Drupal 7.x

Hi, 

I just had a security audit done of my Drupal 7 site and they were able to demonstrate the ability to run a theoretical XSS attack from a plain text field using Java Script. I have plain text fields on a node that I am altering with JS in my module to validate input but not to change display.  If you do a search for the node the JS will execute and in their example will show a pop-up. 

I must be missing something here because plain text should be escaping JavaScript. Right?

Thanks,

Josh

I'm looking to update the page title for the homepage of a site (running d7). Currently it's just displaying the site name as the page title and I filled in the page title in the backend but it's getting overwritten by something. I tried disabling Global: Front Page and Global but neither work. As well, I tried overwriting the page title in Global: Front Page.

Would any have any idea how I could go about correcting this issue?

The "Upload" button that appears next to the Image and File fields in Drupal 7 does not work in Chrome. Likewise, the "Remove" button next to a successfully-uploaded file does not work.

Steps to reproduce:

1. Install Drupal 7 (I confirmed the issue in 7.69 and 7.70).

2. Add an Image or File field to the Basic Page content type.

3. Create a new Basic Page node.

Hi there,

I'm looking for a complete list of the user information the Drupal CAPTCHA (not reCaptcha) collects when added to a web form. Is there an official Drupal document that would have these details?

I can find articles and blog posts (though they are primarily reCaptcha-related), but nothing more definitive. 

We need this information to complete a privacy assessment.

Thank you!

Hi..

I've tried to switch my running Drupal multilanguage project from Host A to Host B and switch the Domain from oldsite.com to newsite.com.

All files and the database are moved 1:1 from A to B. The database name, database user and password. 

In the setting.php i've checked the database information and changed to the new URL. 

But nothing happens. 

Then i installed a new instance with a fresh database, and after this step i'll changed the settings.php again to the old one.

While editing content on site, noticed that the upload & remove buttons are not working in Google Chrome.  Have had a few users report also having same issue in Firefox.  

Example:  For a file field, I can select the file to upload but when I press the upload button, nothing happens.

There was a core update last week but I did not notice any issues after that was completed...thinking it is a browser issue but not sure if there is a way to resolve.