Security update

This release fixes a security issue: values for field types "Select list" and "Constant" were not always sanitized.

Warning for users upgrading from 6.x-2.0-alpha1

Users still on 6.x-2.0-alpha1 should be careful when updating, as Extra Fields Pane's API had changed significantly between 6.x-2.0-alpha1 and 6.x-2.0-beta1. Read UPGRADE.txt for more information.

This release fixes a security issue: values for field types "Select list" and "Constant" were not always sanitized.

The other change in this release is that the feature to populate extra fields from previous orders has been ported. However, for this feature to work, you will need the latest development version of Ubercart Addresses (or Ubercart Addresses 7.x-1.0-alpha2, when it's released).

Changes since 7.x-1.0-alpha2

• by MegaChriz: fixed issue where values for field types "Select list" and "Constant" were not sanitized.
• Issue #1830996 by MegaChriz: added documentation to the README.txt for how to use field values in the invoice template.
• Issue #1872200 by MegaChriz: populate extra fields from previous orders.

Dependencies

• Ubercart 7.x-3.2 or later
• Ubercart Addresses 7.x-1.0-alpha1 or later

Integrations

• Token (code lives in the Ubercart Addresses module)
• Features
• Views

Changes since 7.x-1.2:

- Security update to Drupal core 7.19.
- Uses brand new Edit 7.x-1.0-alpha6 release, generously sponsored by Radio France. See release notes there for specific changes.
- WYSIWYG now uses CKEditor module, rather than Aloha module, per http://buytaert.net/from-aloha-to-ckeditor.

Fixed cross-site scripting security issue caused by the subject field not being escaped properly (reported by pbz1912). See SA-CONTRIB-2013-013 - Boxes - Cross site scripting (XSS) for details.

SA-CONTRIB-2013-010 - Search API sorts - Cross Site Scripting (XSS)