Merged 8.9.1. (de918837) · Commits · project / drupal

composer.lock

+7 −440

Original line number	Diff line number	Diff line
		@@ -652,7 +652,7 @@
		"dist": {
		"type": "path",
		"url": "core",
		"reference": "00a84fa61ee921f106f7912c3ca0393a2c328e68"
		"reference": "38c1ef280518a68c80c796780c4f94a259f50fc0"
		},
		"require": {
		"asm89/stack-cors": "^1.1",
		@@ -875,10 +875,7 @@
		"license": [
		"GPL-2.0-or-later"
		],
		"description": "Drupal is an open source content management platform powering millions of websites and applications.",
		"transport-options": {
		"relative": true
		}
		"description": "Drupal is an open source content management platform powering millions of websites and applications."
		},
		{
		"name": "drupal/core-project-message",
		@@ -886,7 +883,7 @@
		"dist": {
		"type": "path",
		"url": "composer/Plugin/ProjectMessage",
		"reference": "d55605e98b8eb1d14bf049124838fdf0c85a9524"
		"reference": "ed6afc20bfed583e5325ca86f78d07a653d6045c"
		},
		"require": {
		"composer-plugin-api": "^1.1 \|\| ^2",
		@@ -908,10 +905,7 @@
		"homepage": "https://www.drupal.org/project/drupal",
		"keywords": [
		"drupal"
		],
		"transport-options": {
		"relative": true
		}
		]
		},
		{
		"name": "drupal/core-vendor-hardening",
		@@ -919,7 +913,7 @@
		"dist": {
		"type": "path",
		"url": "composer/Plugin/VendorHardening",
		"reference": "29f9f91029bb46c2c3d14f17f151b66ce3e66b5f"
		"reference": "6773d713a655ec8a5ac8c29cd5df653cfec6d3cc"
		},
		"require": {
		"composer-plugin-api": "^1.1 \|\| ^2",
		@@ -941,10 +935,7 @@
		"homepage": "https://www.drupal.org/project/drupal",
		"keywords": [
		"drupal"
		],
		"transport-options": {
		"relative": true
		}
		]
		},
		{
		"name": "easyrdf/easyrdf",
		@@ -1546,12 +1537,6 @@
		"laminas",
		"zf"
		],
		"funding": [
		{
		"url": "https://funding.communitybridge.org/projects/laminas-project",
		"type": "community_bridge"
		}
		],
		"time": "2020-05-20T16:45:56+00:00"
		},
		{
		@@ -2224,20 +2209,6 @@
		],
		"description": "Symfony ClassLoader Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-03-15T09:38:08+00:00"
		},
		{
		@@ -2310,20 +2281,6 @@
		],
		"description": "Symfony Console Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T18:58:05+00:00"
		},
		{
		@@ -2380,20 +2337,6 @@
		],
		"description": "Symfony Debug Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-22T18:25:20+00:00"
		},
		{
		@@ -2465,20 +2408,6 @@
		],
		"description": "Symfony DependencyInjection Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T21:06:01+00:00"
		},
		{
		@@ -2542,20 +2471,6 @@
		],
		"description": "Symfony EventDispatcher Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-05T15:06:23+00:00"
		},
		{
		@@ -2610,20 +2525,6 @@
		],
		"description": "Symfony HttpFoundation Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-16T13:15:54+00:00"
		},
		{
		@@ -2714,20 +2615,6 @@
		],
		"description": "Symfony HttpKernel Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-31T05:14:17+00:00"
		},
		{
		@@ -2786,20 +2673,6 @@
		"polyfill",
		"portable"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:14:59+00:00"
		},
		{
		@@ -2859,20 +2732,6 @@
		"portable",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:47:27+00:00"
		},
		{
		@@ -2935,20 +2794,6 @@
		"portable",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:47:27+00:00"
		},
		{
		@@ -3008,20 +2853,6 @@
		"portable",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:47:27+00:00"
		},
		{
		@@ -3078,20 +2909,6 @@
		"portable",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:47:27+00:00"
		},
		{
		@@ -3151,20 +2968,6 @@
		"portable",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:47:27+00:00"
		},
		{
		@@ -3220,20 +3023,6 @@
		"portable",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:47:27+00:00"
		},
		{
		@@ -3286,20 +3075,6 @@
		"polyfill",
		"shim"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-12T16:14:59+00:00"
		},
		{
		@@ -3349,20 +3124,6 @@
		],
		"description": "Symfony Process Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-23T17:05:51+00:00"
		},
		{
		@@ -3502,20 +3263,6 @@
		"uri",
		"url"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T19:50:06+00:00"
		},
		{
		@@ -3595,20 +3342,6 @@
		],
		"description": "Symfony Serializer Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T18:58:05+00:00"
		},
		{
		@@ -3679,20 +3412,6 @@
		],
		"description": "Symfony Translation Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T18:58:05+00:00"
		},
		{
		@@ -3779,20 +3498,6 @@
		],
		"description": "Symfony Validator Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T18:43:38+00:00"
		},
		{
		@@ -3852,20 +3557,6 @@
		],
		"description": "Symfony Yaml Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-11T07:51:54+00:00"
		},
		{
		@@ -4272,16 +3963,6 @@
		"ssl",
		"tls"
		],
		"funding": [
		{
		"url": "https://packagist.com",
		"type": "custom"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/composer/composer",
		"type": "tidelift"
		}
		],
		"time": "2020-04-08T08:27:21+00:00"
		},
		{
		@@ -4326,9 +4007,6 @@
		"ext-zip": "Enabling the zip extension allows you to unzip archives",
		"ext-zlib": "Allow gzip compression of HTTP requests"
		},
		"bin": [
		"bin/composer"
		],
		"type": "library",
		"extra": {
		"branch-alias": {
		@@ -4363,16 +4041,6 @@
		"dependency",
		"package"
		],
		"funding": [
		{
		"url": "https://packagist.com",
		"type": "custom"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/composer/composer",
		"type": "tidelift"
		}
		],
		"time": "2020-05-06T08:28:10+00:00"
		},
		{
		@@ -4477,12 +4145,6 @@
		"Xdebug",
		"performance"
		],
		"funding": [
		{
		"url": "https://packagist.com",
		"type": "custom"
		}
		],
		"time": "2020-03-01T12:26:26+00:00"
		},
		{
		@@ -6278,16 +5940,6 @@
		"parser",
		"validator"
		],
		"funding": [
		{
		"url": "https://github.com/Seldaek",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/seld/jsonlint",
		"type": "tidelift"
		}
		],
		"time": "2020-04-30T19:05:18+00:00"
		},
		{
		@@ -6440,20 +6092,6 @@
		],
		"description": "Symfony BrowserKit Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-04-27T06:55:12+00:00"
		},
		{
		@@ -6507,20 +6145,6 @@
		],
		"description": "Symfony CssSelector Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-03-16T08:31:04+00:00"
		},
		{
		@@ -6578,20 +6202,6 @@
		],
		"description": "Symfony DomCrawler Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-22T19:35:43+00:00"
		},
		{
		@@ -6642,20 +6252,6 @@
		],
		"description": "Symfony Filesystem Component",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-30T17:48:24+00:00"
		},
		{
		@@ -6767,20 +6363,6 @@
		"redlock",
		"semaphore"
		],
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-08T10:38:31+00:00"
		},
		{
		@@ -6846,20 +6428,6 @@
		],
		"description": "Symfony PHPUnit Bridge",
		"homepage": "https://symfony.com",
		"funding": [
		{
		"url": "https://symfony.com/sponsor",
		"type": "custom"
		},
		{
		"url": "https://github.com/fabpot",
		"type": "github"
		},
		{
		"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
		"type": "tidelift"
		}
		],
		"time": "2020-05-21T18:33:26+00:00"
		},
		{
		@@ -6961,6 +6529,5 @@
		"prefer-stable": true,
		"prefer-lowest": false,
		"platform": [],
		"platform-dev": [],
		"plugin-api-version": "1.1.0"
		"platform-dev": []
		}

core/includes/bootstrap.inc

+7 −1

Original line number	Diff line number	Diff line
		@@ -681,11 +681,17 @@ function drupal_valid_test_ua($new_prefix = NULL) {
		// Ensure that no information leaks on production sites.
		$test_db = new TestDatabase($prefix);
		$key_file = DRUPAL_ROOT . '/' . $test_db->getTestSitePath() . '/.htkey';
		if (!is_readable($key_file)) {
		if (!is_readable($key_file) \|\| is_dir($key_file)) {
		header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
		exit;
		}
		$private_key = file_get_contents($key_file);
		// The string from drupal_generate_test_ua() is 74 bytes long. If we don't
		// have it, tests cannot be allowed.
		if (empty($private_key) \|\| strlen($private_key) < 74) {
		header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
		exit;
		}
		// The file properties add more entropy not easily accessible to others.
		$key = $private_key . filectime(__FILE__) . fileinode(__FILE__);
		$time_diff = REQUEST_TIME - $time;

core/lib/Drupal/Core/Form/FormBuilder.php

+10 −1

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@
		use Drupal\Core\Theme\ThemeManagerInterface;
		use Symfony\Component\EventDispatcher\EventDispatcherInterface;
		use Symfony\Component\HttpFoundation\FileBag;
		use Symfony\Component\HttpFoundation\ParameterBag;
		use Symfony\Component\HttpFoundation\RequestStack;
		use Symfony\Component\HttpFoundation\Response;

		@@ -957,8 +958,16 @@ public function doBuildForm($form_id, &$element, FormStateInterface &$form_state
		// This value is checked in self::handleInputElement().
		$form_state->setInvalidToken(TRUE);

		// Ignore all submitted values.
		$form_state->setUserInput([]);

		$request = $this->requestStack->getCurrentRequest();
		// Do not trust any POST data.
		$request->request = new ParameterBag();
		// Make sure file uploads do not get processed.
		$this->requestStack->getCurrentRequest()->files = new FileBag();
		$request->files = new FileBag();
		// Ensure PHP globals reflect these changes.
		$request->overrideGlobals();
		}
		}
		}

core/lib/Drupal/Core/Form/FormValidator.php

+1 −3

Original line number	Diff line number	Diff line
		@@ -124,10 +124,8 @@ public function validateForm($form_id, &$form, FormStateInterface &$form_state)
		* {@inheritdoc}
		*/
		public function setInvalidTokenError(FormStateInterface $form_state) {
		$url = $this->requestStack->getCurrentRequest()->getRequestUri();

		// Setting this error will cause the form to fail validation.
		$form_state->setErrorByName('form_token', $this->t('The form has become outdated. Copy any unsaved work in the form below and then <a href=":link">reload this page</a>.', [':link' => $url]));
		$form_state->setErrorByName('form_token', $this->t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
		}

		/**

core/modules/file/tests/src/Functional/FileManagedFileElementTest.php

+1 −1

Original line number	Diff line number	Diff line
		@@ -50,7 +50,7 @@ public function testManagedFile() {
		$file_field_name => \Drupal::service('file_system')->realpath($test_file->getFileUri()),
		];
		$this->drupalPostForm(NULL, $edit, t('Save'));
		$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
		$this->assertText('The form has become outdated.');
		$last_fid = $this->getLastFileId();
		$this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');