SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
This release of Webform 3.x fixes several bugs and an XSS security issue. No new features in this version. Upgrading is recommended for all users of Webform 3.x.
Bug fixes since 6.x-3.19:
- #2068305 by issa.haddadin: Prev page button label/ Next page button label should be translatable.
- #1880140 by quicksketch: Uninstall leaves entries in variable table.
- #1897978 by Liam Morland, quicksketch: Emailed %email_values() shows blank for text field when value is submitted as '0'.
- #1822010 by dbassendine: Disabled option for Numeric field.
- #1956336 by mr.york: Same data on every page when using Webform2PDF to download multiple submissions.
- #2021617 by kleinmp: Grid update 6313 destroys submitted data.
- #2013523 by PQ, quicksketch: Add an alter hook for component defaults.
- #1601968 by sah62, quicksketch: Number step test modulo (fmod) has precision errors with odd float numbers.
- #2019029 by 1point21: $_COOKIE not always defined in _webform_filter_values.
- #1810752 by malcomio: Add direct link to edit webform components from webform list.
- #1877770 by pjcdawkins: Show that 'You do not have permission to view this form" is an error.
- #1821152: Remove unused hook_help() entry for component page.
- #1820840 by pgillis: Forms under the E-mails tab causes all the tabs to disappear.
- #1621606: PHP Warning: Invalid argument supplied for foreach() in webform_mollom_form_info().
- #2013176 by benclark: Resend E-mails form fails validation on every submit.
- #1533408 by rlhawk: Allow modules to modify exported submissions.
- #1804858 by bxtaylor and pdrake: Fatal error: Allowed memory size exhausted in number.inc when calculating standard deviation.
- #1985348: Markup fields show empty "Display" fieldset when configuring.
- #1578034 by Jelle_S: Trigger change event when date popup is used.
- #2006740 by robwilmshurst: Notice: Undefined variable: sid in webform_results_export().