summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2007-10-17 21:47:14 +0000
committerGábor Hojtsy2007-10-17 21:47:14 +0000
commita3f3cb346bebb09dd89f31705c43c0c7d5c690d1 (patch)
treeafdf7c9e25ac03eae91fa15fc0328bd57474cbab
parent988d4f505a8896df226660f37286c7f0bbe01e01 (diff)
Drupal 6.0-beta 2 release with all Drupal 5.3 security fixes applied6.0-beta-2
-rw-r--r--CHANGELOG.txt37
-rw-r--r--includes/common.inc11
-rw-r--r--install.php8
-rw-r--r--modules/system/system.module2
-rw-r--r--modules/upload/upload.admin.inc2
-rw-r--r--modules/upload/upload.module4
6 files changed, 53 insertions, 11 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8bfc125..2b9f969 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,6 @@
// $Id$
-Drupal 6.0, xxxx-xx-xx (development version)
+Drupal 6.0-beta2, 2007-10-17
----------------------
- New, faster and better menu system.
- New watchdog as a hook functionality.
@@ -92,6 +92,27 @@ Drupal 6.0, xxxx-xx-xx (development version)
- Removed drupal.module. The functionality lives on as the Site network
contributed module (http://drupal.org/project/site_network).
+Drupal 5.3, 2007-10-17
+----------------------
+- fixed a variety of small bugs.
+- fixed a security issue (HTTP response splitting), see SA-2007-024
+- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025
+- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
+- fixed a security issue (User deletion cross site request forgery), see SA-2007-029
+- fixed a security issue (API handling of unpublished comment), see SA-2007-030
+
+Drupal 5.2, 2007-07-26
+----------------------
+- changed hook_link() $teaser argument to match documentation.
+- fixed a variety of small bugs.
+- fixed a security issue (cross-site request forgery), see SA-2007-017
+- fixed a security issue (cross-site scripting), see SA-2007-018
+
+Drupal 5.1, 2007-01-29
+----------------------
+- fixed security issue (code execution), see SA-2007-005
+- fixed a variety of small bugs.
+
Drupal 5.0, 2007-01-15
----------------------
- Completely retooled the administration page
@@ -169,6 +190,20 @@ Drupal 5.0, 2007-01-15
* Added nested lists generation.
* Added a self-clearing block class.
+Drupal 4.7.8, 2007-10-17
+----------------------
+- fixed a security issue (HTTP response splitting), see SA-2007-024
+- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
+- fixed a security issue (API handling of unpublished comment), see SA-2007-030
+
+Drupal 4.7.7, 2007-07-26
+------------------------
+- fixed security issue (XSS), see SA-2007-018
+
+Drupal 4.7.6, 2007-01-29
+------------------------
+- fixed security issue (code execution), see SA-2007-005
+
Drupal 4.7.5, 2007-01-05
------------------------
- Fixed security issue (XSS), see SA-2007-001
diff --git a/includes/common.inc b/includes/common.inc
index 7055fbb..6b07f20 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -268,11 +268,8 @@ function drupal_get_destination() {
* 'user login'-block in a sidebar. The function drupal_get_destination()
* can be used to help set the destination URL.
*
- * It is advised to use drupal_goto() instead of PHP's header(), because
- * drupal_goto() will append the user's session ID to the URI when PHP is
- * compiled with "--enable-trans-sid". In addition, Drupal will ensure that
- * messages set by drupal_set_message() and other session data are written to
- * the database before the user is redirected.
+ * Drupal will ensure that messages set by drupal_set_message() and other
+ * session data are written to the database before the user is redirected.
*
* This function ends the request; use it rather than a print theme('page')
* statement in your menu callback.
@@ -305,6 +302,8 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response
}
$url = url($path, array('query' => $query, 'fragment' => $fragment, 'absolute' => TRUE));
+ // Remove newlines from the URL to avoid header injection attacks.
+ $url = str_replace(array("\n", "\r"), '', $url);
// Allow modules to react to the end of the page request before redirecting.
module_invoke_all('exit', $url);
@@ -558,7 +557,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL)) {
+ if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
// For database errors, we want the line number/file name of the place that
diff --git a/install.php b/install.php
index 38d2e80..27b426d 100644
--- a/install.php
+++ b/install.php
@@ -208,6 +208,14 @@ function install_change_settings($profile = 'default', $install_locale = '') {
exit;
}
+ if ($db_url == 'mysql://username:password@localhost/databasename') {
+ $db_user = $db_pass = $db_path = '';
+ }
+ elseif (!empty($db_url)) {
+ // Do not install over a configured settings.php.
+ install_already_done_error();
+ }
+
$output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path);
drupal_set_title(st('Database configuration'));
print theme('install_page', $output);
diff --git a/modules/system/system.module b/modules/system/system.module
index eb99f4e..35cba0e 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '6.0-dev');
+define('VERSION', '6.0-beta2');
define('DRUPAL_CORE_COMPATIBILITY', '6.x');
define('DRUPAL_MINIMUM_PHP', '4.3.3');
diff --git a/modules/upload/upload.admin.inc b/modules/upload/upload.admin.inc
index 0e922b1..20472d4 100644
--- a/modules/upload/upload.admin.inc
+++ b/modules/upload/upload.admin.inc
@@ -55,7 +55,7 @@ function upload_admin_settings_validate($form, &$form_state) {
* Menu callback for the upload settings form.
*/
function upload_admin_settings() {
- $upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp');
+ $upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
$upload_uploadsize_default = variable_get('upload_uploadsize_default', 1);
$upload_usersize_default = variable_get('upload_usersize_default', 1);
diff --git a/modules/upload/upload.module b/modules/upload/upload.module
index 2fe77ac..d4e02a7 100644
--- a/modules/upload/upload.module
+++ b/modules/upload/upload.module
@@ -120,9 +120,9 @@ function upload_menu_alter(&$items) {
function _upload_file_limits($user) {
$file_limit = variable_get('upload_uploadsize_default', 1);
$user_limit = variable_get('upload_usersize_default', 1);
- $all_extensions = explode(' ', variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'));
+ $all_extensions = explode(' ', variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
foreach ($user->roles as $rid => $name) {
- $extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'));
+ $extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
$all_extensions = array_merge($all_extensions, explode(' ', $extensions));
// A zero value indicates no limit, take the least restrictive limit.