summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDries Buytaert2010-05-13 07:53:02 (GMT)
committerDries Buytaert2010-05-13 07:53:02 (GMT)
commit8119c5da9a0746bfa87ac27abeafb849f152d1ce (patch)
treeecaf3c2ccc8140211755febebf3071d87035fafa
parent6987dd4cab489d47a42f1331e882d3dbf7635913 (diff)
- Patch #735662 by duellj, tstoeckler: critical bug: hook_form_alter() can easily clobber a text format.
-rw-r--r--modules/block/block.admin.inc4
-rw-r--r--modules/block/block.module9
-rw-r--r--modules/filter/filter.module60
-rw-r--r--modules/taxonomy/taxonomy.admin.inc6
4 files changed, 17 insertions, 62 deletions
diff --git a/modules/block/block.admin.inc b/modules/block/block.admin.inc
index a5187b5..131b214 100644
--- a/modules/block/block.admin.inc
+++ b/modules/block/block.admin.inc
@@ -442,9 +442,9 @@ function block_add_block_form_validate($form, &$form_state) {
function block_add_block_form_submit($form, &$form_state) {
$delta = db_insert('block_custom')
->fields(array(
- 'body' => $form_state['values']['body'],
+ 'body' => $form_state['values']['body']['value'],
'info' => $form_state['values']['info'],
- 'format' => $form_state['values']['format'],
+ 'format' => $form_state['values']['body']['format'],
))
->execute();
// Store block delta to allow other modules to work with new block.
diff --git a/modules/block/block.module b/modules/block/block.module
index 12b916a..3770bb2 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -469,8 +469,9 @@ function block_custom_block_form($edit = array()) {
* @param $edit
* Associative array of fields to save. Array keys:
* - info: Block description.
- * - body: Block contents.
- * - format: Filter ID of the filter format for the body.
+ * - body: Associative array of body value and format. Array keys:
+ * - value: Block contents.
+ * - format: Filter ID of the filter format for the body.
* @param $delta
* Block ID of the block to save.
* @return
@@ -479,9 +480,9 @@ function block_custom_block_form($edit = array()) {
function block_custom_block_save($edit, $delta) {
db_update('block_custom')
->fields(array(
- 'body' => $edit['body'],
+ 'body' => $edit['body']['value'],
'info' => $edit['info'],
- 'format' => $edit['format'],
+ 'format' => $edit['body']['format'],
))
->condition('bid', $delta)
->execute();
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index ad5ec9b..21cc0fe 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -730,29 +730,12 @@ function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE)
* the text format id specified in #format or the user's default format by
* default, if NULL.
*
- * Since most modules expect the value of the new 'format' element *next* to the
- * original element, filter_process_format() utilizes an #after_build to move
- * the values of the children of the 'text_format' element so as to let the
- * submitted form values appear as if they were located on the same level.
- * For example, considering the input values:
+ * The resulting value for the element will be an array holding the value and the
+ * format. For example, the value for the body element will be:
* @code
- * $form_state['input']['body']['value'] = 'foo';
- * $form_state['input']['body']['format'] = 'foo';
+ * $form_state['values']['body']['value'] = 'foo';
+ * $form_state['values']['body']['format'] = 'foo';
* @endcode
- * The #after_build will process them into:
- * @code
- * $form_state['values']['body'] = 'foo';
- * $form_state['values']['format'] = 'foo';
- * @endcode
- *
- * If multiple text format-enabled elements are required on the same level of
- * the form structure, modules can set custom #parents on the original element.
- * Alternatively, the #after_build may be unset through a subsequent #process
- * callback. If the default #after_build is not invoked and no custom processing
- * occurs, then the submitted form values will appear like in the
- * $form_state['input'] array above.
- *
- * @see filter_form_after_build()
*
* @param $element
* The form element to process. Properties used:
@@ -804,9 +787,6 @@ function filter_process_format($element) {
$element['#attached']['js'][] = $path . '/filter.js';
$element['#attached']['css'][] = $path . '/filter.css';
- // Apply default #after_build behavior.
- $element['#after_build'][] = 'filter_form_after_build';
-
// Setup child container for the text format widget.
$element['format'] = array(
'#type' => 'fieldset',
@@ -887,38 +867,6 @@ function filter_process_format($element) {
}
/**
- * After build callback to move #type 'text_format' values up in $form_state.
- */
-function filter_form_after_build($element, &$form_state) {
- // For text fields, the additional subkeys map 1:1 to field schema columns.
- if (isset($element['#columns'])) {
- return $element;
- }
-
- $parents = $element['#parents'];
- array_pop($parents);
-
- foreach (element_children($element) as $key) {
- $current_parents = $parents;
- switch ($key) {
- case 'value':
- form_set_value(array('#parents' => $element['#parents']), $element[$key]['#value'], $form_state);
- break;
-
- case 'format':
- $current_parents[] = $key;
- form_set_value(array('#parents' => $current_parents), $element['format']['format']['#value'], $form_state);
- break;
-
- default:
- $current_parents[] = $key;
- form_set_value(array('#parents' => $current_parents), $element[$key]['#value'], $form_state);
- }
- }
- return $element;
-}
-
-/**
* #pre_render callback for #type 'text_format' to hide field value from prying eyes.
*
* To not break form processing and previews if a user does not have access to a
diff --git a/modules/taxonomy/taxonomy.admin.inc b/modules/taxonomy/taxonomy.admin.inc
index 4ae0e51..59defe8 100644
--- a/modules/taxonomy/taxonomy.admin.inc
+++ b/modules/taxonomy/taxonomy.admin.inc
@@ -837,6 +837,12 @@ function taxonomy_form_term_submit($form, &$form_state) {
*/
function taxonomy_form_term_submit_builder($form, &$form_state) {
$term = (object) $form_state['values'];
+
+ // Convert text_format field into values expected by taxonomy_term_save().
+ $description = $form_state['values']['description'];
+ $term->description = $description['value'];
+ $term->format = $description['format'];
+
field_attach_submit('taxonomy_term', $term, $form, $form_state);
$form_state['term'] = (array) $term;