Releases for Monster Menus

This release includes many bug fixes and performance improvements, as well as full Drupal 10.1 and PHP 8.2 compatibility.

This is the first release candidate of Monster Menus, compatible with Drupal 10.

At a minimum, Drupal 9.4 is required to run this version.

• Fix some PHP warnings in Search
• Fix a problem when exporting permissions applied to nodes
• Since recycle bins are usually emptied during a cron run, impose a ten minute time limit on the deletion of nodes. Any nodes remaining after the time limit will be processed during the next cron run. Once they have all been deleted the containing pages are deleted.
• Fix a bug which could prevent a node from being dragged when reordering nodes on a page
• Fix the display of Subpage Lists with PHP 8
• Fix various PHP 8 warnings

Development branch

First full release candidate for D9.

Monster Menus core:

• Make MM work with the comment_verification module
• Fix the uploading of a CSV of group members, in the case where there are duplicate users in the file
• Prevent the page permalink from being incorrect when there is an mm_block node on the page
• Improve the prompt when deleting a node, in the case where the current MM page is not one of the pages where the node is stored
• Prevent nodes with the same modification time from appearing in a non-deterministic order on a page
• Remove some site-specific code

Changes in Monster Menus:

• Add a new cascaded page setting to hide the Contents/Settings/etc. tabs from non-admin users
• Improve the list of revisions for groups
• Make the group/page chooser work better with Advanced Aggregation (advagg)
• Issue #2965802: Adding a duplicate user to a group gives integrity constraint violation by hcethatsme

• Speed up the generation of very long menus
• Verify sort index: Fix the case where the root tree entry is marked dirty; improve the message that appears when the tree is being checked (but not fixed) and an entry is dirty
• Fix a case where admin/mm/sort/fix could fail to fix anything if a fix was needed for a top-level page
• Clean up some unused rows in the mm_tree_access table
• Fix the index on the mm_tree_bookmarks table, and supporting code, to prevent unnecessary rows in the table

• If your site has the feature enabled to provide every user with his or her own homepage, these homepages are no longer created by default when a new account is added. Instead, they are created when requested by the user. Drush commands have been added to administer user homepages.
• A new "Check for orphan nodes" command has been added at admin/mm. This will look for any nodes that are not associated with any MM page and assign them to one for manual review. There are new drush commands, also: mm-check-orphan-nodes and mm-fix-orphan-nodes.
• The thickbox module is no longer needed, unless your site uses the Gallery content type, as provided by the mm_media module. Among the benefits, this improves usability for users of devices with small screens.
• Improve the efficiency of permanently deleting nodes and subpages when a page has many children
• Improve the efficiency of the fuzzy "page not found" code, so that certain edge cases don't seem to go on forever
• The speed of permanently deleting pages has been greatly improved. Unfortunately, it's still slower than it needs to be due to silliness in core.
• Paginate the MM page revisions table and default to a most-recent-first sort order

Changes in Monster Menus

• Allow hook_mm_showpage_routing() page callbacks to insert content into multiple regions on the page at once. See mm_api.inc for details.
• Fix various PHP 5.4/5.5 warnings
• Fix the MIME type of search results export as CSV
• Issue #2554799 by Gribnif, i.mcbride, visabhishek: Select elements on the MM Archive pages should have labels for accessibility
• Fix some more missing cache clears, which mostly affected the accuracy of the permissions regression tests
• Prevent double-escaping of page titles/breadcrumbs

IMPORTANT:

If you have a previous release, you must run update.php or "drush updatedb" immediately. If you use the mm_media module you may have to update twice, since a warning is generated the first time under certain circumstances.

Monster Menus:

Features:

• Add options to admin/mm to export/import entire sections of the tree. Nodes attached to pages can also be acted upon, if the node_export module is installed.
• Add a new mode to mm_create_path() to only add new items, and not update existing ones; add the ability to return a list of stats/error messages; the same stats are now also present in mm_content_insert_or_udpate()
• Add a "test" parameter to mm_create_path(), to permit dry runs
• Feature #2231165: Add some support for pathauto

• Fix a longstanding bug that could cause sort index errors when moving contents into recycle bins. Many many thanks to Hilary C. for coming up with a reproducible test case.
• Allow the user to edit a node that is assigned to more than one page, via the URL of the page which is numerically lowest, for which he does not have page-level read access

• Don't empty the group membership lists of sub-groups when the "Copy these permissions to all sub-groups of this group" option is checked
• Correctly delete the group from mm_node_write when using "Reassign user content" and the user being reassigned is the only member of an "individual users" permisions group for a node

• Improve the translatability of some watchdog messages
• Prevent a (remotely) possible missing function error when creating user homepages
• See if a user's home page needs to be set up every time they log in
• Fix a longstanding typo in the blocks admin page
• Fix a PHP warning when parsing a URL containing "mm/" followed by garbage
• Fix a bug in virtual group regeneration which could cause additional group members to be added when the count of members goes down drastically, but to a number greater than zero, thereby marking it "insane"

MM:

• Group membership can be downloaded to a CSV file and then updated using a CSV file upload
• Add text to the page settings, describing which parent page's theme will be inherited if no theme is chosen
• In the page copy/move form, standardize the name and alias fields with respect to the regular page settings form; fix the default value of the alias, so that it matches the original page being copied or moved
• Change the location of the "MM blocks" menu item (admin/structure/block/mm), so that it appears in the actions menu, rather than intermingled with the theme tabs. Requires a menu tree rebuild to take effect.
• If the no_breadcrumb flag is set, include a noindex meta tag, asking nice crawlers not to index the page; fix a PHP warning
• Improve the translatability of some watchdog messages
• See if a user's home page needs to be set up every time they log in
• Prevent a (remotely) possible missing function error when creating user homepages
• Fix a longstanding typo in the blocks admin page
• Fix a PHP warning when parsing a URL containing "mm/" followed by garbage
• Fix a bug which would cause the Edit link next to the destination alias of a copy/move operation to be unclickable

SA-CONTRIB-2013-066 - Monster Menus submodule mm_webform - Access Bypass
https://drupal.org/node/2059823

MM:

Don't ban hidden node types when considering access to create nodes

Add an option to the detailed 404 page function, allowing it to do all of the searches except for the costly ones that use SOUNDEX

mm_webform:

Fix a potential bug in webform results access; clean up the code a bit to remove abiguity

Move the Amherst-specific "Uploaded Files" directory code out of MM's media module

Fix a longstanding access control bug, which allowed users to see nodes that were unpublished (status=0) under certain circumstances

mm_schedule:

• Correctly handle the case when a day/week grid's ending time is either midnight or less than its starting time

monster_menus:

• #1784836: Prevent Erroneous Redirects When at mm/%/node/% URLs
• Fix a possible undefined function error under certain rare conditions

monster_menus:

• #1700604: Patch to add a "permanent delete" to control Recycle Bin delete access

• Make mm_content_get_cascaded_settings() return a data type which matches that of the element being queried, even when empty; improve the documentation of this and mm_content_resolve_cascaded_setting()
• Fix the docs for mm_content_get_cascaded_settings()
• Fix the saving of node (un)publish dates when calling node_save() directly in code

IMPORTANT: Be sure to run update.php after installing this version.

monster_menus:

• Fix a longstanding access control bug, which allowed users to see nodes that were unpublished (status=0) under certain circumstances
• Greatly relax the restrictions on what page names can be used due to possible collisions with the internal Drupal menu system. Previously, there would be frequent complaints during menu rebuild that some very common page names could not be used. This code will reduce the chance of that happening, down to only what is truly necessary.
• In the copy/move dialog, use the friendlier "machine_name" field type for page aliases when the user is an administrator

mm_media:

• Fix issue in tree browser that prevented images from being selectable
• Move the Amherst-specific "Uploaded Files" directory code out of mm_media
• Fix an ordering issue for thumbnails in mm_browser where Styles would try to override file icons
• Treat SWF files like videos
• Fix some cases of the form_alter hook being overzealous, which led to phantom textareas appearing on admin forms
• Delete the corresponding file when a mm_media node is deleted
• Remove the maximum length on the list of allowed file extensions

mm_schedule:

• Don't set the download file name when viewing a calendar as RSS
• Don't try to skew the start/end dates for a calendar if it's not a year display

rss_page:

• Fix a couple of seldom-used queries that were not properly updated for D7