diff options
| author | webchick <webchick@24967.no-reply.drupal.org> | 2011-05-25 13:41:42 -0700 |
|---|---|---|
| committer | webchick <webchick@24967.no-reply.drupal.org> | 2011-05-25 13:41:42 -0700 |
| commit | 49e2d2ca6f6c6489b07b9e863150d20a38148a57 (patch) | |
| tree | ec067d7e17c957438ee98111f40dde02155d0e94 | |
| parent | 2ce86d77f7b06d21da0a7e67a6ded3a0eba94e46 (diff) | |
| parent | 316bd96ebff36284f5f3e33268760ff9c672b6f8 (diff) | |
| download | brdo-49e2d2ca6f6c6489b07b9e863150d20a38148a57.tar.gz brdo-49e2d2ca6f6c6489b07b9e863150d20a38148a57.tar.bz2 | |
Drupal 7.2
| -rw-r--r-- | CHANGELOG.txt | 28 | ||||
| -rw-r--r-- | includes/bootstrap.inc | 2 | ||||
| -rw-r--r-- | modules/color/color.install | 15 | ||||
| -rw-r--r-- | modules/color/color.module | 13 | ||||
| -rw-r--r-- | modules/file/file.module | 2 |
5 files changed, 57 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 5059cc194..131e17241 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,21 @@ -Drupal 7.1-dev, xxxx-xx-xx (development version) +Drupal 7.2, 2011-05-25 ---------------------- +- Added a default .gitignore file. +- Improved PostgreSQL and SQLite support. +- Numerous critical performance improvements. +- Numerous critical fixes to the upgrade path. +- Numerous fixes to language and translation systems. +- Numerous fixes to AJAX and #states systems. +- Improvements to the locking system. +- Numerous documentation fixes. +- Numerous styling and theme system fixes. +- Numerous fixes for schema mis-matches between Drupal 6 and 7. +- Minor internal API clean-ups. + +Drupal 7.1, 2011-05-25 +---------------------- +- Fixed security issues (Cross site scripting, File access bypass), see SA-CORE-2011-001. Drupal 7.0, 2011-01-05 ---------------------- @@ -221,6 +236,17 @@ Drupal 7.0, 2011-01-05 * Added a locking framework to coordinate long-running operations across requests. +Drupal 6.22, 2011-05-25 +----------------------- +- Made Drupal 6 work better with IIS and Internet Explorer. +- Fixed .po file imports to work better with custom textgroups. +- Improved code documentation at various places. +- Fixed a variety of other bugs. + +Drupal 6.21, 2011-05-25 +---------------------- +- Fixed security issues (Cross site scripting), see SA-CORE-2011-001. + Drupal 6.20, 2010-12-15 ---------------------- - Fixed a variety of small bugs, improved code documentation. diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index bbddde2a7..b70149cd3 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.0-dev'); +define('VERSION', '7.2'); /** * Core API compatibility. diff --git a/modules/color/color.install b/modules/color/color.install index 5705ade3f..b0eb95ef6 100644 --- a/modules/color/color.install +++ b/modules/color/color.install @@ -40,3 +40,18 @@ function color_requirements($phase) { return $requirements; } + +/** + * Warn site administrator if unsafe CSS color codes are found in the database. + */ +function color_update_7001() { + $theme_palettes = db_query("SELECT name FROM {variable} WHERE name LIKE 'color_%_palette'")->fetchCol(); + foreach ($theme_palettes as $name) { + $palette = variable_get($name, array()); + foreach ($palette as $key => $color) { + if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) { + drupal_set_message('Some of the custom CSS color codes specified via the color module are invalid. Please examine the themes which are making use of the color module at the <a href="'. url('admin/appearance/settings') .'">Appearance settings</a> page to verify their CSS color values.', 'warning'); + } + } + } +} diff --git a/modules/color/color.module b/modules/color/color.module index ff6c70e6c..f3fafe7b7 100644 --- a/modules/color/color.module +++ b/modules/color/color.module @@ -42,6 +42,7 @@ function color_form_system_theme_settings_alter(&$form, &$form_state) { '#theme' => 'color_scheme_form', ); $form['color'] += color_scheme_form($form, $form_state, $theme); + $form['#validate'][] = 'color_scheme_form_validate'; $form['#submit'][] = 'color_scheme_form_submit'; } } @@ -271,6 +272,18 @@ function theme_color_scheme_form($variables) { } /** + * Validation handler for color change form. + */ +function color_scheme_form_validate($form, &$form_state) { + // Only accept hexadecimal CSS color strings to avoid XSS upon use. + foreach ($form_state['values']['palette'] as $key => $color) { + if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) { + form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title']))); + } + } +} + +/** * Submit handler for color change form. */ function color_scheme_form_submit($form, &$form_state) { diff --git a/modules/file/file.module b/modules/file/file.module index 400270178..3e4525119 100644 --- a/modules/file/file.module +++ b/modules/file/file.module @@ -976,7 +976,7 @@ function file_get_file_references($file, $field = NULL, $age = FIELD_LOAD_REVISI } } - return isset($field) ? $references[$field['field_name']] : $references; + return isset($field) ? $references[$field['field_name']] : array_filter($references); } /** |