diff -Naur drupal-5.10/.htaccess drupal-5.23/.htaccess --- drupal-5.10/.htaccess 2008-01-22 10:01:39.000000000 +0100 +++ drupal-5.23/.htaccess 2009-02-26 08:03:29.000000000 +0100 @@ -3,7 +3,7 @@ # # Protect files and directories from prying eyes. - + Order allow,deny @@ -13,9 +13,14 @@ # Follow symbolic links in this directory. Options +FollowSymLinks -# Customized error messages. +# Make Drupal handle any 404 errors. ErrorDocument 404 /index.php +# Force simple error message for requests for non-existent favicon.ico. + + ErrorDocument 404 "The requested file favicon.ico was not found. + + # Set the default handler. DirectoryIndex index.php @@ -104,10 +109,11 @@ #RewriteCond %{QUERY_STRING} ^mod=([^&]+)$ #RewriteRule module.php index.php?q=%1 [L] - # Rewrite current-style URLs of the form 'index.php?q=x'. + # Rewrite current-style URLs of the form 'x' to the form 'index.php?q=x'. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] -# $Id: .htaccess,v 1.81.2.4 2008/01/22 09:01:39 drumm Exp $ +# $Id: .htaccess,v 1.81.2.6 2009/02/26 07:03:29 drumm Exp $ diff -Naur drupal-5.10/CHANGELOG.txt drupal-5.23/CHANGELOG.txt --- drupal-5.10/CHANGELOG.txt 2008-08-14 01:59:09.000000000 +0200 +++ drupal-5.23/CHANGELOG.txt 2010-08-11 22:37:49.000000000 +0200 @@ -1,4 +1,76 @@ -// $Id: CHANGELOG.txt,v 1.173.2.25 2008/08/13 23:59:09 drumm Exp $ +// $Id: CHANGELOG.txt,v 1.173.2.50 2010/08/11 20:37:49 drumm Exp $ + +Drupal 5.23, 2010-08-11 +----------------------- +- Fixed security issues (File download access bypass, Comment unpublishing + bypass), see SA-CORE-2010-002. + +Drupal 5.22, 2010-03-03 +----------------------- +- Fixed security issues (Open redirection, Locale module cross site scripting, + Blocked user session regeneration), see SA-CORE-2010-001. + +Drupal 5.21, 2009-12-16 +----------------------- +- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. +- Fixed a variety of small bugs. + +Drupal 5.20, 2009-09-16 +----------------------- +- Avoid security problems resulting from writing Drupal 6-style menu + declarations. +- Fixed security issues (session fixation), see SA-CORE-2009-008. +- Fixed a variety of small bugs. + +Drupal 5.19, 2009-07-01 +----------------------- +- Fixed security issues (Cross site scripting and Password leakage in URL), see + SA-CORE-2009-007. +- Fixed a variety of small bugs. + +Drupal 5.18, 2009-05-13 +----------------------- +- Fixed security issues (Cross site scripting), see SA-CORE-2009-006. +- Fixed a variety of small bugs. + +Drupal 5.17, 2009-04-29 +----------------------- +- Fixed security issues (Cross site scripting and limited information + disclosure) see SA-CORE-2009-005. +- Fixed a variety of small bugs. + +Drupal 5.16, 2009-02-25 +----------------------- +- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004. +- Fixed a variety of small bugs. + +Drupal 5.15, 2009-01-14 +----------------------- +- Fixed security issues, (Hardening against SQL injection), see + SA-CORE-2009-001 +- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell + scripts. +- Fixed a variety of small bugs. + +Drupal 5.14, 2008-12-11 +----------------------- +- removed a previous change incompatible with PHP 5.1.x and lower. + +Drupal 5.13, 2008-12-10 +----------------------- +- fixed a variety of small bugs. +- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 +- updated robots.txt and .htaccess to match current file use. + +Drupal 5.12, 2008-10-22 +----------------------- +- fixed security issues, (File inclusion), see SA-2008-067 + +Drupal 5.11, 2008-10-08 +----------------------- +- fixed a variety of small bugs. +- fixed security issues, (File upload access bypass, Access rules bypass, + BlogAPI access bypass, Node validation bypass), see SA-2008-060 Drupal 5.10, 2008-08-13 ----------------------- diff -Naur drupal-5.10/LICENSE.txt drupal-5.23/LICENSE.txt --- drupal-5.10/LICENSE.txt 2006-07-09 13:33:06.000000000 +0200 +++ drupal-5.23/LICENSE.txt 2009-01-14 06:56:37.000000000 +0100 @@ -1,14 +1,13 @@ -// $Id: LICENSE.txt,v 1.5 2006/07/09 11:33:06 dries Exp $ +// $Id: LICENSE.txt,v 1.5.2.1 2009/01/14 05:56:37 drumm Exp $ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - Preamble + Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public @@ -58,7 +57,7 @@ The precise terms and conditions for copying, distribution and modification follow. - GNU GENERAL PUBLIC LICENSE + GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains @@ -257,7 +256,7 @@ of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - NO WARRANTY + NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN @@ -279,9 +278,9 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - END OF TERMS AND CONDITIONS + END OF TERMS AND CONDITIONS - How to Apply These Terms to Your New Programs + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -305,10 +304,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. diff -Naur drupal-5.10/includes/bootstrap.inc drupal-5.23/includes/bootstrap.inc --- drupal-5.10/includes/bootstrap.inc 2008-01-10 23:14:24.000000000 +0100 +++ drupal-5.23/includes/bootstrap.inc 2009-04-30 02:13:48.000000000 +0200 @@ -1,5 +1,5 @@ cache = time(); - $cache_flush = variable_get('cache_flush', 0); + $cache_flush = variable_get('cache_flush_'. $table, 0); if ($cache_flush == 0) { // This is the first request to clear the cache, start a timer. - variable_set('cache_flush', time()); + variable_set('cache_flush_'. $table, time()); } else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) { - // Clear the cache for everyone, cache_flush_delay seconds have + // Clear the cache for everyone, cache_lifetime seconds have // passed since the first request to clear the cache. db_query("DELETE FROM {". $table. "} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time()); - variable_set('cache_flush', 0); + variable_set('cache_flush_'. $table, 0); } } else { diff -Naur drupal-5.10/includes/common.inc drupal-5.23/includes/common.inc --- drupal-5.10/includes/common.inc 2008-07-09 21:34:30.000000000 +0200 +++ drupal-5.23/includes/common.inc 2010-03-04 01:16:02.000000000 +0100 @@ -1,5 +1,5 @@ ]*>/i', "\$0\n", $content, 1); +} + +/** * Add a feed URL for the current page. * * @param $url @@ -293,11 +302,22 @@ * @see drupal_get_destination() */ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) { + + $destination = FALSE; if (isset($_REQUEST['destination'])) { - extract(parse_url(urldecode($_REQUEST['destination']))); + $destination = $_REQUEST['destination']; } else if (isset($_REQUEST['edit']['destination'])) { - extract(parse_url(urldecode($_REQUEST['edit']['destination']))); + $destination = $_REQUEST['edit']['destination']; + } + + if ($destination) { + // Do not redirect to an absolute URL originating from user input. + $colonpos = strpos($destination, ':'); + $absolute = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($destination, 0, $colonpos))); + if (!$absolute) { + extract(parse_url(urldecode($destination))); + } } $url = url($path, $query, $fragment, TRUE); @@ -418,6 +438,18 @@ // Parse the URL, and make sure we can handle the schema. $uri = parse_url($url); + if ($uri == FALSE) { + $result->error = 'unable to parse URL'; + $result->code = -1001; + return $result; + } + + if (!isset($uri['scheme'])) { + $result->error = 'missing schema'; + $result->code = -1002; + return $result; + } + switch ($uri['scheme']) { case 'http': $port = isset($uri['port']) ? $uri['port'] : 80; @@ -432,6 +464,7 @@ break; default: $result->error = 'invalid schema '. $uri['scheme']; + $result->code = -1003; return $result; } @@ -642,8 +675,8 @@ /** * Translate strings to the current locale. * - * All human-readable text that will be displayed somewhere within a page should be - * run through the t() function. + * Human-readable text that will be displayed somewhere within a page should + * be run through the t() function. * * Examples: * @code @@ -679,27 +712,27 @@ * $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", NULL, NULL, TRUE))); * @endcode * - * - @variable, which indicates that the text should be run through check_plain, - * to strip out HTML characters. Use this for any output that's displayed within - * a Drupal page. + * - @variable, which indicates that the text should be run through + * check_plain, to escape HTML characters. Use this for any output that's + * displayed within a Drupal page. * @code * drupal_set_title($title = t("@name's blog", array('@name' => $account->name))); * @endcode * - * - %variable, which indicates that the string should be highlighted with - * theme_placeholder() which shows up by default as emphasized. + * - %variable, which indicates that the string should be HTML escaped and + * highlighted with theme_placeholder() which shows up by default as + * emphasized. * @code - * watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name))); + * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)); * @endcode * * When using t(), try to put entire sentences and strings in one t() call. * This makes it easier for translators, as it provides context as to what - * each word refers to. HTML markup within translation strings is allowed, - * but should be avoided if possible. The exception is embedded links; link - * titles add additional context for translators so should be kept in the main - * string. + * each word refers to. HTML markup within translation strings is allowed, but + * should be avoided if possible. The exception are embedded links; link + * titles add a context for translators, so should be kept in the main string. * - * Here is an example of an incorrect use if t(): + * Here is an example of incorrect usage of t(): * @code * $output .= t('

Go to the @contact-page.

', array('@contact-page' => l(t('contact page'), 'contact'))); * @endcode @@ -709,7 +742,7 @@ * $output .= '

'. t('Go to the contact page.', array('@contact-page' => url('contact'))) .'

'; * @endcode * - * Also avoid escaping quotation marks wherever possible. + * Avoid escaping quotation marks wherever possible. * * Incorrect: * @code @@ -721,6 +754,101 @@ * $output .= t("Don't click me."); * @endcode * + * Because t() is designed for handling code-based strings, in almost all + * cases, the actual string and not a variable must be passed through t(). + * + * Extraction of translations is done based on the strings contained in t() + * calls. If a variable is passed through t(), the content of the variable + * cannot be extracted from the file for translation. + * + * Incorrect: + * @code + * $message = 'An error occurred.'; + * drupal_set_message(t($message), 'error'); + * $output .= t($message); + * @endcode + * + * Correct: + * @code + * $message = t('An error occurred.'); + * drupal_set_message($message, 'error'); + * $output .= $message; + * @endcode + * + * The only case in which variables can be passed safely through t() is when + * code-based versions of the same strings will be passed through t() (or + * otherwise extracted) elsewhere. + * + * In some cases, modules may include strings in code that can't use t() + * calls. For example, a module may use an external PHP application that + * produces strings that are loaded into variables in Drupal for output. + * In these cases, module authors may include a dummy file that passes the + * relevant strings through t(). This approach will allow the strings to be + * extracted. + * + * Sample external (non-Drupal) code: + * @code + * class Time { + * public $yesterday = 'Yesterday'; + * public $today = 'Today'; + * public $tomorrow = 'Tomorrow'; + * } + * @endcode + * + * Sample dummy file. + * @code + * // Dummy function included in example.potx.inc. + * function example_potx() { + * $strings = array( + * t('Yesterday'), + * t('Today'), + * t('Tomorrow'), + * ); + * // No return value needed, since this is a dummy function. + * } + * @endcode + * + * Having passed strings through t() in a dummy function, it is then + * okay to pass variables through t(). + * + * Correct (if a dummy file was used): + * @code + * $time = new Time(); + * $output .= t($time->today); + * @endcode + * + * However tempting it is, custom data from user input or other non-code + * sources should not be passed through t(). Doing so leads to the following + * problems and errors: + * - The t() system doesn't support updates to existing strings. When user + * data is updated, the next time it's passed through t() a new record is + * created instead of an update. The database bloats over time and any + * existing translations are orphaned with each update. + * - The t() system assumes any data it receives is in English. User data may + * be in another language, producing translation errors. + * - The "Built-in interface" text group in the locale system is used to + * produce translations for storage in .po files. When non-code strings are + * passed through t(), they are added to this text group, which is rendered + * inaccurate since it is a mix of actual interface strings and various user + * input strings of uncertain origin. + * + * Incorrect: + * @code + * $item = item_load(); + * $output .= check_plain(t($item['title'])); + * @endcode + * + * Instead, translation of these data can be done through the locale system, + * either directly or through helper functions provided by contributed + * modules. + * @see hook_locale() + * + * During installation, st() is used in place of t(). Code that may be called + * during installation or during normal operation should use the get_t() + * helper function. + * @see st() + * @see get_t() + * * @param $string * A string containing the English string to translate. * @param $args @@ -793,7 +921,7 @@ * * This function should only be used on actual URLs. It should not be used for * Drupal menu paths, which can contain arbitrary characters. - * + * Valid values per RFC 3986. * @param $url * The URL to verify. * @param $absolute @@ -802,12 +930,26 @@ * TRUE if the URL is in a valid format. */ function valid_url($url, $absolute = FALSE) { - $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]'; if ($absolute) { - return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url); + return (bool)preg_match(" + /^ # Start at the beginning of the text + (?:ftp|https?):\/\/ # Look for ftp, http, or https schemes + (?: # Userinfo (optional) which is typically + (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)* # a username or a username and password + (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@ # combination + )? + (?: + (?:[a-z0-9\-\.]|%[0-9a-f]{2})+ # A domain name or a IPv4 address + |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\]) # or a well formed IPv6 address + ) + (?::[0-9]+)? # Server port number (optional) + (?:[\/|\?] + (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2}) # The path and query (optional) + *)? + $/xi", $url); } else { - return preg_match("/^". $allowed_characters ."+$/i", $url); + return (bool)preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url); } } @@ -1929,7 +2071,7 @@ * @param $body * Message to be sent. Drupal will format the correct line endings for you. * @param $from - * Sets From, Reply-To, Return-Path and Error-To to this value, if given. + * Sets From to this value, if given. * @param $headers * Associative array containing the headers to add. This is typically * used to add extra headers (From, Cc, and Bcc). @@ -1949,10 +2091,10 @@ // SMTP server. Errors-To is redundant, but shouldn't hurt. $default_from = variable_get('site_mail', ini_get('sendmail_from')); if ($default_from) { - $defaults['From'] = $defaults['Reply-To'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from; + $defaults['From'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from; } if ($from) { - $defaults['From'] = $defaults['Reply-To'] = $from; + $defaults['From'] = $from; } $headers = array_merge($defaults, $headers); // Custom hook traversal to allow pass by reference diff -Naur drupal-5.10/includes/database.mysql.inc drupal-5.23/includes/database.mysql.inc --- drupal-5.10/includes/database.mysql.inc 2007-10-19 23:49:26.000000000 +0200 +++ drupal-5.23/includes/database.mysql.inc 2009-07-10 08:09:38.000000000 +0200 @@ -1,5 +1,5 @@ We were unable to use the MySQL database because the MySQL extension for PHP is not installed. Check your PHP.ini to see how you can enable it.

For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.

'); @@ -119,6 +120,7 @@ if (!mysql_select_db(substr($url['path'], 1))) { drupal_maintenance_theme(); + drupal_set_header('HTTP/1.1 503 Service Unavailable'); drupal_set_title('Unable to select database'); print theme('maintenance_page', '

We were able to connect to the MySQL database server (which means your username and password are okay) but not able to select the database.

The MySQL error was: '. theme('placeholder', mysql_error($connection)) .'.

@@ -358,7 +360,7 @@ $tablename = array_pop($args); array_shift($args); - $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query)); + $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } diff -Naur drupal-5.10/includes/database.mysqli.inc drupal-5.23/includes/database.mysqli.inc --- drupal-5.10/includes/database.mysqli.inc 2008-07-16 20:55:38.000000000 +0200 +++ drupal-5.23/includes/database.mysqli.inc 2009-07-10 08:09:38.000000000 +0200 @@ -1,5 +1,5 @@ We were unable to use the MySQLi database because the MySQLi extension for PHP is not installed. Check your PHP.ini to see how you can enable it.

For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.

'); @@ -102,6 +103,7 @@ } else if (mysqli_connect_errno() > 0) { drupal_maintenance_theme(); + drupal_set_header('HTTP/1.1 503 Service Unavailable'); drupal_set_title('Unable to select database'); print theme('maintenance_page', '

We were able to connect to the MySQL database server (which means your username and password are okay) but not able to select the database.

The MySQL error was: '. theme('placeholder', mysqli_connect_error($connection)) .'.

@@ -341,7 +343,7 @@ $tablename = array_pop($args); array_shift($args); - $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query)); + $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } diff -Naur drupal-5.10/includes/database.pgsql.inc drupal-5.23/includes/database.pgsql.inc --- drupal-5.10/includes/database.pgsql.inc 2008-07-16 21:12:52.000000000 +0200 +++ drupal-5.23/includes/database.pgsql.inc 2008-09-15 08:14:52.000000000 +0200 @@ -1,5 +1,5 @@ We were unable to use the PostgreSQL database because the PostgreSQL extension for PHP is not installed. Check your PHP.ini to see how you can enable it.

For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.

'); diff -Naur drupal-5.10/includes/file.inc drupal-5.23/includes/file.inc --- drupal-5.10/includes/file.inc 2008-08-14 01:59:09.000000000 +0200 +++ drupal-5.23/includes/file.inc 2009-01-26 15:22:45.000000000 +0100 @@ -1,5 +1,5 @@ 0) { foreach ($element['#options'] as $key => $choice) { if (!isset($element[$key])) { - $element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => check_plain($key), '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE); + // Generate the parents as the autogenerator does, so we will have a + // unique id for each radio button. + $parents_for_id = array_merge($element['#parents'], array($key)); + $element[$key] = array( + '#type' => 'radio', + '#title' => $choice, + '#return_value' => check_plain($key), + '#default_value' => $element['#default_value'], + '#attributes' => $element['#attributes'], + '#id' => form_clean_id('edit-'. implode('-', $parents_for_id)), + '#parents' => $element['#parents'], + '#spawned' => TRUE + ); } } } @@ -1538,7 +1550,11 @@ * A string representing the form element. */ function theme_form_element($element, $value) { - $output = '
'."\n"; + $output = '
*' : ''; if (!empty($element['#title'])) { diff -Naur drupal-5.10/includes/install.inc drupal-5.23/includes/install.inc --- drupal-5.10/includes/install.inc 2007-10-07 00:38:28.000000000 +0200 +++ drupal-5.23/includes/install.inc 2008-10-05 03:46:57.000000000 +0200 @@ -1,5 +1,5 @@ TRUE); foreach ($languages['name'] as $key => $lang) { + // Language code should contain no markup, but is emitted + // by radio and checkbox options. + $key = check_plain($key); $options[$key] = ''; $status = db_fetch_object(db_query("SELECT isdefault, enabled FROM {locales_meta} WHERE locale = '%s'", $key)); if ($status->enabled) { @@ -97,6 +100,14 @@ return $output; } +function _locale_admin_manage_screen_validate($form_id, $form_values) { + foreach ($form_values['name'] as $key => $value) { + if (preg_match('/["<>\']/', $value)) { + form_set_error('name][' . $key, t('The characters <, >, " and \' are not allowed in the language name in English field.')); + } + } +} + /** * Process locale admin manager form submissions. */ @@ -184,12 +195,22 @@ form_set_error(t('The language %language (%code) already exists.', array('%language' => $form_values['langname'], '%code' => $form_values['langcode']))); } + // If we are adding a non-custom language, check for a valid langcode. if (!isset($form_values['langname'])) { $isocodes = _locale_get_iso639_list(); if (!isset($isocodes[$form_values['langcode']])) { form_set_error('langcode', t('Invalid language code.')); } } + // Otherwise, check for invlaid characters + else { + if (preg_match('/["<>\']/', $form_values['langcode'])) { + form_set_error('langcode', t('The characters <, >, " and \' are not allowed in the language code field.')); + } + if (preg_match('/["<>\']/', $form_values['langname'])) { + form_set_error('langname', t('The characters <, >, " and \' are not allowed in the language name in English field.')); + } + } } /** @@ -331,8 +352,14 @@ function _locale_string_seek_form() { // Get *all* languages set up $languages = locale_supported_languages(FALSE, TRUE); - asort($languages['name']); unset($languages['name']['en']); - $languages['name'] = array_map('check_plain', $languages['name']); + unset($languages['name']['en']); + // Sanitize the values to be used in radios. + $languages_name = array(); + foreach ($languages['name'] as $key => $value) { + $languages_name[check_plain($key)] = check_plain($value); + } + $languages['name'] = $languages_name; + asort($languages['name']); // Present edit form preserving previous user settings $query = _locale_string_seek_query(); diff -Naur drupal-5.10/includes/menu.inc drupal-5.23/includes/menu.inc --- drupal-5.10/includes/menu.inc 2008-02-11 06:26:53.000000000 +0100 +++ drupal-5.23/includes/menu.inc 2009-07-10 07:56:51.000000000 +0200 @@ -1,5 +1,5 @@ $item['callback']); if (isset($item['callback arguments'])) { diff -Naur drupal-5.10/includes/pager.inc drupal-5.23/includes/pager.inc --- drupal-5.10/includes/pager.inc 2006-10-15 21:57:05.000000000 +0200 +++ drupal-5.23/includes/pager.inc 2009-07-01 22:52:11.000000000 +0200 @@ -1,5 +1,5 @@ uid > 0) { + // We found the client's session record and they are an authenticated, + // active user. + if ($user && $user->uid > 0 && $user->status == 1) { // This is done to unserialize the data member of $user $user = drupal_unpack($user); @@ -44,8 +45,9 @@ $user->roles[$role->rid] = $role->name; } } - // We didn't find the client's record (session has expired), or they are an anonymous user. - else { + // We didn't find the client's record (session has expired), or they are + // blocked, or they are an anonymous user. + else { $session = isset($user->session) ? $user->session : ''; $user = drupal_anonymous_user($session); } @@ -57,30 +59,26 @@ global $user; // If saving of session data is disabled or if the client doesn't have a session, - // and one isn't being created ($value), do nothing. - if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { + // and one isn't being created ($value), do nothing. This keeps crawlers out of + // the session table. This reduces memory and server load, and gives more useful + // statistics. We can't eliminate anonymous session table rows without breaking + // the throttle module and the "Who's Online" block. + if (!session_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) { return TRUE; } - $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key); - - if (!db_num_rows($result)) { - // Only save session data when when the browser sends a cookie. This keeps - // crawlers out of session table. This reduces memory and server load, - // and gives more useful statistics. We can't eliminate anonymous session - // table rows without breaking throttle module and "Who's Online" block. - if ($user->uid || $value || count($_COOKIE)) { - db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time()); - } - } - else { - db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time(), $key); - + db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', $_SERVER["REMOTE_ADDR"], $value, time(), $key); + if (db_affected_rows()) { // TODO: this can be an expensive query. Perhaps only execute it every x minutes. Requires investigation into cache expiration. if ($user->uid) { db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid); } } + else { + // If this query fails, another parallel request probably got here first. + // In that case, any session data generated in this request is discarded. + @db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', $_SERVER["REMOTE_ADDR"], $value, time()); + } return TRUE; } @@ -163,8 +161,8 @@ * * @param $status * Disables writing of session data when FALSE, (re-)enables writing when TRUE. - * - * @return FALSE if writing session data has been disabled. Otherwise, TRUE. + * @return + * FALSE if writing session data has been disabled. Otherwise, TRUE. */ function session_save_session($status = NULL) { static $save_session = TRUE; diff -Naur drupal-5.10/includes/tablesort.inc drupal-5.23/includes/tablesort.inc --- drupal-5.10/includes/tablesort.inc 2007-06-17 00:29:25.000000000 +0200 +++ drupal-5.23/includes/tablesort.inc 2009-07-01 22:52:11.000000000 +0200 @@ -1,5 +1,5 @@ Theme system + * @see Theme guide * @see themeable */ @@ -168,7 +168,12 @@ $functions[$function] = theme_get_function($function); } if ($functions[$function]) { - return call_user_func_array($functions[$function], $args); + $output = call_user_func_array($functions[$function], $args); + // Add final markup to the full page. + if ($function == 'page' || $function == 'book_export_html') { + $output = drupal_final_markup($output); + } + return $output; } } @@ -923,10 +928,10 @@ * All other elements are treated as attributes of the list item element. * @param $title * The title of the list. - * @param $attributes - * The attributes applied to the list element. * @param $type * The type of list to return (e.g. "ul", "ol") + * @param $attributes + * The attributes applied to the list element. * @return * A string containing the list output. */ diff -Naur drupal-5.10/includes/xmlrpc.inc drupal-5.23/includes/xmlrpc.inc --- drupal-5.10/includes/xmlrpc.inc 2008-08-13 20:01:53.000000000 +0200 +++ drupal-5.23/includes/xmlrpc.inc 2008-10-02 00:01:17.000000000 +0200 @@ -1,5 +1,5 @@ code = $code; $xmlrpc_error->message = $message; } + elseif ($reset) { + $xmlrpc_error = NULL; + } return $xmlrpc_error; } @@ -427,6 +430,7 @@ function _xmlrpc() { $args = func_get_args(); $url = array_shift($args); + xmlrpc_clear_error(); if (is_array($args[0])) { $method = 'system.multicall'; $multicall_args = array(); @@ -475,3 +479,10 @@ $error = xmlrpc_error(); return $error->message; } + +/** + * Clears any previous error. + */ +function xmlrpc_clear_error() { + xmlrpc_error(NULL, NULL, TRUE); +} \ No newline at end of file diff -Naur drupal-5.10/misc/drupal.js drupal-5.23/misc/drupal.js --- drupal-5.10/misc/drupal.js 2008-08-13 20:12:23.000000000 +0200 +++ drupal-5.23/misc/drupal.js 2009-02-26 07:46:48.000000000 +0100 @@ -1,4 +1,4 @@ -// $Id: drupal.js,v 1.29.2.2 2008/08/13 18:12:23 drumm Exp $ +// $Id: drupal.js,v 1.29.2.3 2009/02/26 06:46:48 drumm Exp $ var Drupal = Drupal || {}; @@ -12,8 +12,8 @@ */ Drupal.extend = function(obj) { for (var i in obj) { - if (this[i]) { - Drupal.extend.apply(this[i], [obj[i]]); + if (this[i] && (typeof(this[i]) == 'function' || typeof(this[i]) == 'object')) { + Drupal.extend.apply(this[i], [obj[i]]); } else { this[i] = obj[i]; diff -Naur drupal-5.10/modules/aggregator/aggregator.info drupal-5.23/modules/aggregator/aggregator.info --- drupal-5.10/modules/aggregator/aggregator.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/aggregator/aggregator.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/block/block.info drupal-5.23/modules/block/block.info --- drupal-5.10/modules/block/block.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/block/block.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - required version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/block/block.module drupal-5.23/modules/block/block.module --- drupal-5.10/modules/block/block.module 2008-07-16 21:09:39.000000000 +0200 +++ drupal-5.23/modules/block/block.module 2009-01-14 06:43:04.000000000 +0100 @@ -1,5 +1,5 @@ $form_values['info']))); cache_clear_all(); return 'admin/build/block'; diff -Naur drupal-5.10/modules/blog/blog.info drupal-5.23/modules/blog/blog.info --- drupal-5.10/modules/blog/blog.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/blog/blog.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/blogapi/blogapi.info drupal-5.23/modules/blogapi/blogapi.info --- drupal-5.10/modules/blogapi/blogapi.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/blogapi/blogapi.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/blogapi/blogapi.install drupal-5.23/modules/blogapi/blogapi.install --- drupal-5.10/modules/blogapi/blogapi.install 2008-08-14 01:59:09.000000000 +0200 +++ drupal-5.23/modules/blogapi/blogapi.install 2008-08-27 15:25:13.000000000 +0200 @@ -1,5 +1,5 @@ status; $node->status = $publish; // check for bloggerAPI vs. metaWeblogAPI @@ -270,6 +276,11 @@ node_invoke_nodeapi($node, 'blogapi edit'); + $valid = blogapi_status_error_check($node, $original_status); + if ($valid !== TRUE) { + return $valid; + } + node_validate($node); if ($errors = form_get_errors()) { return blogapi_error(implode("\n", $errors)); @@ -303,6 +314,33 @@ } /** + * Check that the user has permission to save the node with the chosen status. + * + * @return + * TRUE if no error, or the blogapi_error(). + */ +function blogapi_status_error_check($node, $original_status) { + + $node = (object) $node; + + $node_type_default = variable_get('node_options_'. $node->type, array('status', 'promote')); + + // If we don't have the 'administer nodes' permission and the status is + // changing or for a new node the status is not the content type's default, + // then return an error. + if (!user_access('administer nodes') && (($node->status != $original_status) || (empty($node->nid) && $node->status != in_array('status', $node_type_default)))) { + if ($node->status) { + return blogapi_error(t('You do not have permission to publish this type of post. Please save it as a draft instead.')); + } + else { + return blogapi_error(t('You do not have permission to save this post as a draft. Please publish it instead.')); + } + } + return TRUE; +} + + +/** * Blogging API callback. Removes the specified blog node. */ function blogapi_blogger_delete_post($appkey, $postid, $username, $password, $publish) { @@ -492,11 +530,60 @@ foreach ($categories as $category) { $node->taxonomy[] = $category['categoryId']; } + $validated = blogapi_mt_validate_terms($node); + if ($validated !== TRUE) { + return $validated; + } node_save($node); return TRUE; } /** + * Blogging API helper - find allowed taxonomy terms for a node type. + */ +function blogapi_mt_validate_terms($node) { + // We do a lot of heavy lifting here since taxonomy module doesn't have a + // stand-alone validation function. + if (module_exists('taxonomy')) { + $found_terms = array(); + if (!empty($node->taxonomy)) { + $term_list = array_unique($node->taxonomy); + $placeholders = implode(', ', array_fill(0, count($term_list), '%d')); + $params = $term_list; + $params[] = $node->type; + $result = db_query(db_rewrite_sql("SELECT t.tid, t.vid FROM {term_data} t INNER JOIN {vocabulary_node_types} n ON t.vid = n.vid WHERE t.tid IN (". $placeholders .") AND n.type = '%s'", 't', 'tid'), $params); + $found_terms = array(); + $found_count = 0; + while ($term = db_fetch_object($result)) { + $found_terms[$term->vid][$term->tid] = $term->tid; + $found_count++; + } + // If the counts don't match, some terms are invalid or not accessible to this user. + if (count($term_list) != $found_count) { + return blogapi_error(t('Invalid categories submitted.')); + } + } + // Look up all the vocabularies for this node type. + $result2 = db_query(db_rewrite_sql("SELECT v.vid, v.name, v.required, v.multiple FROM {vocabulary} v INNER JOIN {vocabulary_node_types} n ON v.vid = n.vid WHERE n.type = '%s'", 'v', 'vid'), $node->type); + // Check each vocabulary associated with this node type. + while ($vocabulary = db_fetch_object($result2)) { + // Required vocabularies must have at least one term. + if ($vocabulary->required && empty($found_terms[$vocabulary->vid])) { + return blogapi_error(t('A category from the @vocabulary_name vocabulary is required.', array('@vocabulary_name' => $vocabulary->name))); + } + // Vocabularies that don't allow multiple terms may have at most one. + if (!($vocabulary->multiple) && (isset($found_terms[$vocabulary->vid]) && count($found_terms[$vocabulary->vid]) > 1)) { + return blogapi_error(t('You may only choose one category from the @vocabulary_name vocabulary.'), array('@vocabulary_name' => $vocabulary->name)); + } + } + } + elseif (!empty($node->taxonomy)) { + return blogapi_error(t('Error saving categories. This feature is not available.')); + } + return TRUE; +} + +/** * Blogging API callback. Sends a list of available input formats. */ function blogapi_mt_supported_text_filters() { @@ -527,11 +614,16 @@ return blogapi_error(t('Invalid post.')); } - $node->status = 1; - if (!node_access('update', $node)) { + // Nothing needs to be done if already published. + if ($node->status) { + return; + } + + if (!node_access('update', $node) || !user_access('administer nodes')) { return blogapi_error(t('You do not have permission to update this post.')); } + $node->status = 1; node_save($node); return TRUE; diff -Naur drupal-5.10/modules/book/book.info drupal-5.23/modules/book/book.info --- drupal-5.10/modules/book/book.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/book/book.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/book/book.module drupal-5.23/modules/book/book.module --- drupal-5.10/modules/book/book.module 2007-02-14 05:30:33.000000000 +0100 +++ drupal-5.23/modules/book/book.module 2009-05-13 21:41:56.000000000 +0200 @@ -1,5 +1,5 @@ \n"; $html .= ''; - $html .= "\n". $title ."\n"; + $html .= "\n\n"; $html .= ''; + $html .= "\n". $title ."\n"; $html .= '' . "\n"; $html .= "\n"; $html .= "\n\n". $content ."\n\n\n"; diff -Naur drupal-5.10/modules/color/color.info drupal-5.23/modules/color/color.info --- drupal-5.10/modules/color/color.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/color/color.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/color/color.module drupal-5.23/modules/color/color.module --- drupal-5.10/modules/color/color.module 2008-02-11 07:53:01.000000000 +0100 +++ drupal-5.23/modules/color/color.module 2008-12-21 03:56:30.000000000 +0100 @@ -1,5 +1,5 @@ 'fieldset', - '#title' => t('Color scheme'), - '#weight' => -1, - '#attributes' => array('id' => 'color_scheme_form'), - '#theme' => 'color_scheme_form', - ); - $form['color'] += color_scheme_form(arg(4)); - $form['#submit']['color_scheme_form_submit'] = array(); + if ($form_id == 'system_theme_settings' && color_get_info(arg(4)) && function_exists('gd_info')) { + if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) != FILE_DOWNLOADS_PUBLIC) { + // Disables the color changer when the private download method is used. + // TODO: This should be solved in a different way. See issue #181003. + drupal_set_message(t('The color picker only works if the download method is set to public.', array('@url' => url('admin/settings/file-system')))); + } + else { + $form['color'] = array( + '#type' => 'fieldset', + '#title' => t('Color scheme'), + '#weight' => -1, + '#attributes' => array('id' => 'color_scheme_form'), + '#theme' => 'color_scheme_form', + ); + $form['color'] += color_scheme_form(arg(4)); + $form['#submit']['color_scheme_form_submit'] = array(); + } } // Use the generated screenshot in the theme list diff -Naur drupal-5.10/modules/comment/comment.info drupal-5.23/modules/comment/comment.info --- drupal-5.10/modules/comment/comment.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/comment/comment.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/comment/comment.module drupal-5.23/modules/comment/comment.module --- drupal-5.10/modules/comment/comment.module 2007-11-07 09:03:30.000000000 +0100 +++ drupal-5.23/modules/comment/comment.module 2010-08-11 22:37:49.000000000 +0200 @@ -1,5 +1,5 @@ uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments'); + return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0 && $comment->status == COMMENT_PUBLISHED) || user_access('administer comments'); } } @@ -1656,7 +1656,7 @@ // 2) Strip out all HTML tags // 3) Convert entities back to plain-text. // Note: format is checked by check_markup(). - $form_values['subject'] = trim(truncate_utf8(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format']))), 29, TRUE)); + $form_values['subject'] = truncate_utf8(trim(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format'])))), 29, TRUE); // Edge cases where the comment body is populated only by HTML tags will // require a default subject. if ($form_values['subject'] == '') { @@ -1809,23 +1809,33 @@ function theme_comment_post_forbidden($nid) { global $user; - if ($user->uid) { - return t("you can't post comments"); - } - else { - // we cannot use drupal_get_destination() because these links sometimes appear on /node and taxo listing pages - if (variable_get('comment_form_location', COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) { - $destination = "destination=". drupal_urlencode("comment/reply/$nid#comment-form"); - } - else { - $destination = "destination=". drupal_urlencode("node/$nid#comment-form"); - } + static $authenticated_post_comments; - if (variable_get('user_register', 1)) { - return t('Login or register to post comments', array('@login' => url('user/login', $destination), '@register' => url('user/register', $destination))); + if (!$user->uid) { + if (!isset($authenticated_post_comments)) { + // We only output any link if we are certain, that users get permission + // to post comments by logging in. We also locally cache this information. + $authenticated_post_comments = array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(TRUE, 'post comments') + user_roles(TRUE, 'post comments without approval')); } - else { - return t('Login to post comments', array('@login' => url('user/login', $destination))); + + if ($authenticated_post_comments) { + // We cannot use drupal_get_destination() because these links + // sometimes appear on /node and taxonomy listing pages. + if (variable_get('comment_form_location', COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) { + $destination = 'destination='. drupal_urlencode("comment/reply/$nid#comment-form"); + } + else { + $destination = 'destination='. drupal_urlencode("node/$nid#comment-form"); + } + + if (variable_get('user_register', 1)) { + // Users can register themselves. + return t('Login or register to post comments', array('@login' => url('user/login', $destination), '@register' => url('user/register', $destination))); + } + else { + // Only admins can add new users, no public registration. + return t('Login to post comments', array('@login' => url('user/login', $destination))); + } } } } diff -Naur drupal-5.10/modules/contact/contact.info drupal-5.23/modules/contact/contact.info --- drupal-5.10/modules/contact/contact.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/contact/contact.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/contact/contact.module drupal-5.23/modules/contact/contact.module --- drupal-5.10/modules/contact/contact.module 2007-06-05 09:18:05.000000000 +0200 +++ drupal-5.23/modules/contact/contact.module 2009-12-16 21:46:31.000000000 +0100 @@ -1,5 +1,5 @@ '. t('The contact module also adds a menu item (disabled by default) to the navigation block.', array('@menu-settings' => url('admin/build/menu'))) .' '. $menu_note .'

'; - return($output); + return $output; } } @@ -145,7 +145,7 @@ $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category'); $rows = array(); while ($category = db_fetch_object($result)) { - $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); + $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); } $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2)); @@ -227,7 +227,7 @@ db_query('UPDATE {contact} SET selected = 0'); } $recipients = explode(',', $form_values['recipients']); - foreach ($recipients as $key=>$recipient) { + foreach ($recipients as $key => $recipient) { // E-mail address validation has already been done in _validate. $recipients[$key] = trim($recipient); } @@ -547,6 +547,5 @@ drupal_set_message(t('Your message has been sent.')); // Jump to home page rather than back to contact page to avoid contradictory messages if flood control has been activated. - return(''); + return ''; } - diff -Naur drupal-5.10/modules/drupal/drupal.info drupal-5.23/modules/drupal/drupal.info --- drupal-5.10/modules/drupal/drupal.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/drupal/drupal.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/filter/filter.info drupal-5.23/modules/filter/filter.info --- drupal-5.10/modules/filter/filter.info 2008-08-14 02:05:07.000000000 +0200 +++ drupal-5.23/modules/filter/filter.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - required version = VERSION -; Information added by drupal.org packaging script on 2008-08-14 -version = "5.10" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1218672307" +datestamp = "1281559590" diff -Naur drupal-5.10/modules/filter/filter.module drupal-5.23/modules/filter/filter.module --- drupal-5.10/modules/filter/filter.module 2008-08-14 01:59:09.000000000 +0200 +++ drupal-5.23/modules/filter/filter.module 2009-06-03 19:52:13.000000000 +0200 @@ -1,5 +1,5 @@ module, 'filter', 'list'); - if (isset($list) && is_array($list) && isset($list[$filter->delta])) { - $filter->name = $list[$filter->delta]; - $filters[$format][$filter->module .'/'. $filter->delta] = $filter; + if (db_num_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) { + // The format has no filters and does not exist, use the default input + // format. + $filters[$format] = filter_list_format(variable_get('filter_default_format', 1)); + } + else { + $filters[$format] = array(); + while ($filter = db_fetch_object($result)) { + $list = module_invoke($filter->module, 'filter', 'list'); + if (isset($list) && is_array($list) && isset($list[$filter->delta])) { + $filter->name = $list[$filter->delta]; + $filters[$format][$filter->module .'/'. $filter->delta] = $filter; + } } } } @@ -940,13 +947,12 @@ $output .= ''. $name .':
'; } - $tips = ''; - foreach ($tiplist as $tip) { - $tips .= '' : '>') . $tip['tip'] . ''; - } - - if ($tips) { - $output .= "
    $tips
"; + if (count($tiplist) > 0) { + $output .= '
    '; + foreach ($tiplist as $tip) { + $output .= '' : '>') . $tip['tip'] .''; + } + $output .= '
'; } if ($multiple) { @@ -1181,13 +1187,13 @@ */ function _filter_autop($text) { // All block level tags - $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6])'; + $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6]|hr)'; // Split at 
, ,  tags.
   // We don't apply any processing to the contents of these tags to avoid messing
   // up code. We look for matched pairs and allow basic nesting. For example:
   // "processed 
 ignored  ignored 
 processed"
-  $chunks = preg_split('@(]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+  $chunks = preg_split('@(]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
   // Note: PHP ensures the array consists of alternating delimiters and literals
   // and begins and ends with a literal (inserting NULL as required).
   $ignore = FALSE;
@@ -1244,7 +1250,7 @@
  * for scripts and styles.
  */
 function filter_xss_admin($string) {
-  return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
+  return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
 }
 
 /**
diff -Naur drupal-5.10/modules/forum/forum.info drupal-5.23/modules/forum/forum.info
--- drupal-5.10/modules/forum/forum.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/forum/forum.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/forum/forum.module drupal-5.23/modules/forum/forum.module
--- drupal-5.10/modules/forum/forum.module	2008-04-05 04:18:59.000000000 +0200
+++ drupal-5.23/modules/forum/forum.module	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
  'select', '#title' => $title, '#default_value' => $parent, '#options' => $options, '#description' => $description, '#required' => TRUE);
 }
 
-function forum_link_alter(&$node, &$links) {
-  foreach ($links as $module => $link) {
-    if (strstr($module, 'taxonomy_term')) {
-      // Link back to the forum and not the taxonomy term page. We'll only
-      // do this if the taxonomy term in question belongs to forums.
-      $tid = str_replace('taxonomy/term/', '', $link['href']);
-      $term = taxonomy_get_term($tid);
-      if ($term->vid == _forum_get_vid()) {
-        $links[$module]['href'] = str_replace('taxonomy/term', 'forum', $link['href']);
-      }
-    }
-  }
+function forum_term_path($term) {
+  return 'forum/'. $term->tid;
 }
 
 /**
@@ -843,6 +833,11 @@
  * Menu callback; prints a forum listing.
  */
 function forum_page($tid = 0) {
+  if (!is_numeric($tid)) {
+    return MENU_NOT_FOUND;
+  }
+  $tid = (int)$tid;
+
   drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
   $forum_per_page = variable_get('forum_per_page', 25);
   $sortby = variable_get('forum_order', 1);
diff -Naur drupal-5.10/modules/help/help.info drupal-5.23/modules/help/help.info
--- drupal-5.10/modules/help/help.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/help/help.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/legacy/legacy.info drupal-5.23/modules/legacy/legacy.info
--- drupal-5.10/modules/legacy/legacy.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/legacy/legacy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/locale/locale.info drupal-5.23/modules/locale/locale.info
--- drupal-5.10/modules/locale/locale.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/locale/locale.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/locale/locale.install drupal-5.23/modules/locale/locale.install
--- drupal-5.10/modules/locale/locale.install	2006-11-14 07:20:40.000000000 +0100
+++ drupal-5.23/modules/locale/locale.install	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 %'"));
+  if ($matches) {
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '<', '')");
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '>', '')");
+    drupal_set_message('The language name in English of all the existing custom languages of your site have been sanitized for security purposes. Visit the Languages page to check these and fix them if necessary.', 'warning');
+  }
+  // Check if some langcode values contain potentially dangerous characters and
+  // warn the user if so. These are not fixed since they are referenced in other
+  // tables (e.g. {node}).
+  if (db_result(db_query("SELECT 1 FROM {locales_meta} WHERE locale LIKE '%<%' OR locale LIKE '%>%' OR locale LIKE '%\"%' OR locale LIKE '%\\\\\%'"))) {
+    drupal_set_message('Some of your custom language code values contain invalid characters. You should examine the Languages page. These must be fixed manually.', 'error');
+  }
+  return $ret;
+}
diff -Naur drupal-5.10/modules/locale/locale.module drupal-5.23/modules/locale/locale.module
--- drupal-5.10/modules/locale/locale.module	2008-07-09 23:48:42.000000000 +0200
+++ drupal-5.23/modules/locale/locale.module	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 language == '') {
       $user->language = key($languages['name']);
     }
-    $languages['name'] = array_map('check_plain', array_map('t', $languages['name']));
+    foreach (array_map('t', $languages['name']) as $key => $value) {
+      $languages_name[check_plain($key)] = check_plain($value);
+    }
     $form['locale'] = array('#type' => 'fieldset',
       '#title' => t('Interface language settings'),
       '#weight' => 1,
     );
     $form['locale']['language'] = array('#type' => 'radios',
       '#title' => t('Language'),
-      '#default_value' => $user->language,
-      '#options' => $languages['name'],
+      '#default_value' => check_plain($user->language),
+      '#options' => $languages_name,
       '#description' => t('Selecting a different locale will change the interface language of the site.'),
     );
     return $form;
diff -Naur drupal-5.10/modules/menu/menu.info drupal-5.23/modules/menu/menu.info
--- drupal-5.10/modules/menu/menu.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/menu/menu.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/menu/menu.module drupal-5.23/modules/menu/menu.module
--- drupal-5.10/modules/menu/menu.module	2008-01-07 03:13:58.000000000 +0100
+++ drupal-5.23/modules/menu/menu.module	2009-02-26 07:56:26.000000000 +0100
@@ -1,5 +1,5 @@
  0) {
-      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d'", $form['nid']['#value']));
+      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d' ORDER BY mid", $form['nid']['#value']));
       if (isset($form['#post']['menu']) && is_array($form['#post']['menu'])) {
         $item = !is_array($item) ? $form['#post']['menu'] : (($form['#post']['op'] == t('Preview')) ? array_merge($item, $form['#post']['menu']) : array_merge($form['#post']['menu'], $item));
       }
@@ -357,6 +357,7 @@
     '#title' => t('Description'),
     '#default_value' => $item['description'],
     '#description' => t('The description displayed when hovering over a menu item.'),
+    '#maxlength' => 255,
   );
 
   if ($item['type'] & MENU_CREATED_BY_ADMIN) {
diff -Naur drupal-5.10/modules/node/node.info drupal-5.23/modules/node/node.info
--- drupal-5.10/modules/node/node.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/node/node.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/node/node.module drupal-5.23/modules/node/node.module
--- drupal-5.10/modules/node/node.module	2008-07-16 21:04:21.000000000 +0200
+++ drupal-5.23/modules/node/node.module	2009-01-15 00:32:14.000000000 +0100
@@ -1,5 +1,5 @@
  '2.0',
-    'title'       => variable_get('site_name', 'Drupal') .' - '. variable_get('site_slogan', ''),
+    'title'       => variable_get('site_name', 'Drupal') . (variable_get('site_slogan', '') ? ' - '. variable_get('site_slogan', '') : ''),
     'link'        => $base_url,
     'description' => variable_get('site_mission', ''),
     'language'    => $locale
@@ -2165,6 +2165,14 @@
     $form['delete'] = array('#type' => 'button', '#value' => t('Delete'), '#weight' => 50);
   }
   $form['#after_build'] = array('node_form_add_preview');
+  // Ensure that node_validate() will always get called.
+  $form['#validate']['node_form_validate'] = array();
+  // Also, if the module defines its own _validate() routine based on the
+  // form_id, include that in the #validate array, as well.
+  $node_validate = $node->type .'_node_form_validate';
+  if (function_exists($node_validate)) {
+    $form['#validate'][$node_validate] = array();
+  }
   $form['#base'] = 'node_form';
   return $form;
 }
@@ -2745,6 +2753,11 @@
 function node_access($op, $node = NULL) {
   global $user;
 
+  if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+    // If there was no node to check against, or the $op was not one of the
+    // supported ones, we return access denied.
+    return FALSE;
+  }
   // Convert the node to an object if necessary:
   if ($op != 'create') {
     $node = (object)$node;
diff -Naur drupal-5.10/modules/path/path.info drupal-5.23/modules/path/path.info
--- drupal-5.10/modules/path/path.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/path/path.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/path/path.module drupal-5.23/modules/path/path.module
--- drupal-5.10/modules/path/path.module	2008-02-11 06:11:58.000000000 +0100
+++ drupal-5.23/modules/path/path.module	2009-01-14 06:59:09.000000000 +0100
@@ -1,5 +1,5 @@
  'textfield',
     '#title' => t('Existing system path'),
     '#default_value' => $edit['src'],
-    '#maxlength' => 64,
+    '#maxlength' => 128,
     '#size' => 45,
     '#description' => t('Specify the existing path you wish to alias. For example: node/28, forum/1, taxonomy/term/1+2.'),
     '#field_prefix' => url(NULL, NULL, NULL, TRUE) . (variable_get('clean_url', 0) ? '' : '?q=')
@@ -187,7 +187,7 @@
   $form['dst'] = array(
     '#type' => 'textfield',
     '#default_value' => $edit['dst'],
-    '#maxlength' => 64,
+    '#maxlength' => 128,
     '#size' => 45,
     '#description' => t('Specify an alternative path by which this data can be accessed. For example, type "about" when writing an about page. Use a relative path and don\'t add a trailing slash or the URL alias won\'t work.'),
     '#field_prefix' => url(NULL, NULL, NULL, TRUE) . (variable_get('clean_url', 0) ? '' : '?q=')
@@ -269,7 +269,7 @@
     $form['path']['path'] = array(
       '#type' => 'textfield',
       '#default_value' => $path,
-      '#maxlength' => 250,
+      '#maxlength' => 128,
       '#collapsible' => TRUE,
       '#collapsed' => TRUE,
       '#description' => t('Optionally specify an alternative URL by which this node can be accessed. For example, type "about" when writing an about page. Use a relative path and don\'t add a trailing slash or the URL alias won\'t work.'),
diff -Naur drupal-5.10/modules/ping/ping.info drupal-5.23/modules/ping/ping.info
--- drupal-5.10/modules/ping/ping.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/ping/ping.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/poll/poll.info drupal-5.23/modules/poll/poll.info
--- drupal-5.10/modules/poll/poll.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/poll/poll.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/poll/poll.module drupal-5.23/modules/poll/poll.module
--- drupal-5.10/modules/poll/poll.module	2007-12-27 09:26:00.000000000 +0100
+++ drupal-5.23/modules/poll/poll.module	2008-10-05 02:51:40.000000000 +0200
@@ -1,5 +1,5 @@
 nid));
 
+  // Load the appropriate choices into the $poll object.
   $result = db_query("SELECT chtext, chvotes, chorder FROM {poll_choices} WHERE nid = %d ORDER BY chorder", $node->nid);
   while ($choice = db_fetch_array($result)) {
     $poll->choice[$choice['chorder']] = $choice;
   }
 
-  // Determine whether or not this user is allowed to vote
+  // Determine whether or not this user is allowed to vote.
   $poll->allowvotes = FALSE;
   if (user_access('vote on polls') && $poll->active) {
     if ($user->uid) {
@@ -629,18 +629,32 @@
  * Implementation of hook_update().
  */
 function poll_update($node) {
+  // Update poll settings.
   db_query('UPDATE {poll} SET runtime = %d, active = %d WHERE nid = %d', $node->runtime, $node->active, $node->nid);
 
+  // Clean poll choices.
   db_query('DELETE FROM {poll_choices} WHERE nid = %d', $node->nid);
-  db_query('DELETE FROM {poll_votes} WHERE nid = %d', $node->nid);
 
-  $i = 0;
-  foreach ($node->choice as $choice) {
-    $chvotes = (int)$choice['chvotes'];
+  // Poll choices come in the same order with the same numbers as they are in
+  // the database, but some might have an empty title, which signifies that
+  // they should be removed. We remove all votes to the removed options, so
+  // people who voted on them can vote again.
+  $new_chorder = 0;
+  foreach ($node->choice as $old_chorder => $choice) {
+    $chvotes = isset($choice['chvotes']) ? (int)$choice['chvotes'] : 0;
     $chtext = $choice['chtext'];
 
-    if ($chtext != '') {
-      db_query("INSERT INTO {poll_choices} (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $chtext, $chvotes, $i++);
+    if (!empty($chtext)) {
+      db_query("INSERT INTO {poll_choices} (nid, chtext, chvotes, chorder) VALUES (%d, '%s', %d, %d)", $node->nid, $chtext, $chvotes, $new_chorder);
+      if ($new_chorder != $old_chorder) {
+        // We can only remove items in the middle, not add, so
+        // new_chorder is always <= old_chorder, making this safe.
+        db_query("UPDATE {poll_votes} SET chorder = %d WHERE nid = %d AND chorder = %d", $new_chorder, $node->nid, $old_chorder);
+      }
+      $new_chorder++;
+    }
+    else {
+      db_query("DELETE FROM {poll_votes} WHERE nid = %d AND chorder = %d", $node->nid, $old_chorder);
     }
   }
 }
diff -Naur drupal-5.10/modules/profile/profile.info drupal-5.23/modules/profile/profile.info
--- drupal-5.10/modules/profile/profile.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/profile/profile.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/profile/profile.module drupal-5.23/modules/profile/profile.module
--- drupal-5.10/modules/profile/profile.module	2008-02-11 06:36:07.000000000 +0100
+++ drupal-5.23/modules/profile/profile.module	2009-01-14 06:38:52.000000000 +0100
@@ -1,5 +1,5 @@
 required ? array() : array('--');
-        $lines = split("[,\n\r]", $field->options);
+        $lines = split("[\n\r]", $field->options);
         foreach ($lines as $line) {
           if ($line = trim($line)) {
             $options[$line] = $line;
@@ -750,7 +750,15 @@
 }
 
 function profile_categories() {
-  $result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
+  // Hide hidden profile fields from users that don't have permission to administer users.
+  // For these users, categories with only hidden profile fields will not be returned.
+  if (user_access('administer users')) {
+    $result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
+  }
+  else {
+    $result = db_query("SELECT DISTINCT(category) FROM {profile_fields} WHERE visibility <> %d", PROFILE_HIDDEN);
+  }
+
   while ($category = db_fetch_object($result)) {
     $data[] = array('name' => $category->category, 'title' => $category->category, 'weight' => 3);
   }
diff -Naur drupal-5.10/modules/search/search.info drupal-5.23/modules/search/search.info
--- drupal-5.10/modules/search/search.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/search/search.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/search/search.module drupal-5.23/modules/search/search.module
--- drupal-5.10/modules/search/search.module	2008-05-14 08:35:29.000000000 +0200
+++ drupal-5.23/modules/search/search.module	2009-09-16 06:27:01.000000000 +0200
@@ -1,5 +1,5 @@
  $module) {
       // If the module is disabled, will be switched on and it has dependencies.
-      if (!$module->status && $form_values['status'][$name] && isset($module->info['dependencies'])) {
+      if (!$module->status && isset($form_values['status'][$name]) && $form_values['status'][$name] && isset($module->info['dependencies'])) {
         foreach ($module->info['dependencies'] as $dependency) {
           if (!$form_values['status'][$dependency] && isset($modules[$dependency])) {
             if (!isset($dependencies[$name])) {
@@ -2371,7 +2371,7 @@
     }
   }
 
-  $output = '
';
+  $output = '
';
   foreach ($container as $id => $data) {
     $output .= '
';
     $output .= $data;
diff -Naur drupal-5.10/modules/taxonomy/taxonomy.info drupal-5.23/modules/taxonomy/taxonomy.info
--- drupal-5.10/modules/taxonomy/taxonomy.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/taxonomy/taxonomy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/taxonomy/taxonomy.module drupal-5.23/modules/taxonomy/taxonomy.module
--- drupal-5.10/modules/taxonomy/taxonomy.module	2008-07-06 02:50:44.000000000 +0200
+++ drupal-5.23/modules/taxonomy/taxonomy.module	2009-07-10 07:47:16.000000000 +0200
@@ -1,5 +1,5 @@
 vid);
   if ($vocabulary->module != 'taxonomy' && $path = module_invoke($vocabulary->module, 'term_path', $term)) {
@@ -621,7 +620,7 @@
  */
 function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
   $vocabulary = taxonomy_get_vocabulary($vid);
-  $help = ($help) ? $help : $vocabulary->help;
+  $help = ($help) ? $help : filter_xss_admin($vocabulary->help);
 
   if (!$vocabulary->multiple) {
     $blank = ($vocabulary->required) ? t('- Please choose -') : t('- None selected -');
@@ -718,7 +717,7 @@
         $typed_string = implode(', ', $typed_terms) . (array_key_exists('tags', $terms) ? $terms['tags'][$vocabulary->vid] : NULL);
 
         if ($vocabulary->help) {
-          $help = $vocabulary->help;
+          $help = filter_xss_admin($vocabulary->help);
         }
         else {
           $help = t('A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".');
@@ -730,7 +729,7 @@
           '#default_value' => $typed_string,
           '#autocomplete_path' => 'taxonomy/autocomplete/'. $vocabulary->vid,
           '#weight' => $vocabulary->weight,
-          '#maxlength' => 255,
+          '#maxlength' => 1024,
         );
       }
       else {
@@ -741,7 +740,7 @@
             $default_terms[$term->tid] = $term;
           }
         }
-        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), $vocabulary->help);
+        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), filter_xss_admin($vocabulary->help));
         $form['taxonomy'][$vocabulary->vid]['#weight'] = $vocabulary->weight;
         $form['taxonomy'][$vocabulary->vid]['#required'] = $vocabulary->required;
       }
@@ -1178,6 +1177,35 @@
   return $terms[$tid];
 }
 
+/**
+ * Create a select form element for a given taxonomy vocabulary.
+ *
+ * NOTE: This function expects input that has already been sanitized and is
+ * safe for display. Callers must properly sanitize the $title and
+ * $description arguments to prevent XSS vulnerabilities.
+ *
+ * @param $title
+ *   The title of the vocabulary. This MUST be sanitized by the caller.
+ * @param $name
+ *   Ignored.
+ * @param $value
+ *   The currently selected terms from this vocabulary, if any.
+ * @param $vocabulary_id
+ *   The vocabulary ID to build the form element for.
+ * @param $description
+ *   Help text for the form element. This MUST be sanitized by the caller.
+ * @param $multiple
+ *   Boolean to control if the form should use a single or multiple select.
+ * @param $blank
+ *   Optional form choice to use when no value has been selected.
+ * @param $exclude
+ *   Optional array of term ids to exclude in the selector.
+ * @return
+ *   A FAPI form array to select terms from the given vocabulary.
+ *
+ * @see taxonomy_form()
+ * @see taxonomy_form_term()
+ */
 function _taxonomy_term_select($title, $name, $value, $vocabulary_id, $description, $multiple, $blank, $exclude = array()) {
   $tree = taxonomy_get_tree($vocabulary_id);
   $options = array();
diff -Naur drupal-5.10/modules/throttle/throttle.info drupal-5.23/modules/throttle/throttle.info
--- drupal-5.10/modules/throttle/throttle.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/throttle/throttle.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/tracker/tracker.info drupal-5.23/modules/tracker/tracker.info
--- drupal-5.10/modules/tracker/tracker.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/tracker/tracker.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/upload/upload.info drupal-5.23/modules/upload/upload.info
--- drupal-5.10/modules/upload/upload.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/upload/upload.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/upload/upload.module drupal-5.23/modules/upload/upload.module
--- drupal-5.10/modules/upload/upload.module	2008-05-26 07:03:47.000000000 +0200
+++ drupal-5.23/modules/upload/upload.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,5 +1,5 @@
 filepath) {
+      // Since some database servers sometimes use a case-insensitive
+      // comparison by default, double check that the filename is an exact
+      // match.
+      continue;
+    }
     if (user_access('view uploaded files')) {
       $node = node_load($file->nid);
       if (node_access('view', $node)) {
@@ -271,13 +277,8 @@
           'Content-Length: '. $file->filesize,
         );
       }
-      else {
-        return -1;
-      }
-    }
-    else {
-      return -1;
     }
+    return -1;
   }
 }
 
@@ -878,8 +879,21 @@
  * Menu-callback for JavaScript-based uploads.
  */
 function upload_js() {
-  // We only do the upload.module part of the node validation process.
-  $node = (object)$_POST;
+  if (isset($_POST['vid']) && is_numeric($_POST['vid'])) {
+    // Load the node and check the user is allowed to post attachments to it.
+    $node = node_load(array('vid' => $_POST['vid']));
+    if (!$node || !node_access('update', $node) || !variable_get('upload_'. $node->type, TRUE)) {
+      // Setting this error will cause the form to fail validation.
+      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
+      $output = theme('status_messages');
+      print drupal_to_js(array('status' => TRUE, 'data' => $output));
+      exit();
+    }
+  }
+  else {
+    // This is a new node.
+    $node = new stdClass();
+  }
 
   // Load existing node files.
   $node->files = upload_load($node);
diff -Naur drupal-5.10/modules/user/user.info drupal-5.23/modules/user/user.info
--- drupal-5.10/modules/user/user.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/user/user.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/modules/user/user.module drupal-5.23/modules/user/user.module
--- drupal-5.10/modules/user/user.module	2008-08-14 01:59:09.000000000 +0200
+++ drupal-5.23/modules/user/user.module	2009-09-16 21:33:40.000000000 +0200
@@ -1,5 +1,5 @@
  $name, 'pass' => $pass, 'status' => 1))) {
-    $user = $account;
-    return $user;
+    // Check if the e-mail is denied by an access rule.
+    // Doing this check here saves us a user_load() in user_login_validate()
+    // and introduces less code change for a security fix.
+    if (drupal_is_denied('mail', $account->mail)) {
+      form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $account->name)));
+      return;
+    }
+    else {
+      $user = $account;
+      return $user;
+    }
   }
 
   // Strip name and server from ID:
+  $fullname = $name;
   if ($server = strrchr($name, '@')) {
     $name = substr($name, 0, strlen($name) - strlen($server));
     $server = substr($server, 1);
@@ -991,10 +1001,10 @@
 
   // When possible, determine corresponding external auth source. Invoke
   // source, and log in user if successful:
-  if ($server && ($result = user_get_authmaps("$name@$server"))) {
+  if ($result = user_get_authmaps($fullname)) {
     if (module_invoke(key($result), 'auth', $name, $pass, $server)) {
-      $user = user_external_load("$name@$server");
-      watchdog('user', t('External load by %user using module %module.', array('%user' => $name .'@'. $server, '%module' => key($result))));
+      $user = user_external_load($fullname);
+      watchdog('user', t('External load by %user using module %module.', array('%user' => $fullname, '%module' => key($result))));
     }
   }
 
@@ -1003,23 +1013,18 @@
   else {
     foreach (module_implements('auth') as $module) {
       if (module_invoke($module, 'auth', $name, $pass, $server)) {
-        if ($server) {
-          $name .= '@'. $server;
-        }
-        $registered_user = user_load(array('name' => $name));
+        $registered_user = user_load(array('name' => $fullname));
         if (!$registered_user->uid) { // Register this new user.
           $userinfo = array(
-            'name' => $name, 
+            'name' => $fullname,
             'pass' => user_password(), 
-            'init' => $name, 
+            'init' => $fullname,
             'status' => 1, 
             'access' => time(),
           );
-          if ($server) {
-            $userinfo["authname_$module"] = $name;
-          }
+          $userinfo["authname_$module"] = $fullname;
           $user = user_save('', $userinfo);
-          watchdog('user', t('New external user: %user using module %module.', array('%user' => $name, '%module' => $module)), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
+          watchdog('user', t('New external user: %user using module %module.', array('%user' => $fullname, '%module' => $module)), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
           break;
         }
       }
@@ -1064,6 +1069,13 @@
 
 function user_pass_validate($form_id, $form_values) {
   $name = $form_values['name'];
+
+  // Blocked accounts cannot request a new password,
+  // check provided username and email against access rules.
+  if (drupal_is_denied('user', $name) || drupal_is_denied('mail', $name)) {
+    form_set_error('name', t('%name is not allowed to request a new password.', array('%name' => $name)));
+  }
+
   $account = user_load(array('mail' => $name, 'status' => 1));
   if (!$account) {
     $account = user_load(array('name' => $name, 'status' => 1));
@@ -1083,7 +1095,7 @@
   $from = variable_get('site_mail', ini_get('sendmail_from'));
 
   // Mail one time login URL and instructions.
-  $variables = array('!username' => $account->name, '!site' => variable_get('site_name', 'Drupal'), '!login_url' => user_pass_reset_url($account), '!uri' => $base_url, '!uri_brief' => substr($base_url, strlen('http://')), '!mailto' => $account->mail, '!date' => format_date(time()), '!login_uri' => url('user', NULL, NULL, TRUE), '!edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));
+  $variables = array('!username' => $account->name, '!site' => variable_get('site_name', 'Drupal'), '!login_url' => user_pass_reset_url($account), '!uri' => $base_url, '!uri_brief' => preg_replace('!^https?://!', '', $base_url), '!mailto' => $account->mail, '!date' => format_date(time()), '!login_uri' => url('user', NULL, NULL, TRUE), '!edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE));
   $subject = _user_mail_text('pass_subject', $variables);
   $body = _user_mail_text('pass_body', $variables);
   $mail_success = drupal_mail('user-pass', $account->mail, $subject, $body, $from);
@@ -1116,6 +1128,11 @@
     $current = time();
     // Some redundant checks for extra security ?
     if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) {
+      // Deny one-time login to blocked accounts.
+      if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) {
+        drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error');
+        drupal_goto();
+      }
       // No time out for first time login.
       if ($account->login && $current - $timestamp > $timeout) {
         drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
@@ -1132,6 +1149,8 @@
           $user = $account;
           // And proceed with normal login, going to user page.
           $edit = array();
+          // Regenerate the session ID to prevent against session fixation attacks.
+          sess_regenerate();
           user_module_invoke('login', $edit, $user);
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
           drupal_goto('user/'. $user->uid .'/edit');
diff -Naur drupal-5.10/modules/watchdog/watchdog.info drupal-5.23/modules/watchdog/watchdog.info
--- drupal-5.10/modules/watchdog/watchdog.info	2008-08-14 02:05:07.000000000 +0200
+++ drupal-5.23/modules/watchdog/watchdog.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-08-14
-version = "5.10"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1218672307"
+datestamp = "1281559590"
 
diff -Naur drupal-5.10/robots.txt drupal-5.23/robots.txt
--- drupal-5.10/robots.txt	2008-02-25 03:18:25.000000000 +0100
+++ drupal-5.23/robots.txt	2008-12-10 21:24:38.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: robots.txt,v 1.7.2.2 2008/02/25 02:18:25 drumm Exp $
+# $Id: robots.txt,v 1.7.2.3 2008/12/10 20:24:38 drumm Exp $
 #
 # robots.txt
 #
@@ -20,27 +20,25 @@
 User-agent: *
 Crawl-delay: 10
 # Directories
-Disallow: /database/
 Disallow: /includes/
 Disallow: /misc/
 Disallow: /modules/
+Disallow: /profiles/
+Disallow: /scripts/
 Disallow: /sites/
 Disallow: /themes/
-Disallow: /scripts/
-Disallow: /updates/
-Disallow: /profiles/
 # Files
-Disallow: /xmlrpc.php
+Disallow: /CHANGELOG.txt
 Disallow: /cron.php
-Disallow: /update.php
-Disallow: /install.php
-Disallow: /INSTALL.txt
 Disallow: /INSTALL.mysql.txt
 Disallow: /INSTALL.pgsql.txt
-Disallow: /CHANGELOG.txt
-Disallow: /MAINTAINERS.txt
+Disallow: /install.php
+Disallow: /INSTALL.txt
 Disallow: /LICENSE.txt
+Disallow: /MAINTAINERS.txt
+Disallow: /update.php
 Disallow: /UPGRADE.txt
+Disallow: /xmlrpc.php
 # Paths (clean URLs)
 Disallow: /admin/
 Disallow: /comment/reply/
diff -Naur drupal-5.10/sites/default/settings.php drupal-5.23/sites/default/settings.php
--- drupal-5.10/sites/default/settings.php	2007-07-09 06:28:12.000000000 +0200
+++ drupal-5.23/sites/default/settings.php	2009-06-16 20:29:52.000000000 +0200
@@ -1,5 +1,5 @@
 " xml:lang="">
 
 
-  <?php print $head_title ?>
   
+  <?php print $head_title ?>
   
   
   
diff -Naur drupal-5.10/themes/chameleon/chameleon.theme drupal-5.23/themes/chameleon/chameleon.theme
--- drupal-5.10/themes/chameleon/chameleon.theme	2007-05-31 08:13:36.000000000 +0200
+++ drupal-5.23/themes/chameleon/chameleon.theme	2009-04-30 02:13:49.000000000 +0200
@@ -1,5 +1,5 @@
 \n";
   $output .= "\n";
   $output .= "\n";
-  $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n";
   $output .= drupal_get_html_head();
+  $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n";
   $output .= drupal_get_css();
   $output .= drupal_get_js();
   $output .= "";
diff -Naur drupal-5.10/themes/engines/phptemplate/phptemplate.engine drupal-5.23/themes/engines/phptemplate/phptemplate.engine
--- drupal-5.10/themes/engines/phptemplate/phptemplate.engine	2008-08-13 20:47:17.000000000 +0200
+++ drupal-5.23/themes/engines/phptemplate/phptemplate.engine	2009-05-13 18:36:22.000000000 +0200
@@ -1,5 +1,5 @@
 
diff -Naur drupal-5.10/themes/garland/page.tpl.php drupal-5.23/themes/garland/page.tpl.php
--- drupal-5.10/themes/garland/page.tpl.php	2006-12-14 01:37:00.000000000 +0100
+++ drupal-5.23/themes/garland/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -2,8 +2,8 @@
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
   
-    <?php print $head_title ?>
     
+    <?php print $head_title ?>
     
     
     
diff -Naur drupal-5.10/themes/garland/style.css drupal-5.23/themes/garland/style.css
--- drupal-5.10/themes/garland/style.css	2007-07-09 05:50:59.000000000 +0200
+++ drupal-5.23/themes/garland/style.css	2009-09-16 06:38:12.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: style.css,v 1.14.2.4 2007/07/09 03:50:59 drumm Exp $ */
+/* $Id: style.css,v 1.14.2.5 2009/09/16 04:38:12 drumm Exp $ */
 
 /**
  * Garland, for Drupal 5.0
@@ -606,6 +606,7 @@
   text-decoration: none;
   position: relative;
   top: -1px;
+  display: inline-block;
 }
 ul.primary li.active a, ul.primary li.active a:link, ul.primary li.active a:visited, ul.primary li a:hover,
 ul.secondary li.active a, ul.secondary li.active a:link, ul.secondary li.active a:visited, ul.secondary li a:hover {
diff -Naur drupal-5.10/themes/pushbutton/page.tpl.php drupal-5.23/themes/pushbutton/page.tpl.php
--- drupal-5.10/themes/pushbutton/page.tpl.php	2006-08-30 09:37:14.000000000 +0200
+++ drupal-5.23/themes/pushbutton/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -1,9 +1,9 @@
 
 
 
-  <?php print $head_title ?>
   
   
+  <?php print $head_title ?>
   
   
 
diff -Naur drupal-5.10/update.php drupal-5.23/update.php
--- drupal-5.10/update.php	2007-04-08 02:54:04.000000000 +0200
+++ drupal-5.23/update.php	2008-12-10 23:21:27.000000000 +0100
@@ -1,5 +1,5 @@
 \n";
   $output .= "
  • Use this script to upgrade an existing Drupal installation. You don't need this script when installing Drupal from scratch.
    • ";
   $output .= "
  • Before doing anything, backup your database. This process will change your database and its values, and some things might get lost.
    • \n";
-  $output .= "
  • Update your Drupal sources, check the notes below and run the database upgrade script. Don't upgrade your database twice as it may cause problems.
    • \n";
+  $output .= "
  • Update your Drupal sources, check the notes below and run the database upgrade script. Don't upgrade your database twice as it may cause problems.
    • \n";
   $output .= "
  • Go through the various administration pages to change the existing and new settings to your liking.
    • \n";
   $output .= "";
   $output .= '
    For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.
    ';
@@ -793,10 +794,6 @@
 
   $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
   switch ($op) {
-    case 'Update':
-      $output = update_update_page();
-      break;
-
     case 'finished':
       $output = update_finished_page(TRUE);
       break;
@@ -813,10 +810,18 @@
       $output = update_progress_page_nojs();
       break;
 
+    case 'Update':
+      if ($_GET['token'] == drupal_get_token('update')) {
+        $output = update_update_page();
+        break;
+      }
+      // If the token did not match we just display the default page.
     case 'selection':
-      $output = update_selection_page();
-      break;
-
+      if ($_GET['token'] == drupal_get_token('update')) {
+        $output = update_selection_page();
+        break;
+      }
+      // If the token did not match we just display the default page.
     default:
       $output = update_info_page();
       break;