summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2009-07-01 20:52:11 +0000
committerNeil Drumm2009-07-01 20:52:11 +0000
commit46dc6485442b28ea976e565d24ecd162aa11c305 (patch)
tree497de233b1edc11be847749f6ec92f23659e2db3
parentf276076850b7436c83a2141a6fba124e2a53a961 (diff)
Drupal 5.195.19
-rw-r--r--CHANGELOG.txt6
-rw-r--r--includes/pager.inc2
-rw-r--r--includes/tablesort.inc2
-rw-r--r--modules/forum/forum.module5
-rw-r--r--modules/system/system.module2
5 files changed, 14 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index e879522..3d86038 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,11 @@
// $Id$
+Drupal 5.19, 2009-07-01
+-----------------------
+- Fixed security issues (Cross site scripting and Password leakage in URL), see
+ SA-CORE-2009-007.
+- Fixed a variety of small bugs.
+
Drupal 5.18, 2009-05-13
-----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
diff --git a/includes/pager.inc b/includes/pager.inc
index edf2ba0..a4f392c 100644
--- a/includes/pager.inc
+++ b/includes/pager.inc
@@ -85,7 +85,7 @@ function pager_query($query, $limit = 10, $element = 0, $count_query = NULL) {
function pager_get_querystring() {
static $string = NULL;
if (!isset($string)) {
- $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
+ $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
}
return $string;
}
diff --git a/includes/tablesort.inc b/includes/tablesort.inc
index a458356..4f85881 100644
--- a/includes/tablesort.inc
+++ b/includes/tablesort.inc
@@ -131,7 +131,7 @@ function tablesort_cell($cell, $header, $ts, $i) {
* except for those pertaining to table sorting.
*/
function tablesort_get_querystring() {
- return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
+ return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
}
/**
diff --git a/modules/forum/forum.module b/modules/forum/forum.module
index a84bfa0..1685863 100644
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -833,6 +833,11 @@ function _forum_new($tid) {
* Menu callback; prints a forum listing.
*/
function forum_page($tid = 0) {
+ if (!is_numeric($tid)) {
+ return MENU_NOT_FOUND;
+ }
+ $tid = (int)$tid;
+
drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
$forum_per_page = variable_get('forum_per_page', 25);
$sortby = variable_get('forum_order', 1);
diff --git a/modules/system/system.module b/modules/system/system.module
index 9228287..e2e96e1 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.18');
+define('VERSION', '5.19');
/**
* Implementation of hook_help().