Install
Works with Drupal: 7.xUsing Composer to manage Drupal site dependencies
Downloads
Release notes
Hopefully this will be more or less the last big step before a release.
Not this release fixes a security problem, which can be seen as critical
The Views module is useful for creating lists of items in Drupal sites. Some filters incorrectly used Drupal's built-in database api, so they didn't escaped some arguments correctly. This vulnerability is mitigated by the fact that a site must have a view with this filter to be enabled in order to be exploited.
Changes since 7.x-3.0-rc1:
- by dereine: use the bug fix from the relationship-access issue
- Revert "Issue #1222324 by damz, agentrickard, bojanz, dereine: Find a proper way to have multiple access tags per view and support relationships."
- Revert "#1222324 follow up by damz: Use the alias so apply the tag to the right part of the query"
- #1222324 follow up by damz: Use the alias so apply the tag to the right part of the query
- #1222324 by damz, agentrickard, bojanz, dereine: Find a proper way to have multiple access tags per view and support relationships.
- #1176048 by filijonka, tim.plunkett, dereine: Let the remove button respect chaning of the override selector, yeah!
- #1331032 by dereine: Hide rewriting if the value of a field is actually empty by default. That's maybe causes some views but sure we are doomed anyway. Additional fix it let the custom block actually always display something
- #1257376 by dereine: Don't run the preview on page load, but adding a seperate request for it.\n\nThis will catch a lot of possible issues with sql errors and can improve the speed of the editing, if you have unchecked the automatic-preview checkbox
- rename image preset to image style
- #1234414 by quicksketch: Support images styles in the user: picture field
- by dereine, Crashtest: Add an api function to override the title
- Revert "#1331032 by abs: Change default of hide rewritten output if it's empty to True"
- #1331032 by abs: Change default of hide rewritten output if it's empty to True
- ##1072860 by Pol: Take sure to add the human_name field to the views_view table.
- #1270890 by fago: Provide a way to provide entity-related views fields
- #564106 by dereine, bdpanda, dagmar, pcambra, eclipsegc: Allow to point more to a custom url
- #1303398 by dereine: Fix big introduced in 1303398
- #1291088 by tim.plunkett: Recursively merge field views data.
- by dereine:Fix typo in all instances of available
- #1242892 by timplunkett, dereine: Fix the override/revert mechanism.
- #1175260 by jrust: Set the right path-key on the jump menu
- #1221560 by ericduran, dereine: Allow to override views css files from theme directory
- Revert "#1199328 by casey, bojanz: Add typehintings to every place which doesn't break the api. KUDOS"
- #1298418 by lliss: Class Definition Comments misplace variable hierarchy
- #1301790 by rfay, dereine: Use created instead of timestamp for user.created field, and add some move definition
- #1199328 by casey, bojanz: Add typehintings to every place which doesn't break the api. KUDOS
- #1316496 by TR: Cleanup tests a lot
- by dereine: Test style groupby functionality
- #1211264 by dereine, ezheidtmann: Set validated title for taxonomy validation case 'tid' as well.
- #1303398 by johnv: Some entities might have a certain field value just empty but it's set, which caused notices
- #1316932 by dereine: Reorder view execution and title generation, so the title can use the tokens from actual result values.
- #1316908 by tedfordgif: Don't change the handler of the fieldapi-delta column
- by dereine: Document view::base_database
- #1124298 by David_Rothstein: Respect access for rendering fieldapi sub-elements
- by dereine: Describe how to write an area handler
- #1307162 by cmurph: Check whether an argument is empty or not when loading the taxonomy term for the title
- #1303880 by serialjaywalker: Add js settings keyed by dom_id
- Revert "#1235994 by das-peter, scor: Allow to group by field value instead of field html. This allows to use rdf with fields"
- #1314306 by Hanno: Don't translate html-tags, because translators might get confused and the user should really see the original tag all the time.
- Merge branch '7.x-3.x' of git.drupal.org:project/views into 7.x-3.x
- #750172 by Hydra: Allow to disable the linking to user pictures
- Merge branches '7.x-3.x' and '7.x-3.x' of git.drupal.org:project/views into 7.x-3.x
- #1317500 by dereine: Add output format to node.promoted
- #1090098 by dereine, chx: Convert database views which were defaulted in d6.2 and exported to views3. Sadly this only works for exported
- #1301960 by nagiek: Support dynamic access plugin arguments for default tabs as well
- #1294636 by dereine: objective ajax-view.js
- #1296060 by dereine, diegot: Support sqlite in the date functions
- small code identation fix for last commit
- #1235994 by das-peter, scor: Allow to group by field value instead of field html. This allows to use rdf with fields
- #1309082 by bojanz: Support base_tables foreach plugin type in views
- #1309518 by das-peter: Change signature of execute_hook_menu to allow altering
- #1090098 revert to previous behaviour
- Issue #1090098 by chx, dereine: Fix the pager conversion.
- by dereine: Two more instances of instead of
- #1302494 by defr: Don't alter the value_options directly for flatten the options in in_operator filter
- #1301904 by primsi: Translate the ellipsis like truncate_utf8
- by agentrickard, dereine: Provide a helpful message if there is a missing wizard
- #1279438 by dereine: Refactor views_debug to support proper translated strings/placeholders
- use instead of
- #1299276 follow up by dereine: Let display::options_validate always use form[]
- #1299276 by dereine: Move the right form value to display::options_validte
- by dereine: Use availible sorts in the wizard not only if a created column exist
- #1109108 by szantog: Handler translation keys should use the id instead of the field to have a unique key for multiple fields
- Fix jump menu test
- by dereine: Validate dates if the value is not exposed
- fix argument default test case
- Fix exposed form test case
- #1193742 by bojanz: Replace too hard css rule with a special check for the views-remove-checkbox class
- by dereine: Use an override select instead of the old override button in the pager test
- #1212916 by dereine: Display-ids should be validated for lower case
- #1212848 by kmcnamee: Allow to use a pure anchor link in output as link
- #1023582 by dereine: save_block_cache should handle md5-deltas as well
- by dereine: Small help improvement of taxonomy terms
- by dereine: Move was_defaulted/is_defauled into another function
- #1283808 by somanyfish, dereine: Remove leftover vid from filter_term_node_tid
- #1222762 by dereine: Show contextual links on exposed_form-blocks
- #1193284 by LinL: Glossary should show every character in the summary
- #1251052 follow up by andypost: Duplicated help for comment.uid
- #1294826 by reevo> Summary jump menu ignored base_path, because of old d6 like code
- by dereine: Improve help text of uid field
- #1291658 by jackalope: Convert views_plugin_argument_default_taxonomy_tid to new return value of views_get_page_view
- #1227302 by droplet: Make jump menu work with drupal install in a subdir
- #1264438 by dereine: Add a field for the vocabulary vid
- #1279202 by dereine: Allow display extenders to force to be enabled.
- #1271540 by dereine: Don't limit feed description to 128 chars
- #1251052 by dereine: Add automatic conversions of joins to relationships for users_roles and role. Additional clean up comment/node author relationship
- #1261812 by webflo: Implements user permissions as field and filter.
- #1283606 by dereine: Provide a sane default sort for the groupwise_max relationship subquery
- #1242286 by rickmanelius: Update default views examples to sync with views templates code
- #1176458 by webflo, dereine: Check for url aliases for example generated by i18n in summary url generation code
- #1277900 by dereine: Handle pager options correctly on the wizard
- #1279182 by dereine: Don't wsod on missing display extender, but throw a views debug message
- #1290916 by vflirt: Use the right handler type when exporting translatables areas
- #1278640 by dereine: Grid columns should be required
- #1275942 by dereine: Adapt signature of render_link
- small code improvement
- #960648 by dereine: Add a valid url for comments in all cases
- by dereine: Replace criterion with criteria
- #1283002 by joachim: small improvements to API docs
- #1280382 by Alan Evans: Reset for the views listing
- #1167752 by dereine: Add a comment approve link field
- #1115588 by fubhy: Allow to select the used theme on the views ui
- #1277660 by dereine: Allow to search for the description as well
- #1279276 by wimleers: Don't add ui.dialog on every page
- #1278694 by fangel: Allow to autocompelte terms with comma seperated
- #1278566 by davereid: Reset some variables after the views ui preview
- by dereine: use dpm instead of dsm
- remove id tags from doc files
- by dereine: Add some views_join comments to the query functions
- reported by andypost: Remove dsm
- #1275736 by dereine: If clone a display mark the new display as changed
- #1182634 by Adam_S, dereine: Save block cache only if the block table exists
- #1243220 by davereid, haffmans: Cleanup RSS content building and handling
- #1147326 by dereine: Follow up: Fix missing variable vocabularies
- #1261844 by webflow: Make filter_in_operator work with optgroups
- #1245032 by sma-ka, dereine: Fix notices in quite some argument plugin submit/validations
- #1259778 by dereine: Remove term synonyms as they not longer exist in d7
- #1016792 by dereine: Check whether the human name is already in the database
- Remove old code which defaulted exclude to FALSE on field handlers
- #1222494 by dereine: Respect the output of set_display on some other places, there might be other ones as well
- #1238488 by dereine: The actual default order of a single field in a table didn't worked as expected
- by dereine: Converted views.install quite some more
- #1261528 by rlhawk: Allow to display only the first and last value on a fieldapi field
- by dereine: remove old ctools_dependent_process additions
- #1273806 by dereine: Allow to export date specific default plugins on the date argument handler
- #1274834 by dub4u: Use JS_DEFAULT insted of JS_THEME for jqueru-ui-patch js so people can override the behaviour in the theme
- #1248454 by dereine: Relationship handlers should respect real field
- #1270982 by drunken monkey, dereine: Allow to specify entity type on non-base-tables, which allows some fancy views integrations like a generic entity views integration
- #1268466 by droplet, jessebeach: Repaired .views-display-top after changes to the Seven secondary menu unordered list styling jarred the layout. Cleaned out some crufty CSS.
- #1272350 by tunic: Fix content translation filter function, which still used the old add_where instead of add_where_expression
- #1270934 by dereine, Michelle: Better tags support on several areas
- disable the default views again
- #1267916 by CrashTest: Change the empty textfield to a textarea and add a better description
- #1263680 by dereine: Add more helpful error messages for filter_in_operator
- #881060 by benoit.borrel: Fix incorrect code sample on views_join documentation.
- Add argument_dates_various to defgroup views_argument_handlers
- #887768 by merlinofchaos: Fix notice with joins
- by dereine: small comment fix for views_language_list
- #1130760 by neoglez: Check for variables in tokens generation of terms
- #1261468 by dereine: Fix notices when relationship label is not defined and strict error on views_handler_field_accesslog_path
- #1135002 by dereine, bojanz: Add feature to hide table column if each field is empty
- #1257568 by recrit, dereine: Make views_handler_area_view check access as well
- Conflicts:
- #1098326 by Agileware: Stop validating terms if there is no term
- by dereine: Add template path to the hook_views_api example
- by dereine: Add todo for row search plugin
- Preload multiple nodes on comment row.
- by dereine: Fix groupby tests and move some things around
- by dereine: Remove two old debugging lines
- #1222324 by dereine: Apply access tags of relationships to the query
- #1195944 by adamdicarlo: Fix fatal error if no field does exist
- update groupby test view
- small comment fix
- #1259056 by stevector: Add view to views-more.tpl.php and document the availible variables
- #1194396 by dereine: Reexport all views provided
- #1243436 by travist: Setup items per page for none pager plugin to 0
- #1235814 by recrit: Allow to use in the global text area
- add test file for jump menu duplicates2
- #1175260 by mrfelton: Duplicate paths shouldn't result in grouped items on a jump menu
- #1258756 by berdir: Make css cache restoring work again
- fix notice in field_custom and field_math_expression test
- #1172970 by fago, drunken_monkey: Provide a unified way to retrieve result entities
- by dereine: Fix analyze tests
- #1102852 by ralf: Add enabled-disabled boolean display format
- #1124130 by djebbz: Mislabeled option description about wrapping field output with default HTML
- by dereine: Allow to work a wizard on a base table without a sortable field
- #1151032 by dereine: Update block hashes plausible and take sure of broken examples
- #1225228 by dalin: Allow to hide links from node rss
- #1205376 by dereine: Add a way to prevent plugins from register theme
- #1208440 by dereine: Disable pager as default case for blocks on the wizard
- #1188132 by David Hernández: Remove from plugin_exposed_form
- by dereine: Move rendering of a views form into a process function so people can alter things if wanted
- #1191928 by bojanz: Support views form on ajax
- #1252538 by crell: Use format_username to render a user name
- #1117512 by dereine: Support to use non-default bundle handlers in the wizard
- #1241476 by jdleonard: Check for time hence for custom date formats as well
- #1221980 by temaruk: Fixed wired diverits, when using autosubmit ajax exposed filters. Multiple additional divs are created
- #1202048 by dereine: Make edit view contextual links work with default display
- #1231692 by dereine: Also validate on uid = 1 and set the validated_title
- #1170804 by merco, smk-ka: Fix undefined error in views mini pager
- #1255994 by bwpanda: Correct doc for variable in table template
- by dereine: Bring back drush cc views
- #1101506 by djebbz, dereine: Provide a admin/reports/views-fields which list all fieldapi fields used in different views
- #1253106 by Sborsody: Correct urls to comment edit/delete links
- #1249742 by kla2t: Fix wrong dbtng argument name in argument_node_tnid handler
- Add note about non-UID1 users being able to import
- by dereine: Rename arguments to variables in views_theme as is it's fits a bit better with the api
- by dereine: Add theme argument suggestions pager and exposed_form
- Add return documentation for views_get_page_view
- #1133924: Force aliases into lower case to avoid problems when DBTNG does it for you.
- #1242424 by bevan: Document the grouping of contextual filter issue
- #1213516 by oddsim, dereine: Allow to sort via search_score on arguments as well
- #1127422 by dereine: Add rearrange to the filter rearrange link
- #1245558 by Aron Novak: Do not tokenize always in area text handler
- #1245020 by smk: Provide title for some taxonomy term arguments
- #1244876 by dereine: Let views_handler_argument_vocabulary_vid utilize the features of views_handler_argument_numeric
- #1243998 by dereine: Port another views_get_page_view to d7 behaviour
- #1242658 by djebbz: Fixed small typo in comments of views_form()
- by dereine: Don't assuem that each query plugin has a base field, for example something like xml_views doesn't
- by dereine: Set a sane default for the sort column
- #1240934 by becw, dereine: Use depedency for style_summary->items_per_page
- #1203794 by paranojik: Use sort weight with exposed sorts
- #1215602 by derhasi: Provide a views_get_views_as_options which allows to list all views availible for form elements
- by dereine: document plugin_type in views_plugin
- #1239580 by dereine: Allow area handlers to alter the query
- #1239526 by hydra: Don't show path/external form elements on field_node_link
- #1236226 by balagan: Fix type in relationship handler
- fix type in doc
- #1216288 by hunziker: Mailto field values is overridden by the parent form
- by dereine: Remove unused numeric definition option in filter_in_operator
- Revert "#1222324 by dereine: Add access not only on base table, but also on relationships"
- #1220498 by ericduran: Added Missing hook_ajax_data_alter()
- #1157716 by dereine: Fix notice on add_item_form for header/footer
- #1230306 by aaron.r.carlton, dereine: User and taxonomy default plugin updated to new behaviour of views_get_page_view
- by dereine: Add a comment access query tag
- #1222324 by dereine: Add access not only on base table, but also on relationships
- #1185914 by dereine: Fix missing quotes in preview generation
- #1222724 by RdeBoer: Fix revision delete link
- #1220216 by akoepke: Operators without values shouldn't try to validate it's values
- #1234246 by dereine: display_handler is not defined on the field handler but on the view
- #1233274 by dereine: Fix notice in views_taxonomy_set_breadcrumb
- #1089876: Move field language setting to display settings.
- #1185572 by martinjbaker: Remove unnecessary description with typo.
- #1221946 by dereine: Invalid placeholders breaking min/max in exposed filters.
- #1180510 by dereine and mstrelan: Add case control options to links.
- #1020540 followup: Text improvement from kmcnamee
- #1221648 by Amaylia: Crush down the size of the sprites
- #1225322 by pcambra: Allow to submit/validate form elements placed in area handlers (header, footer, empty)
- by dereine: Fix error message when on validating filter_in_operator
- #1224630 by rvilar: Port filter by content translation to add_where_expression
- Add uses_exposed_form_in_block() method to the display so that CTools can specifically make content panes have exposed form in a block.
- by dereine: Remove ssh-agent which isn't used but can cause a fatal error
- #1213916 by stella, dereine: Make views search filter/argument work with more complicated searches
- #1208738 by dereine: Allow to add views from templates again
- by dereine: Use version_compare to detect whether an imported view is valid
- #1207680 by damz: Don't validate if there are no options set, the values are empty and required is not set
- Revert "#1191928 by dafeder, bojanz: Make views forms work with ajax"
- #1191928 by dafeder, bojanz: Make views forms work with ajax
- #1208824 by linclark: Add views_ui_pre_render_add_fieldset_markup to plugins forms as well
- by dereine: Add back some missing handlers
- #1213218 by dereine: Make file->user relationship explicit
- #1213218 by davereid: Add relationships for file/image fields + backward relationships
- Revert "#1213218 by davereid: Add relationships for file/image fields + backward relationships"
- #1207680 by dereine: Don't validate on term filters, because this causes views to not to save anymore. Added TODO
- by dereine: Set api version to 3.0
- #783514 - Use in views_break_phrase_string() in title() methode.
- #1209338 by chx: Fix help message to setting the validated argument title
- document variable handler_type
- #1207366 by dereine: Empty text should be displayed as well
- #1183294 by dereine: Fix language behaviour on not grouped fieldapi fields.
- by dereine: Don't assume that the display handler is valid in analyze code
- #1205450 by chx: Add a mass analyze drush command
- #1205570 by chx: Validate the values of the filter_in_operator settings
- #1194900 by dereine: Make aggregation of fieldapi fields work again
- #1193580 by dereine: Replace empty tokens
- #1201908 by dereine, dug out by Liam Mitchell: Temporary workaround for using subqueries in main query and in clone query
- #1190510 by andypost: Fix previous fix for aliases not an array
- #1198466 by arcaneadam: Fix output format for sticky field
- #1198454 by arcaneadam: Fix documentation for boolean output formats
- #1198166 by joachim: Fix notice for groupwise relationship options_submit
- #1174130 by pillarsdotnet: Check for empty join in views_many_to_one_helper().
- #1197030 by crell: Allow to use any tid/all tid on taxonomy default argument
- #1198156 by joachim: fix bad method call crash.
- #1192666 by dereine: Don't add historical data on entity types which don't support revisions
- #1194614 by Adam S: Allow to use hide() on node comments
- #1192690 by dereine: Fix field_prerender_list multiple get_value method
- #1120668 by dereine: Fix Fatal error when scanning templates
- by dereine: Provide default relationship for authmap table
- #1098480 by fubhy: Allow to set no pager in the wizard
Thanks for everyone who helped on this release! On contrast to rc2 this has the security patch commited as well.