Download cck-4.7.x-1.6.tar.gztar.gz 73.1 KB
MD5: 98428049fc5bcb946e4ec9bbfb666d9c
SHA-1: 87772aba926992b40524c9f3d02ea973cb66da7f
SHA-256: 48b48e8beefd0319a72ec48562c2abe065b2d7883a26f974a8f844b6b1ccd826
Download cck-4.7.x-1.6.zipzip 96.59 KB
MD5: a88331f25edbc0985e0adb0208a4af8f
SHA-1: 125c22f807ffc664d76f477141a8c52e165d3fe2
SHA-256: 4bf71be605f1ff13b09d89a65f87a8b7adf912358ea18ed400ff162460204452

Release info

Created by: yched
Created on: August 13, 2007 - 19:17
Last updated: August 13, 2007 - 19:48
Core compatibility: 4.7.x

Release notes


IMPORTANT : this release fixes two cross-site scripting (XSS) vulnerabilities
in nodereference.module :
- when a nodereference field is displayed using the 'plain' formatter
- when a nodereference field is edited using the 'autocomplete text field' widget
(only when _not_ using the 'advanced options - Views.module' for the field)

All sites using CCK / nodereference.module should consider upgrading to this release
as soon as possible.

Please see DRUPAL-SA-2007-019 for more information.


- #154827 Let modules know the 'dummy' node form built on the 'manage fields' tab
is requested by CCK admin UI (problem with userreviewmodule).
- #153101 Provide better explanation on the 'default value - php code' expected format.
- #151347 Refactor content_field('load') to make it more legible.

Field / widget modules
- #152892 Optionwidgets : Better help text for 'single on/off checkbox' widget label.
- #65133 / #152016 Nodereference : Added 'full node' and 'teaser' formatters.
- #126926 Nodereference : Skip node_load in 'title'-based formatters.


- #155416 Limit non standard CSS (transparency) to the field overview page.
- #149832 Use 'plain' format for views argument handler ($op = 'title').
- #137900 Added whitespace after field labels on node display

Field / widget modules
- Nodereference : Fixed XSS vulnerabilities (missing check_plain's around node titles).
- #147205 Nodereference : Fixed 'advanced settings - view arguments' not working.
- #155327 Nodereference : Added missing "n." table aliases in 'referenceable nodes' query.
- #153284 Nodereference : Fix unneeded and repeating {view_view} queries
when 'advanced (Views) node selection' is *not* used.
- #150297 Nodereference : Fix encoded raw htmlentities appearing in select widgets
when 'advanced (Views) node selection' is used.
- #129016 Nodereference : Prevent possible errors if formatter is called with non numeric 'nid'.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.


No required projects


No optional projects