Cross-Site Scripting in drupal7-entity
ID: | FEDORA-2015-2826 |
Distribution: | Fedora |
Plattformen: | Fedora 20 |
Datum: | Mi, 1. April 2015, 06:26 |
Referenzen: | https://www.drupal.org/node/2437905 |
Applikationen: | Drupal |
Originalnachricht |
|
Name : drupal7-entity Product : Fedora 20 Version : 1.6 Release : 1.fc20 URL : http://drupal.org/project/entity Summary : Extends the entity API to provide a unified way to deal with entities Description : This module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: * entity * entity_token -------------------------------------------------------------------------------- Update Information: ## 7.x-1.6 See [SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)](https://www.drupal.org/node/2437905) Changes since 7.x-1.5: - by klausi: Sanitize field labels before passing them to the Token API. - Issue #2264079 by Amitaibu, fago: Fixed $wrapper->access() might be wrong for single entity reference field. - Issue #2039601 by DuaelFr, fago: Added Ease EntityMetadataWrapper usage with a getter. - Issue #2160355 by wodenx, gmercer, fgm, jgullstr: Fixed Trying to get property of non-object in entity_metadata_user_access(). - Issue #1651824 by meatsack | joachim: Fixed 'entity_test' table has incorrect declaration of foreign keys. - Issue #2309697 by kristiaanvandeneynde; joachim: Fixed variable mistake in entity_views_handler_relationship_by_bundle. - Issue #2003826 by greenmother, stella, jazzdrive3, fago: Fixed template_preprocess_entity does not check for existing 'path' index. - Issue #1104286: Support generating database schema for date properties. - Issue #2013473 by fietserwin: Title attribute of image field not listed as possible token. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Shawn Iwinski |