diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 8f30b8091458348e52bf3b7a022a510880fb6244..be83a06348717b7b5ed8859bb437deaec98ad1f5 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,13 @@ // $Id$ -Drupal 6.14-dev, xxxx-xx-xx (development release) +Drupal 6.14, 2009-09-16 ---------------------- +- Fixed security issues (OpenID association cross site request forgeries, + OpenID impersonation and File upload), see SA-CORE-2009-008. +- Changed the system modules page to not run all cache rebuilds; use the + button on the performance settings page to achieve the same effect. +- Added support for PHP 5.3.0 out of the box. +- Fixed a variety of small bugs. Drupal 6.13, 2009-07-01 ---------------------- @@ -195,6 +201,12 @@ Drupal 6.0, 2008-02-13 - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.20, 2009-09-16 +----------------------- +- Avoid security problems resulting from writing Drupal 6-style menu declarations. +- Fixed security issues (session fixation), see SA-CORE-2009-008. +- Fixed a variety of small bugs. + Drupal 5.19, 2009-07-01 ----------------------- - Fixed security issues (Cross site scripting and Password leakage in URL), see SA-CORE-2009-007. diff --git a/includes/common.inc b/includes/common.inc index fa3878e347c125c0486a5c1217d46acc9288c31d..ff814c8a85ce9fbcbafc1c094c40706d5361c296 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -617,7 +617,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL ^ E_DEPRECATED)) { + if ($errno & (E_ALL ^ E_NOTICE ^ E_DEPRECATED)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/includes/file.inc b/includes/file.inc index 58e0063ad2aec4ddfa4cd55ef51e2adf1e700a1a..4a824decb6812d039d783e73b91d6a743c17519e 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -529,13 +529,6 @@ function file_save_upload($source, $validators = array(), $dest = FALSE, $replac $file->filepath = $_FILES['files']['tmp_name'][$source]; $file->filemime = file_get_mimetype($file->filename); - // Rename potentially executable files, to help prevent exploits. - if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { - $file->filemime = 'text/plain'; - $file->filepath .= '.txt'; - $file->filename .= '.txt'; - } - // If the destination is not provided, or is not writable, then use the // temporary directory. if (empty($dest) || file_check_path($dest) === FALSE) { @@ -555,6 +548,18 @@ function file_save_upload($source, $validators = array(), $dest = FALSE, $replac $errors = array_merge($errors, call_user_func_array($function, $args)); } + // Rename potentially executable files, to help prevent exploits. + if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { + $file->filemime = 'text/plain'; + $file->filepath .= '.txt'; + $file->filename .= '.txt'; + // As the file may be named example.php.txt, we need to munge again to + // convert to example.php_.txt, then create the correct destination. + $file->filename = file_munge_filename($file->filename, $extensions); + $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), $replace); + } + + // Check for validation errors. if (!empty($errors)) { $message = t('The selected file %name could not be uploaded.', array('%name' => $file->filename)); diff --git a/modules/openid/openid.module b/modules/openid/openid.module index 6a619dd2dbbda5595fcdc7e5954a568646e826eb..b79ff999bd610a0d6a995ed89ee7e42c866ba25d 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -192,8 +192,8 @@ function openid_begin($claimed_id, $return_to = '', $form_values = array()) { } if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 .'/server', $services[0]['types'])) { - $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; - } + $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; + } $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']); if ($services[0]['version'] == 2) { diff --git a/modules/openid/openid.pages.inc b/modules/openid/openid.pages.inc index e1dd3629edd7fb6615d305f8ff3745fd5f20a60d..79afad8927fe98468263352559fd20e84209d809 100644 --- a/modules/openid/openid.pages.inc +++ b/modules/openid/openid.pages.inc @@ -73,12 +73,14 @@ function openid_user_add_validate($form, &$form_state) { if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname='%s'", $claimed_id))) { form_set_error('openid_identifier', t('That OpenID is already in use on this site.')); } - else { - $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE)); - openid_begin($form_state['values']['openid_identifier'], $return_to); - } } +function openid_user_add_submit($form, &$form_state) { + $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE)); + openid_begin($form_state['values']['openid_identifier'], $return_to); +} + + /** * Present a confirmation form to delete the specified OpenID identity from the system. * diff --git a/modules/system/system.module b/modules/system/system.module index 9947dce1d2aa52e58288298c7a00dc242579b6a6..75d94ca67690fb387604b58fa9c9fae2becab64f 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -9,7 +9,7 @@ /** * The current system version. */ -define('VERSION', '6.14-dev'); +define('VERSION', '6.14'); /** * Core API compatibility.