diff --git a/CHANGELOG.txt b/CHANGELOG.txt index a2f05dd5d322056d68e839410171c8d9321e6909..fa1fd027d2bb40ad497639f5a051cf15a1dd7b07 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,7 @@ -Drupal 6.28-dev, xxxx-xx-xx (development release) +Drupal 6.28, 2013-01-16 ---------------------- +- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-001. Drupal 6.27, 2012-12-19 ---------------------- diff --git a/includes/common.inc b/includes/common.inc index b7d671ca969cad918014b09610984f1d8bd581ca..5daec4737464a9d322c97167a16bbc83e50f7291 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -665,7 +665,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL ^ E_DEPRECATED)) { + if ($errno & (E_ALL ^ E_DEPRECATED ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/misc/drupal.js b/misc/drupal.js index f29e39810d4470aa25c0b2ee9e4881155a789912..a85b8f85794fb2cab99959add2026f536f4878b0 100644 --- a/misc/drupal.js +++ b/misc/drupal.js @@ -1,4 +1,27 @@ +/** + * Override jQuery.fn.init to guard against XSS attacks. + * + * See http://bugs.jquery.com/ticket/9521 + */ +(function () { + var jquery_init = jQuery.fn.init; + jQuery.fn.init = function (selector, context, rootjQuery) { + // If the string contains a "#" before a "<", treat it as invalid HTML. + if (selector && typeof selector === 'string') { + var hash_position = selector.indexOf('#'); + if (hash_position >= 0) { + var bracket_position = selector.indexOf('<'); + if (bracket_position > hash_position) { + throw 'Syntax error, unrecognized expression: ' + selector; + } + } + } + return jquery_init.call(this, selector, context, rootjQuery); + }; + jQuery.fn.init.prototype = jquery_init.prototype; +})(); + var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'themes': {}, 'locale': {} }; /** diff --git a/misc/tableheader.js b/misc/tableheader.js index 9d05e2307fe928ad24e9ebe199daff78ffe97225..9deb18d84a65296712963b52ae4455061984c38b 100644 --- a/misc/tableheader.js +++ b/misc/tableheader.js @@ -69,7 +69,7 @@ Drupal.behaviors.tableHeader = function (context) { // Get the height of the header table and scroll up that amount. if (prevAnchor != location.hash) { if (location.hash != '') { - var offset = $('td' + location.hash).offset(); + var offset = $(document).find('td' + location.hash).offset(); if (offset) { var top = offset.top; var scrollLocation = top - $(e).height(); diff --git a/modules/book/book.pages.inc b/modules/book/book.pages.inc index 46eb86a212a55aa93210551b56fbf4e206a7bf50..e0e3f659887fd837b06175f2a8e8d26065e39dfc 100644 --- a/modules/book/book.pages.inc +++ b/modules/book/book.pages.inc @@ -39,6 +39,14 @@ function book_render() { * in a format determined by the $type parameter. */ function book_export($type, $nid) { + // Check that the node exists and that the current user has access to it. + $node = node_load($nid); + if (!$node) { + return MENU_NOT_FOUND; + } + if (!node_access('view', $node)) { + return MENU_ACCESS_DENIED; + } $type = drupal_strtolower($type); diff --git a/modules/system/system.module b/modules/system/system.module index 57cc91a1c576b70367c2c1d265c18b6092de803d..320f51fa1570deece1feb518c8855192ed5b1daf 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '6.28-dev'); +define('VERSION', '6.28'); /** * Core API compatibility.