HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

Drupal

>

Releases

>

7.36

Drupal Release: 7.36

Tag Name: 7.36

Release Date: 4/2/2015

View Release
Drupal LogoDrupal

Highly flexible, open-source content management system known for complex, scalable web applications. Preferred by government, educational, and large enterprise websites requiring advanced customization and security features. Robust module ecosystem.

Open SourceDeveloper-FriendlyEnterprise

TL;DR

Drupal 7.36 Release Overview

Drupal 7.36 is a maintenance release that includes numerous bug fixes, documentation improvements, and several important enhancements. Key improvements include better handling of language switching, file management fixes, performance optimizations for caching, and security hardening for PHP/MySQL connections. This release also introduces new developer features like PSR-4 test class support and the ability to skip loading jQuery on pages where it's not needed, which can significantly improve frontend performance.

Highlight of the Release

    • Added PSR-4 test class support for modern PHP development
    • Ability to skip loading jQuery and Drupal JavaScript on pages where they aren't needed, improving performance
    • Fixed critical file handling issues that could cause loss of user pictures and file field data
    • Improved security by setting additional charset DSN parameter when connecting to MySQL via PDO
    • Fixed language handling issues in the user interface and field display

Migration Guide

Drupal 7.36 does not introduce any breaking changes that would require specific migration steps. However, developers should be aware of the following changes:

  • If your site relies on specific behavior of the Last-Modified header format for caching with Varnish/Nginx, you may need to update your configuration as this format has been changed to fix compatibility issues.

  • If you have custom code that interacts with file fields or the file management system, review the fixes related to file handling to ensure your code is compatible with the updated behavior.

  • If you have custom code that relies on the router rebuild process, be aware of the fixes to the race condition in this area.

  • If you're using the 'itok' token in image URLs for custom implementations, note that there's now a way to suppress this token which might affect your custom code.

For most sites, a standard update process should be sufficient:

  1. Back up your database and files
  2. Put your site into maintenance mode
  3. Update your Drupal core files
  4. Run update.php
  5. Take your site out of maintenance mode

Upgrade Recommendations

This release contains important bug fixes, security improvements, and performance enhancements that benefit all Drupal 7 sites. The upgrade is recommended for all Drupal 7 sites.

Priority: Medium

Timing: Regular maintenance cycle

This is a maintenance release with no known breaking changes, so the upgrade should be straightforward for most sites. However, as with any update, it's recommended to:

  1. Test the update on a staging/development environment first
  2. Ensure you have a complete backup of your site before upgrading
  3. Review the full changelog for any changes that might affect custom code on your site

If you're experiencing any of the specific issues fixed in this release (particularly file handling problems, language switching issues, or caching problems with Varnish/Nginx), upgrading should be prioritized.

Bug Fixes

  • Contact Form Issues: Fixed a bug where contact forms would incorrectly set name and email address on the global user object after submission.

  • Form Security: Fixed an issue where posting an array as a value of a form element was allowed even when a string was expected, which could bypass #maxlength constraints.

  • Language Switcher Block: Fixed the language switcher block that was generating invalid XHTML+RDFa 1.0.

  • Comment Moderation: Fixed a fatal error when using the Comment module's "Unpublish comment containing keyword(s)" action.

  • File Management Issues:

    • Fixed issues where user pictures were lost when system_update_7061 merges files into {file_managed}.
    • Fixed private files handling by correcting forward slashes in protocol of migrated URIs.
    • Fixed an issue where field_attach_update would delete file fields regardless of if they are included in the entity object.

  • Display Issues:

    • Fixed empty vertical tabs area showing when all vertical tabs are hidden.
    • Fixed inability to drag in or out of 'Hidden' on the 'Manage Display' page under certain circumstances.
    • Fixed block settings for theme menu title getting double escaped.

  • Caching Issues: Fixed date format for Last-Modified header that was breaking caching for certain Varnish/Nginx configurations.

  • Language Handling:

    • Fixed missing language code from $context when hook_field_attach_view_alter() is invoked from field_view_field().
    • Fixed translated strings not correctly marked in the administrative interface when the default language is not English.

  • Node Management:

    • Fixed issue where node types removed from hook_node_info with base = 'node_content' could not be deleted.
    • Fixed node preview removing file values from node edit form for non-displayed items.

  • UI Improvements:

    • Fixed tableselect "select all" checkbox not being checked on page load if all checkboxes are ticked.
    • Fixed content added via drupal_add_region_content() not being added to pages.
    • Fixed drag and drop not working correctly on RTL languages.

  • Router Issues: Fixed router rebuild lock_wait() condition that could result in rebuild later in the request (race condition).

New Features

  • PSR-4 Test Class Support: Added support for PSR-4 test classes in Drupal 7, allowing developers to use modern PHP autoloading standards for test classes.

  • Selective JavaScript Loading: New capability to skip loading jQuery and Drupal JavaScript libraries on pages where they won't be used, significantly improving page load performance.

  • Role Permission Check Function: Added user_role_has_permission() function to easily check if a user has a certain role.

  • Image Token Suppression: Added ability to suppress the 'itok' token in image derivative URLs through the new image_allow_insecure_derivatives variable, useful for certain CDN configurations.

  • Public File Schema Variable: Added a 'file_public_schema' variable to allow bypassing file download access checks in managed file upload fields when needed.

  • Xdebug Support: Added support for Xdebug in DrupalWebTestCase, making debugging tests much easier for developers.

  • Retina Favicon: Added a retina-quality version of the default Drupal "drop" favicon for better display on high-resolution screens.

Security Updates

  • MySQL Connection Security: Improved security on newer versions of PHP by setting an additional charset DSN parameter when connecting to MySQL via PDO, helping to prevent potential SQL injection attacks.

  • Form Validation: Fixed an issue where posting an array as a value of a form element was allowed even when a string was expected, which could bypass #maxlength constraints. This helps prevent potential form manipulation attacks.

Performance Improvements

  • Selective JavaScript Loading: Added the ability to skip loading jQuery and Drupal JavaScript libraries on pages where they won't be used, which can significantly improve page load times and reduce bandwidth usage.

  • Installation Performance: Fixed installation failure issues when opcode cache is enabled, improving installation performance and reliability.

  • Code Registry Optimization: Improved code registry lookups by ignoring case, which can improve performance in certain scenarios.

  • Router Rebuild Optimization: Fixed race conditions in router rebuild process, preventing unnecessary rebuilds later in the request cycle.

Impact Summary

Drupal 7.36 is a significant maintenance release that addresses multiple areas of the Drupal 7 core system. The most impactful changes include:

  1. Performance Improvements: The ability to selectively skip loading jQuery and Drupal JavaScript libraries can significantly improve page load times for pages that don't need these resources.

  2. File Handling Fixes: Several critical fixes to file handling prevent data loss scenarios, particularly with user pictures and file fields during updates or content editing.

  3. Developer Experience: The addition of PSR-4 test class support, Xdebug integration, and new utility functions improves the developer experience and brings more modern PHP practices to Drupal 7.

  4. Security Hardening: Improved MySQL connection security and form validation help protect sites from potential vulnerabilities.

  5. Multilingual Improvements: Several fixes to language handling improve the experience for multilingual sites, including better RTL support and language switching.

These changes collectively improve the stability, security, and performance of Drupal 7 sites without introducing breaking changes, making this a recommended update for all Drupal 7 installations.

Statistics:

File Changed85
Line Additions1,143
Line Deletions215
Line Changes1,358
Total Commits65

User Affected:

  • Improved language switching functionality in the user interface
  • Fixed issues with user pictures being lost during system updates
  • Better handling of file management and private files
  • Improved block settings and display options

Contributors:

DavidRothsteinjhodgdon-drp