Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.34.2.4
diff -u -p -r1.34.2.4 install.php
--- install.php 7 Nov 2007 08:10:16 -0000 1.34.2.4
+++ install.php 9 Jul 2008 20:37:35 -0000
@@ -153,6 +153,15 @@ function install_change_settings($profil
include_once './includes/form.inc';
drupal_maintenance_theme();
+ // Don't fill in placeholders
+ if ($db_url == 'mysql://username:password@localhost/databasename') {
+ $db_user = $db_pass = $db_path = '';
+ }
+ elseif (!empty($db_url)) {
+ // Do not install over a configured settings.php.
+ install_already_done_error();
+ }
+
// The existing database settings are not working, so we need write access
// to settings.php to change them.
if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_WRITABLE)) {
@@ -163,14 +172,6 @@ function install_change_settings($profil
exit;
}
- // Don't fill in placeholders
- if ($db_url == 'mysql://username:password@localhost/databasename') {
- $db_user = $db_pass = $db_path = '';
- }
- elseif (!empty($db_url)) {
- // Do not install over a configured settings.php.
- install_already_done_error();
- }
$output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path);
drupal_set_title(st('Database configuration'));
print theme('install_page', $output);
Index: includes/theme.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/theme.inc,v
retrieving revision 1.337.2.2
diff -u -p -r1.337.2.2 theme.inc
--- includes/theme.inc 31 May 2007 05:52:42 -0000 1.337.2.2
+++ includes/theme.inc 9 Jul 2008 20:37:57 -0000
@@ -544,16 +544,14 @@ function theme_links($links, $attributes
$i = 1;
foreach ($links as $key => $link) {
- $class = '';
+ $class = $key;
// Automatically add a class to each link and also to each LI
if (isset($link['attributes']) && isset($link['attributes']['class'])) {
$link['attributes']['class'] .= ' ' . $key;
- $class = $key;
}
else {
$link['attributes']['class'] = $key;
- $class = $key;
}
// Add first and last classes to the list of links to help out themers.
@@ -564,7 +562,7 @@ function theme_links($links, $attributes
if ($i == $num_links) {
$extra_class .= 'last ';
}
- $output .= '
$extra_class . $class)) .'>';
// Is the title HTML?
$html = isset($link['html']) && $link['html'];
Index: modules/filter/filter.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v
retrieving revision 1.160.2.6
diff -u -p -r1.160.2.6 filter.module
--- modules/filter/filter.module 22 Jan 2008 08:43:34 -0000 1.160.2.6
+++ modules/filter/filter.module 9 Jul 2008 20:37:46 -0000
@@ -1244,7 +1244,7 @@ function _filter_autop($text) {
* for scripts and styles.
*/
function filter_xss_admin($string) {
- return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
+ return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
}
/**
Index: modules/locale/locale.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/locale/locale.module,v
retrieving revision 1.155
diff -u -p -r1.155 locale.module
--- modules/locale/locale.module 27 Dec 2006 13:11:59 -0000 1.155
+++ modules/locale/locale.module 9 Jul 2008 20:37:41 -0000
@@ -111,7 +111,7 @@ function locale_menu($may_cache) {
'type' => MENU_CALLBACK);
$items[] = array('path' => 'admin/settings/locale/string/delete/'. arg(5),
'title' => t('Delete string'),
- 'callback' => 'locale_admin_string_delete',
+ 'callback' => 'locale_admin_string_delete_page',
'callback arguments' => array(arg(5)),
'access' => $access,
'type' => MENU_CALLBACK);
@@ -407,9 +407,29 @@ function locale_admin_string_edit_submit
}
/**
- * Delete a string.
+ * String deletion confirmation page.
*/
-function locale_admin_string_delete($lid) {
+function locale_admin_string_delete_page($lid) {
+ if ($source = db_fetch_object(db_query('SELECT * FROM {locales_source} WHERE lid = %d', $lid))) {
+ return drupal_get_form('locale_string_delete_form', $source);
+ }
+ else {
+ return drupal_not_found();
+ }
+}
+
+/**
+ * User interface for the string deletion confirmation screen.
+ */
+function locale_string_delete_form($source) {
+ $form['lid'] = array('#type' => 'value', '#value' => $source->lid);
+ return confirm_form($form, t('Are you sure you want to delete the string "%source"?', array('%source' => $source->source)), 'admin/build/translate/search', t('Deleting the string will remove all translations of this string in all languages. This action cannot be undone.'), t('Delete'), t('Cancel'));
+}
+
+/**
+ * Process string deletion submissions.
+ */
+function locale_string_delete_form_submit($form_id, $form_values) {
include_once './includes/locale.inc';
- _locale_string_delete($lid);
+ _locale_string_delete($form_values['lid']);
}
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.745.2.26
diff -u -p -r1.745.2.26 user.module
--- modules/user/user.module 7 Jan 2008 02:30:35 -0000 1.745.2.26
+++ modules/user/user.module 9 Jul 2008 20:37:51 -0000
@@ -968,9 +968,11 @@ function user_login_submit($form_id, $fo
// Update the user table timestamp noting user has logged in.
db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
+ // Regenerate the session ID to prevent against session fixation attacks.
+ sess_regenerate();
+
user_module_invoke('login', $form_values, $user);
- sess_regenerate();
return 'user/'. $user->uid;
}
}