Releases for Project

This release fixes two security vulnerabilities described in DRUPAL-SA-CONTRIB-2009-001. Sites are urged to upgrade immediately. In addition to these security updates, this release includes the following changes since version 5.x-1.2:

Project module

Bug fixes

• #235037 by aclight and dww: Fixed critical bugs in project_page_overview() query and logic. It wasn't using the {project_release_supported_versions} table, so download links were sometimes pointing to the wrong releases.
• #239240 by aclight and hunmonk: Fixed bug where browse by date only worked with project_release and taxonomy modules (for no good reason).
• #211188 by aclight: Fixed bug where project node teasers were different when filtering by a version which was caused by the node type not being included in the query for the project browsing pages.
• #233052 by aclight: Fixed bug with hook_project_page_link_alter() when a project disables its issue tracker.
• #327285 by dww: Fixed bug introduced in #218571 where release-related links were added to project nodes that had disabled releases.

NOTE: Unless critical bugs are uncovered, this will be the last official release for the 4.7.x-1.* series. All users are strongly encouraged to upgrade to at least 4.7.x-2.*, or better yet, 5.x-1.*, as soon as feasible. Support for this release series is basically over.

Changes since version 4.7.x-1.3:

Bugs fixed since version 5.x-1.0:

This release addresses an access bypass security issue, DRUPAL-SA-2007-020. Sites that try to restrict access to projects based on the 'access projects' or 'access own projects' permissions should upgrade immediately.

Other changes since 5.x-0.1-beta:

This release fixes a security vulnerability, all users of project-4.7.x-1.x (or 4.7.0 from before the new release system) are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

Besides the security fix, the only other changes in this release are bug fixes since project-4.7.x-1.1:

• #100901: there was 1 more call to project_project_set_location() which i missed when backporting this fix to DRUPAL-4-7. :( This causes undefined function errors when you try to add a release in 4.7.x-1.*.
• #11879: removing dead hook_content() code
• removing weird stale code that's initializing things from $_GET in hook_form() which was added in revision 1.15, 2003.
• hook_form() doesn't need $node passed by reference. Removing some stray whitespace and a line of commented-out dead code.
• #104837: remove unneeded t() and double check_plain() + check_url()
• removing cruft that's no longer relevant or desired: we don't want checkboxes to be inline'ed on project node forms.
• #105228: fix CSS to handle new behavior of FAPI #prefix/#suffix (#100787)
• use l() to generate links instead of our own custom code

This release fixes a security vulnerability, all users of project 5.x-0.x-dev from before 2007-01-23 are urged to upgrade. For more details, see DRUPAL-SA-2007-004.

NOTE: The upgrade path from 4.7.x-1.* version of the Project module is still very confusing, undocumented, and error prone. Sites that use the project module are strongly recommended to not upgrade to Drupal core 5.x until the official 5.x-1.0 release of this module is available.

Besides the security fix, other changes in this release include:

• #99759: Preliminary support for Drupal core 5.x.
• #105192: finish separation of project.css and project_issue.css. Cleans up and reorganizes a bunch of css, fixes div classes, etc.
• #106633: Use jQuery/JS to hide 2nd level project taxonomy term selects in project node editing.
• All bug fixes and new features from the 4.7.x-2.* series.

This release fixes a security vulnerability, all users of project 4.7.x-2.0 are urged to upgrade. For more details, see DRUPAL-SA-2006-031.

This release includes new database updates. After you upgrade, you should run update.php for your site:

• project_release_update_1(): Adds the {project_release_default_versions} table for branch-aware default versions and populates it the best it can. See #89538 for details.
• project_release_update_2(): Adds a new column to the {project_release_projects} table that determines if the development snapshot table should be shown on project nodes. See #101887 and #89539 for details.

Other changes since project 4.7.x-2.0:

Bugs fixed:

• #97173: Download link targets other project's tarball. We were missing an unset() from #93471 and that's causing the wrong download links to be used since we're always using the same project identifier.
• #96986: Minor bug in breadcrumb on releases (patch by Gurpartap, modified by dww to be slightly more clear, and to fix the $breadcumb[] element for the release itself, since we were using $node not $release).

This is where bugs in the new release system will be fixed, and new features and future work will be resolved.

The initial release of the 4.7.x-2.x series which implements the new release system.
Note: if you are currently running the 4.7.x-1.x series, you should not update to the 4.7.x-2.x series until i've had a chance to write up documenation on the conversion process. If you have releases currently on your system, you will almost certainly need to modify some of the code in the conversion script included in this release to properly convert the releases on your site.