[Pkg-drupal-commits] r1996 - in /branches/drupal-5.0: ./ debian/ includes/ modules/aggregator/ modules/block/ modules/blog/ modules/blogapi/ modules/book/ modules/color/ modules/comment/ modules/contact/ modules/drupal/ modules/filter/ modules/forum/ modules/help/ modules/legacy/ modules/locale/ modules/menu/ modules/node/ modules/path/ modules/ping/ modules/poll/ modules/profile/ modules/search/ modules/statistics/ modules/system/ modules/taxonomy/ modules/throttle/ modules/tracker/ modules/upload/ modules/user/ modules/watchdog/
luigi at users.alioth.debian.org
luigi at users.alioth.debian.org
Fri Jan 16 00:43:35 UTC 2009
Author: luigi
Date: Fri Jan 16 00:43:34 2009
New Revision: 1996
URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=1996
Log:
New upstream release
Modified:
branches/drupal-5.0/CHANGELOG.txt
branches/drupal-5.0/LICENSE.txt
branches/drupal-5.0/debian/changelog
branches/drupal-5.0/includes/bootstrap.inc
branches/drupal-5.0/includes/common.inc
branches/drupal-5.0/includes/form.inc
branches/drupal-5.0/modules/aggregator/aggregator.info
branches/drupal-5.0/modules/block/block.info
branches/drupal-5.0/modules/block/block.module
branches/drupal-5.0/modules/blog/blog.info
branches/drupal-5.0/modules/blogapi/blogapi.info
branches/drupal-5.0/modules/book/book.info
branches/drupal-5.0/modules/color/color.info
branches/drupal-5.0/modules/color/color.module
branches/drupal-5.0/modules/comment/comment.info
branches/drupal-5.0/modules/contact/contact.info
branches/drupal-5.0/modules/drupal/drupal.info
branches/drupal-5.0/modules/filter/filter.info
branches/drupal-5.0/modules/filter/filter.module
branches/drupal-5.0/modules/forum/forum.info
branches/drupal-5.0/modules/help/help.info
branches/drupal-5.0/modules/legacy/legacy.info
branches/drupal-5.0/modules/locale/locale.info
branches/drupal-5.0/modules/menu/menu.info
branches/drupal-5.0/modules/node/node.info
branches/drupal-5.0/modules/node/node.module
branches/drupal-5.0/modules/path/path.info
branches/drupal-5.0/modules/path/path.module
branches/drupal-5.0/modules/ping/ping.info
branches/drupal-5.0/modules/poll/poll.info
branches/drupal-5.0/modules/profile/profile.info
branches/drupal-5.0/modules/profile/profile.module
branches/drupal-5.0/modules/search/search.info
branches/drupal-5.0/modules/statistics/statistics.info
branches/drupal-5.0/modules/system/system.info
branches/drupal-5.0/modules/system/system.module
branches/drupal-5.0/modules/taxonomy/taxonomy.info
branches/drupal-5.0/modules/throttle/throttle.info
branches/drupal-5.0/modules/tracker/tracker.info
branches/drupal-5.0/modules/upload/upload.info
branches/drupal-5.0/modules/user/user.info
branches/drupal-5.0/modules/watchdog/watchdog.info
Modified: branches/drupal-5.0/CHANGELOG.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/CHANGELOG.txt?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/CHANGELOG.txt (original)
+++ branches/drupal-5.0/CHANGELOG.txt Fri Jan 16 00:43:34 2009
@@ -1,4 +1,13 @@
-// $Id: CHANGELOG.txt,v 1.173.2.33 2008/12/11 17:37:27 drumm Exp $
+// $Id: CHANGELOG.txt,v 1.173.2.35 2009/01/14 23:32:14 drumm Exp $
+
+Drupal 5.15, 2009-01-14
+-----------------------
+- Fixed security issues, (Hardening against SQL injection), see
+ SA-CORE-2009-001
+- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell
+ scripts.
+- Fixed a variety of small bugs.
+
Drupal 5.14, 2008-12-11
-----------------------
Modified: branches/drupal-5.0/LICENSE.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/LICENSE.txt?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/LICENSE.txt (original)
+++ branches/drupal-5.0/LICENSE.txt Fri Jan 16 00:43:34 2009
@@ -1,14 +1,13 @@
-// $Id: LICENSE.txt,v 1.5 2006/07/09 11:33:06 dries Exp $
-
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+// $Id: LICENSE.txt,v 1.5.2.1 2009/01/14 05:56:37 drumm Exp $
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
- Preamble
+ Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
@@ -58,7 +57,7 @@
The precise terms and conditions for copying, distribution and
modification follow.
- GNU GENERAL PUBLIC LICENSE
+ GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
@@ -257,7 +256,7 @@
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
- NO WARRANTY
+ NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
@@ -279,9 +278,9 @@
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
- END OF TERMS AND CONDITIONS
-
- How to Apply These Terms to Your New Programs
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
@@ -305,10 +304,9 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
Modified: branches/drupal-5.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/debian/changelog?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/debian/changelog (original)
+++ branches/drupal-5.0/debian/changelog Fri Jan 16 00:43:34 2009
@@ -1,3 +1,12 @@
+drupal5 (5.15-1) UNRELEASED; urgency=low
+
+ * (NOT RELEASED YET)
+
+ * New upstream release
+ - Fixes an SQL injection vulnerability (Ref: SA-CORE-2009-001, CVE-TBD)
+
+ -- Luigi Gangitano <luigi at debian.org> Fri, 16 Jan 2009 01:41:25 +0100
+
drupal5 (5.14-1) unstable; urgency=low
* New upstream release (Closes: #508472)
Modified: branches/drupal-5.0/includes/bootstrap.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/bootstrap.inc?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/includes/bootstrap.inc (original)
+++ branches/drupal-5.0/includes/bootstrap.inc Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: bootstrap.inc,v 1.145.2.12 2008/12/10 18:16:03 drumm Exp $
+// $Id: bootstrap.inc,v 1.145.2.13 2009/01/14 19:12:27 drumm Exp $
/**
* @file
@@ -230,7 +230,7 @@
}
/**
- * Validate that $_SERVER['HTTP_HOST'] is safe.
+ * Validate that a hostname (for example $_SERVER['HTTP_HOST']) is safe.
*
* As $_SERVER['HTTP_HOST'] is user input, ensure it only contains characters
* allowed in hostnames. See RFC 952 (and RFC 2181). $_SERVER['HTTP_HOST'] is
@@ -239,9 +239,8 @@
* @return
* TRUE if only containing valid characters, or FALSE otherwise.
*/
-function drupal_valid_http_host() {
- $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
- return preg_match('/^\[?(?:[a-z0-9-:\]_]+\.?)+$/', $_SERVER['HTTP_HOST']);
+function drupal_valid_http_host($host) {
+ return preg_match('/^\[?(?:[a-z0-9-:\]_]+\.?)+$/', $host);
}
/**
@@ -255,10 +254,21 @@
global $db_url, $db_prefix, $cookie_domain, $conf, $installed_profile;
$conf = array();
- if (!drupal_valid_http_host()) {
- // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
- header('HTTP/1.1 400 Bad Request');
- exit;
+ if (isset($_SERVER['HTTP_HOST'])) {
+ // As HTTP_HOST is user input, ensure it only contains characters allowed
+ // in hostnames. See RFC 952 (and RFC 2181).
+ // $_SERVER['HTTP_HOST'] is lowercased here per specifications.
+ $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
+ if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
+ // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
+ header('HTTP/1.1 400 Bad Request');
+ exit;
+ }
+ }
+ else {
+ // Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is
+ // defined for E_ALL compliance.
+ $_SERVER['HTTP_HOST'] = '';
}
include_once './'. conf_path() .'/settings.php';
Modified: branches/drupal-5.0/includes/common.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/common.inc?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/includes/common.inc (original)
+++ branches/drupal-5.0/includes/common.inc Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: common.inc,v 1.611.2.20 2008/07/09 19:34:30 drumm Exp $
+// $Id: common.inc,v 1.611.2.21 2008/12/25 20:37:07 drumm Exp $
/**
* @file
@@ -642,8 +642,8 @@
/**
* Translate strings to the current locale.
*
- * All human-readable text that will be displayed somewhere within a page should be
- * run through the t() function.
+ * Human-readable text that will be displayed somewhere within a page should
+ * be run through the t() function.
*
* Examples:
* @code
@@ -679,27 +679,27 @@
* $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", NULL, NULL, TRUE)));
* @endcode
*
- * - @variable, which indicates that the text should be run through check_plain,
- * to strip out HTML characters. Use this for any output that's displayed within
- * a Drupal page.
+ * - @variable, which indicates that the text should be run through
+ * check_plain, to escape HTML characters. Use this for any output that's
+ * displayed within a Drupal page.
* @code
* drupal_set_title($title = t("@name's blog", array('@name' => $account->name)));
* @endcode
*
- * - %variable, which indicates that the string should be highlighted with
- * theme_placeholder() which shows up by default as <em>emphasized</em>.
+ * - %variable, which indicates that the string should be HTML escaped and
+ * highlighted with theme_placeholder() which shows up by default as
+ * <em>emphasized</em>.
* @code
- * watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)));
+ * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name));
* @endcode
*
* When using t(), try to put entire sentences and strings in one t() call.
* This makes it easier for translators, as it provides context as to what
- * each word refers to. HTML markup within translation strings is allowed,
- * but should be avoided if possible. The exception is embedded links; link
- * titles add additional context for translators so should be kept in the main
- * string.
- *
- * Here is an example of an incorrect use if t():
+ * each word refers to. HTML markup within translation strings is allowed, but
+ * should be avoided if possible. The exception are embedded links; link
+ * titles add a context for translators, so should be kept in the main string.
+ *
+ * Here is an example of incorrect usage of t():
* @code
* $output .= t('<p>Go to the @contact-page.</p>', array('@contact-page' => l(t('contact page'), 'contact')));
* @endcode
@@ -709,7 +709,7 @@
* $output .= '<p>'. t('Go to the <a href="@contact-page">contact page</a>.', array('@contact-page' => url('contact'))) .'</p>';
* @endcode
*
- * Also avoid escaping quotation marks wherever possible.
+ * Avoid escaping quotation marks wherever possible.
*
* Incorrect:
* @code
@@ -720,6 +720,101 @@
* @code
* $output .= t("Don't click me.");
* @endcode
+ *
+ * Because t() is designed for handling code-based strings, in almost all
+ * cases, the actual string and not a variable must be passed through t().
+ *
+ * Extraction of translations is done based on the strings contained in t()
+ * calls. If a variable is passed through t(), the content of the variable
+ * cannot be extracted from the file for translation.
+ *
+ * Incorrect:
+ * @code
+ * $message = 'An error occurred.';
+ * drupal_set_message(t($message), 'error');
+ * $output .= t($message);
+ * @endcode
+ *
+ * Correct:
+ * @code
+ * $message = t('An error occurred.');
+ * drupal_set_message($message, 'error');
+ * $output .= $message;
+ * @endcode
+ *
+ * The only case in which variables can be passed safely through t() is when
+ * code-based versions of the same strings will be passed through t() (or
+ * otherwise extracted) elsewhere.
+ *
+ * In some cases, modules may include strings in code that can't use t()
+ * calls. For example, a module may use an external PHP application that
+ * produces strings that are loaded into variables in Drupal for output.
+ * In these cases, module authors may include a dummy file that passes the
+ * relevant strings through t(). This approach will allow the strings to be
+ * extracted.
+ *
+ * Sample external (non-Drupal) code:
+ * @code
+ * class Time {
+ * public $yesterday = 'Yesterday';
+ * public $today = 'Today';
+ * public $tomorrow = 'Tomorrow';
+ * }
+ * @endcode
+ *
+ * Sample dummy file.
+ * @code
+ * // Dummy function included in example.potx.inc.
+ * function example_potx() {
+ * $strings = array(
+ * t('Yesterday'),
+ * t('Today'),
+ * t('Tomorrow'),
+ * );
+ * // No return value needed, since this is a dummy function.
+ * }
+ * @endcode
+ *
+ * Having passed strings through t() in a dummy function, it is then
+ * okay to pass variables through t().
+ *
+ * Correct (if a dummy file was used):
+ * @code
+ * $time = new Time();
+ * $output .= t($time->today);
+ * @endcode
+ *
+ * However tempting it is, custom data from user input or other non-code
+ * sources should not be passed through t(). Doing so leads to the following
+ * problems and errors:
+ * - The t() system doesn't support updates to existing strings. When user
+ * data is updated, the next time it's passed through t() a new record is
+ * created instead of an update. The database bloats over time and any
+ * existing translations are orphaned with each update.
+ * - The t() system assumes any data it receives is in English. User data may
+ * be in another language, producing translation errors.
+ * - The "Built-in interface" text group in the locale system is used to
+ * produce translations for storage in .po files. When non-code strings are
+ * passed through t(), they are added to this text group, which is rendered
+ * inaccurate since it is a mix of actual interface strings and various user
+ * input strings of uncertain origin.
+ *
+ * Incorrect:
+ * @code
+ * $item = item_load();
+ * $output .= check_plain(t($item['title']));
+ * @endcode
+ *
+ * Instead, translation of these data can be done through the locale system,
+ * either directly or through helper functions provided by contributed
+ * modules.
+ * @see hook_locale()
+ *
+ * During installation, st() is used in place of t(). Code that may be called
+ * during installation or during normal operation should use the get_t()
+ * helper function.
+ * @see st()
+ * @see get_t()
*
* @param $string
* A string containing the English string to translate.
Modified: branches/drupal-5.0/includes/form.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/form.inc?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/includes/form.inc (original)
+++ branches/drupal-5.0/includes/form.inc Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: form.inc,v 1.174.2.15 2008/09/15 06:03:17 drumm Exp $
+// $Id: form.inc,v 1.174.2.16 2008/12/21 02:38:53 drumm Exp $
/**
* @defgroup form Form generation
@@ -1107,7 +1107,7 @@
return theme('form_element', $element, $element['#children']);
}
-/*
+/**
* Expand a password_confirm field into two text boxes.
*/
function expand_password_confirm($element) {
Modified: branches/drupal-5.0/modules/aggregator/aggregator.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/aggregator/aggregator.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/aggregator/aggregator.info (original)
+++ branches/drupal-5.0/modules/aggregator/aggregator.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/block/block.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/block/block.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/block/block.info (original)
+++ branches/drupal-5.0/modules/block/block.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - required
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/block/block.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/block/block.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/block/block.module (original)
+++ branches/drupal-5.0/modules/block/block.module Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: block.module,v 1.246.2.10 2008/07/16 19:09:39 drumm Exp $
+// $Id: block.module,v 1.246.2.11 2009/01/14 05:43:04 drumm Exp $
/**
* @file
@@ -535,7 +535,7 @@
*/
function block_box_delete_submit($form_id, $form_values) {
db_query('DELETE FROM {boxes} WHERE bid = %d', $form_values['bid']);
- db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = %d", $form_values['bid']);
+ db_query("DELETE FROM {blocks} WHERE module = 'block' AND delta = '%s'", $form_values['bid']);
drupal_set_message(t('The block %name has been removed.', array('%name' => $form_values['info'])));
cache_clear_all();
return 'admin/build/block';
Modified: branches/drupal-5.0/modules/blog/blog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/blog/blog.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/blog/blog.info (original)
+++ branches/drupal-5.0/modules/blog/blog.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/blogapi/blogapi.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/blogapi/blogapi.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/blogapi/blogapi.info (original)
+++ branches/drupal-5.0/modules/blogapi/blogapi.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/book/book.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/book/book.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/book/book.info (original)
+++ branches/drupal-5.0/modules/book/book.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/color/color.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/color/color.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/color/color.info (original)
+++ branches/drupal-5.0/modules/color/color.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/color/color.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/color/color.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/color/color.module (original)
+++ branches/drupal-5.0/modules/color/color.module Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: color.module,v 1.13.2.5 2008/02/11 06:53:01 drumm Exp $
+// $Id: color.module,v 1.13.2.6 2008/12/21 02:56:30 drumm Exp $
/**
* Implementation of hook_help
@@ -18,17 +18,23 @@
*/
function color_form_alter($form_id, &$form) {
// Insert the color changer into the theme settings page.
- // TODO: Last condition in the following if disables color changer when private files are used this should be solved in a different way. See issue #92059.
- if ($form_id == 'system_theme_settings' && color_get_info(arg(4)) && function_exists('gd_info') && variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) == FILE_DOWNLOADS_PUBLIC) {
- $form['color'] = array(
- '#type' => 'fieldset',
- '#title' => t('Color scheme'),
- '#weight' => -1,
- '#attributes' => array('id' => 'color_scheme_form'),
- '#theme' => 'color_scheme_form',
- );
- $form['color'] += color_scheme_form(arg(4));
- $form['#submit']['color_scheme_form_submit'] = array();
+ if ($form_id == 'system_theme_settings' && color_get_info(arg(4)) && function_exists('gd_info')) {
+ if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) != FILE_DOWNLOADS_PUBLIC) {
+ // Disables the color changer when the private download method is used.
+ // TODO: This should be solved in a different way. See issue #181003.
+ drupal_set_message(t('The color picker only works if the <a href="@url">download method</a> is set to public.', array('@url' => url('admin/settings/file-system'))));
+ }
+ else {
+ $form['color'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Color scheme'),
+ '#weight' => -1,
+ '#attributes' => array('id' => 'color_scheme_form'),
+ '#theme' => 'color_scheme_form',
+ );
+ $form['color'] += color_scheme_form(arg(4));
+ $form['#submit']['color_scheme_form_submit'] = array();
+ }
}
// Use the generated screenshot in the theme list
Modified: branches/drupal-5.0/modules/comment/comment.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/comment/comment.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/comment/comment.info (original)
+++ branches/drupal-5.0/modules/comment/comment.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/contact/contact.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/contact/contact.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/contact/contact.info (original)
+++ branches/drupal-5.0/modules/contact/contact.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/drupal/drupal.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/drupal/drupal.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/drupal/drupal.info (original)
+++ branches/drupal-5.0/modules/drupal/drupal.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/filter/filter.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/filter/filter.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/filter/filter.info (original)
+++ branches/drupal-5.0/modules/filter/filter.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - required
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/filter/filter.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/filter/filter.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/filter/filter.module (original)
+++ branches/drupal-5.0/modules/filter/filter.module Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: filter.module,v 1.160.2.11 2008/12/10 22:21:27 drumm Exp $
+// $Id: filter.module,v 1.160.2.12 2008/12/21 02:47:24 drumm Exp $
/**
* @file
@@ -947,13 +947,12 @@
$output .= '<strong>'. $name .'</strong>:<br />';
}
- $tips = '';
- foreach ($tiplist as $tip) {
- $tips .= '<li'. ($long ? ' id="filter-'. str_replace("/", "-", $tip['id']) .'">' : '>') . $tip['tip'] . '</li>';
- }
-
- if ($tips) {
- $output .= "<ul class=\"tips\">$tips</ul>";
+ if (count($tiplist) > 0) {
+ $output .= '<ul class="tips">';
+ foreach ($tiplist as $tip) {
+ $output .= '<li'. ($long ? ' id="filter-'. str_replace("/", "-", $tip['id']) .'">' : '>') . $tip['tip'] .'</li>';
+ }
+ $output .= '</ul>';
}
if ($multiple) {
Modified: branches/drupal-5.0/modules/forum/forum.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/forum/forum.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/forum/forum.info (original)
+++ branches/drupal-5.0/modules/forum/forum.info Fri Jan 16 00:43:34 2009
@@ -5,8 +5,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/help/help.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/help/help.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/help/help.info (original)
+++ branches/drupal-5.0/modules/help/help.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/legacy/legacy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/legacy/legacy.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/legacy/legacy.info (original)
+++ branches/drupal-5.0/modules/legacy/legacy.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/locale/locale.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/locale/locale.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/locale/locale.info (original)
+++ branches/drupal-5.0/modules/locale/locale.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/menu/menu.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/menu/menu.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/menu/menu.info (original)
+++ branches/drupal-5.0/modules/menu/menu.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/node/node.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/node/node.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/node/node.info (original)
+++ branches/drupal-5.0/modules/node/node.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - required
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/node/node.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/node/node.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/node/node.module (original)
+++ branches/drupal-5.0/modules/node/node.module Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: node.module,v 1.776.2.31 2008/10/08 20:10:26 drumm Exp $
+// $Id: node.module,v 1.776.2.33 2009/01/14 23:32:14 drumm Exp $
/**
* @file
@@ -1960,7 +1960,7 @@
$channel_defaults = array(
'version' => '2.0',
- 'title' => variable_get('site_name', 'Drupal') .' - '. variable_get('site_slogan', ''),
+ 'title' => variable_get('site_name', 'Drupal') . (variable_get('site_slogan', '') ? ' - '. variable_get('site_slogan', '') : ''),
'link' => $base_url,
'description' => variable_get('site_mission', ''),
'language' => $locale
@@ -2753,6 +2753,11 @@
function node_access($op, $node = NULL) {
global $user;
+ if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+ // If there was no node to check against, or the $op was not one of the
+ // supported ones, we return access denied.
+ return FALSE;
+ }
// Convert the node to an object if necessary:
if ($op != 'create') {
$node = (object)$node;
Modified: branches/drupal-5.0/modules/path/path.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/path/path.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/path/path.info (original)
+++ branches/drupal-5.0/modules/path/path.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/path/path.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/path/path.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/path/path.module (original)
+++ branches/drupal-5.0/modules/path/path.module Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: path.module,v 1.105.2.2 2008/02/11 05:11:58 drumm Exp $
+// $Id: path.module,v 1.105.2.3 2009/01/14 05:59:09 drumm Exp $
/**
* @file
@@ -179,7 +179,7 @@
'#type' => 'textfield',
'#title' => t('Existing system path'),
'#default_value' => $edit['src'],
- '#maxlength' => 64,
+ '#maxlength' => 128,
'#size' => 45,
'#description' => t('Specify the existing path you wish to alias. For example: node/28, forum/1, taxonomy/term/1+2.'),
'#field_prefix' => url(NULL, NULL, NULL, TRUE) . (variable_get('clean_url', 0) ? '' : '?q=')
@@ -187,7 +187,7 @@
$form['dst'] = array(
'#type' => 'textfield',
'#default_value' => $edit['dst'],
- '#maxlength' => 64,
+ '#maxlength' => 128,
'#size' => 45,
'#description' => t('Specify an alternative path by which this data can be accessed. For example, type "about" when writing an about page. Use a relative path and don\'t add a trailing slash or the URL alias won\'t work.'),
'#field_prefix' => url(NULL, NULL, NULL, TRUE) . (variable_get('clean_url', 0) ? '' : '?q=')
@@ -269,7 +269,7 @@
$form['path']['path'] = array(
'#type' => 'textfield',
'#default_value' => $path,
- '#maxlength' => 250,
+ '#maxlength' => 128,
'#collapsible' => TRUE,
'#collapsed' => TRUE,
'#description' => t('Optionally specify an alternative URL by which this node can be accessed. For example, type "about" when writing an about page. Use a relative path and don\'t add a trailing slash or the URL alias won\'t work.'),
Modified: branches/drupal-5.0/modules/ping/ping.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/ping/ping.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/ping/ping.info (original)
+++ branches/drupal-5.0/modules/ping/ping.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/poll/poll.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/poll/poll.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/poll/poll.info (original)
+++ branches/drupal-5.0/modules/poll/poll.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/profile/profile.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/profile/profile.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/profile/profile.info (original)
+++ branches/drupal-5.0/modules/profile/profile.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/profile/profile.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/profile/profile.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/profile/profile.module (original)
+++ branches/drupal-5.0/modules/profile/profile.module Fri Jan 16 00:43:34 2009
@@ -1,5 +1,5 @@
<?php
-// $Id: profile.module,v 1.189.2.10 2008/11/15 02:43:55 drumm Exp $
+// $Id: profile.module,v 1.189.2.11 2009/01/14 05:38:52 drumm Exp $
/**
* @file
@@ -678,7 +678,7 @@
break;
case 'selection':
$options = $field->required ? array() : array('--');
- $lines = split("[,\n\r]", $field->options);
+ $lines = split("[\n\r]", $field->options);
foreach ($lines as $line) {
if ($line = trim($line)) {
$options[$line] = $line;
Modified: branches/drupal-5.0/modules/search/search.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/search/search.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/search/search.info (original)
+++ branches/drupal-5.0/modules/search/search.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/statistics/statistics.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/statistics/statistics.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/statistics/statistics.info (original)
+++ branches/drupal-5.0/modules/statistics/statistics.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/system/system.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/system/system.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/system/system.info (original)
+++ branches/drupal-5.0/modules/system/system.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - required
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/system/system.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/system/system.module?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/system/system.module (original)
+++ branches/drupal-5.0/modules/system/system.module Fri Jan 16 00:43:34 2009
@@ -1,12 +1,12 @@
<?php
-// $Id: system.module,v 1.440.2.44 2008/12/11 17:37:27 drumm Exp $
+// $Id: system.module,v 1.440.2.46 2009/01/14 23:32:15 drumm Exp $
/**
* @file
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.14');
+define('VERSION', '5.15');
/**
* Implementation of hook_help().
Modified: branches/drupal-5.0/modules/taxonomy/taxonomy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/taxonomy/taxonomy.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/taxonomy/taxonomy.info (original)
+++ branches/drupal-5.0/modules/taxonomy/taxonomy.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/throttle/throttle.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/throttle/throttle.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/throttle/throttle.info (original)
+++ branches/drupal-5.0/modules/throttle/throttle.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/tracker/tracker.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/tracker/tracker.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/tracker/tracker.info (original)
+++ branches/drupal-5.0/modules/tracker/tracker.info Fri Jan 16 00:43:34 2009
@@ -5,8 +5,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/upload/upload.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/upload/upload.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/upload/upload.info (original)
+++ branches/drupal-5.0/modules/upload/upload.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - optional
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/user/user.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/user/user.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/user/user.info (original)
+++ branches/drupal-5.0/modules/user/user.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - required
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
Modified: branches/drupal-5.0/modules/watchdog/watchdog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/watchdog/watchdog.info?rev=1996&op=diff
==============================================================================
--- branches/drupal-5.0/modules/watchdog/watchdog.info (original)
+++ branches/drupal-5.0/modules/watchdog/watchdog.info Fri Jan 16 00:43:34 2009
@@ -4,8 +4,8 @@
package = Core - required
version = VERSION
-; Information added by drupal.org packaging script on 2008-12-11
-version = "5.14"
+; Information added by drupal.org packaging script on 2009-01-14
+version = "5.15"
project = "drupal"
-datestamp = "1229017817"
+datestamp = "1231976415"
More information about the Pkg-drupal-commits
mailing list