Commit 44d6dbd8 authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 4.7.8

parent 0e80cf76
// $Id$
Drupal 4.7.8, 2007-10-17
----------------------
- fixed a security issue (HTTP response splitting), see SA-2007-024
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
Drupal 4.7.7, 2007-07-26
------------------------
- fixed security issue (XSS), see SA-2007-018
......
......@@ -235,10 +235,6 @@ function drupal_get_destination() {
* 'user login'-block in a sidebar. The function drupal_get_destination()
* can be used to help set the destination URL.
*
* It is advised to use drupal_goto() instead of PHP's header(), because
* drupal_goto() will append the user's session ID to the URI when PHP is
* compiled with "--enable-trans-sid".
*
* This function ends the request; use it rather than a print theme('page')
* statement in your menu callback.
*
......@@ -260,6 +256,8 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
}
$url = url($path, $query, $fragment, TRUE);
// Remove newlines from the URL to avoid header injection attacks.
$url = str_replace(array("\n", "\r"), '', $url);
// Before the redirect, allow modules to react to the end of the page request.
module_invoke_all('exit', $url);
......
......@@ -568,7 +568,7 @@ function comment_save($edit) {
}
// Add the comment to database.
$status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
$edit['status'] = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
$roles = variable_get('comment_roles', array());
$score = 0;
......@@ -629,7 +629,7 @@ function comment_save($edit) {
$edit['name'] = $user->name;
}
db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $status, $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $edit['status'], $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
_comment_update_node_statistics($edit['nid']);
......@@ -645,7 +645,7 @@ function comment_save($edit) {
// Explain the approval queue if necessary, and then
// redirect the user to the node he's commenting on.
if ($status == COMMENT_NOT_PUBLISHED) {
if ($edit['status'] == COMMENT_NOT_PUBLISHED) {
drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.'));
}
return $edit['cid'];
......
......@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
define('VERSION', '4.7.8 dev');
define('VERSION', '4.7.8');
/**
* Implementation of hook_help().
......@@ -1235,8 +1235,9 @@ function system_theme_settings($key = '') {
* offered to go back to the item that is being changed in case the user changes
* his/her mind.
*
* You should use $GLOBALS['values']['edit'][$name] (where $name is usually 'confirm') to
* check if the confirmation was successful.
* If the submit handler for this form is invoked, the user successfully
* confirmed the action. You should never directly inspect $_POST to see if an
* action was confirmed.
*
* @param $form_id
* The unique form identifier. Used by the form API to construct the theme.
......
......@@ -157,7 +157,7 @@ function upload_settings() {
foreach ($roles as $rid => $role) {
$form["settings_role_$rid"] = array('#type' => 'fieldset', '#title' => t('Settings for %role', array('%role' => theme('placeholder', $role))), '#collapsible' => TRUE, '#collapsed' => TRUE);
$form["settings_role_$rid"]["upload_extensions_$rid"] = array(
'#type' => 'textfield', '#title' => t('Permitted file extensions'), '#default_value' => variable_get("upload_extensions_$rid", 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'),
'#type' => 'textfield', '#title' => t('Permitted file extensions'), '#default_value' => variable_get("upload_extensions_$rid", 'jpg jpeg gif png txt doc xls xls pdf ppt pps odt ods odp'),
'#maxlength' => 255, '#description' => t('Extensions that users in this role can upload. Separate extensions with a space and do not include the leading dot.')
);
$form["settings_role_$rid"]["upload_uploadsize_$rid"] = array(
......@@ -326,7 +326,7 @@ function _upload_validate(&$node) {
$total_usersize = upload_space_used($user->uid) + $filesize;
$error = array();
foreach ($user->roles as $rid => $name) {
$extensions = variable_get("upload_extensions_$rid", 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp');
$extensions = variable_get("upload_extensions_$rid", 'jpg jpeg gif png txt doc xls xls pdf ppt pps odt ods odp');
$uploadsize = variable_get("upload_uploadsize_$rid", 1) * 1024 * 1024;
$usersize = variable_get("upload_usersize_$rid", 10) * 1024 * 1024;
......@@ -538,7 +538,7 @@ function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
if (!isset($extensions)) {
$extensions = '';
foreach ($user->roles as $rid => $name) {
$extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'));
$extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls xls pdf ppt pps odt ods odp'));
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment