head 1.2; access; symbols pkgsrc-2015Q4:1.1.0.28 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.26 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.24 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.22 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.20 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.18 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.16 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.14 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.12 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.10 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.8 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.6 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.4 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2016.03.14.15.09.24; author taca; state dead; branches; next 1.1; commitid BOO8L2Lvc2lGDCYy; 1.1 date 2012.12.20.12.47.35; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2012.12.20.12.47.35; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2012.12.21.11.01.33; author tron; state Exp; branches; next ; desc @@ 1.2 log @Remove drupal6, it has been EOL. @ text @$NetBSD: patch-includes_path.inc,v 1.1 2012/12/20 12:47:35 taca Exp $ Possible fix to SA4931. --- includes/path.inc.orig 2012-12-19 18:51:43.000000000 +0000 +++ includes/path.inc @@@@ -13,7 +13,7 @@@@ * Initialize the $_GET['q'] variable to the proper normal path. */ function drupal_init_path() { - if (!empty($_GET['q'])) { + if (!empty($_GET['q']) && is_string($_GET['q'])) { $_GET['q'] = drupal_get_normal_path(trim($_GET['q'], '/')); } else { @ 1.1 log @Update drupal6 to 6.27 fixed security problem. * Add a possible fix of SA4931, too. Drupal 6.27, 2012-12-19 ---------------------- - Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-includes_path.inc was added on branch pkgsrc-2012Q3 on 2012-12-21 11:01:33 +0000 @ text @d1 15 @ 1.1.2.2 log @Pullup ticket #3998 - requested by taca www/drupal6: security update Revisions pulled up: - www/drupal6/Makefile 1.38-1.40 - www/drupal6/distinfo 1.26 - www/drupal6/patches/patch-includes_path.inc 1.1 --- Module Name: pkgsrc Committed By: wiz Date: Wed Oct 3 21:59:10 UTC 2012 Modified Files: pkgsrc/www/drupal6: Makefile Log Message: Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. --- Module Name: pkgsrc Committed By: taca Date: Thu Dec 20 12:47:35 UTC 2012 Modified Files: pkgsrc/www/drupal6: Makefile distinfo Added Files: pkgsrc/www/drupal6/patches: patch-includes_path.inc Log Message: Update drupal6 to 6.27 fixed security problem. * Add a possible fix of SA4931, too. Drupal 6.27, 2012-12-19 ---------------------- - Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004. @ text @a0 15 $NetBSD$ Possible fix to SA4931. --- includes/path.inc.orig 2012-12-19 18:51:43.000000000 +0000 +++ includes/path.inc @@@@ -13,7 +13,7 @@@@ * Initialize the $_GET['q'] variable to the proper normal path. */ function drupal_init_path() { - if (!empty($_GET['q'])) { + if (!empty($_GET['q']) && is_string($_GET['q'])) { $_GET['q'] = drupal_get_normal_path(trim($_GET['q'], '/')); } else { @