diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-05 21:18:29 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-05 21:18:29 +0000 |
| commit | aa6f1c83152d8829a4d2adaf7389c62a6512a6e6 (patch) | |
| tree | b238c6dc0224dffbf4f972b38b8728e1c154e759 | |
| parent | afe3f4318ddee5e6273f6b84f8969006ffa58dc4 (diff) | |
| download | brdo-aa6f1c83152d8829a4d2adaf7389c62a6512a6e6.tar.gz brdo-aa6f1c83152d8829a4d2adaf7389c62a6512a6e6.tar.bz2 | |
Drupal 6.0 beta 4
| -rw-r--r-- | CHANGELOG.txt | 11 | ||||
| -rw-r--r-- | includes/common.inc | 2 | ||||
| -rw-r--r-- | modules/system/system.module | 2 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 15 |
4 files changed, 21 insertions, 9 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 6463e4844..34122b6aa 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,6 @@ // $Id$ -Drupal 6.0, xxxx-xx-xx (development version) +Drupal 6.0-beta4, 2007-12-05 ---------------------- - New, faster and better menu system. - New watchdog as a hook functionality. @@ -97,6 +97,11 @@ Drupal 6.0, xxxx-xx-xx (development version) - Removed old system updates. Updates from Drupal versions prior to 4.7.x will require upgrading to 4.7.x or 5.x before upgrading to 6.x. +Drupal 5.4, 2007-12-05 +---------------------- +- fixed a variety of small bugs. +- fixed a security issue (SQL injection), see SA-2007-031 + Drupal 5.3, 2007-10-17 ---------------------- - fixed a variety of small bugs. @@ -195,6 +200,10 @@ Drupal 5.0, 2007-01-15 * Added nested lists generation. * Added a self-clearing block class. +Drupal 4.7.9, 2007-12-05 +------------------------ +- fixed a security issue (SQL injection), see SA-2007-031 + Drupal 4.7.8, 2007-10-17 ---------------------- - fixed a security issue (HTTP response splitting), see SA-2007-024 diff --git a/includes/common.inc b/includes/common.inc index a6128675d..8f0b4f5d9 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -562,7 +562,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL)) { + if ($errno & (E_ALL ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning'); // For database errors, we want the line number/file name of the place that diff --git a/modules/system/system.module b/modules/system/system.module index ca8e54703..be06e9020 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -6,7 +6,7 @@ * Configuration system that lets administrators modify the workings of the site. */ -define('VERSION', '6.0-dev'); +define('VERSION', '6.0-beta4'); define('DRUPAL_CORE_COMPATIBILITY', '6.x'); define('DRUPAL_MINIMUM_PHP', '4.3.3'); diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index dd203c2e3..a247954b1 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -1074,16 +1074,19 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p } if ($operator == 'or') { - $str_tids = implode(',', call_user_func_array('array_merge', $descendant_tids)); - $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1 ORDER BY '. $order; - $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1'; + $args = call_user_func_array('array_merge', $descendant_tids); + $placeholders = db_placeholders($args, 'int'); + $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1 ORDER BY '. $order; + $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1'; } else { $joins = ''; $wheres = ''; + $args = array(); foreach ($descendant_tids as $index => $tids) { $joins .= ' INNER JOIN {term_node} tn'. $index .' ON n.vid = tn'. $index .'.vid'; - $wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')'; + $wheres .= ' AND tn'. $index .'.tid IN ('. db_placeholders($tids, 'int') .')'; + $args = array_merge($args, $tids); } $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY '. $order; $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres; @@ -1091,10 +1094,10 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p $sql = db_rewrite_sql($sql); $sql_count = db_rewrite_sql($sql_count); if ($pager) { - $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count); + $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count, $args); } else { - $result = db_query_range($sql, 0, variable_get('feed_default_items', 10)); + $result = db_query_range($sql, 0, variable_get('feed_default_items', 10), $args); } } |