Download Size md5 hash
views-7.x-3.0-rc3.tar.gz 1.39 MB b3e58f4195308e37621155d3c843e53f
views-7.x-3.0-rc3.zip 1.59 MB 502f84cfadb4bf4744b6c452fc01f2d6
Last updated: November 16, 2011 - 18:25

Release notes

Hopefully this will be more or less the last big step before a release.

Not this release fixes a security problem, which can be seen as critical

The Views module is useful for creating lists of items in Drupal sites. Some filters incorrectly used Drupal's built-in database api, so they didn't escaped some arguments correctly. This vulnerability is mitigated by the fact that a site must have a view with this filter to be enabled in order to be exploited.

Changes since 7.x-3.0-rc1:

  • by dereine: use the bug fix from the relationship-access issue
  • Revert "Issue #1222324 by damz, agentrickard, bojanz, dereine: Find a proper way to have multiple access tags per view and support relationships."
  • Revert "#1222324 follow up by damz: Use the alias so apply the tag to the right part of the query"
  • #1222324 follow up by damz: Use the alias so apply the tag to the right part of the query
  • #1222324 by damz, agentrickard, bojanz, dereine: Find a proper way to have multiple access tags per view and support relationships.
  • #1176048 by filijonka, tim.plunkett, dereine: Let the remove button respect chaning of the override selector, yeah!
  • #1331032 by dereine: Hide rewriting if the value of a field is actually empty by default. That's maybe causes some views but sure we are doomed anyway. Additional fix it let the custom block actually always display something
  • #1257376 by dereine: Don't run the preview on page load, but adding a seperate request for it.\n\nThis will catch a lot of possible issues with sql errors and can improve the speed of the editing, if you have unchecked the automatic-preview checkbox
  • rename image preset to image style
  • #1234414 by quicksketch: Support images styles in the user: picture field
  • by dereine, Crashtest: Add an api function to override the title
  • Revert "#1331032 by abs: Change default of hide rewritten output if it's empty to True"
  • #1331032 by abs: Change default of hide rewritten output if it's empty to True
  • ##1072860 by Pol: Take sure to add the human_name field to the views_view table.
  • #1270890 by fago: Provide a way to provide entity-related views fields
  • #564106 by dereine, bdpanda, dagmar, pcambra, eclipsegc: Allow to point more to a custom url
  • #1303398 by dereine: Fix big introduced in 1303398
  • #1291088 by tim.plunkett: Recursively merge field views data.
  • by dereine:Fix typo in all instances of available
  • #1242892 by timplunkett, dereine: Fix the override/revert mechanism.
  • #1175260 by jrust: Set the right path-key on the jump menu
  • #1221560 by ericduran, dereine: Allow to override views css files from theme directory
  • Revert "#1199328 by casey, bojanz: Add typehintings to every place which doesn't break the api. KUDOS"
  • #1298418 by lliss: Class Definition Comments misplace variable hierarchy
  • #1301790 by rfay, dereine: Use created instead of timestamp for user.created field, and add some move definition
  • #1199328 by casey, bojanz: Add typehintings to every place which doesn't break the api. KUDOS
  • #1316496 by TR: Cleanup tests a lot
  • by dereine: Test style groupby functionality
  • #1211264 by dereine, ezheidtmann: Set validated title for taxonomy validation case 'tid' as well.
  • #1303398 by johnv: Some entities might have a certain field value just empty but it's set, which caused notices
  • #1316932 by dereine: Reorder view execution and title generation, so the title can use the tokens from actual result values.
  • #1316908 by tedfordgif: Don't change the handler of the fieldapi-delta column
  • by dereine: Document view::base_database
  • #1124298 by David_Rothstein: Respect access for rendering fieldapi sub-elements
  • by dereine: Describe how to write an area handler
  • #1307162 by cmurph: Check whether an argument is empty or not when loading the taxonomy term for the title
  • #1303880 by serialjaywalker: Add js settings keyed by dom_id
  • Revert "#1235994 by das-peter, scor: Allow to group by field value instead of field html. This allows to use rdf with fields"
  • #1314306 by Hanno: Don't translate html-tags, because translators might get confused and the user should really see the original tag all the time.
  • Merge branch '7.x-3.x' of git.drupal.org:project/views into 7.x-3.x
  • #750172 by Hydra: Allow to disable the linking to user pictures
  • Merge branches '7.x-3.x' and '7.x-3.x' of git.drupal.org:project/views into 7.x-3.x
  • #1317500 by dereine: Add output format to node.promoted
  • #1090098 by dereine, chx: Convert database views which were defaulted in d6.2 and exported to views3. Sadly this only works for exported
  • #1301960 by nagiek: Support dynamic access plugin arguments for default tabs as well
  • #1294636 by dereine: objective ajax-view.js
  • #1296060 by dereine, diegot: Support sqlite in the date functions
  • small code identation fix for last commit
  • #1235994 by das-peter, scor: Allow to group by field value instead of field html. This allows to use rdf with fields
  • #1309082 by bojanz: Support base_tables foreach plugin type in views
  • #1309518 by das-peter: Change signature of execute_hook_menu to allow altering
  • #1090098 revert to previous behaviour
  • Issue #1090098 by chx, dereine: Fix the pager conversion.
  • by dereine: Two more instances of instead of
  • #1302494 by defr: Don't alter the value_options directly for flatten the options in in_operator filter
  • #1301904 by primsi: Translate the ellipsis like truncate_utf8
  • by agentrickard, dereine: Provide a helpful message if there is a missing wizard
  • #1279438 by dereine: Refactor views_debug to support proper translated strings/placeholders
  • use instead of
  • #1299276 follow up by dereine: Let display::options_validate always use form[]
  • #1299276 by dereine: Move the right form value to display::options_validte
  • by dereine: Use availible sorts in the wizard not only if a created column exist
  • #1109108 by szantog: Handler translation keys should use the id instead of the field to have a unique key for multiple fields
  • Fix jump menu test
  • by dereine: Validate dates if the value is not exposed
  • fix argument default test case
  • Fix exposed form test case
  • #1193742 by bojanz: Replace too hard css rule with a special check for the views-remove-checkbox class
  • by dereine: Use an override select instead of the old override button in the pager test
  • #1212916 by dereine: Display-ids should be validated for lower case
  • #1212848 by kmcnamee: Allow to use a pure anchor link in output as link
  • #1023582 by dereine: save_block_cache should handle md5-deltas as well
  • by dereine: Small help improvement of taxonomy terms
  • by dereine: Move was_defaulted/is_defauled into another function
  • #1283808 by somanyfish, dereine: Remove leftover vid from filter_term_node_tid
  • #1222762 by dereine: Show contextual links on exposed_form-blocks
  • #1193284 by LinL: Glossary should show every character in the summary
  • #1251052 follow up by andypost: Duplicated help for comment.uid
  • #1294826 by reevo> Summary jump menu ignored base_path, because of old d6 like code
  • by dereine: Improve help text of uid field
  • #1291658 by jackalope: Convert views_plugin_argument_default_taxonomy_tid to new return value of views_get_page_view
  • #1227302 by droplet: Make jump menu work with drupal install in a subdir
  • #1264438 by dereine: Add a field for the vocabulary vid
  • #1279202 by dereine: Allow display extenders to force to be enabled.
  • #1271540 by dereine: Don't limit feed description to 128 chars
  • #1251052 by dereine: Add automatic conversions of joins to relationships for users_roles and role. Additional clean up comment/node author relationship
  • #1261812 by webflo: Implements user permissions as field and filter.
  • #1283606 by dereine: Provide a sane default sort for the groupwise_max relationship subquery
  • #1242286 by rickmanelius: Update default views examples to sync with views templates code
  • #1176458 by webflo, dereine: Check for url aliases for example generated by i18n in summary url generation code
  • #1277900 by dereine: Handle pager options correctly on the wizard
  • #1279182 by dereine: Don't wsod on missing display extender, but throw a views debug message
  • #1290916 by vflirt: Use the right handler type when exporting translatables areas
  • #1278640 by dereine: Grid columns should be required
  • #1275942 by dereine: Adapt signature of render_link
  • small code improvement
  • #960648 by dereine: Add a valid url for comments in all cases
  • by dereine: Replace criterion with criteria
  • #1283002 by joachim: small improvements to API docs
  • #1280382 by Alan Evans: Reset for the views listing
  • #1167752 by dereine: Add a comment approve link field
  • #1115588 by fubhy: Allow to select the used theme on the views ui
  • #1277660 by dereine: Allow to search for the description as well
  • #1279276 by wimleers: Don't add ui.dialog on every page
  • #1278694 by fangel: Allow to autocompelte terms with comma seperated
  • #1278566 by davereid: Reset some variables after the views ui preview
  • by dereine: use dpm instead of dsm
  • remove id tags from doc files
  • by dereine: Add some views_join comments to the query functions
  • reported by andypost: Remove dsm
  • #1275736 by dereine: If clone a display mark the new display as changed
  • #1182634 by Adam_S, dereine: Save block cache only if the block table exists
  • #1243220 by davereid, haffmans: Cleanup RSS content building and handling
  • #1147326 by dereine: Follow up: Fix missing variable vocabularies
  • #1261844 by webflow: Make filter_in_operator work with optgroups
  • #1245032 by sma-ka, dereine: Fix notices in quite some argument plugin submit/validations
  • #1259778 by dereine: Remove term synonyms as they not longer exist in d7
  • #1016792 by dereine: Check whether the human name is already in the database
  • Remove old code which defaulted exclude to FALSE on field handlers
  • #1222494 by dereine: Respect the output of set_display on some other places, there might be other ones as well
  • #1238488 by dereine: The actual default order of a single field in a table didn't worked as expected
  • by dereine: Converted views.install quite some more
  • #1261528 by rlhawk: Allow to display only the first and last value on a fieldapi field
  • by dereine: remove old ctools_dependent_process additions
  • #1273806 by dereine: Allow to export date specific default plugins on the date argument handler
  • #1274834 by dub4u: Use JS_DEFAULT insted of JS_THEME for jqueru-ui-patch js so people can override the behaviour in the theme
  • #1248454 by dereine: Relationship handlers should respect real field
  • #1270982 by drunken monkey, dereine: Allow to specify entity type on non-base-tables, which allows some fancy views integrations like a generic entity views integration
  • #1268466 by droplet, jessebeach: Repaired .views-display-top after changes to the Seven secondary menu unordered list styling jarred the layout. Cleaned out some crufty CSS.
  • #1272350 by tunic: Fix content translation filter function, which still used the old add_where instead of add_where_expression
  • #1270934 by dereine, Michelle: Better tags support on several areas
  • disable the default views again
  • #1267916 by CrashTest: Change the empty textfield to a textarea and add a better description
  • #1263680 by dereine: Add more helpful error messages for filter_in_operator
  • #881060 by benoit.borrel: Fix incorrect code sample on views_join documentation.
  • Add argument_dates_various to defgroup views_argument_handlers
  • #887768 by merlinofchaos: Fix notice with joins
  • by dereine: small comment fix for views_language_list
  • #1130760 by neoglez: Check for variables in tokens generation of terms
  • #1261468 by dereine: Fix notices when relationship label is not defined and strict error on views_handler_field_accesslog_path
  • #1135002 by dereine, bojanz: Add feature to hide table column if each field is empty
  • #1257568 by recrit, dereine: Make views_handler_area_view check access as well
  • Conflicts:
  • #1098326 by Agileware: Stop validating terms if there is no term
  • by dereine: Add template path to the hook_views_api example
  • by dereine: Add todo for row search plugin
  • Preload multiple nodes on comment row.
  • by dereine: Fix groupby tests and move some things around
  • by dereine: Remove two old debugging lines
  • #1222324 by dereine: Apply access tags of relationships to the query
  • #1195944 by adamdicarlo: Fix fatal error if no field does exist
  • update groupby test view
  • small comment fix
  • #1259056 by stevector: Add view to views-more.tpl.php and document the availible variables
  • #1194396 by dereine: Reexport all views provided
  • #1243436 by travist: Setup items per page for none pager plugin to 0
  • #1235814 by recrit: Allow to use in the global text area
  • add test file for jump menu duplicates2
  • #1175260 by mrfelton: Duplicate paths shouldn't result in grouped items on a jump menu
  • #1258756 by berdir: Make css cache restoring work again
  • fix notice in field_custom and field_math_expression test
  • #1172970 by fago, drunken_monkey: Provide a unified way to retrieve result entities
  • by dereine: Fix analyze tests
  • #1102852 by ralf: Add enabled-disabled boolean display format
  • #1124130 by djebbz: Mislabeled option description about wrapping field output with default HTML
  • by dereine: Allow to work a wizard on a base table without a sortable field
  • #1151032 by dereine: Update block hashes plausible and take sure of broken examples
  • #1225228 by dalin: Allow to hide links from node rss
  • #1205376 by dereine: Add a way to prevent plugins from register theme
  • #1208440 by dereine: Disable pager as default case for blocks on the wizard
  • #1188132 by David Hernández: Remove from plugin_exposed_form
  • by dereine: Move rendering of a views form into a process function so people can alter things if wanted
  • #1191928 by bojanz: Support views form on ajax
  • #1252538 by crell: Use format_username to render a user name
  • #1117512 by dereine: Support to use non-default bundle handlers in the wizard
  • #1241476 by jdleonard: Check for time hence for custom date formats as well
  • #1221980 by temaruk: Fixed wired diverits, when using autosubmit ajax exposed filters. Multiple additional divs are created
  • #1202048 by dereine: Make edit view contextual links work with default display
  • #1231692 by dereine: Also validate on uid = 1 and set the validated_title
  • #1170804 by merco, smk-ka: Fix undefined error in views mini pager
  • #1255994 by bwpanda: Correct doc for variable in table template
  • by dereine: Bring back drush cc views
  • #1101506 by djebbz, dereine: Provide a admin/reports/views-fields which list all fieldapi fields used in different views
  • #1253106 by Sborsody: Correct urls to comment edit/delete links
  • #1249742 by kla2t: Fix wrong dbtng argument name in argument_node_tnid handler
  • Add note about non-UID1 users being able to import
  • by dereine: Rename arguments to variables in views_theme as is it's fits a bit better with the api
  • by dereine: Add theme argument suggestions pager and exposed_form
  • Add return documentation for views_get_page_view
  • #1133924: Force aliases into lower case to avoid problems when DBTNG does it for you.
  • #1242424 by bevan: Document the grouping of contextual filter issue
  • #1213516 by oddsim, dereine: Allow to sort via search_score on arguments as well
  • #1127422 by dereine: Add rearrange to the filter rearrange link
  • #1245558 by Aron Novak: Do not tokenize always in area text handler
  • #1245020 by smk: Provide title for some taxonomy term arguments
  • #1244876 by dereine: Let views_handler_argument_vocabulary_vid utilize the features of views_handler_argument_numeric
  • #1243998 by dereine: Port another views_get_page_view to d7 behaviour
  • #1242658 by djebbz: Fixed small typo in comments of views_form()
  • by dereine: Don't assuem that each query plugin has a base field, for example something like xml_views doesn't
  • by dereine: Set a sane default for the sort column
  • #1240934 by becw, dereine: Use depedency for style_summary->items_per_page
  • #1203794 by paranojik: Use sort weight with exposed sorts
  • #1215602 by derhasi: Provide a views_get_views_as_options which allows to list all views availible for form elements
  • by dereine: document plugin_type in views_plugin
  • #1239580 by dereine: Allow area handlers to alter the query
  • #1239526 by hydra: Don't show path/external form elements on field_node_link
  • #1236226 by balagan: Fix type in relationship handler
  • fix type in doc
  • #1216288 by hunziker: Mailto field values is overridden by the parent form
  • by dereine: Remove unused numeric definition option in filter_in_operator
  • Revert "#1222324 by dereine: Add access not only on base table, but also on relationships"
  • #1220498 by ericduran: Added Missing hook_ajax_data_alter()
  • #1157716 by dereine: Fix notice on add_item_form for header/footer
  • #1230306 by aaron.r.carlton, dereine: User and taxonomy default plugin updated to new behaviour of views_get_page_view
  • by dereine: Add a comment access query tag
  • #1222324 by dereine: Add access not only on base table, but also on relationships
  • #1185914 by dereine: Fix missing quotes in preview generation
  • #1222724 by RdeBoer: Fix revision delete link
  • #1220216 by akoepke: Operators without values shouldn't try to validate it's values
  • #1234246 by dereine: display_handler is not defined on the field handler but on the view
  • #1233274 by dereine: Fix notice in views_taxonomy_set_breadcrumb
  • #1089876: Move field language setting to display settings.
  • #1185572 by martinjbaker: Remove unnecessary description with typo.
  • #1221946 by dereine: Invalid placeholders breaking min/max in exposed filters.
  • #1180510 by dereine and mstrelan: Add case control options to links.
  • #1020540 followup: Text improvement from kmcnamee
  • #1221648 by Amaylia: Crush down the size of the sprites
  • #1225322 by pcambra: Allow to submit/validate form elements placed in area handlers (header, footer, empty)
  • by dereine: Fix error message when on validating filter_in_operator
  • #1224630 by rvilar: Port filter by content translation to add_where_expression
  • Add uses_exposed_form_in_block() method to the display so that CTools can specifically make content panes have exposed form in a block.
  • by dereine: Remove ssh-agent which isn't used but can cause a fatal error
  • #1213916 by stella, dereine: Make views search filter/argument work with more complicated searches
  • #1208738 by dereine: Allow to add views from templates again
  • by dereine: Use version_compare to detect whether an imported view is valid
  • #1207680 by damz: Don't validate if there are no options set, the values are empty and required is not set
  • Revert "#1191928 by dafeder, bojanz: Make views forms work with ajax"
  • #1191928 by dafeder, bojanz: Make views forms work with ajax
  • #1208824 by linclark: Add views_ui_pre_render_add_fieldset_markup to plugins forms as well
  • by dereine: Add back some missing handlers
  • #1213218 by dereine: Make file->user relationship explicit
  • #1213218 by davereid: Add relationships for file/image fields + backward relationships
  • Revert "#1213218 by davereid: Add relationships for file/image fields + backward relationships"
  • #1207680 by dereine: Don't validate on term filters, because this causes views to not to save anymore. Added TODO
  • by dereine: Set api version to 3.0
  • #783514 - Use in views_break_phrase_string() in title() methode.
  • #1209338 by chx: Fix help message to setting the validated argument title
  • document variable handler_type
  • #1207366 by dereine: Empty text should be displayed as well
  • #1183294 by dereine: Fix language behaviour on not grouped fieldapi fields.
  • by dereine: Don't assume that the display handler is valid in analyze code
  • #1205450 by chx: Add a mass analyze drush command
  • #1205570 by chx: Validate the values of the filter_in_operator settings
  • #1194900 by dereine: Make aggregation of fieldapi fields work again
  • #1193580 by dereine: Replace empty tokens
  • #1201908 by dereine, dug out by Liam Mitchell: Temporary workaround for using subqueries in main query and in clone query
  • #1190510 by andypost: Fix previous fix for aliases not an array
  • #1198466 by arcaneadam: Fix output format for sticky field
  • #1198454 by arcaneadam: Fix documentation for boolean output formats
  • #1198166 by joachim: Fix notice for groupwise relationship options_submit
  • #1174130 by pillarsdotnet: Check for empty join in views_many_to_one_helper().
  • #1197030 by crell: Allow to use any tid/all tid on taxonomy default argument
  • #1198156 by joachim: fix bad method call crash.
  • #1192666 by dereine: Don't add historical data on entity types which don't support revisions
  • #1194614 by Adam S: Allow to use hide() on node comments
  • #1192690 by dereine: Fix field_prerender_list multiple get_value method
  • #1120668 by dereine: Fix Fatal error when scanning templates
  • by dereine: Provide default relationship for authmap table
  • #1098480 by fubhy: Allow to set no pager in the wizard

Thanks for everyone who helped on this release! On contrast to rc2 this has the security patch commited as well.

View change notices for this release
Official release from tag: 
7.x-3.0-rc3