The Drupal 7.20 security release introduced this change:
- return file_create_url($uri);
+ $file_url = file_create_url($uri);
+ // Append the query string with the token.
+ return $file_url . (strpos($file_url, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($token_query);This means the query string is effectively not available for hook_file_url_alter() to be modified, i.e. it breaks file URL altering.
This breaks CDN module's Far Future expiration functionality.
| Attachment | Size | Status | Test result | Operations |
|---|---|---|---|---|
| 7.21_correct_file_create_url_usage.patch | 776 bytes | Idle | FAILED: [[SimpleTest]]: [MySQL] 39,789 pass(es), 23 fail(s), and 3 exception(s). | View details | Re-test |