Permalink
Browse files

Update Drupal Core 6.22 ==> 6.25

  • Loading branch information...
kwcoffman committed Apr 3, 2012
1 parent b91c215 commit 6d885e4d8ce973bc58a44d4987b5e4aec1fcf565
Showing with 1,139 additions and 666 deletions.
  1. +18 −0 CHANGELOG.txt
  2. +2 −2 INSTALL.mysql.txt
  3. +333 −268 LICENSE.txt
  4. +1 −20 includes/actions.inc
  5. +1 −1 includes/batch.inc
  6. +7 −3 includes/bootstrap.inc
  7. +50 −12 includes/common.inc
  8. +4 −3 includes/database.inc
  9. +18 −10 includes/file.inc
  10. +8 −7 includes/form.inc
  11. +19 −41 includes/locale.inc
  12. +62 −0 includes/lock-install.inc
  13. +2 −1 includes/lock.inc
  14. +3 −2 includes/menu.inc
  15. +33 −18 includes/module.inc
  16. +12 −7 includes/pager.inc
  17. +37 −0 includes/session.inc
  18. +7 −6 includes/theme.inc
  19. +0 −1 includes/unicode.entities.inc
  20. +2 −2 includes/unicode.inc
  21. +6 −0 install.php
  22. +1 −1 misc/drupal.js
  23. +12 −1 modules/aggregator/aggregator.admin.inc
  24. +3 −3 modules/aggregator/aggregator.info
  25. +43 −33 modules/aggregator/aggregator.module
  26. +3 −3 modules/block/block.info
  27. +11 −7 modules/block/block.module
  28. +3 −3 modules/blog/blog.info
  29. +1 −1 modules/blog/blog.pages.inc
  30. +3 −3 modules/blogapi/blogapi.info
  31. +3 −3 modules/book/book.info
  32. +1 −1 modules/book/book.module
  33. +3 −3 modules/color/color.info
  34. +3 −3 modules/comment/comment.info
  35. +33 −2 modules/comment/comment.install
  36. +3 −3 modules/contact/contact.info
  37. +3 −3 modules/dblog/dblog.info
  38. +3 −3 modules/filter/filter.info
  39. +3 −3 modules/forum/forum.info
  40. +1 −1 modules/forum/forum.module
  41. +3 −3 modules/help/help.info
  42. +3 −3 modules/locale/locale.info
  43. +19 −0 modules/locale/locale.install
  44. +3 −3 modules/menu/menu.info
  45. +1 −1 modules/node/node.admin.inc
  46. +3 −3 modules/node/node.info
  47. +20 −13 modules/node/node.module
  48. +3 −3 modules/openid/openid.info
  49. +6 −3 modules/openid/openid.module
  50. +3 −3 modules/path/path.info
  51. +56 −10 modules/path/path.module
  52. +3 −3 modules/php/php.info
  53. +3 −3 modules/ping/ping.info
  54. +3 −3 modules/poll/poll.info
  55. +16 −18 modules/poll/poll.module
  56. +3 −3 modules/profile/profile.info
  57. +3 −3 modules/search/search.info
  58. +2 −2 modules/search/search.module
  59. +3 −3 modules/statistics/statistics.info
  60. +3 −3 modules/syslog/syslog.info
  61. +3 −3 modules/system/system.info
  62. +39 −9 modules/system/system.module
  63. +3 −3 modules/taxonomy/taxonomy.info
  64. +75 −23 modules/taxonomy/taxonomy.module
  65. +3 −3 modules/throttle/throttle.info
  66. +3 −3 modules/tracker/tracker.info
  67. +3 −3 modules/translation/translation.info
  68. +1 −1 modules/translation/translation.module
  69. +3 −3 modules/trigger/trigger.info
  70. +1 −1 modules/trigger/trigger.module
  71. +13 −1 modules/update/update.fetch.inc
  72. +3 −3 modules/update/update.info
  73. +3 −3 modules/upload/upload.info
  74. +7 −2 modules/upload/upload.module
  75. +3 −3 modules/user/user.info
  76. +37 −12 modules/user/user.module
  77. +3 −3 themes/bluemarine/bluemarine.info
  78. +3 −3 themes/chameleon/chameleon.info
  79. +3 −3 themes/chameleon/marvin/marvin.info
  80. +0 −1 themes/engines/phptemplate/phptemplate.engine
  81. +3 −3 themes/garland/garland.info
  82. +3 −3 themes/garland/minnelli/minnelli.info
  83. +1 −1 themes/garland/style.css
  84. +3 −3 themes/pushbutton/pushbutton.info
View
@@ -1,4 +1,22 @@
+Drupal 6.25, 2012-02-29
+----------------------
+- Fixed regressions introduced in Drupal 6.24 only.
+
+Drupal 6.24, 2012-02-01
+----------------------
+- Improved performance of search indexing and user operations by adding indexes.
+- Fixed issues with themes getting disabled due to missing locking in
+ system_theme_data().
+- Fix issue with blocks being disabled on updates in _block_rehash().
+- Further improvements to PHP 5.3, PHP 4 and PostgreSQL compatibility.
+- Improved code documentation at various places.
+- Fixed a variety of other bugs.
+
+Drupal 6.23, 2012-02-01
+----------------------
+- Fixed security issues (Cross site scripting), see SA-CORE-2012-001.
+
Drupal 6.22, 2011-05-25
----------------------
- Made Drupal 6 work better with IIS and Internet Explorer.
View
@@ -20,8 +20,8 @@ initial database files. Next you must login and set the access database rights:
Again, you will be asked for the 'username' database password. At the MySQL
prompt, enter following command:
- GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER
- ON databasename.*
+ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER,
+ CREATE TEMPORARY TABLES ON databasename.*
TO 'username'@'localhost' IDENTIFIED BY 'password';
where
View

Large diffs are not rendered by default.

Oops, something went wrong.
View
@@ -24,25 +24,6 @@
* @} End of "defgroup actions".
*/
-/**
- * @defgroup actions Actions
- * @{
- * Functions that perform an action on a certain system object.
- *
- * All modules should declare their action functions to be in this group and
- * each action function should reference its configuration form, validate, and
- * submit functions using \@see. Conversely, form, validate, and submit
- * functions should reference the action function using \@see. For examples of
- * this see comment_unpublish_by_keyword_action(), which has the following in
- * its doxygen documentation:
- *
- * \@ingroup actions
- * \@see comment_unpublish_by_keyword_action_form().
- * \@see comment_unpublish_by_keyword_action_submit().
- *
- * @} End of "defgroup actions".
- */
-
/**
* Perform a given list of actions by executing their callback functions.
*
@@ -355,7 +336,7 @@ function actions_synchronize($actions_in_code = array(), $delete_orphans = FALSE
else {
$link = l(t('Remove orphaned actions'), 'admin/settings/actions/orphan');
$count = count($actions_in_db);
- watchdog('actions', format_plural($count, 'One orphaned action (%orphans) exists in the actions table. !link', '@count orphaned actions (%orphans) exist in the actions table. !link'), array('@count' => $count, '%orphans' => $orphans, '!link' => $link), WATCHDOG_WARNING);
+ watchdog('actions', format_plural($count, 'One orphaned action (%orphans) exists in the actions table. !link', '@count orphaned actions (%orphans) exist in the actions table. !link'), array('@count' => $count, '%orphans' => $orphans, '!link' => $link), WATCHDOG_INFO);
}
}
}
View
@@ -189,7 +189,7 @@ function _batch_process() {
call_user_func_array($function, array_merge($args, array(&$batch_context)));
}
- if ($finished == 1) {
+ if ($finished >= 1) {
// Make sure this step isn't counted double when computing $current.
$finished = 0;
// Remove the operation and clear the sandbox.
View
@@ -378,14 +378,18 @@ function conf_init() {
global $db_url, $db_prefix, $db_collation, $cookie_domain, $conf, $installed_profile, $update_free_access;
$conf = array();
+ if (!isset($_SERVER['SERVER_PROTOCOL']) || ($_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1')) {
+ $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0';
+ }
+
if (isset($_SERVER['HTTP_HOST'])) {
// As HTTP_HOST is user input, ensure it only contains characters allowed
// in hostnames. See RFC 952 (and RFC 2181).
// $_SERVER['HTTP_HOST'] is lowercased here per specifications.
$_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
if (!drupal_valid_http_host($_SERVER['HTTP_HOST'])) {
// HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
- header('HTTP/1.1 400 Bad Request');
+ header($_SERVER['SERVER_PROTOCOL'] .' 400 Bad Request');
exit;
}
}
@@ -749,7 +753,7 @@ function drupal_page_cache_header($cache) {
if ($if_modified_since && $if_none_match
&& $if_none_match == $etag // etag must match
&& $if_modified_since == $last_modified) { // if-modified-since must match
- header('HTTP/1.1 304 Not Modified');
+ header($_SERVER['SERVER_PROTOCOL'] .' 304 Not Modified');
// All 304 responses must send an etag if the 200 response for the same object contained an etag
header("Etag: $etag");
return;
@@ -1149,7 +1153,7 @@ function _drupal_bootstrap($phase) {
case DRUPAL_BOOTSTRAP_ACCESS:
// Deny access to hosts which were banned - t() is not yet available.
if (drupal_is_denied('host', ip_address())) {
- header('HTTP/1.1 403 Forbidden');
+ header($_SERVER['SERVER_PROTOCOL'] .' 403 Forbidden');
print 'Sorry, '. check_plain(ip_address()) .' has been banned.';
exit();
}
View
@@ -30,6 +30,12 @@ if (!defined('E_DEPRECATED')) {
define('E_DEPRECATED', 8192);
}
+/**
+ * Error code indicating that the request made by drupal_http_request() exceeded
+ * the specified timeout.
+ */
+define('HTTP_REQUEST_TIMEOUT', -1);
+
/**
* Set content for a specified region.
*
@@ -354,7 +360,7 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response
*/
function drupal_site_offline() {
drupal_maintenance_theme();
- drupal_set_header('HTTP/1.1 503 Service unavailable');
+ drupal_set_header($_SERVER['SERVER_PROTOCOL'] .' 503 Service unavailable');
drupal_set_title(t('Site off-line'));
print theme('maintenance_page', filter_xss_admin(variable_get('site_offline_message',
t('@site is currently under maintenance. We should be back shortly. Thank you for your patience.', array('@site' => variable_get('site_name', 'Drupal'))))));
@@ -364,7 +370,7 @@ function drupal_site_offline() {
* Generates a 404 error if the request can not be handled.
*/
function drupal_not_found() {
- drupal_set_header('HTTP/1.1 404 Not Found');
+ drupal_set_header($_SERVER['SERVER_PROTOCOL'] .' 404 Not Found');
watchdog('page not found', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
@@ -394,7 +400,7 @@ function drupal_not_found() {
* Generates a 403 error if the request is not allowed.
*/
function drupal_access_denied() {
- drupal_set_header('HTTP/1.1 403 Forbidden');
+ drupal_set_header($_SERVER['SERVER_PROTOCOL'] .' 403 Forbidden');
watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
@@ -435,11 +441,15 @@ function drupal_access_denied() {
* @param $retry
* An integer representing how many times to retry the request in case of a
* redirect.
+ * @param $timeout
+ * A float representing the maximum number of seconds the function call may
+ * take. The default is 30 seconds. If a timeout occurs, the error code is set
+ * to the HTTP_REQUEST_TIMEOUT constant.
* @return
* An object containing the HTTP request headers, response code, protocol,
* status message, headers, data and redirect status.
*/
-function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
+function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3, $timeout = 30.0) {
global $db_prefix;
$result = new stdClass();
@@ -459,18 +469,20 @@ function drupal_http_request($url, $headers = array(), $method = 'GET', $data =
return $result;
}
+ timer_start(__FUNCTION__);
+
switch ($uri['scheme']) {
case 'http':
case 'feed':
$port = isset($uri['port']) ? $uri['port'] : 80;
$host = $uri['host'] . ($port != 80 ? ':'. $port : '');
- $fp = @fsockopen($uri['host'], $port, $errno, $errstr, 15);
+ $fp = @fsockopen($uri['host'], $port, $errno, $errstr, $timeout);
break;
case 'https':
// Note: Only works for PHP 4.3 compiled with OpenSSL.
$port = isset($uri['port']) ? $uri['port'] : 443;
$host = $uri['host'] . ($port != 443 ? ':'. $port : '');
- $fp = @fsockopen('ssl://'. $uri['host'], $port, $errno, $errstr, 20);
+ $fp = @fsockopen('ssl://'. $uri['host'], $port, $errno, $errstr, $timeout);
break;
default:
$result->error = 'invalid schema '. $uri['scheme'];
@@ -544,11 +556,25 @@ function drupal_http_request($url, $headers = array(), $method = 'GET', $data =
$result->request = $request;
- fwrite($fp, $request);
+ // Calculate how much time is left of the original timeout value.
+ $time_left = $timeout - timer_read(__FUNCTION__) / 1000;
+ if ($time_left > 0) {
+ stream_set_timeout($fp, floor($time_left), floor(1000000 * fmod($time_left, 1)));
+ fwrite($fp, $request);
+ }
// Fetch response.
$response = '';
- while (!feof($fp) && $chunk = fread($fp, 1024)) {
+ while (!feof($fp)) {
+ // Calculate how much time is left of the original timeout value.
+ $time_left = $timeout - timer_read(__FUNCTION__) / 1000;
+ if ($time_left <= 0) {
+ $result->code = HTTP_REQUEST_TIMEOUT;
+ $result->error = 'request timed out';
+ return $result;
+ }
+ stream_set_timeout($fp, floor($time_left), floor(1000000 * fmod($time_left, 1)));
+ $chunk = fread($fp, 1024);
$response .= $chunk;
}
fclose($fp);
@@ -597,9 +623,13 @@ function drupal_http_request($url, $headers = array(), $method = 'GET', $data =
case 302: // Moved temporarily
case 307: // Moved temporarily
$location = $result->headers['Location'];
-
- if ($retry) {
- $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
+ $timeout -= timer_read(__FUNCTION__) / 1000;
+ if ($timeout <= 0) {
+ $result->code = HTTP_REQUEST_TIMEOUT;
+ $result->error = 'request timed out';
+ }
+ elseif ($retry) {
+ $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry, $timeout);
$result->redirect_code = $result->code;
}
$result->redirect_url = $location;
@@ -652,7 +682,9 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
}
}
- $entry = check_plain($types[$errno]) .': '. filter_xss($message) .' in '. check_plain($filename) .' on line '. check_plain($line) .'.';
+ // Try to use filter_xss(). If it's too early in the bootstrap process for
+ // filter_xss() to be loaded, use check_plain() instead.
+ $entry = check_plain($types[$errno]) .': '. (function_exists('filter_xss') ? filter_xss($message) : check_plain($message)) .' in '. check_plain($filename) .' on line '. check_plain($line) .'.';
// Force display of error messages in update.php.
if (variable_get('error_level', 1) == 1 || strstr($_SERVER['SCRIPT_NAME'], 'update.php')) {
@@ -1788,8 +1820,11 @@ function drupal_add_link($attributes) {
*
* Typical candidates for caching are for example styles for nodes across
* the site, or used in the theme.
+ *
* @return
* An array of CSS files.
+ *
+ * @see drupal_get_css()
*/
function drupal_add_css($path = NULL, $type = 'module', $media = 'all', $preprocess = TRUE) {
static $css = array();
@@ -1835,8 +1870,11 @@ function drupal_add_css($path = NULL, $type = 'module', $media = 'all', $preproc
* @param $css
* (optional) An array of CSS files. If no array is provided, the default
* stylesheets array is used instead.
+ *
* @return
* A string of XHTML CSS tags.
+ *
+ * @see drupal_add_css()
*/
function drupal_get_css($css = NULL) {
$output = '';
View
@@ -115,10 +115,11 @@ function db_prefix_tables($sql) {
* code.
*
* @param $name
- * The name assigned to the newly active database connection. If omitted, the
+ * The key in the $db_url global variable from settings.php. If omitted, the
* default connection will be made active.
*
- * @return the name of the previously active database or FALSE if non was found.
+ * @return
+ * The name of the previously active database, or FALSE if none was found.
*/
function db_set_active($name = 'default') {
global $db_url, $db_type, $active_db;
@@ -173,7 +174,7 @@ function _db_error_page($error = '') {
global $db_type;
drupal_init_language();
drupal_maintenance_theme();
- drupal_set_header('HTTP/1.1 503 Service Unavailable');
+ drupal_set_header($_SERVER['SERVER_PROTOCOL'] .' 503 Service Unavailable');
drupal_set_title('Site off-line');
$message = '<p>The site is currently not available due to technical problems. Please try again later. Thank you for your understanding.</p>';
View
@@ -459,6 +459,7 @@ function file_create_filename($basename, $directory) {
}
else {
$name = $basename;
+ $ext = '';
}
$counter = 0;
@@ -682,7 +683,7 @@ function file_validate_extensions($file, $extensions) {
// Bypass validation for uid = 1.
if ($user->uid != 1) {
- $regex = '/\.('. ereg_replace(' +', '|', preg_quote($extensions)) .')$/i';
+ $regex = '/\.('. @ereg_replace(' +', '|', preg_quote($extensions)) .')$/i';
if (!preg_match($regex, $file->filename)) {
$errors[] = t('Only files with the following extensions are allowed: %files-allowed.', array('%files-allowed' => $extensions));
}
@@ -830,8 +831,13 @@ function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) {
/**
* Set the status of a file.
*
- * @param file A Drupal file object
- * @param status A status value to set the file to.
+ * @param $file
+ * A Drupal file object.
+ * @param $status
+ * A status value to set the file to. One of:
+ * - FILE_STATUS_PERMANENT
+ * - FILE_STATUS_TEMPORARY
+ *
* @return FALSE on failure, TRUE on success and $file->status will contain the
* status.
*/
@@ -918,6 +924,7 @@ function file_download() {
/**
* Finds all files that match a given mask in a given directory.
+ *
* Directories and files beginning with a period are excluded; this
* prevents hidden files and directories (such as SVN working directories)
* from being scanned.
@@ -934,18 +941,19 @@ function file_download() {
* When TRUE, the directory scan will recurse the entire tree
* starting at the provided directory.
* @param $key
- * The key to be used for the returned array of files. Possible
- * values are "filename", for the path starting with $dir,
- * "basename", for the basename of the file, and "name" for the name
- * of the file without an extension.
+ * The key to be used for the returned associative array of files. Possible
+ * values are "filename", for the path starting with $dir; "basename", for
+ * the basename of the file; and "name" for the name of the file without the
+ * extension.
* @param $min_depth
* Minimum depth of directories to return files from.
* @param $depth
- * Current depth of recursion. This parameter is only used internally and should not be passed.
+ * Current depth of recursion. This parameter is only used internally and
+ * should not be passed in.
*
* @return
* An associative array (keyed on the provided key) of objects with
- * "path", "basename", and "name" members corresponding to the
+ * "filename", "basename", and "name" members corresponding to the
* matching files.
*/
function file_scan_directory($dir, $mask, $nomask = array('.', '..', 'CVS'), $callback = 0, $recurse = TRUE, $key = 'filename', $min_depth = 0, $depth = 0) {
@@ -959,7 +967,7 @@ function file_scan_directory($dir, $mask, $nomask = array('.', '..', 'CVS'), $ca
// Give priority to files in this folder by merging them in after any subdirectory files.
$files = array_merge(file_scan_directory("$dir/$file", $mask, $nomask, $callback, $recurse, $key, $min_depth, $depth + 1), $files);
}
- elseif ($depth >= $min_depth && ereg($mask, $file)) {
+ elseif ($depth >= $min_depth && @ereg($mask, $file)) {
// Always use this match over anything already set in $files with the same $$key.
$filename = "$dir/$file";
$basename = basename($file);
Oops, something went wrong.

0 comments on commit 6d885e4

Please sign in to comment.