Index: includes/bootstrap.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v retrieving revision 1.145 diff -u -p -r1.145 bootstrap.inc --- includes/bootstrap.inc 15 Jan 2007 11:52:02 -0000 1.145 +++ includes/bootstrap.inc 25 Jul 2007 19:52:29 -0000 @@ -200,7 +200,7 @@ function conf_path() { } $confdir = 'sites'; - $uri = explode('/', $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME']); + $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']); $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.'))))); for ($i = count($uri) - 1; $i > 0; $i--) { for ($j = count($server); $j > 0; $j--) { @@ -230,11 +230,16 @@ function drupal_unset_globals() { } /** - * Loads the configuration and sets the base URL correctly. + * Loads the configuration and sets the base URL, cookie domain, and + * session name correctly. */ function conf_init() { - global $db_url, $db_prefix, $base_url, $base_path, $base_root, $conf, $installed_profile; + global $base_url, $base_path, $base_root; + + // Export the following settings.php variables to the global namespace + global $db_url, $db_prefix, $cookie_domain, $conf, $installed_profile; $conf = array(); + include_once './'. conf_path() .'/settings.php'; if (isset($base_url)) { @@ -250,8 +255,14 @@ function conf_init() { else { // Create base URL $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http'; - $base_url = $base_root .= '://'. $_SERVER['HTTP_HOST']; - if ($dir = trim(dirname($_SERVER['PHP_SELF']), '\,/')) { + + // As $_SERVER['HTTP_HOST'] is user input, ensure it only contains + // characters allowed in hostnames. + $base_url = $base_root .= '://'. preg_replace('/[^a-z0-9-:._]/i', '', $_SERVER['HTTP_HOST']); + + // $_SERVER['SCRIPT_NAME'] can, in contrast to $_SERVER['PHP_SELF'], not + // be modified by a visitor. + if ($dir = trim(dirname($_SERVER['SCRIPT_NAME']), '\,/')) { $base_path = "/$dir"; $base_url .= $base_path; $base_path .= '/'; @@ -260,6 +271,37 @@ function conf_init() { $base_path = '/'; } } + + if (!$cookie_domain) { + // If the $cookie_domain is empty, try to use the session.cookie_domain. + $cookie_domain = ini_get('session.cookie_domain'); + } + if ($cookie_domain) { + // If the user specifies the cookie domain, also use it for session name. + $session_name = $cookie_domain; + } + else { + // Otherwise use $base_url for session name. + $session_name = $base_url; + // We try to set the cookie domain to the hostname. + // We escape the hostname because it can be modified by a visitor. + if (!empty($_SERVER['HTTP_HOST'])) { + $cookie_domain = check_plain($_SERVER['HTTP_HOST']); + } + } + // Strip leading periods, www., and port numbers from cookie domain. + $cookie_domain = ltrim($cookie_domain, '.'); + if (strpos($cookie_domain, 'www.') === 0) { + $cookie_domain = substr($cookie_domain, 4); + } + $cookie_domain = explode(':', $cookie_domain); + $cookie_domain = '.'. $cookie_domain[0]; + // Per RFC 2109, cookie domains must contain at least one dot other than the + // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain. + if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) { + ini_set('session.cookie_domain', $cookie_domain); + } + session_name('SESS'. md5($session_name)); } /** @@ -599,10 +641,10 @@ function request_uri() { } else { if (isset($_SERVER['argv'])) { - $uri = $_SERVER['PHP_SELF'] .'?'. $_SERVER['argv'][0]; + $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['argv'][0]; } else { - $uri = $_SERVER['PHP_SELF'] .'?'. $_SERVER['QUERY_STRING']; + $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING']; } } Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.611 diff -u -p -r1.611 common.inc --- includes/common.inc 10 Jan 2007 23:30:07 -0000 1.611 +++ includes/common.inc 25 Jul 2007 19:52:29 -0000 @@ -548,7 +548,7 @@ function error_handler($errno, $message, $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.'; // Force display of error messages in update.php - if (variable_get('error_level', 1) == 1 || strstr($_SERVER['PHP_SELF'], 'update.php')) { + if (variable_get('error_level', 1) == 1 || strstr($_SERVER['SCRIPT_NAME'], 'update.php')) { drupal_set_message($entry, 'error'); } Index: modules/blogapi/blogapi.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blogapi/blogapi.module,v retrieving revision 1.100 diff -u -p -r1.100 blogapi.module --- modules/blogapi/blogapi.module 5 Jan 2007 19:05:54 -0000 1.100 +++ modules/blogapi/blogapi.module 25 Jul 2007 19:52:11 -0000 @@ -537,7 +537,7 @@ function blogapi_blogger_title(&$content } function blogapi_admin_settings() { - $node_types = node_get_types('names'); + $node_types = array_map('check_plain', node_get_types('names')); $defaults = isset($node_types['blog']) ? array('blog' => 1) : array(); $form['blogapi_node_types'] = array( '#type' => 'checkboxes', Index: modules/node/content_types.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/node/content_types.inc,v retrieving revision 1.24 diff -u -p -r1.24 content_types.inc --- modules/node/content_types.inc 9 Jan 2007 07:53:26 -0000 1.24 +++ modules/node/content_types.inc 25 Jul 2007 19:52:11 -0000 @@ -18,7 +18,6 @@ function node_overview_types() { foreach ($names as $key => $name) { $type = $types[$key]; if (function_exists($type->module .'_form')) { - $name = check_plain($name); $type_url_str = str_replace('_', '-', $type->type); // Populate the operations field. $operations = array(); Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.776.2.1 diff -u -p -r1.776.2.1 node.module --- modules/node/node.module 29 Jan 2007 21:51:53 -0000 1.776.2.1 +++ modules/node/node.module 25 Jul 2007 19:52:11 -0000 @@ -1142,11 +1142,10 @@ function node_menu($may_cache) { foreach (node_get_types() as $type) { if (function_exists($type->module .'_form')) { - $name = check_plain($type->name); $type_url_str = str_replace('_', '-', $type->type); $items[] = array( 'path' => 'node/add/'. $type_url_str, - 'title' => drupal_ucfirst($name), + 'title' => drupal_ucfirst($type->name), 'access' => node_access('create', $type->type), ); } @@ -1213,7 +1212,6 @@ function node_menu($may_cache) { $type = node_get_types('type', $type_name); if (!empty($type)) { - $type->name = check_plain($type->name); $type_url_str = str_replace('_', '-', $type->type); $items[] = array( @@ -1553,7 +1551,7 @@ function node_admin_nodes() { while ($node = db_fetch_object($result)) { $nodes[$node->nid] = ''; $form['title'][$node->nid] = array('#value' => l($node->title, 'node/'. $node->nid) .' '. theme('mark', node_mark($node->nid, $node->changed))); - $form['name'][$node->nid] = array('#value' => node_get_types('name', $node)); + $form['name'][$node->nid] = array('#value' => check_plain(node_get_types('name', $node))); $form['username'][$node->nid] = array('#value' => theme('username', $node)); $form['status'][$node->nid] = array('#value' => ($node->status ? t('published') : t('not published'))); $form['operations'][$node->nid] = array('#value' => l(t('edit'), 'node/'. $node->nid .'/edit', array(), $destination)); @@ -2535,7 +2533,7 @@ function node_form_alter($form_id, &$for } // Node types: - $types = node_get_types('names'); + $types = array_map('check_plain', node_get_types('names')); $form['advanced']['type'] = array( '#type' => 'checkboxes', '#title' => t('Only of the type(s)'), Index: modules/poll/poll.module =================================================================== RCS file: /cvs/drupal/drupal/modules/poll/poll.module,v retrieving revision 1.222 diff -u -p -r1.222 poll.module --- modules/poll/poll.module 25 Dec 2006 09:48:42 -0000 1.222 +++ modules/poll/poll.module 25 Jul 2007 19:52:20 -0000 @@ -354,7 +354,9 @@ function poll_teaser($node) { $teaser = NULL; if (is_array($node->choice)) { foreach ($node->choice as $k => $choice) { - $teaser .= '* '. $choice['chtext'] .'\n'; + if ($choice['chtext'] != '') { + $teaser .= '* '. check_plain($choice['chtext']) ."\n"; + } } } return $teaser; Index: modules/profile/profile.module =================================================================== RCS file: /cvs/drupal/drupal/modules/profile/profile.module,v retrieving revision 1.189.2.1 diff -u -p -r1.189.2.1 profile.module --- modules/profile/profile.module 23 Jan 2007 19:09:58 -0000 1.189.2.1 +++ modules/profile/profile.module 25 Jul 2007 19:52:24 -0000 @@ -111,7 +111,7 @@ function profile_block($op = 'list', $de $fields = array(); $result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS); while ($record = db_fetch_object($result)) { - $fields[$record->name] = $record->title; + $fields[$record->name] = check_plain($record->title); } $fields['user_profile'] = t('Link to full user profile'); $form['profile_block_author_fields'] = array('#type' => 'checkboxes', @@ -398,7 +398,7 @@ function profile_admin_overview() { $result = db_query('SELECT * FROM {profile_fields} ORDER BY category, weight'); $rows = array(); while ($field = db_fetch_object($result)) { - $rows[] = array(check_plain($field->title), $field->name, _profile_field_types($field->type), $field->category, l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid")); + $rows[] = array(check_plain($field->title), check_plain($field->name), _profile_field_types($field->type), check_plain($field->category), l(t('edit'), "admin/user/profile/edit/$field->fid"), l(t('delete'), "admin/user/profile/delete/$field->fid")); } if (count($rows) == 0) { $rows[] = array(array('data' => t('No fields defined.'), 'colspan' => '6')); @@ -627,7 +627,7 @@ function profile_form_profile($edit, $us while ($field = db_fetch_object($result)) { $category = $field->category; if (!isset($fields[$category])) { - $fields[$category] = array('#type' => 'fieldset', '#title' => $category, '#weight' => $w++); + $fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $w++); } switch ($field->type) { case 'textfield': @@ -758,7 +758,7 @@ function theme_profile_block($account, $ $output .= "

$field->value

\n"; } else { - $output .= "

$field->title
$field->value

\n"; + $output .= '

'. check_plain($field->title) ."
$field->value

\n"; } } } Index: modules/search/search.module =================================================================== RCS file: /cvs/drupal/drupal/modules/search/search.module,v retrieving revision 1.209.2.2 diff -u -p -r1.209.2.2 search.module --- modules/search/search.module 29 Jan 2007 23:36:39 -0000 1.209.2.2 +++ modules/search/search.module 25 Jul 2007 19:52:11 -0000 @@ -1231,7 +1231,7 @@ function theme_search_item($item, $type) $output = '
'. check_plain($item['title']) .'
'; $info = array(); if ($item['type']) { - $info[] = $item['type']; + $info[] = check_plain($item['type']); } if ($item['user']) { $info[] = $item['user']; Index: modules/system/system.module =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.module,v retrieving revision 1.440.2.4 diff -u -p -r1.440.2.4 system.module --- modules/system/system.module 29 Jan 2007 21:51:53 -0000 1.440.2.4 +++ modules/system/system.module 25 Jul 2007 19:52:11 -0000 @@ -2010,7 +2010,7 @@ function system_theme_settings($key = '' '#suffix' => '', ); foreach ($node_types as $type => $name) { - $form['node_info']["toggle_node_info_$type"] = array('#type' => 'checkbox', '#title' => $name, '#default_value' => $settings["toggle_node_info_$type"]); + $form['node_info']["toggle_node_info_$type"] = array('#type' => 'checkbox', '#title' => check_plain($name), '#default_value' => $settings["toggle_node_info_$type"]); } } } Index: modules/taxonomy/taxonomy.module =================================================================== RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.module,v retrieving revision 1.330.2.2 diff -u -p -r1.330.2.2 taxonomy.module --- modules/taxonomy/taxonomy.module 25 Jan 2007 21:51:36 -0000 1.330.2.2 +++ modules/taxonomy/taxonomy.module 25 Jul 2007 19:52:11 -0000 @@ -152,7 +152,7 @@ function taxonomy_overview_vocabularies( $types = array(); foreach ($vocabulary->nodes as $type) { $node_type = node_get_types('name', $type); - $types[] = $node_type ? $node_type : $type; + $types[] = $node_type ? check_plain($node_type) : check_plain($type); } $rows[] = array('name' => check_plain($vocabulary->name), 'type' => implode(', ', $types), @@ -236,7 +236,7 @@ function taxonomy_form_vocabulary($edit $form['nodes'] = array('#type' => 'checkboxes', '#title' => t('Types'), '#default_value' => $edit['nodes'], - '#options' => node_get_types('names'), + '#options' => array_map('check_plain', node_get_types('names')), '#description' => t('A list of node types you want to associate with this vocabulary.'), '#required' => TRUE, ); Index: modules/tracker/tracker.module =================================================================== RCS file: /cvs/drupal/drupal/modules/tracker/tracker.module,v retrieving revision 1.143 diff -u -p -r1.143 tracker.module --- modules/tracker/tracker.module 10 Jan 2007 15:17:51 -0000 1.143 +++ modules/tracker/tracker.module 25 Jul 2007 19:52:11 -0000 @@ -106,7 +106,7 @@ function tracker_page($uid = 0) { } $rows[] = array( - node_get_types('name', $node->type), + check_plain(node_get_types('name', $node->type)), l($node->title, "node/$node->nid") .' '. theme('mark', node_mark($node->nid, $node->changed)), theme('username', $node), array('class' => 'replies', 'data' => $comments), Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.745.2.1 diff -u -p -r1.745.2.1 user.module --- modules/user/user.module 29 Jan 2007 19:08:46 -0000 1.745.2.1 +++ modules/user/user.module 25 Jul 2007 19:52:24 -0000 @@ -649,7 +649,7 @@ function theme_user_profile($account, $f $output .= theme('user_picture', $account); foreach ($fields as $category => $items) { if (strlen($category) > 0) { - $output .= '

'. $category .'

'; + $output .= '

'. check_plain($category) .'

'; } $output .= '
'; foreach ($items as $item) { Index: sites/default/settings.php =================================================================== RCS file: /cvs/drupal/drupal/sites/default/Attic/settings.php,v retrieving revision 1.39 diff -u -p -r1.39 settings.php --- sites/default/settings.php 14 Jan 2007 02:05:15 -0000 1.39 +++ sites/default/settings.php 25 Jul 2007 19:50:48 -0000 @@ -137,17 +137,15 @@ ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', ''); /** - * We try to set the correct cookie domain. If you are experiencing problems - * try commenting out the code below or specifying the cookie domain by hand. + * Drupal automatically generates a unique session cookie name for each site + * based on on its full domain name. If you have multiple domains pointing at + * the same Drupal site, you can either redirect them all to a single domain + * (see comment in .htaccess), or uncomment the line below and specify their + * shared base domain. Doing so assures that users remain logged in as they + * cross between your various domains. */ -if (isset($_SERVER['HTTP_HOST'])) { - $domain = '.'. preg_replace('`^www.`', '', $_SERVER['HTTP_HOST']); - // Per RFC 2109, cookie domains must contain at least one dot other than the - // first. For hosts such as 'localhost', we don't set a cookie domain. - if (count(explode('.', $domain)) > 2) { - ini_set('session.cookie_domain', $domain); - } -} +# $cookie_domain = 'example.com'; + /** * Variable overrides: