7.x-1.9 Release Candidate 3

profiles/wcm_base/CHANGELOG.txt

+WCM Base 7.x-1.9-rc3, 2018-08-29
+--------------------------------
+- WCM Base:
+  - Updated Display Suite to 2.16.
+  - Updated Google Analytics to 2.5.
+  - Updated Redis to 3.17.
+  - Updated Views Bulk Operations to 3.5.
+- WCM News Client: Corrected warnings and notices to improve logging.
+- WCM Panels Settings: Converted File pane fields from generic file to media browser.
+- WCM Security:
+  - Updated Antibot to 1.2.
+  - Updated Honeypot to 1.25.
+- OCIO News: Updated change that put "See All News" link at the bottom of news panes.
+- OCIO Taxonomy: Updated Taxonomy Access Fix to 2.4.
+
 WCM Base 7.x-1.9-rc2, 2018-08-24
 --------------------------------
 - WCM Omega:
@@ -12,7 +27,6 @@ WCM Base 7.x-1.9-rc2, 2018-08-24
 - OCIO Media: Added additional checks to reduce notices in logs.
 - OCIO Seven: Replaced non-rendering Capita font with Georgia within WYSIWYG editor.
 
-
 WCM Base 7.x-1.9-rc1, 2018-08-09
 --------------------------------
 - WCM Base: Upgraded PHP to version 5.6.

profiles/wcm_base/modules/contrib/antibot/antibot.admin.inc

 <?php
 
+/**
+ * @file
+ * Admin callbacks and functions.
+ */
+
 /**
  * Admin settings form.
  */
@@ -7,7 +12,7 @@ function antibot_admin_settings($form, &$form_state) {
   $form['message'] = array(
     '#type' => 'html_tag',
     '#tag' => 'h3',
-    '#value' => t('Antibot requires that a user has Javascript enabled in order to use and submit a given form.'),
+    '#value' => t('Antibot requires that a user has JavaScript enabled in order to use and submit a given form.'),
   );
   $form['antibot_form_ids'] = array(
     '#type' => 'textarea',
@@ -21,6 +26,6 @@ function antibot_admin_settings($form, &$form_state) {
     '#default_value' => variable_get('antibot_show_form_ids', 0),
     '#description' => t('When enabled, the form IDs of all forms on every page will be displayed to any user with permission to access these settings. Also displayed will be whether or not Antibot is enabled for each form. This should only be turned on temporarily in order to easily determine the form IDs to use.'),
   );
-  
+
   return system_settings_form($form);
 }

profiles/wcm_base/modules/contrib/antibot/antibot.info

 name = Antibot
-description = Prevent forms from being submitted without Javascript enabled
+description = Prevent forms from being submitted without JavaScript enabled
 core = 7.x
 configure = admin/config/system/antibot
 
-; Information added by Drupal.org packaging script on 2016-06-28
-version = "7.x-1.0"
+; Information added by Drupal.org packaging script on 2018-06-11
+version = "7.x-1.2"
 core = "7.x"
 project = "antibot"
-datestamp = "1467123647"
-
+datestamp = "1528676285"

profiles/wcm_base/modules/contrib/antibot/antibot.install

 <?php
 
+/**
+ * @file
+ * Install/uninstall/update hooks and functions.
+ */
+
 /**
  * Implements hook_uninstall().
  */

profiles/wcm_base/modules/contrib/antibot/antibot.module

 <?php
 
+/**
+ * @file
+ * Attempt to prevent robotic form submissions and spam.
+ */
+
 /**
  * Implements hook_menu().
  */
@@ -20,7 +25,21 @@ function antibot_menu() {
     'access arguments' => array('administer site configuration'),
     'file' => 'antibot.admin.inc',
   );
-  return $items; 
+  return $items;
+}
+
+/**
+ * Implements hook_theme().
+ */
+function antibot_theme() {
+  $theme = array();
+  $theme['antibot_no_js'] = array(
+    'variables' => array(
+      'message' => NULL,
+    ),
+    'template' => 'templates/antibot-no-js',
+  );
+  return $theme;
 }
 
 /**
@@ -30,10 +49,11 @@ function antibot_form_alter(&$form, &$form_state, $form_id) {
   // Track if this form is antibot-enabled.
   $enabled = FALSE;
 
-  // See if this form should have antibot protection
+  // See if this form should have antibot protection.
   if (drupal_match_path($form_id, antibot_active_form_ids())) {
-    // Add a pre-render to activate antibot.
-    $form['#pre_render'][] = 'antibot_form_pre_render';
+    // Add antibot protection.
+    antibot_protect_form($form);
+
     // Mark as enabled.
     $enabled = TRUE;
   }
@@ -48,17 +68,49 @@ function antibot_form_alter(&$form, &$form_state, $form_id) {
   }
 }
 
+/**
+ * Helper function to enable Antibot protection for a given form.
+ *
+ * @param array &$form
+ *   The form to enable Antibot protection on.
+ */
+function antibot_protect_form(array &$form) {
+  // Ensure the form has an ID set.
+  if (!empty($form['#form_id'])) {
+    // Generate a key for this form.
+    $key = md5($form['#form_id']);
+
+    // Store the key in the form.
+    $form['#antibot_key'] = $key;
+
+    // Add a hidden value which will receive the key via JS.
+    // The point of this is to add an additonal layer of protection for remotely
+    // POSTed forms. Since the key will not be present in that scenario, the
+    // remote post will fail.
+    $form['antibot_key'] = array(
+      '#type' => 'hidden',
+      '#value' => '',
+    );
+
+    // Add validation for the key.
+    $form['#validate'][] = 'antibot_form_validation';
+  }
+
+  // Add a pre-render to activate antibot.
+  $form['#pre_render'][] = 'antibot_form_pre_render';
+}
+
 /**
  * Determine the form IDs that should contain Antibot protection.
- * 
- * @return
- *   A list of form IDs that can contain wildcard (*) characters. The 
+ *
+ * @return string
+ *   A list of form IDs that can contain wildcard (*) characters. The
  *   form IDs are separated by newline characters.
  */
 function antibot_active_form_ids() {
-  // See if we have IDs set
+  // See if we have IDs set.
   if (!($ids = variable_get('antibot_form_ids', NULL))) {
-    // Provide default IDs
+    // Provide default IDs.
     $ids = implode("\n", array(
       'comment_node_*',
       'user_login',
@@ -68,17 +120,17 @@ function antibot_active_form_ids() {
       'contact_site_form',
     ));
   }
-  
+
   return $ids;
 }
 
 /**
- * Pre-render callback on forms that should have Antibot protection.
- * 
- * @see antibot_form_alter().
+ * Pre-render callback on forms that have Antibot protection.
+ *
+ * @see antibot_protect_form()
  */
 function antibot_form_pre_render($form) {
-  // Attach the needed Javascript to re-enable this form
+  // Attach the needed JavaScript to re-enable this form.
   $form['antibot'] = array(
     '#attached' => array(
       'js' => array(
@@ -86,8 +138,11 @@ function antibot_form_pre_render($form) {
           'type' => 'setting',
           'data' => array(
             'antibot' => array(
-              'actions' => array(
-                $form['#id'] => $form['#action'],
+              'forms' => array(
+                $form['#id'] => array(
+                  'action' => $form['#action'],
+                  'key' => !empty($form['#antibot_key']) ? $form['#antibot_key'] : NULL,
+                ),
               ),
             ),
           ),
@@ -96,17 +151,48 @@ function antibot_form_pre_render($form) {
       ),
     ),
   );
-   
-  // Change the action so the submission does not go through
+
+  // Change the action so the submission does not go through.
   $form['#action'] = base_path() . 'antibot';
-    
-  // Hide the form in the event that the user does not have Javascript.
-  // If they do, it will be restored.
-  $form['#attributes']['style'] = 'display: none;';
-  $form['#attributes']['class'][] = 'antibot-hidden';
-    
-  // Provide a message in the event that the user does not have Javascript.
-  $form['#prefix'] = '<div class="antibot-no-js messages warning">' . t('You must have Javascript enabled to use this form.') . '</div>';
+
+  // Add a class to the form.
+  $form['#attributes']['class'][] = 'antibot';
+
+  // Provide a message in the event that the user does not have JavaScript.
+  $no_js = array(
+    '#theme' => 'antibot_no_js',
+    '#weight' => -500,
+    '#message' => t('You must have JavaScript enabled to use this form.'),
+  );
+  $no_js = drupal_render($no_js);
+
+  // Inject the message in to the form.
+  if (!isset($form['#prefix'])) {
+    $form['#prefix'] = '';
+  }
+  $form['#prefix'] = $no_js . $form['#prefix'];
 
   return $form;
 }
+
+/**
+ * Validation to Antibot-protected forms.
+ *
+ * @see antibot_protect_form()
+ */
+function antibot_form_validation($form, &$form_state) {
+  // Check if a key was provided in the form.
+  if (!empty($form['#antibot_key'])) {
+    // Views exposed forms will initially load and submit without the key.
+    if (($form['#form_id'] == 'views_exposed_form') && empty($form_state['input']['antibot_key'])) {
+      // We must allow this.
+      return;
+    }
+
+    // Validate the key.
+    if (empty($form_state['input']['antibot_key']) || ($form['#antibot_key'] != $form_state['input']['antibot_key'])) {
+      // Prevent the form from submitting.
+      form_set_error('', t('Submission failed. Please reload the page and try again.'));
+    }
+  }
+}

profiles/wcm_base/modules/contrib/antibot/antibot.pages.inc

 <?php
 
 /**
- * The landing page you are brought to if you submit a protected form
- * without Javascript enabled.
+ * @file
+ * Page callbacks and functions.
+ */
+
+/**
+ * The landing page callback.
+ *
+ * You are brought here if you submit a protected form without JavaScript
+ * enabled.
  */
 function antibot_landing_page() {
   $page = array();
@@ -12,12 +19,7 @@ function antibot_landing_page() {
     '#attributes' => array(
       'class' => array('messages', 'error'),
     ),
-    '#value' => t('You have reached this page because you submitted a form that required Javascript to be enabled on your browser. This protection is in place to attempt to prevent automated submissions made on forms. Please return to the page that you came from and enable Javascript on your browser before attempting to submit the form again.'),
-  );
-  $page['return'] = array(
-    '#type' => 'item',
-    '#markup' => l(t('Click here to go back'), $_SERVER['HTTP_REFERER']),
-    '#access' => (bool) strlen($_SERVER['HTTP_REFERER']),
+    '#value' => t('You have reached this page because you submitted a form that required JavaScript to be enabled on your browser. This protection is in place to attempt to prevent automated submissions made on forms. Please return to the page that you came from and enable JavaScript on your browser before attempting to submit the form again.'),
   );
   return $page;
 }

profiles/wcm_base/modules/contrib/antibot/js/antibot.js

@@ -5,46 +5,55 @@
  */
 (function ($) {
   Drupal.antibot = {};
-  
+
   Drupal.behaviors.antibot = {
     attach: function (context) {
-      // Assume the user is not human, despite JS being enabled
+      // Assume the user is not human, despite JS being enabled.
       Drupal.settings.antibot.human = false;
-      
-      // Display the hidden forms
-      $('.antibot-hidden', context).show();
-      // Remove the "no javascript" messages
-      $('.antibot-no-js', context).remove();
-      
-      // Wait for a mouse to move, indicating they are human
+
+      // Wait for a mouse to move, indicating they are human.
       $('body').mousemove(function() {
-        // Unlock the forms
+        // Unlock the forms.
         Drupal.antibot.unlockForms();
       });
-      
-      // A tab or enter key pressed can also indicate they are human
+
+      // Wait for a touch move event, indicating that they are human.
+      $('body').bind('touchmove', function() {
+        // Unlock the forms.
+        Drupal.antibot.unlockForms();
+      });
+
+      // A tab or enter key pressed can also indicate they are human.
       $('body').keydown(function(e) {
         if ((e.keyCode == 9) || (e.keyCode == 13)) {
-          // Unlock the forms
+          // Unlock the forms.
           Drupal.antibot.unlockForms();
         }
       });
     }
-  }
-  
+  };
+
   /**
    * Revert the action on the protected forms to what it was originally
    * set to.
    */
   Drupal.antibot.unlockForms = function() {
-    // Act only if we haven't yet verified this user as being human
+    // Act only if we haven't yet verified this user as being human.
     if (!Drupal.settings.antibot.human) {
-      // Iterate all antibot form actions that we need to revert
-      for (n in Drupal.settings.antibot.actions) {
-        $('form#' + n).attr('action', Drupal.settings.antibot.actions[n]);
+      // Iterate all antibot forms that we need to unlock.
+      for (var id in Drupal.settings.antibot.forms) {
+        // Switch the action to the original value.
+        $('form#' + id).attr('action', Drupal.settings.antibot.forms[id].action);
+
+        // Check if a key is required.
+        if (Drupal.settings.antibot.forms[id].key) {
+          // Inject the key value.
+          $('form#' + id).find('input[name="antibot_key"]').val(Drupal.settings.antibot.forms[id].key);
+        }
       }
-      // Mark this user as being human
+      // Mark this user as being human.
       Drupal.settings.antibot.human = true;
     }
-  }
+  };
+
 })(jQuery);

profiles/wcm_base/modules/contrib/antibot/templates/antibot-no-js.tpl.php

+<?php
+
+/**
+ * @file
+ * Template for printing a message to users without JavaScript enabled.
+ *
+ * Available variables:
+ * - $message: The message to display.
+ */
+?>
+<noscript>
+  <style>form.antibot { display: none !important; }</style>
+  <div class="antibot-no-js antibot-message antibot-message-warning messages warning">
+    <?php print $message; ?>
+  </div>
+</noscript>

profiles/wcm_base/modules/contrib/ds/ds.info

@@ -13,8 +13,8 @@ files[] = tests/ds.views.test
 files[] = tests/ds.forms.test
 configure = admin/structure/ds
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/ds.module

@@ -957,13 +957,13 @@ function ds_render_block_field($field) {
           return drupal_render($renderable_block);
           break;
         case DS_BLOCK_TITLE_CONTENT:
-          if (isset($block->subject) && isset($block->content['#markup'])) {
-            return '<h2 class="block-title">' . $block->subject . '</h2>' . $block->content['#markup'];
+          if (isset($block->subject) && isset($block->content) && $block->content) {
+            return '<h2 class="block-title">' . $block->subject . '</h2>' . drupal_render($block->content);
           }
           break;
         case DS_BLOCK_CONTENT:
-          if (isset($block->content['#markup'])) {
-            return $block->content['#markup'];
+          if (isset($block->content) && $block->content) {
+            return drupal_render($block->content);
           }
           break;
       }

profiles/wcm_base/modules/contrib/ds/modules/ds_devel/ds_devel.info

@@ -5,8 +5,8 @@ package = "Display Suite"
 dependencies[] = ds
 dependencies[] = devel
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/modules/ds_extras/ds_extras.info

@@ -5,8 +5,8 @@ package = "Display Suite"
 dependencies[] = ds
 configure = admin/structure/ds/list/extras
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/modules/ds_format/ds_format.info

@@ -5,8 +5,8 @@ package = "Display Suite"
 dependencies[] = ds
 configure = admin/structure/ds/list/extras
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/modules/ds_forms/ds_forms.info

@@ -4,8 +4,8 @@ core = "7.x"
 package = "Display Suite"
 dependencies[] = ds
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/modules/ds_search/ds_search.info

@@ -5,8 +5,8 @@ package = "Display Suite"
 dependencies[] = ds
 configure = admin/structure/ds/list/search
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/modules/ds_ui/ds_ui.info

@@ -4,8 +4,8 @@ core = "7.x"
 package = "Display Suite"
 dependencies[] = ds
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/tests/ds_exportables_test/ds_exportables_test.info

@@ -4,8 +4,8 @@ package = "Display Suite"
 core = 7.x
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/ds/tests/ds_test.info

@@ -5,8 +5,8 @@ package = "Display Suite"
 dependencies[] = ds_extras
 hidden = TRUE
 
-; Information added by Drupal.org packaging script on 2018-04-18
-version = "7.x-2.15"
+; Information added by Drupal.org packaging script on 2018-07-03
+version = "7.x-2.16"
 core = "7.x"
 project = "ds"
-datestamp = "1524068596"
+datestamp = "1530614326"

profiles/wcm_base/modules/contrib/google_analytics/googleanalytics.admin.inc

@@ -18,12 +18,19 @@ function googleanalytics_admin_settings_form($form_state) {
     '#title' => t('Web Property ID'),
     '#type' => 'textfield',
     '#default_value' => variable_get('googleanalytics_account', 'UA-'),
-    '#size' => 15,
+    '#size' => 20,
     '#maxlength' => 20,
     '#required' => TRUE,
     '#description' => t('This ID is unique to each site you want to track separately, and is in the form of UA-xxxxxxx-yy. To get a Web Property ID, <a href="@analytics">register your site with Google Analytics</a>, or if you already have registered your site, go to your Google Analytics Settings page to see the ID next to every site profile. <a href="@webpropertyid">Find more information in the documentation</a>.', array('@analytics' => 'http://www.google.com/analytics/', '@webpropertyid' => url('https://developers.google.com/analytics/resources/concepts/gaConceptsAccounts', array('fragment' => 'webProperty')))),
   );
 
+  $form['account']['googleanalytics_premium'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Premium account'),
+    '#description' => t('If you are a Google Analytics Premium customer, you can use up to 200 instead of 20 custom dimensions and metrics.'),
+    '#default_value' => variable_get('googleanalytics_premium', FALSE),
+  );
+
   // Visibility settings.
   $form['tracking_title'] = array(
     '#type' => 'item',
@@ -169,7 +176,7 @@ function googleanalytics_admin_settings_form($form_state) {
     '#type' => 'fieldset',
     '#title' => t('Users'),
   );
-  $t_permission = array('%permission' => t('opt-in or out of tracking'));
+  $t_permission = array('%permission' => t('Opt-in or out of tracking'));
   $form['tracking']['user_vis_settings']['googleanalytics_custom'] = array(
     '#type' => 'radios',
     '#title' => t('Allow users to customize tracking on their account page'),
@@ -326,8 +333,10 @@ function googleanalytics_admin_settings_form($form_state) {
 
   $googleanalytics_custom_dimension = variable_get('googleanalytics_custom_dimension', array());
 
-  // Google Analytics supports up to 20 custom dimensions.
-  for ($i = 1; $i <= 20; $i++) {
+  // Standard Google Analytics accounts support up to 20 custom dimensions,
+  // premium accounts support up to 200 custom dimensions.
+  $limit = (variable_get('googleanalytics_premium', FALSE)) ? 200 : 20;
+  for ($i = 1; $i <= $limit; $i++) {
     $form['googleanalytics_custom_dimension']['indexes'][$i]['index'] = array(
       '#default_value' => $i,
       '#description' => t('Index number'),
@@ -377,8 +386,9 @@ function googleanalytics_admin_settings_form($form_state) {
 
   $googleanalytics_custom_metric = variable_get('googleanalytics_custom_metric', array());
 
-  // Google Analytics supports up to 20 custom metrics.
-  for ($i = 1; $i <= 20; $i++) {
+  // Standard Google Analytics accounts support up to 20 custom metrics,
+  // premium accounts support up to 200 custom metrics.
+  for ($i = 1; $i <= $limit; $i++) {
     $form['googleanalytics_custom_metric']['indexes'][$i]['index'] = array(
       '#default_value' => $i,
       '#description' => t('Index number'),
@@ -785,16 +795,19 @@ function _googleanalytics_validate_create_field_name($name) {
   // List of supported field names:
   // https://developers.google.com/analytics/devguides/collection/analyticsjs/field-reference#create
   $create_only_fields = array(
-    'clientId',
-    'userId',
-    'sampleRate',
-    'siteSpeedSampleRate',
-    'alwaysSendReferrer',
     'allowAnchor',
+    'alwaysSendReferrer',
+    'clientId',
     'cookieName',
     'cookieDomain',
     'cookieExpires',
     'legacyCookieDomain',
+    'legacyHistoryImport',
+    'sampleRate',
+    'siteSpeedSampleRate',
+    'storage',
+    'useAmpClientId',
+    'userId',
   );
 
   if ($name == 'name') {

profiles/wcm_base/modules/contrib/google_analytics/googleanalytics.info

@@ -5,9 +5,8 @@ package = Statistics
 configure = admin/config/system/googleanalytics
 files[] = googleanalytics.test
 test_dependencies[] = token
-; Information added by Drupal.org packaging script on 2016-08-09
-version = "7.x-2.3"
+; Information added by Drupal.org packaging script on 2018-07-13
+version = "7.x-2.5"
 core = "7.x"
 project = "google_analytics"
-datestamp = "1470779953"
-
+datestamp = "1531469026"