diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 5059cc1949f..131e172414f 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,6 +1,21 @@ -Drupal 7.1-dev, xxxx-xx-xx (development version) +Drupal 7.2, 2011-05-25 ---------------------- +- Added a default .gitignore file. +- Improved PostgreSQL and SQLite support. +- Numerous critical performance improvements. +- Numerous critical fixes to the upgrade path. +- Numerous fixes to language and translation systems. +- Numerous fixes to AJAX and #states systems. +- Improvements to the locking system. +- Numerous documentation fixes. +- Numerous styling and theme system fixes. +- Numerous fixes for schema mis-matches between Drupal 6 and 7. +- Minor internal API clean-ups. + +Drupal 7.1, 2011-05-25 +---------------------- +- Fixed security issues (Cross site scripting, File access bypass), see SA-CORE-2011-001. Drupal 7.0, 2011-01-05 ---------------------- @@ -221,6 +236,17 @@ Drupal 7.0, 2011-01-05 * Added a locking framework to coordinate long-running operations across requests. +Drupal 6.22, 2011-05-25 +----------------------- +- Made Drupal 6 work better with IIS and Internet Explorer. +- Fixed .po file imports to work better with custom textgroups. +- Improved code documentation at various places. +- Fixed a variety of other bugs. + +Drupal 6.21, 2011-05-25 +---------------------- +- Fixed security issues (Cross site scripting), see SA-CORE-2011-001. + Drupal 6.20, 2010-12-15 ---------------------- - Fixed a variety of small bugs, improved code documentation. diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index bbddde2a764..b70149cd30a 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.0-dev'); +define('VERSION', '7.2'); /** * Core API compatibility. diff --git a/modules/color/color.install b/modules/color/color.install index 5705ade3f8b..b0eb95ef6a5 100644 --- a/modules/color/color.install +++ b/modules/color/color.install @@ -40,3 +40,18 @@ function color_requirements($phase) { return $requirements; } + +/** + * Warn site administrator if unsafe CSS color codes are found in the database. + */ +function color_update_7001() { + $theme_palettes = db_query("SELECT name FROM {variable} WHERE name LIKE 'color_%_palette'")->fetchCol(); + foreach ($theme_palettes as $name) { + $palette = variable_get($name, array()); + foreach ($palette as $key => $color) { + if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) { + drupal_set_message('Some of the custom CSS color codes specified via the color module are invalid. Please examine the themes which are making use of the color module at the Appearance settings page to verify their CSS color values.', 'warning'); + } + } + } +} diff --git a/modules/color/color.module b/modules/color/color.module index ff6c70e6cb7..f3fafe7b7e6 100644 --- a/modules/color/color.module +++ b/modules/color/color.module @@ -42,6 +42,7 @@ function color_form_system_theme_settings_alter(&$form, &$form_state) { '#theme' => 'color_scheme_form', ); $form['color'] += color_scheme_form($form, $form_state, $theme); + $form['#validate'][] = 'color_scheme_form_validate'; $form['#submit'][] = 'color_scheme_form_submit'; } } @@ -270,6 +271,18 @@ function theme_color_scheme_form($variables) { return $output; } +/** + * Validation handler for color change form. + */ +function color_scheme_form_validate($form, &$form_state) { + // Only accept hexadecimal CSS color strings to avoid XSS upon use. + foreach ($form_state['values']['palette'] as $key => $color) { + if (!preg_match('/^#([a-f0-9]{3}){1,2}$/iD', $color)) { + form_set_error('palette][' . $key, t('%name must be a valid hexadecimal CSS color value.', array('%name' => $form['color']['palette'][$key]['#title']))); + } + } +} + /** * Submit handler for color change form. */ diff --git a/modules/file/file.module b/modules/file/file.module index 40027017864..3e452511961 100644 --- a/modules/file/file.module +++ b/modules/file/file.module @@ -976,7 +976,7 @@ function file_get_file_references($file, $field = NULL, $age = FIELD_LOAD_REVISI } } - return isset($field) ? $references[$field['field_name']] : $references; + return isset($field) ? $references[$field['field_name']] : array_filter($references); } /**