#63 Ctools security update

sites/all/modules/contrib/ctools/bulk_export/bulk_export.info

@@ -6,9 +6,9 @@ package = Chaos tool suite
 version = CTOOLS_MODULE_VERSION
 
 
-; Information added by Drupal.org packaging script on 2015-03-18
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2015-08-19
+version = "7.x-1.9"
 core = "7.x"
 project = "ctools"
-datestamp = "1426696183"
+datestamp = "1440020680"
 

sites/all/modules/contrib/ctools/ctools.info

@@ -9,9 +9,9 @@ files[] = includes/math-expr.inc
 files[] = includes/stylizer.inc
 files[] = tests/css_cache.test
 
-; Information added by Drupal.org packaging script on 2015-03-18
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2015-08-19
+version = "7.x-1.9"
 core = "7.x"
 project = "ctools"
-datestamp = "1426696183"
+datestamp = "1440020680"
 

sites/all/modules/contrib/ctools/ctools.module

@@ -23,7 +23,7 @@ define('CTOOLS_API_VERSION', '2.0.8');
  *   ; Requires CTools v7.x-1.4 or newer.
  *   dependencies[] = ctools (>=1.4)
  */
-define('CTOOLS_MODULE_VERSION', '7.x-1.7');
+define('CTOOLS_MODULE_VERSION', '7.x-1.9');
 
 /**
  * Test the CTools API version.
@@ -617,6 +617,27 @@ function ctools_registry_files_alter(&$files, $indexed_modules) {
   return _ctools_registry_files_alter($files, $indexed_modules);
 }
 
+// -----------------------------------------------------------------------
+// FAPI hooks that must be in the .module file.
+
+/**
+ * Alter the comment form to get a little more control over it.
+ */
+function ctools_form_comment_form_alter(&$form, &$form_state) {
+  if (!empty($form_state['ctools comment alter'])) {
+    // Force the form to post back to wherever we are.
+    $form['#action'] = url($_GET['q'], array('fragment' => 'comment-form'));
+    if (empty($form['#submit'])) {
+      $form['#submit'] = array('comment_form_submit');
+    }
+    $form['#submit'][] = 'ctools_node_comment_form_submit';
+  }
+}
+
+function ctools_node_comment_form_submit(&$form, &$form_state) {
+  $form_state['redirect'][0] = $_GET['q'];
+}
+
 // -----------------------------------------------------------------------
 // CTools hook implementations.
 
@@ -1018,3 +1039,50 @@ function ctools_ctools_entity_context_alter(&$plugin, &$entity, $plugin_id) {
     }
   }
 }
+
+/**
+ * Implements hook_field_create_field().
+ */
+function ctools_field_create_field($field) {
+  ctools_flush_field_caches();
+}
+
+/**
+ * Implements hook_field_create_instance().
+ */
+function ctools_field_create_instance($instance) {
+  ctools_flush_field_caches();
+}
+/**
+ * Implements hook_field_delete_field().
+ */
+function ctools_field_delete_field($field) {
+  ctools_flush_field_caches();
+}
+/**
+ * Implements hook_field_delete_instance().
+ */
+function ctools_field_delete_instance($instance) {
+  ctools_flush_field_caches();
+}
+/**
+ * Implements hook_field_update_field().
+ */
+function ctools_field_update_field($field, $prior_field, $has_data) {
+  ctools_flush_field_caches();
+}
+
+/**
+ * Implements hook_field_update_instance().
+ */
+function ctools_field_update_instance($instance, $prior_instance) {
+  ctools_flush_field_caches();
+}
+
+/**
+ * Clear field related caches.
+ */
+function ctools_flush_field_caches() {
+  // Clear caches of 'Entity field' content type plugin.
+  cache_clear_all('ctools_entity_field_content_type_content_types', 'cache');
+}

sites/all/modules/contrib/ctools/ctools_access_ruleset/ctools_access_ruleset.info

@@ -5,9 +5,9 @@ package = Chaos tool suite
 version = CTOOLS_MODULE_VERSION
 dependencies[] = ctools
 
-; Information added by Drupal.org packaging script on 2015-03-18
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2015-08-19
+version = "7.x-1.9"
 core = "7.x"
 project = "ctools"
-datestamp = "1426696183"
+datestamp = "1440020680"
 

sites/all/modules/contrib/ctools/ctools_ajax_sample/ctools_ajax_sample.info

@@ -5,9 +5,9 @@ version = CTOOLS_MODULE_VERSION
 dependencies[] = ctools
 core = 7.x
 
-; Information added by Drupal.org packaging script on 2015-03-18
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2015-08-19
+version = "7.x-1.9"
 core = "7.x"
 project = "ctools"
-datestamp = "1426696183"
+datestamp = "1440020680"
 

sites/all/modules/contrib/ctools/ctools_ajax_sample/ctools_ajax_sample.module

@@ -524,7 +524,7 @@ function ctools_ajax_sample_wizard_next(&$form_state) {
 }
 
 /**
- * Handle the 'finish' click on teh add/edit pane form wizard.
+ * Handle the 'finish' click on the add/edit pane form wizard.
  *
  * All we need to do is set a flag so the return can handle adding
  * the pane.

sites/all/modules/contrib/ctools/ctools_custom_content/ctools_custom_content.info

@@ -5,9 +5,9 @@ package = Chaos tool suite
 version = CTOOLS_MODULE_VERSION
 dependencies[] = ctools
 
-; Information added by Drupal.org packaging script on 2015-03-18
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2015-08-19
+version = "7.x-1.9"
 core = "7.x"
 project = "ctools"
-datestamp = "1426696183"
+datestamp = "1440020680"
 

sites/all/modules/contrib/ctools/ctools_plugin_example/ctools_plugin_example.info

@@ -8,9 +8,9 @@ dependencies[] = page_manager
 dependencies[] = advanced_help
 core = 7.x
 
-; Information added by Drupal.org packaging script on 2015-03-18
-version = "7.x-1.7"
+; Information added by Drupal.org packaging script on 2015-08-19
+version = "7.x-1.9"
 core = "7.x"
 project = "ctools"
-datestamp = "1426696183"
+datestamp = "1440020680"
 

sites/all/modules/contrib/ctools/includes/content.inc

@@ -341,7 +341,16 @@ function ctools_content_editable($type, $subtype, $conf) {
     return FALSE;
   }
 
-  if ($function = ctools_plugin_get_function($subtype, 'check editable')) {
+  $function = FALSE;
+
+  if (!empty($subtype['check editable'])) {
+    $function = ctools_plugin_get_function($subtype, 'check editable');
+  }
+  elseif (!empty($type['check editable'])) {
+    $function = ctools_plugin_get_function($type, 'check editable');
+  }
+
+  if ($function) {
     return $function($type, $subtype, $conf);
   }
 

sites/all/modules/contrib/ctools/includes/context-admin.inc

@@ -736,6 +736,15 @@ function ctools_edit_context_form_defaults($form, &$form_state) {
     '#default_value' => $conf['keyword'],
   );
 
+  if ($type_info['key'] == 'requiredcontexts') {
+    $form['optional'] = array(
+      '#type' => 'checkbox',
+      '#title' => t('Context is optional'),
+      '#default_value' => !empty($form_state['conf']['optional']),
+      '#description' => t('This context need not be present for the component to function.'),
+    );
+  }
+
   $form['#submit'][] = 'ctools_edit_context_form_defaults_submit';
 
   return $form;
@@ -752,6 +761,9 @@ function ctools_edit_context_form_defaults_submit(&$form, &$form_state) {
     $form_state['conf']['default'] = $form_state['values']['default'];
     $form_state['conf']['title'] = $form_state['values']['title'];
   }
+  if ($form_state['type info']['key'] == 'requiredcontexts') {
+    $form_state['conf']['optional'] = $form_state['values']['optional'];
+  }
 
   $form_state['conf']['identifier'] = $form_state['values']['identifier'];
   $form_state['conf']['keyword'] = $form_state['values']['keyword'];

sites/all/modules/contrib/ctools/includes/context.inc

@@ -216,7 +216,7 @@ class ctools_context_optional extends ctools_context_required {
     $context = new ctools_context('any');
     $context->title      = t('No context');
     $context->identifier = t('No context');
-    $contexts = array_merge(array('empty' => $context), $contexts);
+    $contexts['empty'] = $context;
   }
 
   function filter($contexts) {
@@ -1505,7 +1505,7 @@ function ctools_access($settings, $contexts = array()) {
       return TRUE;
     }
     else if (!$pass && $settings['logic'] == 'and') {
-      // Fail if 'and' and htis rule failed.
+      // Fail if 'and' and this rule failed.
       return FALSE;
     }
   }

sites/all/modules/contrib/ctools/includes/css.inc

@@ -172,10 +172,12 @@ function ctools_css_cache($css, $filter = TRUE) {
   // @todo Is this slow? Does it matter if it is?
   $filename = $path . '/' . md5($css) . '.css';
 
-  // This will do renames if the file already exists, ensuring we don't
-  // accidentally overwrite other files who share the same md5. Yes this
-  // is a very miniscule chance but it's safe.
-  $filename = file_unmanaged_save_data($css, $filename);
+  // Generally md5 is considered unique enough to sign file downloads.
+  // So this replaces already existing files based on the assumption that two
+  // files with the same hash are identical content wise.
+  // If we rename, the cache folder can potentially fill up with thousands of
+  // files with the same content.
+  $filename = file_unmanaged_save_data($css, $filename, FILE_EXISTS_REPLACE);
 
   return $filename;
 }

sites/all/modules/contrib/ctools/includes/jump-menu.inc

@@ -51,7 +51,7 @@ function ctools_jump_menu($form, &$form_state, $select, $options = array()) {
     'hide' => TRUE,
   );
 
-  ctools_add_js('jump-menu');
+  $form['#attached']['js'][] = ctools_attach_js('jump-menu');
 
   if (!empty($options['choose'])) {
     $select = array('' => $options['choose']) + $select;

sites/all/modules/contrib/ctools/includes/math-expr.inc

@@ -271,7 +271,7 @@ class ctools_math_expr {
             } elseif (in_array($op, $ops) and !$expecting_op) {
                 return $this->trigger("unexpected operator '$op'");
             } else { // I don't even want to know what you did to get here
-                return $this->trigger("an unexpected error occured");
+                return $this->trigger("an unexpected error occurred");
             }
             if ($index == strlen($expr)) {
                 if (in_array($op, $ops)) { // did we end with an operator? bad.

sites/all/modules/contrib/ctools/includes/modal.inc

@@ -66,6 +66,7 @@ function ctools_modal_add_js() {
   drupal_add_library('system', 'jquery.form');
   drupal_add_library('system', 'drupal.progress');
   drupal_add_library('system', 'drupal.ajax');
+  drupal_add_library('system', 'ui');
   ctools_add_js('modal');
 
   ctools_add_css('modal');

sites/all/modules/contrib/ctools/includes/plugins.inc

@@ -79,7 +79,9 @@ function ctools_plugin_api_info($owner, $api, $minimum_version, $current_version
       }
 
       // Only process if version is between minimum and current, inclusive.
-      if (version_compare($version, $minimum_version, '>=') && version_compare($version, $current_version, '<=')) {
+      if (($version == $minimum_version) || ($version == $current_version)
+        || (version_compare($version, $minimum_version, '>=')
+        && version_compare($version, $current_version, '<='))) {
         if (!isset($info['path'])) {
           $info['path'] = drupal_get_path('module', $module);
         }
@@ -110,7 +112,7 @@ function ctools_plugin_api_info($owner, $api, $minimum_version, $current_version
     }
 
     // Allow other modules to hook in.
-    drupal_alter($hook, $cache[$owner][$api]);
+    drupal_alter($hook, $cache[$owner][$api], $owner, $api);
   }
 
   return $cache[$owner][$api];
@@ -213,7 +215,7 @@ function ctools_plugin_api_get_hook($owner, $api) {
  */
 function ctools_get_plugins($module, $type, $id = NULL) {
   // Store local caches of plugins and plugin info so we don't have to do full
-  // lookups everytime.
+  // lookups every time.
   static $drupal_static_fast;
   if (!isset($drupal_static_fast)) {
     $drupal_static_fast['plugins'] = &drupal_static('ctools_plugins', array());

sites/all/modules/contrib/ctools/includes/stylizer.inc

@@ -500,7 +500,7 @@ class ctools_stylizer_image_processor {
     $palette[$luminosity_input]['green'] = $green;
     $palette[$luminosity_input]['blue'] = $blue;
 
-    // Now we complete the palette, first we'll do it tothe black, and then to
+    // Now we complete the palette, first we'll do it to the black, and then to
     // the white.
 
     // From input to black

sites/all/modules/contrib/ctools/includes/uuid.inc

@@ -25,7 +25,8 @@ function _ctools_uuid_generate_com() {
  * Generates an universally unique identifier using the PECL extension.
  */
 function _ctools_uuid_generate_pecl() {
-  return uuid_create(UUID_TYPE_DEFAULT);
+  $uuid_type = UUID_TYPE_DEFAULT;
+  return uuid_create($uuid_type);
 }
 
 /**