Drupal 7.32 is an Absolutely Necessary Update


We’re accustomed to the Drupal security team releasing security fixes.

Fortunately, most of the fixes were relatively minor. They either impacted a small group of sites, or they were unlikely to lead to your site being hacked.

Let’s take a brief look at the 4 previous Drupal security advisories in 2014:

  • Drupal 7.31: A possible denial of service, so your site could be inaccessible
  • Drupal 7.29: A possible denial of service, so your site could be inaccessible
  • Drupal 7.27: Some private information could possibly be leaked from people using multi-step forms
  • Drupal 7.26: It’s possible to take over an administrator account, but only if they’re using OpenID

None of those issues were absolutely critical for all sites.

Drupal 7.32 is different. All site owners need this security fix.

Drupal.org has an FAQ on this security release:

“Unlike typical security advisories released for Drupal, the nature of this vulnerability provides a way for an attacker to create an exploit without needing an account or tricking someone into exposing confidential information. “

In short, the issue fixed by 7.32 could allow an anonmyous attacker to compromise any Drupal site. It’s the most serious Drupal security issue in a long time.

You should update. Now.

Where is the security issue?

The problem file is /includes/database/database.inc

In the database.inc file.

Here’s the old, vulnerable code, starting at line 735:


Here’s the new, safer code, again starting about line 735:


So, replace this line in database.inc:

foreach ($data as $i => $value) { 

with this line:

foreach (array_values($data) as $i => $value) { 


You can update just the single line in database.inc, or you can do a full Drupal update to 7.32.

But, you must update.


  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

0 0 votes
Blog Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments

Nice article!!!!!


can I apply the patch directly to the older version e.g. 7.15


Hi Simon. Yes, you can do that.


Hallo there, Is it possibel that there are no difference between the scriplines above?

Greating Will


Yes, a very small change

Would love your thoughts, please comment.x