Commit dff6422e authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 6.3

parent 727c5acc
// $Id$
Drupal 6.3-dev, xxxx-xx-xx (development version)
Drupal 6.3, 2008-07-09
----------------------
- fixed security issues, (Cross site scripting, cross site request forgery, session fixation and SQL injection), see SA-2008-044
- slightly modified installation process to prevent file ownership issues on shared hosts
- improved PostgreSQL compatibility (rewritten queries; custom blocks)
- upgraded to jQuery 1.2.6
- performance improvements to search, menu handling and form API caches
- fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+)
- fixed a variety of small bugs.
Drupal 6.2, 2008-04-09
----------------------
......@@ -113,6 +120,11 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
Drupal 5.8, 2008-07-09
----------------------
- fixed a variety of small bugs.
- fixed security issues, (Cross site scripting, cross site request forgery, and session fixation), see SA-2008-044
Drupal 5.7, 2008-01-28
----------------------
- fixed the input format configuration page.
......
......@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL)) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that
......
......@@ -210,6 +210,11 @@ function _db_query_callback($match, $init = FALSE) {
return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
case '%s':
return db_escape_string(array_shift($args));
case '%n':
// Numeric values have arbitrary precision, so can't be treated as float.
// is_numeric() allows hex values (0xFF), but they are not valid.
$value = trim(array_shift($args));
return is_numeric($value) && !preg_match('/x/i', $value) ? $value : '0';
case '%%':
return '%';
case '%f':
......@@ -238,7 +243,7 @@ function db_placeholders($arguments, $type = 'int') {
/**
* Indicates the place holders that should be replaced in _db_query_callback().
*/
define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/');
define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b|%n)/');
/**
* Helper function for db_rewrite_sql.
......@@ -551,16 +556,14 @@ function db_type_placeholder($type) {
case 'char':
case 'text':
case 'datetime':
return '\'%s\'';
return "'%s'";
case 'numeric':
// For 'numeric' values, we use '%s', not '\'%s\'' as with
// string types, because numeric values should not be enclosed
// in quotes in queries (though they can be, at least on mysql
// and pgsql). Numerics should only have [0-9.+-] and
// presumably no db's "escape string" function will mess with
// those characters.
return '%s';
// Numeric values are arbitrary precision numbers. Syntacically, numerics
// should be specified directly in SQL. However, without single quotes
// the %s placeholder does not protect against non-numeric characters such
// as spaces which would expose us to SQL injection.
return '%n';
case 'serial':
case 'int':
......
......@@ -868,16 +868,36 @@ function locale_translate_edit_form_submit($form, &$form_state) {
*/
/**
* Delete a language string.
* String deletion confirmation page.
*/
function locale_translate_delete($lid) {
db_query('DELETE FROM {locales_source} WHERE lid = %d', $lid);
db_query('DELETE FROM {locales_target} WHERE lid = %d', $lid);
function locale_translate_delete_page($lid) {
if ($source = db_fetch_object(db_query('SELECT * FROM {locales_source} WHERE lid = %d', $lid))) {
return drupal_get_form('locale_translate_delete_form', $source);
}
else {
return drupal_not_found();
}
}
/**
* User interface for the string deletion confirmation screen.
*/
function locale_translate_delete_form(&$form_state, $source) {
$form['lid'] = array('#type' => 'value', '#value' => $source->lid);
return confirm_form($form, t('Are you sure you want to delete the string "%source"?', array('%source' => $source->source)), 'admin/build/translate/search', t('Deleting the string will remove all translations of this string in all languages. This action cannot be undone.'), t('Delete'), t('Cancel'));
}
/**
* Process string deletion submissions.
*/
function locale_translate_delete_form_submit($form, &$form_state) {
db_query('DELETE FROM {locales_source} WHERE lid = %d', $form_state['values']['lid']);
db_query('DELETE FROM {locales_target} WHERE lid = %d', $form_state['values']['lid']);
// Force JavaScript translation file recreation for all languages.
_locale_invalidate_js();
cache_clear_all('locale:', 'cache', TRUE);
drupal_set_message(t('The string has been removed.'));
drupal_goto('admin/build/translate/search');
$form_state['redirect'] = 'admin/build/translate/search';
}
/**
* @} End of "locale-translate-delete"
......
......@@ -1114,7 +1114,7 @@ function theme_links($links, $attributes = array('class' => 'links')) {
if (isset($link['href']) && ($link['href'] == $_GET['q'] || ($link['href'] == '<front>' && drupal_is_front_page()))) {
$class .= ' active';
}
$output .= '<li class="'. $class .'">';
$output .= '<li'. drupal_attributes(array('class' => $class)) .'>';
if (isset($link['href'])) {
// Pass in $link as $options, they share the same keys.
......
......@@ -932,7 +932,7 @@ function _filter_autop($text) {
* for scripts and styles.
*/
function filter_xss_admin($string) {
return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
}
/**
......
......@@ -173,7 +173,7 @@ function locale_menu() {
$items['admin/build/translate/delete/%'] = array(
'title' => 'Delete string',
'page callback' => 'locale_inc_callback',
'page arguments' => array('locale_translate_delete', 4), // directly deletes, no confirmation
'page arguments' => array('locale_translate_delete_page', 4),
'access arguments' => array('translate interface'),
'type' => MENU_CALLBACK,
);
......
......@@ -28,8 +28,8 @@ function openid_menu() {
);
$items['user/%user/openid/delete'] = array(
'title' => 'Delete OpenID',
'page callback' => 'openid_user_delete',
'page arguments' => array(1),
'page callback' => 'drupal_get_form',
'page arguments' => array('openid_user_delete_form', 1),
'access callback' => 'user_edit_access',
'access arguments' => array(1),
'type' => MENU_CALLBACK,
......
......@@ -44,7 +44,7 @@ function openid_user_identities($account) {
$result = db_query("SELECT * FROM {authmap} WHERE module='openid' AND uid=%d", $account->uid);
while ($identity = db_fetch_object($result)) {
$rows[] = array($identity->authname, l(t('Delete'), 'user/'. $account->uid .'/openid/delete/'. $identity->aid));
$rows[] = array(check_plain($identity->authname), l(t('Delete'), 'user/'. $account->uid .'/openid/delete/'. $identity->aid));
}
$output = theme('table', $header, $rows);
......@@ -80,12 +80,33 @@ function openid_user_add_validate($form, &$form_state) {
}
/**
* Menu callback; Delete the specified OpenID identity from the system.
* Present a confirmation form to delete the specified OpenID identity from the system.
*
* @ingroup forms
* @see openid_user_delete_form_submit()
*/
function openid_user_delete($account, $aid = 0) {
db_query("DELETE FROM {authmap} WHERE uid=%d AND aid=%d AND module='openid'", $account->uid, $aid);
function openid_user_delete_form($form_state, $account, $aid = 0) {
$authname = db_result(db_query('SELECT authname FROM {authmap} WHERE uid = %d AND aid = %d', $account->uid, $aid));
$form = array();
$form['uid'] = array(
'#type' => 'value',
'#value' => $account->uid,
);
$form['aid'] = array(
'#type' => 'value',
'#value' => $aid,
);
return confirm_form($form, t('Are you sure you want to delete the OpenID %authname for %user?', array('%authname' => $authname, '%user' => $account->name)), 'user/'. $account->uid .'/openid');
}
function openid_user_delete_form_submit($form, &$form_state) {
db_query("DELETE FROM {authmap} WHERE uid = %d AND aid = %d AND module = 'openid'", $form_state['values']['uid'], $form_state['values']['aid']);
if (db_affected_rows()) {
drupal_set_message(t('OpenID deleted.'));
}
drupal_goto('user/'. $account->uid .'/openid');
$form_state['redirect'] = 'user/'. $form_state['values']['uid'] .'/openid';
}
......@@ -9,7 +9,7 @@
/**
* The current system version.
*/
define('VERSION', '6.3-dev');
define('VERSION', '6.3');
/**
* Core API compatibility.
......
......@@ -1359,8 +1359,10 @@ function user_authenticate_finalize(&$edit) {
// This is also used to invalidate one-time login links.
$user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
user_module_invoke('login', $edit, $user);
// Regenerate the session ID to prevent against session fixation attacks.
sess_regenerate();
user_module_invoke('login', $edit, $user);
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment