Commit 2518420d authored by drumm's avatar drumm

Drupal 5.17

parent 3a4912c8
// $Id$
Drupal 5.17, xxxx-xx-xx (development version)
Drupal 5.17, 2009-04-29
-----------------------
- Fixed security issues (Cross site scripting and limited information
disclosure) see SA-CORE-2009-005.
- Fixed a variety of small bugs.
Drupal 5.16, 2009-02-25
-----------------------
......
......@@ -725,6 +725,8 @@ function request_uri() {
$uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING'];
}
}
// Prevent multiple slashes to avoid cross site requests via the FAPI.
$uri = '/'. ltrim($uri, '/');
return $uri;
}
......
......@@ -151,6 +151,15 @@ function drupal_get_headers() {
return drupal_set_header();
}
/**
* Make any final alterations to the rendered xhtml.
*/
function drupal_final_markup($content) {
// Make sure that the charset is always specified as the first element of the
// head region to prevent encoding-based attacks.
return preg_replace('/<head[^>]*>/i', "\$0\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />", $content, 1);
}
/**
* Add a feed URL for the current page.
*
......
......@@ -168,7 +168,12 @@ function theme() {
$functions[$function] = theme_get_function($function);
}
if ($functions[$function]) {
return call_user_func_array($functions[$function], $args);
$output = call_user_func_array($functions[$function], $args);
// Add final markup to the full page.
if ($function == 'page') {
$output = drupal_final_markup($output);
}
return $output;
}
}
......
......@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
define('VERSION', '5.17-dev');
define('VERSION', '5.17');
/**
* Implementation of hook_help().
......
......@@ -2,8 +2,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language ?>" xml:lang="<?php print $language ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyle Content in IE */ ?> </script>
......
......@@ -39,8 +39,8 @@ function chameleon_page($content, $show_blocks = TRUE) {
$output = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
$output .= "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"$language\" xml:lang=\"$language\">\n";
$output .= "<head>\n";
$output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
$output .= drupal_get_html_head();
$output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
$output .= drupal_get_css();
$output .= drupal_get_js();
$output .= "</head>";
......
......@@ -2,8 +2,8 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language ?>" lang="<?php print $language ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<style type="text/css" media="print">@import "<?php print base_path() . path_to_theme() ?>/print.css";</style>
......
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language ?>" xml:lang="<?php print $language ?>">
<head>
<title><?php print $head_title ?></title>
<meta http-equiv="Content-Style-Type" content="text/css" />
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
</head>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment