Conjunto de cambios 52861f4 en sipes para cord/modules/user

Fecha y hora:

26/05/2016 19:22:36 (hace 8 años)

Autor:

José Gregorio Puentes <jpuentes@…>

Branches:

stable, version-3.0

Children:

6627152

Parents:

dedbde1

Mensaje:

se actualizo el cord

Ubicación:

cord/modules/user

Ficheros:

• user.info (modificado) (1 diferencia)
• user.module (modificado) (3 diferencias)
• user.pages.inc (modificado) (1 diferencia)

cord/modules/user/user.info

@@ -5 +5 @@
 core = 6.x
 
-; Information added by  packaging script on 2013-11-20
-version = "6.29"
+; Information added by Drupal.org packaging script on 2016-02-24
+version = "6.38"
 project = "drupal"
-datestamp = "1384980946"
+datestamp = "1456343372"
 

cord/modules/user/user.module

@@ -671 +671 @@
   }
 
-  if ($type == 'submit' && $category == 'account') {
-    return _user_edit_submit((isset($account->uid) ? $account->uid : FALSE), $edit);
+  if ($type == 'submit') {
+    if ($category == 'account') {
+      return _user_edit_submit((isset($account->uid) ? $account->uid : FALSE), $edit);
+    }
+    elseif (isset($edit['roles'])) {
+      // Filter out roles with empty values to avoid granting extra roles when
+      // processing custom form submissions.
+      $edit['roles'] = array_filter($edit['roles']);
+    }
   }
 
@@ -682 +689 @@
 function user_login_block() {
   $form = array(
-    '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
+    '#action' => url($_GET['q'], array('query' => drupal_get_destination(), 'external' => FALSE)),
     '#id' => 'user-login-form',
     '#validate' => user_login_default_validators(),
@@ -1485 +1492 @@
 function user_pass_reset_url($account) {
   $timestamp = time();
-  return url("user/reset/$account->uid/$timestamp/". user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
-}
-
-function user_pass_rehash($password, $timestamp, $login) {
-  return md5($timestamp . $password . $login);
+  return url("user/reset/$account->uid/$timestamp/". user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array('absolute' => TRUE));
+}
+
+function user_pass_rehash($password, $timestamp, $login, $uid) {
+  // Backwards compatibility: Try to determine a $uid if one was not passed.
+  // (Since $uid is a required parameter to this function, a PHP warning will
+  // be generated if it's not provided, which is an indication that the calling
+  // code should be updated. But the code below will try to generate a correct
+  // hash in the meantime.)
+  if (!isset($uid)) {
+    $uids = array();
+    $result = db_query_range("SELECT uid FROM {users} WHERE pass = '%s' AND login = '%s' AND uid > 0", $password, $login, 0, 2);
+    while ($row = db_fetch_array($result)) {
+      $uids[] = $row['uid'];
+    }
+    // If exactly one user account matches the provided password and login
+    // timestamp, proceed with that $uid.
+    if (count($uids) == 1) {
+      $uid = reset($uids);
+    }
+    // Otherwise there is no safe hash to return, so return a random string
+    // that will never be treated as a valid token.
+    else {
+      return drupal_random_key();
+    }
+  }
+  return drupal_hmac_base64($timestamp . $login . $uid, drupal_get_private_key() . $password);
 }
 

cord/modules/user/user.pages.inc

@@ -107 +107 @@
         drupal_goto('user/password');
       }
-      else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
+      else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid)) {
         // First stage is a confirmation form, then login
         if ($action == 'login') {