opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Core update 8.3.1

Browse source
This commit is contained in:
Rob Davies 2017-04-20 11:41:23 +01:00
parent dd4cf8d212
commit 6c486e9296
5 changed files with 89 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/core/CHANGELOG.txt
View file

@ -1,3 +1,7 @@
Drupal 8.3.1, 2017-04-19
------------------------
- Fixed security issues. See SA-CORE-2017-002.
Drupal 8.3.0, 2017-04-05
------------------------
- Added modules:

2
web/core/lib/Drupal.php
View file

@ -81,7 +81,7 @@ class Drupal {
/**
* The current system version.
*/
const VERSION = '8.3.0';
const VERSION = '8.3.1';
/**
* Core API compatibility.

13
web/core/lib/Drupal/Core/Entity/EntityAccessControlHandler.php
View file

@ -303,6 +303,19 @@ class EntityAccessControlHandler extends EntityHandlerBase implements EntityAcce
// Get the default access restriction that lives within this field.
$default = $items ? $items->defaultAccess($operation, $account) : AccessResult::allowed();
// Explicitly disallow changing the entity ID and entity UUID.
if ($operation === 'edit') {
if ($field_definition->getName() === $this->entityType->getKey('id')) {
return $return_as_object ? AccessResult::forbidden('The entity ID cannot be changed') : FALSE;
}
elseif ($field_definition->getName() === $this->entityType->getKey('uuid')) {
// UUIDs can be set when creating an entity.
if ($items && ($entity = $items->getEntity()) && !$entity->isNew()) {
return $return_as_object ? AccessResult::forbidden('The entity UUID cannot be changed')->addCacheableDependency($entity) : FALSE;
}
}
}
// Get the default access restriction as specified by the access control
// handler.
$entity_default = $this->checkFieldAccess($operation, $field_definition, $account, $items);