Commit fff78938 authored by catch's avatar catch Committed by dsnopek

Issue #2881258 by catch, dsnopek: [site_verify] Fix for SA-CONTRIB-2017-051

parent 6985e629
diff --git a/site_verify.admin.inc b/site_verify.admin.inc
index c5e68f2..3a558e2 100644
index 7469b2b..09e1172 100644
--- a/site_verify.admin.inc
+++ b/site_verify.admin.inc
@@ -100,32 +100,35 @@ function site_verify_edit_form(&$form_state, $record = array(), $engine = NULL)
@@ -101,32 +101,35 @@ function site_verify_edit_form(&$form_state, $record = array(), $engine = NULL)
'#default_value' => $record['meta'],
'#description' => t('This is the full meta tag provided for verification. Note that this meta tag will only be visible in the source code of your <a href="@frontpage">front page</a>.', array('@front-page' => url('<front>'))),
'#element_validate' => $record['engine']['meta_validate'],
......@@ -61,7 +61,7 @@ index c5e68f2..3a558e2 100644
if (!variable_get('clean_url', 0)) {
drupal_set_message(t('Using verification files will not work if <a href="@clean-urls">clean URLs</a> are disabled.', array('@clean-urls' => url('admin/settings/clean-url'))), 'error', FALSE);
$form['file']['#disabled'] = TRUE;
@@ -133,8 +136,8 @@ function site_verify_edit_form(&$form_state, $record = array(), $engine = NULL)
@@ -134,8 +137,8 @@ function site_verify_edit_form(&$form_state, $record = array(), $engine = NULL)
$form['file_upload']['#disabled'] = TRUE;
}
......@@ -71,7 +71,7 @@ index c5e68f2..3a558e2 100644
$form['#attributes'] = array('enctype' => 'multipart/form-data');
}
@@ -155,29 +158,59 @@ function site_verify_edit_form(&$form_state, $record = array(), $engine = NULL)
@@ -156,29 +159,57 @@ function site_verify_edit_form(&$form_state, $record = array(), $engine = NULL)
}
/**
......@@ -87,11 +87,6 @@ index c5e68f2..3a558e2 100644
- file_delete($file->filepath);
- if ($contents === FALSE) {
- drupal_set_message(t('The verification file import failed, because the file %filename could not be read.', array('%filename' => $file->filename)), 'error');
- }
- else {
- $values['file'] = $file->filename;
- $values['file_contents'] = $contents;
- //drupal_set_message(t('The verification file <a href="@filename">@filename</a> was successfully imported.', array('@filename' => $file->filename)));
+function site_verify_edit_form_validate($form, &$form_state) {
+ if ($form_state['storage']['step']) {
+ // validate metatag
......@@ -111,6 +106,27 @@ index c5e68f2..3a558e2 100644
+
+ if (!$valid_metatag_set) {
+ form_set_error('meta', t('A valid metatag was not found'));
+ }
}
- else {
- $values['file'] = $file->filename;
- $values['file_contents'] = $contents;
- //drupal_set_message(t('The verification file <a href="@filename">@filename</a> was successfully imported.', array('@filename' => $file->filename)));
+
+ //
+ $values = &$form_state['values'];
+ // Import the uploaded verification file.
+ $validators = array('file_validate_extensions' => array(''));
+ if ($file = file_save_upload('file_upload', $validators, FALSE, FILE_EXISTS_REPLACE)) {
+ $contents = @file_get_contents($file->filepath);
+ file_delete($file->filepath);
+ if ($contents === FALSE) {
+ drupal_set_message(t('The verification file import failed, because the file %filename could not be read.', array('%filename' => $file->filename)), 'error');
+ }
+ else {
+ $values['file'] = $file->filename;
+ $values['file_contents'] = $contents;
+ //drupal_set_message(t('The verification file <a href="@filename">@filename</a> was successfully imported.', array('@filename' => $file->filename)));
+ }
}
- }
......@@ -119,31 +135,12 @@ index c5e68f2..3a558e2 100644
- $existing_file = db_result(db_query("SELECT svid FROM {site_verify} WHERE LOWER(file) = LOWER('%s') AND svid <> %d", $values['file'], $values['svid']));
- if ($existing_file) {
- form_set_error('file', t('The file %filename is already being used in another verification.', array('%filename' => $values['file'])));
+ //
+ if (isset($form_state['values']['file']) && $form_state['values']['file']) {
+ $values = &$form_state['values'];
+ // Import the uploaded verification file.
+ $validators = array('file_validate_extensions' => array());
+ if ($file = file_save_upload('file_upload', $validators, FALSE, FILE_EXISTS_REPLACE)) {
+ $contents = @file_get_contents($file->filepath);
+ file_delete($file->filepath);
+ if ($contents === FALSE) {
+ drupal_set_message(t('The verification file import failed, because the file %filename could not be read.', array('%filename' => $file->filename)), 'error');
+ }
+ else {
+ $values['file'] = $file->filename;
+ $values['file_contents'] = $contents;
+ //drupal_set_message(t('The verification file <a href="@filename">@filename</a> was successfully imported.', array('@filename' => $file->filename)));
+ }
+ }
+
+ // Confirm that the desired filename isn't already in use by another
+ // verification.
+ if ($values['file']) {
+ $existing_file = db_result(db_query("SELECT svid FROM {site_verify} WHERE LOWER(file) = LOWER('%s') AND svid <> %d", $values['file'], $values['svid']));
+ if ($existing_file) {
+ form_set_error('file', t('The file %filename is already being used in another verification.', array('%filename' => $values['file'])));
+ }
+ // Confirm that the desired filename isn't already in use by another
+ // verification.
+ if ($values['file']) {
+ $existing_file = db_result(db_query("SELECT svid FROM {site_verify} WHERE LOWER(file) = LOWER('%s') AND svid <> %d", $values['file'], $values['svid']));
+ if ($existing_file) {
+ form_set_error('file', t('The file %filename is already being used in another verification.', array('%filename' => $values['file'])));
+ }
+ }
+ else {
......@@ -152,10 +149,10 @@ index c5e68f2..3a558e2 100644
}
}
diff --git a/site_verify.module b/site_verify.module
index 8836a20..aff2e20 100755
index 94409fe..7894a4f 100755
--- a/site_verify.module
+++ b/site_verify.module
@@ -62,6 +62,13 @@ function site_verify_menu() {
@@ -63,6 +63,13 @@ function site_verify_menu() {
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment