From 99b92bde736f7351ff80076e7b309e4b8fe389fe Mon Sep 17 00:00:00 2001 From: Taihao Zhang Date: Tue, 9 Nov 2010 20:43:00 +1100 Subject: [PATCH] Security cleanup. --- admin.inc | 15 ++++++++------- includes/node.inc | 7 ++++--- includes/taxonomy.inc | 8 +++++--- includes/user.inc | 12 ++++++++---- uuid_resolver.api.php | 14 +++++++------- uuid_resolver.module | 14 +++++++------- 6 files changed, 39 insertions(+), 31 deletions(-) diff --git a/admin.inc b/admin.inc index e565395..2f6bbc7 100644 --- a/admin.inc +++ b/admin.inc @@ -35,13 +35,13 @@ function uuid_resolver_overview_form(&$form_state) { ), ); $row['title'] = array( - '#value' => t($info['title']), + '#value' => check_plain($info['title']), ); $row['path'] = array( - '#value' => uuid_resolver_get_base_path($resolver) . '/%', + '#value' => check_plain(uuid_resolver_get_base_path($resolver) . '/%'), ); $row['operations'] = array( - '#value' => l(t('Configure'), 'admin/settings/uuid_resolver/'.$resolver, array('class' => 'uuid-resolver-configure')), + '#value' => filter_xss(l(t('Configure'), 'admin/settings/uuid_resolver/' . check_url($resolver), array('class' => 'uuid-resolver-configure'))), ); $row[$resolver] = array( '#type' => 'checkbox', @@ -128,7 +128,8 @@ function _uuid_resolver_overview_compare_resolvers($a, $b, $criteria = NULL) { if ($a[$order] > $b[$order]) { $diff = $dir; break; - } else { + } + else { $diff = -$dir; break; } @@ -143,7 +144,7 @@ function theme_uuid_resolver_overview_form($form) { drupal_set_title(t('UUID resolvers')); drupal_add_js(drupal_get_path('module', 'uuid_resolver') . '/admin.js'); drupal_add_css(drupal_get_path('module', 'uuid_resolver') . '/admin.css'); - $output = '

'.l(t('Refresh list'), 'admin/settings/uuid_resolver/refresh').'

'; + $output = '

' . l(t('Refresh list'), 'admin/settings/uuid_resolver/refresh') . '

'; // Set up sorting $resolvers_info = uuid_resolver_get_resolvers(TRUE); @@ -284,7 +285,7 @@ function uuid_resolver_forms() { $forms = array(); $resolvers = uuid_resolver_get_resolvers(); foreach ($resolvers as $resolver => $resolver_info) { - $forms['uuid_resolver_'.$resolver.'_settings_form'] = array( + $forms['uuid_resolver_' . $resolver . '_settings_form'] = array( 'callback' => 'uuid_resolver_resolver_settings_form', 'callback arguments' => array($resolver_info), ); @@ -298,7 +299,7 @@ function uuid_resolver_forms() { function uuid_resolver_resolver_settings($resolver_info) { drupal_set_title(t('Configure settings for %resolver resolver.', array('%resolver' => t($resolver_info['title'])))); drupal_add_js(drupal_get_path('module', 'uuid_resolver') . '/admin.js'); - return drupal_get_form('uuid_resolver_'.$resolver_info['name'].'_settings_form', $resolver_info); + return drupal_get_form('uuid_resolver_' . $resolver_info['name'] . '_settings_form', $resolver_info); } /** diff --git a/includes/node.inc b/includes/node.inc index 0df586c..1bcfc11 100644 --- a/includes/node.inc +++ b/includes/node.inc @@ -28,10 +28,11 @@ function node_uuid_resolver_info() { function uuid_resolver_resolve_node($uuid) { $nid = db_result(db_query("SELECT nid FROM {uuid_node} WHERE uuid = '%s'", $uuid)); if ($nid) { - $path = 'node/'.$nid; + $path = 'node/' . $nid; if (variable_get('uuid_resolver_node_use_alias', FALSE)) { return drupal_get_path_alias($path); - } else { + } + else { return $path; } } @@ -47,7 +48,7 @@ function uuid_resolver_resolve_node_revision($uuid) { {uuid_node_revisions} u LEFT JOIN {node_revisions} v ON u.vid = v.vid WHERE uuid = '%s'", $uuid)); if ($match) { - return 'node/'.$match['nid'].'/revisions/'.$match['vid'].'/view'; + return 'node/' . $match['nid'] . '/revisions/' . $match['vid'] . '/view'; } } diff --git a/includes/taxonomy.inc b/includes/taxonomy.inc index 37f606d..e4fba01 100644 --- a/includes/taxonomy.inc +++ b/includes/taxonomy.inc @@ -24,13 +24,15 @@ function taxonomy_uuid_resolver_info() { function uuid_resolver_resolve_taxonomy_term($uuid) { $tid = db_result(db_query("SELECT tid FROM {uuid_term_data} WHERE uuid = '%s'", $uuid)); if ($tid) { - $path = 'taxonomy/term/'.$tid; + $path = 'taxonomy/term/' . $tid; if (variable_get('uuid_resolver_taxonomy_term_use_alias', FALSE)) { return drupal_get_path_alias($path); - } else { + } + else { return $path; } - } else { + } + else { return FALSE; } } diff --git a/includes/user.inc b/includes/user.inc index 696907b..a8e9549 100644 --- a/includes/user.inc +++ b/includes/user.inc @@ -5,7 +5,9 @@ * Implements UUID resolver on behalf of user module. */ -/** Default setting for 'use alias'. */ +/** + * Default setting for 'use alias'. + */ define('UUID_RESOLVER_USER_USE_ALIAS', FALSE); /** @@ -27,13 +29,15 @@ function user_uuid_resolver_info() { function uuid_resolver_resolve_user($uuid) { $uid = db_result(db_query("SELECT uid FROM {uuid_users} WHERE uuid = '%s'", $uuid)); if ($uid) { - $path = 'user/'.$uid; + $path = 'user/' . $uid; if (variable_get('uuid_resolver_user_use_alias', UUID_RESOLVER_USER_USE_ALIAS)) { return drupal_get_path_alias($path); - } else { + } + else { return $path; } - } else { + } + else { return FALSE; } } diff --git a/uuid_resolver.api.php b/uuid_resolver.api.php index ef7290f..0a58767 100644 --- a/uuid_resolver.api.php +++ b/uuid_resolver.api.php @@ -2,8 +2,10 @@ // $Id$ /** - * @mainpage + * @file + * UUID Resolver API documentation. * + * @mainpage * @verbinclude README.txt */ @@ -27,9 +29,7 @@ * - 'callback arguments' : An array of arguments to pass through to the * callback function in addition to the request UUID. * - * @see example_uuid_resolve_callback(), example2_uuid_resolve_callback(), - * node_uuid_resolver_info(), taxonomy_uuid_resolver_info(), - * user_uuid_resolver_info(). + * @see example_uuid_resolve_callback(), example2_uuid_resolve_callback(), node_uuid_resolver_info(), taxonomy_uuid_resolver_info(), user_uuid_resolver_info() */ function hook_uuid_resolver_info() { $resolvers['example'] = array( @@ -56,7 +56,7 @@ function example_uuid_resolve_callback($uuid) { // Look up object $node = node_get_by_uuid($uuid); if ($node->type == 'example') { - return 'example/'.variable_get('example_setting', '0').'/'.$node->nid; + return 'example/' . variable_get('example_setting', '0') . '/' . $node->nid; } } @@ -76,7 +76,7 @@ function example_uuid_resolve_callback($uuid) { function example2_uuid_resolve_callback($uuid, $a1, $a2) { if ($a1 == 'foo' && $a2 == 'bar') { $hash = md5($uuid); - return 'foobar/'.$hash; + return 'foobar/' . $hash; } } @@ -91,7 +91,7 @@ function example2_uuid_resolve_callback($uuid, $a1, $a2) { */ /** - * Implementation of hook_form_FORM_ID_alter. + * Implements hook_form_FORM_ID_alter() for uuid_resolver_example_settings_form. * * Adds new settings to the resolver configurable via the settings form for the * UUID resolver by extending the form. By default, UUID resolver provides a diff --git a/uuid_resolver.module b/uuid_resolver.module index a54cb57..be57013 100644 --- a/uuid_resolver.module +++ b/uuid_resolver.module @@ -13,7 +13,7 @@ function uuid_resolver_init() { // Load common module_load_include('inc', 'uuid_resolver', 'common'); // Load include files - $files = file_scan_directory(drupal_get_path('module', 'uuid_resolver').'/includes', '\.inc$'); + $files = file_scan_directory(drupal_get_path('module', 'uuid_resolver') . '/includes', '\.inc$'); foreach ($files as $file) { include_once($file->filename); } @@ -33,7 +33,7 @@ function uuid_resolver_help($path, $arg) { switch ($path) { case 'admin/settings/uuid_resolver': case 'admin/settings/uuid_resolver/overview': - return '

'.t('All UUID resolvers are listed below. Enable a resolver for it to listen on its base path for UUIDs and redirect to the path of the actual object.').'

'; + return '

' . t('All UUID resolvers are listed below. Enable a resolver for it to listen on its base path for UUIDs and redirect to the path of the actual object.') . '

'; } } @@ -99,7 +99,7 @@ function uuid_resolver_menu_alter(&$items) { foreach ($bins as $path => $types) { $path = trim($path, '/'); $argi = substr_count($path, '/') + 1; - $items[$path.'/%'] = array( + $items[$path . '/%'] = array( 'title' => 'UUID resolver callback', 'page callback' => 'uuid_resolver_resolve', 'page arguments' => array($types, $argi), @@ -193,7 +193,7 @@ function uuid_resolver_exists($resolver) { */ function uuid_resolver_is_enabled($resolver, $skip_check = FALSE) { return $skip_check || uuid_resolver_exists($resolver) ? - variable_get('uuid_resolver_'.$resolver.'_enabled', FALSE) : + variable_get('uuid_resolver_' . $resolver . '_enabled', FALSE) : NULL; } @@ -207,7 +207,7 @@ function uuid_resolver_set_enabled($resolver, $enabled, $skip_check = FALSE) { if (!$skip_check && !uuid_resolver_exists($resolver)) { return; } - variable_set('uuid_resolver_'.$resolver.'_enabled', $enabled); + variable_set('uuid_resolver_' . $resolver . '_enabled', $enabled); } /** @@ -220,7 +220,7 @@ function uuid_resolver_get_base_path($resolver, $skip_check = FALSE) { if (!$skip_check && !uuid_resolver_exists($resolver)) { return NULL; } - return variable_get('uuid_resolver_'.$resolver.'_base_path', 'uuid'); + return variable_get('uuid_resolver_' . $resolver . '_base_path', 'uuid'); } /** @@ -233,7 +233,7 @@ function uuid_resolver_set_base_path($resolver, $path, $skip_check = FALSE) { if (!$skip_check && !uuid_resolver_exists($resolver)) { return; } - return variable_set('uuid_resolver_'.$resolver.'_base_path', $path); + return variable_set('uuid_resolver_' . $resolver . '_base_path', $path); } /** -- 1.7.0.2.msysgit.0