Backdrop 1.28.0

docroot/README.md

@@ -107,7 +107,7 @@ Backdrop is [GPL v2](http://www.gnu.org/licenses/gpl-2.0.html) (or higher)
 software. See the LICENSE.txt file for complete text. Distributions of this
 software may relicense it as any later version of the GPL.
 
-All Backdrop code is Copyright 2001 - 2023 by the original authors.
+All Backdrop code is Copyright 2001 - 2024 by the original authors.
 
 Backdrop also includes works under different copyright notices that are
 distributed according to the terms of the GNU General Public License or a

docroot/core/.jshintignore

@@ -1,5 +1,4 @@
 misc/farbtastic
-misc/html5.js
 misc/jquery.cookie.js
 misc/jquery.form.js
 misc/jquery.js

docroot/core/authorize.php

@@ -10,7 +10,7 @@
  * user interface which knows how to redirect the user to this script as part of
  * a multistep process. This script actually performs the selected operations
  * without loading all of Backdrop, to be able to more gracefully recover from
- * errors. Access to the script is controlled by a global killswitch in
+ * errors. Access to the script is controlled by a global kill switch in
  * settings.php ('allow_authorize_operations') and via the 'administer software
  * updates' permission.
  *
@@ -54,7 +54,7 @@ function authorize_access_denied_page() {
 /**
  * Determines if the current user is allowed to run authorize.php.
  *
- * The killswitch in settings.php overrides all else, otherwise, the user must
+ * The kill switch in settings.php overrides all else, otherwise, the user must
  * have access to the 'administer software updates' permission.
  *
  * @return

docroot/core/includes/bootstrap.inc

@@ -7,7 +7,7 @@
 /**
  * The current system version.
  */
-define('BACKDROP_VERSION', '1.26.1');
+define('BACKDROP_VERSION', '1.28.0');
 
 /**
  * Core API compatibility.
@@ -63,6 +63,7 @@ define('CACHE_TEMPORARY', -1);
  * comment, "And it's also not a bug, as Windows just have less log levels,"
  * and "So the behavior you're seeing is perfectly normal."
  *
+ * @see https://en.wikipedia.org/wiki/Syslog#Severity_level
  * @see http://www.faqs.org/rfcs/rfc3164.html
  * @see http://bugs.php.net/bug.php?id=18090
  * @see http://php.net/manual/function.syslog.php
@@ -97,7 +98,7 @@ define('WATCHDOG_ERROR', 3);
 define('WATCHDOG_WARNING', 4);
 
 /**
- * Log message severity -- Normal but significant conditions.
+ * Log message severity -- Notice: normal but significant conditions.
  */
 define('WATCHDOG_NOTICE', 5);
 
@@ -112,7 +113,7 @@ define('WATCHDOG_INFO', 6);
 define('WATCHDOG_DEBUG', 7);
 
 /**
- * Log message severity -- Deprecated function / feature notices.
+ * Log message severity -- Deprecated function/feature notices.
  */
 define('WATCHDOG_DEPRECATED', 8);
 
@@ -366,7 +367,7 @@ abstract class BackdropCacheArray implements ArrayAccess {
     $this->bin = $bin;
 
     if ($cached = cache($bin)->get($this->cid)) {
-     $this->storage = $cached->data;
+      $this->storage = $cached->data;
     }
   }
 
@@ -420,7 +421,7 @@ abstract class BackdropCacheArray implements ArrayAccess {
    * @param $persist
    *   Optional boolean to specify whether the offset should be persisted or
    *   not, defaults to TRUE. When called with $persist = FALSE the offset will
-   *   be unflagged so that it will not be written at the end of the request.
+   *   be un-flagged so that it will not be written at the end of the request.
    */
   protected function persist($offset, $persist = TRUE) {
     $this->keysToPersist[$offset] = $persist;
@@ -805,6 +806,12 @@ function backdrop_is_https() {
  * @since 1.9.2
  */
 function backdrop_is_apache() {
+  // Test runs always emulate Apache.
+  $test_info = &$GLOBALS['backdrop_test_info'];
+  if (!empty($test_info['in_child_site'])) {
+    return TRUE;
+  }
+
   $server_software = $_SERVER['SERVER_SOFTWARE'];
   return (bool) preg_match("/apache/i", $server_software);
 }
@@ -844,7 +851,6 @@ function backdrop_settings_initialize() {
   // Export these settings.php variables to the global namespace.
   global $databases, $cookie_domain, $conf, $settings, $installed_profile, $is_https, $base_secure_url, $base_insecure_url, $config_directories, $config;
   $conf = array();
-  $settings = array();
 
   $conf_path = conf_path();
   if (file_exists($conf_path . '/settings.php')) {
@@ -880,7 +886,7 @@ function backdrop_settings_initialize() {
 
   $is_https = backdrop_is_https();
 
-  // Load settings specified by the server, if present
+  // Load settings specified by the server, if present.
   if (isset($_SERVER['BACKDROP_SETTINGS'])) {
     $server_settings = @json_decode($_SERVER['BACKDROP_SETTINGS'], TRUE);
     if (!is_array($server_settings)) {
@@ -1030,7 +1036,10 @@ function backdrop_get_filename($type, $name, $filename = NULL) {
 
   // Profiles are a special case: they have a fixed location and naming.
   if ($type == 'profile') {
-    $profile_filenames = array("profiles/$name/$name.profile", "core/profiles/$name/$name.profile");
+    $profile_filenames = array(
+      "profiles/$name/$name.profile",
+      "core/profiles/$name/$name.profile",
+    );
     foreach ($profile_filenames as $profile_filename) {
       if (file_exists($profile_filename)) {
         $files[$type][$name] = $profile_filename;
@@ -1585,7 +1594,7 @@ function backdrop_get_http_header($name = NULL) {
  * @param string $name
  *   Optional. A header name with the preferred capitalization, e.g.
  *   Cache-Control or Content-Type.
- * @return
+ * @return string[]
  *   The array of all current preferred header names. Keyed by a lower-case
  *   string of each header name.
  */
@@ -1665,7 +1674,7 @@ function backdrop_send_headers($default_headers = array(), $only_default = FALSE
  * refers to the time of the request. If the user accesses Backdrop via a proxy
  * server, and the proxy already has a cached copy of the anonymous page with an
  * older Last-Modified date, the proxy may respond with 304 Not Modified, making
- * the client think that the anonymous and authenticated pageviews are
+ * the client think that the anonymous and authenticated page views are
  * identical.
  *
  * @return bool
@@ -2221,19 +2230,20 @@ function watchdog_exception($type, Exception $exception, $message = NULL, $varia
     return;
   }
 
-   // Use a default value if $message is not set.
-   if (empty($message)) {
-     // The exception message is run through check_plain() by _backdrop_decode_exception().
-     $message = '%type: !message in %function (line %line of %file).';
-   }
-   // $variables must be an array so that we can add the exception information.
-   if (!is_array($variables)) {
-     $variables = array();
-   }
+  // Use a default value if $message is not set.
+  if (empty($message)) {
+    // The exception message is run through check_plain() by
+    // _backdrop_decode_exception().
+    $message = '%type: !message in %function (line %line of %file).';
+  }
+  // $variables must be an array so that we can add the exception information.
+  if (!is_array($variables)) {
+    $variables = array();
+  }
 
-   require_once BACKDROP_ROOT . '/core/includes/errors.inc';
-   $variables += _backdrop_decode_exception($exception);
-   watchdog($type, $message, $variables, $severity, $link);
+  require_once BACKDROP_ROOT . '/core/includes/errors.inc';
+  $variables += _backdrop_decode_exception($exception);
+  watchdog($type, $message, $variables, $severity, $link);
 }
 
 /**
@@ -2259,6 +2269,7 @@ function watchdog_severity_enabled($severity = WATCHDOG_NOTICE) {
   // This may be called before system.core, such as when running update.php or
   // the initial installation. As such we provide the defaults if needed.
   if (!isset($enabled_severity_levels)) {
+    // See watchdog_severity_levels() for possible values.
     $enabled_severity_levels = array(
       WATCHDOG_EMERGENCY,
       WATCHDOG_ALERT,
@@ -2267,8 +2278,6 @@ function watchdog_severity_enabled($severity = WATCHDOG_NOTICE) {
       WATCHDOG_WARNING,
       WATCHDOG_NOTICE,
       WATCHDOG_INFO,
-      // WATCHDOG_DEBUG,
-      // WATCHDOG_DEPRECATED,
     );
   }
 
@@ -2328,7 +2337,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
     // The user object may not exist in all conditions, so 0 is substituted if needed.
     $user_uid = isset($user->uid) ? $user->uid : 0;
 
-    // Prepare the fields to be logged
+    // Prepare the fields to be logged.
     $log_entry = array(
       'type'        => $type,
       'message'     => $message,
@@ -2344,7 +2353,7 @@ function watchdog($type, $message, $variables = array(), $severity = WATCHDOG_NO
       'timestamp'   => time(),
     );
 
-    // Call the logging hooks to log/process the message
+    // Call the logging hooks to log/process the message.
     module_invoke_all('watchdog', $log_entry);
 
     // It is critical that the semaphore is only cleared here, in the parent
@@ -3011,6 +3020,7 @@ function _backdrop_exception_handler($exception) {
  */
 function _backdrop_bootstrap_configuration() {
   backdrop_environment_initialize();
+
   // Start a page timer:
   timer_start('page');
   // Initialize the configuration, including variables from settings.php.
@@ -3038,11 +3048,20 @@ function _backdrop_bootstrap_configuration() {
     throw new Exception(format_string('The HTTP Host "@hostname" is not white-listed for this site. Check the trusted_host_patterns setting in settings.php.', array('@hostname' => $_SERVER['HTTP_HOST'])));
   }
 
+  // Bootstrap the database if it is needed but not yet available.
+  $config_storage = config_get_config_storage('active');
+
   // Check that the config directory is not empty.
-  if (!defined('MAINTENANCE_MODE') && ($config_storage = config_get_config_storage('active'))) {
+  if (!defined('MAINTENANCE_MODE') && (!empty($config_storage))) {
     if (!($config_storage->exists('system.core') || $config_storage->exists('system.performance'))) {
-      $directory = config_get_config_directory('active');
-      throw new Exception("The configuration directory in settings.php is specified as '$directory', but this directory is either empty or missing crucial files. Check that the \$config_directories variable is correct in settings.php.");
+      if (is_a($config_storage, 'ConfigFileStorage')) {
+        $directory = config_get_config_directory('active');
+        $exception_message = "The configuration directory in settings.php is specified as '$directory', but this directory is either empty or missing crucial files. Check that the \$config_directories variable is correct in settings.php.";
+      }
+      else {
+        $exception_message = "The active configuration location is either empty or missing crucial information. Check that the \$settings['config_active_class'] variable is correct in settings.php.";
+      }
+      throw new Exception($exception_message);
     }
   }
 }
@@ -3095,7 +3114,7 @@ function _backdrop_bootstrap_page_cache() {
       ob_start();
 
       // Calls to hook_boot() on page cache requests is deprecated, though they
-      // can still be enabled via settings.php
+      // can still be enabled via settings.php.
       if (settings_get('page_cache_invoke_hooks', FALSE)) {
         // Restore the metadata cached with the page for hook_boot().
         $_GET['q'] = $cache->data['path'];
@@ -3220,7 +3239,6 @@ function _backdrop_bootstrap_variables() {
     }
   }
 
-
   // Load variables from the database, but do not overwrite variables set in settings.php.
   $conf = variable_initialize(isset($conf) ? $conf : array());
 }
@@ -3248,7 +3266,8 @@ function _backdrop_bootstrap_sanitize_request() {
   // Remove dangerous keys from input data.
   $allowlist = settings_get('sanitize_input_allowlist', array());
   if (empty($allowlist)) {
-    // Backwards compatible setting support. @todo Remove in 2.x.
+    // @todo Remove forbidden backwards compatibility word in Backdrop 2.x.
+    // cspell:disable-next-line
     $allowlist = settings_get('sanitize_input_whitelist', array());
   }
   $log_sanitized_keys = settings_get('sanitize_input_logging');
@@ -3366,7 +3385,7 @@ function backdrop_valid_test_ua() {
 
   if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/^(simpletest\d+);(.+);(.+);(.+)$/", $_SERVER['HTTP_USER_AGENT'], $matches)) {
     list(, $prefix, $time, $salt, $hmac) = $matches;
-    $check_string =  $prefix . ';' . $time . ';' . $salt;
+    $check_string = $prefix . ';' . $time . ';' . $salt;
     // We use the salt from settings.php to make the HMAC key, since the
     // database is not yet initialized and we can't access any Backdrop
     // variables. The file properties add more entropy.
@@ -3566,12 +3585,12 @@ function language_multilingual() {
  */
 function language_list($only_enabled = FALSE, $option_list = FALSE, $native_names = FALSE) {
   $languages = &backdrop_static(__FUNCTION__);
-  // Initialize master language list.
+  // Initialize primary language list.
   if (!isset($languages)) {
     // Initialize local language list caches.
     $languages = array('all' => array(), 'enabled' => array());
 
-    // Fill in master language list based on current configuration. This may be
+    // Fill in primary language list based on current configuration. This may be
     // in the event of an early bootstrap error, so fallback to defaults.
     try {
       $default_langcode = config_get('system.core', 'language_default');
@@ -3622,7 +3641,10 @@ function language_list($only_enabled = FALSE, $option_list = FALSE, $native_name
     // backdrop_sort() needed for ordering, but common.inc may not be loaded
     // in very early bootstrap. Include only if returning an option list.
     require_once __DIR__ . '/common.inc';
-    backdrop_sort($this_list, array('weight' => SORT_NUMERIC, 'name' => SORT_STRING));
+    backdrop_sort($this_list, array(
+      'weight' => SORT_NUMERIC,
+      'name' => SORT_STRING,
+    ));
     foreach ($this_list as $language) {
       if ($native_names && isset($language->native)) {
         $label = $language->native;
@@ -3726,8 +3748,8 @@ function language_default() {
  *
  * Examples:
  * - http://example.com/node/306 returns "node/306".
- * - http://example.com/backdropfolder/node/306 returns "node/306" while
- *   base_path() returns "/backdropfolder/".
+ * - http://example.com/backdrop_folder/node/306 returns "node/306" while
+ *   base_path() returns "/backdrop_folder/".
  * - http://example.com/url-alias (which is a URL alias for node/306) returns
  *   "path/alias" as opposed to the internal path.
  * - http://example.com/index.php returns an empty string (meaning: home page).
@@ -3944,7 +3966,7 @@ class SchemaCache extends BackdropCacheArray {
    */
   protected function resolveCacheMiss($offset) {
     $complete_schema = backdrop_get_complete_schema();
-    $value = isset($complete_schema[$offset]) ? $complete_schema[$offset] :  NULL;
+    $value = isset($complete_schema[$offset]) ? $complete_schema[$offset] : NULL;
     $this->storage[$offset] = $value;
     $this->persist($offset);
     return $value;
@@ -4333,7 +4355,7 @@ function &backdrop_register_shutdown_function($callback = NULL) {
     }
     $args = func_get_args();
     array_shift($args);
-    // Save callback and arguments
+    // Save callback and arguments.
     $callbacks[] = array('callback' => $callback, 'arguments' => $args);
   }
   return $callbacks;
@@ -4434,7 +4456,7 @@ function backdrop_clear_opcode_cache($filepath) {
  * @param string $host
  *   The host to check against the patterns specified in settings.php.
  *
- * @return
+ * @return bool
  *   TRUE if the host can be trusted; FALSE otherwise.
  *
  * @since Backdrop 1.14.0