summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2008-12-10 22:21:27 +0000
committerNeil Drumm2008-12-10 22:21:27 +0000
commite9347cca0526f54c91e73302def26afe49dd4244 (patch)
tree3d54e979f4301eaa5fcd6378e1e89ee770a80309
parent7ce6206eaefe43105b6b1b919cbb3a80cb44b521 (diff)
Drupal 5.135.13
-rw-r--r--CHANGELOG.txt5
-rw-r--r--modules/filter/filter.module19
-rw-r--r--modules/system/system.module2
-rw-r--r--update.php21
4 files changed, 31 insertions, 16 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index eed9809..5d63f54 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,10 @@
// $Id$
-Drupal 5.13-dev, xxxx-xx-xx (development version)
+Drupal 5.13, 2008-12-10
-----------------------
+- fixed a variety of small bugs.
+- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073
+- updated robots.txt and .htaccess to match current file use.
Drupal 5.12, 2008-10-22
-----------------------
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index 079a0b2..7d64e18 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -709,13 +709,20 @@ function filter_list_format($format) {
static $filters = array();
if (!isset($filters[$format])) {
- $filters[$format] = array();
$result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight ASC", $format);
- while ($filter = db_fetch_object($result)) {
- $list = module_invoke($filter->module, 'filter', 'list');
- if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
- $filter->name = $list[$filter->delta];
- $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+ if (db_num_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) {
+ // The format has no filters and does not exist, use the default input
+ // format.
+ $filters[$format] = filter_list_format(variable_get('filter_default_format', 1));
+ }
+ else {
+ $filters[$format] = array();
+ while ($filter = db_fetch_object($result)) {
+ $list = module_invoke($filter->module, 'filter', 'list');
+ if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
+ $filter->name = $list[$filter->delta];
+ $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+ }
}
}
}
diff --git a/modules/system/system.module b/modules/system/system.module
index b7f4488..a6cbd75 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.13-dev');
+define('VERSION', '5.13');
/**
* Implementation of hook_help().
diff --git a/update.php b/update.php
index 80b445e..1e4756c 100644
--- a/update.php
+++ b/update.php
@@ -562,10 +562,11 @@ function update_finished_page($success) {
function update_info_page() {
drupal_set_title('Drupal database update');
+ $link = 'update.php?op=selection&token='. drupal_get_token('update');
$output = "<ol>\n";
$output .= "<li>Use this script to <strong>upgrade an existing Drupal installation</strong>. You don't need this script when installing Drupal from scratch.</li>";
$output .= "<li>Before doing anything, backup your database. This process will change your database and its values, and some things might get lost.</li>\n";
- $output .= "<li>Update your Drupal sources, check the notes below and <a href=\"update.php?op=selection\">run the database upgrade script</a>. Don't upgrade your database twice as it may cause problems.</li>\n";
+ $output .= "<li>Update your Drupal sources, check the notes below and <a href=\"$link\">run the database upgrade script</a>. Don't upgrade your database twice as it may cause problems.</li>\n";
$output .= "<li>Go through the various administration pages to change the existing and new settings to your liking.</li>\n";
$output .= "</ol>";
$output .= '<p>For more help, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
@@ -793,10 +794,6 @@ if (($access_check == FALSE) || ($user->uid == 1)) {
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
switch ($op) {
- case 'Update':
- $output = update_update_page();
- break;
-
case 'finished':
$output = update_finished_page(TRUE);
break;
@@ -813,10 +810,18 @@ if (($access_check == FALSE) || ($user->uid == 1)) {
$output = update_progress_page_nojs();
break;
+ case 'Update':
+ if ($_GET['token'] == drupal_get_token('update')) {
+ $output = update_update_page();
+ break;
+ }
+ // If the token did not match we just display the default page.
case 'selection':
- $output = update_selection_page();
- break;
-
+ if ($_GET['token'] == drupal_get_token('update')) {
+ $output = update_selection_page();
+ break;
+ }
+ // If the token did not match we just display the default page.
default:
$output = update_info_page();
break;