From f14f308445d06dd67e4377a7755a3039857a7b98 Mon Sep 17 00:00:00 2001 From: Eugen Mayer <136934+EugenMayer@users.noreply.github.com> Date: Tue, 21 Mar 2023 12:02:40 +0100 Subject: [PATCH 1/4] Backport fix for SA-CORE-2023-004 SA-CORE-2023-004 / https://www.drupal.org/sa-core-2023-004 --- modules/system/system.admin.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index 315390cf21b..fa715990df8 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -1759,7 +1759,7 @@ function system_run_cron() { * Menu callback: return information about PHP. */ function system_php() { - phpinfo(); + phpinfo(~ (INFO_VARIABLES | INFO_ENVIRONMENT)); exit(); } From d55621c8a5170db147c91a61e6c619021faa82cc Mon Sep 17 00:00:00 2001 From: Neil Thompson Date: Fri, 5 May 2023 04:42:23 +0100 Subject: [PATCH 2/4] "B" flag added to rewrite rule - See https://github.com/d6lts/drupal/issues/77 "Apache update causes Drupal URLs with spaces and other special characters to fail" --- .htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.htaccess b/.htaccess index ca10d364e09..95c9b6aea9c 100644 --- a/.htaccess +++ b/.htaccess @@ -140,7 +140,7 @@ DirectoryIndex index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico - RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] + RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA] # Various header fixes. From a7fdb449374ee5a13690a79671d8c8caa01dfd72 Mon Sep 17 00:00:00 2001 From: Neil Thompson Date: Fri, 5 May 2023 10:27:17 +0100 Subject: [PATCH 3/4] Removing fatal errors and warnings encountered with PHP 8.1 - (Removing warnings) - checking for existence of properties and array keys before attempting to use them (mysqli.inc, menu.inc, comment.module, node.module, user.module - form.inc, update.php - only variables may be passed by reference - install.php - order of arguments to implode must now be separator, array --- includes/database.mysqli.inc | 3 +-- includes/form.inc | 4 ++-- includes/menu.inc | 4 +++- install.php | 2 +- modules/comment/comment.module | 2 ++ modules/node/node.module | 10 +++++----- modules/system/system.module | 4 ++-- modules/user/user.module | 4 ++-- update.php | 3 ++- 9 files changed, 20 insertions(+), 16 deletions(-) diff --git a/includes/database.mysqli.inc b/includes/database.mysqli.inc index b373730eabc..039f011c909 100644 --- a/includes/database.mysqli.inc +++ b/includes/database.mysqli.inc @@ -40,7 +40,6 @@ function db_status_report($phase) { /** * Returns the version of the database server currently in use. * - * @return Database server version */ function db_version() { global $active_db; @@ -333,7 +332,7 @@ function db_decode_blob($data) { */ function db_escape_string($text) { global $active_db; - return mysqli_real_escape_string($active_db, $text); + return mysqli_real_escape_string($active_db, $text ?? ''); } /** diff --git a/includes/form.inc b/includes/form.inc index 53ae400acea..7bcb03de518 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -476,7 +476,7 @@ function drupal_process_form($form_id, &$form, &$form_state) { // possibly ending execution. We make sure we do not react to the batch // that is already being processed (if a batch operation performs a // drupal_execute). - if ($batch =& batch_get() && !isset($batch['current_set'])) { + if ($batch = batch_get() && !isset($batch['current_set'])) { // The batch uses its own copies of $form and $form_state for // late execution of submit handers and post-batch redirection. $batch['form'] = $form; @@ -1379,7 +1379,7 @@ function form_type_textfield_value($form, $edit = FALSE) { if ($edit !== FALSE) { // Equate $edit to the form value to ensure it's marked for // validation. - return str_replace(array("\r", "\n"), '', $edit); + return str_replace(array("\r", "\n"), '', $edit ?? ''); } } diff --git a/includes/menu.inc b/includes/menu.inc index 5b0a97c5b55..c869978e30b 100644 --- a/includes/menu.inc +++ b/includes/menu.inc @@ -576,7 +576,9 @@ function _menu_translate(&$router_item, $map, $to_arg = FALSE) { $link_map = explode('/', $router_item['path']); for ($i = 0; $i < $router_item['number_parts']; $i++) { if ($link_map[$i] == '%') { - $link_map[$i] = $path_map[$i]; + if (array_key_exists($i, $path_map)) { + $link_map[$i] = $path_map[$i]; + } } } $router_item['href'] = implode('/', $link_map); diff --git a/install.php b/install.php index b2764100ae6..dbbaf3fdc10 100644 --- a/install.php +++ b/install.php @@ -397,7 +397,7 @@ function _install_settings_form_validate($db_prefix, $db_type, $db_user, $db_pas $function = 'drupal_test_'. $db_type; if (!$function($db_url, $success)) { if (isset($success['CONNECT'])) { - form_set_error('db_type', st('In order for Drupal to work, and to continue with the installation process, you must resolve all permission issues reported above. We were able to verify that we have permission for the following commands: %commands. For more help with configuring your database server, see the Installation and upgrading handbook. If you are unsure what any of this means you should probably contact your hosting provider.', array('%commands' => implode($success, ', ')))); + form_set_error('db_type', st('In order for Drupal to work, and to continue with the installation process, you must resolve all permission issues reported above. We were able to verify that we have permission for the following commands: %commands. For more help with configuring your database server, see the Installation and upgrading handbook. If you are unsure what any of this means you should probably contact your hosting provider.', array('%commands' => implode(', ', $success)))); } else { form_set_error('db_type', ''); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 34c6deb117b..19be88f6f6d 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -760,6 +760,8 @@ function comment_save($edit) { $edit['name'] = $user->name; } + $edit['format'] = $edit['format'] ?? FILTER_FORMAT_DEFAULT; + db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, format, hostname, timestamp, status, thread, name, mail, homepage) VALUES (%d, %d, %d, '%s', '%s', %d, '%s', %d, %d, '%s', '%s', '%s', '%s')", $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], ip_address(), $edit['timestamp'], $edit['status'], $thread, $edit['name'], $edit['mail'], $edit['homepage']); $edit['cid'] = db_last_insert_id('comments', 'cid'); diff --git a/modules/node/node.module b/modules/node/node.module index 4cc6bdfb715..f9236079cad 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -447,13 +447,13 @@ function node_get_types($op = 'types', $node = NULL, $reset = FALSE) { case 'types': return $_node_types; case 'type': - return isset($_node_types[$type]) ? $_node_types[$type] : FALSE; + return isset($type) && isset($_node_types[$type]) ? $_node_types[$type] : FALSE; case 'module': - return isset($_node_types[$type]->module) ? $_node_types[$type]->module : FALSE; + return isset($type) && isset($_node_types[$type]->module) ? $_node_types[$type]->module : FALSE; case 'names': return $_node_names; case 'name': - return isset($_node_names[$type]) ? $_node_names[$type] : FALSE; + return isset($type) && isset($_node_names[$type]) ? $_node_names[$type] : FALSE; } } @@ -1048,13 +1048,13 @@ function node_prepare($node, $teaser = FALSE) { // First we'll overwrite the existing node teaser and body with // the filtered copies! Then, we'll stick those into the content // array and set the read more flag if appropriate. - $node->readmore = $node->teaser != $node->body; + $node->readmore = property_exists($node, 'teaser') && $node->teaser != $node->body; if ($teaser == FALSE) { $node->body = check_markup($node->body, $node->format, FALSE); } else { - $node->teaser = check_markup($node->teaser, $node->format, FALSE); + $node->teaser = check_markup(($node->teaser ?? ''), $node->format, FALSE); } $node->content['body'] = array( diff --git a/modules/system/system.module b/modules/system/system.module index 77824466bb7..25cac7eba44 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '6.60'); +define('VERSION', '6.61'); /** * Core API compatibility. @@ -18,7 +18,7 @@ define('DRUPAL_CORE_COMPATIBILITY', '6.x'); /** * Minimum supported version of PHP. */ -define('DRUPAL_MINIMUM_PHP', '4.3.5'); +define('DRUPAL_MINIMUM_PHP', '8.1'); /** * Minimum recommended value of PHP memory_limit. diff --git a/modules/user/user.module b/modules/user/user.module index 5ff9a35a361..b7a8fe63a56 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -1533,7 +1533,7 @@ function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) { if ($register || ($GLOBALS['user']->uid == $uid && user_access('change own username')) || $admin) { $form['account']['name'] = array('#type' => 'textfield', '#title' => t('Username'), - '#default_value' => $edit['name'], + '#default_value' => ($edit['name'] ?? ''), '#maxlength' => USERNAME_MAX_LENGTH, '#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores.'), '#required' => TRUE, @@ -1541,7 +1541,7 @@ function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) { } $form['account']['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), - '#default_value' => $edit['mail'], + '#default_value' => ($edit['mail'] ?? ''), '#maxlength' => EMAIL_MAX_LENGTH, '#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), '#required' => TRUE, diff --git a/update.php b/update.php index 2ac80decd3e..378c1ab3473 100644 --- a/update.php +++ b/update.php @@ -313,7 +313,8 @@ function update_results_page() { $output = '

Updates were attempted. If you see no failures below, you may proceed happily to the administration pages. Otherwise, you may need to update your database manually.'. $log_message .'

'; } else { - list($module, $version) = array_pop(reset($_SESSION['updates_remaining'])); + $updates_remaining = reset($_SESSION['updates_remaining']); + list($module, $version) = array_pop($updates_remaining); $output = '

The update process was aborted prematurely while running update #'. $version .' in '. $module .'.module.'. $log_message; if (module_exists('dblog')) { $output .= ' You may need to check the watchdog database table manually.'; From ed1ecaa7aef24bbc208f607d399edc91aff543dc Mon Sep 17 00:00:00 2001 From: Neil Thompson Date: Tue, 9 May 2023 04:39:10 +0100 Subject: [PATCH 4/4] Revert ""B" flag added to rewrite rule" This reverts commit d55621c8a5170db147c91a61e6c619021faa82cc. --- .htaccess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.htaccess b/.htaccess index 95c9b6aea9c..ca10d364e09 100644 --- a/.htaccess +++ b/.htaccess @@ -140,7 +140,7 @@ DirectoryIndex index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico - RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA] + RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] # Various header fixes.