diff options
author | Neil Drumm | 2008-10-22 19:25:28 (GMT) |
---|---|---|
committer | Neil Drumm | 2008-10-22 19:25:28 (GMT) |
commit | b16fce2cfd43ff13820252e4ad9279ac8e789454 (patch) | |
tree | 96764d688a5df4ad26c09f04d004ddcf165972d1 | |
parent | ae51115c34ae69d9df635b5128bd8613c61b8a78 (diff) |
Drupal 5.125.12
-rw-r--r-- | CHANGELOG.txt | 3 | ||||
-rw-r--r-- | includes/bootstrap.inc | 5 | ||||
-rw-r--r-- | modules/system/system.module | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index f6dff0b..b3421dd 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,8 @@ // $Id$ -Drupal 5.12-dev, xxxx-xx-xx (development version) +Drupal 5.12, 2008-10-22 ----------------------- +- fixed security issues, (File inclusion), see SA-2008-067 Drupal 5.11, 2008-10-08 diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 74af163..fbf3168 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -201,6 +201,11 @@ function conf_path() { $confdir = 'sites'; $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); + if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) { + // A HTTP_HOST containing slashes may be an attack and is invalid. + header('HTTP/1.1 400 Bad Request'); + exit; + } $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); for ($i = count($uri) - 1; $i > 0; $i--) { for ($j = count($server); $j > 0; $j--) { diff --git a/modules/system/system.module b/modules/system/system.module index 5f57b93..d36d186 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -6,7 +6,7 @@ * Configuration system that lets administrators modify the workings of the site. */ -define('VERSION', '5.12-dev'); +define('VERSION', '5.12'); /** * Implementation of hook_help(). |