Commit 6f2fd045 authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 6.28

parent 5c3f3646
Drupal 6.28-dev, xxxx-xx-xx (development release)
Drupal 6.28, 2013-01-16
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-001.
Drupal 6.27, 2012-12-19
----------------------
......
......@@ -665,7 +665,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL ^ E_DEPRECATED)) {
if ($errno & (E_ALL ^ E_DEPRECATED ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
......
/**
* Override jQuery.fn.init to guard against XSS attacks.
*
* See http://bugs.jquery.com/ticket/9521
*/
(function () {
var jquery_init = jQuery.fn.init;
jQuery.fn.init = function (selector, context, rootjQuery) {
// If the string contains a "#" before a "<", treat it as invalid HTML.
if (selector && typeof selector === 'string') {
var hash_position = selector.indexOf('#');
if (hash_position >= 0) {
var bracket_position = selector.indexOf('<');
if (bracket_position > hash_position) {
throw 'Syntax error, unrecognized expression: ' + selector;
}
}
}
return jquery_init.call(this, selector, context, rootjQuery);
};
jQuery.fn.init.prototype = jquery_init.prototype;
})();
var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'themes': {}, 'locale': {} };
/**
......
......@@ -69,7 +69,7 @@ Drupal.behaviors.tableHeader = function (context) {
// Get the height of the header table and scroll up that amount.
if (prevAnchor != location.hash) {
if (location.hash != '') {
var offset = $('td' + location.hash).offset();
var offset = $(document).find('td' + location.hash).offset();
if (offset) {
var top = offset.top;
var scrollLocation = top - $(e).height();
......
......@@ -39,6 +39,14 @@ function book_render() {
* in a format determined by the $type parameter.
*/
function book_export($type, $nid) {
// Check that the node exists and that the current user has access to it.
$node = node_load($nid);
if (!$node) {
return MENU_NOT_FOUND;
}
if (!node_access('view', $node)) {
return MENU_ACCESS_DENIED;
}
$type = drupal_strtolower($type);
......
......@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '6.28-dev');
define('VERSION', '6.28');
/**
* Core API compatibility.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment