summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2009-01-14 23:32:15 +0000
committerNeil Drumm2009-01-14 23:32:15 +0000
commit2cb5d614afb3bcea9e07f3f93db7cab7f90ddec0 (patch)
tree17848a0f3adf170694a4842148cebdb0871ea426
parent27ef990b67115b263fa18a9bbfb4f4710741f4e8 (diff)
Drupal 5.155.15
-rw-r--r--CHANGELOG.txt7
-rw-r--r--modules/node/node.module5
-rw-r--r--modules/system/system.module2
3 files changed, 12 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 2d3dd6b..363e50e 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,12 @@
// $Id$
-Drupal 5.15, xxxx-xx-xx (development version)
+Drupal 5.15, 2009-01-14
-----------------------
+- Fixed security issues, (Hardening against SQL injection), see
+ SA-CORE-2009-001
+- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell
+ scripts.
+- Fixed a variety of small bugs.
Drupal 5.14, 2008-12-11
diff --git a/modules/node/node.module b/modules/node/node.module
index a315601..0127945 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -2753,6 +2753,11 @@ function node_search_validate($form_id, $form_values, $form) {
function node_access($op, $node = NULL) {
global $user;
+ if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+ // If there was no node to check against, or the $op was not one of the
+ // supported ones, we return access denied.
+ return FALSE;
+ }
// Convert the node to an object if necessary:
if ($op != 'create') {
$node = (object)$node;
diff --git a/modules/system/system.module b/modules/system/system.module
index aec703e..3c8a51f 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.15-dev');
+define('VERSION', '5.15');
/**
* Implementation of hook_help().