summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Rothstein2014-11-19 20:20:20 (GMT)
committer David Rothstein2014-11-19 20:20:20 (GMT)
commitcad5d03a80e4ade09947986b136f7e17791ed481 (patch)
tree60f612b5752c48fb2e001ca586f48fe44ef1389f
parent18498306fff77f978e523792f616c1bfcc842e3b (diff)
parent01c9f6164e9b48a7d715e07fb0d98fbe71bae87b (diff)
Merge tag '6.34' into 6.x6.x
6.34 release Conflicts: CHANGELOG.txt modules/system/system.module
-rw-r--r--CHANGELOG.txt6
-rw-r--r--includes/session.inc2
-rw-r--r--modules/system/system.module2
3 files changed, 7 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index a312181..d1dc845 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,11 @@
-Drupal 6.34-dev, xxxx-xx-xx (development release)
+Drupal 6.35-dev, xxxx-xx-xx (development release)
----------------------
+Drupal 6.34, 2014-11-19
+----------------------
+- Fixed security issues (session hijacking). See SA-CORE-2014-006.
+
Drupal 6.33, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.
diff --git a/includes/session.inc b/includes/session.inc
index 9f671b3..540b8d9 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -41,7 +41,7 @@ function sess_read($key) {
register_shutdown_function('session_write_close');
// Handle the case of first time visitors and clients that don't store cookies (eg. web crawlers).
- if (!isset($_COOKIE[session_name()])) {
+ if (empty($key) || !isset($_COOKIE[session_name()])) {
$user = drupal_anonymous_user();
return '';
}
diff --git a/modules/system/system.module b/modules/system/system.module
index e83e4ec..49df5a0 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.34-dev');
+define('VERSION', '6.35-dev');
/**
* Core API compatibility.