# HG changeset patch # User Franck Deroche # Date 1230039153 -3600 # Node ID 8b6c45761e01d7388978f906116f84440e8e99b5 # Parent 4ca9f57cc4d427fffdcfb6153143d7fb24144ca0 Drupal 6.6 diff -r 4ca9f57cc4d4 -r 8b6c45761e01 CHANGELOG.txt --- a/CHANGELOG.txt Tue Dec 23 14:32:19 2008 +0100 +++ b/CHANGELOG.txt Tue Dec 23 14:32:33 2008 +0100 @@ -1,4 +1,9 @@ -// $Id: CHANGELOG.txt,v 1.253.2.13 2008/10/08 20:12:17 goba Exp $ +// $Id: CHANGELOG.txt,v 1.253.2.15 2008/10/22 19:26:00 goba Exp $ + +Drupal 6.6, 2008-10-22 +---------------------- +- Fixed security issues, (File inclusion, Cross site scripting), see SA-2008-067 +- Fixed a variety of small bugs. Drupal 6.5, 2008-10-08 ---------------------- @@ -137,6 +142,10 @@ - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.12, 2008-10-22 +----------------------- +- fixed security issues, (File inclusion), see SA-2008-067 + Drupal 5.11, 2008-10-08 ----------------------- - fixed a variety of small bugs. diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/actions.inc --- a/includes/actions.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/actions.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ $count, '%orphans' => $orphans, '!link' => $link), WATCHDOG_WARNING); } diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/bootstrap.inc --- a/includes/bootstrap.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/bootstrap.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ 0; $i--) { for ($j = count($server); $j > 0; $j--) { @@ -618,7 +623,7 @@ header('HTTP/1.1 304 Not Modified'); // All 304 responses must send an etag if the 200 response for the same object contained an etag header("Etag: $etag"); - exit(); + return; } // Send appropriate response: diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/common.inc --- a/includes/common.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/common.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ $element['#autocomplete_path']))) { drupal_add_js('misc/autocomplete.js'); $class[] = 'form-autocomplete'; $extra = ''; diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/menu.inc --- a/includes/menu.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/menu.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ $part) { $match = FALSE; - if (preg_match('/^%([a-z_]*)$/', $part, $matches)) { + // Look for wildcards in the form allowed to be used in PHP functions, + // because we are using these to construct the load function names. + // See http://php.net/manual/en/language.functions.php for reference. + if (preg_match('/^%(|[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$/', $part, $matches)) { if (empty($matches[1])) { $match = TRUE; $load_functions[$k] = NULL; @@ -2421,7 +2420,7 @@ // page redirects], and specifically suppress its display on the site // maintenance page. if (drupal_get_normal_path($_GET['q']) != 'admin/settings/site-maintenance') { - drupal_set_message(t('Operating in off-line mode.'), 'status', FALSE); + drupal_set_message(l(t('Operating in off-line mode.'), 'admin/settings/site-maintenance'), 'status', FALSE); } } else { diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/path.inc --- a/includes/path.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/path.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ 0 && $path != '') { if ($action == 'alias') { diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/session.inc --- a/includes/session.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/session.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) { return TRUE; } diff -r 4ca9f57cc4d4 -r 8b6c45761e01 includes/theme.inc --- a/includes/theme.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/theme.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ is_date = TRUE; // $time can be a PHP timestamp or an ISO one if (is_numeric($time)) { - $xmlrpc_date->year = date('Y', $time); - $xmlrpc_date->month = date('m', $time); - $xmlrpc_date->day = date('d', $time); - $xmlrpc_date->hour = date('H', $time); - $xmlrpc_date->minute = date('i', $time); - $xmlrpc_date->second = date('s', $time); - $xmlrpc_date->iso8601 = date('Ymd\TH:i:s', $time); + $xmlrpc_date->year = gmdate('Y', $time); + $xmlrpc_date->month = gmdate('m', $time); + $xmlrpc_date->day = gmdate('d', $time); + $xmlrpc_date->hour = gmdate('H', $time); + $xmlrpc_date->minute = gmdate('i', $time); + $xmlrpc_date->second = gmdate('s', $time); + $xmlrpc_date->iso8601 = gmdate('Ymd\TH:i:s', $time); } else { $xmlrpc_date->iso8601 = $time; diff -r 4ca9f57cc4d4 -r 8b6c45761e01 install.php --- a/install.php Tue Dec 23 14:32:19 2008 +0100 +++ b/install.php Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ $module_name)); } /** diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/block/block.admin.inc --- a/modules/block/block.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/block/block.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ $theme) { if ($theme->status) { - db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, %d, %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE); + db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, '%s', %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE); } } @@ -333,7 +333,7 @@ */ function block_box_delete_submit($form, &$form_state) { db_query('DELETE FROM {boxes} WHERE bid = %d', $form_state['values']['bid']); - db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = %d", $form_state['values']['bid']); + db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = '%s'", $form_state['values']['bid']); drupal_set_message(t('The block %name has been removed.', array('%name' => $form_state['values']['info']))); cache_clear_all(); $form_state['redirect'] = 'admin/build/block'; diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/book/book.admin.inc --- a/modules/book/book.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/book/book.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ $data) { - $form[$key] = array( + foreach ($tree as $data) { + $form['book-admin-'. $data['link']['nid']] = array( '#item' => $data['link'], 'nid' => array('#type' => 'value', '#value' => $data['link']['nid']), 'depth' => array('#type' => 'value', '#value' => $data['link']['depth']), diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/forum/forum-topic-list.tpl.php --- a/modules/forum/forum-topic-list.tpl.php Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/forum/forum-topic-list.tpl.php Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ new_url; ?>">new_text; ?> - created; ?> - last_reply; ?> + created; ?> + last_reply; ?> diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/locale/locale.module --- a/modules/locale/locale.module Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/locale/locale.module Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ 1 && variable_get('language_negotiation', LANGUAGE_NEGOTIATION_NONE) != LANGUAGE_NEGOTIATION_NONE) { + $path = drupal_is_front_page() ? '' : $_GET['q']; $languages = language_list('enabled'); $links = array(); foreach ($languages[1] as $language) { $links[$language->language] = array( - 'href' => $_GET['q'], + 'href' => $path, 'title' => $language->native, 'language' => $language, 'attributes' => array('class' => 'language-link'), @@ -588,7 +589,7 @@ // A translation link may need to point to a different path or use // a translated link text before going through l(), which will just // handle the path aliases. - drupal_alter('translation_link', $links, $_GET['q']); + drupal_alter('translation_link', $links, $path); $block['subject'] = t('Languages'); $block['content'] = theme('links', $links, array()); diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/profile/profile.admin.inc --- a/modules/profile/profile.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/profile/profile.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ 'checkbox', '#title' => t('Form will auto-complete while user is typing.'), '#default_value' => $edit['autocomplete'], + '#description' => t('For security, auto-complete will be disabled if the user does not have access to user profiles.'), ); $form['fields']['required'] = array('#type' => 'checkbox', '#title' => t('The user must enter a value.'), diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/system/system.admin.inc --- a/modules/system/system.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/system/system.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ info['dependencies'] as $dependency) { if (!isset($files[$dependency]) || !$files[$dependency]->status) { if (isset($files[$dependency])) { - $dependencies[] = $files[$dependency]->info['name'] . t(' (disabled)'); + $dependencies[] = t('@module (disabled)', array('@module' => $files[$dependency]->info['name'])); } else { - $dependencies[] = drupal_ucfirst($dependency) . t(' (missing)'); + $dependencies[] = t('@module (missing)', array('@module' => drupal_ucfirst($dependency))); $disabled[] = $filename; $form['disabled_modules']['#value'][$filename] = FALSE; } } else { - $dependencies[] = $files[$dependency]->info['name'] . t(' (enabled)'); + $dependencies[] = t('@module (enabled)', array('@module' => $files[$dependency]->info['name'])); } } @@ -707,12 +707,12 @@ $dependents = array(); foreach ($file->info['dependents'] as $dependent) { if ($files[$dependent]->status == 1) { - $dependents[] = $files[$dependent]->info['name'] . t(' (enabled)'); + $dependents[] = t('@module (enabled)', array('@module' => $files[$dependent]->info['name'])); $disabled[] = $filename; $form['disabled_modules']['#value'][$filename] = TRUE; } else { - $dependents[] = $files[$dependent]->info['name'] . t(' (disabled)'); + $dependents[] = t('@module (disabled)', array('@module' => $files[$dependent]->info['name'])); } } diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/system/system.module --- a/modules/system/system.module Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/system/system.module Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ tnid)) { - if (db_result(db_query('SELECT COUNT(*) FROM {node} WHERE tnid = %d', $node->tnid)) <= 2) { - // There would only be one node left in the set: remove the set altogether. + if (db_result(db_query('SELECT COUNT(*) FROM {node} WHERE tnid = %d', $node->tnid)) == 1) { + // There is only one node left in the set: remove the set altogether. db_query('UPDATE {node} SET tnid = 0, translate = 0 WHERE tnid = %d', $node->tnid); } else { diff -r 4ca9f57cc4d4 -r 8b6c45761e01 modules/user/user-profile.tpl.php --- a/modules/user/user-profile.tpl.php Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/user/user-profile.tpl.php Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ '. check_plain(print_r($profile, 1)) .''; ?> + * @code + * print '
'. check_plain(print_r($profile, 1)) .'
'; + * @endcode * * @see user-profile-category.tpl.php - * where the html is handled for the group. + * Where the html is handled for the group. * @see user-profile-field.tpl.php - * where the html is handled for each item in the group. + * Where the html is handled for each item in the group. * * Available variables: - * - $user_profile: All user profile data. Ready for print. - * - $profile: Keyed array of profile categories and their items or other data - * provided by modules. + * - $user_profile: All user profile data. Ready for print. + * - $profile: Keyed array of profile categories and their items or other data + * provided by modules. * * @see template_preprocess_user_profile() */