summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2009-12-16 20:46:31 +0000
committerNeil Drumm2009-12-16 20:46:31 +0000
commitdcd354d5adf857102311e2cd161f08961f584246 (patch)
treed5c6ace4d1ef92b9abf875208618ec44e2206b2b
parent11c3ee45953bb0e5b5987ad4f8dc32ad372b78ca (diff)
Drupal 5.215.21
-rw-r--r--CHANGELOG.txt5
-rw-r--r--modules/contact/contact.module3
-rw-r--r--modules/system/system.module2
3 files changed, 5 insertions, 5 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index bddf6cd..81104c8 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,8 +1,9 @@
// $Id$
-Drupal 5.21, xxxx-xx-xx
+Drupal 5.21, 2009-12-16
-----------------------
-
+- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009.
+- Fixed a variety of small bugs.
Drupal 5.20, 2009-09-16
-----------------------
diff --git a/modules/contact/contact.module b/modules/contact/contact.module
index 3a60284..004e39c 100644
--- a/modules/contact/contact.module
+++ b/modules/contact/contact.module
@@ -145,7 +145,7 @@ function contact_admin_categories() {
$result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
$rows = array();
while ($category = db_fetch_object($result)) {
- $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+ $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
}
$header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
@@ -549,4 +549,3 @@ function contact_mail_page_submit($form_id, $form_values) {
// Jump to home page rather than back to contact page to avoid contradictory messages if flood control has been activated.
return '';
}
-
diff --git a/modules/system/system.module b/modules/system/system.module
index 3601cc9..0c14ef7 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.21-dev');
+define('VERSION', '5.21');
/**
* Implementation of hook_help().