On 12/7/05, Karoly Negyesi <karoly@negyesi.net> wrote:
On Thu, 08 Dec 2005 01:15:18 +0100, Robert Garrigós Castro <robert@garrigos.org> wrote:
I just upgraded to 4.6.4 and checked 4.6.4 at cvs also and noticed that valid_input_data() function in common.inc is missing. Some modules do use this function thus are not working with that change. banner.module is one of them. Was this necessary because of the recent security vulnerabilities? In any case a work arround would need to be anounced.
Sorry for not announcing.
valid_input_data was broken beyond repair.
Filter on output please. This was the preferred way anyways, now it's mandatory. If you need more information do not hesitate to write the list again.
I don't think it will be that big a deal. I checked out a copy of the 4.6 branch of contrib/modules and greped for "valid_input_data" and it only turned up in four modules: css/css.module: if (!valid_input_data($node->css_css)) { customerror/patches/common.inc.4.6.3:function valid_input_data($data) { customerror/patches/common.inc.4.6.3: if (!valid_input_data($key) || !valid_input_data($value)) { customerror/patches/common.inc.4.6.3: if (!valid_input_data($_GET) customerror/patches/common.inc.4.6.3: || !valid_input_data($_POST) customerror/patches/common.inc.4.6.3: || !valid_input_data($_COOKIE) customerror/patches/common.inc.4.6.3: || !valid_input_data($_FILES)) { evaluation/patched_files/common.inc:function valid_input_data($data) { evaluation/patched_files/common.inc: if (!valid_input_data($key) || !valid_input_data($value)) { evaluation/patched_files/common.inc: if (!valid_input_data($_GET) evaluation/patched_files/common.inc: || !valid_input_data($_POST) evaluation/patched_files/common.inc: || !valid_input_data($_COOKIE) evaluation/patched_files/common.inc: || !valid_input_data($_FILES)) { image_import/TODO.txt: of the uploaded files using valid_input_data(). Two of those (customerror and evaluation) were because they had copies of common.inc sitting around. Image_import had a hit in a todo file. I'll open a bug for the instance in the CSS module. andrew