- Nov 10, 2023
-
-
Drew Webber authored
-
- Jun 06, 2023
-
-
Drew Webber authored
Issue #1705618 by sun, nod_, mgifford, hanoii, clemens.tolboom, poker10, torotil, Wim Leers, Matt V., helmo, mcdruid, joseph.olstad, JvE, tim.plunkett, Bojhan, fawwad.nirvana, GuyPaddock, Dries, David_Rothstein: Double click prevention on form submission
-
Juraj Nemec authored
Issue #2164025 by skipyT, mcdruid, pwolanin: Improve security of session ID against DB exposure or SQL injection
-
Juraj Nemec authored
Issue #3293648 by mcdruid, poker10: [D7 backport] Update status does not verify the identity or authenticity of the release history URL
-
- May 26, 2023
-
-
Juraj Nemec authored
-
- Apr 19, 2023
-
- Nov 28, 2022
-
-
Drew Webber authored
Issue #3308929 by poker10, swentel, fago, catch, alexpott, Berdir: [D7] Cron lock time limit is too short and does not prevent multiple, concurrent cron runs
-
- Nov 18, 2022
-
-
Drew Webber authored
-
- Sep 06, 2022
-
-
Juraj Nemec authored
Issue #3293649 by mcdruid: drupal_http_request() fails to strip Cookie or Authorization headers on HTTP downgrade
-
- Jul 20, 2022
-
-
Drew Webber authored
SA-CORE-2022-012 by cmlara, GuyPaddock, larowlan, mondrake, effulgentsia, xjm, longwave, Dave Reid, lauriii, David Strauss, benjifisher, alexpott, mcdruid, Fabianx
-
- Nov 15, 2021
-
-
Drew Webber authored
Issue #1232572 by deviantintegral, mcdruid, joachim, cweagans, Lennard Westerveld, kenorb, hanoii, webflo, bleen, esod, johnennew, Elijah Lynn, ron_s, csmdgl, sriharsha.uppuluri, cman9090, Berdir, catch, q0rban, alexpott, anavarre: Backport skip_permissions_hardening
-
- Nov 08, 2021
-
-
Drew Webber authored
Issue #229825 by nod_, mcdruid, sun, ApacheEx, lightsurge, legovaer, pounard, RobLoach, Frederikvho, Robin Monks, cburschka, yched, keith.smith, Kiphaas7, treksler, jbrauer, catch, Dave Reid, aspilicious, Damien Tournoud, Wim Leers, giupenni, ressa, Fabianx, webchick: backport "$_COOKIE['has_js'] must die" patch to 7.x
-
- May 26, 2021
-
-
Drew Webber authored
Issue #3209976 by mcdruid, DamienMcKenna, Maeglin, antiorario, effulgentsia, gapple, rachel_norfolk, rootwork, phenaproxima, neclimdul, larowlan, longwave: Add Permissions-Policy header to block Google FLoC
-
- Mar 23, 2021
-
-
Drew Webber authored
Issue #3170525 by mcdruid, nullkernel, simonholt83, MustangGB, Znak, axle_foley00, Fabianx, akorkot, cilefen, thalemn, Ayesh, ressa, finne: Set samesite cookie attribute for PHP sessions
-
Drew Webber authored
Issue #2470619 by mcdruid, pounard, hosef, heddn, DamienMcKenna, boyan.borisov, joelpittet, Fabianx, joseph.olstad, MustangGB, izmeez, oadaeh, joshmiller, marcingy, mikeytown2, discipolo, amateescu, Jordan Samouh, das-peter, ndobromirov, quietone, Ronino, mxr576, David_Rothstein, potop, dreamer777, btully: Do not attempt field storage write when field content did not change
-
- Nov 30, 2020
-
-
Drew Webber authored
Issue #3098058 by mcdruid, SAVEL, alexpott, alexandra.vecher, nikolas.tatianenko, kiamlaluno, sjerdo, RobLoach, catch, cburschka, carlos8f, penyaskito, gdud, theborg, pillarsdotnet, olamaekle, naxoc: [D7] Use site name in From: header for system e-mails
-
- Nov 25, 2020
-
-
Drew Webber authored
Issue #973436 by catch, joseph.olstad, beejeebus, karschsp, pillarsdotnet, mcdruid, DamienMcKenna, carlos8f, sun, dsobon, kentr, Damien Tournoud, pounard, Fabianx, xjm, fgm, Steven Jones, David_Rothstein, donquixote, amateescu, MustangGB, Lars Toomre, basicmagic.net, Jeremy, DanPir, nnewton, yonailo, Peter Bowey, RobLoach, gdaw, dsutter, joel_osc, nareshp, izmeez, joelpittet, torgosPizza, crea, tim.plunkett, YesCT, stefan.r, rwohleb: Overzealous locking in variable_initialize()
-
Drew Webber authored
Issue #2978575 by mcdruid, Ayesh, Ronino, fietserwin, emilcarpenter, elijahoyekunle, berenddeboer, Mixologic, almaudoh, tfranz, izmeez, TR, Charlie ChX Negyesi, joseph.olstad, mmjvb, gisle, MustangGB, ronlee, pyQlo, TrevorBradley, alexpott, mfb, Fabianx, Andrés Chandía, buddym, rjt1224, saxmeister, Pol, shenzhuxi, sjerdo, aparna_kondala, seamus_lee, andrew_rs, bernig, andyrandom, xpiku, Kevin Morse, SivaprasadC, lakshmi_a, vensires, waqarit, joergM: Mysql 8 Support on Drupal 7
-
- Nov 24, 2020
-
-
Drew Webber authored
Issue #2989985 by mcdruid, colorfulCoder, tatarbj, Fabianx, paulocs: User module's flood controls should do better logging, plus add new hook_user_flood_control()
-
- Feb 26, 2019
-
-
Pol Dellaiera authored
-
- Jan 07, 2019
-
-
Pol Dellaiera authored
Issue #2482549 by Pol, marcelovani, ndf, drupal@guusvandewal.nl, jenlampton, ufku, kaidjohnson, MiSc, David_Rothstein, RobLoach, SebCorbin, geerlingguy, pablo.guerino, JohnAlbin, joelpittet, afoster: Ignore node_module folder in core to use Drupal with npm/grunt/nodejs
-
- Oct 04, 2017
-
-
David Rothstein authored
Issue #2091511 by Cameron Tod, mcdruid, mpdonadio, David_Rothstein, lokapujya, stefan.r, Berdir, alexpott, damiankloip, cosmicdreams, das-peter, heddn, xjm, catch, tstoeckler, anavarre, naveenvalecha, tim.plunkett, dawehner: Make cache_form expiration configurable, to mitigate runaway cache_form tables
-
- Sep 29, 2016
-
-
Stefan Ruijsenaars authored
Issue #2009584 by hgoto, jtwalters, rteijeiro, ry5n, emattias, Fabianx: Allow double underscores to pass through drupal_clean_css_identifier as per new CSS standards
-
- Jul 18, 2016
-
-
Stefan Ruijsenaars authored
Issue #2766537 by bhavikshah9, mforbes: Missing asterisk in one line of default.settings.php documentation block
-
- Jul 06, 2016
-
-
David Rothstein authored
Issue #2488180 by stefan.r, stovak, pwolanin, David_Rothstein, Noe_, typhonius, KhaledBlah, joelpittet, Fabianx, geerlingguy, nithinkolekar, mikeytown2, jduhls, scuba_fly, travelvc, hass: Support full UTF-8 (emojis, Asian symbols, mathematical symbols) on MySQL and other database drivers when they are configured to allow it
-
- Oct 14, 2015
-
-
David Rothstein authored
Issue #2115737 by darol100, owenpm3, rhuffstedtler, andythomnz, jemandy, ijf8090, zealfire, er.pushpinderrana, jhodgdon, corbacho, spitcher, abenamer, holingpoon, ay1n: Make the text in modules, themes, and profiles README.txt files more user-friendly
-
- Oct 12, 2015
-
-
David Rothstein authored
-
David Rothstein authored
-
- Jun 04, 2015
-
-
Jennifer Hodgdon authored
Issue #2500101 by David_Rothstein: sites/all/modules/README.txt should not imply that clearing caches always works after moving a module to a new subdirectory
-
- Jun 01, 2015
-
-
David Rothstein authored
-
- May 04, 2015
-
-
David Rothstein authored
Issue #667058 by greggles, DamienMcKenna, cweagans, travelertt, Dave Reid, tstoeckler, geerlingguy: Add a sites/all/libraries folder and encourage people to use it properly
-
- Feb 18, 2015
-
-
Jennifer Hodgdon authored
-
- Nov 05, 2014
-
-
David Rothstein authored
Issue #1930960 by pounard, iamEAP, pjcdawkins, msonnabaum, David_Rothstein: Fixed Block caching disable hardcoded on sites with hook_node_grant() causes serious performance troubles when not necessary.
-
- Nov 02, 2014
-
-
David Rothstein authored
Issue #1221772 by pounard, colan, jcisio | sivaji: Fixed Transaction database settings is misleading in settings.php.
-
- Sep 12, 2013
-
-
Jennifer Hodgdon authored
Issue #692366 by mariacha1, hosef, Albert Volkman, xjm, underq, kid_icarus, willmoy, bradweikel: Replace US-centric php.net URLs with language-neutral URLs
-
- Nov 10, 2012
-
-
Jennifer Hodgdon authored
-
- Nov 05, 2012
-
-
David Rothstein authored
Issue #1436814 by gary4gar, kid_icarus, netol, webchick, droplet, andypost: Fixed Fast 404 'Not found' pages are missing a doctype.
-
- Oct 15, 2012
-
-
Jennifer Hodgdon authored
-
- Oct 09, 2012
-
-
Jennifer Hodgdon authored
-
- Sep 27, 2012
-
-
Angie Byron authored
Issue #932110 by Albert Volkman, David_Rothstein, marji, jurgenhaas, dcam: On some servers, the Update Manager allows administrators to directly execute arbitrary code even without the PHP module. (Documentation fix)
-