5.x

The previous release of the module suffered from a Cross Site Scripting (XSS) vulnerability. Such an attack may lead to a malicious user gaining full admin access. The release fixes these issues.

For more details on the security release: http://drupal.org/node/611078

Security update.

SA-CONTRIB-2009-079 - vCard - Cross Site Scripting

- Sanitize node title before setting it as the page title.

See SA-CONTRIB-2009-075 - OG Vocabulary 5.x.

This version of Webform addresses two security issues found since the 2.7 release.

- Anonymous user data may be shown to other anonymous users when the page cache is enabled.
- Unsafe markup was allowed in textfield components' prefix and suffix values.

Changes since DRUPAL-5--4-8:

• SA-CONTRIB-2009-073: remove XSS vulnerability in PF URLs list and unathorized access to node titles
• Fix #554940: escape mysql query string
• Fix #566138: add setting to close the window when both the new window and send to printer are enabled
• Fix #572848 by aether: Use theme_username() for print_mail_form defaults
• Fix #582104: look for PDF libraries in sites/all/libraries
• Fix #582360: don't complain about missing e-mail addresses when there's a blank line at the end
• Fix #578990: enable tokens in the wkhtmltopdf options string
• Fix #552882: register dompdf's autoload function to prevent fatal errors
• Fix #597922: remove warning for missing argument in print_mail_form()
• Fix #599840: use the real page path and not the current URL when determining link visibility
• Fix #602286: check text string management permissions using Drupal 5 syntax
• Fix #521776: support wkhtmltopdf in Windows

Changes since DRUPAL-5--1-4:

• #427080 by mr.j, KiamLaLuno: Cache filters per page load for massive performance boost.
• By KiamLaLuno: Corrected the code that was trying to translate empty strings.
• By KiamLaLuno: Changed the code to make it more code standards compliant.