diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 489532032b6ca3feeb87b68f12ea8afc0531e01b..27c30268a56bbf601cdd038edb980b02c5907a6a 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,10 @@ // $Id$ -Drupal 6.7-dev, xxxx-xx-xx (development release) +Drupal 6.7, 2008-12-10 ---------------------- +- Fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 +- Updated robots.txt and .htaccess to match current file use. +- Fixed a variety of small bugs. Drupal 6.6, 2008-10-22 ---------------------- @@ -147,6 +150,12 @@ Drupal 6.0, 2008-02-13 - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.13, 2008-12-10 +----------------------- +- fixed a variety of small bugs. +- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 +- updated robots.txt and .htaccess to match current file use. + Drupal 5.12, 2008-10-22 ----------------------- - fixed security issues, (File inclusion), see SA-2008-067 diff --git a/includes/common.inc b/includes/common.inc index a6cb14a54b93b80f46e995338782b9eba9fab6f2..9ae6c9600f0dc561b4ef2dd3ff9553761809d082 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -586,7 +586,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL)) { + if ($errno & (E_ALL ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/modules/filter/filter.module b/modules/filter/filter.module index 5bb2ca470448ca4f357a0f4efed8cc5f58fc0989..4c4cd6ad1b21a81cde64d0ee2105bf61a3b08d1a 100644 --- a/modules/filter/filter.module +++ b/modules/filter/filter.module @@ -375,13 +375,20 @@ function filter_list_format($format) { static $filters = array(); if (!isset($filters[$format])) { - $filters[$format] = array(); $result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight, module, delta", $format); - while ($filter = db_fetch_object($result)) { - $list = module_invoke($filter->module, 'filter', 'list'); - if (isset($list) && is_array($list) && isset($list[$filter->delta])) { - $filter->name = $list[$filter->delta]; - $filters[$format][$filter->module .'/'. $filter->delta] = $filter; + if (db_affected_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) { + // The format has no filters and does not exist, use the default input + // format. + $filters[$format] = filter_list_format(variable_get('filter_default_format', 1)); + } + else { + $filters[$format] = array(); + while ($filter = db_fetch_object($result)) { + $list = module_invoke($filter->module, 'filter', 'list'); + if (isset($list) && is_array($list) && isset($list[$filter->delta])) { + $filter->name = $list[$filter->delta]; + $filters[$format][$filter->module .'/'. $filter->delta] = $filter; + } } } } diff --git a/modules/system/system.module b/modules/system/system.module index 479c288b2aa0b8ebf9085b4ae0b05be6e63691c0..d3673c3cd1393894a18b6f17beef91009dbd1983 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -9,7 +9,7 @@ /** * The current system version. */ -define('VERSION', '6.7-dev'); +define('VERSION', '6.7'); /** * Core API compatibility. diff --git a/update.php b/update.php index 79eedcca2a96070c4044675f9e183859d39fd7c3..dec8b108c90e3f78e3bb6c984c9925ecad90cef8 100644 --- a/update.php +++ b/update.php @@ -369,6 +369,7 @@ function update_info_page() { update_task_list('info'); drupal_set_title('Drupal database update'); + $token = drupal_get_token('update'); $output = '

Use this utility to update your database whenever a new release of Drupal or a module is installed.

For more detailed information, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.

'; $output .= "
    \n"; $output .= "
  1. Back up your database. This process will change your database values and in case of emergency you may need to revert to a backup.
    2. \n"; @@ -377,7 +378,7 @@ function update_info_page() { $output .= "
  2. Install your new files in the appropriate location, as described in the handbook.
    3. \n"; $output .= "
\n"; $output .= "

When you have performed the steps above, you may proceed.

\n"; - $output .= '
'; + $output .= '
'; $output .= "\n"; return $output; } @@ -627,17 +628,21 @@ function update_check_requirements() { $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : ''; switch ($op) { - // update.php ops - case 'info': - $output = update_info_page(); - break; - case 'selection': - $output = update_selection_page(); - break; + if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) { + $output = update_selection_page(); + break; + } case 'Update': - update_batch(); + if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) { + update_batch(); + break; + } + + // update.php ops + case 'info': + $output = update_info_page(); break; case 'results':