summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2009-09-16 19:33:40 +0000
committerNeil Drumm2009-09-16 19:33:40 +0000
commit30ad0102ae97407e04b36bfe53fe6319cbffb8f5 (patch)
tree7f1a6e7c32fd114e71f09f0703dd88cdf617495a
parent404fcf299ff0cac27c1f12d9d2f417fccead87f0 (diff)
Drupal 5.205.20
-rw-r--r--CHANGELOG.txt8
-rw-r--r--modules/system/system.module2
-rw-r--r--modules/user/user.module2
3 files changed, 8 insertions, 4 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 4b7aaf2..d442629 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,9 +1,11 @@
// $Id$
-Drupal 5.20-dev xxxx-xx-xx
+Drupal 5.20, 2009-09-16
-----------------------
-- The 'access' element for hook_menu() now interprets Drupal 6 style values,
- like array('access content').
+- Avoid security problems resulting from writing Drupal 6-style menu
+ declarations.
+- Fixed security issues (session fixation), see SA-CORE-2009-008.
+- Fixed a variety of small bugs.
Drupal 5.19, 2009-07-01
-----------------------
diff --git a/modules/system/system.module b/modules/system/system.module
index 7313a6a..8f814f2 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.20-dev');
+define('VERSION', '5.20');
/**
* Implementation of hook_help().
diff --git a/modules/user/user.module b/modules/user/user.module
index 1e689a5..c5cadd6 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1149,6 +1149,8 @@ function user_pass_reset($uid, $timestamp, $hashed_pass, $action = NULL) {
$user = $account;
// And proceed with normal login, going to user page.
$edit = array();
+ // Regenerate the session ID to prevent against session fixation attacks.
+ sess_regenerate();
user_module_invoke('login', $edit, $user);
drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
drupal_goto('user/'. $user->uid .'/edit');