Release info

Created by: quicksketch
Created on: February 12, 2014 - 05:16
Last updated: March 4, 2015 - 19:45
Core compatibility: 7.x
Release type: Security update, Bug fixes

Release notes

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
This release of Webform 3.x fixes several bugs and an XSS security issue. No new features in this version. Upgrading is recommended for all users of Webform 3.x.

Changes since 7.x-3.19:

  • #2068305 by issa.haddadin: Prev page button label/ Next page button label should be translatable.
  • #1968434: Undefined property: stdClass:: in webform_block_view() (line 1759 of webform.module)..
  • #1880140 by quicksketch: Uninstall leaves entries in variable table.
  • #1897978 by Liam Morland, quicksketch: Emailed %email_values() shows blank for text field when value is submitted as '0'.
  • #1819522 by grahamC: Multiple drafts being saved on upload of attachments.
  • #1822010 by dbassendine: Disabled option for Numeric field.
  • #1956336 by mr.york: Same data on every page when using Webform2PDF to download multiple submissions.
  • #1982056 by rooby: The radio button labels in grid elements are not descriptive enough.
  • #1833040 by BWPanda: Make Webform body field optional during install.
  • #1982042 by rooby: Date & Time fields don't have labels for their individual elements.
  • #1869222 by Simon Georges: Remove hook_link() implementation; doesn't exist any more in D7.
  • #1613458 by DeFr: Form #states do not affect fieldsets from within $form['submitted"].
  • #2013523 by PQ, quicksketch: Add an alter hook for component defaults.
  • #2031541 by claar: webform_submission_delete() phpdoc incorrect.
  • #1601968 by sah62, quicksketch: Number step test modulo (fmod) has precision errors with odd float numbers.
  • #1891552 by quicksketch, a-fro: Newly created webform blocks not appearing in blockreference list.
  • #2019029 by 1point21: $_COOKIE not always defined in _webform_filter_values().
  • #2028497 by hass: Wrap form submit buttons in actions array.
  • #2038253: Append rather than override classes in e-mail and export forms.
  • #2031055 by hass: Append rather than override classes in theme_webform_advanced_total_submit_limit_form().
  • #2031053 by hass: Append rather than override classes in theme_webform_advanced_submit_limit_form().
  • #2031057 by hass: Append rather than override classes in theme_webform_advanced_redirection_form().
  • #2030869 by hass: Append rather than overwrite classes in theme_webform_date().
  • #2030885: Append rather than override classes in theme_preprocess_webform_time().
  • #1601948: Duplicate Prefix/Suffix of number when viewing a submission.
  • #1810752 by malcomio: Add direct link to edit webform components from webform list.
  • #1877770 by pjcdawkins: Show that 'You do not have permission to view this form" is an error.
  • #1803702 by DanChadwick: Resend e-mail form w/ invalid e-mail address throws notice, doesn't add ' (empty)" as intended.
  • #1821152: Remove unused hook_help() entry for component page.
  • #1448448 by iSampo: Fixed _webform_filter_values() works incorrectly if several submissions are used during one page load.
  • #1807696: Tag webform_submission_user_limit_check() query.
  • #1820840 by pgillis: Forms under the E-mails tab causes all the tabs to disappear.
  • #1375182 by anou: Adding views field "User: Webform submission count" results in "Call to a member function execute()".
  • #1621606: PHP Warning: Invalid argument supplied for foreach() in webform_mollom_form_info().
  • #1533408 by rlhawk: Allow modules to modify exported submissions.
  • #1267142 by mrfelton: webform_email_html_capable should also check for existence of htmlmail module.
  • #1681520 by Liam Morland and mscalone: Empty file field causes error on Postgres.
  • #1804858 by bxtaylor and pdrake: Fatal error: Allowed memory size exhausted in when calculating standard deviation.
  • #1803808 by pjcdawkins and eltermann: Undefined variable: account in webform_set_breadcrumb().
  • #1562756 by weseze and ParisLiakos: Webform "admin/content/webform" page should only show nodes with webform configuration, not all webform-enabled types.
  • #1985348: Markup fields show empty "Display" fieldset when configuring.
  • #1578034 by Jelle_S: Trigger change event when date popup is used.
  • #2006740 by robwilmshurst: Notice: Undefined variable: sid in webform_results_export().