Download references-7.x-2.2.tar.gztar.gz 39.3 KB
MD5: 5d0a85ca042f6624087d094b84169f0a
SHA-1: 21d32b0d581c27cd9f7f95a6dbdaffae9bf5a481
SHA-256: 4ed7299d3e95f02e78cd9652835b4236403d13ea252b25602fd62928a82a7342
Download references-7.x-2.2.zipzip 48.58 KB
MD5: 768ea8a940f57a4d477c0d6a0b2b9666
SHA-1: 4b5b207703c1016ab389c57bb39ae6d44b24b1bc
SHA-256: 0d40fcda912502f64496c0c328c27a9150538580b57feb0c48f98ee5d8f08b83
Install with Composer: $ composer require 'drupal/references:^2.2'
Using Composer to manage Drupal site dependencies

Release info

Created by: nielsaers
Created on: 18 Apr 2017 at 16:57 UTC
Last updated: 19 Apr 2017 at 07:18 UTC
Core compatibility: 7.x

Release notes

Fixes References - Critical - Unsupported - SA-CONTRIB-2017-38

  • Issue #2075409 by timaholt: Added UUID/Deploy support locally in the References project.
  • Issue #2065759 by vladimir-m: Message 'is not a valid node id for this field.
  • Issue #2077439 by marcingy: Fixed Validation callbacks can result in an unneed db query due to a cache miss.
  • Issue #2019063 by marcingy: Fixed Nids are needless added to a dynamic query when user has certain permissions.
  • Issue #1504112 by jarrodirwin | alexverb: Title mismatch. Please check your selection (Error text should be more helpfull).
  • Issue #2082187 by stamina: Added New search method for autocomplete.

Thanks to Dropsolid for providing the time to help out getting this module released and to all others who have helped get it this far.

Caution to those who upgrade:
User 1 can always select all content. Eg, unpublished nodes. When a content editor with different permissions opens the edit page it will still see the title of the content it does not have access to. When that user with fewer permissions compared to user 1 tries to save the entity it will also fail to validate properly due to the access check it runs. See the invalid value state in the steps above. This makes the whole patch a bit difficult as it might cause for more friction and have unintended side effects.

Users with edit permissions for a specific entity and with permissions to edit a specific field will always see the title of the referenced node as entered by the user that saved that entity before. Caution is warranted when using this release in existing workflows where different roles can edit the same node but might see different content.


The selected release is the release that will be used for automated testing. Optional projects are only used for testing.



No optional projects