summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGerhard Killesreiter2006-08-02 18:13:27 +0000
committerGerhard Killesreiter2006-08-02 18:13:27 +0000
commit4c0f95b85133c5dff872bad6d6f13707b8443c02 (patch)
treee363edf64d9cb9041eb06c0b136327ef1389323a
parent1c64342bc8f83c16e47c7862976b8758919b5b1f (diff)
SA-2006-0114.7.3
-rw-r--r--CHANGELOG.txt4
-rw-r--r--modules/system.module2
-rw-r--r--modules/user.module2
3 files changed, 6 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 7c9f153..919e6fd 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,9 @@
// $Id$
+Drupal 4.7.3, 2006-08-02
+------------------------
+- fixed security issue (XSS), see SA-2006-011
+
Drupal 4.7.2, 2006-06-01
------------------------
- fixed critical upload issue, see SA-2006-007
diff --git a/modules/system.module b/modules/system.module
index 752ec84..a9b2385 100644
--- a/modules/system.module
+++ b/modules/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '4.7.3 dev');
+define('VERSION', '4.7.3');
/**
* Implementation of hook_help().
diff --git a/modules/user.module b/modules/user.module
index c2b70be..9871a69 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -900,7 +900,7 @@ function user_login($msg = '') {
// Display login form:
if ($msg) {
- $form['message'] = array('#value' => "<p>$msg</p>");
+ $form['message'] = array('#value' => '<p>'. check_plain($msg) .'</p>');
}
unset($_GET['time']);
$form['#action'] = url($_GET['q'], drupal_get_destination());