[Pkg-drupal-commits] r1981 - in /branches/drupal6: debian/changelog modules/filter/filter.module update.php

luigi at users.alioth.debian.org luigi at users.alioth.debian.org
Thu Jan 8 19:49:18 UTC 2009 

Author: luigi
Date: Thu Jan  8 19:49:18 2009
New Revision: 1981

URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=1981
Log:
Merge changes from Patrick's NMU

Modified:
    branches/drupal6/debian/changelog
    branches/drupal6/modules/filter/filter.module
    branches/drupal6/update.php

Modified: branches/drupal6/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/debian/changelog?rev=1981&op=diff
==============================================================================
--- branches/drupal6/debian/changelog (original)
+++ branches/drupal6/debian/changelog Thu Jan  8 19:49:18 2009
@@ -1,3 +1,15 @@
+drupal6 (6.6-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Urgency high because this fixes a security issue
+  * Include upstream patch for SA-2008-073, to fix a security issue:
+    The update system is vulnerable to Cross site request forgeries. Malicious
+    users may cause the superuser (user 1) to execute old updates that may
+    damage the database.
+    (Closes: #508473)
+
+ -- Patrick Schoenfeld <schoenfeld at debian.org>  Fri, 12 Dec 2008 09:30:28 +0100
+
 drupal6 (6.6-1) unstable; urgency=high
 
   [ Luigi Gangitano ]  

Modified: branches/drupal6/modules/filter/filter.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/modules/filter/filter.module?rev=1981&op=diff
==============================================================================
--- branches/drupal6/modules/filter/filter.module (original)
+++ branches/drupal6/modules/filter/filter.module Thu Jan  8 19:49:18 2009
@@ -375,13 +375,20 @@
   static $filters = array();
 
   if (!isset($filters[$format])) {
-    $filters[$format] = array();
     $result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight, module, delta", $format);
-    while ($filter = db_fetch_object($result)) {
-      $list = module_invoke($filter->module, 'filter', 'list');
-      if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
-        $filter->name = $list[$filter->delta];
-        $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+    if (db_affected_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) {
+      // The format has no filters and does not exist, use the default input
+      // format.
+      $filters[$format] = filter_list_format(variable_get('filter_default_format', 1));
+    }
+    else {
+      $filters[$format] = array();
+      while ($filter = db_fetch_object($result)) {
+        $list = module_invoke($filter->module, 'filter', 'list');
+        if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
+          $filter->name = $list[$filter->delta];
+          $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+        }
       }
     }
   }

Modified: branches/drupal6/update.php
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/update.php?rev=1981&op=diff
==============================================================================
--- branches/drupal6/update.php (original)
+++ branches/drupal6/update.php Thu Jan  8 19:49:18 2009
@@ -369,6 +369,7 @@
 
   update_task_list('info');
   drupal_set_title('Drupal database update');
+  $token = drupal_get_token('update');
   $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
   $output .= "<ol>\n";
   $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
@@ -377,7 +378,7 @@
   $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
   $output .= "</ol>\n";
   $output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
-  $output .= '<form method="post" action="update.php?op=selection"><input type="submit" value="Continue" /></form>';
+  $output .= '<form method="post" action="update.php?op=selection&token='. $token .'"><input type="submit" value="Continue" /></form>';
   $output .= "\n";
   return $output;
 }
@@ -627,17 +628,21 @@
 
   $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
   switch ($op) {
+    case 'selection':
+      if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
+        $output = update_selection_page();
+        break;
+      }
+
+    case 'Update':
+      if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
+        update_batch();
+        break;
+      }
+
     // update.php ops
     case 'info':
       $output = update_info_page();
-      break;
-
-    case 'selection':
-      $output = update_selection_page();
-      break;
-
-    case 'Update':
-      update_batch();
       break;
 
     case 'results':

More information about the Pkg-drupal-commits mailing list