[Pkg-drupal-commits] r1984 - in /branches/drupal6: debian/changelog debian/patches/00list debian/patches/12_SA-2008-073.dpatch modules/filter/filter.module update.php
luigi at users.alioth.debian.org
luigi at users.alioth.debian.org
Thu Jan 8 19:55:49 UTC 2009
Author: luigi
Date: Thu Jan 8 19:55:48 2009
New Revision: 1984
URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=1984
Log:
Moved NMU changes to dpatch file
Added:
branches/drupal6/debian/patches/12_SA-2008-073.dpatch (with props)
Modified:
branches/drupal6/debian/changelog
branches/drupal6/debian/patches/00list
branches/drupal6/modules/filter/filter.module
branches/drupal6/update.php
Modified: branches/drupal6/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/debian/changelog?rev=1984&op=diff
==============================================================================
--- branches/drupal6/debian/changelog (original)
+++ branches/drupal6/debian/changelog Thu Jan 8 19:55:48 2009
@@ -1,6 +1,9 @@
drupal6 (6.6-2) UNRELEASED; urgency=low
* NOT RELEASED YET
+
+ * debian/patches/12_SA-2008-073
+ - Moved NMU changes to dpatch file
-- Luigi Gangitano <luigi at debian.org> Thu, 08 Jan 2009 20:49:51 +0100
Modified: branches/drupal6/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/debian/patches/00list?rev=1984&op=diff
==============================================================================
--- branches/drupal6/debian/patches/00list (original)
+++ branches/drupal6/debian/patches/00list Thu Jan 8 19:55:48 2009
@@ -1,1 +1,2 @@
10_cronjob
+12_SA-2008-073
Added: branches/drupal6/debian/patches/12_SA-2008-073.dpatch
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/debian/patches/12_SA-2008-073.dpatch?rev=1984&op=file
==============================================================================
--- branches/drupal6/debian/patches/12_SA-2008-073.dpatch (added)
+++ branches/drupal6/debian/patches/12_SA-2008-073.dpatch Thu Jan 8 19:55:48 2009
@@ -1,0 +1,87 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 12-SA-2008-073.dpatch by Luigi Gangitano <luigi at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Upstream patch fixing Cross Site Request forgery (SA-2008-073)
+
+ at DPATCH@
+diff -urNad drupal6~/modules/filter/filter.module drupal6/modules/filter/filter.module
+--- drupal6~/modules/filter/filter.module 2009-01-08 20:50:48.000000000 +0100
++++ drupal6/modules/filter/filter.module 2009-01-08 20:52:33.000000000 +0100
+@@ -375,13 +375,20 @@
+ static $filters = array();
+
+ if (!isset($filters[$format])) {
+- $filters[$format] = array();
+ $result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight, module, delta", $format);
+- while ($filter = db_fetch_object($result)) {
+- $list = module_invoke($filter->module, 'filter', 'list');
+- if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
+- $filter->name = $list[$filter->delta];
+- $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
++ if (db_affected_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) {
++ // The format has no filters and does not exist, use the default input
++ // format.
++ $filters[$format] = filter_list_format(variable_get('filter_default_format', 1));
++ }
++ else {
++ $filters[$format] = array();
++ while ($filter = db_fetch_object($result)) {
++ $list = module_invoke($filter->module, 'filter', 'list');
++ if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
++ $filter->name = $list[$filter->delta];
++ $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
++ }
+ }
+ }
+ }
+diff -urNad drupal6~/update.php drupal6/update.php
+--- drupal6~/update.php 2009-01-08 20:50:33.000000000 +0100
++++ drupal6/update.php 2009-01-08 20:52:17.000000000 +0100
+@@ -369,6 +369,7 @@
+
+ update_task_list('info');
+ drupal_set_title('Drupal database update');
++ $token = drupal_get_token('update');
+ $output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
+ $output .= "<ol>\n";
+ $output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
+@@ -377,7 +378,7 @@
+ $output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
+ $output .= "</ol>\n";
+ $output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
+- $output .= '<form method="post" action="update.php?op=selection"><input type="submit" value="Continue" /></form>';
++ $output .= '<form method="post" action="update.php?op=selection&token='. $token .'"><input type="submit" value="Continue" /></form>';
+ $output .= "\n";
+ return $output;
+ }
+@@ -627,17 +628,21 @@
+
+ $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
+ switch ($op) {
+- // update.php ops
+- case 'info':
+- $output = update_info_page();
+- break;
+-
+ case 'selection':
+- $output = update_selection_page();
+- break;
++ if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
++ $output = update_selection_page();
++ break;
++ }
+
+ case 'Update':
+- update_batch();
++ if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
++ update_batch();
++ break;
++ }
++
++ // update.php ops
++ case 'info':
++ $output = update_info_page();
+ break;
+
+ case 'results':
Propchange: branches/drupal6/debian/patches/12_SA-2008-073.dpatch
------------------------------------------------------------------------------
svn:mergeinfo =
Modified: branches/drupal6/modules/filter/filter.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/modules/filter/filter.module?rev=1984&op=diff
==============================================================================
--- branches/drupal6/modules/filter/filter.module (original)
+++ branches/drupal6/modules/filter/filter.module Thu Jan 8 19:55:48 2009
@@ -375,20 +375,13 @@
static $filters = array();
if (!isset($filters[$format])) {
+ $filters[$format] = array();
$result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight, module, delta", $format);
- if (db_affected_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) {
- // The format has no filters and does not exist, use the default input
- // format.
- $filters[$format] = filter_list_format(variable_get('filter_default_format', 1));
- }
- else {
- $filters[$format] = array();
- while ($filter = db_fetch_object($result)) {
- $list = module_invoke($filter->module, 'filter', 'list');
- if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
- $filter->name = $list[$filter->delta];
- $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
- }
+ while ($filter = db_fetch_object($result)) {
+ $list = module_invoke($filter->module, 'filter', 'list');
+ if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
+ $filter->name = $list[$filter->delta];
+ $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
}
}
}
Modified: branches/drupal6/update.php
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal6/update.php?rev=1984&op=diff
==============================================================================
--- branches/drupal6/update.php (original)
+++ branches/drupal6/update.php Thu Jan 8 19:55:48 2009
@@ -369,7 +369,6 @@
update_task_list('info');
drupal_set_title('Drupal database update');
- $token = drupal_get_token('update');
$output = '<p>Use this utility to update your database whenever a new release of Drupal or a module is installed.</p><p>For more detailed information, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
$output .= "<ol>\n";
$output .= "<li><strong>Back up your database</strong>. This process will change your database values and in case of emergency you may need to revert to a backup.</li>\n";
@@ -378,7 +377,7 @@
$output .= "<li>Install your new files in the appropriate location, as described in the handbook.</li>\n";
$output .= "</ol>\n";
$output .= "<p>When you have performed the steps above, you may proceed.</p>\n";
- $output .= '<form method="post" action="update.php?op=selection&token='. $token .'"><input type="submit" value="Continue" /></form>';
+ $output .= '<form method="post" action="update.php?op=selection"><input type="submit" value="Continue" /></form>';
$output .= "\n";
return $output;
}
@@ -628,21 +627,17 @@
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
switch ($op) {
- case 'selection':
- if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
- $output = update_selection_page();
- break;
- }
-
- case 'Update':
- if (isset($_GET['token']) && $_GET['token'] == drupal_get_token('update')) {
- update_batch();
- break;
- }
-
// update.php ops
case 'info':
$output = update_info_page();
+ break;
+
+ case 'selection':
+ $output = update_selection_page();
+ break;
+
+ case 'Update':
+ update_batch();
break;
case 'results':
More information about the Pkg-drupal-commits
mailing list