Commit 49f719f7 authored by drumm's avatar drumm

Drupal 6.4.

parent 23fb5835
// $Id$
Drupal 6.4-dev, xxxx-xx-xx (development version)
Drupal 6.4, 2008-08-13
----------------------
- Fixed a security issue (Cross site scripting, Arbitrary file uploads via
BlogAPI, Cross site request forgeries and Various Upload module
vulnerabilities), see SA-2008-047.
- Improved error messages during installation.
- Fixed a bug that prevented AHAH handlers to be attached to radios widgets.
- Fixed a variety of small bugs.
Drupal 6.3, 2008-07-09
----------------------
- fixed security issues, (Cross site scripting, cross site request forgery, session fixation and SQL injection), see SA-2008-044
- slightly modified installation process to prevent file ownership issues on shared hosts
- improved PostgreSQL compatibility (rewritten queries; custom blocks)
- upgraded to jQuery 1.2.6
- performance improvements to search, menu handling and form API caches
- fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+)
- fixed a variety of small bugs.
- Fixed security issues, (Cross site scripting, cross site request forgery,
session fixation and SQL injection), see SA-2008-044.
- Slightly modified installation process to prevent file ownership issues on
shared hosts.
- Improved PostgreSQL compatibility (rewritten queries; custom blocks).
- Upgraded to jQuery 1.2.6.
- Performance improvements to search, menu handling and form API caches.
- Fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+).
- Fixed a variety of small bugs.
Drupal 6.2, 2008-04-09
----------------------
- fixed a variety of small bugs
- fixed a security issue (Access bypasses), see SA-2008-026
- Fixed a variety of small bugs.
- Fixed a security issue (Access bypasses), see SA-2008-026.
Drupal 6.1, 2008-02-27
----------------------
- fixed a variety of small bugs.
- fixed a security issue (Cross site scripting), see SA-2008-018
- Fixed a variety of small bugs.
- Fixed a security issue (Cross site scripting), see SA-2008-018.
Drupal 6.0, 2008-02-13
----------------------
......@@ -124,10 +131,22 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
Drupal 5.10, 2008-08-13
-----------------------
- fixed a variety of small bugs.
- fixed security issues, (Cross site scripting, Arbitrary file uploads via
BlogAPI and Cross site request forgery), see SA-2008-047
Drupal 5.9, 2008-07-23
----------------------
- fixed a variety of small bugs.
- fixed security issues, (Session fixation), see SA-2008-046
Drupal 5.8, 2008-07-09
----------------------
- fixed a variety of small bugs.
- fixed security issues, (Cross site scripting, cross site request forgery, and session fixation), see SA-2008-044
- fixed security issues, (Cross site scripting, cross site request forgery, and
session fixation), see SA-2008-044
Drupal 5.7, 2008-01-28
----------------------
......
......@@ -587,7 +587,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL)) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
......
This diff is collapsed.
......@@ -100,7 +100,7 @@ function drupal_get_form($form_id) {
array_unshift($args_temp, $form_id);
$form = call_user_func_array('drupal_retrieve_form', $args_temp);
$form_build_id = 'form-'. md5(mt_rand());
$form_build_id = 'form-'. md5(uniqid(mt_rand(), true));
$form['#build_id'] = $form_build_id;
drupal_prepare_form($form_id, $form, $form_state);
// Store a copy of the unprocessed form for caching and indicate that it
......@@ -216,31 +216,38 @@ function drupal_rebuild_form($form_id, &$form_state, $args, $form_build_id = NUL
}
/**
* Fetch a form from cache.
*/
function form_get_cache($form_build_id, &$form_state) {
if ($cached = cache_get('form_'. $form_build_id, 'cache_form')) {
$form = $cached->data;
if ($cached = cache_get('storage_'. $form_build_id, 'cache_form')) {
$form_state['storage'] = $cached->data;
}
return $form;
}
}
/**
* Store a form in the cache
* Store a form in the cache.
*/
function form_set_cache($form_build_id, $form, $form_state) {
global $user;
// 6 hours cache life time for forms should be plenty.
$expire = 21600;
if ($user->uid) {
$form['#cache_token'] = drupal_get_token();
}
cache_set('form_'. $form_build_id, $form, 'cache_form', time() + $expire);
if (!empty($form_state['storage'])) {
cache_set('storage_'. $form_build_id, $form_state['storage'], 'cache_form', time() + $expire);
}
}
/**
* Fetch a form from cache.
*/
function form_get_cache($form_build_id, &$form_state) {
global $user;
if ($cached = cache_get('form_'. $form_build_id, 'cache_form')) {
$form = $cached->data;
if ((isset($form['#cache_token']) && drupal_valid_token($form['#cache_token'])) || (!isset($form['#cache_token']) && !$user->uid)) {
if ($cached = cache_get('storage_'. $form_build_id, 'cache_form')) {
$form_state['storage'] = $cached->data;
}
return $form;
}
}
}
/**
* Retrieves a form using a form_id, populates it with $form_state['values'],
* processes it, and returns any validation errors encountered. This
......
<?php
// $Id$
/**
* Implementation of hook_install().
*/
function blogapi_install() {
// Create tables.
drupal_install_schema('blogapi');
}
/**
* Implementation of hook_uninstall().
*/
function blogapi_uninstall() {
// Remove tables.
drupal_uninstall_schema('blogapi');
}
/**
* Implementation of hook_schema().
*/
function blogapi_schema() {
//This table was introduced in Drupal 6.4
$schema['blogapi_files'] = array(
'description' => t('Stores information for files uploaded via the blogapi.'),
'fields' => array(
'fid' => array(
'description' => t('Primary Key: Unique file ID.'),
'type' => 'serial',
),
'uid' => array(
'description' => t('The {users}.uid of the user who is associated with the file.'),
'type' => 'int',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0),
'filepath' => array(
'description' => t('Path of the file relative to Drupal root.'),
'type' => 'varchar',
'length' => 255,
'not null' => TRUE,
'default' => ''),
'filesize' => array(
'description' => t('The size of the file in bytes.'),
'type' => 'int',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0),
),
'primary key' => array('fid'),
'indexes' => array(
'uid' => array('uid'),
),
);
return $schema;
}
/**
* @defgroup updates-5.x-to-6.x Blog API updates from 5.x to 6.x
* @{
......@@ -14,7 +71,55 @@ function blogapi_update_6000() {
return array();
}
/**
* Add blogapi_files table to enable size restriction for BlogAPI file uploads.
*
* This table was introduced in Drupal 6.4.
*/
function blogapi_update_6001() {
$schema['blogapi_files'] = array(
'description' => t('Stores information for files uploaded via the blogapi.'),
'fields' => array(
'fid' => array(
'description' => t('Primary Key: Unique file ID.'),
'type' => 'serial',
),
'uid' => array(
'description' => t('The {users}.uid of the user who is associated with the file.'),
'type' => 'int',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0),
'filepath' => array(
'description' => t('Path of the file relative to Drupal root.'),
'type' => 'varchar',
'length' => 255,
'not null' => TRUE,
'default' => ''),
'filesize' => array(
'description' => t('The size of the file in bytes.'),
'type' => 'int',
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0),
),
'primary key' => array('fid'),
'indexes' => array(
'uid' => array('uid'),
),
);
$ret = array();
if (!db_table_exists('blogapi_files')) {
db_create_table($ret, 'blogapi_files', $schema['blogapi_files']);
}
return $ret;
}
/**
* @} End of "defgroup updates-5.x-to-6.x"
* The next series of updates should start at 7000.
*/
......@@ -371,17 +371,64 @@ function blogapi_metaweblog_new_media_object($blogid, $username, $password, $fil
return blogapi_error($user);
}
$usersize = 0;
$uploadsize = 0;
$roles = array_intersect(user_roles(FALSE, 'administer content with blog api'), $user->roles);
foreach ($roles as $rid => $name) {
$extensions .= ' '. strtolower(variable_get("blogapi_extensions_$rid", variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')));
$usersize= max($usersize, variable_get("blogapi_usersize_$rid", variable_get('blogapi_usersize_default', 1)) * 1024 * 1024);
$uploadsize = max($uploadsize, variable_get("blogapi_uploadsize_$rid", variable_get('blogapi_uploadsize_default', 1)) * 1024 * 1024);
}
$filesize = strlen($file['bits']);
if ($filesize > $uploadsize) {
return blogapi_error(t('It is not possible to upload the file, because it exceeded the maximum filesize of @maxsize.', array('@maxsize' => format_size($uploadsize))));
}
if (_blogapi_space_used($user->uid) + $filesize > $usersize) {
return blogapi_error(t('The file can not be attached to this post, because the disk quota of @quota has been reached.', array('@quota' => format_size($usersize))));
}
// Only allow files with whitelisted extensions and convert remaining dots to
// underscores to prevent attacks via non-terminal executable extensions with
// files such as exploit.php.jpg.
$whitelist = array_unique(explode(' ', trim($extensions)));
$name = basename($file['name']);
if ($extension_position = strrpos($name, '.')) {
$filename = drupal_substr($name, 0, $extension_position);
$final_extension = drupal_substr($name, $extension_position + 1);
if (!in_array(strtolower($final_extension), $whitelist)) {
return blogapi_error(t('It is not possible to upload the file, because it is only possible to upload files with the following extensions: @extensions', array('@extensions' => implode(' ', $whitelist))));
}
$filename = str_replace('.', '_', $filename);
$filename .= '.'. $final_extension;
}
$data = $file['bits'];
if (!$data) {
return blogapi_error(t('No file sent.'));
}
if (!$file = file_save_data($data, $name)) {
if (!$file = file_save_data($data, $filename)) {
return blogapi_error(t('Error storing file.'));
}
$row = new stdClass();
$row->uid = $user->uid;
$row->filepath = $file;
$row->filesize = $filesize;
drupal_write_record('blogapi_files', $row);
// Return the successful result.
return array('url' => file_create_url($file), 'struct');
}
......@@ -568,6 +615,81 @@ function blogapi_admin_settings() {
'#description' => t('Select the content types available to external blogging clients via Blog API. If supported, each enabled content type will be displayed as a separate "blog" by the external client.')
);
$blogapi_extensions_default = variable_get('blogapi_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
$blogapi_uploadsize_default = variable_get('blogapi_uploadsize_default', 1);
$blogapi_usersize_default = variable_get('blogapi_usersize_default', 1);
$form['settings_general'] = array(
'#type' => 'fieldset',
'#title' => t('File settings'),
'#collapsible' => TRUE,
);
$form['settings_general']['blogapi_extensions_default'] = array(
'#type' => 'textfield',
'#title' => t('Default permitted file extensions'),
'#default_value' => $blogapi_extensions_default,
'#maxlength' => 255,
'#description' => t('Default extensions that users can upload. Separate extensions with a space and do not include the leading dot.'),
);
$form['settings_general']['blogapi_uploadsize_default'] = array(
'#type' => 'textfield',
'#title' => t('Default maximum file size per upload'),
'#default_value' => $blogapi_uploadsize_default,
'#size' => 5,
'#maxlength' => 5,
'#description' => t('The default maximum file size a user can upload.'),
'#field_suffix' => t('MB')
);
$form['settings_general']['blogapi_usersize_default'] = array(
'#type' => 'textfield',
'#title' => t('Default total file size per user'),
'#default_value' => $blogapi_usersize_default,
'#size' => 5,
'#maxlength' => 5,
'#description' => t('The default maximum size of all files a user can have on the site.'),
'#field_suffix' => t('MB')
);
$form['settings_general']['upload_max_size'] = array('#value' => '<p>'. t('Your PHP settings limit the maximum file size per upload to %size.', array('%size' => format_size(file_upload_max_size()))).'</p>');
$roles = user_roles(0, 'administer content with blog api');
$form['roles'] = array('#type' => 'value', '#value' => $roles);
foreach ($roles as $rid => $role) {
$form['settings_role_'. $rid] = array(
'#type' => 'fieldset',
'#title' => t('Settings for @role', array('@role' => $role)),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
);
$form['settings_role_'. $rid]['blogapi_extensions_'. $rid] = array(
'#type' => 'textfield',
'#title' => t('Permitted file extensions'),
'#default_value' => variable_get('blogapi_extensions_'. $rid, $blogapi_extensions_default),
'#maxlength' => 255,
'#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.'),
);
$form['settings_role_'. $rid]['blogapi_uploadsize_'. $rid] = array(
'#type' => 'textfield',
'#title' => t('Maximum file size per upload'),
'#default_value' => variable_get('blogapi_uploadsize_'. $rid, $blogapi_uploadsize_default),
'#size' => 5,
'#maxlength' => 5,
'#description' => t('The maximum size of a file a user can upload (in megabytes).'),
);
$form['settings_role_'. $rid]['blogapi_usersize_'. $rid] = array(
'#type' => 'textfield',
'#title' => t('Total file size per user'),
'#default_value' => variable_get('blogapi_usersize_'. $rid, $blogapi_usersize_default),
'#size' => 5,
'#maxlength' => 5,
'#description' => t('The maximum size of all files a user can have on the site (in megabytes).'),
);
}
return system_settings_form($form);
}
......@@ -726,3 +848,7 @@ function _blogapi_get_node_types() {
return $types;
}
function _blogapi_space_used($uid) {
return db_result(db_query('SELECT SUM(filesize) FROM {blogapi_files} f WHERE f.uid = %d', $uid));
}
......@@ -231,11 +231,8 @@ function book_remove_form_submit($form, &$form_state) {
* Prints the replacement HTML in JSON format.
*/
function book_form_update() {
$cid = 'form_'. $_POST['form_build_id'];
$bid = $_POST['book']['bid'];
$cache = cache_get($cid, 'cache_form');
if ($cache) {
$form = $cache->data;
if ($form = form_get_cache($_POST['form_build_id'], $form_state)) {
// Validate the bid.
if (isset($form['book']['bid']['#options'][$bid])) {
......@@ -243,7 +240,7 @@ function book_form_update() {
$book_link['bid'] = $bid;
// Get the new options and update the cache.
$form['book']['plid'] = _book_parent_select($book_link);
cache_set($cid, $form, 'cache_form', $cache->expire);
form_set_cache($_POST['form_build_id'], $form, $form_state);
// Build and render the new select element, then return it in JSON format.
$form_state = array();
......
......@@ -983,7 +983,7 @@ function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite',
(
<(?=[^a-zA-Z!/]) # a lone <
| # or
<[^>]*.(>|$) # a string that starts with a <, up until the > or the end of the string
<[^>]*(>|$) # a string that starts with a <, up until the > or the end of the string
| # or
> # just a >
)%x', '_filter_xss_split', $string);
......
......@@ -338,7 +338,9 @@ function poll_choice_js() {
// Add the new element to the stored form. Without adding the element to the
// form, Drupal is not aware of this new elements existence and will not
// process it. We retreive the cached form, add the element, and resave.
$form = form_get_cache($form_build_id, $form_state);
if (!$form = form_get_cache($form_build_id, $form_state)) {
exit();
}
$form['choice_wrapper']['choice'][$delta] = $form_element;
form_set_cache($form_build_id, $form, $form_state);
$form += array(
......
......@@ -9,7 +9,7 @@
/**
* The current system version.
*/
define('VERSION', '6.4-dev');
define('VERSION', '6.4');
/**
* Core API compatibility.
......
......@@ -144,17 +144,19 @@ function _upload_file_limits($user) {
/**
* Implementation of hook_file_download().
*/
function upload_file_download($file) {
if (!user_access('view uploaded files')) {
return -1;
}
$file = file_create_path($file);
$result = db_query("SELECT f.* FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $file);
function upload_file_download($filepath) {
$filepath = file_create_path($filepath);
$result = db_query("SELECT f.*, u.nid FROM {files} f INNER JOIN {upload} u ON f.fid = u.fid WHERE filepath = '%s'", $filepath);
if ($file = db_fetch_object($result)) {
return array(
'Content-Type: '. $file->filemime,
'Content-Length: '. $file->filesize,
);
if (user_access('view uploaded files') && ($node = node_load($file->nid)) && node_access('view', $node)) {
return array(
'Content-Type: ' . $file->filemime,
'Content-Length: ' . $file->filesize,
);
}
else {
return -1;
}
}
}
......@@ -165,7 +167,7 @@ function upload_file_download($file) {
* @param $node
* A node object to associate with uploaded files.
*/
function upload_node_form_submit($form, &$form_state) {
function upload_node_form_submit(&$form, &$form_state) {
global $user;
$limits = _upload_file_limits($user);
......@@ -180,15 +182,14 @@ function upload_node_form_submit($form, &$form_state) {
$file->list = variable_get('upload_list_default', 1);
$file->description = $file->filename;
$file->weight = 0;
$_SESSION['upload_files'][$file->fid] = $file;
$file->new = TRUE;
$form['#node']->files[$file->fid] = $file;
$form_state['values']['files'][$file->fid] = (array)$file;
}
// Attach session files to node.
if (!empty($_SESSION['upload_files'])) {
foreach ($_SESSION['upload_files'] as $fid => $file) {
if (!isset($form_state['values']['files'][$fid]['filepath'])) {
$form_state['values']['files'][$fid] = (array)$file;
}
if (isset($form_state['values']['files'])) {
foreach ($form_state['values']['files'] as $fid => $file) {
$form_state['values']['files'][$fid]['new'] = !empty($form['#node']->files[$fid]->new);
}
}
......@@ -289,16 +290,6 @@ function upload_nodeapi(&$node, $op, $teaser) {
}
break;
case 'prepare':
// Initialize $_SESSION['upload_files'] if no post occurred.
// This clears the variable from old forms and makes sure it
// is an array to prevent notices and errors in other parts
// of upload.module.
if (!$_POST) {
$_SESSION['upload_files'] = array();
}
break;
case 'insert':
case 'update':
if (user_access('upload files')) {
......@@ -410,13 +401,13 @@ function upload_save(&$node) {
// Remove it from the session in the case of new uploads,
// that you want to disassociate before node submission.
unset($_SESSION['upload_files'][$fid]);
unset($node->files[$fid]);
// Move on, so the removed file won't be added to new revisions.
continue;
}
// Create a new revision, or associate a new file needed.
if (!empty($node->old_vid) || isset($_SESSION['upload_files'][$fid])) {
if (!empty($node->old_vid) || $file->new) {
db_query("INSERT INTO {upload} (fid, nid, vid, list, description, weight) VALUES (%d, %d, %d, %d, '%s', %d)", $file->fid, $node->nid, $node->vid, $file->list, $file->description, $file->weight);
file_set_status($file, FILE_STATUS_PERMANENT);
}
......@@ -426,9 +417,6 @@ function upload_save(&$node) {
file_set_status($file, FILE_STATUS_PERMANENT);
}
}
// Empty the session storage after save. We use this variable to track files
// that haven't been related to the node yet.
unset($_SESSION['upload_files']);
}
function upload_delete($node) {
......@@ -491,6 +479,7 @@ function _upload_form($node) {
$form['files'][$key]['filemime'] = array('#type' => 'value', '#value' => $file->filemime);
$form['files'][$key]['filesize'] = array('#type' => 'value', '#value' => $file->filesize);
$form['files'][$key]['fid'] = array('#type' => 'value', '#value' => $file->fid);
$form['files'][$key]['new'] = array('#type' => 'value', '#value' => FALSE);
}
}
......@@ -516,8 +505,6 @@ function _upload_form($node) {
);
}
// This value is used in upload_js().
$form['current']['vid'] = array('#type' => 'hidden', '#value' => isset($node->vid) ? $node->vid : 0);
return $form;
}
......@@ -576,45 +563,52 @@ function upload_load($node) {
* Menu-callback for JavaScript-based uploads.
*/
function upload_js() {
$cached_form_state = array();
$files = array();
// Load the form from the Form API cache.
$cache = cache_get('form_'. $_POST['form_build_id'], 'cache_form');
if (!($cached_form = form_get_cache($_POST['form_build_id'], $cached_form_state)) || !isset($cached_form['#node']) || !isset($cached_form['attachments'])) {
form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
$output = theme('status_messages');
print drupal_to_js(array('status' => TRUE, 'data' => $output));
exit();
}
// We only do the upload.module part of the node validation process.
$node = (object)$_POST;
unset($node->files['upload']);
$form = $cache->data;
$form_state = array('values' => $_POST);
// Handle new uploads, and merge tmp files into node-files.
upload_node_form_submit($form, $form_state);
$node_files = upload_load($node);
if (!empty($form_state['values']['files'])) {
upload_node_form_submit($cached_form, $form_state);
if(!empty($form_state['values']['files'])) {
foreach ($form_state['values']['files'] as $fid => $file) {
if (is_numeric($fid)) {
$node->files[$fid] = $file;
if (!isset($file['filepath'])) {
$node->files[$fid] = $node_files[$fid];
}
if (isset($cached_form['#node']->files[$fid])) {
$files[$fid] = $cached_form['#node']->files[$fid];
}
}
}
$node = $cached_form['#node'];
$node->files = $files;
$form = _upload_form($node);
// Update the default values changed in the $_POST array.
$files = isset($_POST['files']) ? $_POST['files'] : array();
unset($cached_form['attachments']['wrapper']['new']);
$cached_form['attachments']['wrapper'] = array_merge($cached_form['attachments']['wrapper'], $form);
$cached_form['attachments']['#collapsed'] = FALSE;
form_set_cache($_POST['form_build_id'], $cached_form, $cached_form_state);
foreach ($files as $fid => $file) {
if (is_numeric($fid)) {
$form['files'][$fid]['description']['#default_value'] = $file['description'];
$form['files'][$fid]['list']['#default_value'] = isset($file['list']) ? 1 : 0;
$form['files'][$fid]['remove']['#default_value'] = isset($file['remove']) ? 1 : 0;
$form['files'][$fid]['weight']['#default_value'] = $file['weight'];
$form['files'][$fid]['description']['#default_value'] = $form_state['values']['files'][$fid]['description'];
$form['files'][$fid]['list']['#default_value'] = !empty($form_state['values']['files'][$fid]['list']);
$form['files'][$fid]['remove']['#default_value'] = !empty($form_state['values']['files'][$fid]['remove']);
$form['files'][$fid]['weight']['#default_value'] = $form_state['values']['files'][$fid]['weight'];
}
}
// Add the new element to the stored form state and resave.
$cache->data['attachments']['wrapper'] = array_merge($cache->data['attachments']['wrapper'], $form);
cache_set('form_'. $_POST['form_build_id'], $cache->data, 'cache_form', $cache->expire);
// Render the form for output.
$form += array(
'#post' => $_POST,
......
......@@ -707,44 +707,21 @@ function user_admin_access_check() {
}
/**
* Menu callback: add an access rule
* Menu callback: add an access rule.
*/
function user_admin_access_add($mask = NULL, $type = NULL) {
if ($edit = $_POST) {
if (!$edit['mask']) {
form_set_error('mask', t('You must enter a mask.'));
}
else {
db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $edit['mask'], $edit['type'], $edit['status']);
$aid = db_last_insert_id('access', 'aid');
drupal_set_message(t('The access rule has been added.'));
drupal_goto('admin/user/rules');
}
}
else {
$edit['mask'] = $mask;
$edit['type'] = $type;
}
$edit = array();
$edit['aid'] = 0;
$edit['mask'] = $mask;
$edit['type'] = $type;
return drupal_get_form('user_admin_access_add_form', $edit, t('Add rule'));
}
/**
* Menu callback: edit an access rule
* Menu callback: edit an access rule.
*/
function user_admin_access_edit($aid = 0) {
if ($edit = $_POST) {
if (!$edit['mask']) {
form_set_error('mask', t('You must enter a mask.'));
}
else {
db_query("UPDATE {access} SET mask = '%s', type = '%s', status = '%s' WHERE aid = %d", $edit['mask'], $edit['type'], $edit['status'], $aid);
drupal_set_message(t('The access rule has been saved.'));
drupal_goto('admin/user/rules');
}
}
else {
$edit = db_fetch_array(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = %d', $aid));
}
$edit = db_fetch_array(db_query('SELECT aid, type, status, mask FROM {access} WHERE aid = %d', $aid));
return drupal_get_form('user_admin_access_edit_form', $edit, t('Save rule'));
}
......@@ -754,6 +731,11 @@ function user_admin_access_edit($aid = 0) {
* @ingroup forms
*/
function user_admin_access_form(&$form_state, $edit, $submit) {
$form = array();
$form['aid'] = array(
'#type' => 'value',
'#value' => $edit['aid'],
);