- Bugfix: made request_uri() rewrite ( and ) with their entity equivalents

to avoid XSS attacks!  Patch by Al, Moshe, Marco, Kjartan and me.

- Bugfix: the admin module does now import drupal.css prior to admin.css.
Patch by me.

- Bugfix: the admin module was still emitting a <base href=""> tag.  I
removed this as it is been taken care of by theme_head();  Patch by me.

- Bugfix: made the tracker module's pager only consider published pages.
Patch by Moshe.

- Bugfix: cured some typos in the comment module's help function.  Patch by
Marco.

- Bugfix: fixed a typo in the pager_display() that caused optional
attributes to be discarded.

- Bugfix: made the Xtemplate emit empty boxes like any other theme does.
Patch by Al.

- Bugfix: fixed broken link on the statistics module's log page.
Reported by Kjartan.

- CSS improvements: made the HTML output emitted by the tracker module
look nicer.  Patch by Moshe and Al.

- CSS improvements: added CSS classes for form elements.  Patch by Al.

- CSS improvements: added a vertical gap between the last form item and the
submit button.  Patch by Al.  Note that Opera 6 is not picking up this
CSS but apparently others browsers such as Konqueror do.

- Xtemplate improvements: changed the color of the selected day in the
archive module's calendar.  Patch by Al.

- Usability improvements: made the "birthday" field of the profile module
look nicer.  Patch by Al.

------

- TODO: it might be a good idea to emit the following meta tag in the
theme_head() function:

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

Currently, some themes (and modules!) emit this while others don't.  This
would also make it possible to change the charset site-wide.

- TODO: now we added support for td.dark and td.light to drupal.css, maybe
it can be removed from admin.css as well as xtemplate.css?

1 files changed, 25 insertions, 9 deletions

diff --git a/includes/common.inc b/includes/common.inc
index 0aa8b9001..532720898 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -104,11 +104,27 @@ function request_uri() {
   */
 
   if (isset($_SERVER["REQUEST_URI"])) {
-    return $_SERVER["REQUEST_URI"];
+    $uri = $_SERVER["REQUEST_URI"];
   }
   else {
-    return $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
+    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
   }
+
+  /*
+  ** We pipe the request URI through htmlspecialchars() to prevent
+  ** XSS attacks.
+  */
+
+  $uri = htmlspecialchars($uri, ENT_QUOTES);
+
+  /*
+  ** We replace ( and ) with their entity equivalents to prevent XSS
+  ** attacks.
+  */
+
+  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
+
+  return $uri;
 }
 
 function message_access() {
@@ -776,7 +792,7 @@ function format_name($object) {
 function form($form, $method = "post", $action = 0, $options = 0) {
 
   if (!$action) {
-    $action = htmlentities(request_uri());
+    $action = request_uri();
   }
   return "<form action=\"$action\" method=\"$method\"". ($options ? " $options" : "") .">\n$form</form>\n";
 }
@@ -786,19 +802,19 @@ function form_item($title, $value, $description = 0) {
 }
 
 function form_radio($title, $name, $value = 1, $checked = 0, $description = 0) {
-  return form_item(0, "<input type=\"radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") ." /> $title", $description);
+  return form_item(0, "<input type=\"radio\" class=\"form-radio\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") ." /> $title", $description);
 }
 
 function form_checkbox($title, $name, $value = 1, $checked = 0, $description = 0) {
-  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") ." /> $title", $description);
+  return form_hidden($name, 0) . form_item(0, "<input type=\"checkbox\" class=\"form-checkbox\" name=\"edit[$name]\" value=\"". $value ."\"". ($checked ? " checked=\"checked\"" : "") ." /> $title", $description);
 }
 
 function form_textfield($title, $name, $value, $size, $maxlength, $description = 0) {
-  return form_item($title, "<input maxlength=\"$maxlength\" name=\"edit[$name]\" size=\"$size\" value=\"". check_form($value) ."\" />", $description);
+  return form_item($title, "<input maxlength=\"$maxlength\" class=\"form-text\" name=\"edit[$name]\" size=\"$size\" value=\"". check_form($value) ."\" />", $description);
 }
 
 function form_password($title, $name, $value, $size, $maxlength, $description = 0) {
-  return form_item($title, "<input type=\"password\" maxlength=\"$maxlength\" name=\"edit[$name]\" size=\"$size\" value=\"". check_form($value) ."\" />", $description);
+  return form_item($title, "<input type=\"password\" class=\"form-password\" maxlength=\"$maxlength\" name=\"edit[$name]\" size=\"$size\" value=\"". check_form($value) ."\" />", $description);
 }
 
 function form_textarea($title, $name, $value, $cols, $rows, $description = 0) {
@@ -816,7 +832,7 @@ function form_select($title, $name, $value, $options, $description = 0, $extra =
 }
 
 function form_file($title, $name, $size, $description = 0) {
-  return form_item($title, "<input type=\"file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
+  return form_item($title, "<input type=\"file\" class=\"form-file\" name=\"edit[$name]\" size=\"$size\" />\n", $description);
 }
 
 function form_hidden($name, $value) {
@@ -824,7 +840,7 @@ function form_hidden($name, $value) {
 }
 
 function form_submit($value) {
-  return "<input type=\"submit\" name=\"op\" value=\"". check_form($value) ."\" />\n";
+  return "<input type=\"submit\" class=\"form-submit\" name=\"op\" value=\"". check_form($value) ."\" />\n";
 }
 
 function form_weight($title = NULL, $name = "weight", $value = 0, $delta = 10, $description = 0, $extra = 0) {