Download cck-5.x-1.6.tar.gztar.gz 97.68 KB
MD5: e284213f131beed61e846f1580db9831
SHA-1: b8f4b3e92efdee501f21b3b2ad6bb24efd78f42c
SHA-256: 1e8206a3a0f12874c4e2113516af3b0712e1610930a8f6f194ba3268ed63676b
Download cck-5.x-1.6.zipzip 128.06 KB
MD5: 7d88b8eb771698dceaa141838a7cd830
SHA-1: ff8adb74079bf722973c6a427e8ba971fc6ecd3d
SHA-256: e337aabe83846dec689543ea63f7d329f2017970492089e3774ef471d2f4b8b0

Release info

Created by: yched
Created on: August 13, 2007 - 19:15
Last updated: August 13, 2007 - 19:48
Core compatibility: 5.x

Release notes

5--1.6
======

IMPORTANT : this release fixes two cross-site scripting (XSS) vulnerabilities
in nodereference.module :
- when a nodereference field is displayed using the 'plain' formatter
- when a nodereference field is edited using the 'autocomplete text field' widget
(only when _not_ using the 'advanced options - Views.module' for the field)

All sites using CCK / nodereference.module should consider upgrading to this release
as soon as possible.

Please see DRUPAL-SA-2007-019 for more information.

Features
--------

General
- #154827 Let modules know the 'dummy' node form built on the 'manage fields' tab
is requested by CCK admin UI (problem with userreviewmodule).
- #153101 Provide better explanation on the 'default value - php code' expected format.
- #151347 Refactor content_field('load') to make it more legible.
- #136697 Make field form_alter easier, if fieldgroups are used.

Field / widget modules
- #152892 Optionwidgets : Better help text for 'single on/off checkbox' widget label.
- #65133 / #152016 Nodereference : Added 'full node' and 'teaser' formatters.
- #126926 Nodereference : Skip node_load in 'title'-based formatters.

Bugfix
------

General
- #162603 Fix 4.7 -> 5.0 upgrade path (create cache_content table before any update is run).
- #155416 Limit non standard CSS (transparency) to the field overview page.
- #160130 Content_copy - fix drupal_goto in form submit handler.
- #157786 Fix capitalization on fieldgroup edit form.
- #136229 Fieldgroup weights not correctly imported when using content_copy.module.
- #149832 Use 'plain' format for views argument handler ($op = 'title').
- #137900 Added whitespace after field labels on node display

Field / widget modules
- Nodereference : Fixed XSS vulnerabilities (missing check_plain's around node titles).
- #147205 Nodereference : Fixed 'advanced settings - view arguments' not working.
- #155327 Nodereference : Added missing "n." table aliases in 'referenceable nodes' query.
- #153284 Nodereference : Fix unneeded and repeating {view_view} queries when
'advanced (Views) node selection' is *not* used.
- #150297 Nodereference : Fix encoded raw htmlentities appearing in select widgets when using
'advanced (Views) node selection' is used.
- #129016 Nodereference : Prevent possible errors if formatter is called with non numeric 'nid'.