diff -Naur drupal-5.15/.htaccess drupal-5.23/.htaccess
--- drupal-5.15/.htaccess	2008-12-10 21:12:26.000000000 +0100
+++ drupal-5.23/.htaccess	2009-02-26 08:03:29.000000000 +0100
@@ -13,9 +13,14 @@
 # Follow symbolic links in this directory.
 Options +FollowSymLinks
 
-# Customized error messages.
+# Make Drupal handle any 404 errors.
 ErrorDocument 404 /index.php
 
+# Force simple error message for requests for non-existent favicon.ico.
+<Files favicon.ico>
+  ErrorDocument 404 "The requested file favicon.ico was not found.
+</Files>
+
 # Set the default handler.
 DirectoryIndex index.php
 
@@ -104,10 +109,11 @@
   #RewriteCond %{QUERY_STRING} ^mod=([^&]+)$
   #RewriteRule module.php index.php?q=%1 [L]
 
-  # Rewrite current-style URLs of the form 'index.php?q=x'.
+  # Rewrite current-style URLs of the form 'x' to the form 'index.php?q=x'.
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
+  RewriteCond %{REQUEST_URI} !=/favicon.ico
   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
 </IfModule>
 
-# $Id: .htaccess,v 1.81.2.5 2008/12/10 20:12:26 drumm Exp $
+# $Id: .htaccess,v 1.81.2.6 2009/02/26 07:03:29 drumm Exp $
diff -Naur drupal-5.15/CHANGELOG.txt drupal-5.23/CHANGELOG.txt
--- drupal-5.15/CHANGELOG.txt	2009-01-15 00:32:14.000000000 +0100
+++ drupal-5.23/CHANGELOG.txt	2010-08-11 22:37:49.000000000 +0200
@@ -1,4 +1,48 @@
-// $Id: CHANGELOG.txt,v 1.173.2.35 2009/01/14 23:32:14 drumm Exp $
+// $Id: CHANGELOG.txt,v 1.173.2.50 2010/08/11 20:37:49 drumm Exp $
+
+Drupal 5.23, 2010-08-11
+-----------------------
+- Fixed security issues (File download access bypass, Comment unpublishing
+  bypass), see SA-CORE-2010-002.
+
+Drupal 5.22, 2010-03-03
+-----------------------
+- Fixed security issues (Open redirection, Locale module cross site scripting,
+  Blocked user session regeneration), see SA-CORE-2010-001.
+
+Drupal 5.21, 2009-12-16
+-----------------------
+- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009.
+- Fixed a variety of small bugs.
+
+Drupal 5.20, 2009-09-16
+-----------------------
+- Avoid security problems resulting from writing Drupal 6-style menu
+  declarations.
+- Fixed security issues (session fixation), see SA-CORE-2009-008.
+- Fixed a variety of small bugs.
+
+Drupal 5.19, 2009-07-01
+-----------------------
+- Fixed security issues (Cross site scripting and Password leakage in URL), see
+  SA-CORE-2009-007.          
+- Fixed a variety of small bugs.
+
+Drupal 5.18, 2009-05-13
+-----------------------
+- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
+- Fixed a variety of small bugs.
+
+Drupal 5.17, 2009-04-29
+-----------------------
+- Fixed security issues (Cross site scripting and limited information
+  disclosure) see SA-CORE-2009-005.
+- Fixed a variety of small bugs.
+
+Drupal 5.16, 2009-02-25
+-----------------------
+- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004.
+- Fixed a variety of small bugs.
 
 Drupal 5.15, 2009-01-14
 -----------------------
@@ -8,7 +52,6 @@
   scripts.
 - Fixed a variety of small bugs.
 
-
 Drupal 5.14, 2008-12-11
 -----------------------
 - removed a previous change incompatible with PHP 5.1.x and lower.
diff -Naur drupal-5.15/includes/bootstrap.inc drupal-5.23/includes/bootstrap.inc
--- drupal-5.15/includes/bootstrap.inc	2009-01-14 20:12:27.000000000 +0100
+++ drupal-5.23/includes/bootstrap.inc	2009-04-30 02:13:48.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: bootstrap.inc,v 1.145.2.13 2009/01/14 19:12:27 drumm Exp $
+// $Id: bootstrap.inc,v 1.145.2.14 2009/04/30 00:13:48 drumm Exp $
 
 /**
  * @file
@@ -725,6 +725,8 @@
       $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING'];
     }
   }
+  // Prevent multiple slashes to avoid cross site requests via the FAPI.
+  $uri = '/'. ltrim($uri, '/');
 
   return $uri;
 }
diff -Naur drupal-5.15/includes/cache.inc drupal-5.23/includes/cache.inc
--- drupal-5.15/includes/cache.inc	2008-02-10 03:05:00.000000000 +0100
+++ drupal-5.23/includes/cache.inc	2009-07-10 07:41:24.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: cache.inc,v 1.5.2.5 2008/02/10 02:05:00 drumm Exp $
+// $Id: cache.inc,v 1.5.2.6 2009/07/10 05:41:24 drumm Exp $
 
 /**
  * Return data from the persistent cache.
@@ -14,10 +14,10 @@
   global $user;
 
   // Garbage collection necessary when enforcing a minimum cache lifetime
-  $cache_flush = variable_get('cache_flush', 0);
+  $cache_flush = variable_get('cache_flush_'. $table, 0);
   if ($cache_flush && ($cache_flush + variable_get('cache_lifetime', 0) <= time())) {
     // Reset the variable immediately to prevent a meltdown in heavy load situations.
-    variable_set('cache_flush', 0);
+    variable_set('cache_flush_'. $table, 0);
     // Time to flush old cache data
     db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire <= %d", CACHE_PERMANENT, $cache_flush);
   }
@@ -134,16 +134,16 @@
       // cached data that was cached before the timestamp.
       $user->cache = time();
 
-      $cache_flush = variable_get('cache_flush', 0);
+      $cache_flush = variable_get('cache_flush_'. $table, 0);
       if ($cache_flush == 0) {
         // This is the first request to clear the cache, start a timer.
-        variable_set('cache_flush', time());
+        variable_set('cache_flush_'. $table, time());
       }
       else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) {
-        // Clear the cache for everyone, cache_flush_delay seconds have
+        // Clear the cache for everyone, cache_lifetime seconds have
         // passed since the first request to clear the cache.
         db_query("DELETE FROM {". $table. "} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
-        variable_set('cache_flush', 0);
+        variable_set('cache_flush_'. $table, 0);
       }
     }
     else {
diff -Naur drupal-5.15/includes/common.inc drupal-5.23/includes/common.inc
--- drupal-5.15/includes/common.inc	2008-12-25 21:37:07.000000000 +0100
+++ drupal-5.23/includes/common.inc	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.611.2.21 2008/12/25 20:37:07 drumm Exp $
+// $Id: common.inc,v 1.611.2.26 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -152,6 +152,15 @@
 }
 
 /**
+ * Make any final alterations to the rendered xhtml.
+ */
+function drupal_final_markup($content) {
+  // Make sure that the charset is always specified as the first element of the
+  // head region to prevent encoding-based attacks.
+  return preg_replace('/<head[^>]*>/i', "\$0\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />", $content, 1);
+}
+
+/**
  * Add a feed URL for the current page.
  *
  * @param $url
@@ -293,11 +302,22 @@
  * @see drupal_get_destination()
  */
 function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {
+
+  $destination = FALSE;
   if (isset($_REQUEST['destination'])) {
-    extract(parse_url(urldecode($_REQUEST['destination'])));
+    $destination = $_REQUEST['destination'];
   }
   else if (isset($_REQUEST['edit']['destination'])) {
-    extract(parse_url(urldecode($_REQUEST['edit']['destination'])));
+    $destination = $_REQUEST['edit']['destination'];
+  }
+
+  if ($destination) {
+    // Do not redirect to an absolute URL originating from user input.
+    $colonpos = strpos($destination, ':');
+    $absolute = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($destination, 0, $colonpos)));
+    if (!$absolute) {
+      extract(parse_url(urldecode($destination)));
+    }
   }
 
   $url = url($path, $query, $fragment, TRUE);
@@ -418,6 +438,18 @@
   // Parse the URL, and make sure we can handle the schema.
   $uri = parse_url($url);
 
+  if ($uri == FALSE) {
+    $result->error = 'unable to parse URL';
+    $result->code = -1001;
+    return $result;
+  }
+
+  if (!isset($uri['scheme'])) {
+    $result->error = 'missing schema';
+    $result->code = -1002;
+    return $result;
+  }
+
   switch ($uri['scheme']) {
     case 'http':
       $port = isset($uri['port']) ? $uri['port'] : 80;
@@ -432,6 +464,7 @@
       break;
     default:
       $result->error = 'invalid schema '. $uri['scheme'];
+      $result->code = -1003;
       return $result;
   }
 
@@ -888,7 +921,7 @@
  *
  * This function should only be used on actual URLs. It should not be used for
  * Drupal menu paths, which can contain arbitrary characters.
- *
+ * Valid values per RFC 3986.
  * @param $url
  *   The URL to verify.
  * @param $absolute
@@ -897,12 +930,26 @@
  *   TRUE if the URL is in a valid format.
  */
 function valid_url($url, $absolute = FALSE) {
-  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,;~=#&%\+]';
   if ($absolute) {
-    return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url);
+    return (bool)preg_match("
+      /^                                                      # Start at the beginning of the text
+      (?:ftp|https?):\/\/                                     # Look for ftp, http, or https schemes
+      (?:                                                     # Userinfo (optional) which is typically
+        (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)*      # a username or a username and password
+        (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@          # combination
+      )?
+      (?:
+        (?:[a-z0-9\-\.]|%[0-9a-f]{2})+                        # A domain name or a IPv4 address
+        |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\])         # or a well formed IPv6 address
+      )
+      (?::[0-9]+)?                                            # Server port number (optional)
+      (?:[\/|\?]
+        (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})   # The path and query (optional)
+      *)?
+    $/xi", $url);
   }
   else {
-    return preg_match("/^". $allowed_characters ."+$/i", $url);
+    return (bool)preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url);
   }
 }
 
@@ -2024,7 +2071,7 @@
  * @param $body
  *   Message to be sent. Drupal will format the correct line endings for you.
  * @param $from
- *   Sets From, Reply-To, Return-Path and Error-To to this value, if given.
+ *   Sets From to this value, if given.
  * @param $headers
  *   Associative array containing the headers to add. This is typically
  *   used to add extra headers (From, Cc, and Bcc).
@@ -2044,10 +2091,10 @@
   // SMTP server.  Errors-To is redundant, but shouldn't hurt.
   $default_from = variable_get('site_mail', ini_get('sendmail_from'));
   if ($default_from) {
-    $defaults['From'] = $defaults['Reply-To'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from;
+    $defaults['From'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from;
   }
   if ($from) {
-    $defaults['From'] = $defaults['Reply-To'] = $from;
+    $defaults['From'] = $from;
   }
   $headers = array_merge($defaults, $headers);
   // Custom hook traversal to allow pass by reference
diff -Naur drupal-5.15/includes/database.mysql.inc drupal-5.23/includes/database.mysql.inc
--- drupal-5.15/includes/database.mysql.inc	2008-09-15 08:14:52.000000000 +0200
+++ drupal-5.23/includes/database.mysql.inc	2009-07-10 08:09:38.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: database.mysql.inc,v 1.66.2.3 2008/09/15 06:14:52 drumm Exp $
+// $Id: database.mysql.inc,v 1.66.2.4 2009/07/10 06:09:38 drumm Exp $
 
 /**
  * @file
@@ -360,7 +360,7 @@
   $tablename = array_pop($args);
   array_shift($args);
 
-  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query));
+  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
   if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
     $args = $args[0];
   }
diff -Naur drupal-5.15/includes/database.mysqli.inc drupal-5.23/includes/database.mysqli.inc
--- drupal-5.15/includes/database.mysqli.inc	2008-09-15 08:14:52.000000000 +0200
+++ drupal-5.23/includes/database.mysqli.inc	2009-07-10 08:09:38.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: database.mysqli.inc,v 1.32.2.5 2008/09/15 06:14:52 drumm Exp $
+// $Id: database.mysqli.inc,v 1.32.2.6 2009/07/10 06:09:38 drumm Exp $
 
 /**
  * @file
@@ -343,7 +343,7 @@
   $tablename = array_pop($args);
   array_shift($args);
 
-  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query));
+  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
   if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
     $args = $args[0];
   }
diff -Naur drupal-5.15/includes/file.inc drupal-5.23/includes/file.inc
--- drupal-5.15/includes/file.inc	2008-09-15 08:23:52.000000000 +0200
+++ drupal-5.23/includes/file.inc	2009-01-26 15:22:45.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: file.inc,v 1.90.2.6 2008/09/15 06:23:52 drumm Exp $
+// $Id: file.inc,v 1.90.2.7 2009/01/26 14:22:45 drumm Exp $
 
 /**
  * @file
@@ -154,20 +154,17 @@
 
 
 /**
- * Check if $source is a valid file upload. If so, move the file to Drupal's tmp dir
- * and return it as an object.
+ * Verify an uploaded file.
  *
- * The use of SESSION['file_uploads'] should probably be externalized to upload.module
- *
- * @todo Rename file_check_upload to file_prepare upload.
- * @todo Refactor or merge file_save_upload.
- * @todo Extenalize SESSION['file_uploads'] to modules.
- *
- * @param $source An upload source (the name of the upload form item), or a file
- * @return FALSE for an invalid file or upload. A file object for valid uploads/files.
+ * Check if $source is a valid file upload. If so, move the file to the
+ * temporary directory and return it as an object.
  *
+ * @param $source
+ *   An upload source (the name of the upload form item), or a file.
+ * @return
+ *   FALSE for an invalid file or upload. A file object for valid
+ *   uploads/files.
  */
-
 function file_check_upload($source = 'upload') {
   // Cache for uploaded files. Since the data in _FILES is modified
   // by this function, we cache the result.
diff -Naur drupal-5.15/includes/form.inc drupal-5.23/includes/form.inc
--- drupal-5.15/includes/form.inc	2008-12-21 03:38:53.000000000 +0100
+++ drupal-5.23/includes/form.inc	2009-02-26 06:50:33.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: form.inc,v 1.174.2.16 2008/12/21 02:38:53 drumm Exp $
+// $Id: form.inc,v 1.174.2.17 2009/02/26 05:50:33 drumm Exp $
 
 /**
  * @defgroup form Form generation
@@ -1265,7 +1265,19 @@
   if (count($element['#options']) > 0) {
     foreach ($element['#options'] as $key => $choice) {
       if (!isset($element[$key])) {
-        $element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => check_plain($key), '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE);
+        // Generate the parents as the autogenerator does, so we will have a
+        // unique id for each radio button.
+        $parents_for_id = array_merge($element['#parents'], array($key));
+        $element[$key] = array(
+          '#type' => 'radio',
+          '#title' => $choice,
+          '#return_value' => check_plain($key),
+          '#default_value' => $element['#default_value'],
+          '#attributes' => $element['#attributes'],
+          '#id' => form_clean_id('edit-'. implode('-', $parents_for_id)),
+          '#parents' => $element['#parents'],
+          '#spawned' => TRUE
+        );
       }
     }
   }
diff -Naur drupal-5.15/includes/locale.inc drupal-5.23/includes/locale.inc
--- drupal-5.15/includes/locale.inc	2007-12-17 02:53:52.000000000 +0100
+++ drupal-5.23/includes/locale.inc	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.inc,v 1.105.2.5 2007/12/17 01:53:52 drumm Exp $
+// $Id: locale.inc,v 1.105.2.6 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -41,6 +41,9 @@
   $options = array();
   $form['name'] = array('#tree' => TRUE);
   foreach ($languages['name'] as $key => $lang) {
+    // Language code should contain no markup, but is emitted
+    // by radio and checkbox options.
+    $key = check_plain($key);
     $options[$key] = '';
     $status = db_fetch_object(db_query("SELECT isdefault, enabled FROM {locales_meta} WHERE locale = '%s'", $key));
     if ($status->enabled) {
@@ -97,6 +100,14 @@
   return $output;
 }
 
+function _locale_admin_manage_screen_validate($form_id, $form_values) {
+  foreach ($form_values['name'] as $key => $value) {
+    if (preg_match('/["<>\']/', $value)) {
+      form_set_error('name][' . $key, t('The characters &lt;, &gt;, " and \' are not allowed in the language name in English field.'));
+    }
+  }
+}
+
 /**
  * Process locale admin manager form submissions.
  */
@@ -184,12 +195,22 @@
     form_set_error(t('The language %language (%code) already exists.', array('%language' => $form_values['langname'], '%code' => $form_values['langcode'])));
   }
 
+  // If we are adding a non-custom language, check for a valid langcode.
   if (!isset($form_values['langname'])) {
     $isocodes = _locale_get_iso639_list();
     if (!isset($isocodes[$form_values['langcode']])) {
       form_set_error('langcode', t('Invalid language code.'));
     }
   }
+  // Otherwise, check for invlaid characters
+  else {
+    if (preg_match('/["<>\']/', $form_values['langcode'])) {
+      form_set_error('langcode', t('The characters &lt;, &gt;, " and \' are not allowed in the language code field.'));
+    }
+    if (preg_match('/["<>\']/', $form_values['langname'])) {
+      form_set_error('langname', t('The characters &lt;, &gt;, " and \' are not allowed in the language name in English field.'));
+    }
+  }
 }
 
 /**
@@ -331,8 +352,14 @@
 function _locale_string_seek_form() {
   // Get *all* languages set up
   $languages = locale_supported_languages(FALSE, TRUE);
-  asort($languages['name']); unset($languages['name']['en']);
-  $languages['name'] = array_map('check_plain', $languages['name']);
+  unset($languages['name']['en']);
+  // Sanitize the values to be used in radios.
+  $languages_name = array();
+  foreach ($languages['name'] as $key => $value) {
+    $languages_name[check_plain($key)] = check_plain($value);
+  }
+  $languages['name'] = $languages_name;
+  asort($languages['name']);
 
   // Present edit form preserving previous user settings
   $query = _locale_string_seek_query();
diff -Naur drupal-5.15/includes/menu.inc drupal-5.23/includes/menu.inc
--- drupal-5.15/includes/menu.inc	2008-02-11 06:26:53.000000000 +0100
+++ drupal-5.23/includes/menu.inc	2009-07-10 07:56:51.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.inc,v 1.146.2.2 2008/02/11 05:26:53 drumm Exp $
+// $Id: menu.inc,v 1.146.2.3 2009/07/10 05:56:51 drumm Exp $
 
 /**
  * @file
@@ -1055,6 +1055,10 @@
   $temp_mid = -1;
 
   foreach ($menu_item_list as $item) {
+    // Protect against D6 style access
+    if (isset($item['access']) && is_array($item['access']) && count($item['access']) == 1 && isset($item['access'][0]) && is_string($item['access'][0])) {
+      $item['access'] = FALSE;
+    }
     if (!isset($item['path'])) {
       $item['path'] = '';
     }
@@ -1225,6 +1229,10 @@
   $new_items = array();
 
   foreach ($menu_item_list as $item) {
+    // Protect against D6 style access
+    if (isset($item['access']) && is_array($item['access']) && count($item['access']) == 1 && isset($item['access'][0]) && is_string($item['access'][0])) {
+      $item['access'] = FALSE;
+    }
     if (isset($item['callback'])) {
       $_menu['callbacks'][$item['path']] = array('callback' => $item['callback']);
       if (isset($item['callback arguments'])) {
diff -Naur drupal-5.15/includes/pager.inc drupal-5.23/includes/pager.inc
--- drupal-5.15/includes/pager.inc	2006-10-15 21:57:05.000000000 +0200
+++ drupal-5.23/includes/pager.inc	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: pager.inc,v 1.59 2006/10/15 19:57:05 dries Exp $
+// $Id: pager.inc,v 1.59.2.1 2009/07/01 20:52:11 drumm Exp $
 
 /**
  * @file
@@ -85,7 +85,7 @@
 function pager_get_querystring() {
   static $string = NULL;
   if (!isset($string)) {
-    $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
+    $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
   }
   return $string;
 }
diff -Naur drupal-5.15/includes/session.inc drupal-5.23/includes/session.inc
--- drupal-5.15/includes/session.inc	2008-12-11 01:23:01.000000000 +0100
+++ drupal-5.23/includes/session.inc	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: session.inc,v 1.37.2.7 2008/12/11 00:23:01 drumm Exp $
+// $Id: session.inc,v 1.37.2.8 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -31,8 +31,9 @@
   // Otherwise, if the session is still active, we have a record of the client's session in the database.
   $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
 
-  // We found the client's session record and they are an authenticated user
-  if ($user && $user->uid > 0) {
+  // We found the client's session record and they are an authenticated,
+  // active user.
+  if ($user && $user->uid > 0 && $user->status == 1) {
     // This is done to unserialize the data member of $user
     $user = drupal_unpack($user);
 
@@ -44,7 +45,8 @@
       $user->roles[$role->rid] = $role->name;
     }
   }
-  // We didn't find the client's record (session has expired), or they are an anonymous user.
+  // We didn't find the client's record (session has expired), or they are
+  // blocked, or they are an anonymous user.
   else {
     $session = isset($user->session) ? $user->session : '';
     $user = drupal_anonymous_user($session);
diff -Naur drupal-5.15/includes/tablesort.inc drupal-5.23/includes/tablesort.inc
--- drupal-5.15/includes/tablesort.inc	2007-06-17 00:29:25.000000000 +0200
+++ drupal-5.23/includes/tablesort.inc	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: tablesort.inc,v 1.43.2.1 2007/06/16 22:29:25 drumm Exp $
+// $Id: tablesort.inc,v 1.43.2.2 2009/07/01 20:52:11 drumm Exp $
 
 /**
  * @file
@@ -131,7 +131,7 @@
  *   except for those pertaining to table sorting.
  */
 function tablesort_get_querystring() {
-  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
+  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
 }
 
 /**
diff -Naur drupal-5.15/includes/theme.inc drupal-5.23/includes/theme.inc
--- drupal-5.15/includes/theme.inc	2008-12-05 23:32:50.000000000 +0100
+++ drupal-5.23/includes/theme.inc	2009-05-13 21:41:56.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: theme.inc,v 1.337.2.7 2008/12/05 22:32:50 dries Exp $
+// $Id: theme.inc,v 1.337.2.9 2009/05/13 19:41:56 drumm Exp $
 
 /**
  * @file
@@ -168,7 +168,12 @@
     $functions[$function] = theme_get_function($function);
   }
   if ($functions[$function]) {
-    return call_user_func_array($functions[$function], $args);
+    $output = call_user_func_array($functions[$function], $args);
+    // Add final markup to the full page.
+    if ($function == 'page' || $function == 'book_export_html') {
+      $output = drupal_final_markup($output);
+    }
+    return $output;
   }
 }
 
diff -Naur drupal-5.15/misc/drupal.js drupal-5.23/misc/drupal.js
--- drupal-5.15/misc/drupal.js	2008-08-13 20:12:23.000000000 +0200
+++ drupal-5.23/misc/drupal.js	2009-02-26 07:46:48.000000000 +0100
@@ -1,4 +1,4 @@
-// $Id: drupal.js,v 1.29.2.2 2008/08/13 18:12:23 drumm Exp $
+// $Id: drupal.js,v 1.29.2.3 2009/02/26 06:46:48 drumm Exp $
 
 var Drupal = Drupal || {};
 
@@ -12,8 +12,8 @@
  */
 Drupal.extend = function(obj) {
   for (var i in obj) {
-    if (this[i]) {
-      Drupal.extend.apply(this[i], [obj[i]]);
+    if (this[i] && (typeof(this[i]) == 'function' || typeof(this[i]) == 'object')) {
+   	  Drupal.extend.apply(this[i], [obj[i]]);
     }
     else {
       this[i] = obj[i];
diff -Naur drupal-5.15/modules/aggregator/aggregator.info drupal-5.23/modules/aggregator/aggregator.info
--- drupal-5.15/modules/aggregator/aggregator.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/aggregator/aggregator.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/block/block.info drupal-5.23/modules/block/block.info
--- drupal-5.15/modules/block/block.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/block/block.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/blog/blog.info drupal-5.23/modules/blog/blog.info
--- drupal-5.15/modules/blog/blog.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/blog/blog.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/blogapi/blogapi.info drupal-5.23/modules/blogapi/blogapi.info
--- drupal-5.15/modules/blogapi/blogapi.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/blogapi/blogapi.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/book/book.info drupal-5.23/modules/book/book.info
--- drupal-5.15/modules/book/book.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/book/book.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/book/book.module drupal-5.23/modules/book/book.module
--- drupal-5.15/modules/book/book.module	2007-02-14 05:30:33.000000000 +0100
+++ drupal-5.23/modules/book/book.module	2009-05-13 21:41:56.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: book.module,v 1.406.2.1 2007/02/14 04:30:33 drumm Exp $
+// $Id: book.module,v 1.406.2.2 2009/05/13 19:41:56 drumm Exp $
 
 /**
  * @file
@@ -702,8 +702,9 @@
   global $base_url;
   $html = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
   $html .= '<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">';
-  $html .= "<head>\n<title>". $title ."</title>\n";
+  $html .= "\n<head>\n";
   $html .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
+  $html .= "\n<title>". $title ."</title>\n";
   $html .= '<base href="'. $base_url .'/" />' . "\n";
   $html .= "<style type=\"text/css\">\n@import url(misc/print.css);\n</style>\n";
   $html .= "</head>\n<body>\n". $content ."\n</body>\n</html>\n";
diff -Naur drupal-5.15/modules/color/color.info drupal-5.23/modules/color/color.info
--- drupal-5.15/modules/color/color.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/color/color.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/comment/comment.info drupal-5.23/modules/comment/comment.info
--- drupal-5.15/modules/comment/comment.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/comment/comment.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/comment/comment.module drupal-5.23/modules/comment/comment.module
--- drupal-5.15/modules/comment/comment.module	2008-12-03 18:55:49.000000000 +0100
+++ drupal-5.23/modules/comment/comment.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment.module,v 1.520.2.13 2008/12/03 17:55:49 drumm Exp $
+// $Id: comment.module,v 1.520.2.15 2010/08/11 20:37:49 drumm Exp $
 
 /**
  * @file
@@ -575,7 +575,7 @@
   global $user;
 
   if ($op == 'edit') {
-    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
+    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0 && $comment->status == COMMENT_PUBLISHED) || user_access('administer comments');
   }
 }
 
@@ -1656,7 +1656,7 @@
     // 2) Strip out all HTML tags
     // 3) Convert entities back to plain-text.
     // Note: format is checked by check_markup().
-    $form_values['subject'] = trim(truncate_utf8(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format']))), 29, TRUE));
+    $form_values['subject'] = truncate_utf8(trim(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format'])))), 29, TRUE);
     // Edge cases where the comment body is populated only by HTML tags will
     // require a default subject.
     if ($form_values['subject'] == '') {
diff -Naur drupal-5.15/modules/contact/contact.info drupal-5.23/modules/contact/contact.info
--- drupal-5.15/modules/contact/contact.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/contact/contact.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/contact/contact.module drupal-5.23/modules/contact/contact.module
--- drupal-5.15/modules/contact/contact.module	2008-09-15 08:19:06.000000000 +0200
+++ drupal-5.23/modules/contact/contact.module	2009-12-16 21:46:31.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: contact.module,v 1.74.2.2 2008/09/15 06:19:06 drumm Exp $
+// $Id: contact.module,v 1.74.2.3 2009/12/16 20:46:31 drumm Exp $
 
 /**
  * @file
@@ -145,7 +145,7 @@
   $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
   $rows = array();
   while ($category = db_fetch_object($result)) {
-    $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+    $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
   }
   $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
 
@@ -549,4 +549,3 @@
   // Jump to home page rather than back to contact page to avoid contradictory messages if flood control has been activated.
   return '';
 }
-
diff -Naur drupal-5.15/modules/drupal/drupal.info drupal-5.23/modules/drupal/drupal.info
--- drupal-5.15/modules/drupal/drupal.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/drupal/drupal.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/filter/filter.info drupal-5.23/modules/filter/filter.info
--- drupal-5.15/modules/filter/filter.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/filter/filter.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/filter/filter.module drupal-5.23/modules/filter/filter.module
--- drupal-5.15/modules/filter/filter.module	2008-12-21 03:47:24.000000000 +0100
+++ drupal-5.23/modules/filter/filter.module	2009-06-03 19:52:13.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: filter.module,v 1.160.2.12 2008/12/21 02:47:24 drumm Exp $
+// $Id: filter.module,v 1.160.2.14 2009/06/03 17:52:13 drumm Exp $
 
 /**
  * @file
@@ -1187,13 +1187,13 @@
  */
 function _filter_autop($text) {
   // All block level tags
-  $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6])';
+  $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6]|hr)';
 
   // Split at <pre>, <script>, <style> and </pre>, </script>, </style> tags.
   // We don't apply any processing to the contents of these tags to avoid messing
   // up code. We look for matched pairs and allow basic nesting. For example:
   // "processed <pre> ignored <script> ignored </script> ignored </pre> processed"
-  $chunks = preg_split('@(</?(?:pre|script|style)[^>]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+  $chunks = preg_split('@(</?(?:pre|script|style|object)[^>]*>)@i', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
   // Note: PHP ensures the array consists of alternating delimiters and literals
   // and begins and ends with a literal (inserting NULL as required).
   $ignore = FALSE;
diff -Naur drupal-5.15/modules/forum/forum.info drupal-5.23/modules/forum/forum.info
--- drupal-5.15/modules/forum/forum.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/forum/forum.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/forum/forum.module drupal-5.23/modules/forum/forum.module
--- drupal-5.15/modules/forum/forum.module	2008-04-05 04:18:59.000000000 +0200
+++ drupal-5.23/modules/forum/forum.module	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: forum.module,v 1.375.2.7 2008/04/05 02:18:59 drumm Exp $
+// $Id: forum.module,v 1.375.2.9 2009/07/01 20:52:11 drumm Exp $
 
 /**
  * @file
@@ -645,18 +645,8 @@
   return array('#type' => 'select', '#title' => $title, '#default_value' => $parent, '#options' => $options, '#description' => $description, '#required' => TRUE);
 }
 
-function forum_link_alter(&$node, &$links) {
-  foreach ($links as $module => $link) {
-    if (strstr($module, 'taxonomy_term')) {
-      // Link back to the forum and not the taxonomy term page. We'll only
-      // do this if the taxonomy term in question belongs to forums.
-      $tid = str_replace('taxonomy/term/', '', $link['href']);
-      $term = taxonomy_get_term($tid);
-      if ($term->vid == _forum_get_vid()) {
-        $links[$module]['href'] = str_replace('taxonomy/term', 'forum', $link['href']);
-      }
-    }
-  }
+function forum_term_path($term) {
+  return 'forum/'. $term->tid;
 }
 
 /**
@@ -843,6 +833,11 @@
  * Menu callback; prints a forum listing.
  */
 function forum_page($tid = 0) {
+  if (!is_numeric($tid)) {
+    return MENU_NOT_FOUND;
+  }
+  $tid = (int)$tid;
+
   drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
   $forum_per_page = variable_get('forum_per_page', 25);
   $sortby = variable_get('forum_order', 1);
diff -Naur drupal-5.15/modules/help/help.info drupal-5.23/modules/help/help.info
--- drupal-5.15/modules/help/help.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/help/help.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/legacy/legacy.info drupal-5.23/modules/legacy/legacy.info
--- drupal-5.15/modules/legacy/legacy.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/legacy/legacy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/locale/locale.info drupal-5.23/modules/locale/locale.info
--- drupal-5.15/modules/locale/locale.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/locale/locale.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/locale/locale.install drupal-5.23/modules/locale/locale.install
--- drupal-5.15/modules/locale/locale.install	2006-11-14 07:20:40.000000000 +0100
+++ drupal-5.23/modules/locale/locale.install	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.install,v 1.7 2006/11/14 06:20:40 drumm Exp $
+// $Id: locale.install,v 1.7.2.1 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * Implementation of hook_install().
@@ -85,3 +85,23 @@
   db_query('DROP TABLE {locales_source}');
   db_query('DROP TABLE {locales_target}');
 }
+
+/**
+ * Neutralize unsafe language names in the database.
+ */
+function locale_update_1() {
+  $ret = array();
+  $matches = db_result(db_query("SELECT 1 FROM {locales_meta} WHERE name LIKE '%<%' OR name LIKE '%>%'"));
+  if ($matches) {
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '<', '')");
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '>', '')");
+    drupal_set_message('The language name in English of all the existing custom languages of your site have been sanitized for security purposes. Visit the <a href="'. url('admin/settings/language') .'">Languages</a> page to check these and fix them if necessary.', 'warning');
+  }
+  // Check if some langcode values contain potentially dangerous characters and
+  // warn the user if so. These are not fixed since they are referenced in other
+  // tables (e.g. {node}).
+  if (db_result(db_query("SELECT 1 FROM {locales_meta} WHERE locale LIKE '%<%' OR locale LIKE '%>%' OR locale LIKE '%\"%' OR locale LIKE '%\\\\\%'"))) {
+    drupal_set_message('Some of your custom language code values contain invalid characters. You should examine the <a href="'. url('admin/settings/language') .'">Languages</a> page. These must be fixed manually.', 'error');
+  }
+  return $ret;
+}
diff -Naur drupal-5.15/modules/locale/locale.module drupal-5.23/modules/locale/locale.module
--- drupal-5.15/modules/locale/locale.module	2008-07-09 23:48:42.000000000 +0200
+++ drupal-5.23/modules/locale/locale.module	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.module,v 1.155.2.1 2008/07/09 21:48:42 drumm Exp $
+// $Id: locale.module,v 1.155.2.2 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -137,15 +137,17 @@
     if ($user->language == '') {
       $user->language = key($languages['name']);
     }
-    $languages['name'] = array_map('check_plain', array_map('t', $languages['name']));
+    foreach (array_map('t', $languages['name']) as $key => $value) {
+      $languages_name[check_plain($key)] = check_plain($value);
+    }
     $form['locale'] = array('#type' => 'fieldset',
       '#title' => t('Interface language settings'),
       '#weight' => 1,
     );
     $form['locale']['language'] = array('#type' => 'radios',
       '#title' => t('Language'),
-      '#default_value' => $user->language,
-      '#options' => $languages['name'],
+      '#default_value' => check_plain($user->language),
+      '#options' => $languages_name,
       '#description' => t('Selecting a different locale will change the interface language of the site.'),
     );
     return $form;
diff -Naur drupal-5.15/modules/menu/menu.info drupal-5.23/modules/menu/menu.info
--- drupal-5.15/modules/menu/menu.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/menu/menu.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/menu/menu.module drupal-5.23/modules/menu/menu.module
--- drupal-5.15/modules/menu/menu.module	2008-11-15 03:47:59.000000000 +0100
+++ drupal-5.23/modules/menu/menu.module	2009-02-26 07:56:26.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.module,v 1.100.2.3 2008/11/15 02:47:59 drumm Exp $
+// $Id: menu.module,v 1.100.2.4 2009/02/26 06:56:26 drumm Exp $
 
 /**
  * @file
@@ -176,7 +176,7 @@
   if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
     $item = array();
     if ($form['nid']['#value'] > 0) {
-      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d'", $form['nid']['#value']));
+      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d' ORDER BY mid", $form['nid']['#value']));
       if (isset($form['#post']['menu']) && is_array($form['#post']['menu'])) {
         $item = !is_array($item) ? $form['#post']['menu'] : (($form['#post']['op'] == t('Preview')) ? array_merge($item, $form['#post']['menu']) : array_merge($form['#post']['menu'], $item));
       }
diff -Naur drupal-5.15/modules/node/node.info drupal-5.23/modules/node/node.info
--- drupal-5.15/modules/node/node.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/node/node.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/path/path.info drupal-5.23/modules/path/path.info
--- drupal-5.15/modules/path/path.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/path/path.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/ping/ping.info drupal-5.23/modules/ping/ping.info
--- drupal-5.15/modules/ping/ping.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/ping/ping.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/poll/poll.info drupal-5.23/modules/poll/poll.info
--- drupal-5.15/modules/poll/poll.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/poll/poll.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/profile/profile.info drupal-5.23/modules/profile/profile.info
--- drupal-5.15/modules/profile/profile.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/profile/profile.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/search/search.info drupal-5.23/modules/search/search.info
--- drupal-5.15/modules/search/search.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/search/search.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/search/search.module drupal-5.23/modules/search/search.module
--- drupal-5.15/modules/search/search.module	2008-05-14 08:35:29.000000000 +0200
+++ drupal-5.23/modules/search/search.module	2009-09-16 06:27:01.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: search.module,v 1.209.2.6 2008/05/14 06:35:29 drumm Exp $
+// $Id: search.module,v 1.209.2.7 2009/09/16 04:27:01 drumm Exp $
 
 /**
  * @file
@@ -1052,6 +1052,17 @@
  * Process a block search form submission.
  */
 function search_box_form_submit($form_id, $form_values) {
+  // The search form relies on control of the redirect destination for its
+  // functionality, so we override any static destination set in the request,
+  // for example by drupal_access_denied() or drupal_not_found()
+  // (see http://drupal.org/node/292565).
+  if (isset($_REQUEST['destination'])) {
+    unset($_REQUEST['destination']);
+  }
+  if (isset($_REQUEST['edit']['destination'])) {
+    unset($_REQUEST['edit']['destination']);
+  }
+
   return 'search/node/'. trim($form_values[$form_id .'_keys']);
 }
 
diff -Naur drupal-5.15/modules/statistics/statistics.info drupal-5.23/modules/statistics/statistics.info
--- drupal-5.15/modules/statistics/statistics.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/statistics/statistics.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/system/system.info drupal-5.23/modules/system/system.info
--- drupal-5.15/modules/system/system.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/system/system.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/system/system.install drupal-5.23/modules/system/system.install
--- drupal-5.15/modules/system/system.install	2008-02-25 03:25:36.000000000 +0100
+++ drupal-5.23/modules/system/system.install	2009-03-22 20:55:22.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: system.install,v 1.69.2.11 2008/02/25 02:25:36 drumm Exp $
+// $Id: system.install,v 1.69.2.12 2009/03/22 19:55:22 drumm Exp $
 
 define('DRUPAL_MINIMUM_PHP',    '4.3.5');
 define('DRUPAL_MINIMUM_MYSQL',  '3.23.17'); // If using MySQL
@@ -1257,7 +1257,7 @@
   }
 
   // Flush the menu cache:
-  cache_clear_all('menu:', TRUE);
+  cache_clear_all('*', 'cache_menu', TRUE);
 
   return $ret;
 }
diff -Naur drupal-5.15/modules/system/system.module drupal-5.23/modules/system/system.module
--- drupal-5.15/modules/system/system.module	2009-01-15 00:32:15.000000000 +0100
+++ drupal-5.23/modules/system/system.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,12 +1,12 @@
 <?php
-// $Id: system.module,v 1.440.2.46 2009/01/14 23:32:15 drumm Exp $
+// $Id: system.module,v 1.440.2.63 2010/08/11 20:37:49 drumm Exp $
 
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.15');
+define('VERSION', '5.23');
 
 /**
  * Implementation of hook_help().
@@ -526,7 +526,7 @@
 
 function _system_zonelist() {
   $timestamp = time();
-  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4, -3.5, -3, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
+  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4.5, -4, -3.5, -3, -2.5, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
   $zones = array();
   foreach ($zonelist as $offset) {
     $zone = $offset * 3600;
@@ -2371,7 +2371,7 @@
     }
   }
 
-  $output = '<div class="admin">';
+  $output = '<div class="admin clear-block">';
   foreach ($container as $id => $data) {
     $output .= '<div class="'. $id .' clear-block">';
     $output .= $data;
diff -Naur drupal-5.15/modules/taxonomy/taxonomy.info drupal-5.23/modules/taxonomy/taxonomy.info
--- drupal-5.15/modules/taxonomy/taxonomy.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/taxonomy/taxonomy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/taxonomy/taxonomy.module drupal-5.23/modules/taxonomy/taxonomy.module
--- drupal-5.15/modules/taxonomy/taxonomy.module	2008-07-06 02:50:44.000000000 +0200
+++ drupal-5.23/modules/taxonomy/taxonomy.module	2009-07-10 07:47:16.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: taxonomy.module,v 1.330.2.17 2008/07/06 00:50:44 drumm Exp $
+// $Id: taxonomy.module,v 1.330.2.21 2009/07/10 05:47:16 drumm Exp $
 
 /**
  * @file
@@ -57,7 +57,6 @@
  * @return
  *   An internal Drupal path.
  */
-
 function taxonomy_term_path($term) {
   $vocabulary = taxonomy_get_vocabulary($term->vid);
   if ($vocabulary->module != 'taxonomy' && $path = module_invoke($vocabulary->module, 'term_path', $term)) {
@@ -621,7 +620,7 @@
  */
 function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
   $vocabulary = taxonomy_get_vocabulary($vid);
-  $help = ($help) ? $help : $vocabulary->help;
+  $help = ($help) ? $help : filter_xss_admin($vocabulary->help);
 
   if (!$vocabulary->multiple) {
     $blank = ($vocabulary->required) ? t('- Please choose -') : t('- None selected -');
@@ -718,7 +717,7 @@
         $typed_string = implode(', ', $typed_terms) . (array_key_exists('tags', $terms) ? $terms['tags'][$vocabulary->vid] : NULL);
 
         if ($vocabulary->help) {
-          $help = $vocabulary->help;
+          $help = filter_xss_admin($vocabulary->help);
         }
         else {
           $help = t('A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".');
@@ -730,7 +729,7 @@
           '#default_value' => $typed_string,
           '#autocomplete_path' => 'taxonomy/autocomplete/'. $vocabulary->vid,
           '#weight' => $vocabulary->weight,
-          '#maxlength' => 255,
+          '#maxlength' => 1024,
         );
       }
       else {
@@ -741,7 +740,7 @@
             $default_terms[$term->tid] = $term;
           }
         }
-        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), $vocabulary->help);
+        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), filter_xss_admin($vocabulary->help));
         $form['taxonomy'][$vocabulary->vid]['#weight'] = $vocabulary->weight;
         $form['taxonomy'][$vocabulary->vid]['#required'] = $vocabulary->required;
       }
@@ -1178,6 +1177,35 @@
   return $terms[$tid];
 }
 
+/**
+ * Create a select form element for a given taxonomy vocabulary.
+ *
+ * NOTE: This function expects input that has already been sanitized and is
+ * safe for display. Callers must properly sanitize the $title and
+ * $description arguments to prevent XSS vulnerabilities.
+ *
+ * @param $title
+ *   The title of the vocabulary. This MUST be sanitized by the caller.
+ * @param $name
+ *   Ignored.
+ * @param $value
+ *   The currently selected terms from this vocabulary, if any.
+ * @param $vocabulary_id
+ *   The vocabulary ID to build the form element for.
+ * @param $description
+ *   Help text for the form element. This MUST be sanitized by the caller.
+ * @param $multiple
+ *   Boolean to control if the form should use a single or multiple select.
+ * @param $blank
+ *   Optional form choice to use when no value has been selected.
+ * @param $exclude
+ *   Optional array of term ids to exclude in the selector.
+ * @return
+ *   A FAPI form array to select terms from the given vocabulary.
+ *
+ * @see taxonomy_form()
+ * @see taxonomy_form_term()
+ */
 function _taxonomy_term_select($title, $name, $value, $vocabulary_id, $description, $multiple, $blank, $exclude = array()) {
   $tree = taxonomy_get_tree($vocabulary_id);
   $options = array();
diff -Naur drupal-5.15/modules/throttle/throttle.info drupal-5.23/modules/throttle/throttle.info
--- drupal-5.15/modules/throttle/throttle.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/throttle/throttle.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/tracker/tracker.info drupal-5.23/modules/tracker/tracker.info
--- drupal-5.15/modules/tracker/tracker.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/tracker/tracker.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/upload/upload.info drupal-5.23/modules/upload/upload.info
--- drupal-5.15/modules/upload/upload.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/upload/upload.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/upload/upload.module drupal-5.23/modules/upload/upload.module
--- drupal-5.15/modules/upload/upload.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/upload/upload.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: upload.module,v 1.148.2.5 2008/10/08 20:10:26 drumm Exp $
+// $Id: upload.module,v 1.148.2.6 2010/08/11 20:37:49 drumm Exp $
 
 /**
  * @file
@@ -259,9 +259,15 @@
 }
 
 function upload_file_download($file) {
-  $file = file_create_path($file);
-  $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
-  if ($file = db_fetch_object($result)) {
+  $filepath = file_create_path($file);
+  $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $filepath);
+  while ($file = db_fetch_object($result)) {
+    if ($filepath !== $file->filepath) {
+      // Since some database servers sometimes use a case-insensitive
+      // comparison by default, double check that the filename is an exact
+      // match.
+      continue;
+    }
     if (user_access('view uploaded files')) {
       $node = node_load($file->nid);
       if (node_access('view', $node)) {
@@ -271,13 +277,8 @@
           'Content-Length: '. $file->filesize,
         );
       }
-      else {
-        return -1;
-      }
-    }
-    else {
-      return -1;
     }
+    return -1;
   }
 }
 
diff -Naur drupal-5.15/modules/user/user.info drupal-5.23/modules/user/user.info
--- drupal-5.15/modules/user/user.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/user/user.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/modules/user/user.module drupal-5.23/modules/user/user.module
--- drupal-5.15/modules/user/user.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/user/user.module	2009-09-16 21:33:40.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: user.module,v 1.745.2.35 2008/10/08 20:10:26 drumm Exp $
+// $Id: user.module,v 1.745.2.36 2009/09/16 19:33:40 drumm Exp $
 
 /**
  * @file
@@ -1149,6 +1149,8 @@
           $user = $account;
           // And proceed with normal login, going to user page.
           $edit = array();
+          // Regenerate the session ID to prevent against session fixation attacks.
+          sess_regenerate();
           user_module_invoke('login', $edit, $user);
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
           drupal_goto('user/'. $user->uid .'/edit');
diff -Naur drupal-5.15/modules/watchdog/watchdog.info drupal-5.23/modules/watchdog/watchdog.info
--- drupal-5.15/modules/watchdog/watchdog.info	2009-01-15 00:40:15.000000000 +0100
+++ drupal-5.23/modules/watchdog/watchdog.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-01-14
-version = "5.15"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1231976415"
+datestamp = "1281559590"
 
diff -Naur drupal-5.15/sites/default/settings.php drupal-5.23/sites/default/settings.php
--- drupal-5.15/sites/default/settings.php	2007-07-09 06:28:12.000000000 +0200
+++ drupal-5.23/sites/default/settings.php	2009-06-16 20:29:52.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: settings.php,v 1.39.2.3 2007/07/09 04:28:12 drumm Exp $
+// $Id: settings.php,v 1.39.2.4 2009/06/16 18:29:52 drumm Exp $
 
 /**
  * @file
@@ -132,6 +132,7 @@
 ini_set('session.cookie_lifetime',  2000000);
 ini_set('session.gc_maxlifetime',   200000);
 ini_set('session.save_handler',     'user');
+ini_set('session.use_cookies',      1);
 ini_set('session.use_only_cookies', 1);
 ini_set('session.use_trans_sid',    0);
 ini_set('url_rewriter.tags',        '');
diff -Naur drupal-5.15/themes/bluemarine/page.tpl.php drupal-5.23/themes/bluemarine/page.tpl.php
--- drupal-5.15/themes/bluemarine/page.tpl.php	2006-08-30 09:37:13.000000000 +0200
+++ drupal-5.23/themes/bluemarine/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -2,8 +2,8 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language ?>" xml:lang="<?php print $language ?>">
 
 <head>
-  <title><?php print $head_title ?></title>
   <?php print $head ?>
+  <title><?php print $head_title ?></title>
   <?php print $styles ?>
   <?php print $scripts ?>
   <script type="text/javascript"><?php /* Needed to avoid Flash of Unstyle Content in IE */ ?> </script>
diff -Naur drupal-5.15/themes/chameleon/chameleon.theme drupal-5.23/themes/chameleon/chameleon.theme
--- drupal-5.15/themes/chameleon/chameleon.theme	2007-05-31 08:13:36.000000000 +0200
+++ drupal-5.23/themes/chameleon/chameleon.theme	2009-04-30 02:13:49.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: chameleon.theme,v 1.56.2.2 2007/05/31 06:13:36 drumm Exp $
+// $Id: chameleon.theme,v 1.56.2.3 2009/04/30 00:13:49 drumm Exp $
 
 /**
  * @file
@@ -39,8 +39,8 @@
   $output  = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
   $output .= "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"$language\" xml:lang=\"$language\">\n";
   $output .= "<head>\n";
-  $output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
   $output .= drupal_get_html_head();
+  $output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
   $output .= drupal_get_css();
   $output .= drupal_get_js();
   $output .= "</head>";
diff -Naur drupal-5.15/themes/engines/phptemplate/phptemplate.engine drupal-5.23/themes/engines/phptemplate/phptemplate.engine
--- drupal-5.15/themes/engines/phptemplate/phptemplate.engine	2008-08-13 20:47:17.000000000 +0200
+++ drupal-5.23/themes/engines/phptemplate/phptemplate.engine	2009-05-13 18:36:22.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: phptemplate.engine,v 1.54.2.4 2008/08/13 18:47:17 drumm Exp $
+// $Id: phptemplate.engine,v 1.54.2.9 2009/05/13 16:36:22 drumm Exp $
 
 /**
  * @file
@@ -257,6 +257,7 @@
   $suggestion = 'page';
   $suggestions = array($suggestion);
   while ($arg = arg($i++)) {
+    $arg = str_replace(array("/", "\\", "\0"), '', $arg);
     $suggestions[] = $suggestion . '-' . $arg;
     if (!is_numeric($arg)) {
       $suggestion .= '-' . $arg;
@@ -371,7 +372,10 @@
  * @param $variables
  *   A sequential array of variables passed to the theme function.
  * @param $suggestions
- *   An array of suggested template files to use.
+ *   An array of suggested template files to use. This may include a path when
+ *   the suggested template is contained within a sub-directory of the theme.
+ *   They are set from _phptemplate_variables() or the theming hook invoking
+ *   _phptemplate_callback().
  */
 function _phptemplate_default($hook, $variables, $suggestions = array(), $extension = '.tpl.php') {
   global $theme_engine;
@@ -414,5 +418,3 @@
   ob_end_clean();                  // End buffering and discard
   return $contents;                // Return the contents
 }
-
-?>
diff -Naur drupal-5.15/themes/garland/page.tpl.php drupal-5.23/themes/garland/page.tpl.php
--- drupal-5.15/themes/garland/page.tpl.php	2006-12-14 01:37:00.000000000 +0100
+++ drupal-5.23/themes/garland/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -2,8 +2,8 @@
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language ?>" lang="<?php print $language ?>">
   <head>
-    <title><?php print $head_title ?></title>
     <?php print $head ?>
+    <title><?php print $head_title ?></title>
     <?php print $styles ?>
     <?php print $scripts ?>
     <style type="text/css" media="print">@import "<?php print base_path() . path_to_theme() ?>/print.css";</style>
diff -Naur drupal-5.15/themes/garland/style.css drupal-5.23/themes/garland/style.css
--- drupal-5.15/themes/garland/style.css	2007-07-09 05:50:59.000000000 +0200
+++ drupal-5.23/themes/garland/style.css	2009-09-16 06:38:12.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: style.css,v 1.14.2.4 2007/07/09 03:50:59 drumm Exp $ */
+/* $Id: style.css,v 1.14.2.5 2009/09/16 04:38:12 drumm Exp $ */
 
 /**
  * Garland, for Drupal 5.0
@@ -606,6 +606,7 @@
   text-decoration: none;
   position: relative;
   top: -1px;
+  display: inline-block;
 }
 ul.primary li.active a, ul.primary li.active a:link, ul.primary li.active a:visited, ul.primary li a:hover,
 ul.secondary li.active a, ul.secondary li.active a:link, ul.secondary li.active a:visited, ul.secondary li a:hover {
diff -Naur drupal-5.15/themes/pushbutton/page.tpl.php drupal-5.23/themes/pushbutton/page.tpl.php
--- drupal-5.15/themes/pushbutton/page.tpl.php	2006-08-30 09:37:14.000000000 +0200
+++ drupal-5.23/themes/pushbutton/page.tpl.php	2009-04-30 02:13:49.000000000 +0200
@@ -1,9 +1,9 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language ?>" xml:lang="<?php print $language ?>">
 <head>
-  <title><?php print $head_title ?></title>
   <meta http-equiv="Content-Style-Type" content="text/css" />
   <?php print $head ?>
+  <title><?php print $head_title ?></title>
   <?php print $styles ?>
   <?php print $scripts ?>
 </head>