Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Install
Works with Drupal: 7.xUsing Composer to manage Drupal site dependencies
Downloads
Download webform-7.x-4.5.tar.gztar.gz
203.34 KB
MD5: 8b864d7fd7de0abcc11f213bc28dcc6b
SHA-1: 154e9c772e67fb3c1b170fd3b688d54ec4c8d851
SHA-256: b3aa57d8f73c96a05c6b2ffb84a72394ccd7bf60052d90d77639c21caf1d621a
Download webform-7.x-4.5.zipzip
250.45 KB
MD5: 0eb618344c78f121e64bff2cee5e5d8d
SHA-1: 8ca8be091693862dbf34f3b2e5858c4f7b8ad071
SHA-256: ffe760d8f30bfa981f4e70e2fcb44bb87b51894c7f8abe26d308c8da472e3539
Release notes
This release of 7.x-4.x fixes one security issues and a number of bugs. Updating is strongly recommended for all users of the 7.x-4.x branch. See SA-CONTRIB-2015-078 - Webform - Cross Site Scripting (XSS) for details.
Security issue
When a webform component is used as the "To" address or addresses for sending an e-mail, the name of the component is not sufficiently sanitized when it is displayed in the list of e-mail settings, leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to create or update webform nodes and edit webform components and settings. This permission is normally granted only to administrative users.
Upgrading from Webform 3.x to 4.0
If you're upgrading from Webform 3.x, please make a database backup prior to upgrading and check that all modules that extend Webform on your site are Webform 4.x compatible. Slight differences in the class names and IDs may result in updates being needed to your site's CSS. See the API changes between 3.x and 4.x documentation for more information.
Upgrading is recommended for all Webform 3.x users who have determined that any related modules are compatible with Webform 4.
Changes since 7.x-4.4:
- #153017 by Dan Chadwick: Incorrect display of select component in e-mail list.
- #2449383 by Upchuk, DanChadwick: Select list component display incorrectly orders items; should match component order
- #2452845 by DanChadwick: Whitespace and capitalization adjusted to standards.
- #2452771 by DanChadwick: Use views tag of 'webform' for webform built-in views
- #2451077 by skyhawk669: Cannot resend emails for results of webform using conditional email feature
- #2449501 by DanChadwick: Site name containing UTF-8 used with emails with Reply-To feature
- #2447745 by DanChadwick: Value of a hidden field should be empty in browser
- #2396083 by DanChadwick: Notice: Undefined index: #default_value in webform_expand_select_or_other().
- #2446083 by DanChadwick: Inter- plus intra-page conditions don't get inter-page values
- #2424243 by Leksat, DanChadwick: Fixed numeric keys in Javascript settings.
- #2445931 by DanChadwick: Webform advanced feature to index forms should be replace by view mode.
- #1919872 by DanChadwick: Skip hook_node_view() if webform is not rendering a form for a view mode.
Security update
Bug fixes
Insecure
