[development] Slight API change in 4.6.10 and 4.7.4

inkfree press inkfree at gmail.com
Thu Oct 19 14:02:06 UTC 2006

"Heine Deelstra" wrote:

> 2. 4.7 modules and themes that rely on a defined set of form fields to be
> present
> Certain modules and themes output only specific form fields. As they do not
> output the form_token, the form will always fail validation for authenticated
> users.
> In addition, certain modules unset a few form fields, then save the remainder
> of the form. These modules need to account for the new field.

Is there some method for knowing _which_ modules will be affected?

Is there some specific API/function/code which these affected modules use
(and which can be searched/determined in the module files)?

A security fix which breaks existing installations is rather, um, difficult
to embrace.  (Especially given that the security alerts are so vague that
it's very hard to know if any given site is vulnerable.  Security alerts
with statements like "a site with a specially crafted URL" is too vague to
assess the potential impact...what kind of "specially crafted site" or
"specially crafted RSS feed" or "specially crafted URL"?)

I'd be happy to apply the 4.7.4 update, but not before I know which modules
(of the dozens we use) will be lost to this "fix".

Any methods suggested for determining which modules will break is


More information about the development mailing list