Commit b2440ed3 authored by merlinofchaos's avatar merlinofchaos

#765022: SA-CONTRIB-2010-036: Fix XSS and PHP vulnerabilities.

parent 0ea74a9f
CHANGELOG for Views for Drupal 5 CHANGELOG for Views for Drupal 5
Views 5.x-1.x Views 5.x-1.7
------------- -------------
#177494 by moshe weitzman: Added node author's e-mail as field. #177494 by moshe weitzman: Added node author's e-mail as field.
#142347 by merlinofchaos: Fixed missing taxonomy terms in exposed filter. #142347 by merlinofchaos: Fixed missing taxonomy terms in exposed filter.
...@@ -23,7 +23,7 @@ Views 5.x-1.x ...@@ -23,7 +23,7 @@ Views 5.x-1.x
#153714 by majsan: Added Swedish translation. #153714 by majsan: Added Swedish translation.
#286767 by FrederikVO: Updated Dutch translation. #286767 by FrederikVO: Updated Dutch translation.
by gaele, xeniox, ngommers, Lapino, Xano, sutharsan: Added Dutch translation. by gaele, xeniox, ngommers, Lapino, Xano, sutharsan: Added Dutch translation.
#765022: SA-CONTRIB-2010-036: Fix XSS and PHP vulnerabilities.
Views 5.x-1.6 Views 5.x-1.6
Bugs fixed: Bugs fixed:
......
...@@ -112,7 +112,7 @@ function views_ui_menu($may_cache) { ...@@ -112,7 +112,7 @@ function views_ui_menu($may_cache) {
$items[] = array('path' => 'admin/build/views/import', $items[] = array('path' => 'admin/build/views/import',
'title' => t('Import'), 'title' => t('Import'),
'callback' => 'views_ui_admin_import_page', 'callback' => 'views_ui_admin_import_page',
'access' => user_access('administer views'), 'access' => user_access('administer views') && user_access('use PHP for block visibility'),
'type' => MENU_LOCAL_TASK); 'type' => MENU_LOCAL_TASK);
$items[] = array('path' => 'admin/build/views/tools', $items[] = array('path' => 'admin/build/views/tools',
'title' => t('Tools'), 'title' => t('Tools'),
...@@ -136,9 +136,9 @@ function views_ui_menu($may_cache) { ...@@ -136,9 +136,9 @@ function views_ui_menu($may_cache) {
'type' => MENU_CALLBACK); 'type' => MENU_CALLBACK);
} }
else { else {
if (user_access('administer views') && if (user_access('administer views') &&
arg(0) == 'admin' && arg(0) == 'admin' &&
arg(1) == 'build' && arg(1) == 'build' &&
arg(2) == 'views') { arg(2) == 'views') {
$view = views_load_view(arg(3)); $view = views_load_view(arg(3));
if ($view) { if ($view) {
...@@ -230,14 +230,14 @@ function views_ui_admin_page() { ...@@ -230,14 +230,14 @@ function views_ui_admin_page() {
} }
$items[] = array( $items[] = array(
$view->name, $view->name,
filter_xss_admin(views_get_title($view, 'admin')), filter_xss_admin(views_get_title($view, 'admin')),
$view->description, $view->description,
implode(', ', $provides), implode(', ', $provides),
$url, $url,
theme('links', array( theme('links', array(
array('title' => t('Edit'), 'href' => "admin/build/views/$view->name/edit"), array('title' => t('Edit'), 'href' => "admin/build/views/$view->name/edit"),
array('title' => t('Export'), 'href' => "admin/build/views/$view->name/export"), array('title' => t('Export'), 'href' => "admin/build/views/$view->name/export"),
array('title' => t('Delete'), 'href' => "admin/build/views/delete/$view->vid"), array('title' => t('Delete'), 'href' => "admin/build/views/delete/$view->vid"),
array('title' => t('Clone'), 'href' => "admin/build/views/$view->name/clone"), array('title' => t('Clone'), 'href' => "admin/build/views/$view->name/clone"),
)) ))
...@@ -305,12 +305,12 @@ function views_ui_admin_page() { ...@@ -305,12 +305,12 @@ function views_ui_admin_page() {
} }
$items[] = array( $items[] = array(
$view->name, $view->name,
filter_xss_admin(views_get_title($view, 'menu')), filter_xss_admin(views_get_title($view, 'menu')),
$view->description, $view->description,
implode(', ', $provides), implode(', ', $provides),
$url, $url,
$status, $status,
theme('links', $links) theme('links', $links)
); );
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment