Skip to content
Snippets Groups Projects
Commit 316bd96e authored by Angie Byron's avatar Angie Byron
Browse files

Drupal 7.1

parent 49791492
No related branches found
No related tags found
2 merge requests!7330Issue #3306390 by poker10, catch, Fabianx, pwolanin, rvtraveller: [D7]...,!1564SA-CORE-2021-001 by larowlan, stephenacrossri, siliconmeadow, mcdruid, xjm,...
Show whitespace changes
Inline Side-by-side
CHANGELOG.txt
+ 4
1
View file @ 316bd96e
// $Id$
Drupal 7.1, 2011-05-25
----------------------
- Fixed security issues (Cross site scripting, File access bypass), see SA-CORE-2011-001.
Drupal 7.0, 2011-01-05 Drupal 7.0, 2011-01-05
---------------------- ----------------------
......
includes/bootstrap.inc
+ 1
1
View file @ 316bd96e
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
/** /**
* The current system version. * The current system version.
*/ */
define('VERSION', '7.0'); define('VERSION', '7.1');
/** /**
* Core API compatibility. * Core API compatibility.
......
modules/color/color.install
+ 15
0
View file @ 316bd96e
...@@ -41,3 +41,18 @@ function color_requirements($phase) { ...@@ -41,3 +41,18 @@ function color_requirements($phase) {
return $requirements; return $requirements;
} }
/**
* Warn site administrator if unsafe CSS color codes are found in the database.
*/
function color_update_7001() {
$theme_palettes = db_query("SELECT name FROM {variable} WHERE name LIKE 'color_%_palette'")->fetchCol();
foreach ($theme_palettes as $name) {
$palette = variable_get($name, array());
foreach ($palette as $key => $color) {
if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) {
drupal_set_message('Some of the custom CSS color codes specified via the color module are invalid. Please examine the themes which are making use of the color module at the <a href="'. url('admin/appearance/settings') .'">Appearance settings</a> page to verify their CSS color values.', 'warning');
}
}
}
}
modules/color/color.module
+ 13
0
View file @ 316bd96e
...@@ -43,6 +43,7 @@ function color_form_system_theme_settings_alter(&$form, &$form_state) { ...@@ -43,6 +43,7 @@ function color_form_system_theme_settings_alter(&$form, &$form_state) {
'#theme' => 'color_scheme_form', '#theme' => 'color_scheme_form',
); );
$form['color'] += color_scheme_form($form, $form_state, $theme); $form['color'] += color_scheme_form($form, $form_state, $theme);
$form['#validate'][] = 'color_scheme_form_validate';
$form['#submit'][] = 'color_scheme_form_submit'; $form['#submit'][] = 'color_scheme_form_submit';
} }
} }
...@@ -271,6 +272,18 @@ function theme_color_scheme_form($variables) { ...@@ -271,6 +272,18 @@ function theme_color_scheme_form($variables) {
return $output; return $output;
} }
/**
* Validation handler for color change form.
*/
function color_scheme_form_validate($form, &$form_state) {
// Only accept hexadecimal CSS color strings to avoid XSS upon use.
foreach ($form_state['values']['palette'] as $key => $color) {
if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) {
form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title'])));
}
}
}
/** /**
* Submit handler for color change form. * Submit handler for color change form.
*/ */
......
modules/file/file.module
+ 1
1
View file @ 316bd96e
...@@ -976,7 +976,7 @@ function file_get_file_references($file, $field = NULL, $age = FIELD_LOAD_REVISI ...@@ -976,7 +976,7 @@ function file_get_file_references($file, $field = NULL, $age = FIELD_LOAD_REVISI
} }
} }
return isset($field) ? $references[$field['field_name']] : $references; return isset($field) ? $references[$field['field_name']] : array_filter($references);
} }
/** /**
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment