diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 203b23a6e6e712fe01c9ff980a82784530b5e7ad..18ee76d67a2ad4f83753712c97f8950ff12c5d08 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,9 @@ // $Id$ -Drupal 6.6-dev, xxxx-xx-xx (development release) +Drupal 6.6, 2008-10-22 ---------------------- +- Fixed security issues, (File inclusion, Cross site scripting), see SA-2008-067 +- Fixed a variety of small bugs. Drupal 6.5, 2008-10-08 ---------------------- @@ -140,6 +142,10 @@ Drupal 6.0, 2008-02-13 - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.12, 2008-10-22 +----------------------- +- fixed security issues, (File inclusion), see SA-2008-067 + Drupal 5.11, 2008-10-08 ----------------------- - fixed a variety of small bugs. diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 4e0a497b3650d0204f414addc7f7cd55f0538df9..7601ef0679f407673081e82250012eade0aee6d8 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -238,6 +238,11 @@ function conf_path($require_settings = TRUE, $reset = FALSE) { $confdir = 'sites'; $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); + if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) { + // A HTTP_HOST containing slashes may be an attack and is invalid. + header('HTTP/1.1 400 Bad Request'); + exit; + } $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); for ($i = count($uri) - 1; $i > 0; $i--) { for ($j = count($server); $j > 0; $j--) { diff --git a/includes/common.inc b/includes/common.inc index 445261fdc1724d98480d02b55f356f8726326648..9488bb92531965836ad6eef35abf497ef1d64d4e 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -587,7 +587,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL)) { + if ($errno & (E_ALL ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/modules/book/book.admin.inc b/modules/book/book.admin.inc index c608664c4481dea1f58962d27efe7c1ce9cba7cb..0a451d706643ce62b870fbf2ca98d2ac8989d7ee 100644 --- a/modules/book/book.admin.inc +++ b/modules/book/book.admin.inc @@ -170,8 +170,8 @@ function _book_admin_table($node, &$form) { * @see book_admin_edit() */ function _book_admin_table_tree($tree, &$form) { - foreach ($tree as $key => $data) { - $form[$key] = array( + foreach ($tree as $data) { + $form['book-admin-'. $data['link']['nid']] = array( '#item' => $data['link'], 'nid' => array('#type' => 'value', '#value' => $data['link']['nid']), 'depth' => array('#type' => 'value', '#value' => $data['link']['depth']), diff --git a/modules/system/system.module b/modules/system/system.module index 656ec511029af4c301f35df4a46f095970adb40a..934a5654519007078489851e6213838a466d53bf 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -9,7 +9,7 @@ /** * The current system version. */ -define('VERSION', '6.6-dev'); +define('VERSION', '6.6'); /** * Core API compatibility.