Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Drupal 5.3

5.x 5.3
Neil Drumm 2007-10-17 21:29:00 +00:00
parent 892a627cf5
commit 8506de8190
7 changed files with 44 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGELOG.txt
View File

@ -1,7 +1,13 @@
// $Id$ // $Id$
Drupal 5.3, xxxx-xx-xx Drupal 5.3, 2007-10-17
---------------------- ----------------------
- fixed a variety of small bugs.
- fixed a security issue (HTTP response splitting), see SA-2007-024
- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
- fixed a security issue (User deletion cross site request forgery), see SA-2007-029
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
Drupal 5.2, 2007-07-26 Drupal 5.2, 2007-07-26
---------------------- ----------------------
@ -92,6 +98,12 @@ Drupal 5.0, 2007-01-15
* added nested lists generation. * added nested lists generation.
* added a self-clearing block class. * added a self-clearing block class.
Drupal 4.7.8, 2007-10-17
------------------------
- fixed a security issue (HTTP response splitting), see SA-2007-024
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
Drupal 4.7.7, 2007-07-26 Drupal 4.7.7, 2007-07-26
------------------------ ------------------------
- fixed security issue (XSS), see SA-2007-018 - fixed security issue (XSS), see SA-2007-018

9
includes/common.inc
View File

@ -267,11 +267,8 @@ function drupal_get_destination() {
* 'user login'-block in a sidebar. The function drupal_get_destination() * 'user login'-block in a sidebar. The function drupal_get_destination()
* can be used to help set the destination URL. * can be used to help set the destination URL.
* *
* It is advised to use drupal_goto() instead of PHP's header(), because * Drupal will ensure that messages set by drupal_set_message() and other
* drupal_goto() will append the user's session ID to the URI when PHP is * session data are written to the database before the user is redirected.
* compiled with "--enable-trans-sid". In addition, Drupal will ensure that
* messages set by drupal_set_message() and other session data are written to
* the database before the user is redirected.
* *
* This function ends the request; use it rather than a print theme('page') * This function ends the request; use it rather than a print theme('page')
* statement in your menu callback. * statement in your menu callback.
@ -304,6 +301,8 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response
} }
$url = url($path, $query, $fragment, TRUE); $url = url($path, $query, $fragment, TRUE);
// Remove newlines from the URL to avoid header injection attacks.
$url = str_replace(array("\n", "\r"), '', $url);
// Before the redirect, allow modules to react to the end of the page request. // Before the redirect, allow modules to react to the end of the page request.
module_invoke_all('exit', $url); module_invoke_all('exit', $url);

6
install.php
View File

@ -166,6 +166,10 @@ function install_change_settings($profile = 'default', $install_locale = '') {
if ($db_url == 'mysql://username:password@localhost/databasename') { if ($db_url == 'mysql://username:password@localhost/databasename') {
$db_user = $db_pass = $db_path = ''; $db_user = $db_pass = $db_path = '';
} }
elseif (!empty($db_url)) {
// Do not install over a configured settings.php.
install_already_done_error();
}
$output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path); $output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path);
drupal_set_title(st('Database configuration')); drupal_set_title(st('Database configuration'));
print theme('install_page', $output); print theme('install_page', $output);
@ -506,7 +510,7 @@ function install_already_done_error() {
drupal_maintenance_theme(); drupal_maintenance_theme();
drupal_set_title(st('Drupal already installed')); drupal_set_title(st('Drupal already installed'));
print theme('install_page', st('<ul><li>To start over, you must empty your existing database.</li><li>To install to a different database, edit the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</li><li>To upgrade an existing installation, proceed to the <a href="@base-url/update.php">update script</a>.</li></ul>', array('@base-url' => $base_url))); print theme('install_page', st('<ul><li>To start over, you must empty your existing database and replace the appropriate <em>settings.php</em> with an unmodified copy.</li><li>To install to a different database, edit the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</li><li>To upgrade an existing installation, proceed to the <a href="@base-url/update.php">update script</a>.</li></ul>', array('@base-url' => $base_url)));
exit; exit;
} }

6
modules/comment/comment.module
View File

@ -723,7 +723,7 @@ function comment_save($edit) {
} }
// Add the comment to database. // Add the comment to database.
$status = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED; $edit['status'] = user_access('post comments without approval') ? COMMENT_PUBLISHED : COMMENT_NOT_PUBLISHED;
$roles = variable_get('comment_roles', array()); $roles = variable_get('comment_roles', array());
$score = 0; $score = 0;
@ -784,7 +784,7 @@ function comment_save($edit) {
$edit['name'] = $user->name; $edit['name'] = $user->name;
} }
db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $status, $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']); db_query("INSERT INTO {comments} (cid, nid, pid, uid, subject, comment, format, hostname, timestamp, status, score, users, thread, name, mail, homepage) VALUES (%d, %d, %d, %d, '%s', '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s')", $edit['cid'], $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], $_SERVER['REMOTE_ADDR'], $edit['timestamp'], $edit['status'], $score, $users, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
_comment_update_node_statistics($edit['nid']); _comment_update_node_statistics($edit['nid']);
@ -800,7 +800,7 @@ function comment_save($edit) {
// Explain the approval queue if necessary, and then // Explain the approval queue if necessary, and then
// redirect the user to the node he's commenting on. // redirect the user to the node he's commenting on.
if ($status == COMMENT_NOT_PUBLISHED) { if ($edit['status'] == COMMENT_NOT_PUBLISHED) {
drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.')); drupal_set_message(t('Your comment has been queued for moderation by site administrators and will be published after approval.'));
} }
return $edit['cid']; return $edit['cid'];

12
modules/system/system.module
View File

@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site. * Configuration system that lets administrators modify the workings of the site.
*/ */
define('VERSION', '5.3 dev'); define('VERSION', '5.3');
/** /**
* Implementation of hook_help(). * Implementation of hook_help().
@ -2116,12 +2116,12 @@ function system_node_type($op, $info) {
* Output a confirmation form * Output a confirmation form
* *
* This function returns a complete form for confirming an action. A link is * This function returns a complete form for confirming an action. A link is
* offered to go back to the item that is being changed in case the user changes * offered to go back to the item that is being changed in case the user
* his/her mind. * changes his/her mind.
* *
* You can check for the existence of $_POST[$name] (where $name * If the submit handler for this form is invoked, the user successfully
* is usually 'confirm') to check if the confirmation was successful or * confirmed the action. You should never directly inspect $_POST to see if an
* use the regular submit model. * action was confirmed.
* *
* @param $form * @param $form
* Additional elements to inject into the form, for example hidden elements. * Additional elements to inject into the form, for example hidden elements.

6
modules/upload/upload.module
View File

@ -158,7 +158,7 @@ function upload_admin_settings_validate($form_id, $form_values) {
* Menu callback for the upload settings form. * Menu callback for the upload settings form.
*/ */
function upload_admin_settings() { function upload_admin_settings() {
$upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp'); $upload_extensions_default = variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp');
$upload_uploadsize_default = variable_get('upload_uploadsize_default', 1); $upload_uploadsize_default = variable_get('upload_uploadsize_default', 1);
$upload_usersize_default = variable_get('upload_usersize_default', 1); $upload_usersize_default = variable_get('upload_usersize_default', 1);
@ -421,7 +421,7 @@ function _upload_validate(&$node) {
$total_usersize = upload_space_used($user->uid) + $filesize; $total_usersize = upload_space_used($user->uid) + $filesize;
$error = array(); $error = array();
foreach ($user->roles as $rid => $name) { foreach ($user->roles as $rid => $name) {
$extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp')); $extensions = variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
$uploadsize = variable_get("upload_uploadsize_$rid", variable_get('upload_uploadsize_default', 1)) * 1024 * 1024; $uploadsize = variable_get("upload_uploadsize_$rid", variable_get('upload_uploadsize_default', 1)) * 1024 * 1024;
$usersize = variable_get("upload_usersize_$rid", variable_get('upload_usersize_default', 1)) * 1024 * 1024; $usersize = variable_get("upload_usersize_$rid", variable_get('upload_usersize_default', 1)) * 1024 * 1024;
@ -641,7 +641,7 @@ function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
if (!isset($extensions)) { if (!isset($extensions)) {
$extensions = ''; $extensions = '';
foreach ($user->roles as $rid => $name) { foreach ($user->roles as $rid => $name) {
$extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt html doc xls pdf ppt pps odt ods odp')); $extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
} }
} }

18
modules/user/user.module
View File

@ -1415,16 +1415,11 @@ function user_edit($category = 'account') {
drupal_set_message(t('The account does not exist or has already been deleted.')); drupal_set_message(t('The account does not exist or has already been deleted.'));
drupal_goto('admin/user/user'); drupal_goto('admin/user/user');
} }
$edit = $_POST['op'] ? $_POST : (array)$account; $edit = $_POST['op'] ? $_POST : (array)$account;
if (arg(2) == 'delete') { if (arg(2) == 'delete') {
if (!empty($edit['confirm'])) { return drupal_get_form('user_confirm_delete', $account->name, $account->uid);
user_delete($edit, $account->uid);
drupal_goto('admin/user/user');
}
else {
return drupal_get_form('user_confirm_delete', $account->name, $account->uid);
}
} }
else if ($_POST['op'] == t('Delete')) { else if ($_POST['op'] == t('Delete')) {
if ($_REQUEST['destination']) { if ($_REQUEST['destination']) {
@ -1449,13 +1444,20 @@ function user_edit($category = 'account') {
} }
function user_confirm_delete($name, $uid) { function user_confirm_delete($name, $uid) {
return confirm_form(array(), $form['uid'] = array('#type' => 'value', '#value' => $uid);
return confirm_form($form,
t('Are you sure you want to delete the account %name?', array('%name' => $name)), t('Are you sure you want to delete the account %name?', array('%name' => $name)),
'user/'. $uid, 'user/'. $uid,
t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'), t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'),
t('Delete'), t('Cancel')); t('Delete'), t('Cancel'));
} }
function user_confirm_delete_submit($form_id, $form_values) {
$account = user_load(array('uid' => $form_values['uid']));
user_delete((array) $account, $form_values['uid']);
return 'admin/user/user';
}
/** /**
* Delete a user. * Delete a user.
* *