Security update

Fixes DRUPAL-SA-2007-009.

This release fixes a security vulnerability, all users of project-4.7.x-1.x (or 4.7.0 from before the new release system) are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the only other changes in this release are bug fixes since project-4.7.x-1.1:

• #100901: there was 1 more call to project_project_set_location() which i missed when backporting this fix to DRUPAL-4-7. :( This causes undefined function errors when you try to add a release in 4.7.x-1.*.
• #11879: removing dead hook_content() code
• removing weird stale code that's initializing things from $_GET in hook_form() which was added in revision 1.15, 2003.
• hook_form() doesn't need $node passed by reference. Removing some stray whitespace and a line of commented-out dead code.
• #104837: remove unneeded t() and double check_plain() + check_url()
• removing cruft that's no longer relevant or desired: we don't want checkboxes to be inline'ed on project node forms.
• #105228: fix CSS to handle new behavior of FAPI #prefix/#suffix (#100787)
• use l() to generate links instead of our own custom code

This release fixes a security vulnerability, all users of project (4.7.x-2.x) are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the other changes since project-4.7.x-2.1:

This release fixes a security vulnerability, all users of project 5.x-0.x-dev from before 2007-01-23 are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

NOTE: The upgrade path from 4.7.x-1.* version of the Project module is still very confusing, undocumented, and error prone. Sites that use the project module are strongly recommended to not upgrade to Drupal core 5.x until the official 5.x-1.0 release of this module is available.

Besides the security fix, other changes in this release include:

This release fixes a security vulnerability, all users of project-4.7.x-1.x (or 4.7.0 from before the new release system) are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the only other changes in this release are bug fixes since project-4.7.x-1.1:

• #11879: removing dead hook_content() code
• Reformatting menu item array declarations to be more readable.
• #105227: validation failing when project in URL doesn't match selected value in the form. This was due to bad logic in the form builder.
• #105704: foreach() warning if you do a completely empty advanced search.
• #105521: rip out bizzare "default version" behavior
• #105229: fix CSS to handle new behavior of FAPI #prefix/#suffix (#100787)
• Don't reuse the class="options" div, since that makes the "Publishing options" fieldset become inline, too. now, we use an "inline-options" div when we want everything floated and inline.
• #106783: "inline-table" messes up fieldsets on Opera. It's ignored by Firefox. Safari gets it right, but that's not enough reason to keep it.

This release fixes a security vulnerability, all users of project_issue-4.7.x-2.x are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the other changes since project_issue-4.7.x-2.1 in this release include:

• #11879: removing dead hook_content() code
• Reformatting menu item array declarations to be more readable.
• #97095: Issue tracker should not depend on project_release.module
• #104484: issue tracking not enabled by default for new projects (bug introduced via revision 1.4.2.3.2.2, for #96971).
• #105227: validation failing when project in URL doesn't match selected value in the form. This was due to bad logic in the form builder.
• #105704: foreach() warning if you do a completely empty advanced search.
• #105521: rip out bizzare "default version" behavior
• #105229: fix CSS to handle new behavior of FAPI #prefix/#suffix (#100787)