services 7.x-3.6

SA-CONTRIB-2014-007 - Services - Multiple vulnerabilities

Issue #1266188: Account Lockout Account Lockout
Issue #2126177: Handle CORS preflight OPTIONS request
Issue #1154420: Readd support for rich options for resources - needed by auth mechanism Readd support for rich options for resources.
Issue #2175105: Pass clone global $user object to services_remove_user_data() in _user_resource_login() Pass clone global $user object to services_remove_user_data() in _user_resource_login()
Issue #1349588: Update documentation and make file relating to Spyc requirement and Libraries integration + make libraries optional Update documentation and make file relating to Spyc requirement and Libraries integration + make libraries optional by
Issue #100458 $form_state usage for programatic bypass access checks.
Issue #2115579: How about return token in user login service? add csrf token to user login service.
issue #2127411: getContentTypeNegotiator override is not used in ServicesRESTServerFactory::getRESTServer()
Issues #1912842: REST Server XML parser returns arrays with empty values when POSTing or PUTting...
Adds a test to see if users can update roles to admin.
Issue #1853592: User with 'administer users' permission receives 406 Not Acceptable: You are not allowed to change your username. Changing username as administer users role.
Issue #2174209: sort resources in admin UI Sort resources in UI
Issue #2166499: Small optimization of _services_sessions_authenticate_call() function: If statements optimization for _services_sessions_authenticate_call().
Issue #1526308: services_oauth with multiple authentication methods by christianchristensen, Jerenus: services_oauth with multiple authentication methods.
Revert "Issue #2123447 by Tiaan: ServicesParserURLEncoded->parse() mangles data when magic quotes enabled."
Issue #2123447 by Tiaan: ServicesParserURLEncoded->parse() mangles data when magic quotes enabled.
Issue #2150827 by dbehrman: Allow using underscores in path aliases.
Issue #1912842: REST Server XML parser returns arrays with empty values when POSTing or PUTting... by gielfeldt, esbenvb
Issue [#2045297 by rajarju
Issue #2123257: Update 7400 fails due to reference to module by wdouglascampbell
Issue #1303400: Forgot (Reset) Password action on user resource by jucallme, mrfelton, stongo | jjesus: Added Forgot (Reset) Password action on user resource.
Issue #2072747: Cant send error with code 431 by bechtold | Shademan: Fixed Cant send error with code 431.
Issue #1937312: REST server does not properly display argument handling error messages by ygerasimov, stefan.r: Fixed REST server does not properly display argument handling error messages.
Issue #2083377: Problem with targeted actions: Convert "path" argument position to integer.
Issue #2033529: Attach file targeted action incorrectly incrementing delta by bradjones1: Fixed Attach file targeted action incorrectly incrementing delta.
Issue #2080917: RESTServer tests are failing and causing testbot to fail.: Late static binding related error fixed.
Issue #2077891: Wrong username and password, just after a creation of a user: Password is not set during register.
Issue #2013711: ServicesWebTestCase::setUp only allows one form of module parameters by joachim: Fixed ServicesWebTestCase::setUp only allows one form of module parameters.
Issue #2048529: PHP notice when creating node as anonymous user by TravisCarden: Fixed PHP notice when creating node as anonymous user.
Issue #2071829: Spelling error in Status Report notice by rm-rf: Fixed Spelling error in Status Report notice.
Issue #2025849: User can't retrieve own e-mail address, unless they have the 'administer users' permission by tyler.frankenstein, hswong3i: Fixed User can't retrieve own e-mail address, unless they have the 'administer users' permission.
Issue #2072819: Provide a variable for default response format in rest_server: Add documentation about added variable.
Issue #2072819: Provide a variable for default response format in rest_server by mradcliffe: Added Provide a variable for default response format in rest_server().
Issue #2032153: It is possible to delete user/0 and user/1 by Yorirou
Issue #2033977: $_SERVER['CONTENT_TYPE'] not available on PHP built-in web server by dixon_: Fixed ['CONTENT_TYPE'] not available on PHP built-in web server.