diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-08-17 21:31:13 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-08-17 21:31:13 +0000 |
| commit | 2d3af8fe80715bb8b682f00272e731619d3102a8 (patch) | |
| tree | 6e5bf36733e4b8d70af8afd24310694d4d0aabaf | |
| parent | 946a8d5967f30282b5fc899ee4ea7ae3708d9398 (diff) | |
| download | brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.gz brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.bz2 | |
- Patch #829822 by pwolanin, tstoeckler: check Drupal 7 core for vulnerabilities in SA-CONTRIB-2010-066.
| -rw-r--r-- | includes/file.inc | 10 | ||||
| -rw-r--r-- | modules/simpletest/tests/common.test | 9 | ||||
| -rw-r--r-- | modules/simpletest/tests/common_test.module | 6 | ||||
| -rw-r--r-- | modules/system/system.tokens.inc | 12 |
4 files changed, 20 insertions, 17 deletions
diff --git a/includes/file.inc b/includes/file.inc index 36e7893ed..0d4af7693 100644 --- a/includes/file.inc +++ b/includes/file.inc @@ -331,9 +331,9 @@ function file_stream_wrapper_get_instance_by_scheme($scheme) { * * @return * A string containing a URL that may be used to access the file. - * If the provided string already contains a preceding 'http', nothing is done - * and the same string is returned. If a valid stream wrapper could not be - * found to generate an external URL, then FALSE will be returned. + * If the provided string already contains a preceding 'http', 'https', or + * '/', nothing is done and the same string is returned. If a stream wrapper + * could not be found to generate an external URL, then FALSE is returned. */ function file_create_url($uri) { // Allow the URI to be altered, e.g. to serve a file from a CDN or static @@ -355,8 +355,8 @@ function file_create_url($uri) { } else { // If this is not a properly formatted stream, then it is a shipped file. - // Therefor, return the URI with the base URL prepended. - return $GLOBALS['base_url'] . '/' . $uri; + // Therefore, return the urlencoded URI with the base URL prepended. + return $GLOBALS['base_url'] . '/' . drupal_encode_path($uri); } } elseif ($scheme == 'http' || $scheme == 'https') { diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test index 61e6f8d26..315b77622 100644 --- a/modules/simpletest/tests/common.test +++ b/modules/simpletest/tests/common.test @@ -749,8 +749,9 @@ class CascadingStylesheetsTestCase extends DrupalWebTestCase { */ function testAddCssFileWithQueryString() { $this->drupalGet('common-test/query-string'); - $query_string = substr(variable_get('css_js_query_string', '0'), 0, 1); - $this->assertRaw(drupal_get_path('module', 'node') . '/node.css?arg1=value1&arg2=value2&' . $query_string, t('Query string was appended correctly to css.')); + $query_string = variable_get('css_js_query_string', '0'); + $this->assertRaw(drupal_get_path('module', 'node') . '/node.css?' . $query_string, t('Query string was appended correctly to css.')); + $this->assertRaw(drupal_get_path('module', 'node') . '/node-fake.css?arg1=value1&arg2=value2', t('Query string not escaped on a URI.')); } } @@ -1354,8 +1355,8 @@ class JavaScriptTestCase extends DrupalWebTestCase { */ function testAddJsFileWithQueryString() { $this->drupalGet('common-test/query-string'); - $query_string = substr(variable_get('css_js_query_string', '0'), 0, 1); - $this->assertRaw(drupal_get_path('module', 'node') . '/node.js?arg1=value1&arg2=value2&' . $query_string, t('Query string was appended correctly to js.')); + $query_string = variable_get('css_js_query_string', '0'); + $this->assertRaw(drupal_get_path('module', 'node') . '/node.js?' . $query_string, t('Query string was appended correctly to js.')); } } diff --git a/modules/simpletest/tests/common_test.module b/modules/simpletest/tests/common_test.module index 7320bdaa7..449da4a97 100644 --- a/modules/simpletest/tests/common_test.module +++ b/modules/simpletest/tests/common_test.module @@ -220,7 +220,9 @@ function common_test_library() { * Adds a JavaScript file and a CSS file with a query string appended. */ function common_test_js_and_css_querystring() { - drupal_add_js(drupal_get_path('module', 'node') . '/node.js?arg1=value1&arg2=value2'); - drupal_add_css(drupal_get_path('module', 'node') . '/node.css?arg1=value1&arg2=value2'); + drupal_add_js(drupal_get_path('module', 'node') . '/node.js'); + drupal_add_css(drupal_get_path('module', 'node') . '/node.css'); + // A relative URI may have a query string. + drupal_add_css('/' . drupal_get_path('module', 'node') . '/node-fake.css?arg1=value1&arg2=value2'); return ''; } diff --git a/modules/system/system.tokens.inc b/modules/system/system.tokens.inc index e13a4a2ab..f57daf2da 100644 --- a/modules/system/system.tokens.inc +++ b/modules/system/system.tokens.inc @@ -202,7 +202,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a break; case 'raw': - $replacements[$original] = filter_xss($date); + $replacements[$original] = $sanitize ? check_plain($date) : $date; break; } } @@ -230,15 +230,15 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a break; case 'description': - $replacements[$original] = $sanitize ? filter_xss($file->description) : $file->description; + $replacements[$original] = $sanitize ? check_plain($file->description) : $file->description; break; case 'path': - $replacements[$original] = $sanitize ? filter_xss($file->uri) : $file->uri; + $replacements[$original] = $sanitize ? check_plain($file->uri) : $file->uri; break; case 'mime': - $replacements[$original] = $sanitize ? filter_xss($file->filemime) : $file->filemime; + $replacements[$original] = $sanitize ? check_plain($file->filemime) : $file->filemime; break; case 'size': @@ -246,7 +246,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a break; case 'url': - $replacements[$original] = url(file_create_url($file->uri), $url_options); + $replacements[$original] = $sanitize ? check_plain(file_create_url($file->uri)) : file_create_url($file->uri); break; // These tokens are default variations on the chained tokens handled below. @@ -256,7 +256,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a case 'owner': $account = user_load($file->uid); - $replacements[$original] = $sanitize ? filter_xss($account->name) : $account->name; + $replacements[$original] = $sanitize ? check_plain($account->name) : $account->name; break; } } |