Releases for Views (for Drupal 7)

This release resolves some regressions in the last release, and some other long-standing bugs. Thanks to everyone who collaborated to fix the bugs, it's greatly appreciated.

This release brings PHP 8.0 compatibility to the Views world, which will help a lot of other modules pass their PHP 8 tests because of dependencies. Also included are a number of small bug fixes. Updating is recommended for all sites, but as always please test on a copy of each site and not directly on production. Huge thank you to everyone who contributed in some way to this release!

This is a release candidate for the 7.x-3.24 stable release, hopefully there won't be any more bugs found in the next week-or-so and we'll release this as 7.x-3.24. Please help test it against your sites (not a production copy, just to be sure!) and report any bugs you find immediately. Thank you.

Also, a huge thank you for everyone who has contributed to this release, there are a load of bug fixes and small additions, the Views-D7 maintainers and I truly appreciate all of your efforts!

This contains a single fix for PHP 5.3 compatibility that was causing problems for some sites and automated test integration for other contributed modules. Sites which use newer versions of PHP do not need to worry about updating to this release and should wait for the forthcoming 7.x-3.23 release.

Contributors (6)

joelpittet, dromansab, awasson, joseph.olstad, darkodev, TheWrench

Full changelog

Issues: 1 issues resolved.

This fixes a critical bug in the last release, updating is recommended for all sites.

I am sincerely sorry for the oversight with renaming the hook - I did not think many modules would be using it, because of what it did, but I neglected to double-check my hypothesis before committing the change. Had I checked I would have realized that many critical modules used it - Features, Authcache, Webform, even the drupal.org custom code.

Changes since 7.x-3.19:

This release fixes a number of bugs, several of them regressions from previous releases. No security-related bugs are included in this release, but updating is still recommended. Please see the issue queue to identify other known regressions.

Thanks as always to our many contributors, and a special thanks to MustangGB for spending a lot of time triaging the issue queue.

All changes since 7.x-3.17:

This is a rather major bug fix release. It is strongly recommended to thoroughly test this release before uploading to a production site in case there are any regressions. There are two changes since 7.x-3.15 which affect how CSS classes are generated, so please pay particular attention to the themed output. Please report regressions immediately so that we can rectify them in a future release.

A sincere thank you to everyone who has helped with this release.

Change notices to be aware of:

• Row CSS class names no longer forced to lowercase, reverting to earlier behavior
• CSS classes output from tokens no longer concatenated together, reverting to earlier behavior

Fixes Views - Moderately Critical - Access Bypass - SA-CONTRIB-2017-022

Changes since 7.x-3.14:

Changes since 7.x-3.12:

• Revert "Issue #2204257 by ezra-g, andyg5000: Update Views Content access filter per core performance improvements"

Fixes Views - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-103

Changes since 7.x-3.10:

See SA-CONTRIB-2015-039 - Views - Multiple vulnerabilities

Changes since 6.x-2.16:

SA-CONTRIB-2014-054 - Views - Access Bypass

Changes since 7.x-3.7:

The security issue in views is caused by various places in the views UI where a string is not sanitized,
because it has been assumed to be static and by commiters, though you can change some of these strings using other administrative permissions. SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)

Other commits:

• #82088 by grisendo: Add sanitation in various places in the views UI
• #1920690 by jnettik: Added Allow for inline to be configured for jump menus.
• #1551534 by bcn: Added Allow a button in an exposed forms to trigger ajax.
• #1914024 by peximo | heyyo: Fixed Title-overriden term name not translated on a taxonomy overriden views page.
• #1889198 by Pedro Lozano: Fixed Performance problem in _views_fetch_data(), multiple unnecessary cache rebuilds.
• #1496418 by dawehner, hass, webflo: Fixed Views: Don't change capitalization of translatable strings with CSS.
• #1852116 by Les Lim, Chris Burge: Added Backport from D8: Customizable true/false Views output for booleans.

WARNING: Maintainers are working to fix a bug that was found after the 7.x-3.4 release that causes some Views pages, blocks, attachments and feeds to disappear after upgrading from 3.3 to 3.4. Stay informed of progress at the following link: 7.x-3.4 Upgrade is cancelling boolean operator settings. It is recommended to wait to upgrade until this bug has been fixed.

Changes since 7.x-3.3:

#1450268: Fatal error: Call to undefined function language_fallback_get_candidates() caused a lot of trouble for people using fields but don't have locale enabled. This release is an emergency release
based on that issue. I'm sorry for that!

Changes since 7.x-3.2 (5 commits):

A few bug fixes since 7.x-3.1.

The biggest change is a bugfix which allows you to use arguments and complex filters at the same time.

Changes since 7.x-3.0:

After two years and a lot of hard work by multiple contributors and companies
here is the final version of 7.x-3.0.

Changes since 7.x-3.0-rc3:

This version of views fixes some upcoming bugs which were caused by the latest update to 6.x-3.0-rc2
Most important to mention is the replacement-patterns bug, which caused problems if you used flag for example.

Changes since 6.x-3.0-rc2:

IMPORTANT: 2.15 is 2.13 just with a fix for replacement-patterns. This might have affected you if you use flag, for example. So no new features since 2.11 is in this version. If you want new features or currently use 2.14, please use 6.x-2.16

Changes since 6.x-2.13:

This release is 6.x-2.x-dev with the security patch applied.

Other changes since 6.x-2.11:

p>Changes since 6.x-3.0-alpha4:

The changes between alpha4 and RC1 are focused on fixing bugs and adding some documentation.

This release of Views includes many improvements over beta3. Please note that you must update to the latest release of CTools. Also note that Drupal 7.2 contains a bug that will cause update.php to break your system. Please update to the latest Drupal 7.x-dev before running update.php.

If you got your system broken by update.php a solution is here: http://drupal.org/node/1170312#comment-4547662

Hilites

Lightning fast update from beta1, as I screwed up one of my last commits and it didn't make it out.

THIS STILL APPLIES: If you're having trouble with Views' menu items appears or views acting really really off, clear cache twice and force a menu rebuild. drush cc all if using drush, or the cache clear button on the performance page if not.

Please note that Views for Drupal 7 now requires CTools!

KNOWN ISSUES
===========

There is NO upgrade path yet. There is a patch but it is very unstable.
The search filter is completely broken and will not work.
Sometimes AJAX does not bind to the preview and it opens in a new page.
Probably lots of other little things.