summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2008-10-22 19:26:02 +0000
committerGábor Hojtsy2008-10-22 19:26:02 +0000
commit87a469b868ad719c11fb59d932b8d4a5bcf02b08 (patch)
treef58759a15efd48277a05469b45d5ef740720e348
parent5d3ef5091a4914ae8e9d23dd176284cf96bff3ed (diff)
Drupal 6.66.6
-rw-r--r--CHANGELOG.txt8
-rw-r--r--includes/bootstrap.inc5
-rw-r--r--includes/common.inc2
-rw-r--r--modules/book/book.admin.inc4
-rw-r--r--modules/system/system.module2
5 files changed, 16 insertions, 5 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 203b23a..18ee76d 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,9 @@
// $Id$
-Drupal 6.6-dev, xxxx-xx-xx (development release)
+Drupal 6.6, 2008-10-22
----------------------
+- Fixed security issues, (File inclusion, Cross site scripting), see SA-2008-067
+- Fixed a variety of small bugs.
Drupal 6.5, 2008-10-08
----------------------
@@ -140,6 +142,10 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
+Drupal 5.12, 2008-10-22
+-----------------------
+- fixed security issues, (File inclusion), see SA-2008-067
+
Drupal 5.11, 2008-10-08
-----------------------
- fixed a variety of small bugs.
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 4e0a497..7601ef0 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -238,6 +238,11 @@ function conf_path($require_settings = TRUE, $reset = FALSE) {
$confdir = 'sites';
$uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
+ if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) {
+ // A HTTP_HOST containing slashes may be an attack and is invalid.
+ header('HTTP/1.1 400 Bad Request');
+ exit;
+ }
$server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
for ($i = count($uri) - 1; $i > 0; $i--) {
for ($j = count($server); $j > 0; $j--) {
diff --git a/includes/common.inc b/includes/common.inc
index 445261f..9488bb9 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -587,7 +587,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL)) {
+ if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
diff --git a/modules/book/book.admin.inc b/modules/book/book.admin.inc
index c608664..0a451d7 100644
--- a/modules/book/book.admin.inc
+++ b/modules/book/book.admin.inc
@@ -170,8 +170,8 @@ function _book_admin_table($node, &$form) {
* @see book_admin_edit()
*/
function _book_admin_table_tree($tree, &$form) {
- foreach ($tree as $key => $data) {
- $form[$key] = array(
+ foreach ($tree as $data) {
+ $form['book-admin-'. $data['link']['nid']] = array(
'#item' => $data['link'],
'nid' => array('#type' => 'value', '#value' => $data['link']['nid']),
'depth' => array('#type' => 'value', '#value' => $data['link']['depth']),
diff --git a/modules/system/system.module b/modules/system/system.module
index 656ec51..934a565 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -9,7 +9,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.6-dev');
+define('VERSION', '6.6');
/**
* Core API compatibility.