Commit afa35858 authored by xjm's avatar xjm

Merged 8.5.15.

parents affd86ad c5bc3922
......@@ -1483,16 +1483,16 @@
},
{
"name": "symfony/dependency-injection",
"version": "v3.4.14",
"version": "v3.4.26",
"source": {
"type": "git",
"url": "https://github.com/symfony/dependency-injection.git",
"reference": "1c0e679e522591fd744fdf242fec41a43d62b2b1"
"reference": "dee85a9148399cdb2731603802842bcfd8afe5ab"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/dependency-injection/zipball/1c0e679e522591fd744fdf242fec41a43d62b2b1",
"reference": "1c0e679e522591fd744fdf242fec41a43d62b2b1",
"url": "https://api.github.com/repos/symfony/dependency-injection/zipball/dee85a9148399cdb2731603802842bcfd8afe5ab",
"reference": "dee85a9148399cdb2731603802842bcfd8afe5ab",
"shasum": ""
},
"require": {
......@@ -1550,7 +1550,7 @@
],
"description": "Symfony DependencyInjection Component",
"homepage": "https://symfony.com",
"time": "2018-07-29T15:19:31+00:00"
"time": "2019-04-16T11:13:42+00:00"
},
{
"name": "symfony/event-dispatcher",
......@@ -1617,16 +1617,16 @@
},
{
"name": "symfony/http-foundation",
"version": "v3.4.14",
"version": "v3.4.26",
"source": {
"type": "git",
"url": "https://github.com/symfony/http-foundation.git",
"reference": "19a3267828046a2a4a05e3dc2954bbd2e0ad9fa6"
"reference": "90454ad44c95d75faf3507d56388056001b74baf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/http-foundation/zipball/19a3267828046a2a4a05e3dc2954bbd2e0ad9fa6",
"reference": "19a3267828046a2a4a05e3dc2954bbd2e0ad9fa6",
"url": "https://api.github.com/repos/symfony/http-foundation/zipball/90454ad44c95d75faf3507d56388056001b74baf",
"reference": "90454ad44c95d75faf3507d56388056001b74baf",
"shasum": ""
},
"require": {
......@@ -1667,7 +1667,7 @@
],
"description": "Symfony HttpFoundation Component",
"homepage": "https://symfony.com",
"time": "2018-08-01T14:04:26+00:00"
"time": "2019-04-17T14:51:18+00:00"
},
{
"name": "symfony/http-kernel",
......@@ -3411,12 +3411,12 @@
"version": "v1.6.5",
"source": {
"type": "git",
"url": "https://github.com/mikey179/vfsStream.git",
"url": "https://github.com/bovigo/vfsStream.git",
"reference": "d5fec95f541d4d71c4823bb5e30cf9b9e5b96145"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/mikey179/vfsStream/zipball/d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
"url": "https://api.github.com/repos/bovigo/vfsStream/zipball/d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
"reference": "d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
"shasum": ""
},
......
/**
* For jQuery versions less than 3.4.0, this replaces the jQuery.extend
* function with the one from jQuery 3.4.0, slightly modified (documented
* below) to be compatible with older jQuery versions.
*
* This provides the Object.prototype pollution vulnerability fix to Drupal
* installations running older jQuery versions, including the version (3.2.1)
* shipped with Drupal core.
*
* @see https://github.com/jquery/jquery/pull/4333
*/
(function (jQuery) {
// Do not override jQuery.extend() if the jQuery version is already >=3.4.0.
var versionParts = jQuery.fn.jquery.split('.');
var majorVersion = parseInt(versionParts[0]);
var minorVersion = parseInt(versionParts[1]);
var patchVersion = parseInt(versionParts[2]);
var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);
if (
(majorVersion > 3) ||
(majorVersion === 3 && minorVersion > 4) ||
(majorVersion === 3 && minorVersion === 4 && patchVersion > 0) ||
(majorVersion === 3 && minorVersion === 4 && patchVersion === 0 && !isPreReleaseVersion)
) {
return;
}
/**
* This is almost verbatim copied from jQuery 3.4.0.
*
* Only one minor change has been made:
* - The call to isFunction() is changed to jQuery.isFunction().
*
* The above change ensures compatibility with older jQuery versions,
* including 3.2.1 which is shipped with Drupal core.
*/
jQuery.extend = jQuery.fn.extend = function() {
var options, name, src, copy, copyIsArray, clone,
target = arguments[ 0 ] || {},
i = 1,
length = arguments.length,
deep = false;
// Handle a deep copy situation
if ( typeof target === "boolean" ) {
deep = target;
// Skip the boolean and the target
target = arguments[ i ] || {};
i++;
}
// Handle case when target is a string or something (possible in deep copy)
if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
target = {};
}
// Extend jQuery itself if only one argument is passed
if ( i === length ) {
target = this;
i--;
}
for ( ; i < length; i++ ) {
// Only deal with non-null/undefined values
if ( ( options = arguments[ i ] ) != null ) {
// Extend the base object
for ( name in options ) {
copy = options[ name ];
// Prevent Object.prototype pollution
// Prevent never-ending loop
if ( name === "__proto__" || target === copy ) {
continue;
}
// Recurse if we're merging plain objects or arrays
if ( deep && copy && ( jQuery.isPlainObject( copy ) ||
( copyIsArray = Array.isArray( copy ) ) ) ) {
src = target[ name ];
// Ensure proper type for the source value
if ( copyIsArray && !Array.isArray( src ) ) {
clone = [];
} else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) {
clone = {};
} else {
clone = src;
}
copyIsArray = false;
// Never move original objects, clone them
target[ name ] = jQuery.extend( deep, clone, copy );
// Don't bring in undefined values
} else if ( copy !== undefined ) {
target[ name ] = copy;
}
}
}
}
// Return the modified object
return target;
};
})(jQuery);
......@@ -20,9 +20,9 @@
"php": "^5.5.9|>=7.0.8",
"symfony/class-loader": "~3.4.0",
"symfony/console": "~3.4.0",
"symfony/dependency-injection": "~3.4.0",
"symfony/dependency-injection": "~3.4.26",
"symfony/event-dispatcher": "~3.4.0",
"symfony/http-foundation": "~3.4.14",
"symfony/http-foundation": "~3.4.26",
"symfony/http-kernel": "~3.4.14",
"symfony/routing": "~3.4.0",
"symfony/serializer": "~3.4.0",
......
......@@ -348,6 +348,9 @@ jquery:
gpl-compatible: true
js:
assets/vendor/jquery/jquery.min.js: { minified: true, weight: -20 }
# This includes a security fix, so assign a weight that makes this load as
# soon after jquery.min.js is loaded as possible.
assets/vendor/jquery/jquery-extend-3.4.0.js: { weight: -19 }
jquery.cookie:
remote: https://github.com/carhartl/jquery-cookie
......
......@@ -216,7 +216,7 @@ public function regenerate($destroy = FALSE, $lifetime = NULL) {
throw new \InvalidArgumentException('The optional parameters $destroy and $lifetime of SessionManager::regenerate() are not supported currently');
}
if ($this->isStarted()) {
if ($this->started) {
$old_session_id = $this->getId();
}
session_id(Crypt::randomBytesBase64());
......@@ -230,7 +230,7 @@ public function regenerate($destroy = FALSE, $lifetime = NULL) {
$this->migrateStoredSession($old_session_id);
}
if (!$this->isStarted()) {
if (!$this->started) {
// Start the session when it doesn't exist yet.
$this->startNow();
}
......@@ -338,4 +338,19 @@ protected function migrateStoredSession($old_session_id) {
->execute();
}
/**
* Checks if the session is started.
*
* Beginning with symfony/http-foundation 3.4.24, the session will no longer
* save unless this method returns true. The parent method returns true if
* $this->started is true, but we need the session to also save if we lazy
* started, so we override isStarted() here.
*
* @return bool
* True if started, false otherwise
*/
public function isStarted() {
return parent::isStarted() || $this->startedLazy;
}
}
......@@ -89,6 +89,13 @@ function system_post_update_field_formatter_entity_schema() {
// Empty post-update hook.
}
/**
* Clear the library cache and ensure aggregate files are regenerated.
*/
function system_post_update_fix_jquery_extend() {
// Empty post-update hook.
}
/**
* Change plugin IDs of actions.
*/
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment