0"
},
"cweagans/composer-patches": {
"version": "1.7.1"
},
Expand Down

0 comments on commit 845ff23

Please sign in to comment.