Skip to content

Commit

Permalink
Merge tag '7.40' into pressflow-7.40
Browse files Browse the repository at this point in the history
7.40 release
  • Loading branch information
M Parker committed Oct 15, 2015
2 parents 86ffdbe + 9d16792 commit 228fb95
Show file tree
Hide file tree
Showing 86 changed files with 1,404 additions and 361 deletions.
6 changes: 6 additions & 0 deletions .htaccess
Original file line number Diff line number Diff line change
Expand Up @@ -141,3 +141,9 @@ DirectoryIndex index.php index.html index.htm
</FilesMatch>
</IfModule>
</IfModule>

# Add headers to all responses.
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
</IfModule>
121 changes: 91 additions & 30 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,65 @@

Drupal 7.40, 2015-10-14
-----------------------
- Made Drupal's code for parsing .info files run much faster and use much less
memory.
- Prevented drupal_http_request() from returning an error when it receives a
201 through 206 HTTP status code.
- Added support for autoloading traits via the registry on sites running PHP
5.4 or higher.
- Allowed the user-picture.tpl.php theme template to have HTML classes besides
the default "user-picture" class printed in it (markup change).
- Fixed the URL text filter to convert e-mail addresses with plus signs into
mailto: links.
- Added alternate text to file icons displayed by the File module, to improve
accessibility (string change, and minor API addition to theme_file_icon()).
- Changed one-time login link failure messages to be displayed as errors or
warnings as appropriate, rather than as regular status messages (minor UI
change and data structure change).
- Changed the default settings.php configuration to exclude private files from
the "404_fast_paths" behavior.
- Changed the page that displays filter tips for a particular text format, for
example filter/tips/full_html, to return "page not found" or "access denied"
if the format does not exist or the user does not have access to it. This
change adds a new menu item to the Filter module's hook_menu() entry (minor
data structure change).
- Added a new hook, hook_block_cid_parts_alter(), to allow modules to alter the
cache keys used for caching a particular block.
- Made drupal_set_message() display and return messages when "0" is passed in
as the message to set.
- Fixed non-functional "Files displayed by default" setting on file fields.
- The "worker callback" provided in hook_cron_queue_info() and the "finished"
callback specified during batch processing can now be any PHP callable
instead of just functions.
- Prevented drupal_set_time_limit() from decreasing the time limit in the case
where the PHP maximum execution time is already unlimited.
- Changed the default thousand marker for numeric fields from a space ("1 000")
to nothing ("1000") (minor UI change: https://www.drupal.org/node/1388376).
- Prevented malformed theme .info files (without a "name" key) from causing
exceptions during menu rebuilds. If an .info file without a "name" key is
found in a module or theme directory, Drupal will now use the module or
theme's machine name as the display name instead.
- Made the format column in the {date_format_locale} database table
case-sensitive, to match the equivalent column in the {date_formats} table.
- Fixed a bug in the Statistics module that caused JavaScript files attached to
a node while it is being viewed to be omitted from the page.
- Added an optional 'project:' prefix that can be added to dependencies in a
module's .info file to indicate which project the dependency resides in (API
addition: https://www.drupal.org/node/2299747).
- Fixed various bugs that occurred after hooks were invoked early in the Drupal
bootstrap and that caused module_implements() and drupal_alter() to cache an
incomplete set of hook implementations for later use.
- Set the X-Content-Type-Options header to "nosniff" when possible, to prevent
certain web browsers from picking an unsafe MIME type.
- Prevented the database API from executing multiple queries at once on MySQL,
if the site's PHP version is new enough to do so. This is a secondary defense
against SQL injection (API change: https://www.drupal.org/node/2463973).
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade
to fail when there were multiple file records pointing to the same file.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.

Drupal 7.39, 2015-08-19
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-003.
Expand Down Expand Up @@ -86,11 +147,11 @@ Drupal 7.36, 2015-04-01
- Additional automated test coverage.

Drupal 7.35, 2015-03-18
----------------------
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001.

Drupal 7.34, 2014-11-19
----------------------
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006.

Drupal 7.33, 2014-11-07
Expand Down Expand Up @@ -159,11 +220,11 @@ Drupal 7.33, 2014-11-07
- Additional automated test coverage.

Drupal 7.32, 2014-10-15
----------------------
-----------------------
- Fixed security issues (SQL injection). See SA-CORE-2014-005.

Drupal 7.31, 2014-08-06
----------------------
-----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.

Drupal 7.30, 2014-07-24
Expand All @@ -178,7 +239,7 @@ Drupal 7.30, 2014-07-24
- Additional automated test coverage.

Drupal 7.29, 2014-07-16
----------------------
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003.

Drupal 7.28, 2014-05-08
Expand Down Expand Up @@ -224,11 +285,11 @@ Drupal 7.28, 2014-05-08
- Additional automated test coverage.

Drupal 7.27, 2014-04-16
----------------------
-----------------------
- Fixed security issues (information disclosure). See SA-CORE-2014-002.

Drupal 7.26, 2014-01-15
----------------------
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001.

Drupal 7.25, 2014-01-02
Expand Down Expand Up @@ -294,7 +355,7 @@ Drupal 7.25, 2014-01-02
- Additional automated test coverage.

Drupal 7.24, 2013-11-20
----------------------
-----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.

Drupal 7.23, 2013-08-07
Expand Down Expand Up @@ -548,8 +609,8 @@ Drupal 7.15, 2012-08-01
- Numerous API documentation improvements.
- Additional automated test coverage.

Drupal 7.14 2012-05-02
----------------------
Drupal 7.14, 2012-05-02
-----------------------
- Fixed "integrity constraint" fatal errors when rebuilding registry.
- Fixed custom logo and favicon functionality referencing incorrect paths.
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
Expand Down Expand Up @@ -597,12 +658,12 @@ Drupal 7.14 2012-05-02
- system_update_7061() converts filepaths too aggressively.
- Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.

Drupal 7.13 2012-05-02
----------------------
Drupal 7.13, 2012-05-02
-----------------------
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-002.

Drupal 7.12, 2012-02-01
----------------------
-----------------------
- Fixed bug preventing custom menus from receiving an active trail.
- Fixed hook_field_delete() no longer invoked during field_purge_data().
- Fixed bug causing entity info cache to not be cleared with the rest of caches.
Expand Down Expand Up @@ -636,11 +697,11 @@ Drupal 7.12, 2012-02-01
cache.

Drupal 7.11, 2012-02-01
----------------------
-----------------------
- Fixed security issues (Multiple vulnerabilities), see SA-CORE-2012-001.

Drupal 7.10, 2011-12-05
----------------------
-----------------------
- Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
- Reduce memory usage of theme registry (performance).
- Fixed PECL upload progress bar for FileField
Expand Down Expand Up @@ -993,7 +1054,7 @@ Drupal 7.0, 2011-01-05
requests.

Drupal 6.23-dev, xxxx-xx-xx (development release)
-----------------------
---------------------------

Drupal 6.22, 2011-05-25
-----------------------
Expand All @@ -1003,25 +1064,25 @@ Drupal 6.22, 2011-05-25
- Fixed a variety of other bugs.

Drupal 6.21, 2011-05-25
----------------------
-----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.

Drupal 6.20, 2010-12-15
----------------------
-----------------------
- Fixed a variety of small bugs, improved code documentation.

Drupal 6.19, 2010-08-11
----------------------
-----------------------
- Fixed a variety of small bugs, improved code documentation.

Drupal 6.18, 2010-08-11
----------------------
-----------------------
- Fixed security issues (OpenID authentication bypass, File download access
bypass, Comment unpublishing bypass, Actions cross site scripting),
see SA-CORE-2010-002.

Drupal 6.17, 2010-06-02
----------------------
-----------------------
- Improved PostgreSQL compatibility
- Better PHP 5.3 and PHP 4 compatibility
- Better browser compatibility of CSS and JS aggregation
Expand All @@ -1030,7 +1091,7 @@ Drupal 6.17, 2010-06-02
- Fixed a variety of other bugs.

Drupal 6.16, 2010-03-03
----------------------
-----------------------
- Fixed security issues (Installation cross site scripting, Open redirection,
Locale module cross site scripting, Blocked user session regeneration),
see SA-CORE-2010-001.
Expand All @@ -1042,12 +1103,12 @@ Drupal 6.16, 2010-03-03
- Fixed a variety of other bugs.

Drupal 6.15, 2009-12-16
----------------------
-----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
- Fixed a variety of other bugs.

Drupal 6.14, 2009-09-16
----------------------
-----------------------
- Fixed security issues (OpenID association cross site request forgeries,
OpenID impersonation and File upload), see SA-CORE-2009-008.
- Changed the system modules page to not run all cache rebuilds; use the
Expand All @@ -1056,26 +1117,26 @@ Drupal 6.14, 2009-09-16
- Fixed a variety of small bugs.

Drupal 6.13, 2009-07-01
----------------------
-----------------------
- Fixed security issues (Cross site scripting, Input format access bypass and
Password leakage in URL), see SA-CORE-2009-007.
- Fixed a variety of small bugs.

Drupal 6.12, 2009-05-13
----------------------
-----------------------
- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
- Fixed a variety of small bugs.

Drupal 6.11, 2009-04-29
----------------------
-----------------------
- Fixed security issues (Cross site scripting and limited information
disclosure), see SA-CORE-2009-005
- Fixed performance issues with the menu router cache, the update
status cache and improved cache invalidation
- Fixed a variety of small bugs.

Drupal 6.10, 2009-02-25
----------------------
-----------------------
- Fixed a security issue, (Local file inclusion on Windows),
see SA-CORE-2009-003
- Fixed node_feed() so custom fields can show up in RSS feeds.
Expand Down Expand Up @@ -1471,7 +1532,7 @@ Drupal 4.7.9, 2007-12-05
- fixed a security issue (SQL injection), see SA-2007-031

Drupal 4.7.8, 2007-10-17
----------------------
------------------------
- fixed a security issue (HTTP response splitting), see SA-2007-024
- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
- fixed a security issue (API handling of unpublished comment), see SA-2007-030
Expand Down Expand Up @@ -1584,7 +1645,7 @@ Drupal 4.6.11, 2007-01-05
- Fixed security issue (DoS), see SA-2007-002

Drupal 4.6.10, 2006-10-18
------------------------
-------------------------
- Fixed security issue (XSS), see SA-2006-024
- Fixed security issue (CSRF), see SA-2006-025
- Fixed security issue (Form action attribute injection), see SA-2006-026
Expand Down
2 changes: 1 addition & 1 deletion INSTALL.txt
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Drupal requires:
- Percona Server 5.1.70 (or greater) (http://www.percona.com/). Percona
Server is a backwards-compatible replacement for MySQL.
- PostgreSQL 8.3 (or greater) (http://www.postgresql.org/).
- SQLite 3.4.2 (or greater) (http://www.sqlite.org/).
- SQLite 3.3.7 (or greater) (http://www.sqlite.org/).

For more detailed information about Drupal requirements, including a list of
PHP extensions and configurations that are required, see "System requirements"
Expand Down
Loading

0 comments on commit 228fb95

Please sign in to comment.