- Patch #944198 by sun: functions that call drupal_system_listing() act on potentially invalid system items.

includes/bootstrap.inc

@@ -240,6 +240,13 @@ define('REGISTRY_RESET_LOOKUP_CACHE', 1);
  */
 define('REGISTRY_WRITE_LOOKUP_CACHE', 2);
 
+/**
+ * Regular expression to match PHP function names.
+ *
+ * @see http://php.net/manual/en/language.functions.php
+ */
+define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*');
+
 /**
  * Start the timer with the specified name. If you start and stop the same
  * timer multiple times, the measured intervals will be accumulated.
@@ -703,7 +710,7 @@ function drupal_get_filename($type, $name, $filename = NULL) {
       // extension, not just the file we are currently looking for. This
       // prevents unnecessary scans from being repeated when this function is
       // called more than once in the same page request.
-      $matches = drupal_system_listing("/\.$extension$/", $dir, 'name', 0);
+      $matches = drupal_system_listing("/^" . DRUPAL_PHP_FUNCTION_PATTERN . "\.$extension$/", $dir, 'name', 0);
       foreach ($matches as $matched_name => $file) {
         $files[$type][$matched_name] = $file->uri;
       }

includes/install.inc

@@ -551,7 +551,7 @@ function drupal_verify_profile($install_state) {
 
   // Get a list of modules that exist in Drupal's assorted subdirectories.
   $present_modules = array();
-  foreach (drupal_system_listing('/\.module$/', 'modules', 'name', 0) as $present_module) {
+  foreach (drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.module$/', 'modules', 'name', 0) as $present_module) {
     $present_modules[] = $present_module->name;
   }
 

includes/menu.inc

@@ -3309,8 +3309,7 @@ function _menu_router_build($callbacks) {
       $match = FALSE;
       // Look for wildcards in the form allowed to be used in PHP functions,
       // because we are using these to construct the load function names.
-      // See http://php.net/manual/en/language.functions.php for reference.
-      if (preg_match('/^%(|[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$/', $part, $matches)) {
+      if (preg_match('/^%(|' . DRUPAL_PHP_FUNCTION_PATTERN . ')$/', $part, $matches)) {
         if (empty($matches[1])) {
           $match = TRUE;
           $load_functions[$k] = NULL;

includes/module.inc

@@ -786,7 +786,7 @@ function module_invoke_all() {
  * Array of modules required by core.
  */
 function drupal_required_modules() {
-  $files = drupal_system_listing('/\.info$/', 'modules', 'name', 0);
+  $files = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.info$/', 'modules', 'name', 0);
   $required = array();
 
   // An install profile is required and one must always be loaded.

modules/system/system.module

@@ -2284,7 +2284,7 @@ function system_get_info($type, $name = NULL) {
  */
 function _system_rebuild_module_data() {
   // Find modules
-  $modules = drupal_system_listing('/\.module$/', 'modules', 'name', 0);
+  $modules = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.module$/', 'modules', 'name', 0);
 
   // Include the install profile in modules that are loaded.
   $profile = drupal_get_profile();
@@ -2404,9 +2404,9 @@ function _system_update_bootstrap_status() {
  */
 function _system_rebuild_theme_data() {
   // Find themes
-  $themes = drupal_system_listing('/\.info$/', 'themes');
+  $themes = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.info$/', 'themes');
   // Find theme engines
-  $engines = drupal_system_listing('/\.engine$/', 'themes/engines');
+  $engines = drupal_system_listing('/^' . DRUPAL_PHP_FUNCTION_PATTERN . '\.engine$/', 'themes/engines');
 
   // Set defaults for theme info.
   $defaults = array(