summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2008-02-27 19:44:44 +0000
committerGábor Hojtsy2008-02-27 19:44:44 +0000
commitd6c7b4cf627ab409c595e1c76bf0a8deadbc7feb (patch)
treee6deb713461dad4348af1acced4490f848149800
parentc709e59123e23c01653e521711b480a2ad0744c8 (diff)
Drupal 6.1; including #227608 (SA-2008-18)6.1
-rw-r--r--CHANGELOG.txt7
-rw-r--r--includes/common.inc2
-rw-r--r--misc/drupal.js3
-rw-r--r--modules/node/node.pages.inc2
-rw-r--r--modules/system/system.module2
5 files changed, 9 insertions, 7 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 5e790dc..4abd8f6 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,8 +1,9 @@
// $Id$
-Drupal 6.1-dev, xxxx-xx-xx (development version)
------------------------
-
+Drupal 6.1, 2008-02-27
+----------------------
+- fixed a variety of small bugs.
+- fixed a security issue (Cross site scripting), see SA-2008-018
Drupal 6.0, 2008-02-13
----------------------
diff --git a/includes/common.inc b/includes/common.inc
index 90b0329..ccb8520 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL)) {
+ if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
diff --git a/misc/drupal.js b/misc/drupal.js
index 04dd70c..50498d8 100644
--- a/misc/drupal.js
+++ b/misc/drupal.js
@@ -51,7 +51,8 @@ Drupal.checkPlain = function(str) {
str = String(str);
var replace = { '&': '&amp;', '"': '&quot;', '<': '&lt;', '>': '&gt;' };
for (var character in replace) {
- str = str.replace(character, replace[character]);
+ var regex = new RegExp(character, 'g');
+ str = str.replace(regex, replace[character]);
}
return str;
};
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index aef2308..5a72ebb 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -11,7 +11,7 @@
* Menu callback; presents the node editing form, or redirects to delete confirmation.
*/
function node_page_edit($node) {
- drupal_set_title($node->title);
+ drupal_set_title(check_plain($node->title));
return drupal_get_form($node->type .'_node_form', $node);
}
diff --git a/modules/system/system.module b/modules/system/system.module
index 5b8100a..c8e7ca9 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -9,7 +9,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.1-dev');
+define('VERSION', '6.1');
/**
* Core API compatibility.