Commit eadc9e17 authored by Riccardo Padovani's avatar Riccardo Padovani

Updated Drupal core to 7.31

parent 3c75d282
Drupal 7.31, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.
Drupal 7.30, 2014-07-24
-----------------------
- Fixed a regression introduced in Drupal 7.29 that caused files or images
......
......@@ -8,7 +8,7 @@
/**
* The current system version.
*/
define('VERSION', '7.30');
define('VERSION', '7.31');
/**
* Core API compatibility.
......
......@@ -178,7 +178,41 @@ function xmlrpc_message_parse($xmlrpc_message) {
xml_set_element_handler($xmlrpc_message->_parser, 'xmlrpc_message_tag_open', 'xmlrpc_message_tag_close');
xml_set_character_data_handler($xmlrpc_message->_parser, 'xmlrpc_message_cdata');
xmlrpc_message_set($xmlrpc_message);
if (!xml_parse($xmlrpc_message->_parser, $xmlrpc_message->message)) {
// Strip XML declaration.
$header = preg_replace('/<\?xml.*?\?'.'>/s', '', substr($xmlrpc_message->message, 0, 100), 1);
$xml = trim(substr_replace($xmlrpc_message->message, $header, 0, 100));
if ($xml == '') {
return FALSE;
}
// Strip DTD.
$header = preg_replace('/^<!DOCTYPE[^>]*+>/i', '', substr($xml, 0, 200), 1);
$xml = trim(substr_replace($xml, $header, 0, 200));
if ($xml == '') {
return FALSE;
}
// Confirm the XML now starts with a valid root tag. A root tag can end in [> \t\r\n]
$root_tag = substr($xml, 0, strcspn(substr($xml, 0, 20), "> \t\r\n"));
// Reject a second DTD.
if (strtoupper($root_tag) == '<!DOCTYPE') {
return FALSE;
}
if (!in_array($root_tag, array('<methodCall', '<methodResponse', '<fault'))) {
return FALSE;
}
// Skip parsing if there is an unreasonably large number of tags.
try {
$dom = new DOMDocument();
@$dom->loadXML($xml);
if ($dom->getElementsByTagName('*')->length > variable_get('xmlrpc_message_maximum_tag_count', 30000)) {
return FALSE;
}
}
catch (Exception $e) {
return FALSE;
}
if (!xml_parse($xmlrpc_message->_parser, $xml)) {
return FALSE;
}
xml_parser_free($xmlrpc_message->_parser);
......
......@@ -7,8 +7,8 @@ files[] = aggregator.test
configure = admin/config/services/aggregator/settings
stylesheets[all][] = aggregator.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = block.test
configure = admin/structure/block
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -13,8 +13,8 @@ regions[footer] = Footer
regions[highlighted] = Highlighted
regions[help] = Help
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = blog.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ files[] = book.test
configure = admin/content/book/settings
stylesheets[all][] = book.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = color.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -9,8 +9,8 @@ files[] = comment.test
configure = admin/content/comment
stylesheets[all][] = comment.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = contact.test
configure = admin/structure/contact
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = contextual.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ files[] = dashboard.test
dependencies[] = block
configure = admin/dashboard/customize
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = dblog.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -11,8 +11,8 @@ dependencies[] = field_sql_storage
required = TRUE
stylesheets[all][] = theme/field.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ dependencies[] = field
files[] = field_sql_storage.test
required = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ dependencies[] = field
dependencies[] = options
files[] = tests/list.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
dependencies[] = field
files[] = number.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
dependencies[] = field
files[] = options.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ dependencies[] = field
files[] = text.test
required = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ files[] = field_test.entity.inc
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
dependencies[] = field
files[] = field_ui.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
dependencies[] = field
files[] = tests/file.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ files[] = filter.test
required = TRUE
configure = admin/config/content/formats
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -9,8 +9,8 @@ files[] = forum.test
configure = admin/structure/forum
stylesheets[all][] = forum.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = help.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -7,8 +7,8 @@ dependencies[] = file
files[] = image.test
configure = admin/config/media/image-styles
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = image_module_test.module
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = locale.test
configure = admin/config/regional/language
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ package = Testing
version = VERSION
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = menu.test
configure = admin/structure/menu
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -9,8 +9,8 @@ required = TRUE
configure = admin/structure/types
stylesheets[all][] = node.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -158,6 +158,11 @@ function _openid_xrds_parse($raw_xml) {
return array();
}
// Also stop parsing if there is an unreasonably large number of tags.
if ($dom->getElementsByTagName('*')->length > variable_get('openid_xrds_maximum_tag_count', 30000)) {
return array();
}
// Parse the DOM document for the information we need.
if ($xml = simplexml_import_dom($dom)) {
foreach ($xml->children(OPENID_NS_XRD)->XRD as $xrd) {
......
......@@ -5,8 +5,8 @@ package = Core
core = 7.x
files[] = openid.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
dependencies[] = openid
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -4,8 +4,8 @@ package = Core
version = VERSION
core = 7.x
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = path.test
configure = admin/config/search/path
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = php.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -6,8 +6,8 @@ core = 7.x
files[] = poll.test
stylesheets[all][] = poll.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -11,8 +11,8 @@ configure = admin/config/people/profile
; See user_system_info_alter().
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
files[] = rdf.test
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -5,8 +5,8 @@ version = VERSION
core = 7.x
hidden = TRUE
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"
datestamp = "1406239730"
datestamp = "1407346433"
......@@ -8,8 +8,8 @@ files[] = search.test
configure = admin/config/search/settings
stylesheets[all][] = search.css
; Information added by Drupal.org packaging script on 2014-07-24
version = "7.30"
; Information added by Drupal.org packaging script on 2014-08-06
version = "7.31"
project = "drupal"