Release notes

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Release notes

Maintenance and security release of the Drupal 6 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Release notes

Placeholder for the Drupal 9.x release. Not intended for actual use by anyone except the issue queue version selector.

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2013-002 - Drupal core - Denial of service

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Important update notes (and known issues):

The security fixes in this release change all image derivative URLs generated by Drupal to append a token as a query string. ("Image derivatives" are copies of images which the Drupal Image module automatically creates based on configured image styles; for example, thumbnail, medium, large, etc.)

As an example, links that previously pointed to a URL like http://example.com/sites/default/files/styles/thumbnail/public/field/image/example.png will now point to a URL like http://example.com/sites/default/files/styles/thumbnail/public/field/image/example.png?itok=zD_VaCaD.

In addition, any code which programmatically generates a link to an image derivative without using the standard image_style_url() API function will no longer work correctly if the image does not already exist in the file system, since the necessary token will not be present in the URL.

Due to the nature of this security fix, some sites will require extra testing and care when deploying this release of Drupal core, and several contributed modules require code changes in order to continue working correctly. A summary of issues follows.

Issues involving Drupal core

1. #1923814: Existing hardcoded images can break after updating to Drupal 7.20 if image styles have been re-saved

   If your site has existing, hardcoded references to image derivatives embedded in text content (for example, as may have been inserted via the Insert module) in most cases these references will continue to work after upgrading to Drupal 7.20. However, if you re-save the associated image style (for example, by going to "Administration » Configuration » Media » Image styles" on your site and re-saving the items listed there), the images will be flushed on disk and your embedded links may stop working after that because they are missing the token. This may also occur if you re-saved the image style recently (before upgrading to Drupal 7.20) and some of the images have not yet been regenerated.

   Solution: There is no robust solution for this problem yet. The best solution is to avoid re-saving image styles for the time being.

2. #1923554: New anti-DoS measure breaks for some file URIs

   If any images are erroneously stored in the database with an extra slash in the URI (for example, public:///path/to/image rather than public://path/to/image), new derivatives for those images will fail to be generated after upgrading to Drupal 7.20. So far, the only confirmed examples of this involve images created with the Devel generate module, which are unlikely to be an issue on production websites.

   Solution: There is a patch for Drupal core in the above issue which should fix the problem.

Issues involving Drupal custom or contributed modules

Several contributed modules do not work correctly with Drupal 7.20, although there are candidate patches or fixes available for most of them:

1. #1923336: Insert module doesn't work with Drupal 7.20

   Sites using versions 7.x-1.2 or earlier of the Insert module will experience problems inserting new images into textareas after upgrading to Drupal 7.20 if the inserted image is set to display using an image derivative. The image will be inserted but will fail to display.

   Solution: Upgrade to Insert 7.x-1.3.

2. #1925298: File (Field) Paths does not work with Drupal 7.20 when images are inserted with the Insert module

   When using the File (Field) Paths module along with the Insert module, the fix to the Insert module itself is not sufficient, and new images will still not be correctly inserted into textareas.

   Solution: There is a patch in the above issue which needs testing but should fix the problem and allow new images to be inserted going forward.

3. #1923936: Responsive images and styles module doesn't work with Drupal 7.20

   The Responsive images and styles module does not work correctly after upgrading to Drupal 7.20.

   Solution: There is a patch in the above issue which needs testing but should fix the problem.

4. #1930698: Drupal 7.20 update broke IMCE's feature for generating previews via image styles

   A feature of the IMCE module which allows preview images to be generated on-the-fly based on image styles does not work correctly after upgrading to Drupal 7.20.

   Solution: No solution is available yet.

Issues involving HTTP caches and CDNs

In rare cases, the addition of the token to image style URLs may alter the way HTTP caches or CDNs handle the images. Sites using HTTP caches or CDNs should examine their configuration and test this release carefully before deploying it to a production site.

The Drupal CDN module is also incompatible with Drupal 7.20. See #1926884: CDN module is not compatible with security fix in Drupal core update 7.20 for further details. (No fix is available yet.)

Overall mitigation steps

Sites which require the ability to generate new image derivatives without a token can set the 'image_allow_insecure_derivatives' variable to TRUE, for example in settings.php:

This will cause Drupal to bypass the token check when generating image derivatives.

However, it will also completely remove the security fix introduced in this release and will therefore increase the site's vulnerability to denial-of-service attacks.

It is intended primarily as temporary measure (or for sites that are hosted in an environment where denial-of-service attacks are unlikely, such as a private intranet that is inaccessible from the outside).

Release notes

Maintenance release of the Drupal 7 series. Includes fixes for incompatibilities introduced in the Drupal 7.20 security release only.

No security fixes are included in this release; however, sites which were unable to upgrade to Drupal 7.20 (or upgraded but made modifications to disable the security fixes included within it) should upgrade to Drupal 7.21 to obtain additional security protection.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

If you have already upgraded to Drupal 7.20 with no problems this release does not provide any new functionality. You can upgrade to Drupal 7.21 at your leisure, without reading the notes below.

Important update notes:

Drupal 7.20 fixed a fundamental security flaw in the Drupal core Image module and therefore introduced incompatibilities with a number of contributed modules and sites (see the Drupal 7.20 release notes). To help mitigate the effect of these changes, an optional 'image_allow_insecure_derivatives' variable was provided, which sites could use to turn off the security fix.

Drupal 7.21 adds additional security protection for sites that use this variable. Although they will still not receive the full benefit of the security fix, they will now have protection against the most damaging and easiest-to-inflict vulnerabilities that were addressed in Drupal 7.20.

If you encountered problems when upgrading or attempting to upgrade to Drupal 7.20, then you should upgrade to Drupal 7.21 following the instructions below:

1. First check if upgrading to Drupal 7.21 (and applying any patches or fixes recommended in the Drupal 7.20 release notes) allows you to upgrade your site without any issues. Unset the 'image_allow_insecure_derivatives' variable if you previously set it while upgrading to Drupal 7.20.
2. If your site experiences problems that do not yet have a fix (and the problems are severe enough that you are unable to tolerate them on your site), set the 'image_allow_insecure_derivatives' variable to TRUE. This can be done using Drush, or by placing code such as $conf['image_allow_insecure_derivatives'] = TRUE; in your settings.php file. (There is also an experimental module you can install which will provide a user interface for turning the variable on.)

   If you choose to set this variable, understand that your site is not fully secure; it will still be vulnerable to some forms of denial-of-service attacks which use image derivatives as described in SA-CORE-2013-002 (although not the most serious and easiest-to-inflict ones). You should therefore monitor the issue queues of any modules which were giving you trouble and remove the variable from your site as soon as fixes become available which you are able to apply.

There is one behavior change introduced in this release for sites using the 'image_allow_insecure_derivatives' variable. Previously, setting the variable would allow you to generate any image derivative without including a token in the URL. Now, although tokens will still be optional for most image derivatives, they will be required in the unlikely case of an image derivative which was itself generated from an image derivative (for example, if you first generate a thumbnail image by visiting http://example.com/sites/default/files/styles/thumbnail/public/field/image/example.png, and then want to take that thumbnail image and generate a "medium" image based off of it by visiting http://example.com/sites/default/files/styles/medium/public/styles/thumbnail/public/field/image/example.png, the second case will require a token in the URL in order to work). This change was necessary in order to provide the security improvements and is not believed to have a practical effect in realistic scenarios.

Changes since 7.20:

• #1934568 by David_Rothstein, pwolanin: Allow sites using the 'image_allow_insecure_derivatives' variable to have partial protection from the security issues fixed in Drupal 7.20.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

Besides documentation fixes, no changes have been made to the robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary. There are two changes to the .htaccess file in this release:

1. An improvement to the default rewrite rules to help avoid man-in-the-middle attacks on sites which are accessed over HTTP and HTTPS (see #1733476).
2. A change to the list of file extensions which are blocked by .htaccess, to prevent temporary files created by text editors from being accessed (see #1907704). Note: This change may cause issues for sites running very old versions of the Apache web server (1.x); see the "Known issues" section below.

Upgrading custom versions of the .htaccess file is recommended.

Known issues:

#1962780: 500 Internal server error on Apache 1.x servers after updating to Drupal 7.22: Sites running on 1.x versions of the Apache web server may experience errors after updating to Drupal 7.22. (Although Apache 1.x was deprecated by the Apache project several years ago and switching to Apache 2.x is highly recommended, Drupal 7 normally does still run on it.) A patch to fix the problem is available for testing in the above issue.

Major changes since 7.21:

• Allowed the drupal_http_request() function to be overridden so that additional HTTP request capabilities can be added by contributed modules.
• Changed the Simpletest module to allow PSR-0 test classes to be used in Drupal 7.
• Removed an unnecessary "Content-Disposition" header from private file downloads; it prevented many private files from being viewed inline in a web browser.
• Changed various field API functions to allow them to optionally act on a single field within an entity (API addition: http://drupal.org/node/1825844).
• Fixed a bug which prevented Drupal's file transfer functionality from working on some PHP 5.4 systems.
• Fixed incorrect log message when theme() is called for a theme hook that does not exist (minor string change).
• Fixed Drupal's token-replacement system to allow spaces in the token value.
• Changed the default behavior after a user creates a node they do not have access to view. The user will now be redirected to the front page rather than an access denied page.
• Fixed a bug which prevented empty HTTP headers (such as "0") from being set. (Minor behavior change: Callers of drupal_add_http_header() must now set FALSE explicitly to prevent a header from being sent at all; this was already indicated in the function's documentation.)
• Fixed OpenID errors when more than one module implements hook_openid(). The behavior is now changed so that if more than one module tries to set the same parameter, the last module's change takes effect.
• Fixed a serious documentation bug: The $name variable in the taxonomy-term.tpl.php theme template was incorrectly documented as being sanitized when in fact it is not.
• Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had duplicate permission names in the User module's database tables.
• Added an empty "datatype" attribute to taxonomy term and username links to make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
• Fixed a bug which caused the denial-of-service protection added in Drupal 7.20 to break certain valid image URLs that had an extra slash in them.
• Fixed a bug with update queries in the SQLite database driver that prevented Drupal from being installed with SQLite on PHP 5.4.
• Fixed enforced dependencies errors updating to recent versions of Drupal 7 on certain non-MySQL databases.
• Refactored the Field module's caching behavior to obtain large improvements in memory usage for sites with many fields and instances (API addition: http://drupal.org/node/1915646).
• Fixed entity argument not being passed to implementations of hook_file_download_access_alter(). The fix adds an additional context parameter that can be passed when calling drupal_alter() for any hook (API change: http://drupal.org/node/1882722).
• Fixed broken support for translatable comment fields (API change: http://drupal.org/node/1874724).
• Added an assertThemeOutput() method to Simpletest to allow tests to check that themed output matches an expected HTML string (API addition).
• Added a link to "Install another module" after a module has been successfully downloaded via the Update Manager (UI change).
• Added an optional "exclusive" flag to installation profile .info files which allows Drupal distributions to force a profile to be selected during installation (API addition).
• Fixed a bug which caused the database API to not properly close database connections.
• Added a link to the URL for running cron from outside the site to the Cron settings page (UI change).
• Fixed a bug which prevented image styles from being reverted on PHP 5.4.
• Made the default .htaccess rules protocol sensitive to improve security for sites which use HTTPS and redirect between "www" and non-"www" versions of the page.

All changes since 7.21:

• #1821906 followup by David_Rothstein: Validate that the new $options parameter in various Field API public API functions is actually an array, to prevent conflicts with contrib modules.
• #1664784 by effulgentsia, mikeytown2: Allow drupal_http_request() to be overridden.
• #1693398 by donquixote, pounard, sun, Sylvain Lecoy: Allow PSR-0 test classes to be used in D7.
• #1952354 by robertcharlesfox | laurence_m: Fixed Typo in drupal_add_html_head() API doc.
• #1797506 by dcam, xjm, Lars Toomre, sivaji: Remove t() from assertion messages in tests for the rdf module.
• #1945066 by chertzog, dcam | joachim: Fixed node_theme() doesn't declare the file for theme_node_admin_overview() .
• #1049050 by mfb, TwoD, David_Rothstein, jpsoto: Removed dead code in file_stream_wrapper_uri_normalize().
• #946118 by droplet, lyricnz, dcam | rvilar: Fixed The machine name isn't updating correctly when the user selects a previous input value.
• #799356 by vijaycs85, m1n0, jaffaralia, effulgentsia: Fixed _form_set_class() is too aggressive in assigning the 'error' class.
• #1575060 by Spleshka, andypost, serm, mcjim, nod_: Fixed ajax_html_ids() are broken for forms with file element (encoding=multipart/form-data).
• #1728122 by rymo | HonoredMule: Fixed Sticky Table header tables don't inherit parent table's outer width.
• #1229014 by bfroehle, jackbravo, illmasterc: Fixed Content-Disposition header makes private files show open/save prompts, but public files show inline.
• #1821906 by Wim Leers, nod_: Allow more Field API public API functions to act on a single field within an entity.
• #985642 by kiamlaluno, Berdir, Damien Tournoud, Deciphered, B-Prod, galooph, David_Rothstein, drzraf, yched: Add back field_attach_load() to file_field_update() under certain circumstances in Drupal 7.
• #124689 by cck | Dio: Fixed hook_user()/hook_user_presave() documentation needs clarification on how to modify values.
• #1915088 by openminds, bfroehle: Fixed SkipDotsRecursiveDirectoryIterator not skipping dot-files when they are the first entry.
• #1937860 by mikeytown2: Fixed seven_css_alter() does not set the type.
• #1940404 by danpros: Fix URL typo in PHP module filter tips.
• #1096208 by zambrey, mr.baileys: Fixed PHP notices when creating menu link '#'.
• #1564996 by greggles: Added Make one-time login link watchdog more useful for auditing.
• #1705536 by pfrenssen: Fixed typo in docblock block_block_list_alter().
• #1716036 by larowlan, xjm: Use range() to create option list for forum block options.
• #1886876 by IRuslan, swentel: Fixed Useless variable assignment in node_feed().
• #1723828 by hass: Fixed incorrect log message when theme() is called for a theme hook that does not exist.
• #1648004 by dcam, Devin Carlson, Rob Loach: Removed inaccurate code comment about using l() in update_helpful_links().
• #1035292 by Désiré, vijaycs85, wizonesolutions, oriol_e9g, ACF, achton, darkadept: Fixed Dynamic tokens can't have spaces.
• #1901476 by caiosba | mstef: Fixed Uncaught TypeError: Cannot read property 'command' of undefined in ajax.js.
• #1242602 by swentel, JvE, babruix | Chi: Fixed Notices in taxonomy_autocomplete().
• #771036 by ojohansson, Albert Volkman, Gábor Hojtsy: Fixed Overlay overwrites existing target attribute.
• #1429442 by Jody Lynn, mathankumarc, gnuget, nrambeck, dcam | sun: Fixed Access denied page shown after submitting form that creates a unpublished node.
• #1605040 by TravisCarden, mitron | EdgarPE: Fixed drupal_send_headers() ignores headers with valid but falsy values.
• #1907704 by acrollet, ultimateboy, totten: Restrict temporary files created by text editors.
• #1379056 by Barrett: Fixed if more than one hook_openid() implementation returns a given parameter, the resulting value is an array and request is invalid.
• #1926758 by balsama, mitron: Fix code comment in system.module
• #1797514 by disasm, dicam, Gaelan, Lars Toomre: Remove t() from test assert messages in simpletest module
• #1884840 by Pix, pwolanin: Remove reference to md5 in ajax code comments
• #1920340 by yched: Fixed Update URL of change notification for '_field_info_collate_fields() memory usage'.
• #1324058 by isay, barraponto, shameemkm: Fixed forum-rtl.css does not overide #forum div.indent from margin-left to margin-right.
• #1886812 by kiamlaluno: theme_form_element() initialize a variable that is never used.
• #1215404 by brianV, pillarsdotnet: Fixed Remove assignment to unused variable $export_data from book_export_html() function.
• #1886796 by kiamlaluno: Fixed theme_checkbox() initialize a variable that is never used.
• #1886870 by IRuslan: Fixed Useless node_type_get_type() call in node_validate().
• #1848774 by IshaDakota, kiamlaluno: Fixed search_view() initializes a variable that is never used.
• #1898314 by droplet | xjm: Rename $user to $account in WebTestBase::drupalLogin().
• #1751054 by borisbaldinger, Berdir, vomiand: Fixed serious documentation problem with the $name variable in taxonomy-term.tpl.php (incorrectly documented as being sanitized when in fact it is not).
• #1586542 followup by andypost: Workaround for an issue where system update #7061 fails due to a memory leak and can't be run again.
• #1475342 by iamEAP | Kasper Souren: Fixed D6->D7 upgrade: system_update_7007() fail.
• #1827136 by amatzies, patrickd, posulliv | earnie: Add severity index to watchdog table.
• #1848464 by scor | jneubert: Fixed Make RDFa markup upward compatible with RDFa 1.1.
• #1890754 by Berdir, pwolanin, tim.plunkett: [Tests] Private Images visible by url.
• #1932354 by Alexander Pyle: Fix up documentation for image_scale()
• #1916928 by Alexander Pyle, YesCT, twistor: Document that clickLink is case sensitive
• #1347914 by Albert Volkman, Lars Toomre, batigolix, NROTC_Webmaster, xjm, sven.lauer: Fix up API docs for Filter module
• #1923554 by David_Rothstein, pwolanin, mitron | alfaguru: Fixed New anti-DoS measure breaks for some file URIs.
• #1266572 by znerol, joshf: Fixed Workaround in UpdateQuery_sqlite() for affected rows count causes certain updates to be suppressed.
• #1012620 by Berdir, kbasarab, YesCT: Fixed Unique key on date_formats().(format|type) is problematic for case insensitive collations.
• #1792380 by theo_: Fixed DatabaseCondition not cloning SelectQuery value object.
• #1794012 by dcam, Crell, Lars Toomre: Remove t() from asserts in database system tests
• #1908192 by mitron: Document what happens in drupal_get_filename() if the file is not found
• #1908194 by richard.c.allen2386: Document what happens in drupal_get_path if the file is not found
• #1889738 by andybroomfield: Add information to documentation of hook_custom_theme
• #1397346 by Albert Volkman, kristiaanvandeneynde, larowlan, bobbyaldol, tim-e, shiff2kl, FatGuyLaughing: Add and fix up documentation in image and node module files
• #1885000 by cck: Add link in hook_theme docs to theme layer page
• #1879022 by omegamonk: Fixed Enforced dependencies errors updating to recent versions of Drupal 7.
• #1040790 by yched, swentel, geerlingguy, justin.randell, Berdir | catch: Fixed _field_info_collate_fields() memory usage.
• #1893530 by alippai: Document that bundles element is not required for one-bundle entities in hook_entity_info
• #1894850 by ben.bunk: Fix typo in code example in drupal_prerender_links docs
• #1875858 by j.slemmer, cck: Fix documentation for a couple of menu hooks
• #1317628 by Albert Volkman, Gaelan, disasm, mjonesdinero, xjm: Clean up API docs for include files n-z
• #1888454 by kiamlaluno: Remove irrelevant information from form_process_vertical_tabs() documentation
• #1807556 by Albert Volkman, Lars Toomre: API docs fixup for Aggregator module
• #1807688 by Albert Volkman, Lars Toomre: API docs fixes for Book module
• #1156576 by pixelite, Ryan Weal, jhodgdon, plach, Albert Volkman: Better documentation for language negotiation
• #1851788 by cck, blake.thompson: Add docs for hook_menu for expanded property
• #1870612 by David_Rothstein, plach, greggles: Add tests for SA-CORE-2012-004 - Drupal core - Arbitrary code execution via file upload.
• #1565322 by Jorrit: Fixed Notice in locale_languages_edit_form_validate().
• #1857956 by catch, David_Rothstein: Do not re-prepare comment update timestamp if it's the same as the created timestamp (performance improvement).
• #1815930 by slashrsm, gbrands, amontero: Fixed Update watchdog message in file_unmanaged_copy() with correct string/variable replacement values.
• #1143460 by WorldFallz, Dave Reid, colette, typhonius, David_Rothstein | localhost: Fixed hook_file_download_access_alter() missing entity argument (by allowing an additional context argument to be passed to drupal_alter()).
• #1862198 by plopesc: Make it clearer where to find placeholder docs for t
• #1873608 by David_Rothstein: Clarify documentation on when to use t vs format_string
• #1333400 by Albert Volkman, Chi: Add parameter docs for hook_install_tasks
• #1864216 by larowlan, marvin_B8: Fixed No docblock for several functions in user.module.
• #1864360 by oadaeh: Fixed Clean up some inconsistencies with @link...@endlink.
• #1864188 by johnshortess | hefox: Fixed user_filters() invokes hook_permission() with argument 'permission' ($function('permission')).
• #1741386 by lazysoundsystem, rasmusluckow, andypost, Lars Toomre, dcam: Removing t() from asserts in simpletests in book module.
• #1534674 by plach, slowflyer: Fixed Comment field language is completely broken.
• #1874342 by erikwebb: Fixed Undefined constant STEAM_WRAPPERS_LOCAL used in file_get_stream_wrappers() documentation.
• #1873608 by David_Rothstein: Improve documentation of format_string() to emphasize that it is used to prepare variables for HTML display.
• #1854620 by marvin_B8, droplet: Fixed hook_menu_local_tasks_alter() help texts.
• #1629994 by Aron Novak, oadaeh, yurtboy, jhodgdon, kingandy: Fixed Mail functions reference obsolete RFC.
• #1606946 follow-up by David_Rothstein: Remove note about const from D7 docs since we don't require PHP 5.3.
• #1868206 by kiamlaluno: Fixed Word is repeated.
• #1847382 by thehong, pingwin4eg, 63reasons: Fixed Undefined index: access in includes/menu.inc (when custom access_callback() does not exist or does not get included).
• #1706878 by tim.plunkett, lazysoundsystem: Added DrupalWebTestCase::assertThemeOutput() to allow modules to test theme function output.
• #1446650 by superspring | drupalsven: Added After installing module display link to 'install another module'.
• #1727430 by tedbow, webchick, fubhy | amontero: Added 'exclusive' flag to install profiles to auto-select them during installation.
• #843114 by sun, quicksketch, Berdir | c960657: Fixed DatabaseConnection::__construct() and DatabaseConnection_mysql()::__construct() leaks $this (Too many connections).
• #1117780 by amontero, naxoc | ogi: Display cron url in admin/config/system/cron page.
• #1494676 by Liam Morland, cam8001: Removed unused variable $http_protocol in drupal_settings_initialize().
• #1672694 by Devin Carlson, JulienD, jibran, kalabro: Fixed Field UI continues to use t() for $instance['label'] in field_ui().admin.inc.
• #1550892 by david.mckay | fgm: Fixed reset() on function call in image_update_7002() to avoid an E_STRICT notice.
• #1833028 by michaelmol | rmfleet: Fixed bug which prevented image styles from being reverted on PHP 5.4.
• #1817680 by haydeniv | netol: Fixed Update notification is printed more than one time.
• #1733476 by greggles, BMDan: Fixed Make default htaccess rules protocol sensitive to avoid man-in-the-middle-attacks if users don't fully customize the rule.
• #1851886 by Albert Volkman: Fix up documentation for cache_set() function
• #1247812 by Albert Volkman, jzacsh: Add docs for user_admin() function
• #1853050 by Jerenus: Fix up docs for drupal_send_headers()
• #1857984 by Ivan Zugec: Fix sample code for hook_field_widget_form so it would actually work
• #1858508 by TravisCarden: Add see also to hook_theme docs
• #1856142 by kiamlaluno: Fix typo in node_query_node_access_alter() comment
• #1606946 by Albert Volkman: Fix grammar in docs in update.php
• #1853574 by Albert Volkman: Fix spelling error in drupal_mail_system() docs
• #1787876 by Albert Volkman, cirage, BrockBoland: Add return docs for drupal_get_token() function
• #1606946 by Albert Volkman, udaksh, bunthorne: Fix up API docs for top-level PHP files
• #1851538 by willkaxu: Fix docs typo in cache.inc
• #1313980 by Albert Volkman, Lars Toomre, jn2, xjm, jhodgdon: Clean up API docs for Node module
• #1846510 by Tor Arne Thune: Remove duplicate that in code comment
• #1846510 by larowlan, kim.pepper: Fix spelling error in field UI module comment
• #1848516 by IshaDakota: Fix coding style in hook_schema() example function body
• #1423090 by Albert Volkman: Fix invalid function see reference in field.module
• #1837840 by amontero, tstoeckler: Add clarification to l() docs as to when to use t() instead
• #1326600 by dcam, Lars Toomre, batigolix, kid_icarus, xjm: Clean up API docs for dblog module
• #1492378 by kbasarab: follow-up docs correction on autocomplete paths
• #1831408 by kotnik: Fix spelling of entity in docs
• #1829366 by gcassie: Fix up grammar and caps in default settings.php file

Release notes

Highlights

• Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
• Reduce memory usage of theme registry (performance).
• Fixed PECL upload progress bar for FileField
• Fixed running update.php doesn't always clear the cache.
• Fixed PDO exceptions on long titles.
• Fixed Overlay redirect does not include query string.
• Fixed D6 modules satisfy D7 module dependencies.
• Fixed the ordering of module hooks when using module_implements_alter().
• Fixed "floating" submit buttons during AJAX requests.
• Fixed timezone selected on install not propogating to admin account.
• Added msgctx context to JS translation functions, for feature parity with t().
• Profiles' .install files now available during hook_install_tasks().
• Added test coverage of 7.0 -> 7.x upgrade path.
• Numerous notice fixes.
• Numerous documentation improvements.
• Additional automated test coverage.

Update notes

• None at this time.

Known issues

• None at this time.

Full list of changes since 7.9:

• #1318316 by xjm: AssertTaxonomyPage is missing documentation.
• #1329914 by xjm, msonnabaum: Fixed Ensure ['q'] is set before calling drupal_normal_path().
• #1332648 by sven.lauer, jhodgdon, xjm: Clean up API docs for contextual module.
• #1198398 by jm@bellcom.dk, AllRob: Fixed Timezone selected on install not correctly saved to admin user account.
• #1182296 by BTMash, matason, catch, xjm: Add tests for 7.0->7.x upgrade path.
• #1206992 by oriol_e9g: fixed Field UI error message and incorrect type level.
• #1196112 by rocket_nova: taxonomy_get_parents() return value documentation isn't complete.
• #1087940 by drewish, rocket_nova: document that wildcard % doesn't work as first argument in menu paths.
• #1289208 by minorOffense, skottler, rocket_nova: REQUEST_TIME documentation is misleading.
• #1302364 by Chi, realityloop: duplicate status check in forum_field_storage_pre_update().
• #1280674 by TR, DamZ: submit button 'floats' during ajax submission.
• #765860 by effulgentsia, dww, dereine, mikey_p, xjm, sun, sven.lauer: drupal_alter() fails to order modules correctly in some cases.
• #1346772 by xjm: Fixed StatisticsLoggingTestCase->testLogging() is unstable.
• #1337124 by xjm: improve API documentation for taxonomy_autocomplete().
• #1313342 by CrookedNumber, RaulMuroc, Yuri: Fixed Curacao should appear in standard_country_list().
• #655190 by dealancer: Fixed Allow hook_install_tasks() to be called from a profile's .install file (or document that it can't be).
• #1002258 by tstoeckler, xjm: Fixed D6 modules satisfy D7 module dependencies.
• #1002258 by tstoeckler, xjm: Fixed D6 modules satisfy D7 module dependencies.
• #488496 by loganfsmyth, G√°bor Hojtsy: Implement missing msgctx context in JS translation for feature parity with t().
• #1146234 by David_Rothstein, Tor Arne Thune, xjm: Fixed Overlay redirect does not include query string.
• #1326950 by chrispomeroy: Fixed typo in overlay-child-rtl.css.
• #1339292 by xjm: Fixed hook_requirements() documentation references incorrect path for cron in system.api.php.
• #212284 by Damien Tournoud, alexanderpas, dww: Fixed security check in 'configure' stage not compatible with overriding variables: site_name() and site_mail().
• #789484 by Lars Toomre, sven.lauer, jhogdon, pillarsdotnet, michaellenahan: Fixed Confusing documentation for argument in hook_access()/hook_node_access().
• #1333314 by ericduran: Fixed Left over console.log in authorized.js.
• #1333346 by claudiu.cristea: Fixed hook_field_extra_fields_alter() example code.
• #1247982 by kathyh, Aron Novak, xjm: Fixed API doc for hook_aggregator_parse() is incorrect.
• #777168 by Berdir, effulgentsia: Fixed Notice: Undefined property: stdClass:: in profile_user_presave().
• #1326932 by jenlampton, rump: Bunny ears are fuzzy: update search test node content to reflect this.
• #1006714 by Steven Jones, chx, mr.baileys, xjm, carlos8f: Fixed drupal_get_path() doesn't work for profiles.
• #1263644 by jhodgdon, ultimateboy, Tor Arne Thune: Define what being in MAINTAINERS.txt means.
• #1334768 by ls206, Pasqualle: Fixed Syntax error in locale_test().js line 27.
• #935208 by droplet, assert0, adrinux, Tor Arne Thune: Fixed PECL uploadprogress bar doesn't appear.
• #1180642 by franz, catch, xjm, musicnode: Fixed PDOException in statistics_exit() when path longer than 255 characters.
• #1049284 by xjm: Fixed Running update.php to flush caches no longer works unless there are updates pending.
• #999024 by bfroehle, O Govinda: Fixed Status Report page refers to 'update status module' instead of 'update manager module'.
• Missing files.
• #951644 by catch, David_Rothstein, aschiwi, xjm: Fixed Requirement warnings (e.g. for PHP memory limit) are not shown on install or update unless there is a requirement error also.
• #1328378 by Chi: Fixed remove bogus colour value in CSS in Seven theme.
• #1312844 follow-up by David_Rothstein, kathyh: Fixed minor formatting bug.
• #1103590 follow-up by Tor Arne Thune, dcrocks: Add tests for blocks being added to 'hidden' region.
• #1326472 by xjm: Add capitalization and periods to several inline comments in common.inc.
• #561858 follow-up by effulgentsia, sun: Add tests for AJAX framework lazy-load feature.
• #1021064 by montesq, barraponto, cwells73, mejd: Fixed No Main Links causes error message in form description to set Secondary Links.
• #1011614 by catch, pillarsdotnet: Fixed Theme registry can grow too large for MySQL max_allowed_packet() and memcache default slab size.
• #1274406 by marcingy, grndlvl: Fixed PDO exception is thrown when saving a node with a title that is too long.
• #673020 follow-up by attiks: Critical fix to Content-Language HTTP header to not cause issues with Drush.
• Ahem. Back to 7.x-dev.
• Back to 7.x-dev

Release notes

The twentythird maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities have been committed. New features are only being added to the forthcoming Drupal 8.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-001 - Drupal Core - Multiple vulnerabilities

No other fixes are included. For additional bugfixes, see Drupal 6.24 released alongside Drupal 6.23.

Release notes

The twentyfourth maintenance release of the Drupal 6 series. Only bugfixes have been committed. No security fixes are included in this release. New features are only being added to the forthcoming Drupal 8.0 release.

This release includes the security fixes from Drupal 6.23 which was released alongside Drupal 6.24. No additional security fixes are included.

The complete list of changes committed since Drupal 6.22 are as follows:

• #879270 by Ben Coleman: query in taxonomy_node_get_terms() needs the v.weight field added to the SELECT because it was already present in the ORDER BY; improved PostgreSQL compatibility
• #12274 by markoshust, DamienMcKenna, seanbfuller, cburschka, aufumy: do not accept email addresses with dots at the end as valid
• #600836 by tim.cosgrove, dww, naxoc, Dave Reid: prevent batches from going indefinitely if their 'finished' value becomes bigger than 1
• #289504 by mikeryan, catch, moshe weitzman: backport indexes from Drupal 7 on comments and node_comment_statistics to improve performance of mass-user operations such as deleting users en masse
• #1278160 by tim.plunkett: lower the severity level in watchdog() for orphaned actions
• #975754 by jhodgdon, Albert Volkman: fix phpdoc about access callback inheritance for menu items
• #336483 by brianV, catch: add index for comment_count on column in node_comment_statistics to avoid full table scan when search index is updated for example
• #1137848 by pillarsdotnet, BrockBoland, tim.plunkett: hide /filter/tips page from well behaving search engines, it is pointless to be included in search indexes
• #648516 by cafuego, williamestrada: node_build_filter_query() should consider the vid of nodes when joining on term_data to consider only current revisions of nodes
• #767104 by mgriego, EugenMayer, mkalkbrenner: taxonomy_node_save() should refresh the node terms (especially for free tagging vocabularies) when nodes are updated, so they are kept up to date in the same HTTP request
• #720876 by pillarsdotnet: user_register_validate() should invoke user_module_invoke() with an account object rather than an array; improved PHP 5.3 compatibility
• #269877 by neochief, roderik, akaliel, mathieu, jct, Jo Wouters, fago, ufku, fmjrey, nonsie, pfournier: avoid duplicate paths (again) in path_set_alias()
• #147000 by Berdir, Dave Reid, pwolanin, pillarsdotnet, TR, jbrauer, dstol: rework module_rebuild_cache() and system_theme_data() to support locking, so that concurrent requests will not corrupt the data; fixes an issue where themes got disabled occasionally
• #156582 by c960657, drico, pwolanin, townxelliot, Damien Tournoud, kbahey, mikeytown2, jpmckinney, craig_, zyxware: add missing timeout support to drupal_http_request() to avoid Drupal hanging on web service requests
• #556842 by mh86, catch, bangpound, wojtha, deviantintegral: optimize taxonomy_get_tree() by building the tree internally instead of recursively to improve performance; especially good for bigger taxonomies
• #504506 by andypost, pillarsdotnet, podarok: Drupal.formatPlural() did not pass on extra arguments for translations of some plural values
• #1173012 by carlos8f, Fabianx, Gábor Hojtsy: do not remove blocks for disabled modules in _block_rehash() to avoid blocks disappearing for people following the update guide to the letter disabling contrib modules when updating Drupal core
• #883038 by pillarsdotnet, ShutterFreak, anarcat: ereg() and ereg_replace() are deprecated but Drupal 6 will not migrate to preg to avoid breaking APIs, so we need to silence the warnings coming out of the use of ereg on PHP 5.3+
• #1174496 by Eric_A, grendzy, greg.1.anderson, c31ck: drupal_error_handler() should not assume filter_xss() is available. It might be called before that is loaded. Also fixes Drush compatibility.
• #825972 by daniels220, Reidsy, Albert Volkman: add phpdoc documentation to sess_read() and sess_write()
• #1260932 by DjebbZ, pwolanin: hook_nodeapi() optional arguments should not be made required by some core modules either
• #208793 by Damien Tournoud, kbahey, TR: instead of hardcoding the HTTP protocol version in responses, respond with the HTTP protocol version requested (or fall back to HTTP/1.0 if the requested protocol/version is unknown)
• #971812 by mfb, twistor: aggregator ignores Atom id element, which is equivalent to RSS guid element
• #845542 by pounard: db_query_temporary() will fail without CREATE TEMPORARY TABLES permission on MySQL, update install documentation for that
• #1225364 by sivaji, ñull: body field label is configurable but hardcoded in min word count validation error message
• #1103310 by c960657: lock_acquire() does not properly extend expired lock due to misuse of db_query() to check for affected rows
• #909274 by ergonlogic, franz: user/0/delete should not be accessible even for administrators
• #1006938 by dww, westwesterson: avoid PHP warnings in the PHP 4 XML parser caused by the relatively new XML data pieces produced at updates.drupal.org
• #480082 by pp: add previously undocumented variables in system_send_email_action_form()'s message field description
• #1173012 by carlos8f, Fabianx: fix poll_block() to not wrap the block list operation in permission checks which could result in block placement and configuration lost when block rehashing is run with a user lacking permissions to view content
• #1283442 by Ben Coleman, twistor, ggevalt: aggregator_block()'s permission check on the list, configure and save operations could result in loss of aggregator blocks when block rehasing is invoked with a user who has no access to feeds; permissions should only be checked on the view op
• #1169034 by mfb: fix notice in file_create_filename() for cases when the ext variable did not exist previously
• #1196102 by James_Stallings, noisetteprod: improve phpdoc on taxonomy_check_vocabulary_hierarchy()
• #338402 by rocket_nova, jhodgdon: improve documentation on node_get_types()
• #1098556 by barbi, rocket_nova, kiamlaluno: search_box() documentation referred to theme_search_box_form() which is in fact implemented in search-block-form.tpl.php in Drupal 6
• #1192178 by pillarsdotnet, jhodgdon: fix user_module_invoke() argument names to make more sense and phpdoc to document them (no behavioral change of course)
• #1288838 by anrikun: fix bad code indentation in _locale_batch_build()
• #1175614 by barbi, oriol_e9g, CashWilliams, aenw: improve phpdoc on block_list()
• #1100260 by barbi, jhodgdon: fix phpdoc in batch operations example to have a redirect
• #372766 by jhodgdon, jn2: phpdoc improvements to user_save()
• #1222802 by franz, droplet, jhodgdon: cleanup for pager phpdoc blocks; add missing text argument doc to theme_pager_link
• #1190846 by vitalsouto, ninizik: remove one of two copies of repeated phpdoc documentation on actions
• #300714 by j0hn-smith, alexjarvis, lilou, linuxbox: sort node revisions by vid not timestamp.
• #1149628 by Ben Coleman: fix blog module query to include all ORDER BY fields in select for PostgreSQL compatibility
• #201876 by gpk: improve yellow in Garland tabledrag to stand out better for usability
• #356359 by mgifford, Agileware: improve accessibility of the search form
• #925580 by tbenice, rsevero, marcp: dix upload modules's form altering to be clearly compatible with PHP 5.3
• #188947 by lyricnz: date_validate() takes a form element, not a whole form, correct the variable name to clean this up
• #1154722 by mattconnolly, barbi, jhodgdon: link Form API reference to Drupal 6 version in Form API docs
• #1095066 by drewish, barbi: improve node_build_content() return value documentation
• #401266 by pillarsdotnet, jhodgdon: improve documentation on user_mail_tokens() to be more accurate on required account properties
• #1184106 by barbi: improve documentation on db_set_active()
• #1063636 by barbi, Rob Loach, TR: reference drupal_add_css() in drupal_get_css() docs
• #1176524 by andypost, TR, dww: remove leftover CVS ID tags from Drupal core
• #1169080 by barbi, csdco: improve documentation of file_set_status()
• #623276 by jhodgdon: improve documentation on file_scan_directory()
• #1123120 by kiamlaluno, mr.baileys: improve documentation for theme preprocess; hook argument was missing

Release notes

Important!! It was discovered post-release that this version of Drupal only includes bug fixes from Drupal 7.9, not Drupal 7.10! Users are encouraged to use Drupal 7.12 instead. Discussion is happening at #1430404: Drupal 7.11 is missing all the bug fixes from Drupal 7.10

Maintenance and security release of the Drupal 7 series. Only fixes for security vulnerabilities have been committed. New features are only being added to the forthcoming Drupal 8.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-001 - Drupal core - Multiple vulnerabilities

No other fixes are included. For additional bugfixes, see Drupal 7.12 released alongside Drupal 7.11.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes only (no new functionality), plus the security fixes from Drupal 7.11 which was released alongside Drupal 7.12.

All changes committed since Drupal 7.10 are as follows:

• #336483 by brianV, catch: Fixed Performance: SELECT MAX(comment_count()) FROM node_comment_statistics() does full table scan.
• #289504 by catch, mikeryan, moshe weitzman: Fixed user_delete() performance: index comment uid columns.
• #1326482 by ryanissamson: Clean up minor code style issues in archiver.inc.
• #996236 by fago, sun, pillarsdotnet, xjm: Fixed drupal_flush_all_caches() does not clear entity info cache.
• Rollback of Issue #1280792 by andypost: Key length too long error.
• #569076 by rocket_nova, wamilton, alonpeer: Test that taxonomy term page contains a link to parent terms in the breadcrumbs.
• #1367000 by chris.leversuch, oriol_e9g, David_Rothstein: Clean up API docs for php module.
• #1421330 by heyrocker: Fixed Add @see for cache_set() and cache_get() .
• #1415794 by Zen Master: Fixed node_access_test_form_node_form_alter() has wrong documentation header.
• #1409052 by mkadin: Fixed hook_menu() should state that auto-loaders should return FALSE to indicate nothing found and trigger a 404.
• #1372280 by sven.lauer: Document that field_info_field_by_id() may also be used for deleted fields.
• #1416212 by pontus_nilsson: Fixed _user_mail_notify() -- options for need to be a list.
• #1045786 by D√©sir√©, Albert Volkman, droplet: Fixed Length of Aggregator Trimmed Description.
• #1025286 by Tor Arne Thune, Devin Carlson, swentel: Fixed logo_upload() in form_set_error() instead of favicon_upload() in system.admin.inc.
• #1360416 by droplet, LSU_JBob: Fixed Document that the page_bottom() region is hidden from the blocks UI.
• #1402620 by jeckman, jwlogemann: Fixed node_show() return doc links to nonexistent function.
• #1405260 by skottler: Clarify the language around non-reliable queue examples.
• #984874 by LSU_JBob, dalin, Albert Volkman, sun: Use DrupalUnitTestCase where possible.
• #1280792 by julien, xjm, pingers, Niklas Fiekas: Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
• #1110650 follow-up by sun: Oops. No entity_create() in 7.x. :)
• #1110650 follow-up by grendzy, oriol_e9g, sun: Fixed comment-by-anonymous class never appears.
• #1371484 by catch, langworthy, makara, ArtistConk: Fixed Private properties in abstract class DrupalCacheArray.
• #1411592 by dadikof, Niklas Fiekas: Fixed func_get_args() can't be used as a function parameter before PHP 5.3.
• #1420048 by nod_, droplet: fixed menu* JS indention.
• #1099062 by nod_, droplet: Autocomplete.js micro optimization.
• #1399496 by droplet: JS semicolon to following code standard .
• #1354852 by marvil07, 30equals: hook_node_type_insert() has no sample function body.
• #1394790 by joachim: explain system_admin_compact_mode().
• #1377544 by kotnik: hook_update_N documentation uses dead links.
• #852524 by plach, oriol_e9g: include language provider files only when they are needed.
• #1416218 by scorchio: Improve variable naming in format_interval().
• #736556 by daniels220, jeckman, Albert Volkman: fixed theme_links() doc needs expansion.
• #1346166 by Dave Reid: Improve performance of token_replace() if there are no tokens to replace.
• #1387572 by pbull, tarekdj: Fixed node links are not left aligned in bartik theme on RTL direction.
• #1387098 by LSU_JBob, nburles: bug in ajax.js when minified.
• #1000074 by naxoc: node_permission() uses check_plain() without a purpose.
• #666854 by TR, JacobSingh: fixed E_NOTICE warnings in run_tests().sh .
• #1386514 by pflame, nod_, David_Rothstein: Fixed Dragging and dropping a shortcut from disabled to enabled doesn't switch the status if the dragging happens fast.
• #1330554 by oriol_e9g, fiftyz, richthegeek: Fixed taxonomy_get_tree() incorrect depth on multiple parents.
• #1160928 follow-up by sun: Commit missing file. Oops.
• #987930 by David_Rothstein, Tor Arne Thune: Fixed The obsolete 'site_offline_message' variable is not always deleted during the D6->D7 upgrade.
• #1373582 by jhodgdon, TR: Fixed Trailing whitespace.
• #1386976 by nburles, LSU_JBob: Fixed Bug in drupal.js when minified.
• #1402962 by xjm, marcingy, oriol_e9g, msonnabaum: Fixed Render cache shouldn't treat empty strings as a cache miss.
• #278425 by andypost, droplet, OnkelTem, chx, c960657, drewish, kotnik, realityloop: Change notice for: Using basename() is not locale safe.
• Revert "Issue #1367000 by chris.leversuch, oriol_e9g, David_Rothstein: Clean up API docs for php module."
• #800434 by pillarsdotnet, plach, bart.hanssens: Added drupal_mail(), allow hook_mail_alter() implementation to cancel mail.
• #1367000 by chris.leversuch, oriol_e9g, David_Rothstein: Clean up API docs for php module.
• #1309742 by rocket_nova, Albert Volkman: Add inline comment clarifying use of language_list() in system_date_format_save().
• #1160928 by catch, xjm: Add tests for node type/comment body upgrade path.
• #955848 by anrikun, Kars-T, catch, chx, casey, sun: Fixed When editing an existing node with a link, the link itself is listed in 'Parent item': menu_parent_options() needs some rewriting.
• #1214344 by wiifm, msonnabaum, oriol_e9g: Fixed 'misc/progress.js' is not being included when 'Aggregate JavaScript files' is used.
• #131737 by malc0mn, pillarsdotnet, scor, xjm, nvanhove, oriol_e9g, mrfelton, aspilicious, Pancho, v1nce, dhthwy: Fixed Ensure that the Return-Path is set when sending mail on both Windows and non-Windows systems.
• #1399334 by ArtistConk: Two small grammar fixes.
• #1391426 by yched: Fixed Wrong bundles in EntityFieldQueryTestCase.
• #1371938 by yched, Everett Zufelt, xjm, casey: Fixed hook_field_delete() no longer invoked during field_purge_data().
• #1384224 by philbar, Plazik, oriol_e9g: Fixed Resize Site Logo in Seven Theme Maintenance Pages.
• #1397890 by sun: Fixed DrupalWebTestCase::assertFieldByName() outputs bogus assertion message when no is passed.
• #1397882 by sun: Fixed system_theme_settings_submit() does not properly clean up submitted form values.
• #1181750 by Everett Zufelt, sun: Fixed Removal of 'Hidden' option in comment settings form may break programmatic form submissions.
• #1315886 by xjm, jhodgdon: Clean up API docs for includes directory, files starting with A-C.
• #1407028 by jhodgdon, arianek: Remove arianek from Maintainers.txt. We will miss you. :) Thanks for all of your awesome work! :D
• #1338110 by aaron.r.carlton, oriol_e9g: Fixed remove the protected variable () if it's not used in tracker.test.
• #1399896 by xjm: Fixed testCommentNewCommentsIndicator() is inside CommentHelperCase and therefore gets run repeatedly.
• #1398806 by kiamlaluno: Fixed The purpose of hook_search_page() is explained twice.
• #1336308 by kathyh, pjcdawkins, meshkinsoft: Fixed wrong usage of function t in system_menu().
• #1376164 by sun, oriol_e9g: Fixed Format SimpleTestFunctionalTest description according to standards.
• #1274212 by amateescu, c31ck: Fixed Incorrect order of choices in Poll module.
• #939880 by amateescu, marcingy: Fixed Poll Module throws PDOException when creating poll content.
• #1391384 by yched, oriol_e9g: Fixed Wrong static clear on taxonomy_vocabulary_save().
• #1376502 by TR, vitalsouto: Fixed Code cleanup: Removed empty PHP blocks from templates left over from git migration.
• #1387766 by dereine: Added Use fast drupal static pattern for locale.
• #1295546 by c31ck, marcingy, amateescu, xjm: Fixed Weight and number of votes not getting saved when updating a poll.
• #1344752 by pflame, aspilicious, JacobSingh: Fixed Drag and Drop of shortcuts between Enable and Disable Does not respect the Shortcuts Limit.
• #1367014 by chris.leversuch: Clean up API docs for toolbar module.
• #1227396 by chris.leversuch, jhodgdon: Document that hook_node_access() is not called on node listings.
• #987472 by damien_vancouver, OnkelTem: Fixed search.module doesn't consistently support multibyte characters.
• #1364528 by Everett Zufelt, catch: Add xjm as taxonomy module maintainer.
• Revert "Issue #1371484 by makara: Fixed Private properties in abstract class DrupalCacheArray."
• #1368872 by agentrickard, oriol_e9g: Clean up API docs for syslog.
• #1273104 by TwoD, Rob Loach, nburles, nod_: Remove eval() from field_ui().js.
• #1273722 by bfroehle: Fix FieldAttachTestCase::setUp() signature.
• follow-up #1007830 by Damien Tournoud, basic: Fixed Nested transactions throw exceptions when they got out of scope.
• #1359710 by xjm, pwolanin: Fixed taxonomy_menu() passes invalid arguments into taxonomy_form_term().
• #1380660 by aspilicious, loganfsmyth: Fixed field_available_languages() static cache never cleared.
• #1382144 by Chi: Rename variable in standard profile.
• #1387002 by Rob Loach, nburles: Fixed Bug in overlay-parent.js when minified.
• Revert "Issue #1039666 by Jelle_S: Fixed Placing a block in a region via select dropdown moves it to the top of the region, but it will show at the bottom."
• #1370060 by jvns, chris.leversuch: Add cross-references between taxonomy_vocabulary_load() and taxonomy_vocabulary_machine_name_load().
• #1379206 by c31ck, pingers: Fixed Documentation problem with hook_url_outbound_alter().
• #1386318 by barbi: Fixed hook_field_widget_info() should have a @see to other function.
• #1309278 by basic, Niklas Fiekas: Added Make PDO connection options configurable.
• #1347812 by nanotube, xjm: Fixed Remove/replace documentation references to upload_file_load() and upload_file_delete().
• #381994 by xjm, good_man, elcuco, brianV, yhager: Fixed Machine-name fields are always in Latin characters, and should therefore always be LTR.
• #1359326 by xjm: Fixed t() documentation does not clearly indicate that options are documented in format_string() docs.
• #1015916 by BTMash, jenlampton, theborg, Aron Novak, christefano, realityloop, xjm, Kevin Hankens: Fixed Image field 'title' allows more data than database column size.
• #1025582 by sun: Added Custom db_select() 'conditions' parameter for menu_build_tree().
• #1338428 by jbrown, BTMash, Tor Arne Thune: Fixed image_dimensions_scale() and image_scale_effect() are ungrokable and buggy.
• #629518 by jhodgdon, reglogge, jvns, oriol_e9g: Fixed hook_node_insert() and other node hooks have imprecise/misleading descriptions.
• #1039666 by Jelle_S: Fixed Placing a block in a region via select dropdown moves it to the top of the region, but it will show at the bottom.
• #1332636 by sven.lauer, xjm: Clean up API docs for contact module.
• #1323720 by xenophyle, xjm: Clean up API docs for block module.
• #1325116 by xenophyle, xjm: Clean up API docs for Aggregator module.
• #1326638 by sven.lauer, jhodgdon, xjm: Clean up API docs for field_ui() module.
• #1332580 by sven.lauer, xjm: Clean up API docs for color module.
• #1373634 by oriol_e9g, sun: Fixed Installation profile is not installed and not registered as module, unless identical to parent site.
• #1373194 by chris.leversuch: Fixed Field Attach API topic/group page should link to Field Language API page.
• #1371256 by ayelet_Cr, oriol_e9g: Document that QueryConditionInterface::condition() should not be used to add NULL conditions.
• #942782 by pillarsdotnet, xjm, becw, timhilliard, JohnAlbin, jrchamp, Tor Arne Thune, Damien Tournoud, jn2, James Andres, dstol, melon, colan: Fixed Custom menus never receive an active trail.
• #866292 by marcingy, ygerasimov, quicksketch, attiks, furamag: Fixed '0' not displayed as checkbox / radios options (nor as any element #title).
• #1345480 by chris.leversuch, rbayliss: Fixed node_load() does not document FALSE return value.
• #1362920 by scor, oriol_e9g: Wrong sitename variable in system.api.php.
• #1366232 by sun: Fixed drupalCreateUser() breaks if testing site/profile does not install Comment module.
• #678594 follow-up by mlncn: Add clarifying comment to RDFa markup for file/image formatters.
• #1366740 by patrickd: Fixed theme_progress_bar() should have more information about when to use function.
• #1319904 by rc_100, xjm, jhodgdon: Clean up API docs for help module.
• #1347890 by sven.lauer, xjm, jhogdon: Clean up API docs for file module.
• #1349610 by bartlantz, jhodgdon: Make the subtopics of Field API link back to it.
• #1050466 by xjm, makara, rhayun: Fixed The taxonomy index should be maintained in a node hook, not a field hook.
• #1371484 by makara: Fixed Private properties in abstract class DrupalCacheArray.
• #1375134 by xjm, sun: Fixed Random test failure in TaxonomyTermTestCase::testNodeTermCreationAndDeletion().
• #1240256 by lyricnz, Akaoni, jenspeter: Fixed file_unmanaged_copy() Fails with Drupal 7.7+ and safe_mode() or open_basedir().
• #1373360 by sun: fatal error if optional Block module is not enabled.
• #1258000 by chx, xjm, bfroehle: SelectQuery::countQuery() inappropriately removes SQL expressions.
• #1265946 by klausi, tstoeckler, dereine, aspilicious: DoS against core using a large number of OR search query terms.
• #1366804 by TR: 'End of foo group' on a couple of API pages due to not following standards.
• Merge branch '7.x' of git.drupal.org:project/drupal into 7.x
• #1146088 by lyricnz: label always visible for table formatter.
• Revert "Issue #813540 by jbrown, chx: Fixed Comparisons involving NULL must never return true."
• #1229868 by nicl, DjebbZ: hook_form_BASE_FORM_ID_alter(), hook_form_alter(), and hook_form_FORM_ID_alter() doc inconsistent.
• #479368 by Heine, Roger Saner, xjm, mcarbone, keichee, asimmonds: Fixed Create RFC compliant HTML safe JSON.
• #953336 by sun: Fixed Contributed modules are not able to test theme-related functionality.
• #1346760 by xjm: Fixed Drag and drop needs a scalable weight select element.
• #1212992 by catch, xjm, chx, beejeebus, BTMash, bfroehle: Fixed major bug - Prevent tests from deleting main installation's tables when parent::setUp() is not called.
• #1349610 by bartlantz: Added make the subtopics of Field API link back to it.
• #1356358 by BTMash: Fixed Unknown variable in generate-d7-content.sh causes PDOException.
• #673224 by rocket_nova, jhodgdon: Fixed None of the hooks in field.api.php are grouped as such.
• #1322278 by rocket_nova, jhodgdon: Fixed Documentation problem with theme -- doesn't link to theme functions list.
• #1167996 by rocket_nova, Sheldon Rampton: Fixed UPGRADE.txt needs to say all D6 contrib modules need to be upgraded to their latest D6 versions before the D6->D7 update.
• #813540 by jbrown, chx: Fixed Comparisons involving NULL must never return true.
• #1301522 by xjm, Rob Loach, David_Rothstein: Fixed field_ui_default_value_widget() does not pass along the entity type when it creates the default value form.
• #1366518 by chris.leversuch: 'Columns' is misspelled (()) in theme_field_ui_table().
• #1345152 by Zgear, chris.leversuch: field_create_field() and related functions have incorrect exception throwing docs.
• Back to 7.x-dev

Release notes

The twentyfifth maintenance release of the Drupal 6 series. Only bugfixes have been committed. No security fixes are included in this release. New features are only being added to the forthcoming Drupal 8.0 release.

Drupal 6.25 builds on top of Drupal 6.24 and includes all the previous bugfixes and security improvements The complete list of changes committed since Drupal 6.24 are as follows:

• Rollback for issue #12274 given that it does not consider email domain names with hyphens valid after the first component of the domain name.
• #1425868 by ELC, lort, greg.harvey, David_Rothstein: Fixed duplicate entry of theme primary key in system table on Drupal 6.24 when updating using drush.
• #1425260 by mgifford: Fixed 'Call to undefined function locale_inc_callback()' during 6.22 -> 6.24 upgrade if locale module was previously enabled but is not currently enabled.

Release notes

The twentysixth maintenance release of the Drupal 6 series. Only bugfixes have been committed. No security fixes are included in this release. New features are only being added to the forthcoming Drupal 8.0 release.

Drupal 6.26 builds on top of Drupal 6.25 and includes all the previous bugfixes and security improvements. The complete list of changes committed since Drupal 6.25 are as follows:

• #1145700 by jbrown, mr.baileys, joachim: harden link display on dblogoverview screen in case the link might be dependent on user input with any contrib module
• #183435 by TR, gregmac: make drupal_http_request() more tolerant of faulty newlines in the response headers
• #341588 by voxpelli, mikl, Albert Volkman, dawehner: use the right JSON MIME type in drupal_json()
• #1352272 by Albert Volkman, sven.lauer, LSU_JBob: fix phpdoc for system_settings_overview()
• #260934 by catch, ShawnClark, Jody Lynn, Island Usurper, joshmiller, anrikun, roychri, pdrake, Dave Cohen, sun, plach, bjaspan: When drupal_execute()ing multiple forms with same form_id in a page request, only the first one was validated.
• #784864 by Niklas Fiekas, kbgordon7, rdrh555, lisarex: Link in update.php instructions was pointing to an outdated handbook page. Update it.
• #655048 by Gábor Hojtsy, gumanist, intuited, Albert Volkman: Plural formula information was blanked when importing a poorly-formed .po file.
• #751578 by xamanu, sanduhrs, Gábor Hojtsy: OpenID realm should not be language dependent.
• #800968 by JacobSingh, ksenzee, Big Z: Tabledrag.js should not use for...in to iterate over an array.
• #1446372 by Heine, bserem, champlin: Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails with PCRE 8.30.
• #736556 by Albert Volkman, daniels220, jeckman: Improve theme_links() documentation.
• #300279 by achton, pillarsdotnet, unknownguy: Improve db_query_temporary() documentation to apply even if persistent database connections are used.
• #1441852 by chris.leversuch, cafuego: Better return value documentation for db_query().
• #1436074 by Pat Redmond, tstoeckler, fureigh: Minor documentation fix in the batch_set() docs.
• #1432708 by scorchio, mkalkbrenner: Expand drupal_goto() documentation for query argument.
• #1416212 by pontus_nilsson, ibot: Documentation cleanup for _user_mail_notify().
• #1421330 by Albert Volkman, heyrocker: Crosslink cache_set() and cache_get() documentation with @see.

Release notes

Maintenance and security release of the Drupal 7 series. Only fixes for security vulnerabilities have been committed. New features are only being added to the forthcoming Drupal 8.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-002 - Drupal core - Multiple vulnerabilities

No other fixes are included. For additional bugfixes, see Drupal 7.14 released alongside Drupal 7.13.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes only (no new functionality), plus the security fixes from Drupal 7.13 which was released alongside Drupal 7.14.

Major changes since 7.13:

- Fixed "integrity constraint" fatal errors when rebuilding registry.
- Fixed custom logo and favicon functionality referencing incorrect paths.
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
- Split field_bundle_settings out per bundle.
- Improve UX for machine names for fields (UI change).
- Fixed User pictures are not removed properly.
- Fixed HTTPS sessions not working in all cases.
- Fixed Regression: Required radios throw illegal choice error when none selected.
- Fixed allow autocompletion requests to include slashes.
- Eliminate $user->cache and {session}.cache in favor of $_SESSION['cache_expiration'][$bin] (Performance).
- Fixed focus jumps to tab when pressing enter on a form element within tab.
- Fixed race condition in locale() - duplicates in {locales_source}.
- Fixed Missing "Default image" per field instance.
- Quit clobbering people's work when they click the filter tips link
- Form API #states: Fix conditionals to allow OR and XOR constructions.
- Fixed Focus jumps to tab when pressing enter on a form element within tab. (Accessibility)
- Improved performance of node_access queries.
- Fixed Fieldsets inside vertical tabs have no title and can't be collapsed.
- Reduce size of cache_menu table (Performance).
- Fixed unnecessary aggregation of CSS/JS (Performance).
- Fixed taxonomy_autocomplete() produces SQL error for nonexistent field.
- Fixed HTML filter is not run first by default, despite default weight.
- Fixed Overlay does not work with prefixed URL paths.
- Better debug info for field errors (string change).
- Fixed Data corruption in comment IDs (results in broken threading on PostgreSQL).
- Fixed machine name not editable if every character is replaced.
- Fixed user picture not appearing in comment preview (Markup change).
- Added optional vid argument for taxonomy_get_term_by_name().
- Fixed Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails with PCRE 8.30.
- Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
- Numerous fixes to run-tests.sh.
- Fixed Tests in profiles/[name]/modules cannot be run and cannot use a different profile for running tests.
- Numerous JavaScript performance fixes.
- Numerous documentation fixes.
- Fixed All pager links have an 'active' CSS class.
- Numerous upgrade path fixes; notably:
- system_update_7061() fails on inserting files with same name but different case.
- system_update_7061() converts filepaths too aggressively.
- Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.

All changes since 7.13:

• #1376166 by sun, xjm, tim.plunkett: Fixed Custom logo and favicon functionality inanely tries to support absolute local file paths.
• #1542674 by bas.hr, tim.plunkett, damiankloip: Fixed Wrong count assertion in taxonomy.test.
• #1477110 by msonnabaum, tim.plunkett: Fixed php path detection in run-tests.sh.
• #1459164 by Kevin Morse, droplet: Use test() to match string for BOOL comparison .
• #285232 by ralessi, sun, catch: Add 'please select' item to required select list item.
• #1262592 by jmarkel, pingers, marcingy: Fixed numeric names fail image creation.
• #1540072 by mstrelan, xjm: Use American spelling for 'behavior'.
• #1039666 by Jelle_S, droplet, Kevin Morse, nod_: Fixed Placing a block in a region via select dropdown moves it to the top of the region, but it will show at the bottom.
• #1491542 by rdickert, c960657, hosef: Fixed testHavingCountQuery() fails on pgsql and sqlite.
• #312458 by rdickert, Heine, sun: Fixed HTML filter is not run first by default, despite default weight.
• #277200 by andypost, Damien Tournoud: Add tests for vocabulary hierarchy.
• #1404380 by msonnabaum, xjm, mjpa: Fixed Unnecessary aggregation of CSS/JS.
• #1213536 by David_Rothstein, tim.plunkett, sun, effulgentsia, Yorirou, xjm: Fixed Non-resettable theme_get_registry() cache causes problems for non-interactive installations.
• #751168 by elliotttf, caktux, andyceo, setvik, xjm, sun, tim.plunkett: Fixed Regression: Missing 'Default image' per field instance.
• #787652 by andypost, larowlan: Fixed Forum vocabulary alterations possibly obsolete -- possible to delete forum vocab.
• #261148 follow-up by mikeytown2, chx: Fixed menu_masks() variable is empty (race condition).
• #1349722 by kgoel, Everett Zufelt, xjm: Fixed Who's new & Who's online blocks have empty headings.
• #598586 by grendzy, deekayen, matglas86, dawehner, Zgear: Fixed watchdog() assumes is defined.
• #1372122 by klausi, sun, beejeebus, juampy, mradcliffe, tim.plunkett, cha0s: Fixed STOP the registry integrity constraint violation nightmare.
• #1172560 by bas.hr, bellesmanieres, NROTC_Webmaster, tim.plunkett: Fixed The block X was assigned to the invalid region Y and has been disabled.
• #988930 by davidwhthomas, jyve, tim.plunkett, nod_, effulgentsia, droplet, patrickd: Fixed Sticky table headers need to react properly to 'show/hide weights column' link.
• #1348758 by drewish, tim.plunkett: Fixed Add an index to {users}.picture so user_file_delete() isn't insanely slow.
• #1527988 by Niklas Fiekas: Fixed Missing or legacy number validation.
• #1490150 by xjm, duellj, tim.plunkett: Fixed EntityFieldQuery::pager(0) generates PHP error 'divide by zero'.
• #1058754 by Yaron Tal, kathyh, naxoc, xjm, tim.plunkett: Fixed Attempt to loop through undefined result set in aggregator.
• #1481156 by lucascaro, npiacentine: Fixed Incorrect logic in creating url to fetch information about project updates.
• #1484216 by catch, Berdir, beejeebus, tim.plunkett: Fixed Race condition in _update_create_fetch_task() (PDO Exceptions).
• #720630 by tim.plunkett, kid_icarus, tsphethean: Fix up docs for watchdog, hook_watchdog, and watchdog constants
• #1509838 by tim.plunkett, cosmicdreams klausi: Use elseif not else if
• #1492188 by Berdir, catch: Fixed Update module creates duplicate queue items.
• #966210 by mfb, catch, drumm, bfroehle, drewish, makara, sun, BTMash, iamEAP: Fixed DB Case Sensitivity: system_update_7061() fails on inserting files with same name but different case.
• #1536160 by drumm: Make update_fix_d7_block_deltas() faster.
• #1542854 by drumm, BTMash: Fixed system_update_7061() converts filepaths too aggressively.
• #1541792 follow-up by chx, Berdir, xjm: Fix for random test values occasionally failing.
• #1541792 follow-up by chx: Fix random test failures.
• Unbreaking testbot.
• #1541792 by tim.plunkett, chx, Amitaibu: Enable dynamic allowed list values function with additional context
• #1538182 by infiniteluke: update variable_get doc to say it handles unserializing
• #1237252 by mfb, bfroehle, drewish, Berdir, iamEAP, drumm: Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
• #1537888 by wulff: Fix typo in EntityFieldQuery docs
• #1537370 by Liam Morland: Improve documentation of return value for file_load()
• #1533498 by jmarkel: Fix see doc issue and clean up doc in hook_field_widget_form_alter
• #1346468 by kgoel, mallezie, rootwork: Point docs for page.tpl.php towards html.tpl.php
• #735528 follow-up by attiks: Do not backport span -> attr change.
• #1513520: And NOW with the actual fix, not just the failing test. Sigh. :P
• #1211008 by yched, tim.plunkett, DamienMcKenna: Split field_bundle_settings() out per bundle.
• #1516030 by valthebald, rdickert: Fixed Change parenthesis in menu_link_save() to express intended order of operations.
• #1421410 by andypost, Niklas Fiekas: Fixed not defined in form_pre_render_conditional_form_element().
• #1015946 by pillarsdotnet, catch, bfroehle, Jej, jose.guevara, Damien Tournoud: Fixed Eliminate ->cache and {session}.cache in favor of ['cache_expiration()'][].
• #918356 by David_Rothstein, franz, tekante, dstol, mikestefff: Fixed WSOD when drupal_get_title() called during hook_init() and custom 403 or 404 pages are being used.
• #1171866 by sun, catch, Alan Evans, bvirtual, frob, btmash: Fixed Enforced fetching of fields/columns in lowercase breaks third-party integration.
• #1513520 by pdrake, plach: Fixed locale_language_from_browser() incorrectly matches invalid strings.
• #1516934 by jmarkel: Fix up docs for batch_set()
• #1452070 by kgoel: Remove comment left over from Drupal 5 in menu_block_info()
• #1355682 by Zgear, chertzog: API docs cleanup for Path module
• #1280792 follow-up BTMash, irunflower, Zgear: Fixed Trigger upgrade path: Node triggers removed when upgrading to 7-dev from 6.25.
• #1504226 by kim.pepper: Add detail to return value docs of taxonomy_vocabulary_get_names
• #1327484 by nmudgal, oriol_e9g, xenophyle: Clean up API docs for book module
• #1509796 by markdorison: Fix docs for a test method in user.test
• #1440834 by nmudgal: Add clarity and information to docs for hook_field_delete/update/insert
• #1508956 by lsenzee: Fixed unclear description for drupal_parse_url().
• #1500160 by jmarkel, tstoeckler: Fix up docs for hook_block_info
• #1400310 by nod_, sun, m.stenta: Fixed Use of .parents() is really .closest().
• #41595 follow-up by BTMash, scor: Fixed pager tests so they now work from Drupal sub-directory installs.
• #960056 by catch, mikeytown2, pmitchell, cedarm: Fixed trigger_get_assigned_actions() has no static cache.
• #1398740 by TravisCarden: Fixed Typo in status message: 'The %style has been revert to its defaults.'.
• #1250800 by attiks, Jelle_S, dawehner, xjm, G√°bor Hojtsy: Fixed Language domain should work regardless of ports or protocols.
• #1221276 by gumanist, fietserwin, G√°bor Hojtsy, sun, kalman.hosszu: Fixed locale_get_plural() only works for a single language within a request and does not work for English.
• #1280792 by xjm, julien, BTMash, pingers, AntoineSolutions, tim.plunkett, Niklas Fiekas: Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
• #1187550 by franz, boombatower, mlncn: .profile files do not have to be listed in profile .info files.
• #1338282 by Damien Tournoud, zymsys, JamesOakley, pillarsdotnet, chx: Fixed php notice in menu_link_save().
• #1483662 by rdickert, Psikik: Update URLs for drupal.org module help pages
• Revert "Issue #1475666 by filijonka, Niklas Fiekas, Devin Carlson, Kevin Morse, tstoeckler: Fixed PHP error because of typo in form.inc line 3025."
• #1335388 by wojtha: Fixed Warning: strpos(): Empty delimiter in search_simplify_excerpt_match().
• #1378092 by oriol_e9g, wedge, beejeebus: Fixed User pictures are not removed properly.
• #687586 by oriol_e9g, Mike Wacker, agentrickard: Fixed Remove access check from user_register_submit().
• #1009832 by edb, chertzog, rjgoldsborough: Added menu name to breadcrumb on List Links page.
• #1164812 by Niklas Fiekas, tim.plunkett, xjm: Improve UX for machine names for fields.
• #1357072 by dkingofpa: Fixed Call to undefined function _update_7000_field_read_fields() in image.install during upgrade.
• #1497262 by chx, BTMash: Add btmash as the db update maintainer.
• #1395974 by webbykat, Michelle, rdrh555: Clarify field_purge_batch() documentation.
• #1350892 by nit3ch: Fix doc for type arg of node_type_form
• #1182296 by BTMash, timplunkett: Fix tests for site name in database upgrade tests, which were causing random 7.x is broken test failures
• #1479572 by chertzog: Fixed update_fix_d7_install_profile().
• #1050746 by grendzy, xjm, Everett Zufelt: Fixed HTTPS sessions not working in all cases.
• #1475666 by filijonka, Niklas Fiekas, Devin Carlson, Kevin Morse, tstoeckler: Fixed PHP error because of typo in form.inc line 3025.
• #1471418 by nmudgal: Add note to hook_custom_theme docs about page caching
• #1491248 by bowersox: Change Accessibility maintainer name
• #1368872 by kid_icarus: A bit more API cleanup for syslog module
• #1485810 by nmudgal: Clarify wording for salt variable docs in default.settings.php
• #1483664 by nmudgal, chertzog: Fix hook_user_presave example so it actually would work
• #1488414 by nmudgal, chertzog: Add comment to user_schema to explain why table name is plural in spite of our usual standards
• #1488668 by chertzog: Add checked property to docs of theme_checkbox
• #1480570 by Gaelan: Make default clear in drupal_add_css() args doc
• #41595 by pillarsdotnet, sun, m3avrck, oadaeh, yched, musicnode | Wesley Tanaka: Fixed All pager links have an 'active' CSS class.
• #655048 by G√°bor Hojtsy, gumanist, intuited: Fixed Plural formula information blanked when importing a poorly-formed .po file.
• #1282156 by karschsp, kika: Convert IP-blocking table to 'Empty table pattern'.
• #1431632 by NROTC_Webmaster: Clean up API docs for translation module
• #1472614 by filijonka: Fix return value docs for hook_node_update_index()
• #1199774 by nod_, droplet, xjm, ryanissamson: Fixed toolbar layout error in IE.
• #93854 by pillarsdotnet, Steven Jones, Dave Reid, ericduran, xjm, das-peter, e2thex, axel.rutz, mstrelan, mikestefff | moonray: Fixed Allow autocompletion requests to include slashes.
• #811542 by bojanz, sun, mlncn, chx, pillarsdotnet, loganfsmyth, xjm: Fixed Regression: Required radios throw illegal choice error when none selected.
• Revert "Issue #1089040 by Remon, mlncn: Added Cache rdf_get_namespaces() using drupal_static(). Don't add caches unless there's a demonstrated performance degradation.""
• #1317620 by xjm, Albert Volkman: Fix up API docs for includes directory files d-g
• #1245332 by Dave Reid, rfay, willvincent: Fixed Warning when all bundles removed from an entity.
• #1361218 by Owen Barton, Kevin Morse, Everett Zufelt: Fixed Focus jumps to tab when pressing enter on a form element within tab.
• #1476812 by droplet: Fixed hooks file_field_delete_file() takes only 2 arguments.
• #1411114 by Albert Volkman, sun: Fixed drupal_valid_test_ua() is not statically cached on non-positive match.
• #1089040 by Remon, mlncn: Added Cache rdf_get_namespaces() using drupal_static().
• #1388496 by barraponto: Fixed Default field.tpl.php prints a clearfix class theme_field() doesn't.
• #1472350 by John Morahan, greggles: Make 'translate interface' restricted after DRUPAL-PSA-2012-001 - localizations - Cross Site Scripting.
• #1476776 by droplet: drupal_var_export() is a concatination to undefined variable .
• #1391118 by sven.lauer: Clean up Field API topics docs
• #1436406 by scorchio, kid_icarus: Fix list formatting in Field API topic docs
• #1431076 by c960657, nod_, purencool, Nor4a: Fixed Overlay does not work with prefixed URL paths .
• #1414412 by Damien Tournoud, pillarsdotnet, droplet, MrHaroldA: Fixed Skip #conjunction key in __clone() method of core/includes/database/query.inc.
• #1470080 by G√°bor Hojtsy: Move docs for hooks that are not locale.module specific to a modules/system file
• #746240 by c960657, G√°bor Hojtsy: Fixed Race condition in locale() - duplicates in {locales_source()}.
• #681760 by agentrickard, Josh Waihi, Niklas Fiekas, catch, xjm, NaX, chx, pwolanin, garywiz: Fixed Try to improve performance and eliminate duplicates caused by node_access() table joins.
• #1469758 by chertzog: Fix typo in sample hook_node_grants_alter function
• #1355362 by bartlantz: Clean up API docs for the install profiles
• #1444650 by damiankloip: Make documentation of theme_image_style clearer
• #1462062 by chertzog, xjm: Fix language in code comment
• #1458796 by damiankloip: Make Field API docs say they are about Field API
• #97327 by PMunn, NROTC_Webmaster, xjm, maartenvg, killes@www.drop.org, gdavid, Zed Pobre: Fixed Data corruption in comment IDs (results in broken threading on PostgreSQL).
• #1064954 by xjm, Dave Reid, becw: Fixed _node_revision_access() static usage.
• #1369332 by Damien Tournoud, basic, sun: Fixed Avoid deadlock issues on the {node} table.
• #1058564 by Niklas Fiekas, droplet, grendzy, dixon_, naxoc: Fixed User picture does not appear in comment preview.
• Revert "Issue #1058564 by Niklas Fiekas, droplet, grendzy, dixon_, naxoc: Fixed User picture does not appear in comment preview."
• #1264728 by yched, Albert Volkman: Refresh field 'active' state in module_enable() / _disable().
• #917490 by pounard, msonnabaum: Performance patch for block_list() (D6) and _block_render_blocks() (D7) functions.
• #1393604 by tedbow, Niklas Fiekas: Fixed path_form_element_validate() does not send correct parameter to form_set_error().
• #336697 by oriol_e9g, xjm, jbomb, Davy Van Den Bremt, coltrane, lyricnz: Added Optional vocabulary argument for taxonomy_get_term_by_name().
• #1347134 by c31ck, amateescu, Shyamala, DamienMcKenna: Fixed 'View voting results' permission is misleading.
• #1314384 by Pol, G√°bor Hojtsy, oriol_e9g, plach: Added Remember the provider that selected the language for later use.
• #1058564 by Niklas Fiekas, droplet, grendzy, dixon_, naxoc: Fixed User picture does not appear in comment preview.
• #687180 by Island Usurper, catch, Berdir, Damien Tournoud, xjm, anthbel: Fixed Deleting a taxonomy vocabulary leaves term reference fields still pointing to it, and a PDO Exception when creating content.
• #1315214 by NROTC_Webmaster, kathyh, aenw: Clean up API docs and comments in the Tracker module code
• #1451032 by NROTC_Webmaster: Add note to schema docs about varchar columns needing to have length specified
• #814804 by JacobSingh, ksenzee, xjm, draenen, paul.lovvik, David_Rothstein, G√°bor Hojtsy, Yorirou: Fixed taxonomy_autocomplete() produces SQL error for nonexistent field.
• Revert "Issue #1074672 by claudiu.cristea, mikewink: Added Allow language select to be rearranged inside node form."
• #1446366 by xjm: Multiple web test classes mislabeled as unit tests.
• #1401496 by bleen18, Albert Volkman: Fixed forum_taxonomy_term_delete() completely broken (takes instead of entity).
• #1334344 by jessebeach, mikestefff, Devin Carlson: Fixed During update, Bartik throws an error that () is not defined.
• #998590 by das-peter: Fixed Prevent double CDATA section escaping in filter_dom_serialize_escape_cdata_element() to avoid warnings.
• #1015798 by oriol_e9g, Mohammed J. Razem, dimitriseng, xjm, mstrelan, drunken monkey: Fixed Fieldsets inside vertical tabs have no title and can't be collapsed.
• #673020 by Zolt√°n Balogh, attiks, mgifford, G√°bor Hojtsy, e2thex, good_man, kalman.hosszu | Fleshgrinder: Fixed Tests for adding the Content-Language HTTP header to the generated page.
• Oops. And now with missing test. :D
• #1425280 by Niklas Fiekas, swentel: Fixed No contextual links in node lists after a node without contextual links.
• #1366854 by quicksketch: Added Pass #size attribute to the child upload field in the managed_file() element.
• #998256 by justafish, Albert Volkman, Dave Reid, no_commit_credit: Please let modules know about the original URL alias in hook_path_update().
• #1267918 by Niklas Fiekas, darrellulm: Fixed User signature does not appear in comment preview.
• #1420056 by droplet, nod_: Fixed moving shortcut local var.
• #1074672 by claudiu.cristea, mikewink: Added Allow language select to be rearranged inside node form.
• #1294264 by budda, davidwhthomas: FieldUpdateForbiddenException: Cannot update a list field - better debug info.
• #1329586 by Rob Loach, tim.plunkett, jthorson: Theme_image_formatter() should pass along attributes.
• #1068016 by franz, Niklas Fiekas, karschsp, BartVB, catch | jpincas: Fixed number field validation fails to block some invalid input causing later SQL fatal error.
• #911354 by adrian, boombatower, jhedstrom, sun, yhahn, langworthy, dixon_, jrbeeman: Fixed Tests in profiles/[name]/modules cannot be run and cannot use a different profile for running tests.
• #735528 by nod_, redndahead, kkaefer, agentrickard, peterpoe, Rob Loach, xjm, sun: FAPI #states: Fix conditionals to allow OR and XOR constructions.
• #967166 by effulgentsia, Cottser, no_commit_credit, KrisBulman: Fixed Content rendered via AJAX does not respect stylesheets removed in .info files.
• #87994 by Rob Loach, Jody Lynn, sun, dropcube, gordon, David_Rothstein, moshe weitzman, aspilicious, quicksketch | piersonr: Fixed Quit clobbering people's work when they click the filter tips link.
• #684310 by yched, lyricnz, ksenzee, Niklas Fiekas: Fixed When adding existing field 'Label' is cleared when exiting field.
• #404116 by c31ck, amateescu, neclimdul: Fixed Provide default choices on poll translations.
• #872488 by acouch, Albert Volkman, mfb, musicnode, no_commit_credit: Regression: no way to get taxonomy tags into RSS feeds.
• #666854 by TR, JacobSingh: Fixed E_NOTICE warnings in run_tests().sh .
• #404302 by KrisBulman, kathyh, JamesAn, droplet, sun: Fixed Improve tabledrag grippie CSS (and fix an IE7 alignment issue).
• #1065626 by Heine, droplet, xjm, jibran: Fixed Machine name not editable if every character is replaced.
• Merge branch '7.x' of git.drupal.org:project/drupal into 7.x
• #1430300 by mradcliffe, xjm, effulgentsia, NROTC_Webmaster: Fixed Preprocess functions in an include file fail to get called when the theme implements a suggestion override.
• #1446372 by Heine, bserem, champlin: Fixed Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails with PCRE 8.30.
• #1441126 by Haza, Devin Carlson: Fix @see entries in two function doc headers
• #1313762 by fago, sun: Add fago as Entity system maintainer.
• #1456480 by amateescu: Add amateescu as a Poll maintainer.
• #1352272 by sven.lauer, Albert Volkman: Fix docs for deprecated, unused system_settings_overview() function
• #1291458 by arithmetric: Remove mention of short-lived PHP bug from Database class docs
• #1427098 by chris.leversuch: Updated return value docs for EntityFieldQuery::execute
• #1300298 by askibinski: empty tokens don't get replaced in welcome emails.
• #1446988 by Dave Reid: Reassign maintainer of statistics module to Tim Millwood.
• #1260752 by andypost: Fixed _locale_languages_common_controls() maxlength to conform schema.
• #1408636 by swentel, c31ck: Fixed Fatal error: [] operator not supported for strings in includes/common.inc on line 2320.
• #1447040 by nod_: Application for being javascript maintainer.
• #1431452 by webflo, larowlan: Tests for 'status' in where clause is ambiguous.
• #1444160 by Niklas Fiekas: Drupal.behaviors.dateTime needs a clean-up.
• #1436074 by Pat Redmond: documentation problem with batch_set(): change 'his' to 'its'.
• #1426150 by kafitz: Fixed hook_menu() example function to match 8.x version
• #1287368 by TwoD, valthebald, sun, xjm: Fixed Drupal.settings.ajaxPageState.css gets overwritten.
• #1426698 by droplet: Fixed book.js: fix vertical tabs summary & clean up.
• #1332658 by sven.lauer, David_Rothstein, xjm, Albert Volkman: Clean up API docs for dashboard module.
• #1428538 by Albert Volkman, nod_: Use jQuery toggle.
• #1393234 by dww, Niklas Fiekas: Fixed API docs for field_access() are confusing.
• #1414824 by nod_: Fixed Leaking vars in tabledrag.js.
• #1319420 by nod_: Fixed multiple execution of tableselect.js with nested tables.
• #838800 by kotnik, Damien Tournoud, jromine: Improve random number generation.
• #1346914 by droplet: Use .length instead of jQuery.size().
• #1379126 by chris.leversuch, Albert Volkman, jhodgdon: Clean up API docs for trigger.module.
• #1316866 by nicl, Niklas Fiekas: User_forms() is now redundant.
• #1320028 by isay, Albert Volkman: Fixed bartik style-rtl.css have not overide text align to rigth for tr td, tr th tags.
• #1429176 by Chi: Fixed Documentation for garland_breadcrumb() is out of date.
• #1280792 by xjm, julien, BTMash, pingers: Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
• #1393846 by tedbow, Albert Volkman: Fixed path_form_element_validate() executes unnecessary db_select() query when only space given for URL Alias.
• #1347836 by LSU_JBob, Albert Volkman, linclark: Comment cleanup in common.test.
• #1234830 by beejeebus, oriol_e9g, schildi: Fixed cache_menu(): huge table size.
• #1189834 by aspilicious, chrispomeroy, Albert Volkman: Add language direction to book-export-html.tpl.php
• #1013034 by ncl: Fixed PostgreSQL constraints do not get renamed by db_rename_table().
• #1431918 by Liam Morland: user_multiple_role_edit() doc needs more detail.
• #1068016 by franz, karschsp, BartVB, Niklas Fiekas: fixed number field validation fails to block some invalid input causing later SQL fatal error.
• #1428498 by linclark: Docblock syntax error for taxonomy_select_nodes().
• #1159258 by Deciphered: fixed image_file_move() flushes new URI not source URI.
• #598414 by Tor Arne Thune, Dave Reid: Fixed Links in the update results page lead to 403s.
• #1417754 by mkadin: hook_menu() docs need to explain that options don't work for tabs.
• #1423510 by oriol_e9g: undefined var in prepareInstallDirectory.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

Besides documentation fixes, no changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Known issues:

• [#1708722]: Call to undefined function drupal_find_base_themes() in drupal-7.15/includes/module.inc on line 184:

  Under rare circumstances, upgrading to Drupal 7.15 may cause sites to experience a fatal error. This occurs for sites which have sub-themes in their filesystem and modules installed that perform unusual actions early in Drupal's bootstrap process (example: the Environment module). The Registry Rebuild script is also affected, although the latest development version is not. The root cause of the bug has been fixed in the 7.x-dev version of Drupal core, and a patch for Drupal 7.15 is available in the above-mentioned issue.

Major changes since 7.14:

• Introduced a 'user_password_reset_timeout' variable to allow the 24-hour expiration for user password reset links to be adjusted (API addition).
• Fixed database errors due to ambiguous column names that occurred when EntityFieldQuery was used in certain situations.
• Changed the drupal_array_get_nested_value() function to return a reference (API addition).
• Changed the System module's hook_block_info() implementation to assign the "Main page content" and "System help" blocks to appropriate regions by default and prevent error messages on the block administration page (data structure change).
• Fixed regression: Non-node entities couldn't be accessed with EntityFieldQuery.
• Fixed regression: Optional radio buttons with an empty, non-NULL default value led to an illegal choice error when none were selected.
• Reorganized the testing framework to split setUp() into specific sub-methods and fix several regressions in the process.
• Fixed bug which made it impossible to search for strings that have not been translated into a particular language.
• Renamed the "Field" column on the Manage Fields screen to "Field type", since the former was confusing and inaccurate (UI change).
• Performance improvement: Removed needless call to system_rebuild_module_data() in field_sync_field_status(), greatly speeding up bulk module enable/disable.
• Fixed bug which prevented notifications from being sent when core, module, and theme updates are available.
• Fixed bug which prevented sub-themes from inheriting the default values of theme settings defined by the base theme.
• Fixed bug which prevented the jQuery UI Datepicker from being localized.
• Made Ajax alert dialogs respect error reporting settings.
• Fixed bug which prevented image styles from being deleted on PHP 5.4.
• Fixed bug: Language detection by domain only worked on port 80.
• Fixed regression: The first plural index on a page was not calculated correctly.
• Introduced generic entity language support. Entities may now declare their language property in hook_entity_info(), and modules working with entities may access the language using entity_language() (API change: http://drupal.org/node/1626346).
• Added EntityFieldQuery support for taxonomy bundles.
• Fixed issue where field form structure was incomplete if field_access() returned FALSE. Instead of being incomplete, the form structure now has #access set to FALSE and field form validation is skipped (data structure change: http://drupal.org/node/1663020).
• Fixed data loss issue due to field_has_data() returning inconsistent results. The fix adds an optional DANGEROUS_ACCESS_CHECK_OPT_OUT tag to entity field queries which field storage engines can respond to (API addition: http://drupal.org/node/1597378).
• Fixed notice: Undefined index: default_image in image_field_prepare_view()
• Numerous API documentation improvements.
• Additional automated test coverage.

All changes since 7.14:

• #1706788 by David_Rothstein | aturetta: Rolled back issue #1613554 by removing the contents of system_update_7074 for now, since it fails on PostgreSQL.
• #1673380 by marcin.wosinek: Fix docs for drupal_sort_weight function
• #1705042 by aspilicious: Fix typo in form_load_include docs
• #246029 by zserno, rjgoldsborough, blisteringherb, rfay, Alan Evans, kgoel | izmeez: Added Use a variable for the timeout/expiration of user password reset links.
• #1511656 by alberto56, afeijo: Make core/modules/simpletest/files/README.txt grammatically correct.
• #1399168 by Akaoni: Fixed authorize.php doesn't respect custom session handlers.
• #1659000 by sun: Fixed $form_id is not recorded/provided in $form_state['build_info'].
• #1325628 by damien_vancouver, xjm, Damien Tournoud, TravisCarden | jbova: Fixed EntityFieldQuery::propertyQuery missing fully qualified column names causes ambiguous column DB error.
• #1613554 by drumm, BTMash: Fixed Update menu link queries from 6's strings (followup to avoid use of API functions during updates).
• #1672764 by iflista, xjm, tim.plunkett: Improve documentation of randomString() and randomName().
• #1599618 by droplet, yurtboy, Albert Volkman: Fixed Remove duplicate array keys.
• #1631164 by Aron Novak, Mithrandir: Fixed Autocomplete fires on readonly fields.
• #1507954 by nod_, boombatower | silinor: Fixed Global selector in states.js breaks some scripts.
• #635046 by claudiu.cristea, sun, fago: Fixed form_state_values_clean() is polluting form values.
• #1373312 by sun: Assign system_main() block to 'content' region and help block to 'help' region by default.
• #1571104 by BTMash, Dave.Ingram, mradcliffe, Damien Tournoud, sun, lliss, tim.plunkett | lkiss80: Fixed Can't access non-node entities with EntityFieldQuery.
• #811542 by David_Rothstein, attiks, thekevinday, effulgentsia, chx: Fixed Regression: Optional radio buttons with an empty, non-NULL default value led to an illegal choice error when none were selected.
• #1541958 by sun, effulgentsia, David_Rothstein, alexpott, tim.plunkett, Berdir: Split setUp() into specific sub-methods to fix testing framework regressions.
• #1700464 by sgtsaughter: Remove invalid see reference in forums.tpl.php
• #1697750 by TravisCarden: Improve documentation of drupal_set_message function
• #1689426 by mjonesdinero, ronan.orb: Fix return value docs for taxonomy_term_load function
• #1663606 by sukotto100: Document what list_themes function actually returns
• #1683836 by mjonesdinero, lyricnz: Fix database topic sample code so it is consistent
• #1689394 by mjonesdinero, foobar3000: More complete documentation of field_info_field return value
• #1357138 by tim.plunkett, jstoller, xenophyle: Fix up API docs for Forum module
• #1681456 by mjonesdinero: Move hook_field_widget_properties_alter to correct group
• #1615312 by dsdeiz, David_Rothstein: Make sure all D7 to D7 updates are listed in the updates-7.x-extra group
• #1679584 by dsdeiz: Fixed DrupalGet typo...
• Roll back issue #1400256 ($info['fields'] not always set). It was causing SimpleTest memory problems.
• #1012018 by Albert Volkman, mjonesdinero, yashadev, amateescu, axyjo: Fix dates in copyright list and make sure all third-party code is included
• #1664070 by tim.plunkett, mjonesdinero: Add documentation to node_add_page function
• #1560028 by bleen18, sun, thehong: Remove all calls to rand() from tests.
• #1664528 by Carl Johan: Fixed It's impossible to search for 'Strings not translated to language ...'.
• #1525138 by twistor, Georgique: Fixed Illegal string offset 'field' in function TaxonomyTermController->buildQuery().
• #1306424 by tim.plunkett, ankur, sun: Fixed URL path /admin/structure/trigger causes error.
• #1400256 by MiSc, vlkff, populist: Fixed ['fields'], not always set?.
• #1637480 by Wim Leers: Fixed Bartik's taxonomy term reference field theme override does not render the field attributes.
• #1613554 by drumm, BTMash: Fixed Update menu link queries from 6's strings.
• #985642 by Berdir, Damien Tournoud, kiamlaluno, yched: Remove file_attach_load() from file_field_update().
• #1399302 by droplet: Fixed Rename Field UI's 'Field' column to 'Field Type'.
• #1263040 by catch, akamaus, luk.stoops: Fixed No notifications sent when updates are available.
• #1662950 by bxtaylor, chx, mjonesdinero: Add note to EntityFieldQuery methods that exclude rows where fields are empty
• #1617006 by ben.kyriakou: Add note to drupal_write_record docs saying not to use in update functions
• #1599306 by bojanz, exratione: Fixed field_sync_field_status() needlessly rebuilds module data, slows down installation dramatically.
• #1653400 by droplet: Fixed No 'padding: none'.
• #1470836 by greggles, tim.plunkett: Make moshe, agentrickard and xjm maintainers of node access system.
• #761608 by JohnAlbin, effulgentsia: Fixed Missing theme settings values because list_themes() has inconsistent theme object data.
• #1619084 by kiamlaluno: Update documentation for drupal_render to reflect current function code
• #1552400 by mjonesdinero, SumeetSingh: Fix documentation for user_is_blocked, which was misleading.
• #1629994 by Aron Novak: Fix reference to obsolete RFC in valid_email_address
• #507502 by fietserwin, cosmicdreams, Rob Loach, tim.plunkett, sun, marvil07, nod_: Fixed missing Locale support for jQuery UI Datepicker.
• #1553464 by droplet: Fixed Can't select autocomplete items in IE7.
• #1480568 by gagarine, henwan: Fixed use $.attr with false instead of empty string.
• #283045 by mlncn, Albert Volkman, Jody Lynn, pwolanin, gpk, no_commit_credit | marcp: Fixed Allow top-level pages to be removed from books.
• #1195254 follow-up by David_Rothstein: Fix indentation.
• #1587858 by apotek: Fixed AJAX alert dialogs respect neither display_errors ini.php setting or $conf['error_level'] setting, exposing server info.
• #1195254 by trrroy, underq, kid_icarus, tim.plunkett, oriol_e9g, xjm: Taxonomy test cleanup.
• #642734 by nod_, tim.plunkett, yhahn: Fixed Simpletest behaviors should process the elements only once.
• #218470 by redndahead, casey, nod_, Albert Volkman | webernet: Fixed Floating tableheader: 'Select all' checkbox not updated.
• #1512116 by mjonesdinero: Update obsolete example in hook_menu docs
• #1333122 by effulgentsia, tim.plunkett: Clarify docs for theme and preprocess/process functions so it is clearer which ones get called for theme functions vs. templates
• #1619482 by mr.baileys: Fix up documentation for hook_update_N
• #1596598 by mr.baileys: Mak drupal_goto docs say what happens if path arg is empty, and clarify that on url docs too
• #1431634 by Tor Arne Thune: API docs cleanup for update module
• #1632596 by Zgear: Fixed Remove duplicate 'the' in minimal.install.
• #1614468 by Jorrit: Fixed hook_field_widget_error() example implementation contains error.
• #1432732 by Jorrit, B-Prod: Fixed Form error reporting fallback does not respect Drupal documentation.
• #1591726 by sun, tim.plunkett: Fixed Missing form_id, form_build_id, and form_token when using custom #parents and #tree = TRUE on $form itself.
• #1495648 follow-up by plach: Clarify entity language documentation.
• #1614292 by brockjo, Albert Volkman | neclimdul: Fixed image_style_delete_form() doesn't take form_state() by reference (prevented image styles from being deleted on PHP 5.4).
• #1549390 by drumm, BTMash: Taxonomy_update_7005() can be faster.
• #1572394 by attiks, Sweetchuck: Fixed Language detection by domain only works on port 80.
• #1567662 by sun | Georgii: Fixed The 1st plural index on a page is not calculated correctly.
• #1495648 by plach: Introduce entity language support.
• #1167996 by BWPanda: Fix version number mistake in UPGRADE.txt
• #1532682 by TravisCarden: Fix return value docs for comment_reply function
• #890790 by Tor Arne Thune, davidjdagino, moshe weitzman | jenlampton: Added tests to ensure that deleting nodes deletes their comments.
• #1600892 by tim.plunkett, sun: Fixed Tests use magic numbers 1 and 2 instead of user role constants.
• #1503184 by aspilicious, Rob Loach, cweagans, Dave.Ingram: Make Graph.inc documentation clearer.
• #1054162 by tim.plunkett, Dave Reid, joachim, no_commit_credit, Berdir: Taxonomy bundles not supported by EntityFieldQuery.
• #1558468 by Berdir, tim.plunkett: SA-CORE-2012-002 - Denial of Service (followup for D7 test coverage).
• #822418 by catch, marcingy, davidjdagino, no_commit_credit, tim.plunkett, ezheidtmann: Fixed Field form structure incomplete if field_access() returns FALSE.
• #1354726 followup: Fix docblock indentation on forum_update_7012().
• #1354726 by damiankloip, develCuy, gnuget, droplet, cha0s | bvanmeurs: Add more indexes on {forum_index}.
• #1602112 by ryanissamson, bgano: Add return docs to startTransaction method
• #1601136 by Chaulky: Fix param docs in drupal_validate_form function
• #1598508 by jeffschuler: fix return docs for _node_types_build function
• #1601214 by rfay: Remove rfay from maintaining AJAX
• #1517654 by zuuperman, sheise: Fixed Strict warning by field_ui_table_pre_render().
• #598586 followup by tim.plunkett: Added documentation of 'uid' parameter in hook_watchdog().
• #1573082 by tim.plunkett, grendzy: Fixed watchdog 'Deleted content type' uses wrong type.
• #1576300 by pwolanin: Fixed trim() expects parameter 1 to be string, array given in request_path() (line 2732 of bootstrap.inc).
• #1454266 by Chaulky, Volx: fix documentation for field_bundle_settings
• #1313510 by NROTC_Webmaster, oriol_e9g, aenw: Clean up API docs for Statistics module
• #1358944 by wulff: Fix misuse of ingroup in documentation blocks
• #1592866 by David_Rothstein: Add David Rothstein to MAINTAINERS.txt as a D7 core co-maintainer.
• #1578590 by ksenzee: Replace references to nonexesitent function drupal_initialize_variables
• #1546618 by wulff: Fix addtogroup syntax in menu.install
• #1546618 by wulff: Change duplicate defgroup to addtogroup
• #1302228 by xjm, yched, chx: Fixed Change notice for: field_has_data() returns inconsistent results – possible data loss.
• #1513580 by matt2000: Update hook_init and hook_boot docs to say whether themes are loaded when they run
• #1536750 by perusio: Fix drupal_goto documentation of status codes
• #813146 by bleen18: remove variable cruft in node_submit function
• #1558548 by tim.plunkett, sun: Fixed Notice: Undefined index: default_image() in image_field_prepare_view().
• #1558402 by greggles: Fixed forum_index() not form_index().

Release notes

Maintenance and security release of the Drupal 7 series.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

No other fixes are included.

No changes have been made to the .htaccess, robots.txt or settings.php files in this release, so upgrading custom versions of those files is not necessary.

Update notes:

As a consequence of the security fixes in this release, sites using the OpenID module will reject login attempts from OpenID servers which return an XRDS file with a declared DOCTYPE (due to the possibility of malicious DOCTYPE declarations).

A DOCTYPE declaration is not part of the OpenID specification, so this is not expected to cause any problems for valid OpenID servers. However, sites using unusual or custom OpenID servers may wish to test OpenID logins before deploying this release.

Release notes

Maintenance release of the Drupal 7 series. Includes bugfixes and small API/feature improvements only (no major new functionality); significant new features are only being added to the forthcoming Drupal 8.0 release.

No security fixes are included in this release.

No changes have been made to the .htaccess or robots.txt files in this release, so upgrading custom versions of those files is not necessary. Changes to the default settings.php file in this release include documentation fixes, additional (optional) configuration settings, and a new default value of the '404_fast_html' configuration setting. Upgrading custom versions of this file is not necessary, but may be useful if you want to take advantage of the new configuration settings.

Note that Drupal 7.17 makes a change to the Update Manager module to allow Drupal.org to collect usage statistics for individual modules and themes, rather than only for entire projects. The usage statistics will remain anonymous. (For more information on how usage statistics are collected from your site, see the online handbook entry for the Update Manager module.)

Known issues:

• #1836082: Drupal 7.17 breaks some form redirects (including views exposed filters)

  This affects sites which use a "Reset" button on exposed filters in the Views module. The button will not work correctly and will lead to a browser redirect loop unless the fix mentioned in that issue is applied.

Major changes since 7.16:

• Changed the default value of the '404_fast_html' variable to have a DOCTYPE declaration.
• Made it possible to use associative arrays for the 'items' variable in theme_item_list().
• Fixed a bug which prevented required form elements without a title from being given an "error" class when the form fails validation.
• Prevented duplicate HTML IDs from appearing when two forms are displayed on the same page and one of them is submitted with invalid data (minor markup change).
• Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had stale data in the Upload module's database tables.
• Fixed a bug in the States API which prevented certain types of form elements from being disabled when requested.
• Allowed aggregator feed items with author names longer than 255 characters to have a truncated version saved to the database (rather than causing a fatal error).
• Allowed aggregator feed items to have URLs longer than 255 characters (schema change which results in several columns in the Aggregator module's database tables changing from VARCHAR to TEXT fields).
• Added hook_taxonomy_term_view() and standardized the process for rendering taxonomy terms to invoke hook_entity_view() and otherwise make it consistent with other entities (API change: http://drupal.org/node/1808870).
• Added hook_entity_view_mode_alter() to allow modules to change entity view modes on display (API addition: http://drupal.org/node/1833086).
• Fixed a bug which made database queries running a "LIKE" query on blob fields fail on PostgreSQL databases. This caused errors during the Drupal 6 to Drupal 7 upgrade.
• Changed the hook_menu() entry for Drupal's rss.xml page to prevent extra path components from being accidentally passed to the page callback function (data structure change).
• Removed a non-standard "name" attribute from Drupal's default Content-Type header for file downloads.
• Fixed the theme settings form to properly clean up submitted values in $form_state['values'] when the form is submitted (data structure change).
• Fixed an inconsistency by removing the colon from the end of the label on multi-valued form fields (minor string change).
• Added support for 'weight' in hook_field_widget_info() to allow modules to control the order in which widgets are displayed in the Field UI.
• Updated various tables in the OpenID and Book modules to use the default "empty table" text pattern (string change).
• Added proxy server support to drupal_http_request().
• Added "lang" attributes to language links, to better support screen readers.
• Fixed double occurrence of a "ul" HTML tag on secondary local tasks in the Seven theme (markup change).
• Fixed bugs which caused taxonomy vocabulary and shortcut set titles to be double-escaped. The fix replaces the taxonomy vocabulary overview page and "Edit shortcuts" menu items' title callback entries in hook_menu() with new functions that do not escape HTML characters (data structure change).
• Modified the Update manager module to allow drupal.org to collect usage statistics for individual modules and themes, rather than only for entire projects.
• Modified the node listing database query on Drupal's default front page to add table aliases for better query altering (this is a data structure change affecting code which implements hook_query_alter() on this query).
• Improved the translatability of the "Field type(s) in use" message on the modules page (admin-facing string change).
• Fixed a regression which caused a "call to undefined function drupal_find_base_themes()" fatal error under rare circumstances.
• Numerous API documentation improvements.
• Additional automated test coverage.

All changes since 7.16:

• #1067120 followup by David_Rothstein, Berdir: Fix backwards compatibility issues for Drupal 7 on the taxonomy term page, and small documentation fixes.
• #1824016 by scuts: Fix confusing name of Node test method
• #1827200 by benjifisher: Fix up documentation for system_authorized_init()
• #1821024 by scuts, mjonesdinero: Fix up docs for drupal_add_js
• #1816148 by BTMash, David_Rothstein | Irous: Removed system_update_7075() for now, since it's causing problems.
• #1154382 followup by plach: Fixed several issues with the newly-added hook_entity_view_mode_alter().
• #1812822 by larowlan, _wdm_: Fixed field_test_entity_info() does not set a 'label' on the Test Entity.
• #1828876 by geekyMoa: Fixed Simpletest HTML5 field support.
• #1436814 by gary4gar, kid_icarus, netol, webchick, droplet, andypost: Fixed Fast 404 'Not found' pages are missing a doctype.
• #1809836 by danillonunes: Fixed theme_item_list() is broken when 'items' variable is an associative array.
• #1785436 by Boobaa: Fixed Submission of #required elements without #title and empty value does not display any error.
• #1414510 by andypost, Spleshka, perelman.yuval, tim.plunkett: Fixed Remove drupal_reset_static() for drupal_html_id() when form validation fails.
• #1586542 follow-up by Eric_A: Explicitly declare dependencies of system_update_7061.
• #1586542 by BTMash, carwin, xjm, gwulo: Fixed d6 to d7 upgrade stuck at update #7061.
• #1777270 by Devin Carlson, ssm2017 Binder, caelon, barraponto, ross9885: Fixed bug which prevented users with passwords over 60 characters from logging in via the user login block.
• #934714 by swentel, caiovlp, dcam | Coornail: Fixed Cannot add frontpage as shortcut.
• #1816858 by bleen18: Clean-up for Syslog module docs
• #1817484 by tomgeekery, kiamlaluno: Fixed The search_form_submit() function contains a 'return' statement right at the end of the function.
• #1441180 by scor, avr, Devin Carlson: Fixed hook_requirements() REQUIREMENT_ERROR broadcasting.
• #1006042 by ksenzee, grendzy, scor: Fixed Links outside the overlay with existing fragments are broken.
• #1539164 by Birk: Fixed Menu machine_name() label says 'URL path'.
• #1820960 by xjm: BTMash's username has incorrect case in MAINTAINERS.txt.
• #1797370 by lazysoundsystem, xjm: Remove t() from openid test assertion messages
• #1814760 by tomgeekery: Remove outdated documentation from dblog_cron()
• #1741338 by lazysoundsystem: Remove t() from test asserts in block module
• #909954 by barraponto: Document base hook component in hook_theme
• #1346772 by xjm, scor: Fixed StatisticsLoggingTestCase->testLogging() fails with clean URLs in some environments.
• #1741328 by lazysoundsystem: Remove t() from test asserts in aggregator module
• #1398404 by dcam, batigolix, NROTC_Webmaster, aLearner: Clean up API docs for overlay module
• #372416 by naxoc: Remove refs to nonexistent theme function in docs
• #1553704 by eddie_c: Fix up fast 404 docs in settings.php
• #1263302 by andypost, peterpoe: Fixed States API disabled state handler filters out nonexistent class 'form-element'.
• #1622974 by xjm, iflista, brianV: Fixed Aggregator fails to parse author entries longer than 255 characters.
• #1742602 by dcam, Lars Toomre, xjm, lazysoundsystem: Remove t() from assert messages in comment module tests
• #1798858 by paranojik: Remove t() from getInfo() in database tests
• #1592962 by mikeryan: Fixed Notice generated when programmatically creating a forum node.
• #1807688 by Lars Toomre: small docs cleanup in book module
• #1803194 by alextataurov: Add return docs for module_hook_info() function
• #1317626 by Albert Volkman: More API docs cleanup for includes H-M files
• #1799116 by jwilson3: Standardize on installation profile terminology
• #1802760 by mkadin, peterx: Document that menu_get_item() can return FALSE
• #218004 by Dave Reid, heyrocker, pcambra, neclimdul, alex_b, cam8001, twistor, mfb, catch, xjm, beeradb: Fixed Allow aggregator feed URLs longer than 255 characters.
• #1134088 by Cottser, catch: Properly document update-api functions
• #1539940 by jwilson3, ryanissamson, infiniteluke, mrf: Fix up sites readme files
• #1382222 by Albert Volkman: API docs cleanup for file transfer functions
• #1677830 by slashrsm: Improve docs for user and node hooks in regards to database transactions
• #1492378 by tim.plunkett, scottalan, xjm: Document how to use slashes in autocompletes
• #1797520 by dcam, Lars Toomre: Remove t() from test assertions in statistics module
• #1797516 by dcam, Lars Toomre: Remove t() from test assertions in syslog module
• #1197622 by lyricnz, xjm, tim.plunkett, Cottser: Fixed My account (disabled).
• #1067120 by BTMash, DamienMcKenna, corvus_ch, valthebald, mrfelton, fgm, Dave Reid: Fixed Missing hook_taxonomy_term_view() or hook_entity_view() when viewing a term.
• #1038932 by tim.plunkett, Chris Gillis: Theme_image_formatter() assumes that title, alt, and options are always set.
• #1780012 by dewens: Fixed "parameter 1 expected to be a reference" error in Profile module's hook_user_cancel() implementation.
• #1037632 by Sheldon Rampton, Tor Arne Thune, roy smith: Fixed Attaching a forbidden file to a node gives an error message with bogus file path.
• #1057912 by bfroehle, mgifford, bowersox, tarekdj, geerlingguy, hgurol: Fixed Weird Border on Vertical Tabs with Google Chrome and Safari caused by .element-invisible.
• #1317626 by Albert Volkman, xjm: Clean up API docs for include files H-M
• #1802844 by antojose: Fixed 'have to' repeated twice as 'have to have to' in the comment for the function hook_module_implements_alter() in system.api.php.
• #1797376 by dcam, xjm: remove t() from test assertions in poll module
• #1791090 by Ivan Zugec: Remove admin paths from aggregator hook docs
• #1778986 by yched: Fixed drupal-7.filled.standard_all() test db dump has invalid widget info.
• #1798302 by alippai: Fixed Remove unnecessary join.
• #1154382 by Berdir, barraponto, acouch, swentel, LoMo, DamienMcKenna, chx: Fixed View mode no longer can be changed.
• #1786124 by xjm, dcam: Clean up node access pager test.
• #1575790 by greg.1.anderson, sun, tim.plunkett, superhenne: Fixed Update #7002 fails on postgres - ILIKE operator on bytea not supported.
• #932110 by Albert Volkman, David_Rothstein, marji, jurgenhaas, dcam: On some servers, the Update Manager allows administrators to directly execute arbitrary code even without the PHP module. (Documentation fix)
• #1186886 by Albert Volkman, Mile23: Fix up docs for hook_node_load
• #863428 by Albert Volkman: Clean-up of cache constant documentation
• #1791614 by jessebeach: Added jessebeach as JavaScript maintainer.
• #1410260 by swentel, mojzis, droplet, pingers, drupdan3: Fixed rss.xml/whatever triggers PHP error.
• #1293308 follow-up by David_Rothstein: Remove brackets around email address.
• #1785392 by BWPanda: Fix reference and grammar in hook_field_formatter_info_alter documentation
• #1742958 by DamienMcKenna: Fix capitalization of URL and other acronyms
• #1722244 by Albert Volkman, edb: Add return docs for drupal_get_destination function
• #1773032 by Jorrit: Fixed Non-standard and pointless name attribute added to Content-Type header.
• #1761086 by cam8001, Berdir, larowlan: Fixed Caching in image_effects_definitions() broken.
• #1397882 by sun, kbasarab, catch, pingers: Fixed system_theme_settings_submit() does not properly clean up submitted form values.
• #1739808 by Berdir, salvis | GrzegorzNowak: Fixed Notice: Undefined index: file in DatabaseLog->findCaller().
• #1239410 by cangeceiro, swentel, jbrown: Fixed watchdog() should use php's time() to log time of event.
• #1293308 by Heine: Update Maintainers.txt to remove Heine, who is on sabbatical.
• #863428 by Albert Volkman, Mile23: Fix up documentation for block cache constants
• #1783348 by jfhovinne: Fix syntax in format_plural example
• #1595594 by Devin Carlson, Alan D.: Path modules node alter uses collapsible and collapsed attributes in the 'alias' text field.
• #1507556 by C. Lee, IshaDakota: Fixed Remove colon from label for multi-valued field form.
• #1704422 by sun, dcam: Fixed Error level constants cannot be used in settings.php.
• #1757540 by trogels: Fixed 'implements' instead of 'implementation of'.
• #1571076 by droplet, yohannbzh: Fixed Plural formula field only accepts 128 characters.
• #1739592 by Albert Volkman, andy.hails, dawehner: Add return docs to a couple of functions
• #262690 by Albert Volkman: Use correct name for Form API not Forms API
• #1779120 by TravisCarden: Improve documentation of l function
• #1555294 by Pol, tim.plunkett, oriol_e9g, cristinawithout, gagarine, dcam: Fixed Vocabulary title HTML entities are double encoded.
• #1586356 by dww, amateescu: Fixed Missing 'weight' support from hook_field_widget_info() makes it impossible to sanely order widgets.
• #1753976 by jfhovinne, savithac, PrabhuG: Remove return value docs from file download alter hook that should not be there
• #699604 by cam8001, nmudgal: Use file name for links to form API reference instead of full URL
• #1765918 by TravisCarden: Fix docs for drupal_get_messages function
• #1691438 by Dave Reid, CrashTest_, quicksketch, jbrown, Devin Carlson: Fixed Regression: {file_managed()}.filename should NOT be binary (and case-sensitive by default).
• #1473198 by kika, roborn: Fixed Empty table pattern for 'Edit [book's] order and titles' admin page.
• #1473214 by kika, nmudgal, roborn: Fixed Empty table pattern for 'OpenID identities' user page.
• #7881 by mikeytown2, effulgentsia, gwynnebaer, Patrizio, sylus, pwolanin, David_Rothstein: Add support to drupal_http_request() for proxy servers.
• #1164682 by mgifford, good_man, mvc, clemens.tolboom, sxnc, lazysoundsystem: Fixed Switch language links need language identifier.
• #1754712 by TravisCarden, Bußmeyer, pingers: Fixed @return unknown_type() should be @return mixed.
• #932110 by dcam, Albert Volkman, jurgenhaas, marji, David_Rothstein: Add note to settings.php about updates and security
• #1751072 by swentel: Add swentel as co-maintainer to Fields and Field UI system.
• #1359500 by Devin Carlson, theborg: Fixed Minor html bug in Seven's page.tpl.php (double occurrence of "ul" on secondary local tasks).
• #794192 by kim.pepper: add note to hook_update_N docs about calling functions from modules
• #1706926 by Ivan Zugec, eddie_c: Fix docs for theme_tableselect to have working code example
• #1363358 by David_Rothstein: Fixed Shortcut set titles are double-escaped with check_plain().
• #171267 by tim.plunkett, chx, NROTC_Webmaster, dcam: Fixed form redirects removes get variables like sort and order.
• #1036780 by Mike Wacker, tim.plunkett | cafuego: Enabled Drupal.org to collect stats on enabled sub-modules and core modules.
• #716496 by killtheliterate, rootwork: Make sure all core template files are in themeable group
• #1751612 by junedkazi: fix link formatting in documentation
• #1751650 by Ivan Zugec: comment formatting
• #1747826 by seutje: Add seutje to MAINTAINERS.txt as co-maintainer of the JavaScript component.
• #1613554 by drumm, BTMash: Fixed Update menu link queries from 6's strings.
• #1688020 by ishanmahajan, HUU: Fix group header for extra 7.x updates functions
• #1018324 by Albert Volkman, webbykat, disasm, jhr, jorap: Fix up documentation for multisite
• #1728472 by plopesc: Add link from form alter hooks to form API reference
• #1577938 by m-abshir, trogels, jhodgdon: taxonomy_vocabulary_save() documentation needs clarification: new vocabulary versus updating vocabulary.
• #1722244 by Albert Volkman, edb: Add return docs to drupal_get_destination function
• #1734482 by plopesc: Add return section to field_info_instance docs
• #1472724 by jibran, balsama, kiamlaluno, asrob, mjonesdinero: Clean up i.e. and e.g. in node.tpl.php docs
• #1558478 follow-up by tim.plunkett, Berdir, chx: Fixed tests for SA-CORE-2012-002 - Access bypass - content administration.
• #1507988 follow-up by Berdir, chx, webchick, Xenza: Fixed tests for SA-CORE-2012-002.
• #1627654 by jhodgdon, marcin.wosinek: Fix up docs in drupal_redirect_form for accuracy
• #1715326 by kid_icarus, oriol_e9g, dsdeiz: Fixed taxonomy_get_tree() typo on comments...
• #1485966 by vegantriathlete: Correct function header to comply with coding standards.
• #1728568 by e2thex, oriol_e9g: Fixed Add table alias in node query conditions to avoid ambiguous fields.
• #1477516 by JThan, Emin Sulaiman: Change language name from 'Uighur' to 'Uyghur'.
• #1448326 by anavarre, Cottser, jibran, jhodgdon: Fixed MAINTAINERS.txt should use different punctuation around URLs.
• #1670312 by dsdeiz, oriol_e9g, tstoeckler: Fixed TestBase::generatePermutations() should call itself by the proper name in PHPDoc.
• #1679594 by sun: Fixed node_requirements() breaks Drupal installer.
• #803294 by wojtha, mfb, c960657, Heine, oriol_e9g: Fixed OpenID discovery and login tests fail on HTTPS site.
• #1054162 by tim.plunkett, Transition, Dave Reid, joachim, no_commit_credit, Berdir, marcingy, damiankloip: Taxonomy bundles not supported by EntityFieldQuery (followup).
• #1343768 by JamesOakley, eMPee584: Fixed make update_calculate_project_update_status() work nicely with HEAD releases.
• #1688016 by sun, lucascaro: Fixed drupal_cron_run() unconditionally re-enables writing of the user session.
• #1688036 by lucascaro, sun: Fixed Session regenerate and destroy functions do not adhere to drupal_save_session().
• #1715402 by mikeryan: Fixed Poor performance of _forum_update_forum_index() when passed a non-forum node.
• #1685110 by BTMash, aspilicious, jhodgdon: Fixed Upgrade of forum.module d6-d7 loses permission.
• #1587822 by drumm, bfroehle: Code style: link in field_system_info_alter().
• #1211668 by scito, Devin Carlson, bornholtz: Fixed Special characters are encoded twice for feed icon attribute title.
• #1671200 by chx, sun, jaimealsilva: Fixed Simpletest broken on 5.4: CURLOPT_COOKIEJAR cannot be NULL on php5-curl version 5.4.4.
• #1716900 by chx: Clarify why hook_exit() must not print.
• #1684866 by droplet, nod_, oriol_e9g: Fixed JSHint shortcut.
• #1708722 by David_Rothstein: Fixed Call to undefined function drupal_find_base_themes() in drupal-7.15/includes/module.inc on line 184.
• #1315340 by Albert Volkman, aspilicious: API docs cleanup for entity includes and tests
• #1436272 by Albert Volkman, colette, dandaman, coolestdude1: Add information to documentation of drupal_bootstrap function
• #1705102 by dsdeiz: Fix reference to nonexestent hook in EntityFieldQuery docs
• #1703184 by m-abshir: Clarify table parameter in db_rename_table function doc
• #1681468 by eddie_c: Add params and return to documentation for field_default_form function