Commit 7c757303 authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 6.13

parent 3f6de431
// $Id$
Drupal 6.13-dev, xxxx-xx-xx (development release)
Drupal 6.13, 2009-07-01
----------------------
- Fixed security issues (Cross site scripting, Input format access bypass and
Password leakage in URL), see SA-CORE-2009-007.
- Fixed a variety of small bugs.
Drupal 6.12, 2009-05-13
----------------------
......@@ -189,6 +192,11 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
Drupal 5.19, 2009-07-01
-----------------------
- Fixed security issues (Cross site scripting and Password leakage in URL), see SA-CORE-2009-007.
- Fixed a variety of small bugs.
Drupal 5.18, 2009-05-13
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
......
......@@ -587,7 +587,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL)) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
......
......@@ -85,7 +85,7 @@ function pager_query($query, $limit = 10, $element = 0, $count_query = NULL) {
function pager_get_querystring() {
static $string = NULL;
if (!isset($string)) {
$string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
$string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
}
return $string;
}
......
......@@ -136,7 +136,7 @@ function tablesort_cell($cell, $header, $ts, $i) {
* except for those pertaining to table sorting.
*/
function tablesort_get_querystring() {
return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
}
/**
......
......@@ -936,7 +936,7 @@ function comment_render($node, $cid = 0) {
if ($cid && is_numeric($cid)) {
// Single comment view.
$query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d';
$query = 'SELECT c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d';
$query_args = array($cid);
if (!user_access('administer comments')) {
$query .= ' AND c.status = %d';
......@@ -957,7 +957,7 @@ function comment_render($node, $cid = 0) {
else {
// Multiple comment view
$query_count = 'SELECT COUNT(*) FROM {comments} c WHERE c.nid = %d';
$query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d';
$query = 'SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.thread, c.status FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d';
$query_args = array($nid);
if (!user_access('administer comments')) {
......@@ -1468,7 +1468,7 @@ function comment_form_add_preview($form, &$form_state) {
$output = '';
if ($edit['pid']) {
$comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED));
$comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $edit['pid'], COMMENT_PUBLISHED));
$comment = drupal_unpack($comment);
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
$output .= theme('comment_view', $comment, $node);
......@@ -1778,14 +1778,14 @@ function theme_comment_thread_expanded($comment, $node) {
function theme_comment_post_forbidden($node) {
global $user;
static $authenticated_post_comments;
if (!$user->uid) {
if (!isset($authenticated_post_comments)) {
// We only output any link if we are certain, that users get permission
// to post comments by logging in. We also locally cache this information.
$authenticated_post_comments = array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(TRUE, 'post comments') + user_roles(TRUE, 'post comments without approval'));
}
if ($authenticated_post_comments) {
// We cannot use drupal_get_destination() because these links
// sometimes appear on /node and taxonomy listing pages.
......
......@@ -70,7 +70,7 @@ function comment_reply($node, $pid = NULL) {
// $pid indicates that this is a reply to a comment.
if ($pid) {
// load the comment whose cid = $pid
if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) {
if ($comment = db_fetch_object(db_query('SELECT c.*, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.cid = %d AND c.status = %d', $pid, COMMENT_PUBLISHED))) {
// If that comment exists, make sure that the current comment and the parent comment both
// belong to the same parent node.
if ($comment->nid != $node->nid) {
......
......@@ -10,6 +10,11 @@
* Menu callback; prints a forum listing.
*/
function forum_page($tid = 0) {
if (!is_numeric($tid)) {
return MENU_NOT_FOUND;
}
$tid = (int)$tid;
$topics = '';
$forum_per_page = variable_get('forum_per_page', 25);
$sortby = variable_get('forum_order', 1);
......
......@@ -2564,6 +2564,39 @@ function system_update_6050() {
return $ret;
}
/**
* Create a signature_format column.
*/
function system_update_6051() {
$ret = array();
if (!db_column_exists('users', 'signature_format')) {
// Set future input formats to FILTER_FORMAT_DEFAULT to ensure a safe default
// when incompatible modules insert into the users table. An actual format
// will be assigned when users save their signature.
$schema = array(
'type' => 'int',
'size' => 'small',
'not null' => TRUE,
'default' => FILTER_FORMAT_DEFAULT,
'description' => 'The {filter_formats}.format of the signature.',
);
db_add_field($ret, 'users', 'signature_format', $schema);
// Set the format of existing signatures to the current default input format.
if ($current_default_filter = variable_get('filter_default_format', 0)) {
$ret[] = update_sql("UPDATE {users} SET signature_format = ". $current_default_filter);
}
drupal_set_message("User signatures no longer inherit comment input formats. Each user's signature now has its own associated format that can be selected on the user's account page. Existing signatures have been set to your site's default input format.");
}
return $ret;
}
/**
* @} End of "defgroup updates-6.x-extra"
* The next series of updates should start at 7000.
......
......@@ -9,7 +9,7 @@
/**
* The current system version.
*/
define('VERSION', '6.13-dev');
define('VERSION', '6.13');
/**
* Core API compatibility.
......
......@@ -191,6 +191,13 @@ function user_schema() {
'default' => '',
'description' => "User's signature.",
),
'signature_format' => array(
'type' => 'int',
'size' => 'small',
'not null' => TRUE,
'default' => 0,
'description' => 'The {filter_formats}.format of the signature.',
),
'created' => array(
'type' => 'int',
'not null' => TRUE,
......
......@@ -532,7 +532,7 @@ function user_fields() {
}
else {
// Make sure we return the default fields at least.
$fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
$fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'signature_format', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
}
}
......@@ -1519,6 +1519,15 @@ function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
'#default_value' => $edit['signature'],
'#description' => t('Your signature will be publicly displayed at the end of your comments.'),
);
// Prevent a "validation error" message when the user attempts to save with a default value they
// do not have access to.
if (!filter_access($edit['signature_format']) && empty($_POST)) {
drupal_set_message(t("The signature input format has been set to a format you don't have access to. It will be changed to a format you have access to when you save this page."));
$edit['signature_format'] = FILTER_FORMAT_DEFAULT;
}
$form['signature_settings']['signature_format'] = filter_form($edit['signature_format'], NULL, array('signature_format'));
}
// Picture/avatar:
......@@ -2031,7 +2040,7 @@ function user_comment(&$comment, $op) {
// Validate signature.
if ($op == 'view') {
if (variable_get('user_signatures', 0) && !empty($comment->signature)) {
$comment->signature = check_markup($comment->signature, $comment->format);
$comment->signature = check_markup($comment->signature, $comment->signature_format, FALSE);
}
else {
$comment->signature = '';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment