HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

6.13

Drupal Release: 6.13

Tag Name: 6.13

Release Date: 7/1/2009

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 6.13: Security Enhancements and Bug Fixes

Drupal 6.13 is primarily a maintenance release that addresses several security vulnerabilities and fixes numerous bugs across the system. Key improvements include better handling of JavaScript and CSS files, enhanced security for password checking and text filtering, and fixes for cron actions and node access rebuilding. This release also improves PostgreSQL compatibility and optimizes update status checking to reduce server load.

Highlight of the Release

    • Fixed JavaScript string split() behavior to match PHP's explode() function
    • Improved CSS/JS file naming to prevent ad-blocker conflicts
    • Fixed cron-triggered actions that weren't executing properly
    • Enhanced security with proper password equality checking
    • Optimized update status checking to reduce load on drupal.org

Migration Guide

No specific migration steps are required for this maintenance release. Drupal 6.13 contains bug fixes and security improvements that don't require any special migration procedures.

Standard update procedures apply:

  1. Back up your database and site files
  2. Put your site in maintenance mode
  3. Replace your existing Drupal files with the new version, preserving any customizations
  4. Run the update script by visiting update.php in your browser
  5. Take your site out of maintenance mode

As always, test the update on a staging environment before applying to your production site.

Upgrade Recommendations

This release contains important security enhancements and bug fixes that improve the stability and security of Drupal 6 sites. All Drupal 6 sites should upgrade to version 6.13 as soon as possible.

The update is particularly important for:

  • Sites using OpenID authentication
  • Sites with complex node access requirements
  • Sites that rely heavily on cron-triggered actions
  • Sites with custom modules that interact with the JavaScript/CSS handling system

The update process follows the standard Drupal procedure and should not cause any disruption to existing functionality. As always, perform a complete backup before upgrading and test on a staging environment if possible.

Bug Fixes

  • JavaScript/CSS Handling

    • Fixed JavaScript string split() function behavior to match PHP's explode() function, resolving issues with multiple node body break tags (#193577)
    • Modified _drupal_flush_css_js() to avoid using 'q' as a CSS query character since it conflicts with Drupal's path name character (#454992)
    • Added prefixes to compressed CSS and JS filenames to prevent ad-blocking software from blocking files with names starting with "ad" (#452704)

  • Cron and Actions

    • Fixed actions set to run on cron that were not being triggered properly (#246096)
    • Fixed documentation in cache_clear_all() that incorrectly mentioned cache_flush_delay instead of cache_lifetime (#468732)

  • User Interface

    • Removed unnecessary drupal_set_title() in forum_overview() as the menu system already sets and localizes the title (#460420)
    • Fixed grammar issues in forum module messages (#479216)
    • Improved handling of the Anonymous user name with proper text escaping for output (#465190)

  • Node Access

    • Modified node access rebuild button to always be shown, fixing fragile conditional logic that sometimes hid it when needed (#226479)

  • Database and Performance

    • Fixed PostgreSQL column changes to use explicit type casting for proper data preservation (#373225)
    • Optimized file_space_used() to only be called when a limit is provided, saving a database query (#197266)
    • Fixed function argument order in system_clear_cache_submit() (#236657)

  • Testing and Development

    • Enhanced SimpleTest HTTP query testing by passing the instance identifier (database prefix) (#482646)

  • OpenID

    • Improved OpenID provider list with more user-friendly links and removed unnecessary URL wrapping from remote links (#339466)

  • Translation and Text Handling

    • Fixed safe string check on translations to only apply to the default textgroup, allowing proper handling of HTML in other textgroups like blocks and menu items (#352121)
    • Fixed tablesort code to properly handle nested tables by only matching immediate descendants (#329797)

New Features

No significant new features were added in this maintenance release. Drupal 6.13 focuses on bug fixes, security improvements, and performance optimizations to the existing codebase.

Security Updates

  • Input Validation and Filtering

    • Enhanced password equality checking to use strict type checking, ensuring passwords are compared character by character as strings (#398902)
    • Improved security for site name and site slogan by using filter_xss_admin(), consistent with footer message and mission handling (#461938)
    • Fixed safe string check on translations to properly handle HTML in different textgroups (#352121)

  • File System Security

    • Modified CSS and JS file naming to include prefixes, preventing ad-blocking software from inadvertently blocking system files (#452704)

  • Session Security

    • Improved session handling by ensuring the session.use_cookies PHP setting is turned on at all times (#145733)

Performance Improvements

  • Update Status Optimization

    • Modified update status checking to not request update data until a certain limit is reached, reducing load on drupal.org and improving performance when drupal.org is unavailable (#243253)

  • Query Reduction

    • Optimized file_space_used() to only be called when a limit is provided, saving unnecessary database queries (#197266)

  • Session Handling

    • Improved session handling by ensuring the session.use_cookies PHP setting is turned on at all times, which is required for optimal Drupal performance (#145733)

Impact Summary

Drupal 6.13 is a maintenance release that focuses on bug fixes and security improvements rather than new features. The impact is primarily positive, addressing several issues that could affect site stability, security, and performance.

Key impacts include:

  • Improved security through better password handling and text filtering
  • Fixed cron-triggered actions, ensuring scheduled tasks run properly
  • Better compatibility with ad-blocking software by changing CSS/JS file naming conventions
  • Reduced load on drupal.org through optimized update status checking
  • Enhanced PostgreSQL compatibility with proper type casting
  • Improved OpenID user experience with better provider listings

This release represents an important maintenance update that strengthens the foundation of Drupal 6 without introducing breaking changes or requiring significant adaptation from site owners or developers.

Statistics:

File Changed33
Line Additions225
Line Deletions75
Line Changes300
Total Commits26

User Affected:

  • Improved node access rebuild functionality ensures the rebuild button is always available when needed
  • Fixed cron-triggered actions that were not properly executing
  • Better handling of update status checking when drupal.org is down
  • More secure handling of site name and slogan with proper filtering

Contributors:

gobadbuytaert