Commit 2d3af8fe authored by Dries's avatar Dries

- Patch #829822 by pwolanin, tstoeckler: check Drupal 7 core for...

- Patch #829822 by pwolanin, tstoeckler: check Drupal 7 core for vulnerabilities in SA-CONTRIB-2010-066.
parent 946a8d59
...@@ -331,9 +331,9 @@ function file_stream_wrapper_get_instance_by_scheme($scheme) { ...@@ -331,9 +331,9 @@ function file_stream_wrapper_get_instance_by_scheme($scheme) {
* *
* @return * @return
* A string containing a URL that may be used to access the file. * A string containing a URL that may be used to access the file.
* If the provided string already contains a preceding 'http', nothing is done * If the provided string already contains a preceding 'http', 'https', or
* and the same string is returned. If a valid stream wrapper could not be * '/', nothing is done and the same string is returned. If a stream wrapper
* found to generate an external URL, then FALSE will be returned. * could not be found to generate an external URL, then FALSE is returned.
*/ */
function file_create_url($uri) { function file_create_url($uri) {
// Allow the URI to be altered, e.g. to serve a file from a CDN or static // Allow the URI to be altered, e.g. to serve a file from a CDN or static
...@@ -355,8 +355,8 @@ function file_create_url($uri) { ...@@ -355,8 +355,8 @@ function file_create_url($uri) {
} }
else { else {
// If this is not a properly formatted stream, then it is a shipped file. // If this is not a properly formatted stream, then it is a shipped file.
// Therefor, return the URI with the base URL prepended. // Therefore, return the urlencoded URI with the base URL prepended.
return $GLOBALS['base_url'] . '/' . $uri; return $GLOBALS['base_url'] . '/' . drupal_encode_path($uri);
} }
} }
elseif ($scheme == 'http' || $scheme == 'https') { elseif ($scheme == 'http' || $scheme == 'https') {
......
...@@ -749,8 +749,9 @@ class CascadingStylesheetsTestCase extends DrupalWebTestCase { ...@@ -749,8 +749,9 @@ class CascadingStylesheetsTestCase extends DrupalWebTestCase {
*/ */
function testAddCssFileWithQueryString() { function testAddCssFileWithQueryString() {
$this->drupalGet('common-test/query-string'); $this->drupalGet('common-test/query-string');
$query_string = substr(variable_get('css_js_query_string', '0'), 0, 1); $query_string = variable_get('css_js_query_string', '0');
$this->assertRaw(drupal_get_path('module', 'node') . '/node.css?arg1=value1&arg2=value2&' . $query_string, t('Query string was appended correctly to css.')); $this->assertRaw(drupal_get_path('module', 'node') . '/node.css?' . $query_string, t('Query string was appended correctly to css.'));
$this->assertRaw(drupal_get_path('module', 'node') . '/node-fake.css?arg1=value1&arg2=value2', t('Query string not escaped on a URI.'));
} }
} }
...@@ -1354,8 +1355,8 @@ class JavaScriptTestCase extends DrupalWebTestCase { ...@@ -1354,8 +1355,8 @@ class JavaScriptTestCase extends DrupalWebTestCase {
*/ */
function testAddJsFileWithQueryString() { function testAddJsFileWithQueryString() {
$this->drupalGet('common-test/query-string'); $this->drupalGet('common-test/query-string');
$query_string = substr(variable_get('css_js_query_string', '0'), 0, 1); $query_string = variable_get('css_js_query_string', '0');
$this->assertRaw(drupal_get_path('module', 'node') . '/node.js?arg1=value1&arg2=value2&' . $query_string, t('Query string was appended correctly to js.')); $this->assertRaw(drupal_get_path('module', 'node') . '/node.js?' . $query_string, t('Query string was appended correctly to js.'));
} }
} }
......
...@@ -220,7 +220,9 @@ function common_test_library() { ...@@ -220,7 +220,9 @@ function common_test_library() {
* Adds a JavaScript file and a CSS file with a query string appended. * Adds a JavaScript file and a CSS file with a query string appended.
*/ */
function common_test_js_and_css_querystring() { function common_test_js_and_css_querystring() {
drupal_add_js(drupal_get_path('module', 'node') . '/node.js?arg1=value1&arg2=value2'); drupal_add_js(drupal_get_path('module', 'node') . '/node.js');
drupal_add_css(drupal_get_path('module', 'node') . '/node.css?arg1=value1&arg2=value2'); drupal_add_css(drupal_get_path('module', 'node') . '/node.css');
// A relative URI may have a query string.
drupal_add_css('/' . drupal_get_path('module', 'node') . '/node-fake.css?arg1=value1&arg2=value2');
return ''; return '';
} }
...@@ -202,7 +202,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a ...@@ -202,7 +202,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
break; break;
case 'raw': case 'raw':
$replacements[$original] = filter_xss($date); $replacements[$original] = $sanitize ? check_plain($date) : $date;
break; break;
} }
} }
...@@ -230,15 +230,15 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a ...@@ -230,15 +230,15 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
break; break;
case 'description': case 'description':
$replacements[$original] = $sanitize ? filter_xss($file->description) : $file->description; $replacements[$original] = $sanitize ? check_plain($file->description) : $file->description;
break; break;
case 'path': case 'path':
$replacements[$original] = $sanitize ? filter_xss($file->uri) : $file->uri; $replacements[$original] = $sanitize ? check_plain($file->uri) : $file->uri;
break; break;
case 'mime': case 'mime':
$replacements[$original] = $sanitize ? filter_xss($file->filemime) : $file->filemime; $replacements[$original] = $sanitize ? check_plain($file->filemime) : $file->filemime;
break; break;
case 'size': case 'size':
...@@ -246,7 +246,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a ...@@ -246,7 +246,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
break; break;
case 'url': case 'url':
$replacements[$original] = url(file_create_url($file->uri), $url_options); $replacements[$original] = $sanitize ? check_plain(file_create_url($file->uri)) : file_create_url($file->uri);
break; break;
// These tokens are default variations on the chained tokens handled below. // These tokens are default variations on the chained tokens handled below.
...@@ -256,7 +256,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a ...@@ -256,7 +256,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
case 'owner': case 'owner':
$account = user_load($file->uid); $account = user_load($file->uid);
$replacements[$original] = $sanitize ? filter_xss($account->name) : $account->name; $replacements[$original] = $sanitize ? check_plain($account->name) : $account->name;
break; break;
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment