• strict warning: Non-static method view::load() should not be called statically in /home/mosettis/public_html/sites/all/modules/views/views.module on line 1113.
  • strict warning: Declaration of views_handler_field::query() should be compatible with views_handler::query($group_by = false) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_field.inc on line 1147.
  • strict warning: Declaration of content_handler_field::element_type() should be compatible with views_handler_field::element_type($none_supported = false, $default_empty = false, $inline = false) in /home/mosettis/public_html/sites/all/modules/cck/includes/views/handlers/content_handler_field.inc on line 229.
  • strict warning: Declaration of views_handler_argument::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_argument.inc on line 917.
  • strict warning: Declaration of views_handler_argument::query() should be compatible with views_handler::query($group_by = false) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_argument.inc on line 917.
  • strict warning: Declaration of views_handler_filter::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_filter.inc on line 587.
  • strict warning: Declaration of views_handler_filter::query() should be compatible with views_handler::query($group_by = false) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_filter.inc on line 587.
  • strict warning: Declaration of views_plugin_query::options_submit() should be compatible with views_plugin::options_submit($form, &$form_state) in /home/mosettis/public_html/sites/all/modules/views/plugins/views_plugin_query.inc on line 169.
  • strict warning: Declaration of views_plugin_row::options_validate() should be compatible with views_plugin::options_validate(&$form, &$form_state) in /home/mosettis/public_html/sites/all/modules/views/plugins/views_plugin_row.inc on line 136.
  • strict warning: Declaration of views_plugin_pager_none::post_execute() should be compatible with views_plugin_pager::post_execute(&$result) in /home/mosettis/public_html/sites/all/modules/views/plugins/views_plugin_pager_none.inc on line 69.
  • strict warning: Non-static method view::load() should not be called statically in /home/mosettis/public_html/sites/all/modules/views/views.module on line 1113.
  • strict warning: Declaration of views_handler_sort::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_sort.inc on line 165.
  • strict warning: Declaration of views_handler_sort::options_submit() should be compatible with views_handler::options_submit($form, &$form_state) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_sort.inc on line 165.
  • strict warning: Declaration of views_handler_sort::query() should be compatible with views_handler::query($group_by = false) in /home/mosettis/public_html/sites/all/modules/views/handlers/views_handler_sort.inc on line 165.
  • strict warning: Declaration of semanticviews_plugin_style_default::options() should be compatible with views_object::options() in /home/mosettis/public_html/sites/all/modules/semanticviews/semanticviews_plugin_style_default.inc on line 232.
  • strict warning: Declaration of semanticviews_plugin_row_fields::options_validate() should be compatible with views_plugin_row::options_validate($form, &$form_state) in /home/mosettis/public_html/sites/all/modules/semanticviews/semanticviews_plugin_row_fields.inc on line 117.
  • strict warning: Non-static method view::load() should not be called statically in /home/mosettis/public_html/sites/all/modules/views/views.module on line 1113.
  • strict warning: Non-static method view::load() should not be called statically in /home/mosettis/public_html/sites/all/modules/views/views.module on line 1113.
  • strict warning: Non-static method view::load() should not be called statically in /home/mosettis/public_html/sites/all/modules/views/views.module on line 1113.

Drupal 6.10 Upgrade

On Monday, 2nd of March we are going to upgrade mosettiStudios website to the latest 6.10 Drupal release. Again this upgrade will fix several bugs and some security issue:

 

SA-CORE-2009-003 - Local file inclusion on Windows
Security announcements · Drupal 6.x
Drupal Security Team - February 25, 2009 - 18:16

    * Advisory ID: DRUPAL-SA-CORE-2009-003
    * Project: Drupal core
    * Versions: 6.x
    * Date: 2009-February-25
    * Security risk: Highly Critical
    * Exploitable from: Remote
    * Vulnerability: Local file inclusion on Windows

Description

This vulnerability exists on Windows, regardless of the type of webserver (Apache, IIS) used.

The Drupal theme system takes URL arguments into account when selecting a template file to use for page rendering. While doing so, it doesn't take into account how Windows arrives at a canonicalized path. This enables malicious users to include files, readable by the webserver and located on the same volume as Drupal, and to execute PHP contained within those files. For example: If a site has uploads enabled, an attacker may upload a file containing PHP code and cause it to be included on a subsequent request by manipulating the URL used to access the site.

Important note: An attacker may also be able to inject PHP code into webserver logs and subsequently include the log file, leading to code execution even if no upload functionality is enabled on the site.
Versions Affected

    * Drupal 6.x before version 6.10

Solution

Install the latest version:

    * If you are running Drupal 6.x then upgrade to Drupal 6.10.

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. The patch fixes the security vulnerability, but does not contain other fixes which were released in Drupal 6.10.

    * To patch Drupal 6.9 use SA-CORE-2009-003-6.9.patch.

We do apologize that during the upgrade time the website will not be visible and in "maintanance status", but we will be back on line on Monday afternoon.

Thanks

mosettiStudios Team