Commit 8506de81 authored by drumm's avatar drumm

Drupal 5.3

parent 892a627c
// $Id$
Drupal 5.3, xxxx-xx-xx
Drupal 5.3, 2007-10-17
----------------------
- fixed a variety of small bugs.
- fixed a security issue (HTTP response splitting), see SA-2007-024
- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
- fixed a security issue (User deletion cross site request forgery), see SA-2007-029
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
Drupal 5.2, 2007-07-26
----------------------
......@@ -92,6 +98,12 @@ Drupal 5.0, 2007-01-15
* added nested lists generation.
* added a self-clearing block class.
Drupal 4.7.8, 2007-10-17
------------------------
- fixed a security issue (HTTP response splitting), see SA-2007-024
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
Drupal 4.7.7, 2007-07-26
------------------------
- fixed security issue (XSS), see SA-2007-018
......
......@@ -267,11 +267,8 @@ function drupal_get_destination() {
* 'user login'-block in a sidebar. The function drupal_get_destination()
* can be used to help set the destination URL.
*
* It is advised to use drupal_goto() instead of PHP's header(), because
* drupal_goto() will append the user's session ID to the URI when PHP is
* compiled with "--enable-trans-sid". In addition, Drupal will ensure that
* messages set by drupal_set_message() and other session data are written to
* the database before the user is redirected.
* Drupal will ensure that messages set by drupal_set_message() and other
* session data are written to the database before the user is redirected.
*
* This function ends the request; use it rather than a print theme('page')
* statement in your menu callback.
......@@ -304,6 +301,8 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response
}
$url = url($path, $query, $fragment, TRUE);
// Remove newlines from the URL to avoid header injection attacks.
$url = str_replace(array("\n", "\r"), '', $url);
// Before the redirect, allow modules to react to the end of the page request.
module_invoke_all('exit', $url);
......
......@@ -166,6 +166,10 @@ function install_change_settings($profile = 'default', $install_locale = '') {
if ($db_url == 'mysql://username:password@localhost/databasename') {
$db_user = $db_pass = $db_path = '';
}
elseif (!empty($db_url)) {
// Do not install over a configured settings.php.
install_already_done_error();
}
$output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path);
drupal_set_title(st('Database configuration'));
print theme('install_page', $output);
......@@ -506,7 +510,7 @@ function install_already_done_error() {
drupal_maintenance_theme();
drupal_set_title(st('Drupal already installed'));
print theme('install_page', st('<ul><li>To start over, you must empty your existing database.</li><li>To install to a different database, edit the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</li><li>To upgrade an existing installation, proceed to the <a href="@base-url/update.php">update script</a>.</li></ul>', array('@base-url' => $base_url)));
print theme('install_page', st('<ul><li>To start over, you must empty your existing database and replace the appropriate <em>settings.php</em> with an unmodified copy.</li><li>To install to a different database, edit the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</li><li>To upgrade an existing installation, proceed to the <a href="@base-url/update.php">update script</a>.</li></ul>', array('@base-url' => $base_url)));
exit;
}
......
......@@ -723,7 +723,7 @@ function comment_save($edit) {
}
// Add the comment to database.
$status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
$edit['status'] = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
$roles = variable_get('comment_roles', array());
$score = 0;
......@@ -784,7 +784,7 @@ function comment_save($edit) {
$edit['name'] = $user->name;
}
db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $status, $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $edit['status'], $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
_comment_update_node_statistics($edit['nid']);
......@@ -800,7 +800,7 @@ function comment_save($edit) {
// Explain the approval queue if necessary, and then
// redirect the user to the node he's commenting on.
if ($status == COMMENT_NOT_PUBLISHED) {
if ($edit['status'] == COMMENT_NOT_PUBLISHED) {
drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.'));
}
return $edit['cid'];
......
......@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
define('VERSION', '5.3 dev');
define('VERSION', '5.3');
/**
* Implementation of hook_help().
......@@ -2116,12 +2116,12 @@ function system_node_type($op, $info) {
* Output a confirmation form
*
* This function returns a complete form for confirming an action. A link is
* offered to go back to the item that is being changed in case the user changes
* his/her mind.
* offered to go back to the item that is being changed in case the user
* changes his/her mind.
*
* You can check for the existence of $_POST[$name] (where $name
* is usually 'confirm') to check if the confirmation was successful or
* use the regular submit model.
* If the submit handler for this form is invoked, the user successfully
* confirmed the action. You should never directly inspect $_POST to see if an
* action was confirmed.
*
* @param $form
* Additional elements to inject into the form, for example hidden elements.
......
......@@ -158,7 +158,7 @@ function upload_admin_settings_validate($form_id, $form_values) {
* Menu callback for the upload settings form.
*/
function upload_admin_settings() {
$upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp');
$upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
$upload_uploadsize_default = variable_get('upload_uploadsize_default', 1);
$upload_usersize_default = variable_get('upload_usersize_default', 1);
......@@ -421,7 +421,7 @@ function _upload_validate(&$node) {
$total_usersize = upload_space_used($user->uid) + $filesize;
$error = array();
foreach ($user->roles as $rid => $name) {
$extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'));
$extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
$uploadsize = variable_get("upload_uploadsize_$rid", variable_get('upload_uploadsize_default', 1)) * 1024 * 1024;
$usersize = variable_get("upload_usersize_$rid", variable_get('upload_usersize_default', 1)) * 1024 * 1024;
......@@ -641,7 +641,7 @@ function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
if (!isset($extensions)) {
$extensions = '';
foreach ($user->roles as $rid => $name) {
$extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'));
$extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
}
}
......
......@@ -1415,16 +1415,11 @@ function user_edit($category = 'account') {
drupal_set_message(t('The account does not exist or has already been deleted.'));
drupal_goto('admin/user/user');
}
$edit = $_POST['op'] ? $_POST : (array)$account;
if (arg(2) == 'delete') {
if (!empty($edit['confirm'])) {
user_delete($edit, $account->uid);
drupal_goto('admin/user/user');
}
else {
return drupal_get_form('user_confirm_delete', $account->name, $account->uid);
}
return drupal_get_form('user_confirm_delete', $account->name, $account->uid);
}
else if ($_POST['op'] == t('Delete')) {
if ($_REQUEST['destination']) {
......@@ -1449,13 +1444,20 @@ function user_edit($category = 'account') {
}
function user_confirm_delete($name, $uid) {
return confirm_form(array(),
$form['uid'] = array('#type' => 'value', '#value' => $uid);
return confirm_form($form,
t('Are you sure you want to delete the account %name?', array('%name' => $name)),
'user/'. $uid,
t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'),
t('Delete'), t('Cancel'));
}
function user_confirm_delete_submit($form_id, $form_values) {
$account = user_load(array('uid' => $form_values['uid']));
user_delete((array) $account, $form_values['uid']);
return 'admin/user/user';
}
/**
* Delete a user.
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment