Download cck-5.x-1.6.tar.gztar.gz 97.68 KB
MD5: e284213f131beed61e846f1580db9831
SHA-1: b8f4b3e92efdee501f21b3b2ad6bb24efd78f42c
SHA-256: 1e8206a3a0f12874c4e2113516af3b0712e1610930a8f6f194ba3268ed63676b
Download cck-5.x-1.6.zipzip 128.06 KB
MD5: 7d88b8eb771698dceaa141838a7cd830
SHA-1: ff8adb74079bf722973c6a427e8ba971fc6ecd3d
SHA-256: e337aabe83846dec689543ea63f7d329f2017970492089e3774ef471d2f4b8b0

Release info

Created by: yched
Created on: 13 Aug 2007 at 19:15 UTC
Last updated: 13 Aug 2007 at 19:48 UTC
Core compatibility: 5.x

Release notes


IMPORTANT : this release fixes two cross-site scripting (XSS) vulnerabilities
in nodereference.module :
- when a nodereference field is displayed using the 'plain' formatter
- when a nodereference field is edited using the 'autocomplete text field' widget
(only when _not_ using the 'advanced options - Views.module' for the field)

All sites using CCK / nodereference.module should consider upgrading to this release
as soon as possible.

Please see DRUPAL-SA-2007-019 for more information.


- #154827 Let modules know the 'dummy' node form built on the 'manage fields' tab
is requested by CCK admin UI (problem with userreviewmodule).
- #153101 Provide better explanation on the 'default value - php code' expected format.
- #151347 Refactor content_field('load') to make it more legible.
- #136697 Make field form_alter easier, if fieldgroups are used.

Field / widget modules
- #152892 Optionwidgets : Better help text for 'single on/off checkbox' widget label.
- #65133 / #152016 Nodereference : Added 'full node' and 'teaser' formatters.
- #126926 Nodereference : Skip node_load in 'title'-based formatters.


- #162603 Fix 4.7 -> 5.0 upgrade path (create cache_content table before any update is run).
- #155416 Limit non standard CSS (transparency) to the field overview page.
- #160130 Content_copy - fix drupal_goto in form submit handler.
- #157786 Fix capitalization on fieldgroup edit form.
- #136229 Fieldgroup weights not correctly imported when using content_copy.module.
- #149832 Use 'plain' format for views argument handler ($op = 'title').
- #137900 Added whitespace after field labels on node display

Field / widget modules
- Nodereference : Fixed XSS vulnerabilities (missing check_plain's around node titles).
- #147205 Nodereference : Fixed 'advanced settings - view arguments' not working.
- #155327 Nodereference : Added missing "n." table aliases in 'referenceable nodes' query.
- #153284 Nodereference : Fix unneeded and repeating {view_view} queries when
'advanced (Views) node selection' is *not* used.
- #150297 Nodereference : Fix encoded raw htmlentities appearing in select widgets when using
'advanced (Views) node selection' is used.
- #129016 Nodereference : Prevent possible errors if formatter is called with non numeric 'nid'.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects