Download Size md5 hash
views-7.x-3.6.tar.gz 1.56 MB 1531a1ece3970332db1559b854f5dcc9
views-7.x-3.6.zip 1.79 MB 0d7c7de301caa52670869060e22d1ef3
Last updated: March 20, 2013 - 20:10

Release notes

The security issue in views is caused by various places in the views UI where a string is not sanitized,
because it has been assumed to be static and by commiters, though you can change some of these strings using other administrative permissions. SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)

Other commits:

  • #82088 by grisendo: Add sanitation in various places in the views UI
  • #1920690 by jnettik: Added Allow for inline to be configured for jump menus.
  • #1551534 by bcn: Added Allow a button in an exposed forms to trigger ajax.
  • #1914024 by peximo | heyyo: Fixed Title-overriden term name not translated on a taxonomy overriden views page.
  • #1889198 by Pedro Lozano: Fixed Performance problem in _views_fetch_data(), multiple unnecessary cache rebuilds.
  • #1496418 by dawehner, hass, webflo: Fixed Views: Don't change capitalization of translatable strings with CSS.
  • #1852116 by Les Lim, Chris Burge: Added Backport from D8: Customizable true/false Views output for booleans.
  • #1294056 by dawehner | wgthompson: Fixed Cannot use Aggregator IID in Contextual Filter.
  • #1514162 by SteveTheRed: Fixed Regular expression filters on numeric fields produce invalid SQL.
  • #1947444 by ericduran: Fixed Do not always apply the jQuery UI dialog patch.
  • #1920278 by greggles, dawehner: Indicate that 'administer views' and 'access all views' is kind of a big deal by making it 'restrict access' -> true.
  • #1525152 by dawehner, Berdir, Georgique: Fixed format_key() handling broken which results in lost translations.
  • #1306564 follow-up by damiankloip, jweowu: Added Remove contextual links from rendered view.
  • #857282 by dawehner, slv_ | Bojhan: Fixed Advanced help message.
  • #1879290 by xiukun.zhou | rb2k: Fixed Error 'Use of undefined constant link_url() on default homepage.
  • #1391856 by mariacha1 : Don't export field display_options()['fields']['url']['alter']['target'] as translatable string.
  • #1804448 by naxoc: Fixed Code from documentation is causing PHP notices.
  • #1831142 by damiankloip, mducharme, dawehner: Fixed Path is never empty in option summary.
  • #1874838 by Itangalo, dawehner: Added Allow exposed blocks to use 'Link display' settings.
  • #1852588 by Ivan Zugec | toomanypets: Fixed Incorrect filename in documentation.
  • small codestyle fixes in the prev. commit
  • #1863020 by amarnus: Fixed View's build fails when an unrelated form on the same page has validation errors.
  • #1862014 by tim.plunkett, agentrickard: Fixed Revision handler makes assumptions about path.
  • #1069326 by atouchard, dawehner, greggles | dgiamporcaro: Fixed access arguments on admin/views/ajax/autocomplete/user ajax call.
  • #1855816 by Hydra: Fixed Disableing 'Add views row classes' causes div's with whitespace.
  • #1844276 by nagwani, YesCT | jweowu: Fixed Spelling mistake.
  • #1677692 by damiankloip, ptrl, kid_icarus | chebureque: Fixed Remove duplicates from exposed search filter results.
  • #1807916 by David_Rothstein | Gode: Fixed Reset button on exposed filters causes a redirect loop in Drupal 7.17.
  • #1829734 by dawehner, dww: Expose tracker data to views.
  • #1625248 by Jorrit | sigent: Fixed Mini Pager ('tags') aren't being applied.
  • #1822440 by ezra-g: Fixed 'Content access' filter should check for node_grants() implementations before adding node access grant queries.
  • #1815062 by Ignigena | jhr: Typo 'Standard derivation' to 'Standard deviation' .
  • #1809510 by erikwebb: Added Make render time performance metric accessible in hook_views_post_render().
  • #1752062 by NewSky, dawehner, shardach: Fixed Fatal error: Unsupported operand types in [path to drupal]/sites/all/modules/views/includes/handlers.inc on line 1032.
  • #1507854 by rooby, mgifford: Added the ability to have a label for jump menu selector fields.
  • #843708 by colan, mgifford, samuelsov, greggles, dawehner: Added option to set caption in the html table (Accessibility).
  • #1421844 by catch, bdragon, swentel | thebuckst0p: Fixed views_fetch_data() cache item can reach over 10mb in size.
  • #948198 by Darren Oh, dawehner | perandre: Added Option not to display Order selectbox when using Exposed sort criterion.
  • #1646392 by ygerasimov, damiankloip | henrikakselsen: Fixed Getting a 'No views match the search criteria.' on the main views screen.
  • #1782678 by Pierre Paul Lefebvre: Fixed 'Combine fields' filter doesn't work with 'Contains any word'.
  • #1515156 by plach, fabsor, steinmb: Added Expose the field language column for translatable fields.
  • #1496418 by dawehner, webflo, hass: Fixed Remove capitalization abuse in strings.
  • #1791372 by yannickoo: Added 0 and 1 to views_handler_field_boolean().
  • #1751460 by sphism: Clarify the empty result settings description on fields.
  • #1754354 by andypost, Staratel | bjarkig82: Change the node_revision default_relationship to use a vid join to match the previous behaviour.
  • #1765824 by tim.plunkett: Issue #1765824 by tim.plunkett: Make define_mappings on map style plugin abstract.
  • #1765824 by tim.plunkett: Added Provide a way to map views fields to a certain meaning.
  • #1765724 by tim.plunkett: Fixed options_form() is called twice for Page and Feed.
  • #1632504 by joachim: Fixed views_handler_field_term_link_edit() should check it actually has a term tid.
View change notices for this release
Official release from tag: 
7.x-3.6