Download views-7.x-3.0-rc3.tar.gztar.gz 1.39 MB
MD5: b3e58f4195308e37621155d3c843e53f
SHA-1: 614024fe5808aad8567a7c418c0c1f739729dff7
SHA-256: e7e3b5ce8bbc1a645d753037b54c74d3f9228993e84ce20e066e3e13109ea553
Download views-7.x-3.0-rc3.zipzip 1.59 MB
MD5: 502f84cfadb4bf4744b6c452fc01f2d6
SHA-1: ba34870c9cb3e52f1a2474547d2555acfa691421
SHA-256: bcccc3223a2fa0f177cb64cc1fcc70824be7a9cff164398b4d4bd206bcf3749b

Release info

Created by: dawehner
Created on: November 16, 2011 - 18:25
Last updated: November 16, 2011 - 18:54
Core compatibility: 7.x
Release type: Security update, Bug fixes

Release notes

Hopefully this will be more or less the last big step before a release.

Not this release fixes a security problem, which can be seen as critical

The Views module is useful for creating lists of items in Drupal sites. Some filters incorrectly used Drupal's built-in database api, so they didn't escaped some arguments correctly. This vulnerability is mitigated by the fact that a site must have a view with this filter to be enabled in order to be exploited.

Changes since 7.x-3.0-rc1:

  • by dereine: use the bug fix from the relationship-access issue
  • Revert "Issue #1222324 by damz, agentrickard, bojanz, dereine: Find a proper way to have multiple access tags per view and support relationships."
  • Revert "#1222324 follow up by damz: Use the alias so apply the tag to the right part of the query"
  • #1222324 follow up by damz: Use the alias so apply the tag to the right part of the query
  • #1222324 by damz, agentrickard, bojanz, dereine: Find a proper way to have multiple access tags per view and support relationships.
  • #1176048 by filijonka, tim.plunkett, dereine: Let the remove button respect chaning of the override selector, yeah!
  • #1331032 by dereine: Hide rewriting if the value of a field is actually empty by default. That's maybe causes some views but sure we are doomed anyway. Additional fix it let the custom block actually always display something
  • #1257376 by dereine: Don't run the preview on page load, but adding a seperate request for it.\n\nThis will catch a lot of possible issues with sql errors and can improve the speed of the editing, if you have unchecked the automatic-preview checkbox
  • rename image preset to image style
  • #1234414 by quicksketch: Support images styles in the user: picture field
  • by dereine, Crashtest: Add an api function to override the title
  • Revert "#1331032 by abs: Change default of hide rewritten output if it's empty to True"
  • #1331032 by abs: Change default of hide rewritten output if it's empty to True
  • ##1072860 by Pol: Take sure to add the human_name field to the views_view table.
  • #1270890 by fago: Provide a way to provide entity-related views fields
  • #564106 by dereine, bdpanda, dagmar, pcambra, eclipsegc: Allow to point more to a custom url
  • #1303398 by dereine: Fix big introduced in 1303398
  • #1291088 by tim.plunkett: Recursively merge field views data.
  • by dereine:Fix typo in all instances of available
  • #1242892 by timplunkett, dereine: Fix the override/revert mechanism.
  • #1175260 by jrust: Set the right path-key on the jump menu
  • #1221560 by ericduran, dereine: Allow to override views css files from theme directory
  • Revert "#1199328 by casey, bojanz: Add typehintings to every place which doesn't break the api. KUDOS"
  • #1298418 by lliss: Class Definition Comments misplace variable hierarchy
  • #1301790 by rfay, dereine: Use created instead of timestamp for user.created field, and add some move definition
  • #1199328 by casey, bojanz: Add typehintings to every place which doesn't break the api. KUDOS
  • #1316496 by TR: Cleanup tests a lot
  • by dereine: Test style groupby functionality
  • #1211264 by dereine, ezheidtmann: Set validated title for taxonomy validation case 'tid' as well.
  • #1303398 by johnv: Some entities might have a certain field value just empty but it's set, which caused notices
  • #1316932 by dereine: Reorder view execution and title generation, so the title can use the tokens from actual result values.
  • #1316908 by tedfordgif: Don't change the handler of the fieldapi-delta column
  • by dereine: Document view::base_database
  • #1124298 by David_Rothstein: Respect access for rendering fieldapi sub-elements
  • by dereine: Describe how to write an area handler
  • #1307162 by cmurph: Check whether an argument is empty or not when loading the taxonomy term for the title
  • #1303880 by serialjaywalker: Add js settings keyed by dom_id
  • Revert "#1235994 by das-peter, scor: Allow to group by field value instead of field html. This allows to use rdf with fields"
  • #1314306 by Hanno: Don't translate html-tags, because translators might get confused and the user should really see the original tag all the time.
  • Merge branch '7.x-3.x' of git.drupal.org:project/views into 7.x-3.x
  • #750172 by Hydra: Allow to disable the linking to user pictures
  • Merge branches '7.x-3.x' and '7.x-3.x' of git.drupal.org:project/views into 7.x-3.x
  • #1317500 by dereine: Add output format to node.promoted
  • #1090098 by dereine, chx: Convert database views which were defaulted in d6.2 and exported to views3. Sadly this only works for exported
  • #1301960 by nagiek: Support dynamic access plugin arguments for default tabs as well
  • #1294636 by dereine: objective ajax-view.js
  • #1296060 by dereine, diegot: Support sqlite in the date functions
  • small code identation fix for last commit
  • #1235994 by das-peter, scor: Allow to group by field value instead of field html. This allows to use rdf with fields
  • #1309082 by bojanz: Support base_tables foreach plugin type in views
  • #1309518 by das-peter: Change signature of execute_hook_menu to allow altering
  • #1090098 revert to previous behaviour
  • Issue #1090098 by chx, dereine: Fix the pager conversion.
  • by dereine: Two more instances of instead of
  • #1302494 by defr: Don't alter the value_options directly for flatten the options in in_operator filter
  • #1301904 by primsi: Translate the ellipsis like truncate_utf8
  • by agentrickard, dereine: Provide a helpful message if there is a missing wizard
  • #1279438 by dereine: Refactor views_debug to support proper translated strings/placeholders
  • use instead of
  • #1299276 follow up by dereine: Let display::options_validate always use form[]
  • #1299276 by dereine: Move the right form value to display::options_validte
  • by dereine: Use availible sorts in the wizard not only if a created column exist
  • #1109108 by szantog: Handler translation keys should use the id instead of the field to have a unique key for multiple fields
  • Fix jump menu test
  • by dereine: Validate dates if the value is not exposed
  • fix argument default test case
  • Fix exposed form test case
  • #1193742 by bojanz: Replace too hard css rule with a special check for the views-remove-checkbox class
  • by dereine: Use an override select instead of the old override button in the pager test
  • #1212916 by dereine: Display-ids should be validated for lower case
  • #1212848 by kmcnamee: Allow to use a pure anchor link in output as link
  • #1023582 by dereine: save_block_cache should handle md5-deltas as well
  • by dereine: Small help improvement of taxonomy terms
  • by dereine: Move was_defaulted/is_defauled into another function
  • #1283808 by somanyfish, dereine: Remove leftover vid from filter_term_node_tid
  • #1222762 by dereine: Show contextual links on exposed_form-blocks
  • #1193284 by LinL: Glossary should show every character in the summary
  • #1251052 follow up by andypost: Duplicated help for comment.uid
  • #1294826 by reevo> Summary jump menu ignored base_path, because of old d6 like code
  • by dereine: Improve help text of uid field
  • #1291658 by jackalope: Convert views_plugin_argument_default_taxonomy_tid to new return value of views_get_page_view
  • #1227302 by droplet: Make jump menu work with drupal install in a subdir
  • #1264438 by dereine: Add a field for the vocabulary vid
  • #1279202 by dereine: Allow display extenders to force to be enabled.
  • #1271540 by dereine: Don't limit feed description to 128 chars
  • #1251052 by dereine: Add automatic conversions of joins to relationships for users_roles and role. Additional clean up comment/node author relationship
  • #1261812 by webflo: Implements user permissions as field and filter.
  • #1283606 by dereine: Provide a sane default sort for the groupwise_max relationship subquery
  • #1242286 by rickmanelius: Update default views examples to sync with views templates code
  • #1176458 by webflo, dereine: Check for url aliases for example generated by i18n in summary url generation code
  • #1277900 by dereine: Handle pager options correctly on the wizard
  • #1279182 by dereine: Don't wsod on missing display extender, but throw a views debug message
  • #1290916 by vflirt: Use the right handler type when exporting translatables areas
  • #1278640 by dereine: Grid columns should be required
  • #1275942 by dereine: Adapt signature of render_link
  • small code improvement
  • #960648 by dereine: Add a valid url for comments in all cases
  • by dereine: Replace criterion with criteria
  • #1283002 by joachim: small improvements to API docs
  • #1280382 by Alan Evans: Reset for the views listing
  • #1167752 by dereine: Add a comment approve link field
  • #1115588 by fubhy: Allow to select the used theme on the views ui
  • #1277660 by dereine: Allow to search for the description as well
  • #1279276 by wimleers: Don't add ui.dialog on every page
  • #1278694 by fangel: Allow to autocompelte terms with comma seperated
  • #1278566 by davereid: Reset some variables after the views ui preview
  • by dereine: use dpm instead of dsm
  • remove id tags from doc files
  • by dereine: Add some views_join comments to the query functions
  • reported by andypost: Remove dsm
  • #1275736 by dereine: If clone a display mark the new display as changed
  • #1182634 by Adam_S, dereine: Save block cache only if the block table exists
  • #1243220 by davereid, haffmans: Cleanup RSS content building and handling
  • #1147326 by dereine: Follow up: Fix missing variable vocabularies
  • #1261844 by webflow: Make filter_in_operator work with optgroups
  • #1245032 by sma-ka, dereine: Fix notices in quite some argument plugin submit/validations
  • #1259778 by dereine: Remove term synonyms as they not longer exist in d7
  • #1016792 by dereine: Check whether the human name is already in the database
  • Remove old code which defaulted exclude to FALSE on field handlers
  • #1222494 by dereine: Respect the output of set_display on some other places, there might be other ones as well
  • #1238488 by dereine: The actual default order of a single field in a table didn't worked as expected
  • by dereine: Converted views.install quite some more
  • #1261528 by rlhawk: Allow to display only the first and last value on a fieldapi field
  • by dereine: remove old ctools_dependent_process additions
  • #1273806 by dereine: Allow to export date specific default plugins on the date argument handler
  • #1274834 by dub4u: Use JS_DEFAULT insted of JS_THEME for jqueru-ui-patch js so people can override the behaviour in the theme
  • #1248454 by dereine: Relationship handlers should respect real field
  • #1270982 by drunken monkey, dereine: Allow to specify entity type on non-base-tables, which allows some fancy views integrations like a generic entity views integration
  • #1268466 by droplet, jessebeach: Repaired .views-display-top after changes to the Seven secondary menu unordered list styling jarred the layout. Cleaned out some crufty CSS.
  • #1272350 by tunic: Fix content translation filter function, which still used the old add_where instead of add_where_expression
  • #1270934 by dereine, Michelle: Better tags support on several areas
  • disable the default views again
  • #1267916 by CrashTest: Change the empty textfield to a textarea and add a better description
  • #1263680 by dereine: Add more helpful error messages for filter_in_operator
  • #881060 by benoit.borrel: Fix incorrect code sample on views_join documentation.
  • Add argument_dates_various to defgroup views_argument_handlers
  • #887768 by merlinofchaos: Fix notice with joins
  • by dereine: small comment fix for views_language_list
  • #1130760 by neoglez: Check for variables in tokens generation of terms
  • #1261468 by dereine: Fix notices when relationship label is not defined and strict error on views_handler_field_accesslog_path
  • #1135002 by dereine, bojanz: Add feature to hide table column if each field is empty
  • #1257568 by recrit, dereine: Make views_handler_area_view check access as well
  • Conflicts:
  • #1098326 by Agileware: Stop validating terms if there is no term
  • by dereine: Add template path to the hook_views_api example
  • by dereine: Add todo for row search plugin
  • Preload multiple nodes on comment row.
  • by dereine: Fix groupby tests and move some things around
  • by dereine: Remove two old debugging lines
  • #1222324 by dereine: Apply access tags of relationships to the query
  • #1195944 by adamdicarlo: Fix fatal error if no field does exist
  • update groupby test view
  • small comment fix
  • #1259056 by stevector: Add view to views-more.tpl.php and document the availible variables
  • #1194396 by dereine: Reexport all views provided
  • #1243436 by travist: Setup items per page for none pager plugin to 0
  • #1235814 by recrit: Allow to use in the global text area
  • add test file for jump menu duplicates2
  • #1175260 by mrfelton: Duplicate paths shouldn't result in grouped items on a jump menu
  • #1258756 by berdir: Make css cache restoring work again
  • fix notice in field_custom and field_math_expression test
  • #1172970 by fago, drunken_monkey: Provide a unified way to retrieve result entities
  • by dereine: Fix analyze tests
  • #1102852 by ralf: Add enabled-disabled boolean display format
  • #1124130 by djebbz: Mislabeled option description about wrapping field output with default HTML
  • by dereine: Allow to work a wizard on a base table without a sortable field
  • #1151032 by dereine: Update block hashes plausible and take sure of broken examples
  • #1225228 by dalin: Allow to hide links from node rss
  • #1205376 by dereine: Add a way to prevent plugins from register theme
  • #1208440 by dereine: Disable pager as default case for blocks on the wizard
  • #1188132 by David Hern√°ndez: Remove from plugin_exposed_form
  • by dereine: Move rendering of a views form into a process function so people can alter things if wanted
  • #1191928 by bojanz: Support views form on ajax
  • #1252538 by crell: Use format_username to render a user name
  • #1117512 by dereine: Support to use non-default bundle handlers in the wizard
  • #1241476 by jdleonard: Check for time hence for custom date formats as well
  • #1221980 by temaruk: Fixed wired diverits, when using autosubmit ajax exposed filters. Multiple additional divs are created
  • #1202048 by dereine: Make edit view contextual links work with default display
  • #1231692 by dereine: Also validate on uid = 1 and set the validated_title
  • #1170804 by merco, smk-ka: Fix undefined error in views mini pager
  • #1255994 by bwpanda: Correct doc for variable in table template
  • by dereine: Bring back drush cc views
  • #1101506 by djebbz, dereine: Provide a admin/reports/views-fields which list all fieldapi fields used in different views
  • #1253106 by Sborsody: Correct urls to comment edit/delete links
  • #1249742 by kla2t: Fix wrong dbtng argument name in argument_node_tnid handler
  • Add note about non-UID1 users being able to import
  • by dereine: Rename arguments to variables in views_theme as is it's fits a bit better with the api
  • by dereine: Add theme argument suggestions pager and exposed_form
  • Add return documentation for views_get_page_view
  • #1133924: Force aliases into lower case to avoid problems when DBTNG does it for you.
  • #1242424 by bevan: Document the grouping of contextual filter issue
  • #1213516 by oddsim, dereine: Allow to sort via search_score on arguments as well
  • #1127422 by dereine: Add rearrange to the filter rearrange link
  • #1245558 by Aron Novak: Do not tokenize always in area text handler
  • #1245020 by smk: Provide title for some taxonomy term arguments
  • #1244876 by dereine: Let views_handler_argument_vocabulary_vid utilize the features of views_handler_argument_numeric
  • #1243998 by dereine: Port another views_get_page_view to d7 behaviour
  • #1242658 by djebbz: Fixed small typo in comments of views_form()
  • by dereine: Don't assuem that each query plugin has a base field, for example something like xml_views doesn't
  • by dereine: Set a sane default for the sort column
  • #1240934 by becw, dereine: Use depedency for style_summary->items_per_page
  • #1203794 by paranojik: Use sort weight with exposed sorts
  • #1215602 by derhasi: Provide a views_get_views_as_options which allows to list all views availible for form elements
  • by dereine: document plugin_type in views_plugin
  • #1239580 by dereine: Allow area handlers to alter the query
  • #1239526 by hydra: Don't show path/external form elements on field_node_link
  • #1236226 by balagan: Fix type in relationship handler
  • fix type in doc
  • #1216288 by hunziker: Mailto field values is overridden by the parent form
  • by dereine: Remove unused numeric definition option in filter_in_operator
  • Revert "#1222324 by dereine: Add access not only on base table, but also on relationships"
  • #1220498 by ericduran: Added Missing hook_ajax_data_alter()
  • #1157716 by dereine: Fix notice on add_item_form for header/footer
  • #1230306 by aaron.r.carlton, dereine: User and taxonomy default plugin updated to new behaviour of views_get_page_view
  • by dereine: Add a comment access query tag
  • #1222324 by dereine: Add access not only on base table, but also on relationships
  • #1185914 by dereine: Fix missing quotes in preview generation
  • #1222724 by RdeBoer: Fix revision delete link
  • #1220216 by akoepke: Operators without values shouldn't try to validate it's values
  • #1234246 by dereine: display_handler is not defined on the field handler but on the view
  • #1233274 by dereine: Fix notice in views_taxonomy_set_breadcrumb
  • #1089876: Move field language setting to display settings.
  • #1185572 by martinjbaker: Remove unnecessary description with typo.
  • #1221946 by dereine: Invalid placeholders breaking min/max in exposed filters.
  • #1180510 by dereine and mstrelan: Add case control options to links.
  • #1020540 followup: Text improvement from kmcnamee
  • #1221648 by Amaylia: Crush down the size of the sprites
  • #1225322 by pcambra: Allow to submit/validate form elements placed in area handlers (header, footer, empty)
  • by dereine: Fix error message when on validating filter_in_operator
  • #1224630 by rvilar: Port filter by content translation to add_where_expression
  • Add uses_exposed_form_in_block() method to the display so that CTools can specifically make content panes have exposed form in a block.
  • by dereine: Remove ssh-agent which isn't used but can cause a fatal error
  • #1213916 by stella, dereine: Make views search filter/argument work with more complicated searches
  • #1208738 by dereine: Allow to add views from templates again
  • by dereine: Use version_compare to detect whether an imported view is valid
  • #1207680 by damz: Don't validate if there are no options set, the values are empty and required is not set
  • Revert "#1191928 by dafeder, bojanz: Make views forms work with ajax"
  • #1191928 by dafeder, bojanz: Make views forms work with ajax
  • #1208824 by linclark: Add views_ui_pre_render_add_fieldset_markup to plugins forms as well
  • by dereine: Add back some missing handlers
  • #1213218 by dereine: Make file->user relationship explicit
  • #1213218 by davereid: Add relationships for file/image fields + backward relationships
  • Revert "#1213218 by davereid: Add relationships for file/image fields + backward relationships"
  • #1207680 by dereine: Don't validate on term filters, because this causes views to not to save anymore. Added TODO
  • by dereine: Set api version to 3.0
  • #783514 - Use in views_break_phrase_string() in title() methode.
  • #1209338 by chx: Fix help message to setting the validated argument title
  • document variable handler_type
  • #1207366 by dereine: Empty text should be displayed as well
  • #1183294 by dereine: Fix language behaviour on not grouped fieldapi fields.
  • by dereine: Don't assume that the display handler is valid in analyze code
  • #1205450 by chx: Add a mass analyze drush command
  • #1205570 by chx: Validate the values of the filter_in_operator settings
  • #1194900 by dereine: Make aggregation of fieldapi fields work again
  • #1193580 by dereine: Replace empty tokens
  • #1201908 by dereine, dug out by Liam Mitchell: Temporary workaround for using subqueries in main query and in clone query
  • #1190510 by andypost: Fix previous fix for aliases not an array
  • #1198466 by arcaneadam: Fix output format for sticky field
  • #1198454 by arcaneadam: Fix documentation for boolean output formats
  • #1198166 by joachim: Fix notice for groupwise relationship options_submit
  • #1174130 by pillarsdotnet: Check for empty join in views_many_to_one_helper().
  • #1197030 by crell: Allow to use any tid/all tid on taxonomy default argument
  • #1198156 by joachim: fix bad method call crash.
  • #1192666 by dereine: Don't add historical data on entity types which don't support revisions
  • #1194614 by Adam S: Allow to use hide() on node comments
  • #1192690 by dereine: Fix field_prerender_list multiple get_value method
  • #1120668 by dereine: Fix Fatal error when scanning templates
  • by dereine: Provide default relationship for authmap table
  • #1098480 by fubhy: Allow to set no pager in the wizard

Thanks for everyone who helped on this release! On contrast to rc2 this has the security patch commited as well.