Update to Drupal 8.0.1. For more information, see https://www.drupal.org/node/2627402

core/modules/views/config/schema/views.argument_default.schema.yml

@@ -8,14 +8,6 @@ views.argument_default.fixed:
       type: string
       label: 'Fixed value'
 
-views.argument_default.php:
-  type: mapping
-  label: 'PHP Code'
-  mapping:
-    code:
-      type: string
-      label: 'PHP contextual filter code'
-
 views.argument_default.raw:
   type: mapping
   label: 'Raw value from URL'

core/modules/views/config/schema/views.style.schema.yml

@@ -94,7 +94,7 @@ views.style.table:
       label: 'Enable Drupal style "sticky" table headers (Javascript)'
     summary:
       type: label
-      label: 'Table summary'
+      label: 'Summary title'
     order:
       type: string
       label: 'Default order'
@@ -103,10 +103,10 @@ views.style.table:
       label: 'Show the empty text in the table'
     caption:
       type: label
-      label: 'Caption'
+      label: 'Caption for the table'
     description:
       type: text
-      label: 'Caption'
+      label: 'Table description'
 
 views.style.default_summary:
   type: views_style

core/modules/views/js/base.js

@@ -55,8 +55,7 @@
     var path = Drupal.Views.getPath(href);
     // Ensure we have a correct path.
     if (viewPath && path.substring(0, viewPath.length + 1) === viewPath + '/') {
-      var args = decodeURIComponent(path.substring(viewPath.length + 1, path.length));
-      returnObj.view_args = args;
+      returnObj.view_args = decodeURIComponent(path.substring(viewPath.length + 1, path.length));
       returnObj.view_path = path;
     }
     return returnObj;

core/modules/views/src/Plugin/Menu/ViewsMenuLink.php

@@ -70,9 +70,7 @@ class ViewsMenuLink extends MenuLinkBase implements ContainerFactoryPluginInterf
    *   The view executable factory
    */
   public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityManagerInterface $entity_manager, ViewExecutableFactory $view_executable_factory) {
-    $this->configuration = $configuration;
-    $this->pluginId = $plugin_id;
-    $this->pluginDefinition = $plugin_definition;
+    parent::__construct($configuration, $plugin_id, $plugin_definition);
 
     $this->entityManager = $entity_manager;
     $this->viewExecutableFactory = $view_executable_factory;

core/modules/views/src/Plugin/views/PluginBase.php

@@ -250,7 +250,7 @@ abstract class PluginBase extends ComponentPluginBase implements ContainerFactor
 
         $this->unpackOptions($storage[$key], $value, isset($definition[$key]['contains']) ? $definition[$key]['contains'] : array(), $all, FALSE);
       }
-      else if ($all || !empty($definition[$key])) {
+      elseif ($all || !empty($definition[$key])) {
         $storage[$key] = $value;
       }
     }

core/modules/views/src/Plugin/views/display/EntityReference.php

@@ -150,7 +150,7 @@ class EntityReference extends DisplayPluginBase {
 
     // Add an IN condition for validation.
     if (!empty($options['ids'])) {
-      $this->view->query->addWhere(0, $id_field, $options['ids']);
+      $this->view->query->addWhere(0, $id_field, $options['ids'], 'IN');
     }
 
     $this->view->setItemsPerPage($options['limit']);

core/modules/views/src/Plugin/views/field/FieldPluginBase.php

@@ -1248,10 +1248,7 @@ abstract class FieldPluginBase extends HandlerBase implements FieldHandlerInterf
     if ($alter['phase'] == static::RENDER_TEXT_PHASE_EMPTY && $no_rewrite_for_empty) {
       // If we got here then $alter contains the value of "No results text"
       // and so there is nothing left to do.
-      if ($value_is_safe) {
-        $value = ViewsRenderPipelineMarkup::create($value);
-      }
-      return $value;
+      return ViewsRenderPipelineMarkup::create($value);
     }
 
     if (!empty($alter['strip_tags'])) {

core/modules/views/src/Plugin/views/filter/InOperator.php

@@ -349,7 +349,7 @@ class InOperator extends FilterPluginBase {
       if (count($this->value) == 0) {
         $values = $this->t('Unknown');
       }
-      else if (count($this->value) == 1) {
+      elseif (count($this->value) == 1) {
         // If any, use the 'single' short name of the operator instead.
         if (isset($info[$this->operator]['short_single'])) {
           $operator = $info[$this->operator]['short_single'];

core/modules/views/src/Plugin/views/query/Sql.php

@@ -805,9 +805,9 @@ class Sql extends QueryPluginBase {
    *   complex options, it is an array. The meaning of each element in the array is
    *   dependent on the $operator.
    * @param $operator
-   *   The comparison operator, such as =, <, or >=. It also accepts more complex
-   *   options such as IN, LIKE, or BETWEEN. Defaults to IN if $value is an array
-   *   = otherwise. If $field is a string you have to use 'formula' here.
+   *   The comparison operator, such as =, <, or >=. It also accepts more
+   *   complex options such as IN, LIKE, LIKE BINARY, or BETWEEN. Defaults to =.
+   *   If $field is a string you have to use 'formula' here.
    *
    * The $field, $value and $operator arguments can also be passed in with a
    * single DatabaseCondition object, like this:

core/modules/views/src/Tests/ModuleTest.php

@@ -15,6 +15,7 @@ namespace Drupal\views\Tests;
 use Drupal\views\Plugin\views\filter\Standard;
 use Drupal\views\Views;
 use Drupal\Component\Utility\SafeMarkup;
+use Drupal\Component\Render\FormattableMarkup;
 
 class ModuleTest extends ViewKernelTestBase {
 
@@ -54,7 +55,7 @@ class ModuleTest extends ViewKernelTestBase {
         'field' => $this->randomMachineName(),
       );
       $handler = $this->container->get('plugin.manager.views.' . $type)->getHandler($item);
-      $this->assertEqual('Drupal\views\Plugin\views\\' . $type . '\Broken', get_class($handler), t('Make sure that a broken handler of type: @type are created', array('@type' => $type)));
+      $this->assertEqual('Drupal\views\Plugin\views\\' . $type . '\Broken', get_class($handler), new FormattableMarkup('Make sure that a broken handler of type: @type is created.', ['@type' => $type]));
     }
 
     $views_data = $this->viewsData();

core/modules/views/src/Tests/ViewsEscapingTest.php

@@ -19,7 +19,7 @@ class ViewsEscapingTest extends ViewTestBase {
    *
    * @var array
    */
-  public static $testViews = array('test_page_display');
+  public static $testViews = array('test_page_display', 'test_field_header');
 
   /**
    * Used by WebTestBase::setup()
@@ -69,4 +69,21 @@ class ViewsEscapingTest extends ViewTestBase {
     $this->assertNoEscaped('<');
   }
 
+  /**
+   * Tests for incorrectly escaped markup in a header label on a display table.
+   */
+  public function testViewsFieldHeaderEscaping() {
+    // Test with a field header label having an html element wrapper.
+    $this->drupalGet('test_field_header');
+
+    // Assert that there are no escaped '<'s characters.
+    $this->assertNoEscaped('<');
+
+    // Test with a field header label having a XSS test as a wrapper.
+    $this->drupalGet('test_field_header_xss');
+
+    // Assert that XSS test is escaped.
+    $this->assertNoRaw('<script>alert("XSS")</script>', 'Harmful tags are escaped in header label.');
+  }
+
 }

core/modules/views/src/ViewExecutable.php

@@ -614,10 +614,10 @@ class ViewExecutable implements \Serializable {
   /**
    * Sets whether or not AJAX should be used.
    *
-   * If AJAX is used, paging, tablesorting and exposed filters will be fetched
+   * If AJAX is used, paging, table sorting, and exposed filters will be fetched
    * via an AJAX call rather than a page refresh.
    *
-   * @param bool $use_ajax
+   * @param bool $ajax_enabled
    *   TRUE if AJAX should be used, FALSE otherwise.
    */
   public function setAjaxEnabled($ajax_enabled) {

core/modules/views/tests/modules/views_test_config/test_views/views.view.test_field_header.yml

@@ -0,0 +1,71 @@
+langcode: en
+status: true
+dependencies: {  }
+id: test_field_header
+label: null
+module: views
+description: ''
+tag: ''
+base_table: views_test_data
+base_field: nid
+core: '8'
+display:
+  default:
+    display_options:
+      fields:
+        name:
+          id: name
+          table: views_test_data
+          field: name
+          plugin_id: string
+          element_label_type: h2
+      style:
+        type: table
+      display_extenders: {  }
+    display_plugin: default
+    display_title: Master
+    id: default
+    position: 0
+    cache_metadata:
+      max-age: 0
+      contexts:
+        - 'languages:language_interface'
+        - url.query_args
+      tags: {  }
+  page_1:
+    display_options:
+      path: test_field_header
+      display_extenders: {  }
+    display_plugin: page
+    display_title: Page
+    id: page_1
+    position: 1
+    cache_metadata:
+      max-age: 0
+      contexts:
+        - 'languages:language_interface'
+        - url.query_args
+      tags: {  }
+  page_2:
+    display_options:
+      path: test_field_header_xss
+      defaults:
+        fields: false
+      fields:
+        name:
+          id: name
+          table: views_test_data
+          field: name
+          plugin_id: string
+          element_label_type: 'script>alert("XSS")</script'
+      display_extenders: {  }
+    display_plugin: page
+    display_title: 'Page 2'
+    id: page_2
+    position: 2
+    cache_metadata:
+      max-age: 0
+      contexts:
+        - 'languages:language_interface'
+        - url.query_args
+      tags: {  }

core/modules/views/tests/src/Unit/Plugin/field/FieldPluginBaseTest.php

@@ -258,6 +258,23 @@ class FieldPluginBaseTest extends UnitTestCase {
     $this->assertEquals($expected_result, $result);
   }
 
+  /**
+   * Tests the "No results text" rendering.
+   *
+   * @covers ::renderText
+   */
+  public function testRenderNoResult() {
+    $this->setupDisplayWithEmptyArgumentsAndFields();
+    $field = $this->setupTestField(['empty' => 'This <strong>should work</strong>.']);
+    $field->field_alias = 'key';
+    $row = new ResultRow(['key' => '']);
+
+    $expected_result = 'This <strong>should work</strong>.';
+    $result = $field->advancedRender($row);
+    $this->assertEquals($expected_result, $result);
+    $this->assertInstanceOf('\Drupal\views\Render\ViewsRenderPipelineMarkup', $result);
+  }
+
   /**
    * Test rendering of a link with a path and options.
    *

core/modules/views/views.module

@@ -3,10 +3,6 @@
 /**
  * @file
  * Primarily Drupal hooks and global API functions to manipulate views.
- *
- * This is the main module file for Views. The main entry points into
- * this module are views_page() and views_block(), where it handles
- * incoming page and block requests.
  */
 
 use Drupal\Component\Utility\Html;

core/modules/views/views.post_update.php

@@ -34,6 +34,15 @@ function views_post_update_update_cacheability_metadata() {
 
 }
 
+/**
+ * @} End of "addtogroup updates-8.0.0-beta".
+ */
+
+/**
+ * @addtogroup updates-8.0.0-rc
+ * @{
+ */
+
 /**
  * Update some views fields that were previously duplicated.
  */
@@ -128,5 +137,5 @@ function views_post_update_cleanup_duplicate_views_data() {
 }
 
 /**
- * @} End of "addtogroup updates-8.0.0-beta".
+ * @} End of "addtogroup updates-8.0.0-rc".
  */

core/modules/views/views.theme.inc

@@ -740,8 +740,7 @@ function template_preprocess_views_view_unformatted(&$variables) {
   foreach ($rows as $id => $row) {
     $variables['rows'][$id] = array();
     $variables['rows'][$id]['content'] = $row;
-    $variables['rows'][$id]['attributes'] = array();
-    $variables['rows'][$id]['attributes'] = new Attribute($variables['rows'][$id]['attributes']);
+    $variables['rows'][$id]['attributes'] = new Attribute();
     if ($row_class = $view->style_plugin->getRowClass($id)) {
       $variables['rows'][$id]['attributes']->addClass($row_class);
     }