Drupal 5.165.16

3 files changed, 5 insertions, 2 deletions

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 5051446..f5d6683 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,9 @@
 // $Id$
 
-Drupal 5.16-dev, xxxx-xx-xx (development version)
+Drupal 5.16, 2009-02-25
 -----------------------
+- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004.
+- Fixed a variety of small bugs.
 
 Drupal 5.15, 2009-01-14
 -----------------------
diff --git a/modules/system/system.module b/modules/system/system.module
index 00529ff..eff46c6 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.16-dev');
+define('VERSION', '5.16');
 
 /**
  * Implementation of hook_help().
diff --git a/themes/engines/phptemplate/phptemplate.engine b/themes/engines/phptemplate/phptemplate.engine
index ab481c7..df3943a 100644
--- a/themes/engines/phptemplate/phptemplate.engine
+++ b/themes/engines/phptemplate/phptemplate.engine
@@ -257,6 +257,7 @@ function phptemplate_page($content, $show_blocks = TRUE) {
   $suggestion = 'page';
   $suggestions = array($suggestion);
   while ($arg = arg($i++)) {
+    $arg = str_replace(array('/', '\\', '\0'), '', $arg);
     $suggestions[] = $suggestion . '-' . $arg;
     if (!is_numeric($arg)) {
       $suggestion .= '-' . $arg;