[development] Drupal 4.5.7/4.6.5 release schedule

andrew morton drewish at katherinehouse.com
Thu Dec 8 00:57:44 UTC 2005


On 12/7/05, Karoly Negyesi <karoly at negyesi.net> wrote:
> On Thu, 08 Dec 2005 01:15:18 +0100, Robert Garrigós Castro
> <robert at garrigos.org> wrote:
>
> > I just upgraded to 4.6.4 and checked 4.6.4 at cvs also and noticed that
> > valid_input_data() function in common.inc is missing. Some modules do
> > use this function thus are not working with that change. banner.module
> > is one of them. Was this necessary because of the recent security
> > vulnerabilities? In any case a work arround would need to be anounced.
>
> Sorry for not announcing.
>
> valid_input_data was broken beyond repair.
>
> Filter on output please. This was the preferred way anyways, now it's
> mandatory. If you need more information do not hesitate to write the list
> again.

I don't think it will be that big a deal. I checked out a copy of the
4.6 branch of contrib/modules and greped for "valid_input_data" and it
only turned up in four modules:

css/css.module:        if (!valid_input_data($node->css_css)) {
customerror/patches/common.inc.4.6.3:function valid_input_data($data) {
customerror/patches/common.inc.4.6.3:      if (!valid_input_data($key)
|| !valid_input_data($value)) {
customerror/patches/common.inc.4.6.3:  if (!valid_input_data($_GET)
customerror/patches/common.inc.4.6.3:   || !valid_input_data($_POST)
customerror/patches/common.inc.4.6.3:   || !valid_input_data($_COOKIE)
customerror/patches/common.inc.4.6.3:   || !valid_input_data($_FILES)) {
evaluation/patched_files/common.inc:function valid_input_data($data) {
evaluation/patched_files/common.inc:      if (!valid_input_data($key)
|| !valid_input_data($value)) {
evaluation/patched_files/common.inc:  if (!valid_input_data($_GET)
evaluation/patched_files/common.inc:   || !valid_input_data($_POST)
evaluation/patched_files/common.inc:   || !valid_input_data($_COOKIE)
evaluation/patched_files/common.inc:   || !valid_input_data($_FILES)) {
image_import/TODO.txt:  of the uploaded files using valid_input_data().

Two of those (customerror and evaluation) were because they had copies
of common.inc sitting around. Image_import had a hit in a todo file.
I'll open a bug for the instance in the CSS module.

andrew


More information about the development mailing list