bachy
@@ -8,7 +8,7 @@
|
||||
/**
|
||||
* The current system version.
|
||||
*/
|
||||
define('VERSION', '7.17');
|
||||
define('VERSION', '7.19');
|
||||
|
||||
/**
|
||||
* Core API compatibility.
|
||||
|
||||
@@ -160,18 +160,6 @@ class DrupalDefaultEntityController implements DrupalEntityControllerInterface {
|
||||
public function load($ids = array(), $conditions = array()) {
|
||||
$entities = array();
|
||||
|
||||
# PATCH http://drupal.org/node/1003788#comment-5195682
|
||||
// Clean the $ids array to remove non-integer values that can be passed
|
||||
// in from various sources, including menu callbacks.
|
||||
if (is_array($ids)) {
|
||||
foreach ($ids as $key => $id) {
|
||||
if (empty($id) || ((string) $id !== (string) (int) $id)) {
|
||||
unset($ids[$key]);
|
||||
}
|
||||
}
|
||||
}
|
||||
# endpatch
|
||||
|
||||
// Revisions are not statically cached, and require a different query to
|
||||
// other conditions, so separate the revision id into its own variable.
|
||||
if ($this->revisionKey && isset($conditions[$this->revisionKey])) {
|
||||
|
||||
@@ -1113,6 +1113,9 @@ function file_munge_filename($filename, $extensions, $alerts = TRUE) {
|
||||
|
||||
// Allow potentially insecure uploads for very savvy users and admin
|
||||
if (!variable_get('allow_insecure_uploads', 0)) {
|
||||
// Remove any null bytes. See http://php.net/manual/en/security.filesystem.nullbytes.php
|
||||
$filename = str_replace(chr(0), '', $filename);
|
||||
|
||||
$whitelist = array_unique(explode(' ', trim($extensions)));
|
||||
|
||||
// Split the filename up by periods. The first part becomes the basename
|
||||
|
||||
Reference in New Issue
Block a user