Mercurial > defr > drupal > core
changeset 13:8b6c45761e01 6.6
Drupal 6.6
| author | Franck Deroche <webmaster@defr.org> |
|---|---|
| date | Tue, 23 Dec 2008 14:32:33 +0100 |
| parents | 4ca9f57cc4d4 |
| children | 626fcabfa4b8 |
| files | CHANGELOG.txt includes/actions.inc includes/bootstrap.inc includes/common.inc includes/database.inc includes/file.inc includes/form.inc includes/menu.inc includes/path.inc includes/session.inc includes/theme.inc includes/xmlrpc.inc install.php modules/block/block.admin.inc modules/book/book.admin.inc modules/forum/forum-topic-list.tpl.php modules/locale/locale.module modules/profile/profile.admin.inc modules/system/system.admin.inc modules/system/system.module modules/translation/translation.module modules/user/user-profile.tpl.php |
| diffstat | 22 files changed, 97 insertions(+), 69 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGELOG.txt Tue Dec 23 14:32:19 2008 +0100 +++ b/CHANGELOG.txt Tue Dec 23 14:32:33 2008 +0100 @@ -1,4 +1,9 @@ -// $Id: CHANGELOG.txt,v 1.253.2.13 2008/10/08 20:12:17 goba Exp $ +// $Id: CHANGELOG.txt,v 1.253.2.15 2008/10/22 19:26:00 goba Exp $ + +Drupal 6.6, 2008-10-22 +---------------------- +- Fixed security issues, (File inclusion, Cross site scripting), see SA-2008-067 +- Fixed a variety of small bugs. Drupal 6.5, 2008-10-08 ---------------------- @@ -137,6 +142,10 @@ - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.12, 2008-10-22 +----------------------- +- fixed security issues, (File inclusion), see SA-2008-067 + Drupal 5.11, 2008-10-08 ----------------------- - fixed a variety of small bugs.
--- a/includes/actions.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/actions.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: actions.inc,v 1.8.2.4 2008/09/05 09:29:22 dries Exp $ +// $Id: actions.inc,v 1.8.2.5 2008/10/16 12:45:53 goba Exp $ /** * @file @@ -298,7 +298,7 @@ } } else { - $link = l(t('Remove orphaned actions'), 'admin/build/actions/orphan'); + $link = l(t('Remove orphaned actions'), 'admin/settings/actions/orphan'); $count = count($actions_in_db); watchdog('actions', format_plural($count, 'One orphaned action (%orphans) exists in the actions table. !link', '@count orphaned actions (%orphans) exist in the actions table. !link'), array('@count' => $count, '%orphans' => $orphans, '!link' => $link), WATCHDOG_WARNING); }
--- a/includes/bootstrap.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/bootstrap.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: bootstrap.inc,v 1.206.2.4 2008/08/18 18:56:30 dries Exp $ +// $Id: bootstrap.inc,v 1.206.2.6 2008/10/22 19:26:01 goba Exp $ /** * @file @@ -238,6 +238,11 @@ $confdir = 'sites'; $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); + if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) { + // A HTTP_HOST containing slashes may be an attack and is invalid. + header('HTTP/1.1 400 Bad Request'); + exit; + } $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); for ($i = count($uri) - 1; $i > 0; $i--) { for ($j = count($server); $j > 0; $j--) { @@ -618,7 +623,7 @@ header('HTTP/1.1 304 Not Modified'); // All 304 responses must send an etag if the 200 response for the same object contained an etag header("Etag: $etag"); - exit(); + return; } // Send appropriate response:
--- a/includes/common.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/common.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: common.inc,v 1.756.2.27 2008/10/08 20:12:17 goba Exp $ +// $Id: common.inc,v 1.756.2.29 2008/10/22 19:26:01 goba Exp $ /** * @file
--- a/includes/database.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/database.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: database.inc,v 1.92.2.2 2008/07/09 21:48:28 goba Exp $ +// $Id: database.inc,v 1.92.2.3 2008/10/20 09:13:04 goba Exp $ /** * @file @@ -172,6 +172,7 @@ */ function _db_error_page($error = '') { global $db_type; + drupal_init_language(); drupal_maintenance_theme(); drupal_set_header('HTTP/1.1 503 Service Unavailable'); drupal_set_title('Site off-line');
--- a/includes/file.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/file.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: file.inc,v 1.121.2.4 2008/09/17 08:13:07 goba Exp $ +// $Id: file.inc,v 1.121.2.5 2008/10/20 09:42:31 goba Exp $ /** * @file @@ -792,7 +792,9 @@ * @param $headers An array of http headers to send along with file. */ function file_transfer($source, $headers) { - ob_end_clean(); + if (ob_get_level()) { + ob_end_clean(); + } foreach ($headers as $header) { // To prevent HTTP header injection, we delete new lines that are
--- a/includes/form.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/form.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: form.inc,v 1.265.2.12 2008/09/23 10:51:16 goba Exp $ +// $Id: form.inc,v 1.265.2.13 2008/10/16 12:43:08 goba Exp $ /** * @defgroup forms Form builder functions @@ -2013,7 +2013,7 @@ $extra = ''; $output = ''; - if ($element['#autocomplete_path']) { + if ($element['#autocomplete_path'] && menu_valid_path(array('link_path' => $element['#autocomplete_path']))) { drupal_add_js('misc/autocomplete.js'); $class[] = 'form-autocomplete'; $extra = '<input class="autocomplete" type="hidden" id="'. $element['#id'] .'-autocomplete" value="'. check_url(url($element['#autocomplete_path'], array('absolute' => TRUE))) .'" disabled="disabled" />';
--- a/includes/menu.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/menu.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: menu.inc,v 1.255.2.21 2008/10/08 12:33:55 goba Exp $ +// $Id: menu.inc,v 1.255.2.25 2008/10/22 17:04:12 goba Exp $ /** * @file @@ -1265,19 +1265,15 @@ $links = array(); foreach ($tree as $item) { if (!$item['link']['hidden']) { + $class = ''; $l = $item['link']['localized_options']; $l['href'] = $item['link']['href']; $l['title'] = $item['link']['title']; if ($item['link']['in_active_trail']) { - if (empty($l['attributes']['class'])) { - $l['attributes']['class'] = 'active-trail'; - } - else { - $l['attributes']['class'] .= ' active-trail'; - } + $class = ' active-trail'; } - // Keyed with unique menu id to generate classes from theme_links(). - $links['menu-'. $item['link']['mlid']] = $l; + // Keyed with the unique mlid to generate classes in theme_links(). + $links['menu-'. $item['link']['mlid'] . $class] = $l; } } return $links; @@ -2218,7 +2214,10 @@ // Extract load and to_arg functions. foreach ($parts as $k => $part) { $match = FALSE; - if (preg_match('/^%([a-z_]*)$/', $part, $matches)) { + // Look for wildcards in the form allowed to be used in PHP functions, + // because we are using these to construct the load function names. + // See http://php.net/manual/en/language.functions.php for reference. + if (preg_match('/^%(|[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)$/', $part, $matches)) { if (empty($matches[1])) { $match = TRUE; $load_functions[$k] = NULL; @@ -2421,7 +2420,7 @@ // page redirects], and specifically suppress its display on the site // maintenance page. if (drupal_get_normal_path($_GET['q']) != 'admin/settings/site-maintenance') { - drupal_set_message(t('Operating in off-line mode.'), 'status', FALSE); + drupal_set_message(l(t('Operating in off-line mode.'), 'admin/settings/site-maintenance'), 'status', FALSE); } } else {
--- a/includes/path.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/path.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: path.inc,v 1.19 2007/11/04 16:42:45 goba Exp $ +// $Id: path.inc,v 1.19.2.1 2008/10/13 21:06:41 dries Exp $ /** * @file @@ -58,6 +58,7 @@ if ($action == 'wipe') { $map = array(); $no_src = array(); + $count = NULL; } elseif ($count > 0 && $path != '') { if ($action == 'alias') {
--- a/includes/session.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/session.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: session.inc,v 1.44.2.3 2008/09/17 07:53:08 goba Exp $ +// $Id: session.inc,v 1.44.2.4 2008/10/20 09:53:32 goba Exp $ /** * @file @@ -61,7 +61,7 @@ // the session table. This reduces memory and server load, and gives more useful // statistics. We can't eliminate anonymous session table rows without breaking // the throttle module and the "Who's Online" block. - if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { + if (!session_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) { return TRUE; }
--- a/includes/theme.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/theme.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: theme.inc,v 1.415.2.12 2008/09/17 08:57:23 goba Exp $ +// $Id: theme.inc,v 1.415.2.13 2008/10/16 13:50:59 dries Exp $ /** * @file @@ -693,7 +693,14 @@ } /** - * Return the path to the currently selected theme. + * Return the path to the current themed element. + * + * It can point to the active theme or the module handling a themed implementation. + * For example, when invoked within the scope of a theming call it will depend + * on where the theming function is handled. If implemented from a module, it + * will point to the module. If implemented from the active theme, it will point + * to the active theme. When called outside the scope of a theming call, it will + * always point to the active theme. */ function path_to_theme() { global $theme_path;
--- a/includes/xmlrpc.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/includes/xmlrpc.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: xmlrpc.inc,v 1.47.2.3 2008/09/17 06:28:54 goba Exp $ +// $Id: xmlrpc.inc,v 1.47.2.4 2008/10/15 14:04:06 dries Exp $ /** * @file @@ -384,13 +384,13 @@ $xmlrpc_date->is_date = TRUE; // $time can be a PHP timestamp or an ISO one if (is_numeric($time)) { - $xmlrpc_date->year = date('Y', $time); - $xmlrpc_date->month = date('m', $time); - $xmlrpc_date->day = date('d', $time); - $xmlrpc_date->hour = date('H', $time); - $xmlrpc_date->minute = date('i', $time); - $xmlrpc_date->second = date('s', $time); - $xmlrpc_date->iso8601 = date('Ymd\TH:i:s', $time); + $xmlrpc_date->year = gmdate('Y', $time); + $xmlrpc_date->month = gmdate('m', $time); + $xmlrpc_date->day = gmdate('d', $time); + $xmlrpc_date->hour = gmdate('H', $time); + $xmlrpc_date->minute = gmdate('i', $time); + $xmlrpc_date->second = gmdate('s', $time); + $xmlrpc_date->iso8601 = gmdate('Ymd\TH:i:s', $time); } else { $xmlrpc_date->iso8601 = $time;
--- a/install.php Tue Dec 23 14:32:19 2008 +0100 +++ b/install.php Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: install.php,v 1.113.2.6 2008/09/17 08:47:04 goba Exp $ +// $Id: install.php,v 1.113.2.7 2008/10/22 16:31:37 goba Exp $ require_once './includes/install.inc'; @@ -838,7 +838,7 @@ // steps. module_enable(array($module)); $context['results'][] = $module; - $context['message'] = 'Installed '. $module_name .' module.'; + $context['message'] = st('Installed %module module.', array('%module' => $module_name)); } /**
--- a/modules/block/block.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/block/block.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: block.admin.inc,v 1.14.2.2 2008/06/24 14:40:08 goba Exp $ +// $Id: block.admin.inc,v 1.14.2.3 2008/10/20 13:02:29 dries Exp $ /** * @file @@ -302,7 +302,7 @@ foreach (list_themes() as $key => $theme) { if ($theme->status) { - db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, %d, %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE); + db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, '%s', %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE); } } @@ -333,7 +333,7 @@ */ function block_box_delete_submit($form, &$form_state) { db_query('DELETE FROM {boxes} WHERE bid = %d', $form_state['values']['bid']); - db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = %d", $form_state['values']['bid']); + db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = '%s'", $form_state['values']['bid']); drupal_set_message(t('The block %name has been removed.', array('%name' => $form_state['values']['info']))); cache_clear_all(); $form_state['redirect'] = 'admin/build/block';
--- a/modules/book/book.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/book/book.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: book.admin.inc,v 1.8.2.2 2008/07/08 10:19:46 goba Exp $ +// $Id: book.admin.inc,v 1.8.2.3 2008/10/22 19:26:01 goba Exp $ /** * @file @@ -170,8 +170,8 @@ * @see book_admin_edit() */ function _book_admin_table_tree($tree, &$form) { - foreach ($tree as $key => $data) { - $form[$key] = array( + foreach ($tree as $data) { + $form['book-admin-'. $data['link']['nid']] = array( '#item' => $data['link'], 'nid' => array('#type' => 'value', '#value' => $data['link']['nid']), 'depth' => array('#type' => 'value', '#value' => $data['link']['depth']),
--- a/modules/forum/forum-topic-list.tpl.php Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/forum/forum-topic-list.tpl.php Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: forum-topic-list.tpl.php,v 1.4 2007/08/30 18:58:12 goba Exp $ +// $Id: forum-topic-list.tpl.php,v 1.4.2.1 2008/10/22 18:22:51 dries Exp $ /** * @file forum-topic-list.tpl.php @@ -52,8 +52,8 @@ <a href="<?php print $topic->new_url; ?>"><?php print $topic->new_text; ?></a> <?php endif; ?> </td> - <td class="created"><?php print $topic->created; ?> - <td class="last-reply"><?php print $topic->last_reply; ?> + <td class="created"><?php print $topic->created; ?></td> + <td class="last-reply"><?php print $topic->last_reply; ?></td> <?php endif; ?> </tr> <?php endforeach; ?>
--- a/modules/locale/locale.module Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/locale/locale.module Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: locale.module,v 1.212.2.4 2008/09/08 21:51:50 dries Exp $ +// $Id: locale.module,v 1.212.2.5 2008/10/20 09:31:06 goba Exp $ /** * @file @@ -573,11 +573,12 @@ // Only show if we have at least two languages and language dependent // web addresses, so we can actually link to other language versions. elseif ($op == 'view' && variable_get('language_count', 1) > 1 && variable_get('language_negotiation', LANGUAGE_NEGOTIATION_NONE) != LANGUAGE_NEGOTIATION_NONE) { + $path = drupal_is_front_page() ? '<front>' : $_GET['q']; $languages = language_list('enabled'); $links = array(); foreach ($languages[1] as $language) { $links[$language->language] = array( - 'href' => $_GET['q'], + 'href' => $path, 'title' => $language->native, 'language' => $language, 'attributes' => array('class' => 'language-link'), @@ -588,7 +589,7 @@ // A translation link may need to point to a different path or use // a translated link text before going through l(), which will just // handle the path aliases. - drupal_alter('translation_link', $links, $_GET['q']); + drupal_alter('translation_link', $links, $path); $block['subject'] = t('Languages'); $block['content'] = theme('links', $links, array());
--- a/modules/profile/profile.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/profile/profile.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: profile.admin.inc,v 1.8 2008/01/21 15:20:43 goba Exp $ +// $Id: profile.admin.inc,v 1.8.2.1 2008/10/16 12:43:08 goba Exp $ /** * @file @@ -269,6 +269,7 @@ $form['fields']['autocomplete'] = array('#type' => 'checkbox', '#title' => t('Form will auto-complete while user is typing.'), '#default_value' => $edit['autocomplete'], + '#description' => t('For security, auto-complete will be disabled if the user does not have access to user profiles.'), ); $form['fields']['required'] = array('#type' => 'checkbox', '#title' => t('The user must enter a value.'),
--- a/modules/system/system.admin.inc Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/system/system.admin.inc Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: system.admin.inc,v 1.63.2.3 2008/05/19 07:27:35 goba Exp $ +// $Id: system.admin.inc,v 1.63.2.4 2008/10/16 20:23:37 dries Exp $ /** * @file @@ -680,16 +680,16 @@ foreach ($file->info['dependencies'] as $dependency) { if (!isset($files[$dependency]) || !$files[$dependency]->status) { if (isset($files[$dependency])) { - $dependencies[] = $files[$dependency]->info['name'] . t(' (<span class="admin-disabled">disabled</span>)'); + $dependencies[] = t('@module (<span class="admin-disabled">disabled</span>)', array('@module' => $files[$dependency]->info['name'])); } else { - $dependencies[] = drupal_ucfirst($dependency) . t(' (<span class="admin-missing">missing</span>)'); + $dependencies[] = t('@module (<span class="admin-missing">missing</span>)', array('@module' => drupal_ucfirst($dependency))); $disabled[] = $filename; $form['disabled_modules']['#value'][$filename] = FALSE; } } else { - $dependencies[] = $files[$dependency]->info['name'] . t(' (<span class="admin-enabled">enabled</span>)'); + $dependencies[] = t('@module (<span class="admin-enabled">enabled</span>)', array('@module' => $files[$dependency]->info['name'])); } } @@ -707,12 +707,12 @@ $dependents = array(); foreach ($file->info['dependents'] as $dependent) { if ($files[$dependent]->status == 1) { - $dependents[] = $files[$dependent]->info['name'] . t(' (<span class="admin-enabled">enabled</span>)'); + $dependents[] = t('@module (<span class="admin-enabled">enabled</span>)', array('@module' => $files[$dependent]->info['name'])); $disabled[] = $filename; $form['disabled_modules']['#value'][$filename] = TRUE; } else { - $dependents[] = $files[$dependent]->info['name'] . t(' (<span class="admin-disabled">disabled</span>)'); + $dependents[] = t('@module (<span class="admin-disabled">disabled</span>)', array('@module' => $files[$dependent]->info['name'])); } }
--- a/modules/system/system.module Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/system/system.module Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: system.module,v 1.585.2.20 2008/10/08 20:12:18 goba Exp $ +// $Id: system.module,v 1.585.2.22 2008/10/22 19:26:02 goba Exp $ /** * @file @@ -9,7 +9,7 @@ /** * The current system version. */ -define('VERSION', '6.5'); +define('VERSION', '6.6'); /** * Core API compatibility.
--- a/modules/translation/translation.module Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/translation/translation.module Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: translation.module,v 1.23.2.1 2008/08/16 21:37:45 dries Exp $ +// $Id: translation.module,v 1.23.2.2 2008/10/16 11:57:52 goba Exp $ /** * @file @@ -244,8 +244,8 @@ */ function translation_remove_from_set($node) { if (isset($node->tnid)) { - if (db_result(db_query('SELECT COUNT(*) FROM {node} WHERE tnid = %d', $node->tnid)) <= 2) { - // There would only be one node left in the set: remove the set altogether. + if (db_result(db_query('SELECT COUNT(*) FROM {node} WHERE tnid = %d', $node->tnid)) == 1) { + // There is only one node left in the set: remove the set altogether. db_query('UPDATE {node} SET tnid = 0, translate = 0 WHERE tnid = %d', $node->tnid); } else {
--- a/modules/user/user-profile.tpl.php Tue Dec 23 14:32:19 2008 +0100 +++ b/modules/user/user-profile.tpl.php Tue Dec 23 14:32:33 2008 +0100 @@ -1,5 +1,5 @@ <?php -// $Id: user-profile.tpl.php,v 1.2 2007/08/07 08:39:36 goba Exp $ +// $Id: user-profile.tpl.php,v 1.2.2.1 2008/10/15 13:52:04 dries Exp $ /** * @file user-profile.tpl.php @@ -13,7 +13,7 @@ * It is keyed to the name of each category or other data attached to the * account. If it is a category it will contain all the profile items. By * default $profile['summary'] is provided which contains data on the user's - * history. Other data can be included by modules. $profile['picture'] is + * history. Other data can be included by modules. $profile['user_picture'] is * available by default showing the account picture. * * Also keep in mind that profile items and their categories can be defined by @@ -26,17 +26,19 @@ * * To check for all available data within $profile, use the code below. * - * <?php print '<pre>'. check_plain(print_r($profile, 1)) .'</pre>'; ?> + * @code + * print '<pre>'. check_plain(print_r($profile, 1)) .'</pre>'; + * @endcode * * @see user-profile-category.tpl.php - * where the html is handled for the group. + * Where the html is handled for the group. * @see user-profile-field.tpl.php - * where the html is handled for each item in the group. + * Where the html is handled for each item in the group. * * Available variables: - * - $user_profile: All user profile data. Ready for print. - * - $profile: Keyed array of profile categories and their items or other data - * provided by modules. + * - $user_profile: All user profile data. Ready for print. + * - $profile: Keyed array of profile categories and their items or other data + * provided by modules. * * @see template_preprocess_user_profile() */