drupal 7.98

Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).

No security fixes are included in this release.

Changes have been made to default.settings.php. More details in the Change Records for major changes below.

No changes have been made to .htaccess, web.config or robots.txt files in this release, so upgrading custom versions of those files is not necessary.

As always, many thanks to everyone that contributed to this release of Drupal 7.

Major changes in 7.98:

• Session IDs are now hashed in the database in Drupal 7 - read this change record before running the database update
• Double click prevention introduced in Drupal 7
• Update info is fetched over https by default in Drupal 7
• Content of phpinfo() admin status page is now configurable in Drupal 7

All changes:

• #1705618 by sun, nod_, mgifford, hanoii, clemens.tolboom, poker10, torotil, Wim Leers, Matt V., helmo, mcdruid, joseph.olstad, JvE, tim.plunkett, Bojhan, fawwad.nirvana, GuyPaddock, Dries, David_Rothstein: Double click prevention on form submission
• #3007538 by poker10, torotil, DamienMcKenna, Jorrit, Fabianx: Cron.php does not check for maintenance mode correctly
• #2090185 by Stevel, generalredneck, poker10: Warning span background image on update.php makes update dependencies unreadable
• #2164025 by skipyT, mcdruid, pwolanin: Improve security of session ID against DB exposure or SQL injection
• #3293648 by mcdruid, poker10: [D7 backport] Update status does not verify the identity or authenticity of the release history URL
• #2060235 by lauriii, poker10, gaas: Getting a PDOException when adding new image style named thumbnail, medium and large
• #3358515 by mcdruid: Make phpinfo on the admin status report configurable [D7]
• #3214047 by poker10, mcdruid: [D7] Add phtml files to the list of potentially malicious extensions
• #1470236 by iamEAP, mstrelan, poker10, divesh.kumar: Array flip error when a taxonomy term field has a NULL value
• #1451072 by David_Rothstein, DuttonMa: Deleting a comment author while the Comment module is disabled leads to an EntityMalformedException error after it's reenabled
• #998632 by dalin, poker10: drupal_write_record() throws PHP notices if any fields use DB-specific data types
• #3308471 by poker10: [D7] Update CommonXssUnitTest::testBadProtocolStripping() to check other allowed / dangerous protocols
• #1821178 by heddn, poker10: Performance tune text_field_load()
• #1621334 by SebCorbin, poker10, szt, larowlan, swentel, salvis: Notice: Undefined property: stdClass::$forum_tid in forum_node_view()
• #2177335 by drintios, idebr, czigor, therealssj, oo0shiny, bdimaggio, samiullah, shashank5563, Rinku Jacob 13, poker10, alexpott: Selecting "None" does not move the block to the disabled region when there are no disabled blocks
• #2412151 by poker10, abramm, monika.danielsson: taxonomy_overview_terms undefined index
• #2133309 by pawandubey, tinko, matsbla, ifrik, poker10: Change link for language code identifier when creating custom languages
• #1777166 by gyuhyon, mandclu, poker10, jhodgdon, mradcliffe, catch: hook_comment_publish() docs are completely wrong
• #3019792 by apaderno, poker10: The description for the value returned from form_type_token_value() is wrong
• #2550519 by pwolanin, klausi, nullkernel, cweagans, Heine, alexpott, sindurig, YesCT, Ayesh, neclimdul, mfb, zniki.ru, eugene.ilyin, David_Rothstein, catch, joseph.olstad, dawehner, izmeez, chx, sarciszewski, stefan.r, apaderno, Fabianx, poker10: drupal_random_bytes() should use random_bytes() if available
• #3345570 by dmitrii, poker10: list_allowed_values_setting_validate dies with PHP Fatal error on PHP 8.1
• #3358536 by mcdruid, poker10: Add test(s) for SA-CORE-2023-004
• #3325533 by benqwerty: Undefined variables in system.tar.inc
• #2733299 by jacob.embree, mikhailkrainiuk: Documentation and behavior mismatch in form_get_errors
• #3064227 by zniki.ru: Add close p tag at clean_url_description in system.admin.inc
• #2845290 by eiriksm: Missing function comment doc for user_admin_account_validate
• #3004335 by interX: Wrong database table mentioned in the documentation of taxonomy_term_load_multiple
• #3068195 by slydevil: Documentation for _locale_import_one_string_db() is incorrect