summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2009-01-14 23:34:08 +0000
committerGábor Hojtsy2009-01-14 23:34:08 +0000
commitbdd3062d800919f27627b8fddc3887b2495074c2 (patch)
treef53f712ab54d3a6a95820d596c0bae71093bb282
parent13bbecba8b3bea2ff68a16827ae8b2932b001845 (diff)
Drupal 6.96.9
-rw-r--r--CHANGELOG.txt18
-rw-r--r--includes/common.inc2
-rw-r--r--modules/node/node.module4
-rw-r--r--modules/system/system.module2
-rw-r--r--modules/translation/translation.module35
-rw-r--r--modules/user/user.module1
6 files changed, 46 insertions, 16 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8c6f0f9..ada825d 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,16 @@
// $Id$
+Drupal 6.9, 2009-01-14
+----------------------
+- Fixed security issues, (Access Bypass, Validation Bypass and Hardening
+ against SQL injection), see SA-CORE-2009-001
+- Made HTTP request checking more robust and informative.
+- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and
+ basic shell scripts.
+- Removed t() calls from all schema documentation. Suggested best practice
+ changed for contributed modules, see http://drupal.org/node/322731.
+- Fixed a variety of small bugs.
+
Drupal 6.9-dev, xxxx-xx-xx (development release)
----------------------
@@ -157,6 +168,13 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
+Drupal 5.15, 2009-01-14
+----------------------
+- Fixed security issues, (Hardening against SQL injection), see SA-CORE-2009-001
+- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and
+ basic shell scripts.
+- Fixed a variety of small bugs.
+
Drupal 5.14, 2008-12-11
----------------------
- Removed a previous change incompatible with PHP 5.1.x and lower.
diff --git a/includes/common.inc b/includes/common.inc
index f745819..016fcfe 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL)) {
+ if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
diff --git a/modules/node/node.module b/modules/node/node.module
index df0dcc4..40ccaa5 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -1977,7 +1977,9 @@ function node_search_validate($form, &$form_state) {
function node_access($op, $node, $account = NULL) {
global $user;
- if (!$node) {
+ if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+ // If there was no node to check against, or the $op was not one of the
+ // supported ones, we return access denied.
return FALSE;
}
// Convert the node to an object if necessary:
diff --git a/modules/system/system.module b/modules/system/system.module
index 2d2b1a2..200fc6e 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -9,7 +9,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.9-dev');
+define('VERSION', '6.9');
/**
* Core API compatibility.
diff --git a/modules/translation/translation.module b/modules/translation/translation.module
index 39432d6..5aa1bd3 100644
--- a/modules/translation/translation.module
+++ b/modules/translation/translation.module
@@ -76,10 +76,7 @@ function translation_menu() {
* all languages).
*/
function _translation_tab_access($node) {
- if (!empty($node->language) && translation_supported_type($node->type)) {
- return user_access('translate content');
- }
- return FALSE;
+ return !empty($node->language) && translation_supported_type($node->type) && node_access('view', $node) && user_access('translate content');
}
/**
@@ -192,15 +189,27 @@ function translation_nodeapi(&$node, $op, $teaser, $page) {
switch ($op) {
case 'prepare':
- if (empty($node->nid) && isset($_GET['translation']) && isset($_GET['language']) &&
- ($source_nid = $_GET['translation']) && ($language = $_GET['language']) &&
- (user_access('translate content'))) {
- // We are translating a node from a source node, so
- // load the node to be translated and populate fields.
- $node->language = $language;
- $node->translation_source = node_load($source_nid);
- $node->title = $node->translation_source->title;
- $node->body = $node->translation_source->body;
+ if (empty($node->nid) && user_access('translate content') && isset($_GET['translation']) && isset($_GET['language']) && is_numeric($_GET['translation'])) {
+ $translation_source = node_load($_GET['translation']);
+ if (empty($translation_source) || !node_access('view', $translation_source)) {
+ // Source node not found or no access to view. We should not check
+ // for edit access, since the translator might not have permissions
+ // to edit the source node but should still be able to translate.
+ return;
+ }
+ $language_list = language_list();
+ if (!isset($language_list[$_GET['language']]) || ($translation_source->language == $_GET['language'])) {
+ // If not supported language, or same language as source node, break.
+ return;
+ }
+ // Populate fields based on source node.
+ $node->language = $_GET['language'];
+ $node->translation_source = $translation_source;
+ $node->title = $translation_source->title;
+ // If user has no access to the filter used for the body, Drupal core
+ // does not let the edit form to appear, so we should avoid exposing
+ // the source text here too.
+ $node->body = filter_access($translation_source->format) ? $translation_source->body : '';
// Let every module add custom translated fields.
node_invoke_nodeapi($node, 'prepare translation');
}
diff --git a/modules/user/user.module b/modules/user/user.module
index 75b327d..3ca3e5b 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1534,6 +1534,7 @@ function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
$form['picture']['picture_delete'] = array('#type' => 'hidden');
}
$form['picture']['picture_upload'] = array('#type' => 'file', '#title' => t('Upload picture'), '#size' => 48, '#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) .' '. variable_get('user_picture_guidelines', ''));
+ $form['#validate'][] = 'user_profile_form_validate';
$form['#validate'][] = 'user_validate_picture';
}
$form['#uid'] = $uid;