From b8d9c44f83eca57039f648a0edb0f369f8d3e6b4 Mon Sep 17 00:00:00 2001
From: David Rothstein <drothstein@gmail.com>
Date: Wed, 24 Feb 2016 14:25:49 -0500
Subject: Revert "Drupal 7.43"

This reverts commit 2f54b101bf722849e456d859876b27b90ad7e479.
---
 modules/system/system.admin.inc |  8 +-------
 modules/system/system.js        |  2 +-
 modules/system/system.test      | 16 ----------------
 3 files changed, 2 insertions(+), 24 deletions(-)

(limited to 'modules/system')

diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc
index 16c40d4d4..0f525c6cf 100644
--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -2202,11 +2202,6 @@ function system_add_date_format_type_form_submit($form, &$form_state) {
  * Return the date for a given format string via Ajax.
  */
 function system_date_time_lookup() {
-  // This callback is protected with a CSRF token because user input from the
-  // query string is reflected in the output.
-  if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'admin/config/regional/date-time/formats/lookup')) {
-    return MENU_ACCESS_DENIED;
-  }
   $result = format_date(REQUEST_TIME, 'custom', $_GET['format']);
   drupal_json_output($result);
 }
@@ -2880,14 +2875,13 @@ function system_date_time_formats() {
  * Allow users to add additional date formats.
  */
 function system_configure_date_formats_form($form, &$form_state, $dfid = 0) {
-  $ajax_path = 'admin/config/regional/date-time/formats/lookup';
   $js_settings = array(
     'type' => 'setting',
     'data' => array(
       'dateTime' => array(
         'date-format' => array(
           'text' => t('Displayed as'),
-          'lookup' => url($ajax_path, array('query' => array('token' => drupal_get_token($ajax_path)))),
+          'lookup' => url('admin/config/regional/date-time/formats/lookup'),
         ),
       ),
     ),
diff --git a/modules/system/system.js b/modules/system/system.js
index c0e76d38e..910fb5d3d 100644
--- a/modules/system/system.js
+++ b/modules/system/system.js
@@ -105,7 +105,7 @@ Drupal.behaviors.dateTime = {
           // Attach keyup handler to custom format inputs.
           $('input' + source, context).once('date-time').keyup(function () {
             var input = $(this);
-            var url = fieldSettings.lookup + (/\?/.test(fieldSettings.lookup) ? '&format=' : '?format=') + encodeURIComponent(input.val());
+            var url = fieldSettings.lookup + (/\?q=/.test(fieldSettings.lookup) ? '&format=' : '?format=') + encodeURIComponent(input.val());
             $.getJSON(url, function (data) {
               $(suffix).empty().append(' ' + fieldSettings.text + ': <em>' + data + '</em>');
             });
diff --git a/modules/system/system.test b/modules/system/system.test
index 95b43538b..bc764dde5 100644
--- a/modules/system/system.test
+++ b/modules/system/system.test
@@ -1350,23 +1350,7 @@ class DateTimeFunctionalTest extends DrupalWebTestCase {
     $this->assertEqual($this->getUrl(), url('admin/config/regional/date-time/formats', array('absolute' => TRUE)), 'Correct page redirection.');
     $this->assertText(t('Custom date format updated.'), 'Custom date format successfully updated.');
 
-    // Check that ajax callback is protected by CSRF token.
-    $this->drupalGet('admin/config/regional/date-time/formats/lookup', array('query' => array('format' => 'Y m d')));
-    $this->assertResponse(403, 'Access denied with no token');
-    $this->drupalGet('admin/config/regional/date-time/formats/lookup', array('query' => array('token' => 'invalid', 'format' => 'Y m d')));
-    $this->assertResponse(403, 'Access denied with invalid token');
-    $this->drupalGet('admin/config/regional/date-time/formats');
-    $this->clickLink(t('edit'));
-    $settings = $this->drupalGetSettings();
-    $lookup_url = $settings['dateTime']['date-format']['lookup'];
-    preg_match('/token=([^&]+)/', $lookup_url, $matches);
-    $this->assertFalse(empty($matches[1]), 'Found token value');
-    $this->drupalGet('admin/config/regional/date-time/formats/lookup', array('query' => array('token' => $matches[1], 'format' => 'Y m d')));
-    $this->assertResponse(200, 'Access allowed with valid token');
-    $this->assertText(format_date(time(), 'custom', 'Y m d'));
-
     // Delete custom date format.
-    $this->drupalGet('admin/config/regional/date-time/formats');
     $this->clickLink(t('delete'));
     $this->drupalPost($this->getUrl(), array(), t('Remove'));
     $this->assertEqual($this->getUrl(), url('admin/config/regional/date-time/formats', array('absolute' => TRUE)), 'Correct page redirection.');
-- 
cgit v1.2.3