Update to Drupal 8.2.3. For more information, see https://www.drupal.org/project/drupal/releases/8.2.3
This commit is contained in:
Pantheon Automation
Greg Anderson
parent
507b45a0ed
commit
0a95b8440e
19 changed files with 300 additions and 15 deletions
|
|
@ -4,7 +4,9 @@ namespace Drupal\system;
|
|||
|
||||
use Drupal\Component\Transliteration\TransliterationInterface;
|
||||
use Drupal\Component\Utility\Unicode;
|
||||
use Drupal\Core\Access\CsrfTokenGenerator;
|
||||
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
|
||||
use Symfony\Component\HttpFoundation\File\Exception\AccessDeniedException;
|
||||
use Symfony\Component\HttpFoundation\JsonResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\DependencyInjection\ContainerInterface;
|
||||
|
|
@ -21,14 +23,24 @@ class MachineNameController implements ContainerInjectionInterface {
|
|||
*/
|
||||
protected $transliteration;
|
||||
|
||||
/**
|
||||
* The token generator.
|
||||
*
|
||||
* @var \Drupal\Core\Access\CsrfTokenGenerator
|
||||
*/
|
||||
protected $tokenGenerator;
|
||||
|
||||
/**
|
||||
* Constructs a MachineNameController object.
|
||||
*
|
||||
* @param \Drupal\Component\Transliteration\TransliterationInterface $transliteration
|
||||
* The transliteration helper.
|
||||
* @param \Drupal\Core\Access\CsrfTokenGenerator $token_generator
|
||||
* The token generator.
|
||||
*/
|
||||
public function __construct(TransliterationInterface $transliteration) {
|
||||
public function __construct(TransliterationInterface $transliteration, CsrfTokenGenerator $token_generator) {
|
||||
$this->transliteration = $transliteration;
|
||||
$this->tokenGenerator = $token_generator;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -36,7 +48,8 @@ class MachineNameController implements ContainerInjectionInterface {
|
|||
*/
|
||||
public static function create(ContainerInterface $container) {
|
||||
return new static(
|
||||
$container->get('transliteration')
|
||||
$container->get('transliteration'),
|
||||
$container->get('csrf_token')
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -54,6 +67,7 @@ class MachineNameController implements ContainerInjectionInterface {
|
|||
$text = $request->query->get('text');
|
||||
$langcode = $request->query->get('langcode');
|
||||
$replace_pattern = $request->query->get('replace_pattern');
|
||||
$replace_token = $request->query->get('replace_token');
|
||||
$replace = $request->query->get('replace');
|
||||
$lowercase = $request->query->get('lowercase');
|
||||
|
||||
|
|
@ -61,7 +75,15 @@ class MachineNameController implements ContainerInjectionInterface {
|
|||
if ($lowercase) {
|
||||
$transliterated = Unicode::strtolower($transliterated);
|
||||
}
|
||||
|
||||
if (isset($replace_pattern) && isset($replace)) {
|
||||
if (!isset($replace_token)) {
|
||||
throw new AccessDeniedException("Missing 'replace_token' query parameter.");
|
||||
}
|
||||
elseif (!$this->tokenGenerator->validate($replace_token, $replace_pattern)) {
|
||||
throw new AccessDeniedException("Invalid 'replace_token' query parameter.");
|
||||
}
|
||||
|
||||
// Quote the pattern delimiter and remove null characters to avoid the e
|
||||
// or other modifiers being injected.
|
||||
$transliterated = preg_replace('@' . strtr($replace_pattern, ['@' => '\@', chr(0) => '']) . '@', $replace, $transliterated);
|
||||
|
|
|
|||
|
|
@ -1730,3 +1730,19 @@ function system_update_8201() {
|
|||
/**
|
||||
* @} End of "addtogroup updates-8.2.0".
|
||||
*/
|
||||
|
||||
/**
|
||||
* @addtogroup updates-8.2.3
|
||||
* @{
|
||||
*/
|
||||
|
||||
/**
|
||||
* Clear caches due to behavior change in MachineName element.
|
||||
*/
|
||||
function system_update_8202() {
|
||||
// Empty update to cause a cache rebuild.
|
||||
}
|
||||
|
||||
/**
|
||||
* @} End of "addtogroup updates-8.2.3".
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -2,9 +2,12 @@
|
|||
|
||||
namespace Drupal\Tests\system\Unit\Transliteration;
|
||||
|
||||
use Drupal\Core\Access\CsrfTokenGenerator;
|
||||
use Drupal\Tests\UnitTestCase;
|
||||
use Drupal\Component\Transliteration\PhpTransliteration;
|
||||
use Drupal\system\MachineNameController;
|
||||
use Prophecy\Argument;
|
||||
use Symfony\Component\HttpFoundation\File\Exception\AccessDeniedException;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
|
|
@ -21,10 +24,22 @@ class MachineNameControllerTest extends UnitTestCase {
|
|||
*/
|
||||
protected $machineNameController;
|
||||
|
||||
/**
|
||||
* The CSRF token generator.
|
||||
*
|
||||
* @var \Drupal\Core\Access\CsrfTokenGenerator
|
||||
*/
|
||||
protected $tokenGenerator;
|
||||
|
||||
protected function setUp() {
|
||||
parent::setUp();
|
||||
// Create the machine name controller.
|
||||
$this->machineNameController = new MachineNameController(new PhpTransliteration());
|
||||
$this->tokenGenerator = $this->prophesize(CsrfTokenGenerator::class);
|
||||
$this->tokenGenerator->validate(Argument::cetera())->will(function ($args) {
|
||||
return $args[0] === 'token-' . $args[1];
|
||||
});
|
||||
|
||||
$this->machineNameController = new MachineNameController(new PhpTransliteration(), $this->tokenGenerator->reveal());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -38,7 +53,7 @@ class MachineNameControllerTest extends UnitTestCase {
|
|||
* - The expected content of the JSONresponse.
|
||||
*/
|
||||
public function providerTestMachineNameController() {
|
||||
return array(
|
||||
$valid_data = array(
|
||||
array(array('text' => 'Bob', 'langcode' => 'en'), '"Bob"'),
|
||||
array(array('text' => 'Bob', 'langcode' => 'en', 'lowercase' => TRUE), '"bob"'),
|
||||
array(array('text' => 'Bob', 'langcode' => 'en', 'replace' => 'Alice', 'replace_pattern' => 'Bob'), '"Alice"'),
|
||||
|
|
@ -53,6 +68,15 @@ class MachineNameControllerTest extends UnitTestCase {
|
|||
array(array('text' => 'Bob', 'langcode' => 'en', 'lowercase' => TRUE, 'replace' => 'fail()', 'replace_pattern' => ".*@e\0"), '"bob"'),
|
||||
array(array('text' => 'Bob@e', 'langcode' => 'en', 'lowercase' => TRUE, 'replace' => 'fail()', 'replace_pattern' => ".*@e\0"), '"fail()"'),
|
||||
);
|
||||
|
||||
$valid_data = array_map(function ($data) {
|
||||
if (isset($data[0]['replace_pattern'])) {
|
||||
$data[0]['replace_token'] = 'token-' . $data[0]['replace_pattern'];
|
||||
}
|
||||
return $data;
|
||||
}, $valid_data);
|
||||
|
||||
return $valid_data;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -73,4 +97,24 @@ class MachineNameControllerTest extends UnitTestCase {
|
|||
$this->assertEquals($expected_content, $json->getContent());
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests the pattern validation.
|
||||
*/
|
||||
public function testMachineNameControllerWithInvalidReplacePattern() {
|
||||
$request = Request::create('', 'GET', ['text' => 'Bob', 'langcode' => 'en', 'replace' => 'Alice', 'replace_pattern' => 'Bob', 'replace_token' => 'invalid']);
|
||||
|
||||
$this->setExpectedException(AccessDeniedException::class, "Invalid 'replace_token' query parameter.");
|
||||
$this->machineNameController->transliterate($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests the pattern validation with a missing token.
|
||||
*/
|
||||
public function testMachineNameControllerWithMissingToken() {
|
||||
$request = Request::create('', 'GET', ['text' => 'Bob', 'langcode' => 'en', 'replace' => 'Alice', 'replace_pattern' => 'Bob']);
|
||||
|
||||
$this->setExpectedException(AccessDeniedException::class, "Missing 'replace_token' query parameter.");
|
||||
$this->machineNameController->transliterate($request);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue