summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGábor Hojtsy2013-01-16 21:13:24 (GMT)
committer Gábor Hojtsy2013-01-16 21:13:24 (GMT)
commitf8c1eab055891c67cb8235f17e2de41cfb522204 (patch)
treed23c82198cbd1038d4f32c36569e914ed19c62f3
parentc516e6b20337db6ed874a20d90db535f2de2fd35 (diff)
parent6f2fd0451a5cae837870da665f35514d8730fcf3 (diff)
Merge branch '6.27-security' into 6.x
-rw-r--r--CHANGELOG.txt3
-rw-r--r--includes/common.inc2
-rw-r--r--misc/drupal.js23
-rw-r--r--misc/tableheader.js2
-rw-r--r--modules/book/book.pages.inc8
-rw-r--r--modules/system/system.module2
6 files changed, 36 insertions, 4 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index a2f05dd..fa1fd02 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,7 @@
-Drupal 6.28-dev, xxxx-xx-xx (development release)
+Drupal 6.28, 2013-01-16
----------------------
+- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-001.
Drupal 6.27, 2012-12-19
----------------------
diff --git a/includes/common.inc b/includes/common.inc
index b7d671c..5daec47 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -665,7 +665,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL ^ E_DEPRECATED)) {
+ if ($errno & (E_ALL ^ E_DEPRECATED ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
diff --git a/misc/drupal.js b/misc/drupal.js
index f29e398..a85b8f8 100644
--- a/misc/drupal.js
+++ b/misc/drupal.js
@@ -1,4 +1,27 @@
+/**
+ * Override jQuery.fn.init to guard against XSS attacks.
+ *
+ * See http://bugs.jquery.com/ticket/9521
+ */
+(function () {
+ var jquery_init = jQuery.fn.init;
+ jQuery.fn.init = function (selector, context, rootjQuery) {
+ // If the string contains a "#" before a "<", treat it as invalid HTML.
+ if (selector && typeof selector === 'string') {
+ var hash_position = selector.indexOf('#');
+ if (hash_position >= 0) {
+ var bracket_position = selector.indexOf('<');
+ if (bracket_position > hash_position) {
+ throw 'Syntax error, unrecognized expression: ' + selector;
+ }
+ }
+ }
+ return jquery_init.call(this, selector, context, rootjQuery);
+ };
+ jQuery.fn.init.prototype = jquery_init.prototype;
+})();
+
var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'themes': {}, 'locale': {} };
/**
diff --git a/misc/tableheader.js b/misc/tableheader.js
index 9d05e23..9deb18d 100644
--- a/misc/tableheader.js
+++ b/misc/tableheader.js
@@ -69,7 +69,7 @@ Drupal.behaviors.tableHeader = function (context) {
// Get the height of the header table and scroll up that amount.
if (prevAnchor != location.hash) {
if (location.hash != '') {
- var offset = $('td' + location.hash).offset();
+ var offset = $(document).find('td' + location.hash).offset();
if (offset) {
var top = offset.top;
var scrollLocation = top - $(e).height();
diff --git a/modules/book/book.pages.inc b/modules/book/book.pages.inc
index 46eb86a..e0e3f65 100644
--- a/modules/book/book.pages.inc
+++ b/modules/book/book.pages.inc
@@ -39,6 +39,14 @@ function book_render() {
* in a format determined by the $type parameter.
*/
function book_export($type, $nid) {
+ // Check that the node exists and that the current user has access to it.
+ $node = node_load($nid);
+ if (!$node) {
+ return MENU_NOT_FOUND;
+ }
+ if (!node_access('view', $node)) {
+ return MENU_ACCESS_DENIED;
+ }
$type = drupal_strtolower($type);
diff --git a/modules/system/system.module b/modules/system/system.module
index 57cc91a..320f51f 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.28-dev');
+define('VERSION', '6.28');
/**
* Core API compatibility.