drupal security fix bronkens drupal website (was: Re: [SECURITY] [DSA 1125-1] New drupal packages fix execution of arbitrary web script code)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/26/2006 06:20 PM, Moritz Muehlenhoff wrote:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 1125-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> July 26th, 2006 http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package : drupal
> Vulnerability : several
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CVE-2006-2742 CVE-2006-2743 CVE-2006-2831 CVE-2006-2832 CVE-2006-2833
> Debian Bug : 368835
Hi people,
The update of Drupal in two machines (Sarge) broken it.
The fix is trivial, just add a ';' at the end of line 105 in
/usr/share/drupal/includes/file.inc
It is:
$message = t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the
following lines: <code>%htaccess</code>", array('%directory' => theme('placeholder', $directory), '%htaccess' => '<br />'. str_replace("\n", '<br />',
check_plain($htaccess_lines))))
And should be:
$message = t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the
following lines: <code>%htaccess</code>", array('%directory' => theme('placeholder', $directory), '%htaccess' => '<br />'. str_replace("\n", '<br />',
check_plain($htaccess_lines))));
Kind regards,
- --
Felipe Augusto van de Wiel (faw)
"Debian. Freedom to code. Code to freedom!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFEx/pSCjAO0JDlykYRAil5AJ9EPfAClEIJKsQm7+yfmSHe9eGC5wCglNBo
M3kN5DEl2Dt5MtKnTRuLxtM=
=m4w1
-----END PGP SIGNATURE-----
Reply to: