summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2009-09-16 19:34:14 +0000
committerGábor Hojtsy2009-09-16 19:34:14 +0000
commitb62ba500242b711ce932ecfeb258c00e22c258ba (patch)
tree35800e036bc9f1a6b6a87754879c7c0899648a40
parentbeba5dd8daa495edfe5761be6ec55b44c7018357 (diff)
Drupal 6.146.14
-rw-r--r--CHANGELOG.txt14
-rw-r--r--includes/common.inc2
-rw-r--r--includes/file.inc19
-rw-r--r--modules/openid/openid.module4
-rw-r--r--modules/openid/openid.pages.inc10
-rw-r--r--modules/system/system.module2
6 files changed, 35 insertions, 16 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8f30b80..be83a06 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,13 @@
// $Id$
-Drupal 6.14-dev, xxxx-xx-xx (development release)
+Drupal 6.14, 2009-09-16
----------------------
+- Fixed security issues (OpenID association cross site request forgeries,
+ OpenID impersonation and File upload), see SA-CORE-2009-008.
+- Changed the system modules page to not run all cache rebuilds; use the
+ button on the performance settings page to achieve the same effect.
+- Added support for PHP 5.3.0 out of the box.
+- Fixed a variety of small bugs.
Drupal 6.13, 2009-07-01
----------------------
@@ -195,6 +201,12 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
+Drupal 5.20, 2009-09-16
+-----------------------
+- Avoid security problems resulting from writing Drupal 6-style menu declarations.
+- Fixed security issues (session fixation), see SA-CORE-2009-008.
+- Fixed a variety of small bugs.
+
Drupal 5.19, 2009-07-01
-----------------------
- Fixed security issues (Cross site scripting and Password leakage in URL), see SA-CORE-2009-007.
diff --git a/includes/common.inc b/includes/common.inc
index fa3878e..ff814c8 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -617,7 +617,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL ^ E_DEPRECATED)) {
+ if ($errno & (E_ALL ^ E_NOTICE ^ E_DEPRECATED)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
diff --git a/includes/file.inc b/includes/file.inc
index 58e0063..4a824de 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -529,13 +529,6 @@ function file_save_upload($source, $validators = array(), $dest = FALSE, $replac
$file->filepath = $_FILES['files']['tmp_name'][$source];
$file->filemime = file_get_mimetype($file->filename);
- // Rename potentially executable files, to help prevent exploits.
- if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
- $file->filemime = 'text/plain';
- $file->filepath .= '.txt';
- $file->filename .= '.txt';
- }
-
// If the destination is not provided, or is not writable, then use the
// temporary directory.
if (empty($dest) || file_check_path($dest) === FALSE) {
@@ -555,6 +548,18 @@ function file_save_upload($source, $validators = array(), $dest = FALSE, $replac
$errors = array_merge($errors, call_user_func_array($function, $args));
}
+ // Rename potentially executable files, to help prevent exploits.
+ if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
+ $file->filemime = 'text/plain';
+ $file->filepath .= '.txt';
+ $file->filename .= '.txt';
+ // As the file may be named example.php.txt, we need to munge again to
+ // convert to example.php_.txt, then create the correct destination.
+ $file->filename = file_munge_filename($file->filename, $extensions);
+ $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), $replace);
+ }
+
+
// Check for validation errors.
if (!empty($errors)) {
$message = t('The selected file %name could not be uploaded.', array('%name' => $file->filename));
diff --git a/modules/openid/openid.module b/modules/openid/openid.module
index 6a619dd..b79ff99 100644
--- a/modules/openid/openid.module
+++ b/modules/openid/openid.module
@@ -192,8 +192,8 @@ function openid_begin($claimed_id, $return_to = '', $form_values = array()) {
}
if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 .'/server', $services[0]['types'])) {
- $identity = 'http://specs.openid.net/auth/2.0/identifier_select';
- }
+ $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select';
+ }
$authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']);
if ($services[0]['version'] == 2) {
diff --git a/modules/openid/openid.pages.inc b/modules/openid/openid.pages.inc
index e1dd362..79afad8 100644
--- a/modules/openid/openid.pages.inc
+++ b/modules/openid/openid.pages.inc
@@ -73,12 +73,14 @@ function openid_user_add_validate($form, &$form_state) {
if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname='%s'", $claimed_id))) {
form_set_error('openid_identifier', t('That OpenID is already in use on this site.'));
}
- else {
- $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE));
- openid_begin($form_state['values']['openid_identifier'], $return_to);
- }
}
+function openid_user_add_submit($form, &$form_state) {
+ $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE));
+ openid_begin($form_state['values']['openid_identifier'], $return_to);
+}
+
+
/**
* Present a confirmation form to delete the specified OpenID identity from the system.
*
diff --git a/modules/system/system.module b/modules/system/system.module
index 9947dce..75d94ca 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -9,7 +9,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.14-dev');
+define('VERSION', '6.14');
/**
* Core API compatibility.