summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.txt10
-rw-r--r--includes/common.inc4
-rw-r--r--modules/color/color.install17
-rw-r--r--modules/color/color.module13
-rw-r--r--modules/system/system.module2
5 files changed, 42 insertions, 4 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index afbe399..8f6f713 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,14 @@
-Drupal 6.21-dev, xxxx-xx-xx (development release)
+Drupal 6.22, 2011-05-25
----------------------
+- Made Drupal 6 work better with IIS and Internet Explorer.
+- Fixed .po file imports to work better with custom textgroups.
+- Improved code documentation at various places.
+- Fixed a variety of other bugs.
+
+Drupal 6.21, 2011-05-25
+----------------------
+- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
Drupal 6.20, 2010-12-15
----------------------
diff --git a/includes/common.inc b/includes/common.inc
index 6c3cefe..dfd6c4f 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -630,7 +630,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
- if ($errno & (E_ALL ^ E_DEPRECATED)) {
+ if ($errno & (E_ALL ^ E_DEPRECATED ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
@@ -652,7 +652,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
}
}
- $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.';
+ $entry = check_plain($types[$errno]) .': '. filter_xss($message) .' in '. check_plain($filename) .' on line '. check_plain($line) .'.';
// Force display of error messages in update.php.
if (variable_get('error_level', 1) == 1 || strstr($_SERVER['SCRIPT_NAME'], 'update.php')) {
diff --git a/modules/color/color.install b/modules/color/color.install
index d3b478c..33b1f41 100644
--- a/modules/color/color.install
+++ b/modules/color/color.install
@@ -32,3 +32,20 @@ function color_requirements($phase) {
return $requirements;
}
+
+/**
+ * Warn site administrator if unsafe CSS color codes are found in the database.
+ */
+function color_update_6001() {
+ $ret = array();
+ $result = db_query("SELECT name FROM {variable} WHERE name LIKE 'color_%_palette'");
+ while ($variable = db_fetch_array($result)) {
+ $palette = variable_get($variable['name'], array());
+ foreach ($palette as $key => $color) {
+ if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) {
+ drupal_set_message('Some of the custom CSS color codes specified via the color module are invalid. Please examine the themes which are making use of the color module at the <a href="'. url('admin/appearance/settings') .'">Appearance settings</a> page to verify their CSS color values.', 'warning');
+ }
+ }
+ }
+ return $ret;
+}
diff --git a/modules/color/color.module b/modules/color/color.module
index efdb152..63fad7a 100644
--- a/modules/color/color.module
+++ b/modules/color/color.module
@@ -45,6 +45,7 @@ function color_form_alter(&$form, $form_state, $form_id) {
'#theme' => 'color_scheme_form',
);
$form['color'] += color_scheme_form($form_state, arg(4));
+ $form['#validate'][] = 'color_scheme_form_validate';
$form['#submit'][] = 'color_scheme_form_submit';
}
}
@@ -236,6 +237,18 @@ function theme_color_scheme_form($form) {
}
/**
+ * Validation handler for color change form.
+ */
+function color_scheme_form_validate($form, &$form_state) {
+ // Only accept hexadecimal CSS color strings to avoid XSS upon use.
+ foreach ($form_state['values']['palette'] as $key => $color) {
+ if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) {
+ form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title'])));
+ }
+ }
+}
+
+/**
* Submit handler for color change form.
*/
function color_scheme_form_submit($form, &$form_state) {
diff --git a/modules/system/system.module b/modules/system/system.module
index e9583d7..bc540a7 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '6.21-dev');
+define('VERSION', '6.22');
/**
* Core API compatibility.