diff -Naur drupal-5.13/.htaccess drupal-5.23/.htaccess --- drupal-5.13/.htaccess 2008-12-10 21:12:26.000000000 +0100 +++ drupal-5.23/.htaccess 2009-02-26 08:03:29.000000000 +0100 @@ -13,9 +13,14 @@ # Follow symbolic links in this directory. Options +FollowSymLinks -# Customized error messages. +# Make Drupal handle any 404 errors. ErrorDocument 404 /index.php +# Force simple error message for requests for non-existent favicon.ico. + + ErrorDocument 404 "The requested file favicon.ico was not found. + + # Set the default handler. DirectoryIndex index.php @@ -104,10 +109,11 @@ #RewriteCond %{QUERY_STRING} ^mod=([^&]+)$ #RewriteRule module.php index.php?q=%1 [L] - # Rewrite current-style URLs of the form 'index.php?q=x'. + # Rewrite current-style URLs of the form 'x' to the form 'index.php?q=x'. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] -# $Id: .htaccess,v 1.81.2.5 2008/12/10 20:12:26 drumm Exp $ +# $Id: .htaccess,v 1.81.2.6 2009/02/26 07:03:29 drumm Exp $ diff -Naur drupal-5.13/CHANGELOG.txt drupal-5.23/CHANGELOG.txt --- drupal-5.13/CHANGELOG.txt 2008-12-10 23:21:27.000000000 +0100 +++ drupal-5.23/CHANGELOG.txt 2010-08-11 22:37:49.000000000 +0200 @@ -1,4 +1,60 @@ -// $Id: CHANGELOG.txt,v 1.173.2.31 2008/12/10 22:21:27 drumm Exp $ +// $Id: CHANGELOG.txt,v 1.173.2.50 2010/08/11 20:37:49 drumm Exp $ + +Drupal 5.23, 2010-08-11 +----------------------- +- Fixed security issues (File download access bypass, Comment unpublishing + bypass), see SA-CORE-2010-002. + +Drupal 5.22, 2010-03-03 +----------------------- +- Fixed security issues (Open redirection, Locale module cross site scripting, + Blocked user session regeneration), see SA-CORE-2010-001. + +Drupal 5.21, 2009-12-16 +----------------------- +- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009. +- Fixed a variety of small bugs. + +Drupal 5.20, 2009-09-16 +----------------------- +- Avoid security problems resulting from writing Drupal 6-style menu + declarations. +- Fixed security issues (session fixation), see SA-CORE-2009-008. +- Fixed a variety of small bugs. + +Drupal 5.19, 2009-07-01 +----------------------- +- Fixed security issues (Cross site scripting and Password leakage in URL), see + SA-CORE-2009-007. +- Fixed a variety of small bugs. + +Drupal 5.18, 2009-05-13 +----------------------- +- Fixed security issues (Cross site scripting), see SA-CORE-2009-006. +- Fixed a variety of small bugs. + +Drupal 5.17, 2009-04-29 +----------------------- +- Fixed security issues (Cross site scripting and limited information + disclosure) see SA-CORE-2009-005. +- Fixed a variety of small bugs. + +Drupal 5.16, 2009-02-25 +----------------------- +- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004. +- Fixed a variety of small bugs. + +Drupal 5.15, 2009-01-14 +----------------------- +- Fixed security issues, (Hardening against SQL injection), see + SA-CORE-2009-001 +- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell + scripts. +- Fixed a variety of small bugs. + +Drupal 5.14, 2008-12-11 +----------------------- +- removed a previous change incompatible with PHP 5.1.x and lower. Drupal 5.13, 2008-12-10 ----------------------- diff -Naur drupal-5.13/LICENSE.txt drupal-5.23/LICENSE.txt --- drupal-5.13/LICENSE.txt 2006-07-09 13:33:06.000000000 +0200 +++ drupal-5.23/LICENSE.txt 2009-01-14 06:56:37.000000000 +0100 @@ -1,14 +1,13 @@ -// $Id: LICENSE.txt,v 1.5 2006/07/09 11:33:06 dries Exp $ +// $Id: LICENSE.txt,v 1.5.2.1 2009/01/14 05:56:37 drumm Exp $ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. - Preamble + Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public @@ -58,7 +57,7 @@ The precise terms and conditions for copying, distribution and modification follow. - GNU GENERAL PUBLIC LICENSE + GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains @@ -257,7 +256,7 @@ of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - NO WARRANTY + NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN @@ -279,9 +278,9 @@ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - END OF TERMS AND CONDITIONS + END OF TERMS AND CONDITIONS - How to Apply These Terms to Your New Programs + How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it @@ -305,10 +304,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. diff -Naur drupal-5.13/includes/bootstrap.inc drupal-5.23/includes/bootstrap.inc --- drupal-5.13/includes/bootstrap.inc 2008-12-10 19:16:03.000000000 +0100 +++ drupal-5.23/includes/bootstrap.inc 2009-04-30 02:13:48.000000000 +0200 @@ -1,5 +1,5 @@ cache = time(); - $cache_flush = variable_get('cache_flush', 0); + $cache_flush = variable_get('cache_flush_'. $table, 0); if ($cache_flush == 0) { // This is the first request to clear the cache, start a timer. - variable_set('cache_flush', time()); + variable_set('cache_flush_'. $table, time()); } else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) { - // Clear the cache for everyone, cache_flush_delay seconds have + // Clear the cache for everyone, cache_lifetime seconds have // passed since the first request to clear the cache. db_query("DELETE FROM {". $table. "} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time()); - variable_set('cache_flush', 0); + variable_set('cache_flush_'. $table, 0); } } else { diff -Naur drupal-5.13/includes/common.inc drupal-5.23/includes/common.inc --- drupal-5.13/includes/common.inc 2008-07-09 21:34:30.000000000 +0200 +++ drupal-5.23/includes/common.inc 2010-03-04 01:16:02.000000000 +0100 @@ -1,5 +1,5 @@ ]*>/i', "\$0\n", $content, 1); +} + +/** * Add a feed URL for the current page. * * @param $url @@ -293,11 +302,22 @@ * @see drupal_get_destination() */ function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) { + + $destination = FALSE; if (isset($_REQUEST['destination'])) { - extract(parse_url(urldecode($_REQUEST['destination']))); + $destination = $_REQUEST['destination']; } else if (isset($_REQUEST['edit']['destination'])) { - extract(parse_url(urldecode($_REQUEST['edit']['destination']))); + $destination = $_REQUEST['edit']['destination']; + } + + if ($destination) { + // Do not redirect to an absolute URL originating from user input. + $colonpos = strpos($destination, ':'); + $absolute = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($destination, 0, $colonpos))); + if (!$absolute) { + extract(parse_url(urldecode($destination))); + } } $url = url($path, $query, $fragment, TRUE); @@ -418,6 +438,18 @@ // Parse the URL, and make sure we can handle the schema. $uri = parse_url($url); + if ($uri == FALSE) { + $result->error = 'unable to parse URL'; + $result->code = -1001; + return $result; + } + + if (!isset($uri['scheme'])) { + $result->error = 'missing schema'; + $result->code = -1002; + return $result; + } + switch ($uri['scheme']) { case 'http': $port = isset($uri['port']) ? $uri['port'] : 80; @@ -432,6 +464,7 @@ break; default: $result->error = 'invalid schema '. $uri['scheme']; + $result->code = -1003; return $result; } @@ -642,8 +675,8 @@ /** * Translate strings to the current locale. * - * All human-readable text that will be displayed somewhere within a page should be - * run through the t() function. + * Human-readable text that will be displayed somewhere within a page should + * be run through the t() function. * * Examples: * @code @@ -679,27 +712,27 @@ * $message[] = t("If you don't want to receive such e-mails, you can change your settings at !url.", array('!url' => url("user/$account->uid", NULL, NULL, TRUE))); * @endcode * - * - @variable, which indicates that the text should be run through check_plain, - * to strip out HTML characters. Use this for any output that's displayed within - * a Drupal page. + * - @variable, which indicates that the text should be run through + * check_plain, to escape HTML characters. Use this for any output that's + * displayed within a Drupal page. * @code * drupal_set_title($title = t("@name's blog", array('@name' => $account->name))); * @endcode * - * - %variable, which indicates that the string should be highlighted with - * theme_placeholder() which shows up by default as emphasized. + * - %variable, which indicates that the string should be HTML escaped and + * highlighted with theme_placeholder() which shows up by default as + * emphasized. * @code - * watchdog('mail', t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name))); + * $message = t('%name-from sent %name-to an e-mail.', array('%name-from' => $user->name, '%name-to' => $account->name)); * @endcode * * When using t(), try to put entire sentences and strings in one t() call. * This makes it easier for translators, as it provides context as to what - * each word refers to. HTML markup within translation strings is allowed, - * but should be avoided if possible. The exception is embedded links; link - * titles add additional context for translators so should be kept in the main - * string. + * each word refers to. HTML markup within translation strings is allowed, but + * should be avoided if possible. The exception are embedded links; link + * titles add a context for translators, so should be kept in the main string. * - * Here is an example of an incorrect use if t(): + * Here is an example of incorrect usage of t(): * @code * $output .= t('

Go to the @contact-page.

', array('@contact-page' => l(t('contact page'), 'contact'))); * @endcode @@ -709,7 +742,7 @@ * $output .= '

'. t('Go to the contact page.', array('@contact-page' => url('contact'))) .'

'; * @endcode * - * Also avoid escaping quotation marks wherever possible. + * Avoid escaping quotation marks wherever possible. * * Incorrect: * @code @@ -721,6 +754,101 @@ * $output .= t("Don't click me."); * @endcode * + * Because t() is designed for handling code-based strings, in almost all + * cases, the actual string and not a variable must be passed through t(). + * + * Extraction of translations is done based on the strings contained in t() + * calls. If a variable is passed through t(), the content of the variable + * cannot be extracted from the file for translation. + * + * Incorrect: + * @code + * $message = 'An error occurred.'; + * drupal_set_message(t($message), 'error'); + * $output .= t($message); + * @endcode + * + * Correct: + * @code + * $message = t('An error occurred.'); + * drupal_set_message($message, 'error'); + * $output .= $message; + * @endcode + * + * The only case in which variables can be passed safely through t() is when + * code-based versions of the same strings will be passed through t() (or + * otherwise extracted) elsewhere. + * + * In some cases, modules may include strings in code that can't use t() + * calls. For example, a module may use an external PHP application that + * produces strings that are loaded into variables in Drupal for output. + * In these cases, module authors may include a dummy file that passes the + * relevant strings through t(). This approach will allow the strings to be + * extracted. + * + * Sample external (non-Drupal) code: + * @code + * class Time { + * public $yesterday = 'Yesterday'; + * public $today = 'Today'; + * public $tomorrow = 'Tomorrow'; + * } + * @endcode + * + * Sample dummy file. + * @code + * // Dummy function included in example.potx.inc. + * function example_potx() { + * $strings = array( + * t('Yesterday'), + * t('Today'), + * t('Tomorrow'), + * ); + * // No return value needed, since this is a dummy function. + * } + * @endcode + * + * Having passed strings through t() in a dummy function, it is then + * okay to pass variables through t(). + * + * Correct (if a dummy file was used): + * @code + * $time = new Time(); + * $output .= t($time->today); + * @endcode + * + * However tempting it is, custom data from user input or other non-code + * sources should not be passed through t(). Doing so leads to the following + * problems and errors: + * - The t() system doesn't support updates to existing strings. When user + * data is updated, the next time it's passed through t() a new record is + * created instead of an update. The database bloats over time and any + * existing translations are orphaned with each update. + * - The t() system assumes any data it receives is in English. User data may + * be in another language, producing translation errors. + * - The "Built-in interface" text group in the locale system is used to + * produce translations for storage in .po files. When non-code strings are + * passed through t(), they are added to this text group, which is rendered + * inaccurate since it is a mix of actual interface strings and various user + * input strings of uncertain origin. + * + * Incorrect: + * @code + * $item = item_load(); + * $output .= check_plain(t($item['title'])); + * @endcode + * + * Instead, translation of these data can be done through the locale system, + * either directly or through helper functions provided by contributed + * modules. + * @see hook_locale() + * + * During installation, st() is used in place of t(). Code that may be called + * during installation or during normal operation should use the get_t() + * helper function. + * @see st() + * @see get_t() + * * @param $string * A string containing the English string to translate. * @param $args @@ -793,7 +921,7 @@ * * This function should only be used on actual URLs. It should not be used for * Drupal menu paths, which can contain arbitrary characters. - * + * Valid values per RFC 3986. * @param $url * The URL to verify. * @param $absolute @@ -802,12 +930,26 @@ * TRUE if the URL is in a valid format. */ function valid_url($url, $absolute = FALSE) { - $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]'; if ($absolute) { - return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url); + return (bool)preg_match(" + /^ # Start at the beginning of the text + (?:ftp|https?):\/\/ # Look for ftp, http, or https schemes + (?: # Userinfo (optional) which is typically + (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)* # a username or a username and password + (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@ # combination + )? + (?: + (?:[a-z0-9\-\.]|%[0-9a-f]{2})+ # A domain name or a IPv4 address + |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\]) # or a well formed IPv6 address + ) + (?::[0-9]+)? # Server port number (optional) + (?:[\/|\?] + (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2}) # The path and query (optional) + *)? + $/xi", $url); } else { - return preg_match("/^". $allowed_characters ."+$/i", $url); + return (bool)preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url); } } @@ -1929,7 +2071,7 @@ * @param $body * Message to be sent. Drupal will format the correct line endings for you. * @param $from - * Sets From, Reply-To, Return-Path and Error-To to this value, if given. + * Sets From to this value, if given. * @param $headers * Associative array containing the headers to add. This is typically * used to add extra headers (From, Cc, and Bcc). @@ -1949,10 +2091,10 @@ // SMTP server. Errors-To is redundant, but shouldn't hurt. $default_from = variable_get('site_mail', ini_get('sendmail_from')); if ($default_from) { - $defaults['From'] = $defaults['Reply-To'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from; + $defaults['From'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from; } if ($from) { - $defaults['From'] = $defaults['Reply-To'] = $from; + $defaults['From'] = $from; } $headers = array_merge($defaults, $headers); // Custom hook traversal to allow pass by reference diff -Naur drupal-5.13/includes/database.mysql.inc drupal-5.23/includes/database.mysql.inc --- drupal-5.13/includes/database.mysql.inc 2008-09-15 08:14:52.000000000 +0200 +++ drupal-5.23/includes/database.mysql.inc 2009-07-10 08:09:38.000000000 +0200 @@ -1,5 +1,5 @@ 0) { foreach ($element['#options'] as $key => $choice) { if (!isset($element[$key])) { - $element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => check_plain($key), '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE); + // Generate the parents as the autogenerator does, so we will have a + // unique id for each radio button. + $parents_for_id = array_merge($element['#parents'], array($key)); + $element[$key] = array( + '#type' => 'radio', + '#title' => $choice, + '#return_value' => check_plain($key), + '#default_value' => $element['#default_value'], + '#attributes' => $element['#attributes'], + '#id' => form_clean_id('edit-'. implode('-', $parents_for_id)), + '#parents' => $element['#parents'], + '#spawned' => TRUE + ); } } } diff -Naur drupal-5.13/includes/locale.inc drupal-5.23/includes/locale.inc --- drupal-5.13/includes/locale.inc 2007-12-17 02:53:52.000000000 +0100 +++ drupal-5.23/includes/locale.inc 2010-03-04 01:16:02.000000000 +0100 @@ -1,5 +1,5 @@ TRUE); foreach ($languages['name'] as $key => $lang) { + // Language code should contain no markup, but is emitted + // by radio and checkbox options. + $key = check_plain($key); $options[$key] = ''; $status = db_fetch_object(db_query("SELECT isdefault, enabled FROM {locales_meta} WHERE locale = '%s'", $key)); if ($status->enabled) { @@ -97,6 +100,14 @@ return $output; } +function _locale_admin_manage_screen_validate($form_id, $form_values) { + foreach ($form_values['name'] as $key => $value) { + if (preg_match('/["<>\']/', $value)) { + form_set_error('name][' . $key, t('The characters <, >, " and \' are not allowed in the language name in English field.')); + } + } +} + /** * Process locale admin manager form submissions. */ @@ -184,12 +195,22 @@ form_set_error(t('The language %language (%code) already exists.', array('%language' => $form_values['langname'], '%code' => $form_values['langcode']))); } + // If we are adding a non-custom language, check for a valid langcode. if (!isset($form_values['langname'])) { $isocodes = _locale_get_iso639_list(); if (!isset($isocodes[$form_values['langcode']])) { form_set_error('langcode', t('Invalid language code.')); } } + // Otherwise, check for invlaid characters + else { + if (preg_match('/["<>\']/', $form_values['langcode'])) { + form_set_error('langcode', t('The characters <, >, " and \' are not allowed in the language code field.')); + } + if (preg_match('/["<>\']/', $form_values['langname'])) { + form_set_error('langname', t('The characters <, >, " and \' are not allowed in the language name in English field.')); + } + } } /** @@ -331,8 +352,14 @@ function _locale_string_seek_form() { // Get *all* languages set up $languages = locale_supported_languages(FALSE, TRUE); - asort($languages['name']); unset($languages['name']['en']); - $languages['name'] = array_map('check_plain', $languages['name']); + unset($languages['name']['en']); + // Sanitize the values to be used in radios. + $languages_name = array(); + foreach ($languages['name'] as $key => $value) { + $languages_name[check_plain($key)] = check_plain($value); + } + $languages['name'] = $languages_name; + asort($languages['name']); // Present edit form preserving previous user settings $query = _locale_string_seek_query(); diff -Naur drupal-5.13/includes/menu.inc drupal-5.23/includes/menu.inc --- drupal-5.13/includes/menu.inc 2008-02-11 06:26:53.000000000 +0100 +++ drupal-5.23/includes/menu.inc 2009-07-10 07:56:51.000000000 +0200 @@ -1,5 +1,5 @@ $item['callback']); if (isset($item['callback arguments'])) { diff -Naur drupal-5.13/includes/pager.inc drupal-5.23/includes/pager.inc --- drupal-5.13/includes/pager.inc 2006-10-15 21:57:05.000000000 +0200 +++ drupal-5.23/includes/pager.inc 2009-07-01 22:52:11.000000000 +0200 @@ -1,5 +1,5 @@ uid > 0) { + // We found the client's session record and they are an authenticated, + // active user. + if ($user && $user->uid > 0 && $user->status == 1) { // This is done to unserialize the data member of $user $user = drupal_unpack($user); @@ -44,7 +45,8 @@ $user->roles[$role->rid] = $role->name; } } - // We didn't find the client's record (session has expired), or they are an anonymous user. + // We didn't find the client's record (session has expired), or they are + // blocked, or they are an anonymous user. else { $session = isset($user->session) ? $user->session : ''; $user = drupal_anonymous_user($session); @@ -96,10 +98,6 @@ setcookie(session_name(), '', time() - 42000, '/'); } - extract(session_get_cookie_params()); - // Set "httponly" to TRUE to reduce the risk of session stealing via XSS. - // This has no effect for PHP < 5.2.0. - session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE); session_regenerate_id(); db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id); diff -Naur drupal-5.13/includes/tablesort.inc drupal-5.23/includes/tablesort.inc --- drupal-5.13/includes/tablesort.inc 2007-06-17 00:29:25.000000000 +0200 +++ drupal-5.23/includes/tablesort.inc 2009-07-01 22:52:11.000000000 +0200 @@ -1,5 +1,5 @@ $form_values['info']))); cache_clear_all(); return 'admin/build/block'; diff -Naur drupal-5.13/modules/blog/blog.info drupal-5.23/modules/blog/blog.info --- drupal-5.13/modules/blog/blog.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/blog/blog.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/blogapi/blogapi.info drupal-5.23/modules/blogapi/blogapi.info --- drupal-5.13/modules/blogapi/blogapi.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/blogapi/blogapi.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/book/book.info drupal-5.23/modules/book/book.info --- drupal-5.13/modules/book/book.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/book/book.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/book/book.module drupal-5.23/modules/book/book.module --- drupal-5.13/modules/book/book.module 2007-02-14 05:30:33.000000000 +0100 +++ drupal-5.23/modules/book/book.module 2009-05-13 21:41:56.000000000 +0200 @@ -1,5 +1,5 @@ \n"; $html .= ''; - $html .= "\n". $title ."\n"; + $html .= "\n\n"; $html .= ''; + $html .= "\n". $title ."\n"; $html .= '' . "\n"; $html .= "\n"; $html .= "\n\n". $content ."\n\n\n"; diff -Naur drupal-5.13/modules/color/color.info drupal-5.23/modules/color/color.info --- drupal-5.13/modules/color/color.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/color/color.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/color/color.module drupal-5.23/modules/color/color.module --- drupal-5.13/modules/color/color.module 2008-02-11 07:53:01.000000000 +0100 +++ drupal-5.23/modules/color/color.module 2008-12-21 03:56:30.000000000 +0100 @@ -1,5 +1,5 @@ 'fieldset', - '#title' => t('Color scheme'), - '#weight' => -1, - '#attributes' => array('id' => 'color_scheme_form'), - '#theme' => 'color_scheme_form', - ); - $form['color'] += color_scheme_form(arg(4)); - $form['#submit']['color_scheme_form_submit'] = array(); + if ($form_id == 'system_theme_settings' && color_get_info(arg(4)) && function_exists('gd_info')) { + if (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC) != FILE_DOWNLOADS_PUBLIC) { + // Disables the color changer when the private download method is used. + // TODO: This should be solved in a different way. See issue #181003. + drupal_set_message(t('The color picker only works if the download method is set to public.', array('@url' => url('admin/settings/file-system')))); + } + else { + $form['color'] = array( + '#type' => 'fieldset', + '#title' => t('Color scheme'), + '#weight' => -1, + '#attributes' => array('id' => 'color_scheme_form'), + '#theme' => 'color_scheme_form', + ); + $form['color'] += color_scheme_form(arg(4)); + $form['#submit']['color_scheme_form_submit'] = array(); + } } // Use the generated screenshot in the theme list diff -Naur drupal-5.13/modules/comment/comment.info drupal-5.23/modules/comment/comment.info --- drupal-5.13/modules/comment/comment.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/comment/comment.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/comment/comment.module drupal-5.23/modules/comment/comment.module --- drupal-5.13/modules/comment/comment.module 2008-12-03 18:55:49.000000000 +0100 +++ drupal-5.23/modules/comment/comment.module 2010-08-11 22:37:49.000000000 +0200 @@ -1,5 +1,5 @@ uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments'); + return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0 && $comment->status == COMMENT_PUBLISHED) || user_access('administer comments'); } } @@ -1656,7 +1656,7 @@ // 2) Strip out all HTML tags // 3) Convert entities back to plain-text. // Note: format is checked by check_markup(). - $form_values['subject'] = trim(truncate_utf8(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format']))), 29, TRUE)); + $form_values['subject'] = truncate_utf8(trim(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format'])))), 29, TRUE); // Edge cases where the comment body is populated only by HTML tags will // require a default subject. if ($form_values['subject'] == '') { diff -Naur drupal-5.13/modules/contact/contact.info drupal-5.23/modules/contact/contact.info --- drupal-5.13/modules/contact/contact.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/contact/contact.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/contact/contact.module drupal-5.23/modules/contact/contact.module --- drupal-5.13/modules/contact/contact.module 2008-09-15 08:19:06.000000000 +0200 +++ drupal-5.23/modules/contact/contact.module 2009-12-16 21:46:31.000000000 +0100 @@ -1,5 +1,5 @@ category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); + $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid)); } $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2)); @@ -549,4 +549,3 @@ // Jump to home page rather than back to contact page to avoid contradictory messages if flood control has been activated. return ''; } - diff -Naur drupal-5.13/modules/drupal/drupal.info drupal-5.23/modules/drupal/drupal.info --- drupal-5.13/modules/drupal/drupal.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/drupal/drupal.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - optional version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/filter/filter.info drupal-5.23/modules/filter/filter.info --- drupal-5.13/modules/filter/filter.info 2008-12-10 23:25:13.000000000 +0100 +++ drupal-5.23/modules/filter/filter.info 2010-08-11 22:46:30.000000000 +0200 @@ -4,8 +4,8 @@ package = Core - required version = VERSION -; Information added by drupal.org packaging script on 2008-12-10 -version = "5.13" +; Information added by drupal.org packaging script on 2010-08-11 +version = "5.23" project = "drupal" -datestamp = "1228947913" +datestamp = "1281559590" diff -Naur drupal-5.13/modules/filter/filter.module drupal-5.23/modules/filter/filter.module --- drupal-5.13/modules/filter/filter.module 2008-12-10 23:21:27.000000000 +0100 +++ drupal-5.23/modules/filter/filter.module 2009-06-03 19:52:13.000000000 +0200 @@ -1,5 +1,5 @@ '. $name .':
'; } - $tips = ''; - foreach ($tiplist as $tip) { - $tips .= '' : '>') . $tip['tip'] . ''; - } - - if ($tips) { - $output .= ""; + if (count($tiplist) > 0) { + $output .= ''; } if ($multiple) { @@ -1188,13 +1187,13 @@ */ function _filter_autop($text) { // All block level tags - $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6])'; + $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6]|hr)'; // Split at 
, ,  tags.
   // We don't apply any processing to the contents of these tags to avoid messing
   // up code. We look for matched pairs and allow basic nesting. For example:
   // "processed 
 ignored  ignored 
 processed"
-  $chunks = preg_split('@(]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+  $chunks = preg_split('@(]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
   // Note: PHP ensures the array consists of alternating delimiters and literals
   // and begins and ends with a literal (inserting NULL as required).
   $ignore = FALSE;
diff -Naur drupal-5.13/modules/forum/forum.info drupal-5.23/modules/forum/forum.info
--- drupal-5.13/modules/forum/forum.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/forum/forum.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/forum/forum.module drupal-5.23/modules/forum/forum.module
--- drupal-5.13/modules/forum/forum.module	2008-04-05 04:18:59.000000000 +0200
+++ drupal-5.23/modules/forum/forum.module	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
  'select', '#title' => $title, '#default_value' => $parent, '#options' => $options, '#description' => $description, '#required' => TRUE);
 }
 
-function forum_link_alter(&$node, &$links) {
-  foreach ($links as $module => $link) {
-    if (strstr($module, 'taxonomy_term')) {
-      // Link back to the forum and not the taxonomy term page. We'll only
-      // do this if the taxonomy term in question belongs to forums.
-      $tid = str_replace('taxonomy/term/', '', $link['href']);
-      $term = taxonomy_get_term($tid);
-      if ($term->vid == _forum_get_vid()) {
-        $links[$module]['href'] = str_replace('taxonomy/term', 'forum', $link['href']);
-      }
-    }
-  }
+function forum_term_path($term) {
+  return 'forum/'. $term->tid;
 }
 
 /**
@@ -843,6 +833,11 @@
  * Menu callback; prints a forum listing.
  */
 function forum_page($tid = 0) {
+  if (!is_numeric($tid)) {
+    return MENU_NOT_FOUND;
+  }
+  $tid = (int)$tid;
+
   drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
   $forum_per_page = variable_get('forum_per_page', 25);
   $sortby = variable_get('forum_order', 1);
diff -Naur drupal-5.13/modules/help/help.info drupal-5.23/modules/help/help.info
--- drupal-5.13/modules/help/help.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/help/help.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/legacy/legacy.info drupal-5.23/modules/legacy/legacy.info
--- drupal-5.13/modules/legacy/legacy.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/legacy/legacy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/locale/locale.info drupal-5.23/modules/locale/locale.info
--- drupal-5.13/modules/locale/locale.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/locale/locale.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/locale/locale.install drupal-5.23/modules/locale/locale.install
--- drupal-5.13/modules/locale/locale.install	2006-11-14 07:20:40.000000000 +0100
+++ drupal-5.23/modules/locale/locale.install	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 %'"));
+  if ($matches) {
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '<', '')");
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '>', '')");
+    drupal_set_message('The language name in English of all the existing custom languages of your site have been sanitized for security purposes. Visit the Languages page to check these and fix them if necessary.', 'warning');
+  }
+  // Check if some langcode values contain potentially dangerous characters and
+  // warn the user if so. These are not fixed since they are referenced in other
+  // tables (e.g. {node}).
+  if (db_result(db_query("SELECT 1 FROM {locales_meta} WHERE locale LIKE '%<%' OR locale LIKE '%>%' OR locale LIKE '%\"%' OR locale LIKE '%\\\\\%'"))) {
+    drupal_set_message('Some of your custom language code values contain invalid characters. You should examine the Languages page. These must be fixed manually.', 'error');
+  }
+  return $ret;
+}
diff -Naur drupal-5.13/modules/locale/locale.module drupal-5.23/modules/locale/locale.module
--- drupal-5.13/modules/locale/locale.module	2008-07-09 23:48:42.000000000 +0200
+++ drupal-5.23/modules/locale/locale.module	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 language == '') {
       $user->language = key($languages['name']);
     }
-    $languages['name'] = array_map('check_plain', array_map('t', $languages['name']));
+    foreach (array_map('t', $languages['name']) as $key => $value) {
+      $languages_name[check_plain($key)] = check_plain($value);
+    }
     $form['locale'] = array('#type' => 'fieldset',
       '#title' => t('Interface language settings'),
       '#weight' => 1,
     );
     $form['locale']['language'] = array('#type' => 'radios',
       '#title' => t('Language'),
-      '#default_value' => $user->language,
-      '#options' => $languages['name'],
+      '#default_value' => check_plain($user->language),
+      '#options' => $languages_name,
       '#description' => t('Selecting a different locale will change the interface language of the site.'),
     );
     return $form;
diff -Naur drupal-5.13/modules/menu/menu.info drupal-5.23/modules/menu/menu.info
--- drupal-5.13/modules/menu/menu.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/menu/menu.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/menu/menu.module drupal-5.23/modules/menu/menu.module
--- drupal-5.13/modules/menu/menu.module	2008-11-15 03:47:59.000000000 +0100
+++ drupal-5.23/modules/menu/menu.module	2009-02-26 07:56:26.000000000 +0100
@@ -1,5 +1,5 @@
  0) {
-      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d'", $form['nid']['#value']));
+      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d' ORDER BY mid", $form['nid']['#value']));
       if (isset($form['#post']['menu']) && is_array($form['#post']['menu'])) {
         $item = !is_array($item) ? $form['#post']['menu'] : (($form['#post']['op'] == t('Preview')) ? array_merge($item, $form['#post']['menu']) : array_merge($form['#post']['menu'], $item));
       }
diff -Naur drupal-5.13/modules/node/node.info drupal-5.23/modules/node/node.info
--- drupal-5.13/modules/node/node.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/node/node.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/node/node.module drupal-5.23/modules/node/node.module
--- drupal-5.13/modules/node/node.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/node/node.module	2009-01-15 00:32:14.000000000 +0100
@@ -1,5 +1,5 @@
  '2.0',
-    'title'       => variable_get('site_name', 'Drupal') .' - '. variable_get('site_slogan', ''),
+    'title'       => variable_get('site_name', 'Drupal') . (variable_get('site_slogan', '') ? ' - '. variable_get('site_slogan', '') : ''),
     'link'        => $base_url,
     'description' => variable_get('site_mission', ''),
     'language'    => $locale
@@ -2753,6 +2753,11 @@
 function node_access($op, $node = NULL) {
   global $user;
 
+  if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+    // If there was no node to check against, or the $op was not one of the
+    // supported ones, we return access denied.
+    return FALSE;
+  }
   // Convert the node to an object if necessary:
   if ($op != 'create') {
     $node = (object)$node;
diff -Naur drupal-5.13/modules/path/path.info drupal-5.23/modules/path/path.info
--- drupal-5.13/modules/path/path.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/path/path.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/path/path.module drupal-5.23/modules/path/path.module
--- drupal-5.13/modules/path/path.module	2008-02-11 06:11:58.000000000 +0100
+++ drupal-5.23/modules/path/path.module	2009-01-14 06:59:09.000000000 +0100
@@ -1,5 +1,5 @@
  'textfield',
     '#title' => t('Existing system path'),
     '#default_value' => $edit['src'],
-    '#maxlength' => 64,
+    '#maxlength' => 128,
     '#size' => 45,
     '#description' => t('Specify the existing path you wish to alias. For example: node/28, forum/1, taxonomy/term/1+2.'),
     '#field_prefix' => url(NULL, NULL, NULL, TRUE) . (variable_get('clean_url', 0) ? '' : '?q=')
@@ -187,7 +187,7 @@
   $form['dst'] = array(
     '#type' => 'textfield',
     '#default_value' => $edit['dst'],
-    '#maxlength' => 64,
+    '#maxlength' => 128,
     '#size' => 45,
     '#description' => t('Specify an alternative path by which this data can be accessed. For example, type "about" when writing an about page. Use a relative path and don\'t add a trailing slash or the URL alias won\'t work.'),
     '#field_prefix' => url(NULL, NULL, NULL, TRUE) . (variable_get('clean_url', 0) ? '' : '?q=')
@@ -269,7 +269,7 @@
     $form['path']['path'] = array(
       '#type' => 'textfield',
       '#default_value' => $path,
-      '#maxlength' => 250,
+      '#maxlength' => 128,
       '#collapsible' => TRUE,
       '#collapsed' => TRUE,
       '#description' => t('Optionally specify an alternative URL by which this node can be accessed. For example, type "about" when writing an about page. Use a relative path and don\'t add a trailing slash or the URL alias won\'t work.'),
diff -Naur drupal-5.13/modules/ping/ping.info drupal-5.23/modules/ping/ping.info
--- drupal-5.13/modules/ping/ping.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/ping/ping.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/poll/poll.info drupal-5.23/modules/poll/poll.info
--- drupal-5.13/modules/poll/poll.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/poll/poll.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/profile/profile.info drupal-5.23/modules/profile/profile.info
--- drupal-5.13/modules/profile/profile.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/profile/profile.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/profile/profile.module drupal-5.23/modules/profile/profile.module
--- drupal-5.13/modules/profile/profile.module	2008-11-15 03:43:55.000000000 +0100
+++ drupal-5.23/modules/profile/profile.module	2009-01-14 06:38:52.000000000 +0100
@@ -1,5 +1,5 @@
 required ? array() : array('--');
-        $lines = split("[,\n\r]", $field->options);
+        $lines = split("[\n\r]", $field->options);
         foreach ($lines as $line) {
           if ($line = trim($line)) {
             $options[$line] = $line;
diff -Naur drupal-5.13/modules/search/search.info drupal-5.23/modules/search/search.info
--- drupal-5.13/modules/search/search.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/search/search.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/search/search.module drupal-5.23/modules/search/search.module
--- drupal-5.13/modules/search/search.module	2008-05-14 08:35:29.000000000 +0200
+++ drupal-5.23/modules/search/search.module	2009-09-16 06:27:01.000000000 +0200
@@ -1,5 +1,5 @@
 ';
+  $output = '
';
   foreach ($container as $id => $data) {
     $output .= '
';
     $output .= $data;
diff -Naur drupal-5.13/modules/taxonomy/taxonomy.info drupal-5.23/modules/taxonomy/taxonomy.info
--- drupal-5.13/modules/taxonomy/taxonomy.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/taxonomy/taxonomy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/taxonomy/taxonomy.module drupal-5.23/modules/taxonomy/taxonomy.module
--- drupal-5.13/modules/taxonomy/taxonomy.module	2008-07-06 02:50:44.000000000 +0200
+++ drupal-5.23/modules/taxonomy/taxonomy.module	2009-07-10 07:47:16.000000000 +0200
@@ -1,5 +1,5 @@
 vid);
   if ($vocabulary->module != 'taxonomy' && $path = module_invoke($vocabulary->module, 'term_path', $term)) {
@@ -621,7 +620,7 @@
  */
 function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
   $vocabulary = taxonomy_get_vocabulary($vid);
-  $help = ($help) ? $help : $vocabulary->help;
+  $help = ($help) ? $help : filter_xss_admin($vocabulary->help);
 
   if (!$vocabulary->multiple) {
     $blank = ($vocabulary->required) ? t('- Please choose -') : t('- None selected -');
@@ -718,7 +717,7 @@
         $typed_string = implode(', ', $typed_terms) . (array_key_exists('tags', $terms) ? $terms['tags'][$vocabulary->vid] : NULL);
 
         if ($vocabulary->help) {
-          $help = $vocabulary->help;
+          $help = filter_xss_admin($vocabulary->help);
         }
         else {
           $help = t('A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".');
@@ -730,7 +729,7 @@
           '#default_value' => $typed_string,
           '#autocomplete_path' => 'taxonomy/autocomplete/'. $vocabulary->vid,
           '#weight' => $vocabulary->weight,
-          '#maxlength' => 255,
+          '#maxlength' => 1024,
         );
       }
       else {
@@ -741,7 +740,7 @@
             $default_terms[$term->tid] = $term;
           }
         }
-        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), $vocabulary->help);
+        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), filter_xss_admin($vocabulary->help));
         $form['taxonomy'][$vocabulary->vid]['#weight'] = $vocabulary->weight;
         $form['taxonomy'][$vocabulary->vid]['#required'] = $vocabulary->required;
       }
@@ -1178,6 +1177,35 @@
   return $terms[$tid];
 }
 
+/**
+ * Create a select form element for a given taxonomy vocabulary.
+ *
+ * NOTE: This function expects input that has already been sanitized and is
+ * safe for display. Callers must properly sanitize the $title and
+ * $description arguments to prevent XSS vulnerabilities.
+ *
+ * @param $title
+ *   The title of the vocabulary. This MUST be sanitized by the caller.
+ * @param $name
+ *   Ignored.
+ * @param $value
+ *   The currently selected terms from this vocabulary, if any.
+ * @param $vocabulary_id
+ *   The vocabulary ID to build the form element for.
+ * @param $description
+ *   Help text for the form element. This MUST be sanitized by the caller.
+ * @param $multiple
+ *   Boolean to control if the form should use a single or multiple select.
+ * @param $blank
+ *   Optional form choice to use when no value has been selected.
+ * @param $exclude
+ *   Optional array of term ids to exclude in the selector.
+ * @return
+ *   A FAPI form array to select terms from the given vocabulary.
+ *
+ * @see taxonomy_form()
+ * @see taxonomy_form_term()
+ */
 function _taxonomy_term_select($title, $name, $value, $vocabulary_id, $description, $multiple, $blank, $exclude = array()) {
   $tree = taxonomy_get_tree($vocabulary_id);
   $options = array();
diff -Naur drupal-5.13/modules/throttle/throttle.info drupal-5.23/modules/throttle/throttle.info
--- drupal-5.13/modules/throttle/throttle.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/throttle/throttle.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/tracker/tracker.info drupal-5.23/modules/tracker/tracker.info
--- drupal-5.13/modules/tracker/tracker.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/tracker/tracker.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/upload/upload.info drupal-5.23/modules/upload/upload.info
--- drupal-5.13/modules/upload/upload.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/upload/upload.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/upload/upload.module drupal-5.23/modules/upload/upload.module
--- drupal-5.13/modules/upload/upload.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/upload/upload.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,5 +1,5 @@
 filepath) {
+      // Since some database servers sometimes use a case-insensitive
+      // comparison by default, double check that the filename is an exact
+      // match.
+      continue;
+    }
     if (user_access('view uploaded files')) {
       $node = node_load($file->nid);
       if (node_access('view', $node)) {
@@ -271,13 +277,8 @@
           'Content-Length: '. $file->filesize,
         );
       }
-      else {
-        return -1;
-      }
-    }
-    else {
-      return -1;
     }
+    return -1;
   }
 }
 
diff -Naur drupal-5.13/modules/user/user.info drupal-5.23/modules/user/user.info
--- drupal-5.13/modules/user/user.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/user/user.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/modules/user/user.module drupal-5.23/modules/user/user.module
--- drupal-5.13/modules/user/user.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/user/user.module	2009-09-16 21:33:40.000000000 +0200
@@ -1,5 +1,5 @@
 uid .'/edit');
diff -Naur drupal-5.13/modules/watchdog/watchdog.info drupal-5.23/modules/watchdog/watchdog.info
--- drupal-5.13/modules/watchdog/watchdog.info	2008-12-10 23:25:13.000000000 +0100
+++ drupal-5.23/modules/watchdog/watchdog.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-12-10
-version = "5.13"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1228947913"
+datestamp = "1281559590"
 
diff -Naur drupal-5.13/sites/default/settings.php drupal-5.23/sites/default/settings.php
--- drupal-5.13/sites/default/settings.php	2007-07-09 06:28:12.000000000 +0200
+++ drupal-5.23/sites/default/settings.php	2009-06-16 20:29:52.000000000 +0200
@@ -1,5 +1,5 @@
 " xml:lang="">
 
 
-  <?php print $head_title ?>
   
+  <?php print $head_title ?>
   
   
   
diff -Naur drupal-5.13/themes/chameleon/chameleon.theme drupal-5.23/themes/chameleon/chameleon.theme
--- drupal-5.13/themes/chameleon/chameleon.theme	2007-05-31 08:13:36.000000000 +0200
+++ drupal-5.23/themes/chameleon/chameleon.theme	2009-04-30 02:13:49.000000000 +0200
@@ -1,5 +1,5 @@
 \n";
   $output .= "\n";
   $output .= "\n";
-  $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n";
   $output .= drupal_get_html_head();
+  $output .= " ". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."\n";
   $output .= drupal_get_css();
   $output .= drupal_get_js();
   $output .= "";
diff -Naur drupal-5.13/themes/engines/phptemplate/phptemplate.engine drupal-5.23/themes/engines/phptemplate/phptemplate.engine
--- drupal-5.13/themes/engines/phptemplate/phptemplate.engine	2008-08-13 20:47:17.000000000 +0200
+++ drupal-5.23/themes/engines/phptemplate/phptemplate.engine	2009-05-13 18:36:22.000000000 +0200
@@ -1,5 +1,5 @@
 
diff -Naur drupal-5.13/themes/garland/page.tpl.php drupal-5.23/themes/garland/page.tpl.php
--- drupal-5.13/themes/garland/page.tpl.php	2006-12-14 01:37:00.000000000 +0100
+++ drupal-5.23/themes/garland/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -2,8 +2,8 @@
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
   
-    <?php print $head_title ?>
     
+    <?php print $head_title ?>
     
     
     
diff -Naur drupal-5.13/themes/garland/style.css drupal-5.23/themes/garland/style.css
--- drupal-5.13/themes/garland/style.css	2007-07-09 05:50:59.000000000 +0200
+++ drupal-5.23/themes/garland/style.css	2009-09-16 06:38:12.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: style.css,v 1.14.2.4 2007/07/09 03:50:59 drumm Exp $ */
+/* $Id: style.css,v 1.14.2.5 2009/09/16 04:38:12 drumm Exp $ */
 
 /**
  * Garland, for Drupal 5.0
@@ -606,6 +606,7 @@
   text-decoration: none;
   position: relative;
   top: -1px;
+  display: inline-block;
 }
 ul.primary li.active a, ul.primary li.active a:link, ul.primary li.active a:visited, ul.primary li a:hover,
 ul.secondary li.active a, ul.secondary li.active a:link, ul.secondary li.active a:visited, ul.secondary li a:hover {
diff -Naur drupal-5.13/themes/pushbutton/page.tpl.php drupal-5.23/themes/pushbutton/page.tpl.php
--- drupal-5.13/themes/pushbutton/page.tpl.php	2006-08-30 09:37:14.000000000 +0200
+++ drupal-5.23/themes/pushbutton/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -1,9 +1,9 @@
 
 
 
-  <?php print $head_title ?>
   
   
+  <?php print $head_title ?>