Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Drupal 6.11

6.x 6.11
Gábor Hojtsy 2009-04-30 00:13:31 +00:00
parent a8f2b31b4d
commit 8135c33f6f
12 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
CHANGELOG.txt
View File

@ -1,7 +1,12 @@
// $Id$
Drupal 6.11-dev, xxxx-xx-xx (development release)
Drupal 6.11, 2009-04-29
----------------------
- Fixed security issues (Cross site scripting and limited information
disclosure), see SA-CORE-2009-005
- Fixed performance issues with the menu router cache, the update
status cache and improved cache invalidation
- Fixed a variety of small bugs.
Drupal 6.10, 2009-02-25
----------------------
@ -176,6 +181,16 @@ Drupal 6.0, 2008-02-13
- Removed old system updates. Updates from Drupal versions prior to 5.x will
require upgrading to 5.x before upgrading to 6.x.
Drupal 5.17, 2009-04-29
-----------------------
- Fixed security issues (Cross site scripting and limited information disclosure) see SA-CORE-2009-005.
- Fixed a variety of small bugs.
Drupal 5.16, 2009-02-25
-----------------------
- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004.
- Fixed a variety of small bugs.
Drupal 5.15, 2009-01-14
----------------------
- Fixed security issues, (Hardening against SQL injection), see SA-CORE-2009-001

2
includes/bootstrap.inc
View File

@ -791,6 +791,8 @@ function request_uri() {
$uri = $_SERVER['SCRIPT_NAME'];
}
}
// Prevent multiple slashes to avoid cross site requests via the FAPI.
$uri = '/'. ltrim($uri, '/');
return $uri;
}

11
includes/common.inc
View File

@ -151,6 +151,15 @@ function drupal_get_headers() {
return drupal_set_header();
}
/**
* Make any final alterations to the rendered xhtml.
*/
function drupal_final_markup($content) {
// Make sure that the charset is always specified as the first element of the
// head region to prevent encoding-based attacks.
return preg_replace('/<head[^>]*>/i', "\$0\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />", $content, 1);
}
/**
* Add a feed URL for the current page.
*
@ -577,7 +586,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
return;
}
if ($errno & (E_ALL)) {
if ($errno & (E_ALL ^ E_NOTICE)) {
$types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
// For database errors, we want the line number/file name of the place that

4
includes/theme.inc
View File

@ -687,6 +687,10 @@ function theme() {
}
// restore path_to_theme()
$theme_path = $temp;
// Add final markup to the full page.
if ($hook == 'page') {
$output = drupal_final_markup($output);
}
return $output;
}

2
modules/system/maintenance-page.tpl.php
View File

@ -19,8 +19,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title; ?></title>
<?php print $head; ?>
<title><?php print $head_title; ?></title>
<?php print $styles; ?>
<?php print $scripts; ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyled Content in IE */ ?> </script>

2
modules/system/page.tpl.php
View File

@ -80,8 +80,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title; ?></title>
<?php print $head; ?>
<title><?php print $head_title; ?></title>
<?php print $styles; ?>
<?php print $scripts; ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyled Content in IE */ ?> </script>

2
modules/system/system.module
View File

@ -9,7 +9,7 @@
/**
* The current system version.
*/
define('VERSION', '6.11-dev');
define('VERSION', '6.11');
/**
* Core API compatibility.

2
themes/bluemarine/page.tpl.php
View File

@ -4,8 +4,8 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language->language ?>" xml:lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<script type="text/javascript"><?php /* Needed to avoid Flash of Unstyle Content in IE */ ?> </script>

2
themes/chameleon/chameleon.theme
View File

@ -30,8 +30,8 @@ function chameleon_page($content, $show_blocks = TRUE, $show_messages = TRUE) {
$output = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
$output .= "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"$language\" xml:lang=\"$language\" dir=\"$direction\">\n";
$output .= "<head>\n";
$output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
$output .= drupal_get_html_head();
$output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
$output .= drupal_get_css();
$output .= drupal_get_js();
$output .= "</head>";

2
themes/garland/maintenance-page.tpl.php
View File

@ -15,8 +15,8 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<!--[if lt IE 7]>

2
themes/garland/page.tpl.php
View File

@ -4,8 +4,8 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
<!--[if lt IE 7]>

2
themes/pushbutton/page.tpl.php
View File

@ -3,9 +3,9 @@
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language->language ?>" xml:lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>">
<head>
<title><?php print $head_title ?></title>
<meta http-equiv="Content-Style-Type" content="text/css" />
<?php print $head ?>
<title><?php print $head_title ?></title>
<?php print $styles ?>
<?php print $scripts ?>
</head>