summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2008-12-10 22:30:14 +0000
committerGábor Hojtsy2008-12-10 22:30:14 +0000
commitead5598cdfaf1505b478aa03db4017f9c1f829f5 (patch)
tree3fd995b2a19f6de78a85dcd74c7cd153396dec98
parentdfc80fe00f2710201984d64e600bde7921f5f8e7 (diff)
Drupal 6.76.7
-rw-r--r--CHANGELOG.txt11
-rw-r--r--includes/common.inc2
-rw-r--r--modules/filter/filter.module19
-rw-r--r--modules/system/system.module2
-rw-r--r--update.php23
5 files changed, 39 insertions, 18 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 4895320..27c3026 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,10 @@
// $Id$
-Drupal 6.7-dev, xxxx-xx-xx (development release)
+Drupal 6.7, 2008-12-10
----------------------
+- Fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073
+- Updated robots.txt and .htaccess to match current file use.
+- Fixed a variety of small bugs.
Drupal 6.6, 2008-10-22
----------------------
@@ -147,6 +150,12 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
+Drupal 5.13, 2008-12-10
+-----------------------
+- fixed a variety of small bugs.
+- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073
+- updated robots.txt and .htaccess to match current file use.
+
Drupal 5.12, 2008-10-22
-----------------------
- fixed security issues, (File inclusion), see SA-2008-067
diff --git a/includes/common.inc b/includes/common.inc
index a6cb14a..9ae6c96 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -586,7 +586,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL)) {
+ if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index 5bb2ca4..4c4cd6a 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -375,13 +375,20 @@ function filter_list_format($format) {
static $filters = array();
if (!isset($filters[$format])) {
- $filters[$format] = array();
$result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight, module, delta", $format);
- while ($filter = db_fetch_object($result)) {
- $list = module_invoke($filter->module, 'filter', 'list');
- if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
- $filter->name = $list[$filter->delta];
- $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+ if (db_affected_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) {
+ // The format has no filters and does not exist, use the default input
+ // format.
+ $filters[$format] = filter_list_format(variable_get('filter_default_format', 1));
+ }
+ else {
+ $filters[$format] = array();
+ while ($filter = db_fetch_object($result)) {
+ $list = module_invoke($filter->module, 'filter', 'list');
+ if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
+ $filter->name = $list[$filter->delta];
+ $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+ }
}
}
}
diff --git a/modules/system/system.module b/modules/system/system.module
index 479c288..d3673c3 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -9,7 +9,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.7-dev');
+define('VERSION', '6.7');
/**
* Core API compatibility.
diff --git a/update.php b/update.php
index 79eedcc..dec8b10 100644
--- a/update.php
+++ b/update.php
@@ -369,6 +369,7 @@ function update_info_page() {
update_task_list('info');
drupal_set_title('Drupal database update');
+ $token = drupal_get_token('update');
$output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
$output .= "<ol>\n";
$output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
@@ -377,7 +378,7 @@ function update_info_page() {
$output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
$output .= "</ol>\n";
$output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
- $output .= '<form method="post" action="update.php?op=selection"><input type="submit" value="Continue" /></form>';
+ $output .= '<form method="post" action="update.php?op=selection&token='. $token .'"><input type="submit" value="Continue" /></form>';
$output .= "\n";
return $output;
}
@@ -627,17 +628,21 @@ if (!empty($update_free_access) || $user->uid == 1) {
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
switch ($op) {
- // update.php ops
- case 'info':
- $output = update_info_page();
- break;
-
case 'selection':
- $output = update_selection_page();
- break;
+ if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
+ $output = update_selection_page();
+ break;
+ }
case 'Update':
- update_batch();
+ if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
+ update_batch();
+ break;
+ }
+
+ // update.php ops
+ case 'info':
+ $output = update_info_page();
break;
case 'results':