andriyun/How to path your Drupal 7 regarding SA-CORE-2018-002.md

Last active April 25, 2018 19:11

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/andriyun/9123c03faf5b4a77f5d3651935bb091a.js"></script>
Save andriyun/9123c03faf5b4a77f5d3651935bb091a to your computer and use it in GitHub Desktop.

Download ZIP

Raw

How to path your Drupal 7 regarding SA-CORE-2018-002.md

How to patch your Drupal 7 regarding SA-CORE-2018-002

All the changes in this file created based on original patch for Drupal.7.57

https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5

Check if your site is not patched before

There is no includes/request-sanitizer.inc file.

Add request-sanitizer.inc file

Open drupal root and call the command

cd /project/public_html
curl https://gist.githubusercontent.com/andriyun/2635c4c4f328317e87a7abe1ca7cb932/raw/b06bd1c1f67aef89a45d3dcb9cc617bfbeb7ca08/SA-CORE-2018-002-D7-partial.patch | patch -p1

Add call of request sanitizer to includes/bootstrap.inc

Open includes/bootstrap.inc
Find code snippet lines ~ 2200 - 2650

  // Initialize the configuration, including variables from settings.php.
  drupal_settings_initialize();

Add following 4 lines after drupal_settings_initialize();


  // Sanitize unsafe keys from the request.
  require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
  DrupalRequestSanitizer::sanitize();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment