Downloads

Download heartbeat-6.x-4.9.tar.gztar.gz 102.79 KB
MD5: 33548b3c7ed1130704883b22d1202f20
SHA-1: 22c52b662d8288a2efbfed1d728bc1cd071946bd
SHA-256: 4c9f641a2622bf012a1d7351c231a95c4f7443209b84175e09f2e2f7397715aa
Download heartbeat-6.x-4.9.zipzip 146.13 KB
MD5: 6d87102d4bc51e73874345f8c2716e9a
SHA-1: 843352200866c00ff99e875e8480d6eb4bed5d49
SHA-256: fc541818266c618808e630c0a927e4a03dd688be6a21d81784f7716a8a82d220

Release notes

- Refactored heartbeat comments and shouts to sanitize the user input.
When shouts are displayed, the content is now sanitized with filter_xss
to filter the user input.
Actions:
- Upgraded heartbeat.install so the default allowed tags are more secure.
There is a left-over img attack but the code where this filtering is done,
is managed by a higher level permission. Before heartbeat messages,
heartbeat comments (and shouts) were sanitized with this tags match. It is
only needed and handy for the per UI manipulatable heartbeat messages. This
means that heartbeat comments and shouts will follow the normal filter_xss
approach within standard drupal.
- Added the filter_xss for shouts module when fetching the shouts from database
- Tipped by David Rothstein, I moved the filter_xss for heartbeat_messages to a
earlier point so it's not theme-overriable (thus possibly leading to XSS attack)
- Change to hds_regions.css following the DS releases.
- Added basic features integration.
- Fixed a couple of issues from the d.o queue.
- Refactored the comment rules integration so it can take the original author as well.
- Added update hook for this install.

Created by: Stalski
Created on: 18 May 2010 at 20:09 UTC
Last updated: 1 Aug 2018 at 23:20 UTC
Security update
New features
Bug fixes
Insecure

Other releases