The newly-announced vulnerability to Drupal versions earlier than 7.32 is pretty ugly. Here’s all the detail you need about the problem:
…and while there’s a small patch described in the info, it isn’t that hard to just do the full upgrade. And even though the Drupal folks have a nice walk-though here, here’s one quick and dirty way to get the new code in place if you have console access…
#Create a backup... tar -czvf ~/public_html."`date '+%Y.%m.%d-%H.%M.%S'`".tgz ~/public_html # Download and extract the new version cd tmp wget http://ftp.drupal.org/files/projects/drupal-7.32.tar.gz tar -zxvf drupal-7.32.tar.gz # Now we kick aside the sites folder, but keep it handy for reference mv drupal-7.32/sites drupal-7.32/sites.update.7.32 # And then we overwrite the critical files # Note that this line actually copies regular files and the dot file cp -fR drupal-7.32/* drupal-7.32/.htaccess ~/public_html # Then we clean up space and be done rm drupal-7.32.tar.gz rm -r drupal-7.32
Then you’re good to go. Of course, please don’t just run this if you don’t know what you’re doing, and make sure to do snapshots and/or backups… And realize that I have everything hard-coded here, so if your paths are different, bla, bla bla.
By the way, I looked around for something official like this, but didn’t find anything. But I did get this from my good friend Todd full of good suggestions and methods… I may update my method later:
But if you know of something better or have written something yourself, let me know please!