From d2e3d172c1c67e6ab22fcb323ed1ad786d4976e0 Mon Sep 17 00:00:00 2001
From: goba <goba>
Date: Wed, 27 Feb 2008 19:44:44 +0000
Subject: [PATCH] Drupal 6.1; including #227608 (SA-2008-18)

---
 CHANGELOG.txt                | 9 +++++----
 includes/common.inc          | 4 ++--
 misc/drupal.js               | 5 +++--
 modules/node/node.pages.inc  | 4 ++--
 modules/system/system.module | 4 ++--
 5 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 1b10be55ed..413e2d5409 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,8 +1,9 @@
-// $Id: CHANGELOG.txt,v 1.253.2.4 2008-02-13 15:39:26 goba Exp $
-
-Drupal 6.1-dev, xxxx-xx-xx (development version)
------------------------
+// $Id: CHANGELOG.txt,v 1.253.2.5 2008-02-27 19:44:44 goba Exp $
 
+Drupal 6.1, 2008-02-27
+----------------------
+- fixed a variety of small bugs.
+- fixed a security issue (Cross site scripting), see SA-2008-018
 
 Drupal 6.0, 2008-02-13
 ----------------------
diff --git a/includes/common.inc b/includes/common.inc
index 38684c5505..773e3cbbe4 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.756.2.6 2008-02-27 11:52:08 goba Exp $
+// $Id: common.inc,v 1.756.2.7 2008-02-27 19:44:44 goba Exp $
 
 /**
  * @file
@@ -577,7 +577,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
     return;
   }
 
-  if ($errno & (E_ALL)) {
+  if ($errno & (E_ALL ^ E_NOTICE)) {
     $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning', 4096 => 'recoverable fatal error');
 
     // For database errors, we want the line number/file name of the place that
diff --git a/misc/drupal.js b/misc/drupal.js
index 73eabbddee..fee92ec92a 100644
--- a/misc/drupal.js
+++ b/misc/drupal.js
@@ -1,4 +1,4 @@
-// $Id: drupal.js,v 1.41.2.1 2008-02-06 12:18:04 goba Exp $
+// $Id: drupal.js,v 1.41.2.2 2008-02-27 19:44:44 goba Exp $
 
 var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'themes': {}, 'locale': {} };
 
@@ -51,7 +51,8 @@ Drupal.checkPlain = function(str) {
   str = String(str);
   var replace = { '&': '&amp;', '"': '&quot;', '<': '&lt;', '>': '&gt;' };
   for (var character in replace) {
-    str = str.replace(character, replace[character]);
+    var regex = new RegExp(character, 'g');
+    str = str.replace(regex, replace[character]);
   }
   return str;
 };
diff --git a/modules/node/node.pages.inc b/modules/node/node.pages.inc
index 7e007ec7a4..5e3e24c9ad 100644
--- a/modules/node/node.pages.inc
+++ b/modules/node/node.pages.inc
@@ -1,5 +1,5 @@
 <?php
-// $Id: node.pages.inc,v 1.28 2008-02-03 19:26:10 goba Exp $
+// $Id: node.pages.inc,v 1.28.2.1 2008-02-27 19:44:44 goba Exp $
 
 /**
  * @file
@@ -11,7 +11,7 @@
  * Menu callback; presents the node editing form, or redirects to delete confirmation.
  */
 function node_page_edit($node) {
-  drupal_set_title($node->title);
+  drupal_set_title(check_plain($node->title));
   return drupal_get_form($node->type .'_node_form', $node);
 }
 
diff --git a/modules/system/system.module b/modules/system/system.module
index eb3b4743be..c306dce0f9 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -1,5 +1,5 @@
 <?php
-// $Id: system.module,v 1.585.2.7 2008-02-13 15:39:27 goba Exp $
+// $Id: system.module,v 1.585.2.8 2008-02-27 19:44:44 goba Exp $
 
 /**
  * @file
@@ -9,7 +9,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '6.1-dev');
+define('VERSION', '6.1');
 
 /**
  * Core API compatibility.