Update drupal component and core

lib/Drupal/Component/FileCache/ApcuFileCacheBackend.php

@@ -16,21 +16,21 @@ class ApcuFileCacheBackend implements FileCacheBackendInterface {
    * {@inheritdoc}
    */
   public function fetch(array $cids) {
-    return apc_fetch($cids);
+    return apcu_fetch($cids);
   }
 
   /**
    * {@inheritdoc}
    */
   public function store($cid, $data) {
-    apc_store($cid, $data);
+    apcu_store($cid, $data);
   }
 
   /**
    * {@inheritdoc}
    */
   public function delete($cid) {
-    apc_delete($cid);
+    apcu_delete($cid);
   }
 
 }

lib/Drupal/Component/Gettext/PoHeader.php

@@ -471,10 +471,10 @@ private function tokenizeFormula($formula) {
    *
    * @param array $element_stack
    *   Array of plural formula values and operators create by parseArithmetic().
-   * @param integer $n
+   * @param int $n
    *   The @count number for which we are determining the right plural position.
    *
-   * @return integer
+   * @return int
    *   Number of the plural string to be used for the given plural value.
    *
    * @see parseArithmetic()

lib/Drupal/Component/Utility/Crypt.php

@@ -22,72 +22,18 @@ class Crypt {
    * bytes normally from mt_rand()) and uses the best available pseudo-random
    * source.
    *
+   * In PHP 7 and up, this uses the built-in PHP function random_bytes().
+   * In older PHP versions, this uses the random_bytes() function provided by
+   * the random_compat library.
+   *
    * @param int $count
    *   The number of characters (bytes) to return in the string.
    *
    * @return string
    *   A randomly generated string.
    */
   public static function randomBytes($count) {
-    // $random_state does not use drupal_static as it stores random bytes.
-    static $random_state, $bytes;
-
-    $missing_bytes = $count - strlen($bytes);
-
-    if ($missing_bytes > 0) {
-      // openssl_random_pseudo_bytes() will find entropy in a system-dependent
-      // way.
-      if (function_exists('openssl_random_pseudo_bytes')) {
-        $bytes .= openssl_random_pseudo_bytes($missing_bytes);
-      }
-
-      // If OpenSSL is not available, we can use mcrypt. On Windows, this will
-      // transparently pull from CryptGenRandom. On Unix-based systems, it will
-      // read from /dev/urandom as expected.
-      elseif (function_exists(('mcrypt_create_iv')) && defined('MCRYPT_DEV_URANDOM')) {
-        $bytes .= mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
-      }
-
-      // Else, read directly from /dev/urandom, which is available on many *nix
-      // systems and is considered cryptographically secure.
-      elseif ($fh = @fopen('/dev/urandom', 'rb')) {
-        // PHP only performs buffered reads, so in reality it will always read
-        // at least 4096 bytes. Thus, it costs nothing extra to read and store
-        // that much so as to speed any additional invocations.
-        $bytes .= fread($fh, max(4096, $missing_bytes));
-        fclose($fh);
-      }
-
-      // If we couldn't get enough entropy, this simple hash-based PRNG will
-      // generate a good set of pseudo-random bytes on any system.
-      // Note that it may be important that our $random_state is passed
-      // through hash() prior to being rolled into $output, that the two hash()
-      // invocations are different, and that the extra input into the first one -
-      // the microtime() - is prepended rather than appended. This is to avoid
-      // directly leaking $random_state via the $output stream, which could
-      // allow for trivial prediction of further "random" numbers.
-      if (strlen($bytes) < $count) {
-        // Initialize on the first call. The contents of $_SERVER includes a mix
-        // of user-specific and system information that varies a little with
-        // each page.
-        if (!isset($random_state)) {
-          $random_state = print_r($_SERVER, TRUE);
-          if (function_exists('getmypid')) {
-            // Further initialize with the somewhat random PHP process ID.
-            $random_state .= getmypid();
-          }
-          $bytes = '';
-        }
-
-        do {
-          $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
-          $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
-        } while (strlen($bytes) < $count);
-      }
-    }
-    $output = substr($bytes, 0, $count);
-    $bytes = substr($bytes, $count);
-    return $output;
+    return random_bytes($count);
   }
 
   /**
@@ -178,7 +124,7 @@ public static function hashEquals($known_string, $user_string) {
   /**
    * Returns a URL-safe, base64 encoded string of highly randomized bytes.
    *
-   * @param $byte_count
+   * @param $count
    *   The number of random bytes to fetch and base64 encode.
    *
    * @return string

lib/Drupal/Component/Utility/Number.php

@@ -21,11 +21,11 @@ class Number {
    *
    * This is based on the number/range verification methods of webkit.
    *
-   * @param numeric $value
+   * @param float $value
    *   The value that needs to be checked.
-   * @param numeric $step
+   * @param float $step
    *   The step scale factor. Must be positive.
-   * @param numeric $offset
+   * @param float $offset
    *   (optional) An offset, to which the difference must be a multiple of the
    *   given step.
    *

lib/Drupal/Component/Utility/OpCodeCache.php

@@ -30,16 +30,6 @@ public static function invalidate($pathname) {
     if (function_exists('opcache_invalidate')) {
       opcache_invalidate($pathname, TRUE);
     }
-    // If apcu extension is enabled in PHP 5.5 or greater it emulates apc.
-    // This is to provide an easy upgrade path if you are using apc's user
-    // caching however the emulation does not extend to opcode caching.
-    // Therefore we need to check if the function exists as well.
-    if (extension_loaded('apc') && function_exists('apc_delete_file')) {
-      // apc_delete_file() throws a PHP warning in case the specified file was
-      // not compiled yet.
-      // @see http://php.net/manual/en/function.apc-delete-file.php
-      @apc_delete_file($pathname);
-    }
   }
 
 }

lib/Drupal/Component/Utility/UrlHelper.php

@@ -36,10 +36,11 @@ class UrlHelper {
    *   http_build_query() directly.
    *
    * @param array $query
-   *   The query parameter array to be processed,
-   *   e.g. \Drupal::request()->query->all().
+   *   The query parameter array to be processed; for instance,
+   *   \Drupal::request()->query->all().
    * @param string $parent
-   *   Internal use only. Used to build the $query array key for nested items.
+   *   (optional) Internal use only. Used to build the $query array key for
+   *   nested items. Defaults to an empty string.
    *
    * @return string
    *   A rawurlencoded string which can be used as or appended to the URL query
@@ -168,8 +169,8 @@ public static function parse($url) {
     }
     // Internal URLs.
     else {
-      // parse_url() does not support relative URLs, so make it absolute. E.g. the
-      // relative URL "foo/bar:1" isn't properly parsed.
+      // parse_url() does not support relative URLs, so make it absolute. For
+      // instance, the relative URL "foo/bar:1" isn't properly parsed.
       $parts = parse_url('http://example.com/' . $url);
       // Strip the leading slash that was just added.
       $options['path'] = substr($parts['path'], 1);
@@ -200,10 +201,11 @@ public static function encodePath($path) {
   }
 
   /**
-   * Determines whether a path is external to Drupal (e.g. http://example.com).
+   * Determines whether a path is external to Drupal.
    *
-   * If a path cannot be assessed by Drupal's menu handler, then we must
-   * treat it as potentially insecure.
+   * An example of an external path is http://example.com. If a path cannot be
+   * assessed by Drupal's menu handler, then we must treat it as potentially
+   * insecure.
    *
    * @param string $path
    *   The internal path or external URL being linked to, such as "node/34" or
@@ -296,7 +298,7 @@ public static function setAllowedProtocols(array $protocols = array()) {
   }
 
   /**
-   * Strips dangerous protocols (e.g. 'javascript:') from a URI.
+   * Strips dangerous protocols (for example, 'javascript:') from a URI.
    *
    * This function must be called for all URIs within user-entered input prior
    * to being output to an HTML attribute value. It is often called as part of
@@ -316,8 +318,8 @@ public static function setAllowedProtocols(array $protocols = array()) {
    *   for well-formed URLs will be invoked, which strips most substrings that
    *   precede a ":". The result can be used in URL attributes such as "href"
    *   or "src" (only after calling Html::escape() separately), but this may not
-   *   produce valid HTML (e.g., malformed URLs within "href" attributes fail
-   *   HTML validation). This can be avoided by using
+   *   produce valid HTML (for example, malformed URLs within "href" attributes
+   *   fail HTML validation). This can be avoided by using
    *   Url::fromUri($possibly_not_a_url)->toString(), which either throws an
    *   exception or returns a well-formed URL.
    *

lib/Drupal/Component/Utility/Xss.php

@@ -215,7 +215,7 @@ protected static function attributes($attributes) {
       switch ($mode) {
         case 0:
           // Attribute name, href for instance.
-          if (preg_match('/^([-a-zA-Z]+)/', $attributes, $match)) {
+          if (preg_match('/^([-a-zA-Z][-a-zA-Z0-9]*)/', $attributes, $match)) {
             $attribute_name = strtolower($match[1]);
             $skip = ($attribute_name == 'style' || substr($attribute_name, 0, 2) == 'on');
 
@@ -233,7 +233,7 @@ protected static function attributes($attributes) {
             ));
 
             $working = $mode = 1;
-            $attributes = preg_replace('/^[-a-zA-Z]+/', '', $attributes);
+            $attributes = preg_replace('/^[-a-zA-Z][-a-zA-Z0-9]*/', '', $attributes);
           }
           break;
 

lib/Drupal/Component/Utility/composer.json

@@ -5,7 +5,8 @@
   "homepage": "https://www.drupal.org/project/drupal",
   "license": "GPL-2.0+",
   "require": {
-    "php": ">=5.5.9"
+    "php": ">=5.5.9",
+    "paragonie/random_compat": "~1.0"
   },
   "autoload": {
     "psr-0": {

lib/Drupal/Core/Annotation/Translation.php

@@ -8,7 +8,7 @@
 namespace Drupal\Core\Annotation;
 
 use Drupal\Component\Annotation\AnnotationBase;
-use Drupal\Core\StringTranslation\TranslationWrapper;
+use Drupal\Core\StringTranslation\TranslatableMarkup;
 
 /**
  * @defgroup plugin_translatable Annotation for translatable text
@@ -60,7 +60,7 @@ class Translation extends AnnotationBase {
   /**
    * The string translation object.
    *
-   * @var \Drupal\Core\StringTranslation\TranslationWrapper
+   * @var \Drupal\Core\StringTranslation\TranslatableMarkup
    */
   protected $translation;
 
@@ -86,7 +86,7 @@ public function __construct(array $values) {
         'context' => $values['context'],
       );
     }
-    $this->translation = new TranslationWrapper($string, $arguments, $options);
+    $this->translation = new TranslatableMarkup($string, $arguments, $options);
   }
 
   /**

lib/Drupal/Core/DependencyInjection/ClassResolverInterface.php

@@ -20,12 +20,12 @@ interface ClassResolverInterface {
    * @param string $definition
    *   A class name or service name.
    *
-   * @throws \InvalidArgumentException
-   *   If $class is not a valid service identifier and the class does not exist.
-   *
    * @return object
    *   The instance of the class.
-  */
+   *
+   * @throws \InvalidArgumentException
+   *   If $class is not a valid service identifier and the class does not exist.
+   */
   public function getInstanceFromDefinition($definition);
 
 }

lib/Drupal/Core/DependencyInjection/Compiler/RegisterServicesForDestructionPass.php

@@ -19,7 +19,7 @@
 class RegisterServicesForDestructionPass implements CompilerPassInterface {
 
   /**
-   * Implements \Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface::process().
+   * {@inheritdoc}
    */
   public function process(ContainerBuilder $container) {
     if (!$container->hasDefinition('kernel_destruct_subscriber')) {

lib/Drupal/Core/DependencyInjection/Compiler/RegisterStreamWrappersPass.php

@@ -7,10 +7,8 @@
 
 namespace Drupal\Core\DependencyInjection\Compiler;
 
-use Drupal\Core\StreamWrapper\StreamWrapperInterface;
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Reference;
 
 /**
  * Adds services tagged 'stream_wrapper' to the stream_wrapper_manager service.

lib/Drupal/Core/DependencyInjection/Compiler/TaggedHandlersPass.php

@@ -99,10 +99,10 @@ public function process(ContainerBuilder $container) {
           if ($param->getClass()) {
             $interface = $param->getClass();
           }
-          else if ($param->getName() === 'id') {
+          elseif ($param->getName() === 'id') {
             $id_pos = $pos;
           }
-          else if ($param->getName() === 'priority') {
+          elseif ($param->getName() === 'priority') {
             $priority_pos = $pos;
           }
           else {

lib/Drupal/Core/DependencyInjection/Container.php

@@ -7,17 +7,18 @@
 
 namespace Drupal\Core\DependencyInjection;
 
-use Symfony\Component\DependencyInjection\Container as SymfonyContainer;
+use Drupal\Component\DependencyInjection\Container as DrupalContainer;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
- * Extends the symfony container to set the service ID on the created object.
+ * Extends the Drupal container to set the service ID on the created object.
  */
-class Container extends SymfonyContainer {
+class Container extends DrupalContainer {
 
   /**
    * {@inheritdoc}
    */
-  public function set($id, $service, $scope = SymfonyContainer::SCOPE_CONTAINER) {
+  public function set($id, $service, $scope = ContainerInterface::SCOPE_CONTAINER) {
      parent::set($id, $service, $scope);
 
     // Ensure that the _serviceId property is set on synthetic services as well.
@@ -30,7 +31,7 @@ public function set($id, $service, $scope = SymfonyContainer::SCOPE_CONTAINER) {
    * {@inheritdoc}
    */
   public function __sleep() {
-    trigger_error('The container was serialized.', E_USER_ERROR);
+    assert(FALSE, 'The container was serialized.');
     return array_keys(get_object_vars($this));
   }
 

lib/Drupal/Core/DependencyInjection/ContainerBuilder.php

@@ -72,33 +72,6 @@ public function setParameter($name, $value) {
     parent::setParameter($name, $value);
   }
 
-  /**
-   * Synchronizes a service change.
-   *
-   * This method is a copy of the ContainerBuilder of symfony.
-   *
-   * This method updates all services that depend on the given
-   * service by calling all methods referencing it.
-   *
-   * @param string $id A service id
-   */
-  private function synchronize($id) {
-    foreach ($this->getDefinitions() as $definitionId => $definition) {
-      // only check initialized services
-      if (!$this->initialized($definitionId)) {
-        continue;
-      }
-
-      foreach ($definition->getMethodCalls() as $call) {
-        foreach ($call[1] as $argument) {
-          if ($argument instanceof Reference && $id == (string) $argument) {
-            $this->callMethod($this->get($definitionId), $call);
-          }
-        }
-      }
-    }
-  }
-
   /**
    * A 1to1 copy of parent::callMethod.
    */
@@ -118,7 +91,7 @@ protected function callMethod($service, $call) {
    * {@inheritdoc}
    */
   public function __sleep() {
-    trigger_error('The container was serialized.', E_USER_ERROR);
+    assert(FALSE, 'The container was serialized.');
     return array_keys(get_object_vars($this));
   }