Posted by Gurpartap Singh on July 29, 2009 at 9:42pm
| Download | Size | md5 hash |
|---|---|---|
| live-6.x-1.2.tar.gz | 13.52 KB | 9d68e0c9873366cef79d7789cbc5bc97 |
| live-6.x-1.2.zip | 16.78 KB | a7a11dcc37c9197666af08b424a827cf |
Last updated: December 24, 2010 - 23:17
6.x-1.1 has been skipped due to packaging issues.
Fixes SA-CONTRIB-2009-049 - Live - Privilege escalation, Impersonation. Also fixes a CSRF issue that only existed in 6.x-1.x-dev.
Changes since DRUPAL-6--1-0:
- Use FILTER_FORMAT_DEFAULT for default input format.
- Use proper permission for node preview access check.
- Use check_markup after validating token.
- Remove unnecessary commented code.
- Fixed a bug to determine comment uid correctly.
- #534840 by Dave Reid, Gurpartap Singh: Editing a comment from another user doesn't show the correct username in the comment preview.
- #285287 by frjo: User changes to Author for Node Preview
- #205837 - A comprehensive README file.
- #328355 - by swentel - $format not handled correctly in node preview.