Commit 8135c33f authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 6.11

parent a8f2b31b
// $Id$
Drupal 6.11-dev, xxxx-xx-xx (development release)
Drupal 6.11, 2009-04-29
----------------------
- Fixed security issues (Cross site scripting and limited information
disclosure), see SA-CORE-2009-005
- Fixed performance issues with the menu router cache, the update
status cache and improved cache invalidation
- Fixed a variety of small bugs.
Drupal 6.10, 2009-02-25
----------------------
......@@ -176,6 +181,16 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
Drupal 5.17, 2009-04-29
-----------------------
- Fixed security issues (Cross site scripting and limited information disclosure) see SA-CORE-2009-005.
- Fixed a variety of small bugs.
Drupal 5.16, 2009-02-25
-----------------------
- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004.
- Fixed a variety of small bugs.
Drupal 5.15, 2009-01-14
----------------------
- Fixed security issues, (Hardening against SQL injection), see SA-CORE-2009-001
......
......@@ -791,6 +791,8 @@ function request_uri() {
$uri = $_SERVER['SCRIPT_NAME'];
}
}
// Prevent multiple slashes to avoid cross site requests via the FAPI.
$uri = '/'. ltrim($uri, '/');
return $uri;
}
......
......@@ -151,6 +151,15 @@ function drupal_get_headers() {
return drupal_set_header();
}
/**
* Make any final alterations to the rendered xhtml.
*/
function drupal_final_markup($content) {
// Make sure that the charset is always specified as the first element of the
// head region to prevent encoding-based attacks.
return preg_replace('/<head[^>]*>/i', "\$0\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />", $content, 1);
}
/**
* Add a feed URL for the current page.
*
......@@ -577,7 +586,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL)) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
......
......@@ -687,6 +687,10 @@ function theme() {
}
// restore path_to_theme()
$theme_path = $temp;
// Add final markup to the full page.
if ($hook == 'page') {
$output = drupal_final_markup($output);
}
return $output;
}
......
......@@ -19,8 +19,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title; ?></title>
<?php print $head; ?>
<title><?php print $head_title; ?></title>
<?php print $styles; ?>
<?php print $scripts; ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyled Content in IE */ ?> </script>
......
......@@ -80,8 +80,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title; ?></title>
<?php print $head; ?>
<title><?php print $head_title; ?></title>
<?php print $styles; ?>
<?php print $scripts; ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyled Content in IE */ ?> </script>
......
......@@ -9,7 +9,7 @@
/**
* The current system version.
*/
define('VERSION', '6.11-dev');
define('VERSION', '6.11');
/**
* Core API compatibility.
......
......@@ -4,8 +4,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language->language ?>" xml:lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyle Content in IE */ ?> </script>
......
......@@ -30,8 +30,8 @@ function chameleon_page($content, $show_blocks = TRUE, $show_messages = TRUE) {
$output = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
$output .= "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"$language\" xml:lang=\"$language\" dir=\"$direction\">\n";
$output .= "<head>\n";
$output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
$output .= drupal_get_html_head();
$output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
$output .= drupal_get_css();
$output .= drupal_get_js();
$output .= "</head>";
......
......@@ -15,8 +15,8 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<!--[if lt IE 7]>
......
......@@ -4,8 +4,8 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<!--[if lt IE 7]>
......
......@@ -3,9 +3,9 @@
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language->language ?>" xml:lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<meta http-equiv="Content-Style-Type" content="text/css" />
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
</head>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment