All the changes in this file created based on original patch for Drupal.7.57
https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
There is no includes/request-sanitizer.inc file.
#!/bin/sh | |
PROJECT_SITENAME="example.com" | |
DRUPAL_ROOT="/path/to/drupal/root_folder" | |
DUMP_FILE_NAME="${PROJECT_SITENAME}_db_$(date +%Y%m%d).sql.gz" | |
LOCAL_ENV_WRAPPER="sh -c" | |
# For dockerized env. | |
#LOCAL_ENV_WRAPPER="docker-compose exec php sh -c" | |
SSH_CRED="user@remote_host" | |
ssh $SSH_CRED "drush --uri=$PROJECT_SITENAME --root=$DRUPAL_ROOT sql-dump | gzip -9 > ~/$DUMP_FILE_NAME" |
All the changes in this file created based on original patch for Drupal.7.57
https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
There is no includes/request-sanitizer.inc file.
#!/bin/sh | |
# Run the script and put path as first parameter. | |
grep -rl 'eval(String.fromCharCode(' $1 | while read -r line ; do | |
if [ -f "$line" ] | |
then | |
echo "Fixing file $line \n" | |
sed -i 's/<script language=javascript>\([a-zA-Z0-9();.,\ ]*\)<\/script>//g' $line | |
fi | |
done |
If not please follow this manual How to patch your Drupal 7 regarding SA-CORE-2018-002
All changes in here is based on original patch for Drupal.7.58
diff --git a/includes/common.inc b/includes/common.inc | |
index d7dc47f..f61d1eb 100644 | |
--- a/includes/common.inc | |
+++ b/includes/common.inc | |
@@ -611,8 +611,9 @@ function drupal_parse_url($url) { | |
} | |
// The 'q' parameter contains the path of the current page if clean URLs are | |
// disabled. It overrides the 'path' of the URL when present, even if clean | |
- // URLs are enabled, due to how Apache rewriting rules work. | |
- if (isset($options['query']['q'])) { |
diff --git a/includes/request-sanitizer.inc b/includes/request-sanitizer.inc | |
new file mode 100644 | |
index 0000000..1daa6b5 | |
--- /dev/null | |
+++ b/includes/request-sanitizer.inc | |
@@ -0,0 +1,82 @@ | |
+<?php | |
+ | |
+/** | |
+ * @file |
diff --git a/core/lib/Drupal/Core/Security/RequestSanitizer.php b/core/lib/Drupal/Core/Security/RequestSanitizer.php | |
new file mode 100644 | |
index 0000000..8ba17b9 | |
--- /dev/null | |
+++ b/core/lib/Drupal/Core/Security/RequestSanitizer.php | |
@@ -0,0 +1,99 @@ | |
+<?php | |
+ | |
+namespace Drupal\Core\Security; | |
+ |
-- | |
-- Table structure for table `cache` | |
-- | |
CREATE TABLE IF NOT EXISTS `cache` ( | |
`cid` varchar(255) NOT NULL DEFAULT '' COMMENT 'Primary Key: Unique cache ID.', | |
`data` longblob COMMENT 'A collection of data to cache.', | |
`expire` int(11) NOT NULL DEFAULT '0' COMMENT 'A Unix timestamp indicating when the cache entry should expire, or 0 for never.', | |
`created` int(11) NOT NULL DEFAULT '0' COMMENT 'A Unix timestamp indicating when the cache entry was created.', |
<?php | |
$query = db_select('node', 'n') | |
->fields('n', array('nid')) | |
->condition('type', '[node_type]'); | |
$query->leftJoin('field_data_[field_name_1]', '[alias_1]', '[alias_1].entity_id = n.nid'); | |
$query->leftJoin('field_data_[field_name_2]', '[alias_2]', '[alias_2].entity_id = n.nid'); | |
$db_or = db_or() | |
->condition('[alias_1].[field_name_1]_value', '0') | |
->condition('[alias_2].[field_name_2]_value', NULL); |
<?php | |
/** | |
* See original implementation http://cgit.drupalcode.org/mailsystem/tree/src/MailsystemManager.php#n60 | |
*/ | |
// Switch the theme to the configured mail theme. | |
$theme_manager = \Drupal::service('theme.manager'); | |
$mail_theme = '[your theme name]'; | |
$current_active_theme = $theme_manager->getActiveTheme(); | |
if ($mail_theme && $mail_theme != $current_active_theme->getName()) { | |
$theme_initialization = \Drupal::service('theme.initialization'); |