diff options
author | David Rothstein <drothstein@gmail.com> | 2014-10-15 11:38:18 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2014-10-15 11:38:18 -0400 |
commit | b4844afdcadbaa7e4f3ad9a237f17126b94dc483 (patch) | |
tree | d402b658862e2d9ac82724702a39f97b5779f8fe | |
parent | f2c8d9550ec95b207dde99f45050b81337ae0065 (diff) | |
parent | 131a6f5129b18f3913ba5882111797f8588c5aaf (diff) | |
download | brdo-b4844afdcadbaa7e4f3ad9a237f17126b94dc483.tar.gz brdo-b4844afdcadbaa7e4f3ad9a237f17126b94dc483.tar.bz2 |
Merge tag '7.32' into 7.x
7.32 release
Conflicts:
CHANGELOG.txt
includes/bootstrap.inc
-rw-r--r-- | CHANGELOG.txt | 6 | ||||
-rw-r--r-- | includes/bootstrap.inc | 2 | ||||
-rw-r--r-- | includes/database/database.inc | 2 | ||||
-rw-r--r-- | modules/simpletest/tests/database_test.test | 28 |
4 files changed, 35 insertions, 3 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 3c5367d1d..13b3c943f 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,5 +1,5 @@ -Drupal 7.32, xxxx-xx-xx (development version) +Drupal 7.33, xxxx-xx-xx (development version) ----------------------- - Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used (UI change). @@ -10,6 +10,10 @@ Drupal 7.32, xxxx-xx-xx (development version) - Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits. +Drupal 7.32, 2014-10-15 +---------------------- +- Fixed security issues (SQL injection). See SA-CORE-2014-005. + Drupal 7.31, 2014-08-06 ---------------------- - Fixed security issues (denial of service). See SA-CORE-2014-004. diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index e15f57be1..75a1a5dee 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.32-dev'); +define('VERSION', '7.33-dev'); /** * Core API compatibility. diff --git a/includes/database/database.inc b/includes/database/database.inc index f78098bc0..01b638584 100644 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -736,7 +736,7 @@ abstract class DatabaseConnection extends PDO { // to expand it out into a comma-delimited set of placeholders. foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); - foreach ($data as $i => $value) { + foreach (array_values($data) as $i => $value) { // This assumes that there are no other placeholders that use the same // name. For example, if the array placeholder is defined as :example // and there is already an :example_2 placeholder, this will generate diff --git a/modules/simpletest/tests/database_test.test b/modules/simpletest/tests/database_test.test index dba04b27b..209bf6813 100644 --- a/modules/simpletest/tests/database_test.test +++ b/modules/simpletest/tests/database_test.test @@ -3384,6 +3384,34 @@ class DatabaseQueryTestCase extends DatabaseTestCase { $this->assertEqual(count($names), 3, 'Correct number of names returned'); } + + /** + * Test SQL injection via database query array arguments. + */ + public function testArrayArgumentsSQLInjection() { + // Attempt SQL injection and verify that it does not work. + $condition = array( + "1 ;INSERT INTO {test} SET name = 'test12345678'; -- " => '', + '1' => '', + ); + try { + db_query("SELECT * FROM {test} WHERE name = :name", array(':name' => $condition))->fetchObject(); + $this->fail('SQL injection attempt via array arguments should result in a PDOException.'); + } + catch (PDOException $e) { + $this->pass('SQL injection attempt via array arguments should result in a PDOException.'); + } + + // Test that the insert query that was used in the SQL injection attempt did + // not result in a row being inserted in the database. + $result = db_select('test') + ->condition('name', 'test12345678') + ->countQuery() + ->execute() + ->fetchField(); + $this->assertFalse($result, 'SQL injection attempt did not result in a row being inserted in the database table.'); + } + } /** |