diff options
| author | Gábor Hojtsy | 2009-12-16 20:47:10 (GMT) |
|---|---|---|
| committer | Gábor Hojtsy | 2009-12-16 20:47:10 (GMT) |
| commit | 23bda276dc19dd3b3d17174b808020ae820879c7 (patch) | |
| tree | 3790d869c27da5c67994cd14b0acf449f4e4c948 | |
| parent | 8d634807273bd12c77a8d7923a861a6dcec39456 (diff) | |
Drupal 6.156.15
| -rw-r--r-- | CHANGELOG.txt | 13 | ||||
| -rw-r--r-- | includes/common.inc | 2 | ||||
| -rw-r--r-- | modules/contact/contact.admin.inc | 2 | ||||
| -rw-r--r-- | modules/menu/menu.admin.inc | 1 | ||||
| -rw-r--r-- | modules/system/system.module | 2 |
5 files changed, 14 insertions, 6 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index fe1de74..ca3abe1 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,9 @@ // $Id$ -Drupal 6.15-dev, xxxx-xx-xx (development release) +Drupal 6.15, 2009-12-16 ---------------------- +- Fixed security issues (Cross site scripting), see SA-CORE-2009-009. +- Fixed a variety of other bugs. Drupal 6.14, 2009-09-16 ---------------------- @@ -92,7 +94,7 @@ Drupal 6.3, 2008-07-09 - Fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+). - Fixed a variety of small bugs. -Drupal 6.2, 2008-04-09 +Drupal 6.2, 2008-04-09 ---------------------- - Fixed a variety of small bugs. - Fixed a security issue (Access bypasses), see SA-2008-026. @@ -204,6 +206,11 @@ Drupal 6.0, 2008-02-13 - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.21, 2009-12-16 +----------------------- +- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. +- Fixed a variety of small bugs. + Drupal 5.20, 2009-09-16 ----------------------- - Avoid security problems resulting from writing Drupal 6-style menu declarations. @@ -245,7 +252,7 @@ Drupal 5.13, 2008-12-10 ----------------------- - fixed a variety of small bugs. - fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 -- updated robots.txt and .htaccess to match current file use. +- updated robots.txt and .htaccess to match current file use. Drupal 5.12, 2008-10-22 ----------------------- diff --git a/includes/common.inc b/includes/common.inc index f72a826..5267279 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -617,7 +617,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL ^ E_DEPRECATED)) { + if ($errno & (E_ALL ^ E_DEPRECATED ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/modules/contact/contact.admin.inc b/modules/contact/contact.admin.inc index 38360d4..e83afa4 100644 --- a/modules/contact/contact.admin.inc +++ b/modules/contact/contact.admin.inc @@ -13,7 +13,7 @@ function contact_admin_categories() { $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category'); $rows = array(); while ($category = db_fetch_object($result)) { - $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); + $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); } $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2)); diff --git a/modules/menu/menu.admin.inc b/modules/menu/menu.admin.inc index aeed0ba..a8e8b49 100644 --- a/modules/menu/menu.admin.inc +++ b/modules/menu/menu.admin.inc @@ -15,6 +15,7 @@ function menu_overview_page() { while ($menu = db_fetch_array($result)) { $menu['href'] = 'admin/build/menu-customize/'. $menu['menu_name']; $menu['localized_options'] = array(); + $menu['description'] = filter_xss_admin($menu['description']); $content[] = $menu; } return theme('admin_block_content', $content); diff --git a/modules/system/system.module b/modules/system/system.module index 154ad65..f886d4c 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -9,7 +9,7 @@ /** * The current system version. */ -define('VERSION', '6.15-dev'); +define('VERSION', '6.15'); /** * Core API compatibility. |