eu_cookie_compliance 7.x-1.26

Release notes

Fixed a security issue where some output was not sanitized, causing potential XSS. The issue is mitigated by the attacker needing to have the permission “Administer EU Cookie Compliance”. Also several bug fixes. See EU Cookie Compliance – Critical – Cross site scripting – SA-CONTRIB-2019-033.

Fix security issue involving XSS. Mitigated by need to have admin access
Issue #3002528 by svenryen: Withdraw consent after agreeing is not working correctly
Issue #3020156 by svenryen: drupalSettings wrongly used in withdrawAction function
Issue #3008618 by svenryen: attachBehaviors after loading blacklisted scripts
Issue #2999117 by Dakwamine: In opt-out mode, do not ask again the user if he wants to consent after a withdraw
Issue #2973700 by AdamPS, svenryen: Consent by clicking option to exclude pages
Issue #3007865 by qwertyllo, das-peter, mfernea: Javascript undefined error after file uploads / ajax calls
Issue #2985662 by COBadger, svenryen: Missing button
Issue #3013518 by tauno, svenryen: Use CloudFlare’s CF-IPCountry as a fallback if available
Issue #3013166 by das-peter: rror: Using $this when not in object context in eu_cookie_compliance_admin_form()
Issue #3012020 by Leo Pitt, svenryen: Spaces between class attributes and “=”
Issue #2985558 by EduardoMadrid, svenryen: Convert javascript uris like public://path/file.js to relative paths
Issue #2994592 by jcnventura, svenryen, artfulrobot: Deletes cookies every 5s
Issue #2985520 by jasa, jyraya: After updating the module, a warning message appears about undefined withdraw_message, consent_storage_method and disabled_javascripts indexes
Issue #3001177 by svenryen, deepanker_bhalla, denisveg: Coding standard
Issue #2985543 by leymannx, svenryen: Notice: Undefined variable: primary_button_label
Issue #2986882 by smokris: Key to json hash cannot be “class” as it is a reserved word, use of “let” is not supported by all browsers as is ECMAScript

Download Size md5 hash
eu_cookie_compliance-7.x-1.26.tar.gz 32.87 KB f298bd00a01cada747d2599cacba5353
eu_cookie_compliance-7.x-1.26.zip 42.07 KB 83f9edeff6bb73b3e62ea4bb2ee2759a
Last updated: 6 Mar 2019 at 12:03 UTC
Official release from tag: 
7.x-1.26
Core compatibility: 
Release type: 
Short description: 
Security update
Packaged Git sha1: 
28c731ad55835d75afd970395f5404954ad8f2d4


Source: https://www.drupal.org/taxonomy/term/100/feed