July 22, 2009. Commit #241510 by Dries at 19:01.

CHANGELOG.txt

@@ -1,4 +1,4 @@
-// $Id: CHANGELOG.txt,v 1.316 2009/06/27 23:10:59 webchick Exp $
+// $Id: CHANGELOG.txt,v 1.317 2009/07/21 07:09:46 webchick Exp $
 
 Drupal 7.0, xxxx-xx-xx (development version)
 ----------------------
@@ -103,6 +103,11 @@ Drupal 7.0, xxxx-xx-xx (development version)
       uploading a site logo--that don't require the overhead of databases and
       hooks, the current unmanaged copy, move and delete operations have been
       preserved but renamed to file_unmanaged_*().
+- Image handling:
+    * Improved image handling, including better support for add-on image
+      libraries.
+    * Added API and interface for creating advanced image thumbnails.
+    * Inclusion of additional effects such as rotate and desaturate.
 - Added aliased multi-site support:
     * Added support for mapping domain names to sites directories.
 - Added RDF support:

CVS/Entries

@@ -5,19 +5,19 @@ D/profiles////
 D/scripts////
 D/sites////
 D/themes////
-/.htaccess/1.103/Wed Jul 15 13:36:19 2009//
-/CHANGELOG.txt/1.316/Wed Jul 15 13:36:19 2009//
-/COPYRIGHT.txt/1.4/Wed Jul 15 13:36:19 2009//
-/INSTALL.mysql.txt/1.11/Wed Jul 15 13:36:19 2009//
-/INSTALL.pgsql.txt/1.7/Wed Jul 15 13:36:19 2009//
-/INSTALL.sqlite.txt/1.1/Wed Jul 15 13:36:19 2009//
-/INSTALL.txt/1.72/Wed Jul 15 13:36:19 2009//
-/LICENSE.txt/1.7/Wed Jul 15 13:36:19 2009//
-/MAINTAINERS.txt/1.30/Wed Jul 15 13:36:19 2009//
-/UPGRADE.txt/1.14/Wed Jul 15 13:36:19 2009//
-/cron.php/1.42/Wed Jul 15 13:36:19 2009//
-/index.php/1.98/Wed Jul 15 13:36:19 2009//
-/robots.txt/1.13/Wed Jul 15 13:36:20 2009//
-/update.php/1.292/Wed Jul 15 13:36:20 2009//
-/xmlrpc.php/1.17/Wed Jul 15 13:36:20 2009//
-/install.php/1.185/Sun Jul 19 14:47:15 2009//
+/.htaccess/1.103/Sun Jun 21 18:46:09 2009//
+/CHANGELOG.txt/1.317/Thu Jul 23 09:32:12 2009//
+/COPYRIGHT.txt/1.4/Fri Jun 12 07:15:24 2009//
+/INSTALL.mysql.txt/1.11/Fri Jun 12 07:15:24 2009//
+/INSTALL.pgsql.txt/1.7/Fri Jun 12 07:15:24 2009//
+/INSTALL.sqlite.txt/1.1/Fri Jun 12 07:15:24 2009//
+/INSTALL.txt/1.73/Thu Jul 23 09:32:13 2009//
+/LICENSE.txt/1.7/Fri Jun 12 07:15:24 2009//
+/MAINTAINERS.txt/1.30/Fri Jun 12 07:15:24 2009//
+/UPGRADE.txt/1.14/Fri Jun 12 07:15:24 2009//
+/cron.php/1.42/Fri Jun 12 07:15:24 2009//
+/index.php/1.98/Sun Jun 14 04:46:49 2009//
+/install.php/1.186/Thu Jul 23 09:32:13 2009//
+/robots.txt/1.13/Fri Jun 12 07:15:27 2009//
+/update.php/1.292/Thu Jul 23 09:28:47 2009//
+/xmlrpc.php/1.17/Fri Jun 12 07:15:28 2009//

INSTALL.txt

@@ -1,4 +1,4 @@
-// $Id: INSTALL.txt,v 1.72 2009/05/03 05:03:44 dries Exp $
+// $Id: INSTALL.txt,v 1.73 2009/07/20 18:51:31 dries Exp $
 
 CONTENTS OF THIS FILE
 ---------------------
@@ -262,8 +262,8 @@ few active modules and minimal user access rights.
 Use your administration panel to enable and configure services. For example:
 
 General Settings       Administer > Site configuration > Site information
-Enable Modules         Administer > Site building > Modules
-Configure Themes       Administer > Site building > Themes
+Enable Modules         Administer > Structure > Modules
+Configure Themes       Administer > Structure > Themes
 Set User Permissions   Administer > User management > Permissions
 
 For more information on configuration options, read the instructions which

includes/CVS/Entries

@@ -1,32 +1,32 @@
 D/database////
 D/filetransfer////
-/actions.inc/1.28/Wed Jul 15 13:36:19 2009//
-/batch.inc/1.36/Wed Jul 15 13:36:19 2009//
-/cache-install.inc/1.2/Wed Jul 15 13:36:19 2009//
-/cache.inc/1.38/Wed Jul 15 13:36:19 2009//
-/file.mimetypes.inc/1.2/Wed Jul 15 13:36:19 2009//
-/graph.inc/1.2/Wed Jul 15 13:36:19 2009//
-/image.inc/1.33/Wed Jul 15 13:36:19 2009//
-/iso.inc/1.3/Wed Jul 15 13:36:19 2009//
-/language.inc/1.19/Wed Jul 15 13:36:19 2009//
-/locale.inc/1.219/Wed Jul 15 13:36:19 2009//
-/mail.inc/1.20/Wed Jul 15 13:36:19 2009//
-/module.inc/1.147/Wed Jul 15 13:36:19 2009//
-/pager.inc/1.67/Wed Jul 15 13:36:19 2009//
-/password.inc/1.6/Wed Jul 15 13:36:19 2009//
-/path.inc/1.41/Wed Jul 15 13:36:19 2009//
-/registry.inc/1.18/Wed Jul 15 13:36:19 2009//
-/session.inc/1.70/Wed Jul 15 13:36:19 2009//
-/tablesort.inc/1.51/Wed Jul 15 13:36:19 2009//
-/unicode.entities.inc/1.2/Wed Jul 15 13:36:19 2009//
-/unicode.inc/1.39/Wed Jul 15 13:36:19 2009//
-/xmlrpc.inc/1.58/Wed Jul 15 13:36:19 2009//
-/xmlrpcs.inc/1.28/Wed Jul 15 13:36:19 2009//
-/file.inc/1.176/Sun Jul 19 14:37:41 2009//
-/form.inc/1.351/Sun Jul 19 14:37:41 2009//
-/theme.inc/1.499/Sat Jul 18 21:00:48 2009//
-/theme.maintenance.inc/1.32/Sat Jul 18 21:00:48 2009//
-/bootstrap.inc/1.290/Sun Jul 19 14:47:15 2009//
-/common.inc/1.936/Sun Jul 19 14:47:15 2009//
-/install.inc/1.97/Sun Jul 19 14:47:15 2009//
-/menu.inc/1.330/Mon Jul 20 04:07:05 2009//
+/actions.inc/1.29/Thu Jul 23 09:32:13 2009//
+/batch.inc/1.36/Sat Jun 13 03:09:33 2009//
+/bootstrap.inc/1.291/Thu Jul 23 09:32:13 2009//
+/cache-install.inc/1.2/Fri Jun 12 07:15:24 2009//
+/cache.inc/1.38/Fri Jul  3 03:59:24 2009//
+/common.inc/1.938/Thu Jul 23 09:32:13 2009//
+/file.inc/1.177/Thu Jul 23 09:32:13 2009//
+/file.mimetypes.inc/1.3/Thu Jul 23 09:32:13 2009//
+/form.inc/1.352/Thu Jul 23 09:32:13 2009//
+/graph.inc/1.2/Fri Jun 12 07:15:24 2009//
+/image.inc/1.33/Fri Jun 12 07:15:24 2009//
+/install.inc/1.98/Thu Jul 23 09:32:13 2009//
+/iso.inc/1.3/Fri Jun 12 07:15:24 2009//
+/language.inc/1.19/Fri Jun 12 07:15:24 2009//
+/locale.inc/1.220/Thu Jul 23 09:32:13 2009//
+/mail.inc/1.20/Fri Jun 12 07:15:24 2009//
+/menu.inc/1.330/Thu Jul 23 09:28:47 2009//
+/module.inc/1.147/Thu Jul 23 09:28:47 2009//
+/pager.inc/1.67/Fri Jun 12 07:15:24 2009//
+/password.inc/1.6/Fri Jun 12 07:15:24 2009//
+/path.inc/1.42/Thu Jul 23 09:32:13 2009//
+/registry.inc/1.18/Sun Jun 14 04:52:25 2009//
+/session.inc/1.70/Fri Jul  3 03:59:25 2009//
+/tablesort.inc/1.51/Sat Jun 13 03:09:57 2009//
+/theme.inc/1.499/Thu Jul 23 09:28:47 2009//
+/theme.maintenance.inc/1.32/Thu Jul 23 09:28:47 2009//
+/unicode.entities.inc/1.2/Fri Jun 12 07:15:24 2009//
+/unicode.inc/1.39/Sat Jun 13 03:09:59 2009//
+/xmlrpc.inc/1.58/Tue Jun 16 00:53:18 2009//
+/xmlrpcs.inc/1.28/Sat Jun 13 03:10:00 2009//

includes/actions.inc

@@ -1,5 +1,5 @@
 <?php
-// $Id: actions.inc,v 1.28 2009/06/18 10:37:37 dries Exp $
+// $Id: actions.inc,v 1.29 2009/07/20 18:51:31 dries Exp $
 
 /**
  * @file
@@ -169,7 +169,7 @@ function actions_list($reset = FALSE) {
  *
  * Compare with actions_list() which gathers actions by invoking
  * hook_action_info(). The two are synchronized by visiting
- * /admin/build/actions (when actions.module is enabled) which runs
+ * /admin/structure/actions (when actions.module is enabled) which runs
  * actions_synchronize().
  *
  * @return

includes/bootstrap.inc

@@ -1,5 +1,5 @@
 <?php
-// $Id: bootstrap.inc,v 1.290 2009/07/19 05:26:11 webchick Exp $
+// $Id: bootstrap.inc,v 1.291 2009/07/22 04:45:35 dries Exp $
 
 /**
  * @file
@@ -1343,6 +1343,13 @@ function _drupal_bootstrap($phase) {
       break;
 
     case DRUPAL_BOOTSTRAP_DATABASE:
+      // The user agent header is used to pass a database prefix in the request when
+      // running tests. However, for security reasons, it is imperative that we
+      // validate we ourselves made the request.
+      if (isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE) && !drupal_valid_test_ua($_SERVER['HTTP_USER_AGENT'])) {
+        header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+        exit;
+      }
       // Initialize the database system. Note that the connection
       // won't be initialized until it is actually requested.
       require_once DRUPAL_ROOT . '/includes/database/database.inc';
@@ -1428,6 +1435,45 @@ function _drupal_bootstrap($phase) {
   }
 }
 
+/**
+ * Validate the HMAC and timestamp of a user agent header from simpletest.
+ */
+function drupal_valid_test_ua($user_agent) {
+  global $databases;
+
+  list($prefix, $time, $salt, $hmac) = explode(';', $user_agent);
+  $check_string =  $prefix . ';' . $time . ';' . $salt;
+  // We use the database credentials from settings.php to make the HMAC key, since
+  // the database is not yet initialized and we can't access any Drupal variables.
+  // The file properties add more entropy not easily accessible to others.
+  $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
+  $key = sha1(serialize($databases) . filectime($filepath) . fileinode($filepath), TRUE);
+  $time_diff = REQUEST_TIME - $time;
+  // Since we are making a local request, a 2 second time window is allowed,
+  // and the HMAC must match.
+  return (($time_diff >= 0) && ($time_diff < 3) && ($hmac == base64_encode(hash_hmac('sha1', $check_string, $key, TRUE))));
+}
+
+/**
+ * Generate a user agent string with a HMAC and timestamp for simpletest.
+ */
+function drupal_generate_test_ua($prefix) {
+  global $databases;
+  static $key;
+
+  if (!isset($key)) {
+    // We use the database credentials to make the HMAC key, since we
+    // check the HMAC before the database is initialized. filectime()
+    // and fileinode() are not easily determined from remote.
+    $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
+    $key = sha1(serialize($databases) . filectime($filepath) . fileinode($filepath), TRUE);
+  }
+   // Generate a moderately secure HMAC based on the database credentials.
+   $salt = uniqid('', TRUE);
+   $check_string = $prefix . ';' . time() . ';' . $salt;
+   return  $check_string . ';' . base64_encode(hash_hmac('sha1', $check_string, $key, TRUE));
+}
+
 /**
  * Enables use of the theme system without requiring database access.
  *

includes/common.inc

@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.936 2009/07/19 06:03:04 dries Exp $
+// $Id: common.inc,v 1.938 2009/07/22 04:45:35 dries Exp $
 
 /**
  * @file
@@ -552,8 +552,8 @@ function drupal_http_request($url, array $options = array()) {
   // user-agent is used to ensure that multiple testing sessions running at the
   // same time won't interfere with each other as they would if the database
   // prefix were stored statically in a file or database variable.
-  if (is_string($db_prefix) && preg_match("/^simpletest\d+/", $db_prefix, $matches)) {
-    $options['headers']['User-Agent'] = $matches[0];
+  if (is_string($db_prefix) && preg_match("/simpletest\d+/", $db_prefix, $matches)) {
+    $options['headers']['User-Agent'] = drupal_generate_test_ua($matches[0]);
   }
 
   $request = $options['method'] . ' ' . $path . " HTTP/1.0\r\n";
@@ -809,7 +809,7 @@ function _drupal_log_error($error, $fatal = FALSE) {
 
   // When running inside the testing framework, we relay the errors
   // to the tested site by the way of HTTP headers.
-  if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT']) && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) {
+  if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+;/", $_SERVER['HTTP_USER_AGENT']) && !headers_sent() && (!defined('SIMPLETEST_COLLECT_ERRORS') || SIMPLETEST_COLLECT_ERRORS)) {
     // $number does not use drupal_static as it should not be reset
     // as it uniquely identifies each PHP error.
     static $number = 0;
@@ -3145,7 +3145,7 @@ function drupal_get_library($module, $name) {
  * @endcode
  *
  * In a more complex case where there are several groups in one column (such as
- * the block regions on the admin/build/block page), a separate subgroup class
+ * the block regions on the admin/structure/block page), a separate subgroup class
  * must also be added to differentiate the groups.
  * @code
  * $form['my_elements'][$region][$delta]['weight']['#attributes']['class'] = "my-elements-weight my-elements-weight-" . $region;

includes/database/CVS/Entries

@@ -1,9 +1,9 @@
 D/mysql////
 D/pgsql////
 D/sqlite////
-/database.inc/1.62/Wed Jul 15 13:36:19 2009//
-/log.inc/1.6/Wed Jul 15 13:36:19 2009//
-/prefetch.inc/1.6/Wed Jul 15 13:36:19 2009//
-/query.inc/1.26/Wed Jul 15 13:36:19 2009//
-/schema.inc/1.18/Wed Jul 15 13:36:19 2009//
-/select.inc/1.19/Wed Jul 15 13:36:19 2009//
+/database.inc/1.65/Thu Jul 23 09:32:13 2009//
+/log.inc/1.6/Fri Jun 12 07:15:24 2009//
+/prefetch.inc/1.6/Thu Jul 23 09:28:47 2009//
+/query.inc/1.27/Thu Jul 23 09:32:13 2009//
+/schema.inc/1.18/Thu Jul 23 09:28:47 2009//
+/select.inc/1.19/Sat Jun 13 03:10:04 2009//

includes/database/database.inc

@@ -1,5 +1,5 @@
 <?php
-// $Id: database.inc,v 1.62 2009/07/14 10:22:17 dries Exp $
+// $Id: database.inc,v 1.65 2009/07/22 04:45:35 dries Exp $
 
 /**
  * @file
@@ -1347,9 +1347,10 @@ abstract class Database {
       }
 
       // We need to pass around the simpletest database prefix in the request
-      // and we put that in the user_agent header.
-      if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) {     
-        $db_prefix .= $_SERVER['HTTP_USER_AGENT'];
+      // and we put that in the user_agent header. The header HMAC was already
+      // validated in bootstrap.inc.
+      if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
+        $db_prefix .= $matches[1];
       }
       return $new_connection;
     }
@@ -1412,6 +1413,19 @@ class ExplicitTransactionsNotSupportedException extends Exception { }
  */
 class InvalidMergeQueryException extends Exception {}
 
+/**
+ * Exception thrown if an insert query specifies a field twice.
+ *
+ * It is not allowed to specify a field as default and insert field, this
+ * exception is thrown if that is the case.
+ */
+class FieldsOverlapException extends Exception {}
+
+/**
+ * Exception thrown if an insert query doesn't specify insert or default fields.
+ */
+class NoFieldsException extends Exception {}
+
 /**
  * A wrapper class for creating and managing database transactions.
  *
@@ -2455,7 +2469,7 @@ function _db_error_page($error = '') {
 function db_ignore_slave() {
   $connection_info = Database::getConnectionInfo();
   // Only set ignore_slave_server if there are slave servers
-  // being used, which is assumed if there are more than one.    
+  // being used, which is assumed if there are more than one.
   if (count($connection_info) > 1) {
     // Five minutes is long enough to allow the slave to break and resume
     // interrupted replication without causing problems on the Drupal site

includes/database/mysql/CVS/Entries

@@ -1,5 +1,5 @@
-/database.inc/1.17/Wed Jul 15 13:36:19 2009//
-/install.inc/1.2/Wed Jul 15 13:36:19 2009//
-/query.inc/1.12/Wed Jul 15 13:36:19 2009//
-/schema.inc/1.21/Wed Jul 15 13:36:19 2009//
+/database.inc/1.17/Fri Jun 12 07:15:24 2009//
+/install.inc/1.2/Fri Jun 12 07:15:24 2009//
+/query.inc/1.13/Thu Jul 23 09:32:13 2009//
+/schema.inc/1.21/Thu Jul 23 09:28:47 2009//
 D

includes/database/mysql/query.inc

@@ -1,5 +1,5 @@
 <?php
-// $Id: query.inc,v 1.12 2009/06/05 16:55:45 dries Exp $
+// $Id: query.inc,v 1.13 2009/07/21 01:56:36 webchick Exp $
 
 /**
  * @ingroup database
@@ -15,31 +15,24 @@
 class InsertQuery_mysql extends InsertQuery {
 
   public function execute() {
-
-    // Confirm that the user did not try to specify an identical
-    //  field and default field.
-    if (array_intersect($this->insertFields, $this->defaultFields)) {
-      throw new PDOException('You may not specify the same field to have a value and a schema-default value.');
-    }
-
-    if (count($this->insertFields) + count($this->defaultFields) == 0 && empty($this->fromQuery)) {
+    if (!$this->preExecute()) {
       return NULL;
     }
 
-    // Don't execute query without values.
-    if (!isset($this->insertValues[0]) && count($this->insertFields) > 0 && empty($this->fromQuery)) {
-      return NULL;
-    }
-
-    $last_insert_id = 0;
-
-    $max_placeholder = 0;
-    $values = array();
-    foreach ($this->insertValues as $insert_values) {
-      foreach ($insert_values as $value) {
-        $values[':db_insert_placeholder_' . $max_placeholder++] = $value;
+    // If we're selecting from a SelectQuery, finish building the query and
+    // pass it back, as any remaining options are irrelevant.
+    if (empty($this->fromQuery)) {
+      $max_placeholder = 0;
+      $values = array();
+      foreach ($this->insertValues as $insert_values) {
+        foreach ($insert_values as $value) {
+          $values[':db_insert_placeholder_' . $max_placeholder++] = $value;
+        }
       }
     }
+    else {
+      $values = $this->fromQuery->getArguments();
+    }
 
     $last_insert_id = $this->connection->query((string)$this, $values, $this->queryOptions);
 
@@ -56,6 +49,8 @@ class InsertQuery_mysql extends InsertQuery {
     // Default fields are always placed first for consistency.
     $insert_fields = array_merge($this->defaultFields, $this->insertFields);
 
+    // If we're selecting from a SelectQuery, finish building the query and
+    // pass it back, as any remaining options are irrelevant.
     if (!empty($this->fromQuery)) {
       return "INSERT $delay INTO {" . $this->table . '} (' . implode(', ', $insert_fields) . ') ' . $this->fromQuery;
     }

includes/database/pgsql/CVS/Entries

@@ -1,5 +1,5 @@
-/database.inc/1.26/Wed Jul 15 13:36:19 2009//
-/install.inc/1.2/Wed Jul 15 13:36:19 2009//
-/query.inc/1.13/Wed Jul 15 13:36:19 2009//
-/schema.inc/1.16/Wed Jul 15 13:36:19 2009//
+/database.inc/1.26/Sat Jun 13 03:10:06 2009//
+/install.inc/1.2/Fri Jun 12 07:15:24 2009//
+/query.inc/1.14/Thu Jul 23 09:32:13 2009//
+/schema.inc/1.16/Thu Jul 23 09:28:47 2009//
 D