drupal 7.22

Maintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

Besides documentation fixes, no changes have been made to the robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary. There are two changes to the .htaccess file in this release:

1. An improvement to the default rewrite rules to help avoid man-in-the-middle attacks on sites which are accessed over HTTP and HTTPS (see #1733476).
2. A change to the list of file extensions which are blocked by .htaccess, to prevent temporary files created by text editors from being accessed (see #1907704). Note: This change may cause issues for sites running very old versions of the Apache web server (1.x); see the "Known issues" section below.

Upgrading custom versions of the .htaccess file is recommended.

Known issues:

#1962780: 500 Internal server error on Apache 1.x servers after updating to Drupal 7.22: Sites running on 1.x versions of the Apache web server may experience errors after updating to Drupal 7.22. (Although Apache 1.x was deprecated by the Apache project several years ago and switching to Apache 2.x is highly recommended, Drupal 7 normally does still run on it.) A patch to fix the problem is available in the above issue, and it has been committed to the 7.x development version so it will be included in the next bug fix release.

Major changes since 7.21:

• Allowed the drupal_http_request() function to be overridden so that additional HTTP request capabilities can be added by contributed modules.
• Changed the Simpletest module to allow PSR-0 test classes to be used in Drupal 7.
• Removed an unnecessary "Content-Disposition" header from private file downloads; it prevented many private files from being viewed inline in a web browser.
• Changed various field API functions to allow them to optionally act on a single field within an entity (API addition: http://drupal.org/node/1825844).
• Fixed a bug which prevented Drupal's file transfer functionality from working on some PHP 5.4 systems.
• Fixed incorrect log message when theme() is called for a theme hook that does not exist (minor string change).
• Fixed Drupal's token-replacement system to allow spaces in the token value.
• Changed the default behavior after a user creates a node they do not have access to view. The user will now be redirected to the front page rather than an access denied page.
• Fixed a bug which prevented empty HTTP headers (such as "0") from being set. (Minor behavior change: Callers of drupal_add_http_header() must now set FALSE explicitly to prevent a header from being sent at all; this was already indicated in the function's documentation.)
• Fixed OpenID errors when more than one module implements hook_openid(). The behavior is now changed so that if more than one module tries to set the same parameter, the last module's change takes effect.
• Fixed a serious documentation bug: The $name variable in the taxonomy-term.tpl.php theme template was incorrectly documented as being sanitized when in fact it is not.
• Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had duplicate permission names in the User module's database tables.
• Added an empty "datatype" attribute to taxonomy term and username links to make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
• Fixed a bug which caused the denial-of-service protection added in Drupal 7.20 to break certain valid image URLs that had an extra slash in them.
• Fixed a bug with update queries in the SQLite database driver that prevented Drupal from being installed with SQLite on PHP 5.4.
• Fixed enforced dependencies errors updating to recent versions of Drupal 7 on certain non-MySQL databases.
• Refactored the Field module's caching behavior to obtain large improvements in memory usage for sites with many fields and instances (API addition: http://drupal.org/node/1915646).
• Fixed entity argument not being passed to implementations of hook_file_download_access_alter(). The fix adds an additional context parameter that can be passed when calling drupal_alter() for any hook (API change: http://drupal.org/node/1882722).
• Fixed broken support for translatable comment fields (API change: http://drupal.org/node/1874724).
• Added an assertThemeOutput() method to Simpletest to allow tests to check that themed output matches an expected HTML string (API addition).
• Added a link to "Install another module" after a module has been successfully downloaded via the Update Manager (UI change).
• Added an optional "exclusive" flag to installation profile .info files which allows Drupal distributions to force a profile to be selected during installation (API addition: http://drupal.org/node/1961012).
• Fixed a bug which caused the database API to not properly close database connections.
• Added a link to the URL for running cron from outside the site to the Cron settings page (UI change).
• Fixed a bug which prevented image styles from being reverted on PHP 5.4.
• Made the default .htaccess rules protocol sensitive to improve security for sites which use HTTPS and redirect between "www" and non-"www" versions of the page.

All changes since 7.21:

• #1821906 followup by David_Rothstein: Validate that the new $options parameter in various Field API public API functions is actually an array, to prevent conflicts with contrib modules.
• #1664784 by effulgentsia, mikeytown2: Allow drupal_http_request() to be overridden.
• #1693398 by donquixote, pounard, sun, Sylvain Lecoy: Allow PSR-0 test classes to be used in D7.
• #1952354 by robertcharlesfox | laurence_m: Fixed Typo in drupal_add_html_head() API doc.
• #1797506 by dcam, xjm, Lars Toomre, sivaji: Remove t() from assertion messages in tests for the rdf module.
• #1945066 by chertzog, dcam | joachim: Fixed node_theme() doesn't declare the file for theme_node_admin_overview() .
• #1049050 by mfb, TwoD, David_Rothstein, jpsoto: Removed dead code in file_stream_wrapper_uri_normalize().
• #946118 by droplet, lyricnz, dcam | rvilar: Fixed The machine name isn't updating correctly when the user selects a previous input value.
• #799356 by vijaycs85, m1n0, jaffaralia, effulgentsia: Fixed _form_set_class() is too aggressive in assigning the 'error' class.
• #1575060 by Spleshka, andypost, serm, mcjim, nod_: Fixed ajax_html_ids() are broken for forms with file element (encoding=multipart/form-data).
• #1728122 by rymo | HonoredMule: Fixed Sticky Table header tables don't inherit parent table's outer width.
• #1229014 by bfroehle, jackbravo, illmasterc: Fixed Content-Disposition header makes private files show open/save prompts, but public files show inline.
• #1821906 by Wim Leers, nod_: Allow more Field API public API functions to act on a single field within an entity.
• #985642 by kiamlaluno, Berdir, Damien Tournoud, Deciphered, B-Prod, galooph, David_Rothstein, drzraf, yched: Add back field_attach_load() to file_field_update() under certain circumstances in Drupal 7.
• #124689 by cck | Dio: Fixed hook_user()/hook_user_presave() documentation needs clarification on how to modify values.
• #1915088 by openminds, bfroehle: Fixed SkipDotsRecursiveDirectoryIterator not skipping dot-files when they are the first entry.
• #1937860 by mikeytown2: Fixed seven_css_alter() does not set the type.
• #1940404 by danpros: Fix URL typo in PHP module filter tips.
• #1096208 by zambrey, mr.baileys: Fixed PHP notices when creating menu link '#'.
• #1564996 by greggles: Added Make one-time login link watchdog more useful for auditing.
• #1705536 by pfrenssen: Fixed typo in docblock block_block_list_alter().
• #1716036 by larowlan, xjm: Use range() to create option list for forum block options.
• #1886876 by IRuslan, swentel: Fixed Useless variable assignment in node_feed().
• #1723828 by hass: Fixed incorrect log message when theme() is called for a theme hook that does not exist.
• #1648004 by dcam, Devin Carlson, Rob Loach: Removed inaccurate code comment about using l() in update_helpful_links().
• #1035292 by Désiré, vijaycs85, wizonesolutions, oriol_e9g, ACF, achton, darkadept: Fixed Dynamic tokens can't have spaces.
• #1901476 by caiosba | mstef: Fixed Uncaught TypeError: Cannot read property 'command' of undefined in ajax.js.
• #1242602 by swentel, JvE, babruix | Chi: Fixed Notices in taxonomy_autocomplete().
• #771036 by ojohansson, Albert Volkman, Gábor Hojtsy: Fixed Overlay overwrites existing target attribute.
• #1429442 by Jody Lynn, mathankumarc, gnuget, nrambeck, dcam | sun: Fixed Access denied page shown after submitting form that creates a unpublished node.
• #1605040 by TravisCarden, mitron | EdgarPE: Fixed drupal_send_headers() ignores headers with valid but falsy values.
• #1907704 by acrollet, ultimateboy, totten: Restrict temporary files created by text editors.
• #1379056 by Barrett: Fixed if more than one hook_openid() implementation returns a given parameter, the resulting value is an array and request is invalid.
• #1926758 by balsama, mitron: Fix code comment in system.module
• #1797514 by disasm, dicam, Gaelan, Lars Toomre: Remove t() from test assert messages in simpletest module
• #1884840 by Pix, pwolanin: Remove reference to md5 in ajax code comments
• #1920340 by yched: Fixed Update URL of change notification for '_field_info_collate_fields() memory usage'.
• #1324058 by isay, barraponto, shameemkm: Fixed forum-rtl.css does not overide #forum div.indent from margin-left to margin-right.
• #1886812 by kiamlaluno: theme_form_element() initialize a variable that is never used.
• #1215404 by brianV, pillarsdotnet: Fixed Remove assignment to unused variable $export_data from book_export_html() function.
• #1886796 by kiamlaluno: Fixed theme_checkbox() initialize a variable that is never used.
• #1886870 by IRuslan: Fixed Useless node_type_get_type() call in node_validate().
• #1848774 by IshaDakota, kiamlaluno: Fixed search_view() initializes a variable that is never used.
• #1898314 by droplet | xjm: Rename $user to $account in WebTestBase::drupalLogin().
• #1751054 by borisbaldinger, Berdir, vomiand: Fixed serious documentation problem with the $name variable in taxonomy-term.tpl.php (incorrectly documented as being sanitized when in fact it is not).
• #1586542 followup by andypost: Workaround for an issue where system update #7061 fails due to a memory leak and can't be run again.
• #1475342 by iamEAP | Kasper Souren: Fixed D6->D7 upgrade: system_update_7007() fail.
• #1827136 by amatzies, patrickd, posulliv | earnie: Add severity index to watchdog table.
• #1848464 by scor | jneubert: Fixed Make RDFa markup upward compatible with RDFa 1.1.
• #1890754 by Berdir, pwolanin, tim.plunkett: [Tests] Private Images visible by url.
• #1932354 by Alexander Pyle: Fix up documentation for image_scale()
• #1916928 by Alexander Pyle, YesCT, twistor: Document that clickLink is case sensitive
• #1347914 by Albert Volkman, Lars Toomre, batigolix, NROTC_Webmaster, xjm, sven.lauer: Fix up API docs for Filter module
• #1923554 by David_Rothstein, pwolanin, mitron | alfaguru: Fixed New anti-DoS measure breaks for some file URIs.
• #1266572 by znerol, joshf: Fixed Workaround in UpdateQuery_sqlite() for affected rows count causes certain updates to be suppressed.
• #1012620 by Berdir, kbasarab, YesCT: Fixed Unique key on date_formats().(format|type) is problematic for case insensitive collations.
• #1792380 by theo_: Fixed DatabaseCondition not cloning SelectQuery value object.
• #1794012 by dcam, Crell, Lars Toomre: Remove t() from asserts in database system tests
• #1908192 by mitron: Document what happens in drupal_get_filename() if the file is not found
• #1908194 by richard.c.allen2386: Document what happens in drupal_get_path if the file is not found
• #1889738 by andybroomfield: Add information to documentation of hook_custom_theme
• #1397346 by Albert Volkman, kristiaanvandeneynde, larowlan, bobbyaldol, tim-e, shiff2kl, FatGuyLaughing: Add and fix up documentation in image and node module files
• #1885000 by cck: Add link in hook_theme docs to theme layer page
• #1879022 by omegamonk: Fixed Enforced dependencies errors updating to recent versions of Drupal 7.
• #1040790 by yched, swentel, geerlingguy, justin.randell, Berdir | catch: Fixed _field_info_collate_fields() memory usage.
• #1893530 by alippai: Document that bundles element is not required for one-bundle entities in hook_entity_info
• #1894850 by ben.bunk: Fix typo in code example in drupal_prerender_links docs
• #1875858 by j.slemmer, cck: Fix documentation for a couple of menu hooks
• #1317628 by Albert Volkman, Gaelan, disasm, mjonesdinero, xjm: Clean up API docs for include files n-z
• #1888454 by kiamlaluno: Remove irrelevant information from form_process_vertical_tabs() documentation
• #1807556 by Albert Volkman, Lars Toomre: API docs fixup for Aggregator module
• #1807688 by Albert Volkman, Lars Toomre: API docs fixes for Book module
• #1156576 by pixelite, Ryan Weal, jhodgdon, plach, Albert Volkman: Better documentation for language negotiation
• #1851788 by cck, blake.thompson: Add docs for hook_menu for expanded property
• #1870612 by David_Rothstein, plach, greggles: Add tests for SA-CORE-2012-004 - Drupal core - Arbitrary code execution via file upload.
• #1565322 by Jorrit: Fixed Notice in locale_languages_edit_form_validate().
• #1857956 by catch, David_Rothstein: Do not re-prepare comment update timestamp if it's the same as the created timestamp (performance improvement).
• #1815930 by slashrsm, gbrands, amontero: Fixed Update watchdog message in file_unmanaged_copy() with correct string/variable replacement values.
• #1143460 by WorldFallz, Dave Reid, colette, typhonius, David_Rothstein | localhost: Fixed hook_file_download_access_alter() missing entity argument (by allowing an additional context argument to be passed to drupal_alter()).
• #1862198 by plopesc: Make it clearer where to find placeholder docs for t
• #1873608 by David_Rothstein: Clarify documentation on when to use t vs format_string
• #1333400 by Albert Volkman, Chi: Add parameter docs for hook_install_tasks
• #1864216 by larowlan, marvin_B8: Fixed No docblock for several functions in user.module.
• #1864360 by oadaeh: Fixed Clean up some inconsistencies with @link...@endlink.
• #1864188 by johnshortess | hefox: Fixed user_filters() invokes hook_permission() with argument 'permission' ($function('permission')).
• #1741386 by lazysoundsystem, rasmusluckow, andypost, Lars Toomre, dcam: Removing t() from asserts in simpletests in book module.
• #1534674 by plach, slowflyer: Fixed Comment field language is completely broken.
• #1874342 by erikwebb: Fixed Undefined constant STEAM_WRAPPERS_LOCAL used in file_get_stream_wrappers() documentation.
• #1873608 by David_Rothstein: Improve documentation of format_string() to emphasize that it is used to prepare variables for HTML display.
• #1854620 by marvin_B8, droplet: Fixed hook_menu_local_tasks_alter() help texts.
• #1629994 by Aron Novak, oadaeh, yurtboy, jhodgdon, kingandy: Fixed Mail functions reference obsolete RFC.
• #1606946 follow-up by David_Rothstein: Remove note about const from D7 docs since we don't require PHP 5.3.
• #1868206 by kiamlaluno: Fixed Word is repeated.
• #1847382 by thehong, pingwin4eg, 63reasons: Fixed Undefined index: access in includes/menu.inc (when custom access_callback() does not exist or does not get included).
• #1706878 by tim.plunkett, lazysoundsystem: Added DrupalWebTestCase::assertThemeOutput() to allow modules to test theme function output.
• #1446650 by superspring | drupalsven: Added After installing module display link to 'install another module'.
• #1727430 by tedbow, webchick, fubhy | amontero: Added 'exclusive' flag to install profiles to auto-select them during installation.
• #843114 by sun, quicksketch, Berdir | c960657: Fixed DatabaseConnection::__construct() and DatabaseConnection_mysql()::__construct() leaks $this (Too many connections).
• #1117780 by amontero, naxoc | ogi: Display cron url in admin/config/system/cron page.
• #1494676 by Liam Morland, cam8001: Removed unused variable $http_protocol in drupal_settings_initialize().
• #1672694 by Devin Carlson, JulienD, jibran, kalabro: Fixed Field UI continues to use t() for $instance['label'] in field_ui().admin.inc.
• #1550892 by david.mckay | fgm: Fixed reset() on function call in image_update_7002() to avoid an E_STRICT notice.
• #1833028 by michaelmol | rmfleet: Fixed bug which prevented image styles from being reverted on PHP 5.4.
• #1817680 by haydeniv | netol: Fixed Update notification is printed more than one time.
• #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol sensitive to avoid man-in-the-middle-attacks if users don't fully customize the rule.
• #1851886 by Albert Volkman: Fix up documentation for cache_set() function
• #1247812 by Albert Volkman, jzacsh: Add docs for user_admin() function
• #1853050 by Jerenus: Fix up docs for drupal_send_headers()
• #1857984 by Ivan Zugec: Fix sample code for hook_field_widget_form so it would actually work
• #1858508 by TravisCarden: Add see also to hook_theme docs
• #1856142 by kiamlaluno: Fix typo in node_query_node_access_alter() comment
• #1606946 by Albert Volkman: Fix grammar in docs in update.php
• #1853574 by Albert Volkman: Fix spelling error in drupal_mail_system() docs
• #1787876 by Albert Volkman, cirage, BrockBoland: Add return docs for drupal_get_token() function
• #1606946 by Albert Volkman, udaksh, bunthorne: Fix up API docs for top-level PHP files
• #1851538 by willkaxu: Fix docs typo in cache.inc
• #1313980 by Albert Volkman, Lars Toomre, jn2, xjm, jhodgdon: Clean up API docs for Node module
• #1846510 by Tor Arne Thune: Remove duplicate that in code comment
• #1846510 by larowlan, kim.pepper: Fix spelling error in field UI module comment
• #1848516 by IshaDakota: Fix coding style in hook_schema() example function body
• #1423090 by Albert Volkman: Fix invalid function see reference in field.module
• #1837840 by amontero, tstoeckler: Add clarification to l() docs as to when to use t() instead
• #1326600 by dcam, Lars Toomre, batigolix, kid_icarus, xjm: Clean up API docs for dblog module
• #1492378 by kbasarab: follow-up docs correction on autocomplete paths
• #1831408 by kotnik: Fix spelling of entity in docs
• #1829366 by gcassie: Fix up grammar and caps in default settings.php file