applied security update for token module

4 files changed, 51 insertions, 21 deletions

diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info b/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info
index 873f716..9c7d245 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/tests/token_test.info
@@ -5,9 +5,9 @@ core = 7.x
 files[] = token_test.module
 hidden = TRUE
 
-; Information added by drupal.org packaging script on 2012-08-10
-version = "7.x-1.2"
+; Information added by drupal.org packaging script on 2012-09-12
+version = "7.x-1.3"
 core = "7.x"
 project = "token"
-datestamp = "1344634643"
+datestamp = "1347466790"
 
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info
index c6d512e..17a4b57 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.info
@@ -7,9 +7,9 @@ files[] = token.tokens.inc
 files[] = token.pages.inc
 files[] = token.test
 
-; Information added by drupal.org packaging script on 2012-08-10
-version = "7.x-1.2"
+; Information added by drupal.org packaging script on 2012-09-12
+version = "7.x-1.3"
 core = "7.x"
 project = "token"
-datestamp = "1344634643"
+datestamp = "1347466790"
 
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module
index 509a4da..7bba8a7 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.module
@@ -11,7 +11,7 @@
 define('TOKEN_MAX_DEPTH', 9);
 
 /**
- * Impelements hook_help().
+ * Implements hook_help().
  */
 function token_help($path, $arg) {
   if ($path == 'admin/help#token') {
@@ -182,7 +182,6 @@ function token_theme() {
     ),
     'file' => 'token.pages.inc',
   );
-  $info['token_tree_link']['variables'] += $info['token_tree']['variables'];
 
   return $info;
 }
@@ -314,14 +313,17 @@ function token_field_display_alter(&$display, $context) {
     // use the default token formatter.
     if (empty($view_mode_settings[$context['view_mode']]['custom_settings'])) {
       $field_type_info = field_info_field_types($context['field']['type']);
-      if (!empty($field_type_info['default_token_formatter'])) {
-        $display['type'] = $field_type_info['default_token_formatter'];
 
-        $formatter_info = field_info_formatter_types($display['type']);
-        $display['settings'] = isset($formatter_info['settings']) ? $formatter_info['settings'] : array();
-        $display['settings']['label'] = 'hidden';
-        $display['module'] = $formatter_info['module'];
-      }
+      // If the field has specified a specific formatter to be used by default
+      // with tokens, use that, otherwise use the default formatter.
+      $formatter = !empty($field_type_info['default_token_formatter']) ? $field_type_info['default_token_formatter'] : $field_type_info['default_formatter'];
+
+      // Now that we have a formatter, fill in all the settings.
+      $display['type'] = $formatter;
+      $formatter_info = field_info_formatter_types($formatter);
+      $display['settings'] = isset($formatter_info['settings']) ? $formatter_info['settings'] : array();
+      $display['settings']['label'] = 'hidden';
+      $display['module'] = $formatter_info['module'];
     }
   }
 }
@@ -440,10 +442,12 @@ function token_entity_info_alter(&$info) {
  * Adds missing token support for core modules.
  */
 function token_module_implements_alter(&$implementations, $hook) {
-  if ($hook == 'tokens' || $hook == 'token_info') {
+  module_load_include('inc', 'token', 'token.tokens');
+
+  if ($hook == 'tokens' || $hook == 'token_info' || $hook == 'token_info_alter' || $hook == 'tokens_alter') {
     foreach (_token_core_supported_modules() as $module) {
-      if (module_exists($module)) {
-        $implementations[$module] = TRUE;
+      if (module_exists($module) && function_exists($module . '_' . $hook)) {
+        $implementations[$module] = FALSE;
       }
     }
     // Move token.module to get included first since it is responsible for
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc
index 264a14a..4e281af 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/token/token.pages.inc
@@ -19,7 +19,22 @@ function theme_token_tree_link($variables) {
   }
 
   $info = token_theme();
-  $variables['options']['query']['token_tree'] = array_intersect_key($variables, $info['token_tree']['variables']);
+  $variables['options']['query']['options'] = array_intersect_key($variables, $info['token_tree']['variables']);
+
+  // We should never pass the dialog option to theme_token_tree(). It is only
+  // used for this function.
+  unset($variables['options']['query']['options']['dialog']);
+
+  // Add a security token so that the tree page should only work when used
+  // when the dialog link is output with theme('token_tree_link').
+  $variables['options']['query']['token'] = drupal_get_token('token-tree:' . serialize($variables['options']['query']['options']));
+
+  // Because PHP converts query strings with arrays into a different syntax on
+  // the next request, the options have to be encoded with JSON in the query
+  // string so that we can reliably decode it for token comparison.
+  $variables['options']['query']['options'] = drupal_json_encode($variables['options']['query']['options']);
+
+  // Set the token tree to open in a separate window.
   $variables['options']['attributes'] + array('target' => '_blank');
 
   return l($variables['text'], 'token/tree', $variables['options']);
@@ -29,8 +44,19 @@ function theme_token_tree_link($variables) {
  * Page callback to output a token tree as an empty page.
  */
 function token_page_output_tree() {
-  $options = isset($_GET['token_tree']) ? $_GET['token_tree'] : array();
-  $output = theme('token_tree', array('dialog' => FALSE) + $options);
+  $options = isset($_GET['options']) ? drupal_json_decode($_GET['options']) : array();
+
+  // Check the token against the serialized options to prevent random access to
+  // the token browser page.
+  if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'token-tree:' . serialize($options))) {
+    return MENU_ACCESS_DENIED;
+  }
+
+  // Force the dialog option to be false so we're not creating a dialog within
+  // a dialog.
+  $options['dialog'] = FALSE;
+
+  $output = theme('token_tree', array($options));
   print '<html><head><title></title>' . drupal_get_css() . drupal_get_js() . '</head>';
   print '<body class="token-tree">' . $output . '</body></html>';
   drupal_exit();