Index: includes/bootstrap.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v retrieving revision 1.206.2.11 diff -u -p -r1.206.2.11 bootstrap.inc --- includes/bootstrap.inc 25 Feb 2009 13:49:54 -0000 1.206.2.11 +++ includes/bootstrap.inc 29 Apr 2009 23:02:30 -0000 @@ -791,6 +791,8 @@ function request_uri() { $uri = $_SERVER['SCRIPT_NAME']; } } + // Prevent multiple slashes to avoid cross site requests via the FAPI. + $uri = '/'. ltrim($uri, '/'); return $uri; } Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.756.2.48 diff -u -p -r1.756.2.48 common.inc --- includes/common.inc 25 Feb 2009 23:16:45 -0000 1.756.2.48 +++ includes/common.inc 29 Apr 2009 23:02:31 -0000 @@ -152,6 +152,15 @@ function drupal_get_headers() { } /** + * Make any final alterations to the rendered xhtml. + */ +function drupal_final_markup($content) { + // Make sure that the charset is always specified as the first element of the + // head region to prevent encoding-based attacks. + return preg_replace('/
]*>/i', "\$0\n", $content, 1); +} + +/** * Add a feed URL for the current page. * * @param $url Index: includes/theme.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/theme.inc,v retrieving revision 1.415.2.20 diff -u -p -r1.415.2.20 theme.inc --- includes/theme.inc 29 Apr 2009 17:22:52 -0000 1.415.2.20 +++ includes/theme.inc 29 Apr 2009 23:02:31 -0000 @@ -687,6 +687,10 @@ function theme() { } // restore path_to_theme() $theme_path = $temp; + // Add final markup to the full page. + if ($hook == 'page') { + $output = drupal_final_markup($output); + } return $output; } Index: modules/system/maintenance-page.tpl.php =================================================================== RCS file: /cvs/drupal/drupal/modules/system/maintenance-page.tpl.php,v retrieving revision 1.2 diff -u -p -r1.2 maintenance-page.tpl.php --- modules/system/maintenance-page.tpl.php 24 Jan 2008 09:42:51 -0000 1.2 +++ modules/system/maintenance-page.tpl.php 29 Apr 2009 23:02:31 -0000 @@ -19,8 +19,8 @@ -