Commit 1d4604da authored by David_Rothstein's avatar David_Rothstein

Drupal 7.19

parent b47f95d3
Drupal 7.19, 2013-01-16
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2013-001.
Drupal 7.18, 2012-12-19
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2012-004.
......
......@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.18');
define('VERSION', '7.19');
/**
* Core API compatibility.
......
......@@ -58,9 +58,9 @@ Drupal.behaviors.collapse = {
$('fieldset.collapsible', context).once('collapse', function () {
var $fieldset = $(this);
// Expand fieldset if there are errors inside, or if it contains an
// element that is targeted by the URI fragment identifier.
// element that is targeted by the URI fragment identifier.
var anchor = location.hash && location.hash != '#' ? ', ' + location.hash : '';
if ($('.error' + anchor, $fieldset).length) {
if ($fieldset.find('.error' + anchor).length) {
$fieldset.removeClass('collapsed');
}
......
......@@ -6,6 +6,27 @@ jQuery.noConflict();
(function ($) {
/**
* Override jQuery.fn.init to guard against XSS attacks.
*
* See http://bugs.jquery.com/ticket/9521
*/
var jquery_init = $.fn.init;
$.fn.init = function (selector, context, rootjQuery) {
// If the string contains a "#" before a "<", treat it as invalid HTML.
if (selector && typeof selector === 'string') {
var hash_position = selector.indexOf('#');
if (hash_position >= 0) {
var bracket_position = selector.indexOf('<');
if (bracket_position > hash_position) {
throw 'Syntax error, unrecognized expression: ' + selector;
}
}
}
return jquery_init.call(this, selector, context, rootjQuery);
};
$.fn.init.prototype = jquery_init.prototype;
/**
* Attach all registered behaviors to a page element.
*
......
......@@ -50,8 +50,8 @@ Drupal.behaviors.verticalTabs = {
if (!tab_focus) {
// If the current URL has a fragment and one of the tabs contains an
// element that matches the URL fragment, activate that tab.
if (window.location.hash && $(window.location.hash, this).length) {
tab_focus = $(window.location.hash, this).closest('.vertical-tabs-pane');
if (window.location.hash && $(this).find(window.location.hash).length) {
tab_focus = $(this).find(window.location.hash).closest('.vertical-tabs-pane');
}
else {
tab_focus = $('> .vertical-tabs-pane:first', this);
......
......@@ -38,6 +38,15 @@ function book_render() {
* format determined by the $type parameter.
*/
function book_export($type, $nid) {
// Check that the node exists and that the current user has access to it.
$node = node_load($nid);
if (!$node) {
return MENU_NOT_FOUND;
}
if (!node_access('view', $node)) {
return MENU_ACCESS_DENIED;
}
$type = drupal_strtolower($type);
$export_function = 'book_export_' . $type;
......
......@@ -258,6 +258,13 @@ class BookTestCase extends DrupalWebTestCase {
// Try getting the URL directly, and verify it fails.
$this->drupalGet('book/export/html/' . $this->book->nid);
$this->assertResponse('403', t('Anonymous user properly forbidden.'));
// Now grant anonymous users permission to view the printer-friendly
// version and verify that node access restrictions still prevent them from
// seeing it.
user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, array('access printer-friendly version'));
$this->drupalGet('book/export/html/' . $this->book->nid);
$this->assertResponse('403', 'Anonymous user properly forbidden from seeing the printer-friendly version when denied by node access.');
}
/**
......
......@@ -292,7 +292,8 @@ function image_file_download($uri) {
if ($info = image_get_info($uri)) {
// Check the permissions of the original to grant access to this image.
$headers = module_invoke_all('file_download', $original_uri);
if (!in_array(-1, $headers)) {
// Confirm there's at least one module granting access and none denying access.
if (!empty($headers) && !in_array(-1, $headers)) {
return array(
// Send headers describing the image's size, and MIME-type...
'Content-Type' => $info['mime_type'],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment