Update to Drupal 7.88. For more information, see https://www.drupal.org/project/drupal/releases/7.88

Pantheon Automation · greg-1-anderson · commit c7cc3923e7f1 · 2022-02-16T11:37:08.000-06:00
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -1,3 +1,8 @@
+Drupal 7.88, 2022-02-15
+-----------------------
+- Fixed security issues:
+   - SA-CORE-2022-003
+
 Drupal 7.87, 2022-01-19
 -----------------------
 - Fix regression caused by jQuery UI position() backport
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '7.87');
+define('VERSION', '7.88');
 
 /**
  * Core API compatibility.
diff --git a/includes/form.inc b/includes/form.inc
@@ -2087,7 +2087,7 @@ function _form_builder_handle_input_element($form_id, &$element, &$form_state) {
   // #access=FALSE on an element usually allow access for some users, so forms
   // submitted with drupal_form_submit() may bypass access restriction and be
   // treated as high-privilege users instead.
-  $process_input = empty($element['#disabled']) && (($form_state['programmed'] && $form_state['programmed_bypass_access_check']) || ($form_state['process_input'] && (!isset($element['#access']) || $element['#access'])));
+  $process_input = empty($element['#disabled']) && ($element['#type'] !== 'value') && (($form_state['programmed'] && $form_state['programmed_bypass_access_check']) || ($form_state['process_input'] && (!isset($element['#access']) || $element['#access'])));
 
   // Set the element's #value property.
   if (!isset($element['#value']) && !array_key_exists('#value', $element)) {
