diff options
| -rw-r--r-- | includes/bootstrap.inc | 2 | ||||
| -rw-r--r-- | includes/database/database.inc | 3 | ||||
| -rw-r--r-- | modules/system/system.install | 9 |
3 files changed, 13 insertions, 1 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index d6a4bcfcd..360564d84 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -19,7 +19,7 @@ define('DRUPAL_CORE_COMPATIBILITY', '7.x'); /** * Minimum supported version of PHP. */ -define('DRUPAL_MINIMUM_PHP', '5.2.5'); +define('DRUPAL_MINIMUM_PHP', '5.2.4'); /** * Minimum recommended value of PHP memory_limit. diff --git a/includes/database/database.inc b/includes/database/database.inc index 9ca77ea50..98dafae8a 100644 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -1293,6 +1293,9 @@ abstract class Database { /** * Gets the connection object for the specified database key and target. * + * Note: do not use the setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE) on the + * returned object because of http://bugs.php.net/bug.php?id=43139. + * * @param $target * The database target name. * @param $key diff --git a/modules/system/system.install b/modules/system/system.install index e37b7b5e2..23e2e442b 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -77,6 +77,15 @@ function system_requirements($phase) { // If PHP is old, it's not safe to continue with the requirements check. return $requirements; } + // Check that htmlspecialchars() is secure if the site is running any PHP + // version older than 5.2.5. We don't simply require 5.2.5, because Ubuntu + // 8.04 ships with PHP 5.2.4, but includes the necessary security patch. + elseif (version_compare($phpversion, '5.2.5') < 0 && strlen(@htmlspecialchars(chr(0xC0) . chr(0xAF), ENT_QUOTES, 'UTF-8'))) { + $requirements['php']['description'] = $t('Your PHP installation is too old. Drupal requires at least PHP 5.2.5, or PHP @version with the htmlspecialchars security patch backported.', array('@version' => DRUPAL_MINIMUM_PHP)); + $requirements['php']['severity'] = REQUIREMENT_ERROR; + // If PHP is old, it's not safe to continue with the requirements check. + return $requirements; + } // Test PHP register_globals setting. $requirements['php_register_globals'] = array( |