Commit 8068958d authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 6.12

parent a8fb68ff
// $Id$
Drupal 6.12-dev, xxxx-xx-xx (development release)
Drupal 6.12, 2009-05-13
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
- Fixed a variety of small bugs.
Drupal 6.11, 2009-04-29
----------------------
......@@ -184,6 +186,11 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
Drupal 5.18, 2009-05-13
----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
- Fixed a variety of small bugs.
Drupal 5.17, 2009-04-29
-----------------------
- Fixed security issues (Cross site scripting and limited information disclosure) see SA-CORE-2009-005.
......
......@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL)) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
......
......@@ -688,7 +688,7 @@ function theme() {
// restore path_to_theme()
$theme_path = $temp;
// Add final markup to the full page.
if ($hook == 'page') {
if ($hook == 'page' || $hook == 'book_export_html') {
$output = drupal_final_markup($output);
}
return $output;
......
......@@ -20,8 +20,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language->language; ?>" xml:lang="<?php print $language->language; ?>">
<head>
<title><?php print $title; ?></title>
<?php print $head; ?>
<title><?php print $title; ?></title>
<base href="<?php print $base_url; ?>" />
<link type="text/css" rel="stylesheet" href="misc/print.css" />
<?php if ($language_rtl): ?>
......
......@@ -9,7 +9,7 @@
/**
* The current system version.
*/
define('VERSION', '6.12-dev');
define('VERSION', '6.12');
/**
* Core API compatibility.
......
......@@ -424,7 +424,7 @@ function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
$blank = ($vocabulary->required) ? 0 : t('- None -');
}
return _taxonomy_term_select(check_plain($vocabulary->name), $name, $value, $vid, $help, intval($vocabulary->multiple), $blank);
return _taxonomy_term_select(check_plain($vocabulary->name), $name, $value, $vid, filter_xss_admin($help), intval($vocabulary->multiple), $blank);
}
/**
......@@ -514,7 +514,7 @@ function taxonomy_form_alter(&$form, $form_state, $form_id) {
$typed_string = taxonomy_implode_tags($terms, $vocabulary->vid) . (array_key_exists('tags', $terms) ? $terms['tags'][$vocabulary->vid] : NULL);
}
if ($vocabulary->help) {
$help = $vocabulary->help;
$help = filter_xss_admin($vocabulary->help);
}
else {
$help = t('A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".');
......@@ -1015,6 +1015,35 @@ function taxonomy_get_term($tid) {
return $terms[$tid];
}
/**
* Create a select form element for a given taxonomy vocabulary.
*
* NOTE: This function expects input that has already been sanitized and is
* safe for display. Callers must properly sanitize the $title and
* $description arguments to prevent XSS vulnerabilities.
*
* @param $title
* The title of the vocabulary. This MUST be sanitized by the caller.
* @param $name
* Ignored.
* @param $value
* The currently selected terms from this vocabulary, if any.
* @param $vocabulary_id
* The vocabulary ID to build the form element for.
* @param $description
* Help text for the form element. This MUST be sanitized by the caller.
* @param $multiple
* Boolean to control if the form should use a single or multiple select.
* @param $blank
* Optional form choice to use when no value has been selected.
* @param $exclude
* Optional array of term ids to exclude in the selector.
* @return
* A FAPI form array to select terms from the given vocabulary.
*
* @see taxonomy_form()
* @see taxonomy_form_term()
*/
function _taxonomy_term_select($title, $name, $value, $vocabulary_id, $description, $multiple, $blank, $exclude = array()) {
$tree = taxonomy_get_tree($vocabulary_id);
$options = array();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment