Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #31 from acquia/SA-CONTRIB-2011-052

  • Loading branch information...
commit 5110e96fe80547a8d060f6449c606a6419be949f 2 parents eb61523 + 3ccb629
@ezra-g ezra-g authored
View
54 COMMONS_RELEASE_NOTES.txt
@@ -3,6 +3,60 @@ Track Commons development on GitHub!
- https://github.com/acquia/commons/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Commons 2.3, 2011-11-03
+
+Users are strongly encouraged to apply this security update.
+
+Fixed issues
+
+Commons 2.3 includes a patched version of the Views module that addresses the
+following security issue: http://drupal.org/node/1329898 .
+
+IMPORTANT: If you're upgrading to Commons 2.3 from a previous version of
+Commons, be sure to use the upgrade process for your currently installed
+version of Commons.
+
+Upgrading from Commons 2.2
+
+To upgrade your server to Commons 2.3 from Commons 2.2, complete the following steps:
+
+1) Back up your code (everything in your Drupal root directory) and your database.
+2) Open a web browser, and then log in to your site as the main administrator account.
+3) Place the site in "Off-line" mode. To change the mode, complete the following steps:
+4) In your web browser, open http://[example]/admin/settings/site-maintenance, where [example] is the URL of your Commons server.
+5) Select the Off-line option.
+6) Click Save configuration.
+7) Extract the new Commons tarball and copy the contents into your document root.
+8) Allow your visitors to access your web site by returning your site to "Online" mode:
+9) In your web browser, open http://[example]/admin/settings/site-maintenance.
+10) Select the Online option.
+11) Click Save configuration.
+
+Upgrading from Commons 2.0
+
+To upgrade your server to Commons 2.3 from Commons 2.0, complete the following steps:
+
+1) Back up your code (everything in your Drupal root directory) and your database.
+2) Open a web browser, and then log in to your site as the main administrator account.
+3) Place the site in "Off-line" mode. This allows database updates to run without interruption,
+4) and without displaying errors to visitors of your site. To change the mode, complete the following steps:
+5) In your web browser, open http://[example]/admin/settings/site-maintenance, where [example] is the URL of your Commons server.
+6) Select the Off-line option.
+7) Click Save configuration.
+8) Extract the new Commons tarball and copy the contents into your document root.
+9) In your web browser, open http://[example]/update.php.
+10) Follow the prompts to "Update" your server.
+11) In your web browser, open http://[example]/admin/settings/performance.
+12) Click Clear cached data.
+13) Allow your visitors to access your web site by returning your site to "Online" mode:
+14) In your web browser, open http://[example]/admin/settings/site-maintenance.
+15) Select the Online option.
+16) Click Save configuration.
+
+Upgrading from Commons 1.7
+
+To upgrade your server to Commons 2.3 from Commons 1.7, see the instructions in Upgrading to Commons 2.x from version 1.7: http://network.acquia.com/documentation/commons/upgrade.
+
Commons 2.2, 2011-10-05
Commons 2.2 includes an updated version of the OG_Features and Homebox modules that address critical security issues:
View
2  profiles/drupal_commons/modules/PATCHES.txt
@@ -105,3 +105,5 @@ Fix: http://drupal.org/node/571234#comment-3122678
Issue: http://drupal.org/node/228510
Fix: http://drupal.org/node/228510#comment-3426202
+Issue: http://drupal.org/node/1329898
+Fix: http://drupalcode.org/project/views.git/commitdiff/ff9727e?hp=42fe4029ca7d7410f15933032a17e979bb0957c4
View
4 profiles/drupal_commons/modules/contrib/views/includes/handlers.inc
@@ -1376,7 +1376,7 @@ class views_join {
// And now deal with the value and the operator. Set $q to
// a single-quote for non-numeric values and the
// empty-string for numeric values, then wrap all values in $q.
- $raw_value = $this->db_safe($info['value']);
+ $raw_value = $this->db_safe($info['value'], $info);
$q = (empty($info['numeric']) ? "'" : '');
if (is_array($raw_value)) {
@@ -1418,7 +1418,7 @@ class views_join {
* so something that needs floats in their joins needs to do their
* own type checking.
*/
- function db_safe($input) {
+ function db_safe($input, $info) {
if (is_array($input)) {
$output = array();
foreach ($input as $value) {
View
9 profiles/drupal_commons/modules/contrib/views/views.info
@@ -2,11 +2,4 @@
name = Views
description = Create customized lists and queries from your database.
package = Views
-core = 6.x
-
-; Information added by drupal.org packaging script on 2010-12-15
-version = "6.x-2.12"
-core = "6.x"
-project = "views"
-datestamp = "1292446272"
-
+core = 6.x
Please sign in to comment.
Something went wrong with that request. Please try again.