Commit dff6422e authored by Gábor Hojtsy's avatar Gábor Hojtsy

Drupal 6.3

parent 727c5acc
// $Id$ // $Id$
Drupal 6.3-dev, xxxx-xx-xx (development version) Drupal 6.3, 2008-07-09
---------------------- ----------------------
- fixed security issues, (Cross site scripting, cross site request forgery, session fixation and SQL injection), see SA-2008-044
- slightly modified installation process to prevent file ownership issues on shared hosts
- improved PostgreSQL compatibility (rewritten queries; custom blocks)
- upgraded to jQuery 1.2.6
- performance improvements to search, menu handling and form API caches
- fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+)
- fixed a variety of small bugs.
Drupal 6.2, 2008-04-09 Drupal 6.2, 2008-04-09
---------------------- ----------------------
...@@ -113,6 +120,11 @@ Drupal 6.0, 2008-02-13 ...@@ -113,6 +120,11 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will - Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x. require upgrading to 5.x before upgrading to 6.x.
Drupal 5.8, 2008-07-09
----------------------
- fixed a variety of small bugs.
- fixed security issues, (Cross site scripting, cross site request forgery, and session fixation), see SA-2008-044
Drupal 5.7, 2008-01-28 Drupal 5.7, 2008-01-28
---------------------- ----------------------
- fixed the input format configuration page. - fixed the input format configuration page.
......
...@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { ...@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return; return;
} }
if ($errno & (E_ALL)) { if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that // For database errors, we want the line number/file name of the place that
......
...@@ -210,6 +210,11 @@ function _db_query_callback($match, $init = FALSE) { ...@@ -210,6 +210,11 @@ function _db_query_callback($match, $init = FALSE) {
return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
case '%s': case '%s':
return db_escape_string(array_shift($args)); return db_escape_string(array_shift($args));
case '%n':
// Numeric values have arbitrary precision, so can't be treated as float.
// is_numeric() allows hex values (0xFF), but they are not valid.
$value = trim(array_shift($args));
return is_numeric($value) && !preg_match('/x/i', $value) ? $value : '0';
case '%%': case '%%':
return '%'; return '%';
case '%f': case '%f':
...@@ -238,7 +243,7 @@ function db_placeholders($arguments, $type = 'int') { ...@@ -238,7 +243,7 @@ function db_placeholders($arguments, $type = 'int') {
/** /**
* Indicates the place holders that should be replaced in _db_query_callback(). * Indicates the place holders that should be replaced in _db_query_callback().
*/ */
define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/'); define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b|%n)/');
/** /**
* Helper function for db_rewrite_sql. * Helper function for db_rewrite_sql.
...@@ -551,16 +556,14 @@ function db_type_placeholder($type) { ...@@ -551,16 +556,14 @@ function db_type_placeholder($type) {
case 'char': case 'char':
case 'text': case 'text':
case 'datetime': case 'datetime':
return '\'%s\''; return "'%s'";
case 'numeric': case 'numeric':
// For 'numeric' values, we use '%s', not '\'%s\'' as with // Numeric values are arbitrary precision numbers. Syntacically, numerics
// string types, because numeric values should not be enclosed // should be specified directly in SQL. However, without single quotes
// in quotes in queries (though they can be, at least on mysql // the %s placeholder does not protect against non-numeric characters such
// and pgsql). Numerics should only have [0-9.+-] and // as spaces which would expose us to SQL injection.
// presumably no db's "escape string" function will mess with return '%n';
// those characters.
return '%s';
case 'serial': case 'serial':
case 'int': case 'int':
......
...@@ -868,16 +868,36 @@ function locale_translate_edit_form_submit($form, &$form_state) { ...@@ -868,16 +868,36 @@ function locale_translate_edit_form_submit($form, &$form_state) {
*/ */
/** /**
* Delete a language string. * String deletion confirmation page.
*/ */
function locale_translate_delete($lid) { function locale_translate_delete_page($lid) {
db_query('DELETE FROM {locales_source} WHERE lid = %d', $lid); if ($source = db_fetch_object(db_query('SELECT * FROM {locales_source} WHERE lid = %d', $lid))) {
db_query('DELETE FROM {locales_target} WHERE lid = %d', $lid); return drupal_get_form('locale_translate_delete_form', $source);
}
else {
return drupal_not_found();
}
}
/**
* User interface for the string deletion confirmation screen.
*/
function locale_translate_delete_form(&$form_state, $source) {
$form['lid'] = array('#type' => 'value', '#value' => $source->lid);
return confirm_form($form, t('Are you sure you want to delete the string "%source"?', array('%source' => $source->source)), 'admin/build/translate/search', t('Deleting the string will remove all translations of this string in all languages. This action cannot be undone.'), t('Delete'), t('Cancel'));
}
/**
* Process string deletion submissions.
*/
function locale_translate_delete_form_submit($form, &$form_state) {
db_query('DELETE FROM {locales_source} WHERE lid = %d', $form_state['values']['lid']);
db_query('DELETE FROM {locales_target} WHERE lid = %d', $form_state['values']['lid']);
// Force JavaScript translation file recreation for all languages. // Force JavaScript translation file recreation for all languages.
_locale_invalidate_js(); _locale_invalidate_js();
cache_clear_all('locale:', 'cache', TRUE); cache_clear_all('locale:', 'cache', TRUE);
drupal_set_message(t('The string has been removed.')); drupal_set_message(t('The string has been removed.'));
drupal_goto('admin/build/translate/search'); $form_state['redirect'] = 'admin/build/translate/search';
} }
/** /**
* @} End of "locale-translate-delete" * @} End of "locale-translate-delete"
......
...@@ -1114,7 +1114,7 @@ function theme_links($links, $attributes = array('class' => 'links')) { ...@@ -1114,7 +1114,7 @@ function theme_links($links, $attributes = array('class' => 'links')) {
if (isset($link['href']) && ($link['href'] == $_GET['q'] || ($link['href'] == '<front>' && drupal_is_front_page()))) { if (isset($link['href']) && ($link['href'] == $_GET['q'] || ($link['href'] == '<front>' && drupal_is_front_page()))) {
$class .= ' active'; $class .= ' active';
} }
$output .= '<li class="'. $class .'">'; $output .= '<li'. drupal_attributes(array('class' => $class)) .'>';
if (isset($link['href'])) { if (isset($link['href'])) {
// Pass in $link as $options, they share the same keys. // Pass in $link as $options, they share the same keys.
......
...@@ -932,7 +932,7 @@ function _filter_autop($text) { ...@@ -932,7 +932,7 @@ function _filter_autop($text) {
* for scripts and styles. * for scripts and styles.
*/ */
function filter_xss_admin($string) { function filter_xss_admin($string) {
return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')); return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
} }
/** /**
......
...@@ -173,7 +173,7 @@ function locale_menu() { ...@@ -173,7 +173,7 @@ function locale_menu() {
$items['admin/build/translate/delete/%'] = array( $items['admin/build/translate/delete/%'] = array(
'title' => 'Delete string', 'title' => 'Delete string',
'page callback' => 'locale_inc_callback', 'page callback' => 'locale_inc_callback',
'page arguments' => array('locale_translate_delete', 4), // directly deletes, no confirmation 'page arguments' => array('locale_translate_delete_page', 4),
'access arguments' => array('translate interface'), 'access arguments' => array('translate interface'),
'type' => MENU_CALLBACK, 'type' => MENU_CALLBACK,
); );
......
...@@ -28,8 +28,8 @@ function openid_menu() { ...@@ -28,8 +28,8 @@ function openid_menu() {
); );
$items['user/%user/openid/delete'] = array( $items['user/%user/openid/delete'] = array(
'title' => 'Delete OpenID', 'title' => 'Delete OpenID',
'page callback' => 'openid_user_delete', 'page callback' => 'drupal_get_form',
'page arguments' => array(1), 'page arguments' => array('openid_user_delete_form', 1),
'access callback' => 'user_edit_access', 'access callback' => 'user_edit_access',
'access arguments' => array(1), 'access arguments' => array(1),
'type' => MENU_CALLBACK, 'type' => MENU_CALLBACK,
......
...@@ -44,7 +44,7 @@ function openid_user_identities($account) { ...@@ -44,7 +44,7 @@ function openid_user_identities($account) {
$result = db_query("SELECT * FROM {authmap} WHERE module='openid' AND uid=%d", $account->uid); $result = db_query("SELECT * FROM {authmap} WHERE module='openid' AND uid=%d", $account->uid);
while ($identity = db_fetch_object($result)) { while ($identity = db_fetch_object($result)) {
$rows[] = array($identity->authname, l(t('Delete'), 'user/'. $account->uid .'/openid/delete/'. $identity->aid)); $rows[] = array(check_plain($identity->authname), l(t('Delete'), 'user/'. $account->uid .'/openid/delete/'. $identity->aid));
} }
$output = theme('table', $header, $rows); $output = theme('table', $header, $rows);
...@@ -80,12 +80,33 @@ function openid_user_add_validate($form, &$form_state) { ...@@ -80,12 +80,33 @@ function openid_user_add_validate($form, &$form_state) {
} }
/** /**
* Menu callback; Delete the specified OpenID identity from the system. * Present a confirmation form to delete the specified OpenID identity from the system.
*
* @ingroup forms
* @see openid_user_delete_form_submit()
*/ */
function openid_user_delete($account, $aid = 0) { function openid_user_delete_form($form_state, $account, $aid = 0) {
db_query("DELETE FROM {authmap} WHERE uid=%d AND aid=%d AND module='openid'", $account->uid, $aid); $authname = db_result(db_query('SELECT authname FROM {authmap} WHERE uid = %d AND aid = %d', $account->uid, $aid));
$form = array();
$form['uid'] = array(
'#type' => 'value',
'#value' => $account->uid,
);
$form['aid'] = array(
'#type' => 'value',
'#value' => $aid,
);
return confirm_form($form, t('Are you sure you want to delete the OpenID %authname for %user?', array('%authname' => $authname, '%user' => $account->name)), 'user/'. $account->uid .'/openid');
}
function openid_user_delete_form_submit($form, &$form_state) {
db_query("DELETE FROM {authmap} WHERE uid = %d AND aid = %d AND module = 'openid'", $form_state['values']['uid'], $form_state['values']['aid']);
if (db_affected_rows()) { if (db_affected_rows()) {
drupal_set_message(t('OpenID deleted.')); drupal_set_message(t('OpenID deleted.'));
} }
drupal_goto('user/'. $account->uid .'/openid'); $form_state['redirect'] = 'user/'. $form_state['values']['uid'] .'/openid';
} }
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
/** /**
* The current system version. * The current system version.
*/ */
define('VERSION', '6.3-dev'); define('VERSION', '6.3');
/** /**
* Core API compatibility. * Core API compatibility.
......
...@@ -1359,8 +1359,10 @@ function user_authenticate_finalize(&$edit) { ...@@ -1359,8 +1359,10 @@ function user_authenticate_finalize(&$edit) {
// This is also used to invalidate one-time login links. // This is also used to invalidate one-time login links.
$user->login = time(); $user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid); db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
user_module_invoke('login', $edit, $user);
// Regenerate the session ID to prevent against session fixation attacks.
sess_regenerate(); sess_regenerate();
user_module_invoke('login', $edit, $user);
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment