Andriyun andriyun

## upd_local_db.sh
#!/bin/sh

PROJECT_SITENAME="example.com"
DRUPAL_ROOT="/path/to/drupal/root_folder"
DUMP_FILE_NAME="${PROJECT_SITENAME}_db_$(date +%Y%m%d).sql.gz"
LOCAL_ENV_WRAPPER="sh -c"
# For dockerized env.
#LOCAL_ENV_WRAPPER="docker-compose exec php sh -c"
SSH_CRED="user@remote_host"
ssh $SSH_CRED "drush --uri=$PROJECT_SITENAME --root=$DRUPAL_ROOT sql-dump | gzip -9 > ~/$DUMP_FILE_NAME"

## How to path your Drupal 7 regarding SA-CORE-2018-002.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                andriyun
                / How to path your Drupal 7 regarding SA-CORE-2018-002.md
            
            
              Last active
              April 25, 2018 19:11
            
          
    How to patch your Drupal 7 regarding SA-CORE-2018-002

All the changes in this file created based on original patch for Drupal.7.57
https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
Check if your site is not patched before

There is no includes/request-sanitizer.inc file.
Add request-sanitizer.inc file


## jseval-exploit-fix.sh
#!/bin/sh
# Run the script and put path as first parameter.

grep -rl 'eval(String.fromCharCode(' $1 | while read -r line ; do
  if [ -f "$line" ]
  then
    echo "Fixing file $line \n"
    sed -i 's/<script language=javascript>\([a-zA-Z0-9();.,\ ]*\)<\/script>//g' $line
  fi
done

## How to manually update your Drupal 7 regarding SA-CORE-2018-004.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                andriyun
                / How to manually update your Drupal 7 regarding SA-CORE-2018-004.md
            
            
              Last active
              April 26, 2018 11:48
            
          
    How to patch your Drupal 7 regarding SA-CORE-2018-004

Check if your site doesn't have SA-CORE-2018-002 security update

If not please follow this manual How to patch your Drupal 7 regarding SA-CORE-2018-002
Add changes to your drupal core files

All changes in here is based on original patch for Drupal.7.58

  
## SA-CORE-2018-004-D7-partial.patch
diff --git a/includes/common.inc b/includes/common.inc
index d7dc47f..f61d1eb 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -611,8 +611,9 @@ function drupal_parse_url($url) {
   }
   // The 'q' parameter contains the path of the current page if clean URLs are
   // disabled. It overrides the 'path' of the URL when present, even if clean
-  // URLs are enabled, due to how Apache rewriting rules work.
-  if (isset($options['query']['q'])) {

## SA-CORE-2018-002-D7-partial.patch
diff --git a/includes/request-sanitizer.inc b/includes/request-sanitizer.inc
new file mode 100644
index 0000000..1daa6b5
--- /dev/null
+++ b/includes/request-sanitizer.inc
@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * @file

## SA-CORE-2018-002-D8-partial.patch
diff --git a/core/lib/Drupal/Core/Security/RequestSanitizer.php b/core/lib/Drupal/Core/Security/RequestSanitizer.php
new file mode 100644
index 0000000..8ba17b9
--- /dev/null
+++ b/core/lib/Drupal/Core/Security/RequestSanitizer.php
@@ -0,0 +1,99 @@
+<?php
+
+namespace Drupal\Core\Security;
+

## drupal7_create_caching_tables.sql

--
-- Table structure for table `cache`
--

CREATE TABLE IF NOT EXISTS `cache` (
  `cid` varchar(255) NOT NULL DEFAULT '' COMMENT 'Primary Key: Unique cache ID.',
  `data` longblob COMMENT 'A collection of data to cache.',
  `expire` int(11) NOT NULL DEFAULT '0' COMMENT 'A Unix timestamp indicating when the cache entry should expire, or 0 for never.',
  `created` int(11) NOT NULL DEFAULT '0' COMMENT 'A Unix timestamp indicating when the cache entry was created.',

## db_select_with_or_condition.php
<?php
$query = db_select('node', 'n')
  ->fields('n', array('nid'))
  ->condition('type', '[node_type]');

$query->leftJoin('field_data_[field_name_1]', '[alias_1]', '[alias_1].entity_id = n.nid');
$query->leftJoin('field_data_[field_name_2]', '[alias_2]', '[alias_2].entity_id = n.nid');
$db_or = db_or()
  ->condition('[alias_1].[field_name_1]_value', '0')
  ->condition('[alias_2].[field_name_2]_value', NULL);

## drupal8-change-active-theme-programmatically.php
<?php
/**
 * See original implementation http://cgit.drupalcode.org/mailsystem/tree/src/MailsystemManager.php#n60
 */
// Switch the theme to the configured mail theme.
$theme_manager = \Drupal::service('theme.manager');
$mail_theme = '[your theme name]';
$current_active_theme = $theme_manager->getActiveTheme();
if ($mail_theme && $mail_theme != $current_active_theme->getName()) {
  $theme_initialization = \Drupal::service('theme.initialization');
	#!/bin/sh

	PROJECT_SITENAME="example.com"
	DRUPAL_ROOT="/path/to/drupal/root_folder"
	DUMP_FILE_NAME="${PROJECT_SITENAME}_db_$(date +%Y%m%d).sql.gz"
	LOCAL_ENV_WRAPPER="sh -c"
	# For dockerized env.
	#LOCAL_ENV_WRAPPER="docker-compose exec php sh -c"
	SSH_CRED="user@remote_host"
	ssh $SSH_CRED "drush --uri=$PROJECT_SITENAME --root=$DRUPAL_ROOT sql-dump \| gzip -9 > ~/$DUMP_FILE_NAME"
	#!/bin/sh
	# Run the script and put path as first parameter.

	grep -rl 'eval(String.fromCharCode(' $1 \| while read -r line ; do
	if [ -f "$line" ]
	then
	echo "Fixing file $line \n"
	sed -i 's/<script language=javascript>\([a-zA-Z0-9();.,\ ]*\)<\/script>//g' $line
	fi
	done
	diff --git a/includes/common.inc b/includes/common.inc
	index d7dc47f..f61d1eb 100644
	--- a/includes/common.inc
	+++ b/includes/common.inc
	@@ -611,8 +611,9 @@ function drupal_parse_url($url) {
	}
	// The 'q' parameter contains the path of the current page if clean URLs are
	// disabled. It overrides the 'path' of the URL when present, even if clean
	- // URLs are enabled, due to how Apache rewriting rules work.
	- if (isset($options['query']['q'])) {
	diff --git a/includes/request-sanitizer.inc b/includes/request-sanitizer.inc
	new file mode 100644
	index 0000000..1daa6b5
	--- /dev/null
	+++ b/includes/request-sanitizer.inc
	@@ -0,0 +1,82 @@
	+<?php
	+
	+/**
	+ * @file
	diff --git a/core/lib/Drupal/Core/Security/RequestSanitizer.php b/core/lib/Drupal/Core/Security/RequestSanitizer.php
	new file mode 100644
	index 0000000..8ba17b9
	--- /dev/null
	+++ b/core/lib/Drupal/Core/Security/RequestSanitizer.php
	@@ -0,0 +1,99 @@
	+<?php
	+
	+namespace Drupal\Core\Security;
	+

	--
	-- Table structure for table `cache`
	--

	CREATE TABLE IF NOT EXISTS `cache` (
	`cid` varchar(255) NOT NULL DEFAULT '' COMMENT 'Primary Key: Unique cache ID.',
	`data` longblob COMMENT 'A collection of data to cache.',
	`expire` int(11) NOT NULL DEFAULT '0' COMMENT 'A Unix timestamp indicating when the cache entry should expire, or 0 for never.',
	`created` int(11) NOT NULL DEFAULT '0' COMMENT 'A Unix timestamp indicating when the cache entry was created.',
	<?php
	$query = db_select('node', 'n')
	->fields('n', array('nid'))
	->condition('type', '[node_type]');

	$query->leftJoin('field_data_[field_name_1]', '[alias_1]', '[alias_1].entity_id = n.nid');
	$query->leftJoin('field_data_[field_name_2]', '[alias_2]', '[alias_2].entity_id = n.nid');
	$db_or = db_or()
	->condition('[alias_1].[field_name_1]_value', '0')
	->condition('[alias_2].[field_name_2]_value', NULL);
	<?php
	/**
	* See original implementation http://cgit.drupalcode.org/mailsystem/tree/src/MailsystemManager.php#n60
	*/
	// Switch the theme to the configured mail theme.
	$theme_manager = \Drupal::service('theme.manager');
	$mail_theme = '[your theme name]';
	$current_active_theme = $theme_manager->getActiveTheme();
	if ($mail_theme && $mail_theme != $current_active_theme->getName()) {
	$theme_initialization = \Drupal::service('theme.initialization');