From 377bb3940916293ad881fb04db2fb2bfa434f0da Mon Sep 17 00:00:00 2001
From: bcweaver <brianweaver@gmail.com>
Date: Wed, 12 May 2021 13:25:34 -0400
Subject: [PATCH] SECURITY update drupal/ctools to 3.6
---
composer.json | 2 +-
composer.lock | 16 ++--
vendor/composer/InstalledVersions.php | 10 +--
vendor/composer/installed.json | 16 ++--
vendor/composer/installed.php | 10 +--
web/modules/ctools/ctools.info.yml | 6 +-
.../ctools_block/ctools_block.info.yml | 6 +-
.../ctools_block_field_test.info.yml | 6 +-
.../ctools_entity_mask.info.yml | 6 +-
.../entity_mask_test.info.yml | 6 +-
.../ctools_views/ctools_views.info.yml | 6 +-
.../ctools_views_test_views.info.yml | 6 +-
.../ctools/src/Plugin/Block/EntityView.php | 10 +++
.../ctools_block_display_test.info.yml | 6 +-
.../ctools_wizard_test.info.yml | 6 +-
.../Kernel/Plugin/Block/EntityViewTest.php | 87 +++++++++++++++++++
16 files changed, 151 insertions(+), 54 deletions(-)
create mode 100644 web/modules/ctools/tests/src/Kernel/Plugin/Block/EntityViewTest.php
diff --git a/composer.json b/composer.json
index abd88dc468..c339b9ba1d 100644
--- a/composer.json
+++ b/composer.json
@@ -106,7 +106,7 @@
"drupal/core-composer-scaffold": "^9.0",
"drupal/core-recommended": "8.9.14",
"drupal/crop": "2.1",
- "drupal/ctools": "3.5",
+ "drupal/ctools": "3.6",
"drupal/dropzonejs": "2.5",
"drupal/editor_advanced_link": "1.8",
"drupal/embed": "1.4",
diff --git a/composer.lock b/composer.lock
index b59fa9f3b0..926678b571 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "4f4a73e297d9307128a77fa7163e626e",
+ "content-hash": "4f162d7bd155c17ba0c04ebcb49b185b",
"packages": [
{
"name": "alchemy/zippy",
@@ -3674,17 +3674,17 @@
},
{
"name": "drupal/ctools",
- "version": "3.5.0",
+ "version": "3.6.0",
"source": {
"type": "git",
"url": "https://git.drupalcode.org/project/ctools.git",
- "reference": "8.x-3.5"
+ "reference": "8.x-3.6"
},
"dist": {
"type": "zip",
- "url": "https://ftp.drupal.org/files/projects/ctools-8.x-3.5.zip",
- "reference": "8.x-3.5",
- "shasum": "0113cd1e787ff3bde088c836c2d79d14136b0013"
+ "url": "https://ftp.drupal.org/files/projects/ctools-8.x-3.6.zip",
+ "reference": "8.x-3.6",
+ "shasum": "9a849bb6ac9f4d02603d04b3265b35b7329e1ef5"
},
"require": {
"drupal/core": "^8.8 || ^9"
@@ -3692,8 +3692,8 @@
"type": "drupal-module",
"extra": {
"drupal": {
- "version": "8.x-3.5",
- "datestamp": "1618592931",
+ "version": "8.x-3.6",
+ "datestamp": "1620838181",
"security-coverage": {
"status": "covered",
"message": "Covered by Drupal's security advisory policy"
diff --git a/vendor/composer/InstalledVersions.php b/vendor/composer/InstalledVersions.php
index d8369eb845..a2871d3d1d 100644
--- a/vendor/composer/InstalledVersions.php
+++ b/vendor/composer/InstalledVersions.php
@@ -19,7 +19,7 @@ class InstalledVersions
'aliases' =>
array (
),
- 'reference' => 'eda146158c134a52fb92686a2d4731493a786feb',
+ 'reference' => 'd4b4464a481d2dcac95e7ed82f8694d976fd33fe',
'name' => 'osu-asc-webservices/d8-upstream',
),
'versions' =>
@@ -873,12 +873,12 @@ class InstalledVersions
),
'drupal/ctools' =>
array (
- 'pretty_version' => '3.5.0',
- 'version' => '3.5.0.0',
+ 'pretty_version' => '3.6.0',
+ 'version' => '3.6.0.0',
'aliases' =>
array (
),
- 'reference' => '8.x-3.5',
+ 'reference' => '8.x-3.6',
),
'drupal/datetime' =>
array (
@@ -2276,7 +2276,7 @@ class InstalledVersions
'aliases' =>
array (
),
- 'reference' => 'eda146158c134a52fb92686a2d4731493a786feb',
+ 'reference' => 'd4b4464a481d2dcac95e7ed82f8694d976fd33fe',
),
'pantheon-systems/quicksilver-pushback' =>
array (
diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json
index 94aa425280..b70554627c 100644
--- a/vendor/composer/installed.json
+++ b/vendor/composer/installed.json
@@ -3718,18 +3718,18 @@
},
{
"name": "drupal/ctools",
- "version": "3.5.0",
- "version_normalized": "3.5.0.0",
+ "version": "3.6.0",
+ "version_normalized": "3.6.0.0",
"source": {
"type": "git",
"url": "https://git.drupalcode.org/project/ctools.git",
- "reference": "8.x-3.5"
+ "reference": "8.x-3.6"
},
"dist": {
"type": "zip",
- "url": "https://ftp.drupal.org/files/projects/ctools-8.x-3.5.zip",
- "reference": "8.x-3.5",
- "shasum": "0113cd1e787ff3bde088c836c2d79d14136b0013"
+ "url": "https://ftp.drupal.org/files/projects/ctools-8.x-3.6.zip",
+ "reference": "8.x-3.6",
+ "shasum": "9a849bb6ac9f4d02603d04b3265b35b7329e1ef5"
},
"require": {
"drupal/core": "^8.8 || ^9"
@@ -3737,8 +3737,8 @@
"type": "drupal-module",
"extra": {
"drupal": {
- "version": "8.x-3.5",
- "datestamp": "1618592931",
+ "version": "8.x-3.6",
+ "datestamp": "1620838181",
"security-coverage": {
"status": "covered",
"message": "Covered by Drupal's security advisory policy"
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index 0e19a8840a..b420fd47d9 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -6,7 +6,7 @@
'aliases' =>
array (
),
- 'reference' => 'eda146158c134a52fb92686a2d4731493a786feb',
+ 'reference' => 'd4b4464a481d2dcac95e7ed82f8694d976fd33fe',
'name' => 'osu-asc-webservices/d8-upstream',
),
'versions' =>
@@ -860,12 +860,12 @@
),
'drupal/ctools' =>
array (
- 'pretty_version' => '3.5.0',
- 'version' => '3.5.0.0',
+ 'pretty_version' => '3.6.0',
+ 'version' => '3.6.0.0',
'aliases' =>
array (
),
- 'reference' => '8.x-3.5',
+ 'reference' => '8.x-3.6',
),
'drupal/datetime' =>
array (
@@ -2263,7 +2263,7 @@
'aliases' =>
array (
),
- 'reference' => 'eda146158c134a52fb92686a2d4731493a786feb',
+ 'reference' => 'd4b4464a481d2dcac95e7ed82f8694d976fd33fe',
),
'pantheon-systems/quicksilver-pushback' =>
array (
diff --git a/web/modules/ctools/ctools.info.yml b/web/modules/ctools/ctools.info.yml
index 203c2c66b4..4b146efe6f 100644
--- a/web/modules/ctools/ctools.info.yml
+++ b/web/modules/ctools/ctools.info.yml
@@ -4,7 +4,7 @@ description: 'Provides a number of utility and helper APIs for Drupal developers
package: Chaos tool suite
core_version_requirement: ^8.8 || ^9
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/modules/ctools_block/ctools_block.info.yml b/web/modules/ctools/modules/ctools_block/ctools_block.info.yml
index aa5a8e0d93..d8a437eb9c 100644
--- a/web/modules/ctools/modules/ctools_block/ctools_block.info.yml
+++ b/web/modules/ctools/modules/ctools_block/ctools_block.info.yml
@@ -6,7 +6,7 @@ core_version_requirement: ^8.8 || ^9
dependencies:
- ctools:ctools
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/modules/ctools_block/tests/modules/ctools_block_field_test/ctools_block_field_test.info.yml b/web/modules/ctools/modules/ctools_block/tests/modules/ctools_block_field_test/ctools_block_field_test.info.yml
index 76e91210f4..527af80d1d 100644
--- a/web/modules/ctools/modules/ctools_block/tests/modules/ctools_block_field_test/ctools_block_field_test.info.yml
+++ b/web/modules/ctools/modules/ctools_block/tests/modules/ctools_block_field_test/ctools_block_field_test.info.yml
@@ -12,7 +12,7 @@ dependencies:
- drupal:user
features: true
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/modules/ctools_entity_mask/ctools_entity_mask.info.yml b/web/modules/ctools/modules/ctools_entity_mask/ctools_entity_mask.info.yml
index 8819c3ce56..8372966655 100644
--- a/web/modules/ctools/modules/ctools_entity_mask/ctools_entity_mask.info.yml
+++ b/web/modules/ctools/modules/ctools_entity_mask/ctools_entity_mask.info.yml
@@ -3,7 +3,7 @@ core_version_requirement: ^8.8 || ^9
type: module
description: 'Allows an entity type to borrow the fields and display configuration of another entity type.'
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/modules/ctools_entity_mask/tests/modules/entity_mask_test/entity_mask_test.info.yml b/web/modules/ctools/modules/ctools_entity_mask/tests/modules/entity_mask_test/entity_mask_test.info.yml
index f0e2de495f..32111c29c6 100644
--- a/web/modules/ctools/modules/ctools_entity_mask/tests/modules/entity_mask_test/entity_mask_test.info.yml
+++ b/web/modules/ctools/modules/ctools_entity_mask/tests/modules/entity_mask_test/entity_mask_test.info.yml
@@ -7,7 +7,7 @@ dependencies:
- drupal:image
- drupal:text
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/modules/ctools_views/ctools_views.info.yml b/web/modules/ctools/modules/ctools_views/ctools_views.info.yml
index 81d3ffe344..8be583a3ec 100644
--- a/web/modules/ctools/modules/ctools_views/ctools_views.info.yml
+++ b/web/modules/ctools/modules/ctools_views/ctools_views.info.yml
@@ -8,7 +8,7 @@ dependencies:
- drupal:block
- drupal:views
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/modules/ctools_views/tests/modules/ctools_views_test_views/ctools_views_test_views.info.yml b/web/modules/ctools/modules/ctools_views/tests/modules/ctools_views_test_views/ctools_views_test_views.info.yml
index 5ae3ad7675..b45c39457d 100644
--- a/web/modules/ctools/modules/ctools_views/tests/modules/ctools_views_test_views/ctools_views_test_views.info.yml
+++ b/web/modules/ctools/modules/ctools_views/tests/modules/ctools_views_test_views/ctools_views_test_views.info.yml
@@ -12,7 +12,7 @@ dependencies:
- drupal:node
- drupal:taxonomy
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/src/Plugin/Block/EntityView.php b/web/modules/ctools/src/Plugin/Block/EntityView.php
index 9b64fddba9..ee96934641 100644
--- a/web/modules/ctools/src/Plugin/Block/EntityView.php
+++ b/web/modules/ctools/src/Plugin/Block/EntityView.php
@@ -9,6 +9,7 @@
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Plugin\ContextAwarePluginInterface;
+use Drupal\Core\Session\AccountInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
/**
@@ -98,6 +99,15 @@ public function blockSubmit($form, FormStateInterface $form_state) {
$this->configuration['view_mode'] = $form_state->getValue('view_mode');
}
+ /**
+ * {@inheritdoc}
+ */
+ public function access(AccountInterface $account, $return_as_object = FALSE) {
+ /** @var $entity \Drupal\Core\Entity\EntityInterface */
+ $entity = $this->getContextValue('entity');
+ return $entity->access('view', $account, $return_as_object);
+ }
+
/**
* {@inheritdoc}
*/
diff --git a/web/modules/ctools/tests/modules/ctools_block_display_test/ctools_block_display_test.info.yml b/web/modules/ctools/tests/modules/ctools_block_display_test/ctools_block_display_test.info.yml
index 10087d2558..a139b90e8f 100644
--- a/web/modules/ctools/tests/modules/ctools_block_display_test/ctools_block_display_test.info.yml
+++ b/web/modules/ctools/tests/modules/ctools_block_display_test/ctools_block_display_test.info.yml
@@ -6,7 +6,7 @@ package: Testing
dependencies:
- ctools:ctools
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/tests/modules/ctools_wizard_test/ctools_wizard_test.info.yml b/web/modules/ctools/tests/modules/ctools_wizard_test/ctools_wizard_test.info.yml
index 5c03d76218..34cdd603b6 100644
--- a/web/modules/ctools/tests/modules/ctools_wizard_test/ctools_wizard_test.info.yml
+++ b/web/modules/ctools/tests/modules/ctools_wizard_test/ctools_wizard_test.info.yml
@@ -4,7 +4,7 @@ description: 'Provides testing for ctools wizard'
package: Testing
# version: 3.x
-# Information added by Drupal.org packaging script on 2021-04-16
-version: '8.x-3.5'
+# Information added by Drupal.org packaging script on 2021-05-12
+version: '8.x-3.6'
project: 'ctools'
-datestamp: 1618592933
+datestamp: 1620832815
diff --git a/web/modules/ctools/tests/src/Kernel/Plugin/Block/EntityViewTest.php b/web/modules/ctools/tests/src/Kernel/Plugin/Block/EntityViewTest.php
new file mode 100644
index 0000000000..4e53dd22c8
--- /dev/null
+++ b/web/modules/ctools/tests/src/Kernel/Plugin/Block/EntityViewTest.php
@@ -0,0 +1,87 @@
+<?php
+
+namespace Drupal\Tests\ctools\Kernel\Plugin\Block;
+
+use Drupal\Core\Access\AccessResultForbidden;
+use Drupal\Core\Plugin\Context\ContextDefinition;
+use Drupal\ctools\Plugin\Block\EntityView;
+use Drupal\KernelTests\KernelTestBase;
+use Drupal\Tests\node\Traits\NodeCreationTrait;
+use Drupal\Tests\user\Traits\UserCreationTrait;
+
+/**
+ * Tests the entity_view block plugin.
+ *
+ * @coversDefaultClass \Drupal\ctools\Plugin\Block\EntityView
+ *
+ * @group ctools
+ */
+class EntityViewTest extends KernelTestBase {
+
+ use NodeCreationTrait;
+ use UserCreationTrait;
+
+ /**
+ * {@inheritdoc}
+ */
+ public static $modules = [
+ 'block',
+ 'ctools',
+ 'filter',
+ 'node',
+ 'system',
+ 'user',
+ ];
+
+ /**
+ * A page variant.
+ *
+ * @var \Drupal\page_manager\PageVariantInterface
+ */
+ protected $pageVariant;
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function setUp() {
+ parent::setUp();
+
+ $this->installConfig(['filter']);
+ $this->installEntitySchema('node');
+ $this->installEntitySchema('user');
+ $this->installSchema('system', ['sequences']);
+ }
+
+ /**
+ * Tests plugin access.
+ *
+ * @covers ::access
+ */
+ public function testAccess() {
+ // Create an unpublished node.
+ $node = $this->createNode(['status' => 0]);
+
+ $configuration = [
+ 'view_mode' => 'default',
+ 'context' => [
+ 'entity' => $node,
+ ],
+ ];
+ $definition = [
+ 'context' => [
+ 'entity' => new ContextDefinition('entity:node', NULL, TRUE, FALSE, NULL, $node),
+ ],
+ 'provider' => 'ctools',
+ ];
+ $block = EntityView::create($this->container, $configuration, 'entity_view:node', $definition);
+
+ $access = $block->access(\Drupal::currentUser());
+ $this->assertFalse($access);
+
+ // Add a user than can see the unpublished block.
+ $account = $this->createUser([], NULL, TRUE);
+ $access = $block->access($account);
+ $this->assertTrue($access);
+ }
+
+}
--
GitLab