[Pkg-drupal-commits] r1846 - in /branches/drupal-4.7: CHANGELOG.txt debian/changelog modules/system.module modules/taxonomy.module

luigi at users.alioth.debian.org luigi at users.alioth.debian.org
Fri Dec 7 21:18:26 UTC 2007 

Author: luigi
Date: Fri Dec  7 21:18:25 2007
New Revision: 1846

URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=1846
Log:
New upstream release

Modified:
    branches/drupal-4.7/CHANGELOG.txt
    branches/drupal-4.7/debian/changelog
    branches/drupal-4.7/modules/system.module
    branches/drupal-4.7/modules/taxonomy.module

Modified: branches/drupal-4.7/CHANGELOG.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-4.7/CHANGELOG.txt?rev=1846&op=diff
==============================================================================
--- branches/drupal-4.7/CHANGELOG.txt (original)
+++ branches/drupal-4.7/CHANGELOG.txt Fri Dec  7 21:18:25 2007
@@ -1,4 +1,12 @@
-// $Id: CHANGELOG.txt,v 1.117.2.13 2007/10/17 21:35:41 goba Exp $
+// $Id: CHANGELOG.txt,v 1.117.2.16 2007/12/06 20:20:14 killes Exp $
+
+Drupal 4.7.10, 2007-12-06
+-------------------------
+- fixed taxonomy feed bug introduced by SA-2007-031
+
+Drupal 4.7.9, 2007-12-05
+------------------------
+- fixed a security issue (SQL injection), see SA-2007-031
 
 Drupal 4.7.8, 2007-10-17
 ----------------------

Modified: branches/drupal-4.7/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-4.7/debian/changelog?rev=1846&op=diff
==============================================================================
--- branches/drupal-4.7/debian/changelog (original)
+++ branches/drupal-4.7/debian/changelog Fri Dec  7 21:18:25 2007
@@ -1,3 +1,14 @@
+drupal (4.7.10-1) UNRELEASED; urgency=low
+
+  * (NOT RELEASED YET)
+  
+  [Luigi Gangitano]
+  * New upstream release
+   - Fixes SQL Injection vulnerability in contributed modules
+     (Ref: DRUPAL-SA-2007-031, CVE-TBA)
+
+ -- Luigi Gangitano <luigi at debian.org>  Fri, 07 Dec 2007 21:47:44 +0100
+
 drupal (4.7.8-1) unstable; urgency=high
 
   * Urgency high due to security fixes

Modified: branches/drupal-4.7/modules/system.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-4.7/modules/system.module?rev=1846&op=diff
==============================================================================
--- branches/drupal-4.7/modules/system.module (original)
+++ branches/drupal-4.7/modules/system.module Fri Dec  7 21:18:25 2007
@@ -1,12 +1,12 @@
 <?php
-// $Id: system.module,v 1.320.2.25 2007/10/17 21:35:42 goba Exp $
+// $Id: system.module,v 1.320.2.29 2007/12/06 19:49:19 killes Exp $
 
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '4.7.8');
+define('VERSION', '4.7.10');
 
 /**
  * Implementation of hook_help().

Modified: branches/drupal-4.7/modules/taxonomy.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-4.7/modules/taxonomy.module?rev=1846&op=diff
==============================================================================
--- branches/drupal-4.7/modules/taxonomy.module (original)
+++ branches/drupal-4.7/modules/taxonomy.module Fri Dec  7 21:18:25 2007
@@ -1,5 +1,5 @@
 <?php
-// $Id: taxonomy.module,v 1.275.2.15 2007/01/04 14:32:04 killes Exp $
+// $Id: taxonomy.module,v 1.275.2.17 2007/12/06 10:39:30 killes Exp $
 
 /**
  * @file
@@ -1104,16 +1104,20 @@
     }
 
     if ($operator == 'or') {
-      $str_tids = implode(',', call_user_func_array('array_merge', $descendant_tids));
-      $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1 AND n.moderate = 0 ORDER BY '. $order;
-      $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1 AND n.moderate = 0';
+      $args = call_user_func_array('array_merge', $descendant_tids);
+      $placeholders = implode(',', array_fill(0, count($args), '%d'));
+      $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1 AND n.moderate = 0 ORDER BY '. $order;
+      $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1 AND n.moderate = 0';
     }
     else {
+      $args = array();
       $joins = '';
       $wheres = '';
       foreach ($descendant_tids as $index => $tids) {
         $joins .= ' INNER JOIN {term_node} tn'. $index .' ON n.nid = tn'. $index .'.nid';
-        $wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')';
+        $placeholders = implode(',', array_fill(0, count($tids), '%d'));
+        $wheres .= ' AND tn'. $index .'.tid IN ('. $placeholders .')';
+        $args = array_merge($args, $tids);
       }
       $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n '. $joins .' WHERE n.status = 1 AND n.moderate = 0 '. $wheres .' ORDER BY '. $order;
       $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. $joins .' WHERE n.status = 1 AND n.moderate = 0 ' . $wheres;
@@ -1121,10 +1125,10 @@
     $sql = db_rewrite_sql($sql);
     $sql_count = db_rewrite_sql($sql_count);
     if ($pager) {
-      $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count);
+      $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count, $args);
     }
     else {
-      $result = db_query_range($sql, 0, variable_get('feed_default_items', 10));
+      $result = db_query_range($sql, $args, 0, variable_get('feed_default_items', 10));
     }
   }

More information about the Pkg-drupal-commits mailing list