diff --git a/CHANGELOG.txt b/CHANGELOG.txt index bddf6cde65d6ab57109631f0e9ef75c4d75589bf..81104c8f4d08cf9f1d2a42ffe4623727edb3fac3 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,8 +1,9 @@ // $Id$ -Drupal 5.21, xxxx-xx-xx +Drupal 5.21, 2009-12-16 ----------------------- - +- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. +- Fixed a variety of small bugs. Drupal 5.20, 2009-09-16 ----------------------- diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 3a602847e2a059336a35b0ff6617d9860d606a12..004e39cf7ee0a7a9a39ee1db12d0d494779185c6 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -145,7 +145,7 @@ function contact_admin_categories() { $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category'); $rows = array(); while ($category = db_fetch_object($result)) { - $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); + $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); } $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2)); @@ -549,4 +549,3 @@ function contact_mail_page_submit($form_id, $form_values) { // Jump to home page rather than back to contact page to avoid contradictory messages if flood control has been activated. return ''; } - diff --git a/modules/system/system.module b/modules/system/system.module index 3601cc946f90657e0afc6f9157b7385e76f49734..0c14ef7316f2ca7e05f78a381ca0bb5aefa9bb81 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -6,7 +6,7 @@ * Configuration system that lets administrators modify the workings of the site. */ -define('VERSION', '5.21-dev'); +define('VERSION', '5.21'); /** * Implementation of hook_help().