diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 30a33c3d617..72a6e18604a 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,12 @@ // $Id$ -Drupal 6.11-dev, xxxx-xx-xx (development release) +Drupal 6.11, 2009-04-29 ---------------------- +- Fixed security issues (Cross site scripting and limited information + disclosure), see SA-CORE-2009-005 +- Fixed performance issues with the menu router cache, the update + status cache and improved cache invalidation +- Fixed a variety of small bugs. Drupal 6.10, 2009-02-25 ---------------------- @@ -176,6 +181,16 @@ Drupal 6.0, 2008-02-13 - Removed old system updates. Updates from Drupal versions prior to 5.x will require upgrading to 5.x before upgrading to 6.x. +Drupal 5.17, 2009-04-29 +----------------------- +- Fixed security issues (Cross site scripting and limited information disclosure) see SA-CORE-2009-005. +- Fixed a variety of small bugs. + +Drupal 5.16, 2009-02-25 +----------------------- +- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004. +- Fixed a variety of small bugs. + Drupal 5.15, 2009-01-14 ---------------------- - Fixed security issues, (Hardening against SQL injection), see SA-CORE-2009-001 diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 49aa63e0a42..f2f61a4c274 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -791,6 +791,8 @@ function request_uri() { $uri = $_SERVER['SCRIPT_NAME']; } } + // Prevent multiple slashes to avoid cross site requests via the FAPI. + $uri = '/'. ltrim($uri, '/'); return $uri; } diff --git a/includes/common.inc b/includes/common.inc index 211887504a8..ed8ebabcf38 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -151,6 +151,15 @@ function drupal_get_headers() { return drupal_set_header(); } +/** + * Make any final alterations to the rendered xhtml. + */ +function drupal_final_markup($content) { + // Make sure that the charset is always specified as the first element of the + // head region to prevent encoding-based attacks. + return preg_replace('/]*>/i', "\$0\n", $content, 1); +} + /** * Add a feed URL for the current page. * @@ -577,7 +586,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) { return; } - if ($errno & (E_ALL)) { + if ($errno & (E_ALL ^ E_NOTICE)) { $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error'); // For database errors, we want the line number/file name of the place that diff --git a/includes/theme.inc b/includes/theme.inc index ebcbade81fa..cfa4ad366f0 100644 --- a/includes/theme.inc +++ b/includes/theme.inc @@ -687,6 +687,10 @@ function theme() { } // restore path_to_theme() $theme_path = $temp; + // Add final markup to the full page. + if ($hook == 'page') { + $output = drupal_final_markup($output); + } return $output; } diff --git a/modules/system/maintenance-page.tpl.php b/modules/system/maintenance-page.tpl.php index e29f2cb10c2..4e4e4092c1f 100644 --- a/modules/system/maintenance-page.tpl.php +++ b/modules/system/maintenance-page.tpl.php @@ -19,8 +19,8 @@ - <?php print $head_title; ?> + <?php print $head_title; ?> diff --git a/modules/system/page.tpl.php b/modules/system/page.tpl.php index 95a53db4478..d4cfe92e4a2 100644 --- a/modules/system/page.tpl.php +++ b/modules/system/page.tpl.php @@ -80,8 +80,8 @@ - <?php print $head_title; ?> + <?php print $head_title; ?> diff --git a/modules/system/system.module b/modules/system/system.module index 721976c9f95..0bc059bb0e8 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -9,7 +9,7 @@ /** * The current system version. */ -define('VERSION', '6.11-dev'); +define('VERSION', '6.11'); /** * Core API compatibility. diff --git a/themes/bluemarine/page.tpl.php b/themes/bluemarine/page.tpl.php index b83111aa18c..cd324f94240 100644 --- a/themes/bluemarine/page.tpl.php +++ b/themes/bluemarine/page.tpl.php @@ -4,8 +4,8 @@ - <?php print $head_title ?> + <?php print $head_title ?> diff --git a/themes/chameleon/chameleon.theme b/themes/chameleon/chameleon.theme index 8f3a519047e..d10b12758aa 100644 --- a/themes/chameleon/chameleon.theme +++ b/themes/chameleon/chameleon.theme @@ -30,8 +30,8 @@ function chameleon_page($content, $show_blocks = TRUE, $show_messages = TRUE) { $output = "\n"; $output .= "\n"; $output .= "\n"; - $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n"; $output .= drupal_get_html_head(); + $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n"; $output .= drupal_get_css(); $output .= drupal_get_js(); $output .= ""; diff --git a/themes/garland/maintenance-page.tpl.php b/themes/garland/maintenance-page.tpl.php index e3d1b9d667e..1a422cde818 100644 --- a/themes/garland/maintenance-page.tpl.php +++ b/themes/garland/maintenance-page.tpl.php @@ -15,8 +15,8 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - <?php print $head_title ?> + <?php print $head_title ?>