Commit b2440ed3 authored by merlinofchaos's avatar merlinofchaos

#765022: SA-CONTRIB-2010-036: Fix XSS and PHP vulnerabilities.

parent 0ea74a9f
CHANGELOG for Views for Drupal 5
Views 5.x-1.x
Views 5.x-1.7
-------------
#177494 by moshe weitzman: Added node author's e-mail as field.
#142347 by merlinofchaos: Fixed missing taxonomy terms in exposed filter.
......@@ -23,7 +23,7 @@ Views 5.x-1.x
#153714 by majsan: Added Swedish translation.
#286767 by FrederikVO: Updated Dutch translation.
by gaele, xeniox, ngommers, Lapino, Xano, sutharsan: Added Dutch translation.
#765022: SA-CONTRIB-2010-036: Fix XSS and PHP vulnerabilities.
Views 5.x-1.6
Bugs fixed:
......
......@@ -112,7 +112,7 @@ function views_ui_menu($may_cache) {
$items[] = array('path' => 'admin/build/views/import',
'title' => t('Import'),
'callback' => 'views_ui_admin_import_page',
'access' => user_access('administer views'),
'access' => user_access('administer views') && user_access('use PHP for block visibility'),
'type' => MENU_LOCAL_TASK);
$items[] = array('path' => 'admin/build/views/tools',
'title' => t('Tools'),
......@@ -136,9 +136,9 @@ function views_ui_menu($may_cache) {
'type' => MENU_CALLBACK);
}
else {
if (user_access('administer views') &&
arg(0) == 'admin' &&
arg(1) == 'build' &&
if (user_access('administer views') &&
arg(0) == 'admin' &&
arg(1) == 'build' &&
arg(2) == 'views') {
$view = views_load_view(arg(3));
if ($view) {
......@@ -230,14 +230,14 @@ function views_ui_admin_page() {
}
$items[] = array(
$view->name,
filter_xss_admin(views_get_title($view, 'admin')),
$view->description,
implode(', ', $provides),
$url,
$view->name,
filter_xss_admin(views_get_title($view, 'admin')),
$view->description,
implode(', ', $provides),
$url,
theme('links', array(
array('title' => t('Edit'), 'href' => "admin/build/views/$view->name/edit"),
array('title' => t('Export'), 'href' => "admin/build/views/$view->name/export"),
array('title' => t('Edit'), 'href' => "admin/build/views/$view->name/edit"),
array('title' => t('Export'), 'href' => "admin/build/views/$view->name/export"),
array('title' => t('Delete'), 'href' => "admin/build/views/delete/$view->vid"),
array('title' => t('Clone'), 'href' => "admin/build/views/$view->name/clone"),
))
......@@ -305,12 +305,12 @@ function views_ui_admin_page() {
}
$items[] = array(
$view->name,
$view->name,
filter_xss_admin(views_get_title($view, 'menu')),
$view->description,
implode(', ', $provides),
$url,
$status,
$view->description,
implode(', ', $provides),
$url,
$status,
theme('links', $links)
);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment