summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2008-10-22 19:25:28 +0000
committerNeil Drumm2008-10-22 19:25:28 +0000
commitb16fce2cfd43ff13820252e4ad9279ac8e789454 (patch)
tree96764d688a5df4ad26c09f04d004ddcf165972d1
parentae51115c34ae69d9df635b5128bd8613c61b8a78 (diff)
Drupal 5.125.12
-rw-r--r--CHANGELOG.txt3
-rw-r--r--includes/bootstrap.inc5
-rw-r--r--modules/system/system.module2
3 files changed, 8 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index f6dff0b..b3421dd 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,8 @@
// $Id$
-Drupal 5.12-dev, xxxx-xx-xx (development version)
+Drupal 5.12, 2008-10-22
-----------------------
+- fixed security issues, (File inclusion), see SA-2008-067
Drupal 5.11, 2008-10-08
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 74af163..fbf3168 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -201,6 +201,11 @@ function conf_path() {
$confdir = 'sites';
$uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
+ if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) {
+ // A HTTP_HOST containing slashes may be an attack and is invalid.
+ header('HTTP/1.1 400 Bad Request');
+ exit;
+ }
$server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
for ($i = count($uri) - 1; $i > 0; $i--) {
for ($j = count($server); $j > 0; $j--) {
diff --git a/modules/system/system.module b/modules/system/system.module
index 5f57b93..d36d186 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.12-dev');
+define('VERSION', '5.12');
/**
* Implementation of hook_help().