Drupal 4.7.7

The seventh maintenance and security release of the 4.7.x series. Only fixes for a security vulnerability and other bugs have been committed. New features are only being added to the forthcoming 6.0 release.

This release fixes a security vulnerability. Sites are urged to upgrade immediately. For more details, please see the security announcement:

• SA-2007-018: XSS Drupal 4.7.x, 5.x

In addition to this security vulnerability, the several bugs have been fixed since the 4.7.6 release:

• #32833 by fgm: Fixed documentation error.
• #114103 by adixon: New profile fields added to registration form show above Account Information.
• #117917 by webchick: Improved documentation for cookie domain.
• #68690 by mindless: New attachments not shown in node preview.
• #121876 by Darren Oh: drupal_to_js() converts empty arrays to objects.
• #133865 by Alexis: Incorrect use of form_set_error in user_login_validate().
• #130215: backport of #60664, 'Comment: duplicate ...' in watchdog, even when editing a comment.
• #101305 by bjaspan: textarea.js is incompatible with IE.
• #150972 by alex_b: limit wget to 1 run per second.
• #133789 by John Albin (port by Omar Abdel-Wahab): Drupal-generated email can look like spam (to SPF).
• #103079 by yched: check_plain('') returns </p>.
• #158687 by drumm: Fix Drupal.encodeURIComponent() and drupal_urlencode() edge cases.