diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c5c246a9be180142508a1845391a29c7a78a3fcf..cc72f067ef284b2eb18f7ce52dac96a3e2ac454d 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,7 @@ -Drupal 6.23-dev, xxxx-xx-xx (development release) +Drupal 6.23, 2012-02-01 ---------------------- +- Fixed security issues (Cross site scripting), see SA-CORE-2012-001. Drupal 6.22, 2011-05-25 ---------------------- diff --git a/includes/common.inc b/includes/common.inc index 3d737847017d0093607294b3f1df235cf879592d..dfd6c4f4130daa048876a4869c84d4b5d29a57c1 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -630,7 +630,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL ^ E_DEPRECATED)) { + if ($errno & (E_ALL ^ E_DEPRECATED ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/modules/aggregator/aggregator.admin.inc b/modules/aggregator/aggregator.admin.inc index 221d0ab2e4ea9505e0867d443d75c9ee6d1ab7f4..ca879f9474961cc7dcd485cca101ff89ffab1dd4 100644 --- a/modules/aggregator/aggregator.admin.inc +++ b/modules/aggregator/aggregator.admin.inc @@ -26,7 +26,15 @@ function aggregator_view() { $header = array(t('Title'), t('Items'), t('Last update'), t('Next update'), array('data' => t('Operations'), 'colspan' => '3')); $rows = array(); while ($feed = db_fetch_object($result)) { - $rows[] = array(l($feed->title, "aggregator/sources/$feed->fid"), format_plural($feed->items, '1 item', '@count items'), ($feed->checked ? t('@time ago', array('@time' => format_interval(time() - $feed->checked))) : t('never')), ($feed->checked ? t('%time left', array('%time' => format_interval($feed->checked + $feed->refresh - time()))) : t('never')), l(t('edit'), "admin/content/aggregator/edit/feed/$feed->fid"), l(t('remove items'), "admin/content/aggregator/remove/$feed->fid"), l(t('update items'), "admin/content/aggregator/update/$feed->fid")); + $rows[] = array( + l($feed->title, "aggregator/sources/$feed->fid"), + format_plural($feed->items, '1 item', '@count items'), + ($feed->checked ? t('@time ago', array('@time' => format_interval(time() - $feed->checked))) : t('never')), + ($feed->checked ? t('%time left', array('%time' => format_interval($feed->checked + $feed->refresh - time()))) : t('never')), + l(t('edit'), "admin/content/aggregator/edit/feed/$feed->fid"), + l(t('remove items'), "admin/content/aggregator/remove/$feed->fid"), + l(t('update items'), "admin/content/aggregator/update/$feed->fid", array('query' => array('token' => drupal_get_token("aggregator/update/$feed->fid")))), + ); } $output .= theme('table', $header, $rows); @@ -209,6 +217,9 @@ function aggregator_admin_remove_feed_submit($form, &$form_state) { * An associative array describing the feed to be refreshed. */ function aggregator_admin_refresh_feed($feed) { + if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], 'aggregator/update/' . $feed['fid'])) { + return drupal_access_denied(); + } aggregator_refresh($feed); drupal_goto('admin/content/aggregator'); } diff --git a/modules/openid/openid.module b/modules/openid/openid.module index f1885df3d90fe182ec60bf379a4f1625eac6148f..71e0f5b051cc5c6952cad3aa9e679070456a6724 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -425,14 +425,17 @@ function openid_authentication($response) { elseif (variable_get('user_register', 1)) { // Register new user $form_state['redirect'] = NULL; - $form_state['values']['name'] = (empty($response['openid.sreg.nickname'])) ? '' : $response['openid.sreg.nickname']; - $form_state['values']['mail'] = (empty($response['openid.sreg.email'])) ? '' : $response['openid.sreg.email']; + // Only signed SREG keys are included as required by OpenID Simple + // Registration Extension 1.0, section 4. + $signed_keys = explode(',', $response['openid.signed']); + $form_state['values']['name'] = in_array('sreg.nickname', $signed_keys) ? $response['openid.sreg.nickname'] : ''; + $form_state['values']['mail'] = in_array('sreg.email', $signed_keys) ? $response['openid.sreg.email'] : ''; $form_state['values']['pass'] = user_password(); $form_state['values']['status'] = variable_get('user_register', 1) == 1; $form_state['values']['response'] = $response; $form_state['values']['auth_openid'] = $identity; - if (empty($response['openid.sreg.email']) && empty($response['openid.sreg.nickname'])) { + if (empty($form_state['values']['name']) && empty($form_state['values']['mail'])) { drupal_set_message(t('Please complete the registration by filling out the form below. If you already have an account, you can log in now and add your OpenID under "My account".', array('@login' => url('user/login'))), 'warning'); $success = FALSE; } diff --git a/modules/system/system.module b/modules/system/system.module index 70831442cb051bd765b4f6ada67ddf3b9898c69c..db9af51e198c3df543aa68201fef3d42d76daf07 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '6.23-dev'); +define('VERSION', '6.23'); /** * Core API compatibility.