drupal 7.36

Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major new functionality); major, non-backwards-compatible new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

Besides documentation fixes, no changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:

• Sites using the Features module could see certain content types become disabled (i.e., disappear from the site) after updating to Drupal 7.36, if the content type was defined by a disabled feature module. This is consistent with how content types defined by disabled non-Features-related modules behaved previously, but is a behavior change that might be unexpected in some cases (see the issue for further discussion).

  The above problem could also occur for content types defined by non-Features-related modules if their hook_node_info() implementation defined the content type with base' => 'node_content', or if the content type was saved to the database programmatically using node_type_save() without specifying it as a custom content type. However, these scenarios are not expected to be common.

  Solution: Updating to Drupal 7.37 or higher should fix the problem (and automatically restore the disabled content types).

• Ajax previews of file uploads using several different modules are not working correctly with Drupal 7.36:
  • FileField Sources (see this issue)
  • FileField Sources Plupload (see this issue)
  • IMCE for FileField (see this issue) - fixed in the 7.x-1.1 release
  • Remote File Source (see this issue) - (?) needs verification
  • FileField Sources Scald (see this issue) - fixed in the 7.x-1.0 release
  • FileField Sources View (see this issue) - (?) needs verification
  • AmazonS3 Filefield Sources (see this issue) - (?) needs verification

  When adding a file to a field configured to use one of these modules, the thumbnail preview will not immediately appear on the screen anymore, although the uploaded file should still be saved after the form is submitted.

  There are patches to fix this problem for all of the above modules. Some have been committed already and new releases made, and for others the patches currently need review (see the issues linked above). Also see the discussion at the relevant Drupal core issue, #1734716: File field form label has incorrect id in @for attribute.

• The same change discussed above caused duplicate HTML IDs to appear on managed file form elements in certain situations. See #2497909: Duplicate HTML IDs are created for file_managed_file fields for more information.

Major changes since 7.35:

• Prevented the form API from allowing arrays to be submitted for various form elements, such as textfields, textareas, and password fields (API change: https://www.drupal.org/node/2462723).
• Added a 'javascript_always_use_jquery' variable which can be set to FALSE by sites that may not need jQuery loaded on all pages, and a 'requires_jquery' option to drupal_add_js() which modules can set to FALSE when adding JavaScript files that have no dependency on jQuery (API addition: https://www.drupal.org/node/2462717).
• Added a user_has_role() function to check whether a user has a particular role (API addition: https://www.drupal.org/node/2462411).
• Added a 'file_public_schema' variable which allows modules that define publicly-accessible streams in hook_stream_wrappers() to bypass file download access checks when processing managed file upload fields.
• Fixed a bug that caused database query tags not to be added to search-related database queries under many circumstances, and which prevented the corresponding hook_query_TAG_alter() implementations from being called.
• Fixed the "for" attribute on managed file upload field labels to improve accessibility (minor markup change).
• Fixed incorrect foreign keys in the User module's role_permission and users_roles database tables.
• Changed permission descriptions throughout Drupal core to consistently link to relevant administrative pages, regardless of whether the user viewing the Permissions page can view the page being linked to (minor UI change).
• Fixed the drupal_add_region_content() function so that it actually adds content to the page.
• Added an 'image_suppress_itok_output' variable to allow sites already using the existing 'image_allow_insecure_derivatives' variable to also prevent security tokens from appearing in image derivative URLs.
• Fixed double-escaping of theme names in the Block module administrative interface (minor string change).
• Added basic support for Xdebug when running automated tests.
• Fixed a bug which caused previewing a node to remove elements from the node being edited. With this fix, calling node_preview() will no longer modify the passed-in node object (minor API change).
• Fixed installation failures when an opcode cache is enabled.
• Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused private files to be inaccessible.
• Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused user pictures to be lost.
• Fixed missing language code in hook_field_attach_view_alter() when it is invoked from field_view_field().
• Stopped sending ETag and Last-Modified headers for uncached page requests, since they break caching for certain Varnish and Nginx configurations.
• Changed the Simpletest module to allow PSR-4 test classes to be used in Drupal 7.
• Fixed a fatal error that occurred when using the Comment module's "Unpublish comment containing keyword(s)" action.
• Changed the "lang" attribute on language links to "xml:lang" so it validates as XHTML (minor markup change).
• Fixed a bug in the Contact module which caused the global user object to have the incorrect name and e-mail address during the remainder of the page request after the contact form is submitted.

All changes since 7.35:

• #2305017 by David_Rothstein, slashrsm, marcingy: Add a 'file_public_schema' variable to allow bypassing file download access checks in managed file upload fields
• #2364069 by damiankloip: Search specific tags are not available and hook_query_TAG_alter hooks are not invoked
• #1734716 by larowlan, dcam, mgifford: Managed file form label has incorrect "for" attribute
• #1279226 by attiks, ericduran, Wim Leers, sun, David_Rothstein, nod_: Allow sites and modules to skip loading jQuery and Drupal JavaScript libraries on pages where they won't be used
• #1946240 by hampercm, eiriksm, David_Rothstein, rpayanm, rszrama, Yaron Tal, dgtlife, madhusudanmca, er.pushpinderrana, Cottser: Remove the hardcoded 0 index in theme_status_messages()
• #2432619 by vbouchet, jhodgdon, joachim: block_load() should state it's not suitable for general consumption
• #1201452 by mgifford, Heine, ircmaxell: Improve security on newer versions of PHP by setting an additional charset DSN parameter when connecting to MySQL via PDO
• #197641 by herom, good_man, elcuco: Drag and drop does not work correctly on RTL languages
• #1828530 by cam8001: Remove unused $default_method variable in user_cancel_confirm_form()
• #1051872 by boombatower, jdillick, marvil07: Add documentation concerning modified property flag on node_type_save()
• #1483736 by stefan.r, bfcam, jrigby: field_attach_update deletes file fields (content & file) in entity regardless of if they are included in the entity object
• #2386037 by gobinathm: Incorrect foreign key tables in users.install
• #2462223 by helmo: Typo in comment in node_access_test.module
• #2425259 by catch, sidharrell, nlisgo, Josh Waihi, Fabianx, Berdir, martin107: Router rebuild lock_wait() condition can result in rebuild later in the request (race condition)
• #2283717 by joshi.rohit100, amitgoyal, g3r4, er.pushpinderrana: Remove user_access function calls on hook_permission functions so the Permissions page consistently links to other admin pages for all users
• #1018618 by manfer, joshi.rohit100: Wrong assertions in block.test
• #2446657 by rpayanm, er.pushpinderrana: Remove dead link from robots.txt
• #2453321 by TravisCarden: Typo in @see reference: drupal_decode_exception() should be _drupal_decode_exception()
• #2453311 by TravisCarden: Fix a couple more "the the"s in the codebase
• #2453389 by rpayanm, joshi.rohit100: hook_view() does not document $langcode
• #713462 by jwilson3, Paul B, casey, sivaji@knackforge.com, dcam: Content added via drupal_add_region_content() is not added to pages
• #1934498 by attiks, David_Rothstein, KhaledBlah, tstoeckler, julien_acti, helmo, effulgentsia, Jelle_S, jcisio: Allow the image style 'itok' token to be suppressed in image derivative URLs
• #1995058 by TravisCarden, acbramley, vbouchet: Tableselect "select all" checkbox should be checked on page load if all checkboxes are ticked
• #413270 by Jody Lynn, Daniel Korte: Block settings for theme menu title getting double escaped
• #889338 by dawehner, das-peter, yched, heddn, frankcarey: Add support for Xdebug in DrupalWebTestCase
• #2001308 by stefan.r, David_Rothstein, marthinal, helmo: Node preview removes file values from node edit form for non-displayed items
• #1441950 by hefox: Node types removed from hook_node_info with base = 'node_content' cannot be deleted
• #1883058 by cilefen, aendrew: Default Drupal "drop" favicon needs a retina-quality version
• #2342243 by martin107, serundeputy: Rename a variable in theme_system_modules_fieldset() to avoid colliding index variable names in a nested foreach loop
• #2371759 by Valentine94, angel.angelio: The docblock for user_help() should read "Implements hook_help()."
• #2394517 by opdavies: Add a function to check if a user has a certain role
• #365241 by bcn, paulmarbach, xjm, chuckdeal97, skruf: Add select event to autocomplete feature
• #2428915 by pfrenssen: Remove mention of non-existing function in conf_path() documentation
• #375062 by cs_shadow, David_Rothstein, mondrake, juampy, theunraveler, hswong3i, smk-ka, fietserwin: "imagecolorsforindex() Color index nnn out of range in GDToolkit" message sometimes appears
• #779482 by mikeytown2, sun, dalin, cam8001, segi, alexpott, Boobaa, Sweetchuck, jbrown, quicksketch: Installation failure when opcode cache is enabled
• #2170453 by Darren Oh, mikeryan, Fabianx: Ignore case in code registry lookups
• #1404050 by JamesOakley, David_Rothstein: system_update_7061 breaks private files by leaving one too many forward slashes in protocol of migrated URIs
• #1882774 by David_Rothstein, iva2k: User pictures are lost when system_update_7061 merges files into {file_managed}.
• #495930 by fietserwin: Translated strings not correctly marked in the administrative interface when the default language is not English
• #1823306 by mkalkbrenner, p-neyens, webflo, swentel, zuuperman: Language code is missing from $context when hook_field_attach_view_alter() is invoked from field_view_field()
• #1303412 by nod_, droplet, Valentine94, KarenS, sahuni: Cannot drag in or out of 'Hidden' on the 'Manage Display' page under certain circumstances
• #2381839 by klausi, Damien Tournoud: Changed date format for Last-Modified header breaks caching for certain Varnish/Nginx configurations.
• #2067323 by Valentine94, geerlingguy, jessebeach, vlad.dancer: Don't show empty vertical tabs area if all vertical tabs are hidden
• #2439287 by jmsv23, jonathan_hunt: Fix typo in inline docs for field_sql_storage_field_storage_write().
• #2293767 by tstoeckler: Allow PSR-4 test classes to be used in Drupal 7.
• #1461732 by filijonka, Cottser, dcam, marcingy, swentel, udaksh: Fatal error when using the Comment module's "Unpublish comment containing keyword(s)" action
• #1904528 by Heine, GoddamnNoise: Language switcher (User interface text) Block generates invalid XHTML+RDFa 1.0
• #2417983 by jacob.embree: Change docs instances of "the the" to "the"
• #1081902 by zealfire: DrupalEntityControllerInterface::load - doc needs to clarify $conditions
• #2407175 by zealfire: Documentation error in default.settings.php
• #2392543 by awm: Fix documentation for hook_taxonomy_term_view_alter
• #2411227 by chx: Remove chx from the Drupal 7 MAINTAINERS.txt file.
• #2208649 by joachim, er.pushpinderrana: document queue worker callback
• #2377879 by er.pushpinderrana, yakoub: hook_user_view documentation has incorrect piece
• #2382801 by er.pushpinderrana, Liam Morland: Improve documentation for module_exists()
• #2383491 by er.pushpinderrana, Sweetchuck: Inaccurate documentation - hook_image_toolkits()
• #2380053 by klausi, pwolanin, tsphethean, sun, David_Rothstein: Posting an array as value of a form element is allowed even when a string is expected (and bypasses #maxlength constraints) - first step: text fields
• #2380143 by Lendude, pwolanin: Contact forms set an incorrect name and e-mail address on the global user object after the form is submitted.