diff options
author | Neil Drumm | 2009-02-25 23:14:05 (GMT) |
---|---|---|
committer | Neil Drumm | 2009-02-25 23:14:05 (GMT) |
commit | 245bc2ea4a6dd4253929fed5c22d6dc3696d2097 (patch) | |
tree | 598d94d8ea95d385a8a274838f8d3218caef748a | |
parent | 6372073268de80e7646d3ab9f3d5a1c333f51783 (diff) |
Drupal 5.165.16
-rw-r--r-- | CHANGELOG.txt | 4 | ||||
-rw-r--r-- | modules/system/system.module | 2 | ||||
-rw-r--r-- | themes/engines/phptemplate/phptemplate.engine | 1 |
3 files changed, 5 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 5051446..f5d6683 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,9 @@ // $Id$ -Drupal 5.16-dev, xxxx-xx-xx (development version) +Drupal 5.16, 2009-02-25 ----------------------- +- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004. +- Fixed a variety of small bugs. Drupal 5.15, 2009-01-14 ----------------------- diff --git a/modules/system/system.module b/modules/system/system.module index 00529ff..eff46c6 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -6,7 +6,7 @@ * Configuration system that lets administrators modify the workings of the site. */ -define('VERSION', '5.16-dev'); +define('VERSION', '5.16'); /** * Implementation of hook_help(). diff --git a/themes/engines/phptemplate/phptemplate.engine b/themes/engines/phptemplate/phptemplate.engine index ab481c7..df3943a 100644 --- a/themes/engines/phptemplate/phptemplate.engine +++ b/themes/engines/phptemplate/phptemplate.engine @@ -257,6 +257,7 @@ function phptemplate_page($content, $show_blocks = TRUE) { $suggestion = 'page'; $suggestions = array($suggestion); while ($arg = arg($i++)) { + $arg = str_replace(array('/', '\\', '\0'), '', $arg); $suggestions[] = $suggestion . '-' . $arg; if (!is_numeric($arg)) { $suggestion .= '-' . $arg; |