diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 2da07b9e49967374df704153221e2832e42b4f68..fa3f693946b0580840ab0de4ea9e69aa7d33985b 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,6 @@
+Drupal 7.60, 2018-10-18
+------------------------
+- Fixed security issues. See SA-CORE-2018-006.
Drupal 7.59, 2018-04-25
-----------------------
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 59a8bc6e341cdd8e6b3094bfbae0e4e96b02ebc1..837cb70bbd1bfbb1b9983166b0b3110b19ea0ad7 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '7.59');
+define('VERSION', '7.60');
/**
* Core API compatibility.
diff --git a/includes/common.inc b/includes/common.inc
index 4fb231e086e7f3b9ad8a09f678820671bfc14d19..e708c52cbd42d42dbadb26a3975c3f1346bbee61 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -2311,7 +2311,10 @@ function url($path = NULL, array $options = array()) {
$language = isset($options['language']) && isset($options['language']->language) ? $options['language']->language : '';
$alias = drupal_get_path_alias($original_path, $language);
if ($alias != $original_path) {
- $path = $alias;
+ // Strip leading slashes from internal path aliases to prevent them
+ // becoming external URLs without protocol. /example.com should not be
+ // turned into //example.com.
+ $path = ltrim($alias, '/');
}
}
diff --git a/misc/healthchecks/db.check.php b/misc/healthchecks/db.check.php
index c377b75a27ba81da932440d101ec18be5a53e509..57274ae88ab0f2be962c8ba20028d32cf16a3040 100644
--- a/misc/healthchecks/db.check.php
+++ b/misc/healthchecks/db.check.php
@@ -3,12 +3,12 @@
if (isset($_SERVER['PRESSFLOW_SETTINGS'])) {
$pressflow_config = json_decode($_SERVER['PRESSFLOW_SETTINGS'], TRUE);
$db = $pressflow_config['databases']['default']['default'];
- $link = mysql_connect($db['host'] . ':' . $db['port'], $db['username'], $db['password']);
+ $link = mysqli_connect($db['host'] . ':' . $db['port'], $db['username'], $db['password']);
if (!$link) {
- fail('Could not connect: ' . mysql_error());
+ fail('Could not connect: ' . mysqli_error());
}
echo "OK\n";
- mysql_close($link);
+ mysqli_close($link);
}
else {
fail("No config found.\n");
diff --git a/modules/path/path.test b/modules/path/path.test
index edecff5cbb52eba2f5b9494963b7a5e395224502..f6131ce62bfe85240aa3b916bbaf6e693b63bf02 100644
--- a/modules/path/path.test
+++ b/modules/path/path.test
@@ -21,7 +21,7 @@ class PathTestCase extends DrupalWebTestCase {
parent::setUp('path');
// Create test user and login.
- $web_user = $this->drupalCreateUser(array('create page content', 'edit own page content', 'administer url aliases', 'create url aliases'));
+ $web_user = $this->drupalCreateUser(array('create page content', 'edit own page content', 'administer url aliases', 'create url aliases', 'access content overview'));
$this->drupalLogin($web_user);
}
@@ -160,6 +160,34 @@ class PathTestCase extends DrupalWebTestCase {
$this->drupalGet($edit['path[alias]']);
$this->assertNoText($node1->title, 'Alias was successfully deleted.');
$this->assertResponse(404);
+
+ // Create third test node.
+ $node3 = $this->drupalCreateNode();
+
+ // Create an invalid alias with a leading slash and verify that the slash
+ // is removed when the link is generated. This ensures that URL aliases
+ // cannot be used to inject external URLs.
+ // @todo The user interface should either display an error message or
+ // automatically trim these invalid aliases, rather than allowing them to
+ // be silently created, at which point the functional aspects of this
+ // test will need to be moved elsewhere and switch to using a
+ // programmatically-created alias instead.
+ $alias = $this->randomName(8);
+ $edit = array('path[alias]' => '/' . $alias);
+ $this->drupalPost('node/' . $node3->nid . '/edit', $edit, t('Save'));
+ $this->drupalGet('admin/content');
+ // This checks the link href before clicking it, rather than using
+ // DrupalWebTestCase::assertUrl() after clicking it, because the test
+ // browser does not always preserve the correct number of slashes in the
+ // URL when it visits internal links; using DrupalWebTestCase::assertUrl()
+ // would actually make the test pass unconditionally on the testbot (or
+ // anywhere else where Drupal is installed in a subdirectory).
+ $link_xpath = $this->xpath('//a[normalize-space(text())=:label]', array(':label' => $node3->title));
+ $link_href = (string) $link_xpath[0]['href'];
+ $link_prefix = base_path() . (variable_get('clean_url', 0) ? '' : '?q=');
+ $this->assertEqual($link_href, $link_prefix . $alias);
+ $this->clickLink($node3->title);
+ $this->assertResponse(404);
}
/**
diff --git a/modules/system/system.mail.inc b/modules/system/system.mail.inc
index 443e5740013926b14e357017e753855834eaff31..9a17f55f6f5c88ece7b5f13b9e41967577366a99 100644
--- a/modules/system/system.mail.inc
+++ b/modules/system/system.mail.inc
@@ -70,7 +70,9 @@ class DefaultMailSystem implements MailSystemInterface {
// hosts. The return value of this method will still indicate whether mail
// was sent successfully.
if (!isset($_SERVER['WINDIR']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') === FALSE) {
- if (isset($message['Return-Path']) && !ini_get('safe_mode')) {
+ // We validate the return path, unless it is equal to the site mail, which
+ // we assume to be safe.
+ if (isset($message['Return-Path']) && !ini_get('safe_mode') && (variable_get('site_mail', ini_get('sendmail_from')) === $message['Return-Path'] || self::_isShellSafe($message['Return-Path']))) {
// On most non-Windows systems, the "-f" option to the sendmail command
// is used to set the Return-Path. There is no space between -f and
// the value of the return path.
@@ -109,6 +111,36 @@ class DefaultMailSystem implements MailSystemInterface {
}
return $mail_result;
}
+
+ /**
+ * Disallows potentially unsafe shell characters.
+ *
+ * Functionally similar to PHPMailer::isShellSafe() which resulted from
+ * CVE-2016-10045. Note that escapeshellarg and escapeshellcmd are inadequate
+ * for this purpose.
+ *
+ * @param string $string
+ * The string to be validated.
+ *
+ * @return bool
+ * True if the string is shell-safe.
+ *
+ * @see https://github.com/PHPMailer/PHPMailer/issues/924
+ * @see https://github.com/PHPMailer/PHPMailer/blob/v5.2.21/class.phpmailer.php#L1430
+ *
+ * @todo Rename to ::isShellSafe() and/or discuss whether this is the correct
+ * location for this helper.
+ */
+ protected static function _isShellSafe($string) {
+ if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) {
+ return FALSE;
+ }
+ if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {
+ return FALSE;
+ }
+ return TRUE;
+ }
+
}
/**
diff --git a/profiles/wcm_base/CHANGELOG.txt b/profiles/wcm_base/CHANGELOG.txt
index 86d86904d83998f89063bbc560384db9ba12d240..be82f815081417b3b2ef7103d7427e452b9da3ff 100644
--- a/profiles/wcm_base/CHANGELOG.txt
+++ b/profiles/wcm_base/CHANGELOG.txt
@@ -1,3 +1,9 @@
+WCM Base 7.x-1.9, 2018-10-18
+--------------------------------
+- WCM Base:
+ - Updated Drupal to 7.60 per SA-CORE-2018-006
+ - Updated Mimemail to 1.1 (Security Update)
+
WCM Base 7.x-1.9-rc4, 2018-10-12
--------------------------------
- WCM Base:
diff --git a/profiles/wcm_base/modules/contrib/mimemail/CHANGELOG.txt b/profiles/wcm_base/modules/contrib/mimemail/CHANGELOG.txt
index a7e42b9f904f09839082253cacf6a8837a5fa507..dda9b0a1f54d7e4a8e804edc819bc7e7d854306a 100644
--- a/profiles/wcm_base/modules/contrib/mimemail/CHANGELOG.txt
+++ b/profiles/wcm_base/modules/contrib/mimemail/CHANGELOG.txt
@@ -1,6 +1,11 @@
Mime Mail 7.x-1.x, xxxx-xx-xx
-----------------------
+Mime Mail 7.x-1.1, 2018-10-17
+-----------------------
+- #161907 by RainbowLyte, sgabe: Fixed sanitization of additional mail parameter
+- #2986204 by TR: Missing test dependencies
+
Mime Mail 7.x-1.0, 2017-05-14
-----------------------
- #2743229 by Bird-Kid, AdamPS: CSS doesn't get attached in PHP7
diff --git a/profiles/wcm_base/modules/contrib/mimemail/mimemail.info b/profiles/wcm_base/modules/contrib/mimemail/mimemail.info
index dc167376b0553db868a879051be53840ce661491..4261e872dd96087e47cb7d502e805c09457aa927 100644
--- a/profiles/wcm_base/modules/contrib/mimemail/mimemail.info
+++ b/profiles/wcm_base/modules/contrib/mimemail/mimemail.info
@@ -14,9 +14,13 @@ files[] = tests/mimemail.test
files[] = tests/mimemail_rules.test
files[] = tests/mimemail_compress.test
-; Information added by Drupal.org packaging script on 2017-05-14
-version = "7.x-1.0"
+; Modules needed for testing
+test_dependencies[] = rules
+test_dependencies[] = entity
+test_dependencies[] = entity_token
+
+; Information added by Drupal.org packaging script on 2018-10-17
+version = "7.x-1.1"
core = "7.x"
project = "mimemail"
-datestamp = "1494775689"
-
+datestamp = "1539793390"
diff --git a/profiles/wcm_base/modules/contrib/mimemail/mimemail.module b/profiles/wcm_base/modules/contrib/mimemail/mimemail.module
index 0b39374546ce7ec48f886bf65162d049a3e0ff50..084e5ae466139061fbd0b790718d085f1b8bc86c 100644
--- a/profiles/wcm_base/modules/contrib/mimemail/mimemail.module
+++ b/profiles/wcm_base/modules/contrib/mimemail/mimemail.module
@@ -252,7 +252,9 @@ function mimemail_mailengine($op, $message = array()) {
$result = TRUE;
foreach ($recipients as $to) {
- if (isset($return_path) && !empty($return_path)) {
+ // We validate the return path, unless it is equal to the site mail, which
+ // we assume to be safe.
+ if (isset($return_path) && !empty($return_path) && (variable_get('site_mail', ini_get('sendmail_from')) === $return_path || mimemail_isshellsafe($return_path))) {
if (isset($_SERVER['WINDIR']) || strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE) {
// On Windows, PHP will use the value of sendmail_from for the
// Return-Path header.
@@ -398,3 +400,22 @@ function mimemail_prepare_message($message) {
return $message;
}
+
+/**
+ * Disallows potentially unsafe shell characters.
+ *
+ * @param string $string
+ * The string to be validated.
+ *
+ * @return bool
+ * True if the string is shell-safe.
+ */
+function mimemail_isshellsafe($string) {
+ if (escapeshellcmd($string) !== $string || !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))) {
+ return FALSE;
+ }
+ if (preg_match('/[^a-zA-Z0-9@_\-.]/', $string) !== 0) {
+ return FALSE;
+ }
+ return TRUE;
+}
diff --git a/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_action/mimemail_action.info b/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_action/mimemail_action.info
index fd7c9af5aa01ea3cae445ccbb8dca185bf9d47d4..479d443d96a711446ef9ea19911ad02d555c50f5 100644
--- a/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_action/mimemail_action.info
+++ b/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_action/mimemail_action.info
@@ -6,9 +6,8 @@ dependencies[] = trigger
core = 7.x
-; Information added by Drupal.org packaging script on 2017-05-14
-version = "7.x-1.0"
+; Information added by Drupal.org packaging script on 2018-10-17
+version = "7.x-1.1"
core = "7.x"
project = "mimemail"
-datestamp = "1494775689"
-
+datestamp = "1539793390"
diff --git a/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_compress/mimemail_compress.info b/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_compress/mimemail_compress.info
index 4c158295a2add01cd7d07aef21810f2885210129..45f24e229af1ef7ae66012bcd8a9338f2615cd5e 100644
--- a/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_compress/mimemail_compress.info
+++ b/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_compress/mimemail_compress.info
@@ -6,9 +6,8 @@ core = 7.x
files[] = mimemail_compress.inc
-; Information added by Drupal.org packaging script on 2017-05-14
-version = "7.x-1.0"
+; Information added by Drupal.org packaging script on 2018-10-17
+version = "7.x-1.1"
core = "7.x"
project = "mimemail"
-datestamp = "1494775689"
-
+datestamp = "1539793390"
diff --git a/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_example/mimemail_example.info b/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_example/mimemail_example.info
index ac3a01fdae15c4435ea506b66c97466e11bcc50e..af8bf6b632380adad77868bc4f73cbaf1b89a2f1 100644
--- a/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_example/mimemail_example.info
+++ b/profiles/wcm_base/modules/contrib/mimemail/modules/mimemail_example/mimemail_example.info
@@ -4,9 +4,8 @@ dependencies[] = mimemail
package = Example modules
core = 7.x
-; Information added by Drupal.org packaging script on 2017-05-14
-version = "7.x-1.0"
+; Information added by Drupal.org packaging script on 2018-10-17
+version = "7.x-1.1"
core = "7.x"
project = "mimemail"
-datestamp = "1494775689"
-
+datestamp = "1539793390"
diff --git a/profiles/wcm_base/modules/contrib/redirect/README.txt b/profiles/wcm_base/modules/contrib/redirect/README.txt
index 3ea2f179aaf1510c8ee12a9b3cb7833109baf8eb..e83a4c572644edcc8d8619b61ad88d4652d40e82 100644
--- a/profiles/wcm_base/modules/contrib/redirect/README.txt
+++ b/profiles/wcm_base/modules/contrib/redirect/README.txt
@@ -1,3 +1,88 @@
+CONTENTS OF THIS FILE
+---------------------
-This is the new module home for a unified redirection API (also replaces
-path_redirect and globalredirect).
+ * Introduction
+ * Requirements
+ * Installation
+ * Recommended Modules
+ * Configuration
+ * Maintainers
+
+
+INTRODUCTION
+------------
+
+The Redirect module provides a unified redirection API (also replaces
+path_redirect and globalredirect) and allows users to redirect from old URLs to
+new URLs.
+
+
+ * For a full description of the module visit:
+ https://www.drupal.org/project/redirect
+
+ * To submit bug reports and feature suggestions, or to track changes visit:
+ https://www.drupal.org/project/issues/redirect
+
+
+REQUIREMENTS
+------------
+
+This module requires no modules outside of Drupal core.
+
+
+RECOMMENDED MODULES
+-------------------
+
+Multi-path autocomplete helps provide auto-complete listings for the destination
+textfield on the redirect form.
+ * Multi-path autocomplete - https://www.drupal.org/project/mpac
+
+Pathauto can be configured to automatically generate path redirects to ensure
+that URL alias changes do not break existing links.
+ * Pathauto - https://www.drupal.org/project/pathauto
+
+Pathologic helps transform relative links in content to absolute URLs. Most
+helpful when you move your site to a new domain or different folder.
+ * Pathologic - https://www.drupal.org/project/pathologic
+
+Match Redirect provides redirecting based on path patterns with wildcards. Does
+not extend or require the Redirect module itself.
+ * Match Redirect - https://www.drupal.org/project/match_redirect
+
+
+INSTALLATION
+------------
+
+ * Install the Redirect module as you would normally install a contributed
+ Drupal module. Visit https://www.drupal.org/node/895232 for further
+ information.
+
+
+CONFIGURATION
+--------------
+
+ 1. Navigate to Administration > Modules and enable the module.
+ 2. Navigate to Administration > Configuration > Search and Metadata > URL
+ redirects for configuration.
+ 3. Select "Add redirect" and in the "Path" field add the old path.
+ 4. In the "To" field, start typing the title of a piece of content to select
+ it. You can also enter an internal path such as /node/add or an external
+ URL such as http://example.com. Enter <front> to link to the front page.
+ 5. Open the Advanced options and select the Redirect status: 300 Multiple
+ Choices, 301 Moved Permanently, 302 Found, 303 See Other, 304 Not
+ Modified, 305 Use Proxy, or 307 Temporary Redirect. Save.
+ 6. Once a redirect has been added, it will be listed in the URL Redirects
+ vertical tab group on the content's edit page.
+
+
+
+MAINTAINERS
+-----------
+
+ * Sascha Grossenbacher (Berdir) - https://www.drupal.org/u/berdir
+ * Dave Reid - https://www.drupal.org/u/dave-reid
+
+Supporting organizations:
+
+ * Lullabot - https://www.drupal.org/lullabot
+ * Acquia - https://www.drupal.org/acquia
diff --git a/profiles/wcm_base/modules/contrib/redirect/redirect.admin.inc b/profiles/wcm_base/modules/contrib/redirect/redirect.admin.inc
index 2e6895c046e5b5e77b3eb581dde2e5ad8d2bf471..fc5977c8ba2433a2b816f4a2a59303002be2208a 100644
--- a/profiles/wcm_base/modules/contrib/redirect/redirect.admin.inc
+++ b/profiles/wcm_base/modules/contrib/redirect/redirect.admin.inc
@@ -350,8 +350,8 @@ function redirect_edit_form($form, &$form_state, $redirect = NULL) {
$form['source'] = array(
'#type' => 'textfield',
'#title' => t('From'),
- '#description' => t("Enter an internal Drupal path or path alias to redirect (e.g. %example1 or %example2). Fragment anchors (e.g. %anchor) are <strong>not</strong> allowed.", array('%example1' => 'node/123', '%example2' => 'taxonomy/term/123', '%anchor' => '#anchor')),
- '#maxlength' => 560,
+ '#description' => t("Enter an internal Drupal path or path alias, of up to 900 characters, to redirect (e.g. %example1 or %example2). Fragment anchors (e.g. %anchor) are <strong>not</strong> allowed. ", array('%example1' => 'node/123', '%example2' => 'taxonomy/term/123', '%anchor' => '#anchor')),
+ '#maxlength' => 900,
'#default_value' => $redirect->rid || $redirect->source ? redirect_url($redirect->source, $redirect->source_options + array('alter' => FALSE)) : '',
'#required' => TRUE,
'#field_prefix' => $GLOBALS['base_url'] . '/' . (variable_get('clean_url', 0) ? '' : '?q='),
@@ -365,10 +365,10 @@ function redirect_edit_form($form, &$form_state, $redirect = NULL) {
$form['redirect'] = array(
'#type' => 'textfield',
'#title' => t('To'),
- '#maxlength' => 560,
+ '#maxlength' => 900,
'#default_value' => $redirect->rid || $redirect->redirect ? redirect_url($redirect->redirect, $redirect->redirect_options, TRUE) : '',
'#required' => TRUE,
- '#description' => t('Enter an internal Drupal path, path alias, or complete external URL (like http://example.com/) to redirect to. Use %front to redirect to the front page.', array('%front' => '<front>')),
+ '#description' => t('Enter an internal Drupal path, path alias, or complete external URL (like http://example.com/) to redirect to. The value length is up to 900 characters. Use %front to redirect to the front page.', array('%front' => '<front>')),
'#element_validate' => array('redirect_element_validate_redirect'),
);
diff --git a/profiles/wcm_base/modules/contrib/redirect/redirect.info b/profiles/wcm_base/modules/contrib/redirect/redirect.info
index 70be3534852fa5e9146010c4544611273b7bbd49..85043fdf0bf833802b0b4446e73c59ec6e2ada7c 100644
--- a/profiles/wcm_base/modules/contrib/redirect/redirect.info
+++ b/profiles/wcm_base/modules/contrib/redirect/redirect.info
@@ -14,8 +14,8 @@ files[] = views/redirect_handler_field_redirect_link_delete.inc
configure = admin/config/search/redirect/settings
suggests[] = mpac
-; Information added by Drupal.org packaging script on 2018-10-09
+; Information added by Drupal.org packaging script on 2018-10-13
version = "7.x-2.x-dev"
core = "7.x"
project = "redirect"
-datestamp = "1539124987"
+datestamp = "1539391687"
diff --git a/profiles/wcm_base/modules/contrib/redirect/redirect.install b/profiles/wcm_base/modules/contrib/redirect/redirect.install
index 7b41d2e35c41266a8650408651b5f97f8032ad49..caa69257cd2c6d44ce80eb7a9d2dded94ab78ca0 100644
--- a/profiles/wcm_base/modules/contrib/redirect/redirect.install
+++ b/profiles/wcm_base/modules/contrib/redirect/redirect.install
@@ -39,7 +39,7 @@ function redirect_schema() {
),
'source' => array(
'type' => 'varchar',
- 'length' => 255,
+ 'length' => 900,
'not null' => TRUE,
'description' => 'The source path to redirect from.',
),
@@ -51,7 +51,7 @@ function redirect_schema() {
),
'redirect' => array(
'type' => 'varchar',
- 'length' => 255,
+ 'length' => 900,
'not null' => TRUE,
'description' => 'The destination path to redirect to.',
),
@@ -104,7 +104,11 @@ function redirect_schema() {
'expires' => array('type', 'access'),
'status_source_language' => array(
'status',
- 'source',
+ // Limit the number of characters used by the index.
+ // That allows avoiding the risk to have a PDOException
+ // caused the DB index limitations of some databases.
+ // see https://www.drupal.org/project/redirect/issues/2057615.
+ array('source', 255),
'language',
),
),
diff --git a/profiles/wcm_base/modules/contrib/redirect/views/redirect.views.inc b/profiles/wcm_base/modules/contrib/redirect/views/redirect.views.inc
index 86cdc1b4763ac8755ccff3630e8e195695efc670..13201e6c6eed73521e9cef52316e87258633c34c 100644
--- a/profiles/wcm_base/modules/contrib/redirect/views/redirect.views.inc
+++ b/profiles/wcm_base/modules/contrib/redirect/views/redirect.views.inc
@@ -155,6 +155,25 @@ function redirect_views_data() {
);
}
+ // {redirect}.status
+ $data['redirect']['status'] = array(
+ 'title' => t('Status'),
+ 'help' => t('Whether or not the redirect is enabled.'),
+ 'field' => array(
+ 'handler' => 'views_handler_field_boolean',
+ 'click sortable' => TRUE,
+ ),
+ 'filter' => array(
+ 'handler' => 'views_handler_filter_boolean_operator',
+ 'label' => t('Status'),
+ 'type' => 'enabled-disabled',
+ 'use equal' => TRUE, // Use status = 1 instead of status <> 0 in WHERE statment
+ ),
+ 'sort' => array(
+ 'handler' => 'views_handler_sort',
+ ),
+ );
+
// {redirect}.count
$data['redirect']['count'] = array(
'title' => t('Clicks'),
diff --git a/profiles/wcm_base/modules/contrib/workbench/plugins/content_types/workbench_display.inc b/profiles/wcm_base/modules/contrib/workbench/plugins/content_types/workbench_display.inc
new file mode 100644
index 0000000000000000000000000000000000000000..b715dbd5a7afa91228de17e62d4cd51a28eeb4e3
--- /dev/null
+++ b/profiles/wcm_base/modules/contrib/workbench/plugins/content_types/workbench_display.inc
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * @file
+ * CTools content plugin to display the Workbench content status block in a
+ * panel.
+ */
+
+$plugin = array(
+ 'single' => TRUE,
+ 'title' => t('Workbench content status'),
+ 'description' => t('Workbench content status block, for use in panels.'),
+ 'category' => t('Workbench'),
+ 'render callback' => 'workbench_display_render',
+ 'required context' => new ctools_context_required(t('Node'), 'node'),
+);
+
+function workbench_display_render($subtype, $conf, $args, $context) {
+ $block = new stdClass();
+
+ if (isset($context->data)) {
+ if (isset($context->data->nid) && is_numeric($context->data->nid) && isset($context->data->vid) && is_numeric($context->data->vid)) {
+ $node = node_load($context->data->nid, $context->data->vid);
+ if (node_is_page($node) && empty($node->in_preview)) {
+ // @see workbench_moderation_node_view()
+ // @see workbench_moderation_workbench_block()
+ if (module_exists('workbench_moderation')) {
+ workbench_moderation_messages('view', $node);
+ }
+
+ $workbench_block = workbench_block_view();
+ $block->content = $workbench_block['content'];
+ }
+ }
+ }
+
+ return $block;
+}
diff --git a/profiles/wcm_base/modules/contrib/workbench/workbench.info b/profiles/wcm_base/modules/contrib/workbench/workbench.info
index d7cbf84f6369778823ff812cc8a73b4f01b89ced..ba087ccceee0073cbeeddcd04a02a22ee4ebacde 100644
--- a/profiles/wcm_base/modules/contrib/workbench/workbench.info
+++ b/profiles/wcm_base/modules/contrib/workbench/workbench.info
@@ -3,4 +3,5 @@ description = Workbench editorial suite.
package = Workbench
core = 7.x
configure = admin/config/workbench/settings
+dependencies[] = ctools
dependencies[] = views
diff --git a/profiles/wcm_base/modules/contrib/workbench/workbench.module b/profiles/wcm_base/modules/contrib/workbench/workbench.module
index 2b766fc4a058e44918cc2928da73ee77fa6f21e3..943a65a961892294ad18e9b30466a52ecb303bec 100644
--- a/profiles/wcm_base/modules/contrib/workbench/workbench.module
+++ b/profiles/wcm_base/modules/contrib/workbench/workbench.module
@@ -214,6 +214,9 @@ function workbench_ctools_plugin_directory($owner, $plugin_type) {
if ($owner == 'page_manager') {
return 'plugins/page_manager/' . $plugin_type;
}
+ elseif ($owner == 'ctools' && $plugin_type == 'content_types') {
+ return 'plugins/' . $plugin_type;
+ }
}
/**
diff --git a/profiles/wcm_base/wcm_base.make b/profiles/wcm_base/wcm_base.make
index b3747fd0307c4344eca2c7ac4cae0d188ba521af..36c5c353c2ce52347ad4e65ec34c8240606319a4 100644
--- a/profiles/wcm_base/wcm_base.make
+++ b/profiles/wcm_base/wcm_base.make
@@ -92,7 +92,7 @@ projects[migrate][version] = 2.8
projects[migrate][subdir] = contrib
projects[migrate][2297685] = http://drupal.org/files/issues/migrate-php7-uniform-variable-syntax.patch
-projects[mimemail][version] = 1.0
+projects[mimemail][version] = 1.1
projects[mimemail][subdir] = contrib
projects[media][version] = 2.19