Index: includes/file.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/file.inc,v retrieving revision 1.121.2.7 diff -u -p -r1.121.2.7 file.inc --- includes/file.inc 9 Jun 2009 10:37:38 -0000 1.121.2.7 +++ includes/file.inc 16 Sep 2009 16:51:16 -0000 @@ -529,13 +529,6 @@ function file_save_upload($source, $vali $file->filepath = $_FILES['files']['tmp_name'][$source]; $file->filemime = file_get_mimetype($file->filename); - // Rename potentially executable files, to help prevent exploits. - if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { - $file->filemime = 'text/plain'; - $file->filepath .= '.txt'; - $file->filename .= '.txt'; - } - // If the destination is not provided, or is not writable, then use the // temporary directory. if (empty($dest) || file_check_path($dest) === FALSE) { @@ -553,6 +546,18 @@ function file_save_upload($source, $vali $errors = array_merge($errors, call_user_func_array($function, $args)); } + // Rename potentially executable files, to help prevent exploits. + if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { + $file->filemime = 'text/plain'; + $file->filepath .= '.txt'; + $file->filename .= '.txt'; + // As the file may be named example.php.txt, we need to munge again to + // convert to example.php_.txt, then create the correct destination. + $file->filename = file_munge_filename($file->filename, $extensions); + $file->destination = file_destination(file_create_path($dest .'/'. $file->filename), $replace); + } + + // Check for validation errors. if (!empty($errors)) { $message = t('The selected file %name could not be uploaded.', array('%name' => $file->filename)); Index: modules/openid/openid.module =================================================================== RCS file: /cvs/drupal/drupal/modules/openid/openid.module,v retrieving revision 1.19.2.6 diff -u -p -r1.19.2.6 openid.module --- modules/openid/openid.module 10 Jun 2009 14:05:23 -0000 1.19.2.6 +++ modules/openid/openid.module 16 Sep 2009 16:51:16 -0000 @@ -192,8 +192,8 @@ function openid_begin($claimed_id, $retu } if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 .'/server', $services[0]['types'])) { - $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; - } + $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; + } $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']); if ($services[0]['version'] == 2) { Index: modules/openid/openid.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/openid/openid.pages.inc,v retrieving revision 1.5.2.1 diff -u -p -r1.5.2.1 openid.pages.inc --- modules/openid/openid.pages.inc 9 Jul 2008 21:48:28 -0000 1.5.2.1 +++ modules/openid/openid.pages.inc 16 Sep 2009 16:51:16 -0000 @@ -73,12 +73,14 @@ function openid_user_add_validate($form, if (db_result(db_query("SELECT authname FROM {authmap} WHERE authname='%s'", $claimed_id))) { form_set_error('openid_identifier', t('That OpenID is already in use on this site.')); } - else { - $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE)); - openid_begin($form_state['values']['openid_identifier'], $return_to); - } } +function openid_user_add_submit($form, &$form_state) { + $return_to = url('user/'. arg(1) .'/openid', array('absolute' => TRUE)); + openid_begin($form_state['values']['openid_identifier'], $return_to); +} + + /** * Present a confirmation form to delete the specified OpenID identity from the system. *