- Patch #829822 by pwolanin, tstoeckler: check Drupal 7 core for vulnerabilities in SA-CONTRIB-2010-066.

author: Dries Buytaert <dries@buytaert.net> 2010-08-17 21:31:13 +0000
committer: Dries Buytaert <dries@buytaert.net> 2010-08-17 21:31:13 +0000
commit: 2d3af8fe80715bb8b682f00272e731619d3102a8 (patch)
tree: 6e5bf36733e4b8d70af8afd24310694d4d0aabaf /modules
parent: 946a8d5967f30282b5fc899ee4ea7ae3708d9398 (diff)
download: brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.gz
brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.bz2
3 files changed, 15 insertions, 12 deletions
diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test
index 61e6f8d26..315b77622 100644
--- a/modules/simpletest/tests/common.test
+++ b/modules/simpletest/tests/common.test
@@ -749,8 +749,9 @@ class CascadingStylesheetsTestCase extends DrupalWebTestCase {
    */
   function testAddCssFileWithQueryString() {
     $this->drupalGet('common-test/query-string');
-    $query_string = substr(variable_get('css_js_query_string', '0'), 0, 1);
-    $this->assertRaw(drupal_get_path('module', 'node') . '/node.css?arg1=value1&amp;arg2=value2&amp;' . $query_string, t('Query string was appended correctly to css.'));
+    $query_string = variable_get('css_js_query_string', '0');
+    $this->assertRaw(drupal_get_path('module', 'node') . '/node.css?' . $query_string, t('Query string was appended correctly to css.'));
+    $this->assertRaw(drupal_get_path('module', 'node') . '/node-fake.css?arg1=value1&amp;arg2=value2', t('Query string not escaped on a URI.'));
   }
 }
 
@@ -1354,8 +1355,8 @@ class JavaScriptTestCase extends DrupalWebTestCase {
    */
   function testAddJsFileWithQueryString() {
     $this->drupalGet('common-test/query-string');
-    $query_string = substr(variable_get('css_js_query_string', '0'), 0, 1);
-    $this->assertRaw(drupal_get_path('module', 'node') . '/node.js?arg1=value1&amp;arg2=value2&amp;' . $query_string, t('Query string was appended correctly to js.'));
+    $query_string = variable_get('css_js_query_string', '0');
+    $this->assertRaw(drupal_get_path('module', 'node') . '/node.js?' . $query_string, t('Query string was appended correctly to js.'));
   }
 }
 
diff --git a/modules/simpletest/tests/common_test.module b/modules/simpletest/tests/common_test.module
index 7320bdaa7..449da4a97 100644
--- a/modules/simpletest/tests/common_test.module
+++ b/modules/simpletest/tests/common_test.module
@@ -220,7 +220,9 @@ function common_test_library() {
  * Adds a JavaScript file and a CSS file with a query string appended.
  */
 function common_test_js_and_css_querystring() {
-   drupal_add_js(drupal_get_path('module', 'node') . '/node.js?arg1=value1&arg2=value2');
-   drupal_add_css(drupal_get_path('module', 'node') . '/node.css?arg1=value1&arg2=value2');
+   drupal_add_js(drupal_get_path('module', 'node') . '/node.js');
+   drupal_add_css(drupal_get_path('module', 'node') . '/node.css');
+   // A relative URI may have a query string.
+   drupal_add_css('/' . drupal_get_path('module', 'node') . '/node-fake.css?arg1=value1&arg2=value2');
    return '';
 }
diff --git a/modules/system/system.tokens.inc b/modules/system/system.tokens.inc
index e13a4a2ab..f57daf2da 100644
--- a/modules/system/system.tokens.inc
+++ b/modules/system/system.tokens.inc
@@ -202,7 +202,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
           break;
 
         case 'raw':
-          $replacements[$original] = filter_xss($date);
+          $replacements[$original] = $sanitize ? check_plain($date) : $date;
           break;
       }
     }
@@ -230,15 +230,15 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
           break;
 
         case 'description':
-          $replacements[$original] = $sanitize ? filter_xss($file->description) : $file->description;
+          $replacements[$original] = $sanitize ? check_plain($file->description) : $file->description;
           break;
 
         case 'path':
-          $replacements[$original] = $sanitize ? filter_xss($file->uri) : $file->uri;
+          $replacements[$original] = $sanitize ? check_plain($file->uri) : $file->uri;
           break;
 
         case 'mime':
-          $replacements[$original] = $sanitize ? filter_xss($file->filemime) : $file->filemime;
+          $replacements[$original] = $sanitize ? check_plain($file->filemime) : $file->filemime;
           break;
 
         case 'size':
@@ -246,7 +246,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
           break;
 
         case 'url':
-          $replacements[$original] = url(file_create_url($file->uri), $url_options);
+          $replacements[$original] = $sanitize ? check_plain(file_create_url($file->uri)) : file_create_url($file->uri);
           break;
 
         // These tokens are default variations on the chained tokens handled below.
@@ -256,7 +256,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
 
         case 'owner':
           $account = user_load($file->uid);
-          $replacements[$original] = $sanitize ? filter_xss($account->name) : $account->name;
+          $replacements[$original] = $sanitize ? check_plain($account->name) : $account->name;
           break;
       }
     }
author	Dries Buytaert <dries@buytaert.net>	2010-08-17 21:31:13 +0000
committer	Dries Buytaert <dries@buytaert.net>	2010-08-17 21:31:13 +0000
commit	2d3af8fe80715bb8b682f00272e731619d3102a8 (patch)
tree	6e5bf36733e4b8d70af8afd24310694d4d0aabaf /modules
parent	946a8d5967f30282b5fc899ee4ea7ae3708d9398 (diff)
download	brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.gz brdo-2d3af8fe80715bb8b682f00272e731619d3102a8.tar.bz2