Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Downloads
Download refine_by_taxo-5.x-0.1.tar.gztar.gz
9.37 KB
MD5: f2e6abfa0ee35accfd1fde34e36d0c7d
SHA-1: 0078c20aaaad1e76dfbae6a6d481f962c9d90569
SHA-256: 694a3feaea596dd3c09ffbd809c99cf62004cf0a19fbebef0412bb0176736714
Download refine_by_taxo-5.x-0.1.zipzip
10.32 KB
MD5: 55fb7bc481eafbae62f67d18bdaf491f
SHA-1: 4fee467195b129f5d98fee1638b54c55a82c426d
SHA-256: e67cd61ebc430ca979c50b08747743575e8a2eb0eae90b84fec875bbd834b378
Release notes
Drupal's l/url methods would usually escape all possible unsecure code. Due to an incompatibility, refine_by_taxo could no longer use this and build its own anchors, without escaping the tags properly.
Anyone who creates tags with core taxonomy module, could potentially inject arbitrary HTML and script code into your site when you use refine_by_taxo to display these tags. Note that core taxonomy has no issues, its only the display part in refine_by_taxo that did not properlty escape the output.
This is now fixed in HEAD and DRUPAL-5.
See SA-2008-019 for the announcement.