summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Rothstein2016-06-15 16:05:31 -0400
committerDavid Rothstein2016-06-15 16:05:31 -0400
commit0e38d9407d03143276147b9d3f1a2dae8826c99c (patch)
treeaa8ea17b03abb072e55685ca245df79b49e222d7
parent7b2dc7936e2566c711159f75634cbb60ddacb340 (diff)
Drupal 7.44 (SA-CORE-2016-002) by alfaguru, benjy, nagba, David_Rothstein, larowlan, stefan.r, vlad.k, pwolanin7.44
-rw-r--r--CHANGELOG.txt4
-rw-r--r--includes/bootstrap.inc2
-rw-r--r--modules/user/user.module2
3 files changed, 6 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 72d9d8f..2eea11b 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,4 +1,8 @@
+Drupal 7.44, 2016-06-15
+-----------------------
+- Fixed security issues (privilege escalation). See SA-CORE-2016-002.
+
Drupal 7.43, 2016-02-24
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2016-001.
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 0428bd3..aea69a2 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '7.43');
+define('VERSION', '7.44');
/**
* Core API compatibility.
diff --git a/modules/user/user.module b/modules/user/user.module
index d38de69..9b00392 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1162,7 +1162,7 @@ function user_account_form(&$form, &$form_state) {
$form['account']['roles'] = array(
'#type' => 'checkboxes',
'#title' => t('Roles'),
- '#default_value' => (!$register && isset($account->roles) ? array_keys($account->roles) : array()),
+ '#default_value' => (!$register && !empty($account->roles) ? array_keys(array_filter($account->roles)) : array()),
'#options' => $roles,
'#access' => $roles && user_access('administer permissions'),
DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,