Security update
ldap_integration 5.x-1.5
| Download | Size | md5 hash |
|---|---|---|
| ldap_integration-5.x-1.5.tar.gz | 30.26 KB | 541ca5559f6c5c406c356a5f082dc489 |
This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.
ldap_integration 6.x-1.0-beta2
| Download | Size | md5 hash |
|---|---|---|
| ldap_integration-6.x-1.0-beta2.tar.gz | 42.13 KB | 2667c3e0c384fd3cb4a5ef0525d0578e |
This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.
ShindigIntegrator 6.x-2.1
| Download | Size | md5 hash |
|---|---|---|
| ShindigIntegrator-6.x-2.1.tar.gz | 152.85 KB | 7143f373a45126145d276c8e2d3fb04d |
XSS and CSRF issue fixes
workflow 5.x-2.4
| Download | Size | md5 hash |
|---|---|---|
| workflow-5.x-2.4.tar.gz | 42.17 KB | 40cb43656d48ab8ba794bb49726723c8 |
Prevent users with 'administer workflow' permission from using workflow and state names containing XSS.
workflow 6.x-1.2
| Download | Size | md5 hash |
|---|---|---|
| workflow-6.x-1.2.tar.gz | 53.97 KB | 770cdda21264ce088a58a896b817547f |
Prevent users with 'administer workflow' permission from using workflow and state names containing XSS.
faq_ask 6.x-2.0
| Download | Size | md5 hash |
|---|---|---|
| faq_ask-6.x-2.0.tar.gz | 24.83 KB | 2d5ab89266000785ee485a9b64067ed6 |
Significant rewrite to use native FAQ form. Allows better taxonomy support as well as standard node add-ons. Now supports free tagging.
- Use filter_xss on term name and description.
- Change category sql to use db_rewrite_sql for i18n. #307531: Category select box currently not language-aware
- Correct variable_del in uninstall.
- Added feature to not show categories. #308881: Category
- Add feature to re-assign anonymous question to expert. #338165: "Give" anonymous page to expert.
- Fix vocabulary check in settings. #299480: No vocabulary error for "FAQ" content type
- Corrected test for expert categorization. #336602: "Ask A Question" block and page do not respect the categorization settings
- Fixed users without 'answer question' not able to choose category when asking question. #385650: Users without 'answer question' permission can't choose 'category'
- Fix for long question input error #364054: Problems with long questionsin FAQ and FAQ_ASK
- Fix 'ask a question' menu item appearing with arrow beside it, as if it had child menu items.
- Fix questions not in Faq vocabulary showing in block.
- German translation. #378022: German translation
- Add setting to give all questions to expert. #369308: Registered users' questions reassigned to the Expert.
- Fix message body problem. #406498: Fatal error: [] operator not supported
- Correct string substitution in notification mail. #408332: Category mentioned in email to expert not shown
- Change summary to textarea so it fits in block better. #602282: Ask a question block takes over whole page
- Remove block region stuff. #556080: I hate the status message that appears when a question is asked.
- Correct user_access check. #580566: Possible permission check error
- Correct mail variables. #533614: notification email link incomplete
