diff options
| author | David Rothstein <drothstein@gmail.com> | 2016-02-24 14:25:49 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2016-02-24 14:25:49 -0500 |
| commit | b8d9c44f83eca57039f648a0edb0f369f8d3e6b4 (patch) | |
| tree | 2b97fdea5a364b7abc6728fb364244c0a52cbc73 /modules/system | |
| parent | 2f54b101bf722849e456d859876b27b90ad7e479 (diff) | |
| download | brdo-b8d9c44f83eca57039f648a0edb0f369f8d3e6b4.tar.gz brdo-b8d9c44f83eca57039f648a0edb0f369f8d3e6b4.tar.bz2 | |
Revert "Drupal 7.43"
This reverts commit 2f54b101bf722849e456d859876b27b90ad7e479.
Diffstat (limited to 'modules/system')
| -rw-r--r-- | modules/system/system.admin.inc | 8 | ||||
| -rw-r--r-- | modules/system/system.js | 2 | ||||
| -rw-r--r-- | modules/system/system.test | 16 |
3 files changed, 2 insertions, 24 deletions
diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index 16c40d4d4..0f525c6cf 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -2202,11 +2202,6 @@ function system_add_date_format_type_form_submit($form, &$form_state) { * Return the date for a given format string via Ajax. */ function system_date_time_lookup() { - // This callback is protected with a CSRF token because user input from the - // query string is reflected in the output. - if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'admin/config/regional/date-time/formats/lookup')) { - return MENU_ACCESS_DENIED; - } $result = format_date(REQUEST_TIME, 'custom', $_GET['format']); drupal_json_output($result); } @@ -2880,14 +2875,13 @@ function system_date_time_formats() { * Allow users to add additional date formats. */ function system_configure_date_formats_form($form, &$form_state, $dfid = 0) { - $ajax_path = 'admin/config/regional/date-time/formats/lookup'; $js_settings = array( 'type' => 'setting', 'data' => array( 'dateTime' => array( 'date-format' => array( 'text' => t('Displayed as'), - 'lookup' => url($ajax_path, array('query' => array('token' => drupal_get_token($ajax_path)))), + 'lookup' => url('admin/config/regional/date-time/formats/lookup'), ), ), ), diff --git a/modules/system/system.js b/modules/system/system.js index c0e76d38e..910fb5d3d 100644 --- a/modules/system/system.js +++ b/modules/system/system.js @@ -105,7 +105,7 @@ Drupal.behaviors.dateTime = { // Attach keyup handler to custom format inputs. $('input' + source, context).once('date-time').keyup(function () { var input = $(this); - var url = fieldSettings.lookup + (/\?/.test(fieldSettings.lookup) ? '&format=' : '?format=') + encodeURIComponent(input.val()); + var url = fieldSettings.lookup + (/\?q=/.test(fieldSettings.lookup) ? '&format=' : '?format=') + encodeURIComponent(input.val()); $.getJSON(url, function (data) { $(suffix).empty().append(' ' + fieldSettings.text + ': <em>' + data + '</em>'); }); diff --git a/modules/system/system.test b/modules/system/system.test index 95b43538b..bc764dde5 100644 --- a/modules/system/system.test +++ b/modules/system/system.test @@ -1350,23 +1350,7 @@ class DateTimeFunctionalTest extends DrupalWebTestCase { $this->assertEqual($this->getUrl(), url('admin/config/regional/date-time/formats', array('absolute' => TRUE)), 'Correct page redirection.'); $this->assertText(t('Custom date format updated.'), 'Custom date format successfully updated.'); - // Check that ajax callback is protected by CSRF token. - $this->drupalGet('admin/config/regional/date-time/formats/lookup', array('query' => array('format' => 'Y m d'))); - $this->assertResponse(403, 'Access denied with no token'); - $this->drupalGet('admin/config/regional/date-time/formats/lookup', array('query' => array('token' => 'invalid', 'format' => 'Y m d'))); - $this->assertResponse(403, 'Access denied with invalid token'); - $this->drupalGet('admin/config/regional/date-time/formats'); - $this->clickLink(t('edit')); - $settings = $this->drupalGetSettings(); - $lookup_url = $settings['dateTime']['date-format']['lookup']; - preg_match('/token=([^&]+)/', $lookup_url, $matches); - $this->assertFalse(empty($matches[1]), 'Found token value'); - $this->drupalGet('admin/config/regional/date-time/formats/lookup', array('query' => array('token' => $matches[1], 'format' => 'Y m d'))); - $this->assertResponse(200, 'Access allowed with valid token'); - $this->assertText(format_date(time(), 'custom', 'Y m d')); - // Delete custom date format. - $this->drupalGet('admin/config/regional/date-time/formats'); $this->clickLink(t('delete')); $this->drupalPost($this->getUrl(), array(), t('Remove')); $this->assertEqual($this->getUrl(), url('admin/config/regional/date-time/formats', array('absolute' => TRUE)), 'Correct page redirection.'); |