diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-10-17 21:47:14 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-10-17 21:47:14 +0000 |
| commit | a3f3cb346bebb09dd89f31705c43c0c7d5c690d1 (patch) | |
| tree | afdf7c9e25ac03eae91fa15fc0328bd57474cbab | |
| parent | 988d4f505a8896df226660f37286c7f0bbe01e01 (diff) | |
| download | brdo-a3f3cb346bebb09dd89f31705c43c0c7d5c690d1.tar.gz brdo-a3f3cb346bebb09dd89f31705c43c0c7d5c690d1.tar.bz2 | |
Drupal 6.0-beta 2 release with all Drupal 5.3 security fixes applied
| -rw-r--r-- | CHANGELOG.txt | 37 | ||||
| -rw-r--r-- | includes/common.inc | 11 | ||||
| -rw-r--r-- | install.php | 8 | ||||
| -rw-r--r-- | modules/system/system.module | 2 | ||||
| -rw-r--r-- | modules/upload/upload.admin.inc | 2 | ||||
| -rw-r--r-- | modules/upload/upload.module | 4 |
6 files changed, 53 insertions, 11 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 8bfc125fd..2b9f96946 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,6 @@ // $Id$ -Drupal 6.0, xxxx-xx-xx (development version) +Drupal 6.0-beta2, 2007-10-17 ---------------------- - New, faster and better menu system. - New watchdog as a hook functionality. @@ -92,6 +92,27 @@ Drupal 6.0, xxxx-xx-xx (development version) - Removed drupal.module. The functionality lives on as the Site network contributed module (http://drupal.org/project/site_network). +Drupal 5.3, 2007-10-17 +---------------------- +- fixed a variety of small bugs. +- fixed a security issue (HTTP response splitting), see SA-2007-024 +- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025 +- fixed a security issue (Cross site scripting via uploads), see SA-2007-026 +- fixed a security issue (User deletion cross site request forgery), see SA-2007-029 +- fixed a security issue (API handling of unpublished comment), see SA-2007-030 + +Drupal 5.2, 2007-07-26 +---------------------- +- changed hook_link() $teaser argument to match documentation. +- fixed a variety of small bugs. +- fixed a security issue (cross-site request forgery), see SA-2007-017 +- fixed a security issue (cross-site scripting), see SA-2007-018 + +Drupal 5.1, 2007-01-29 +---------------------- +- fixed security issue (code execution), see SA-2007-005 +- fixed a variety of small bugs. + Drupal 5.0, 2007-01-15 ---------------------- - Completely retooled the administration page @@ -169,6 +190,20 @@ Drupal 5.0, 2007-01-15 * Added nested lists generation. * Added a self-clearing block class. +Drupal 4.7.8, 2007-10-17 +---------------------- +- fixed a security issue (HTTP response splitting), see SA-2007-024 +- fixed a security issue (Cross site scripting via uploads), see SA-2007-026 +- fixed a security issue (API handling of unpublished comment), see SA-2007-030 + +Drupal 4.7.7, 2007-07-26 +------------------------ +- fixed security issue (XSS), see SA-2007-018 + +Drupal 4.7.6, 2007-01-29 +------------------------ +- fixed security issue (code execution), see SA-2007-005 + Drupal 4.7.5, 2007-01-05 ------------------------ - Fixed security issue (XSS), see SA-2007-001 diff --git a/includes/common.inc b/includes/common.inc index 7055fbbd4..6b07f20e3 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -268,11 +268,8 @@ function drupal_get_destination() { * 'user login'-block in a sidebar. The function drupal_get_destination() * can be used to help set the destination URL. * - * It is advised to use drupal_goto() instead of PHP's header(), because - * drupal_goto() will append the user's session ID to the URI when PHP is - * compiled with "--enable-trans-sid". In addition, Drupal will ensure that - * messages set by drupal_set_message() and other session data are written to - * the database before the user is redirected. + * Drupal will ensure that messages set by drupal_set_message() and other + * session data are written to the database before the user is redirected. * * This function ends the request; use it rather than a print theme('page') * statement in your menu callback. @@ -305,6 +302,8 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response } $url = url($path, array('query' => $query, 'fragment' => $fragment, 'absolute' => TRUE)); + // Remove newlines from the URL to avoid header injection attacks. + $url = str_replace(array("\n", "\r"), '', $url); // Allow modules to react to the end of the page request before redirecting. module_invoke_all('exit', $url); @@ -558,7 +557,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL)) { + if ($errno & (E_ALL ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning'); // For database errors, we want the line number/file name of the place that diff --git a/install.php b/install.php index 38d2e80f0..27b426d59 100644 --- a/install.php +++ b/install.php @@ -208,6 +208,14 @@ function install_change_settings($profile = 'default', $install_locale = '') { exit; } + if ($db_url == 'mysql://username:password@localhost/databasename') { + $db_user = $db_pass = $db_path = ''; + } + elseif (!empty($db_url)) { + // Do not install over a configured settings.php. + install_already_done_error(); + } + $output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path); drupal_set_title(st('Database configuration')); print theme('install_page', $output); diff --git a/modules/system/system.module b/modules/system/system.module index eb99f4e7e..35cba0ea8 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -6,7 +6,7 @@ * Configuration system that lets administrators modify the workings of the site. */ -define('VERSION', '6.0-dev'); +define('VERSION', '6.0-beta2'); define('DRUPAL_CORE_COMPATIBILITY', '6.x'); define('DRUPAL_MINIMUM_PHP', '4.3.3'); diff --git a/modules/upload/upload.admin.inc b/modules/upload/upload.admin.inc index 0e922b15a..20472d4a6 100644 --- a/modules/upload/upload.admin.inc +++ b/modules/upload/upload.admin.inc @@ -55,7 +55,7 @@ function upload_admin_settings_validate($form, &$form_state) { * Menu callback for the upload settings form. */ function upload_admin_settings() { - $upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'); + $upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'); $upload_uploadsize_default = variable_get('upload_uploadsize_default', 1); $upload_usersize_default = variable_get('upload_usersize_default', 1); diff --git a/modules/upload/upload.module b/modules/upload/upload.module index 2fe77aca6..d4e02a751 100644 --- a/modules/upload/upload.module +++ b/modules/upload/upload.module @@ -120,9 +120,9 @@ function upload_menu_alter(&$items) { function _upload_file_limits($user) { $file_limit = variable_get('upload_uploadsize_default', 1); $user_limit = variable_get('upload_usersize_default', 1); - $all_extensions = explode(' ', variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp')); + $all_extensions = explode(' ', variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')); foreach ($user->roles as $rid => $name) { - $extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp')); + $extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp')); $all_extensions = array_merge($all_extensions, explode(' ', $extensions)); // A zero value indicates no limit, take the least restrictive limit. |