4.7--1.6
========
IMPORTANT : this release fixes two cross-site scripting (XSS) vulnerabilities
in nodereference.module :
- when a nodereference field is displayed using the 'plain' formatter
- when a nodereference field is edited using the 'autocomplete text field' widget
(only when _not_ using the 'advanced options - Views.module' for the field)
All sites using CCK / nodereference.module should consider upgrading to this release
as soon as possible.
Please see DRUPAL-SA-2007-019 for more information.
Features
--------
General
- #154827 Let modules know the 'dummy' node form built on the 'manage fields' tab
is requested by CCK admin UI (problem with userreviewmodule).
- #153101 Provide better explanation on the 'default value - php code' expected format.
- #151347 Refactor content_field('load') to make it more legible.
Field / widget modules
- #152892 Optionwidgets : Better help text for 'single on/off checkbox' widget label.
- #65133 / #152016 Nodereference : Added 'full node' and 'teaser' formatters.
- #126926 Nodereference : Skip node_load in 'title'-based formatters.
Bugfix
------
General
- #155416 Limit non standard CSS (transparency) to the field overview page.
- #149832 Use 'plain' format for views argument handler ($op = 'title').
Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life resources page to review all of your options.
