https://www.drupal.org/sa-contrib-2019-015

Project: Focal Point Version: 7.x-1.1 7.x-1.0 Date: 2019-February-13 Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All Vulnerability: Cross site scripting Description: This module enables a privileged user to specify the important part of an image for the purposes of cropping.

The module doesn't sufficiently sanitize certain form element attributes when the focal point widget is displayed on a form.

This vulnerability is mitigated by the fact that an attacker must have the ability to generate markup (e.g. with a field that accepts "filtered html") AND they must have permission to edit a node or entity whose add/edit form contains the focal point widget. Solution: Install the latest version:

If you use the focal_point module for Drupal 7.x, upgrade to Focal Point 7.x-1.2

https://www.drupal.org/project/focal_point/releases/7.x-1.2

Release notes Security Issue 168858 by poiu, bleen, greggles: Fixed possible XSS issue (89 seconds ago)

2981114: Preview Page: Add unique class to each image by jedihe: Preview Page: Added unique class to each image (8 months ago)

2699577: Odd inconsistency on first upload of image by SpaghettiBolognese, DamienMcKenna: Fixed odd inconsistency on first upload of image (11 months ago)

2354887: Offset with container margin by janmilinds, Tessa Bakker, bleen: Fixed offset with container margin (1 year, 4 months ago)

https://www.drupal.org/project/focal_point/releases/7.x-1.1

Release notes

2906767: Link for creating new Image style is breaking in case of localhost by anup.singh: Fixed link to create a new image style on localhost (9 minutes ago)

2848694: Follow up for #2832030: Custom focal point overwritten by defautl data. by das-peter, pribeh, Ice-D: Follow up for #2832030: Calculate intial focal point for existing images: Custom focal point overwritten by default data (7 months ago)

2833786: Coding Standards by renatog: Coding Standards (9 months ago)

2832020: Intial focal point setting not calculated for Media browser fields by bmunslow: Initial focal point setting not calculated for Media browser fields (9 months ago)

2832030: Calculate intial focal point for existing images by bmunslow: Calculate initial focal point for existing images (9 months ago)

2823678: Fix Drupal coding standard - spacing issues by prince_zyxware: Fix Drupal coding standard - spacing issues (11 months ago)

https://www.drupal.org/project/focal_point/releases/7.x-1.0

Release notes

2739887: When removing title/alt fields from files using file_entity gives a notice by SpadXIII: Fixed notice when removing title/alt fields from files using file_entity

Code style fixes

https://www.drupal.org/project/focal_point/releases/7.x-1.0-beta6

Release notes The primary reason for this release is to fix the error caused by an update hook in the previous release...

2661230: Does not convert existing Imagefield Focus data by bleen, valsgalore: Fixes does not convert existing Imagefield Focus data

2653332: Error on upgrade by jsst, bleen: Fixing error on upgrade

https://www.drupal.org/project/focal_point/releases/7.x-1.0-beta5

Release notes

2508668: Allow alteration of focal point on save by thePanz, bleen: Allow alteration of focal point on save (Added new hooks: hook_focal_point_save, hook_focal_point_delete, hook_focal_point_presave_alter)

2570507: Set the focal point default for Image Preview link on the File Add/Edit pages by Daniel Korte: Fixed the focal point default for Image Preview link on the File Add/Edit pages

2453429: Update test drive image to use file default scheme, so remote schemes work by scottrigby: Update test drive image to use file default scheme, so remote schemes work

2480641: Focal point doesn't show dimensions to admin unless loaded on an empty cache. by Sam152: Focal point doesn't show dimensions to admin unless loaded on an empty cache

2414193: Failure in hidden vertical tab by bleen18, cmonnow: Fixed failure in hidden vertical tab

2464139: Can't use a click to set focal point in Firefox by cmonnow, bleen18: Can't use a click to set focal point in Firefox

2426345: Can't set Focal Point on file entities that has no fields by kris84: Fixed can't set Focal Point on file entities that have no fields

2370865: Algorithm for a smart default focal point by GaëlG: Improved the algorithm for a smart default focal point

govCMS / GovCMS7

[SA-CONTRIB-2019-015] [7.x-2.x] Update focal_point module version to 7.x-1.2 (from 7.x-1.0-beta4) #786

https://www.drupal.org/sa-contrib-2019-015

https://www.drupal.org/project/focal_point/releases/7.x-1.2

2981114: Preview Page: Add unique class to each image by jedihe: Preview Page: Added unique class to each image (8 months ago)

2699577: Odd inconsistency on first upload of image by SpaghettiBolognese, DamienMcKenna: Fixed odd inconsistency on first upload of image (11 months ago)

2354887: Offset with container margin by janmilinds, Tessa Bakker, bleen: Fixed offset with container margin (1 year, 4 months ago)

https://www.drupal.org/project/focal_point/releases/7.x-1.1

2906767: Link for creating new Image style is breaking in case of localhost by anup.singh: Fixed link to create a new image style on localhost (9 minutes ago)

2848694: Follow up for #2832030: Custom focal point overwritten by defautl data. by das-peter, pribeh, Ice-D: Follow up for #2832030: Calculate intial focal point for existing images: Custom focal point overwritten by default data (7 months ago)

2833786: Coding Standards by renatog: Coding Standards (9 months ago)

2832020: Intial focal point setting not calculated for Media browser fields by bmunslow: Initial focal point setting not calculated for Media browser fields (9 months ago)

2832030: Calculate intial focal point for existing images by bmunslow: Calculate initial focal point for existing images (9 months ago)

2823678: Fix Drupal coding standard - spacing issues by prince_zyxware: Fix Drupal coding standard - spacing issues (11 months ago)

https://www.drupal.org/project/focal_point/releases/7.x-1.0

2739887: When removing title/alt fields from files using file_entity gives a notice by SpadXIII: Fixed notice when removing title/alt fields from files using file_entity

https://www.drupal.org/project/focal_point/releases/7.x-1.0-beta6

2661230: Does not convert existing Imagefield Focus data by bleen, valsgalore: Fixes does not convert existing Imagefield Focus data

2653332: Error on upgrade by jsst, bleen: Fixing error on upgrade

https://www.drupal.org/project/focal_point/releases/7.x-1.0-beta5

2508668: Allow alteration of focal point on save by thePanz, bleen: Allow alteration of focal point on save (Added new hooks: hook_focal_point_save, hook_focal_point_delete, hook_focal_point_presave_alter)

2570507: Set the focal point default for Image Preview link on the File Add/Edit pages by Daniel Korte: Fixed the focal point default for Image Preview link on the File Add/Edit pages

2453429: Update test drive image to use file default scheme, so remote schemes work by scottrigby: Update test drive image to use file default scheme, so remote schemes work

2480641: Focal point doesn't show dimensions to admin unless loaded on an empty cache. by Sam152: Focal point doesn't show dimensions to admin unless loaded on an empty cache

2414193: Failure in hidden vertical tab by bleen18, cmonnow: Fixed failure in hidden vertical tab

2464139: Can't use a click to set focal point in Firefox by cmonnow, bleen18: Can't use a click to set focal point in Firefox

2426345: Can't set Focal Point on file entities that has no fields by kris84: Fixed can't set Focal Point on file entities that have no fields

2370865: Algorithm for a smart default focal point by GaëlG: Improved the algorithm for a smart default focal point