From 203b6a88b2666352f2ed5d241b4ad738fde1e9bd Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 19 Nov 2010 20:35:31 +0000
Subject: [PATCH] - Patch #944198 by sun: functions that call
 drupal_system_listing() act on potentially invalid system items.

---
 includes/bootstrap.inc       | 9 ++++++++-
 includes/install.inc         | 2 +-
 includes/menu.inc            | 3 +--
 includes/module.inc          | 2 +-
 modules/system/system.module | 6 +++---
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 833d3e0b8747..256121c3ef7c 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -240,6 +240,13 @@
  */
 define('REGISTRY_WRITE_LOOKUP_CACHE', 2);
 
+/**
+ * Regular expression to match PHP function names.
+ *
+ * @see http://php.net/manual/en/language.functions.php
+ */
+define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*');
+
 /**
  * Start the timer with the specified name. If you start and stop the same
  * timer multiple times, the measured intervals will be accumulated.
@@ -703,7 +710,7 @@ function drupal_get_filename($type, $name, $filename = NULL) {
       // extension, not just the file we are currently looking for. This
       // prevents unnecessary scans from being repeated when this function is
       // called more than once in the same page request.
-      $matches = drupal_system_listing("/\.$extension$/", $dir, 'name', 0);
+      $matches = drupal_system_listing("/^" . DRUPAL_PHP_FUNCTION_PATTERN . "\.$extension$/", $dir, 'name', 0);
       foreach ($matches as $matched_name => $file) {
         $files[$type][$matched_name] = $file->uri;
       }
diff --git a/includes/install.inc b/includes/install.inc
index 5f16c018b275..3c51dc12368d 100644
--- a/includes/install.inc
+++ b/includes/install.inc
@@ -551,7 +551,7 @@ function drupal_verify_profile($install_state) {
 
   // Get a list of modules that exist in Drupal's assorted subdirectories.
   $present_modules = array();
-  foreach (drupal_system_listing('/\.module$/', 'modules', 'name', 0) as $present_module) {
+  foreach (drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.module$/', 'modules', 'name', 0) as $present_module) {
     $present_modules[] = $present_module->name;
   }
 
diff --git a/includes/menu.inc b/includes/menu.inc
index 9eb248c1b9a5..9d3fef979b81 100644
--- a/includes/menu.inc
+++ b/includes/menu.inc
@@ -3309,8 +3309,7 @@ function _menu_router_build($callbacks) {
       $match = FALSE;
       // Look for wildcards in the form allowed to be used in PHP functions,
       // because we are using these to construct the load function names.
-      // See http://php.net/manual/en/language.functions.php for reference.
-      if (preg_match('/^%(|[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$/', $part, $matches)) {
+      if (preg_match('/^%(|' . DRUPAL_PHP_FUNCTION_PATTERN . ')$/', $part, $matches)) {
         if (empty($matches[1])) {
           $match = TRUE;
           $load_functions[$k] = NULL;
diff --git a/includes/module.inc b/includes/module.inc
index 40396b101f89..b00156d19886 100644
--- a/includes/module.inc
+++ b/includes/module.inc
@@ -786,7 +786,7 @@ function module_invoke_all() {
  * Array of modules required by core.
  */
 function drupal_required_modules() {
-  $files = drupal_system_listing('/\.info$/', 'modules', 'name', 0);
+  $files = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.info$/', 'modules', 'name', 0);
   $required = array();
 
   // An install profile is required and one must always be loaded.
diff --git a/modules/system/system.module b/modules/system/system.module
index 1251694964ff..699f73a7f24c 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -2284,7 +2284,7 @@ function system_get_info($type, $name = NULL) {
  */
 function _system_rebuild_module_data() {
   // Find modules
-  $modules = drupal_system_listing('/\.module$/', 'modules', 'name', 0);
+  $modules = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.module$/', 'modules', 'name', 0);
 
   // Include the install profile in modules that are loaded.
   $profile = drupal_get_profile();
@@ -2404,9 +2404,9 @@ function _system_update_bootstrap_status() {
  */
 function _system_rebuild_theme_data() {
   // Find themes
-  $themes = drupal_system_listing('/\.info$/', 'themes');
+  $themes = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.info$/', 'themes');
   // Find theme engines
-  $engines = drupal_system_listing('/\.engine$/', 'themes/engines');
+  $engines = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.engine$/', 'themes/engines');
 
   // Set defaults for theme info.
   $defaults = array(
-- 
GitLab