diff -Naur drupal-5.17/CHANGELOG.txt drupal-5.23/CHANGELOG.txt
--- drupal-5.17/CHANGELOG.txt	2009-04-30 02:13:48.000000000 +0200
+++ drupal-5.23/CHANGELOG.txt	2010-08-11 22:37:49.000000000 +0200
@@ -1,4 +1,37 @@
-// $Id: CHANGELOG.txt,v 1.173.2.39 2009/04/30 00:13:48 drumm Exp $
+// $Id: CHANGELOG.txt,v 1.173.2.50 2010/08/11 20:37:49 drumm Exp $
+
+Drupal 5.23, 2010-08-11
+-----------------------
+- Fixed security issues (File download access bypass, Comment unpublishing
+  bypass), see SA-CORE-2010-002.
+
+Drupal 5.22, 2010-03-03
+-----------------------
+- Fixed security issues (Open redirection, Locale module cross site scripting,
+  Blocked user session regeneration), see SA-CORE-2010-001.
+
+Drupal 5.21, 2009-12-16
+-----------------------
+- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009.
+- Fixed a variety of small bugs.
+
+Drupal 5.20, 2009-09-16
+-----------------------
+- Avoid security problems resulting from writing Drupal 6-style menu
+  declarations.
+- Fixed security issues (session fixation), see SA-CORE-2009-008.
+- Fixed a variety of small bugs.
+
+Drupal 5.19, 2009-07-01
+-----------------------
+- Fixed security issues (Cross site scripting and Password leakage in URL), see
+  SA-CORE-2009-007.          
+- Fixed a variety of small bugs.
+
+Drupal 5.18, 2009-05-13
+-----------------------
+- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
+- Fixed a variety of small bugs.
 
 Drupal 5.17, 2009-04-29
 -----------------------
diff -Naur drupal-5.17/includes/cache.inc drupal-5.23/includes/cache.inc
--- drupal-5.17/includes/cache.inc	2008-02-10 03:05:00.000000000 +0100
+++ drupal-5.23/includes/cache.inc	2009-07-10 07:41:24.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: cache.inc,v 1.5.2.5 2008/02/10 02:05:00 drumm Exp $
+// $Id: cache.inc,v 1.5.2.6 2009/07/10 05:41:24 drumm Exp $
 
 /**
  * Return data from the persistent cache.
@@ -14,10 +14,10 @@
   global $user;
 
   // Garbage collection necessary when enforcing a minimum cache lifetime
-  $cache_flush = variable_get('cache_flush', 0);
+  $cache_flush = variable_get('cache_flush_'. $table, 0);
   if ($cache_flush && ($cache_flush + variable_get('cache_lifetime', 0) <= time())) {
     // Reset the variable immediately to prevent a meltdown in heavy load situations.
-    variable_set('cache_flush', 0);
+    variable_set('cache_flush_'. $table, 0);
     // Time to flush old cache data
     db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire <= %d", CACHE_PERMANENT, $cache_flush);
   }
@@ -134,16 +134,16 @@
       // cached data that was cached before the timestamp.
       $user->cache = time();
 
-      $cache_flush = variable_get('cache_flush', 0);
+      $cache_flush = variable_get('cache_flush_'. $table, 0);
       if ($cache_flush == 0) {
         // This is the first request to clear the cache, start a timer.
-        variable_set('cache_flush', time());
+        variable_set('cache_flush_'. $table, time());
       }
       else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) {
-        // Clear the cache for everyone, cache_flush_delay seconds have
+        // Clear the cache for everyone, cache_lifetime seconds have
         // passed since the first request to clear the cache.
         db_query("DELETE FROM {". $table. "} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
-        variable_set('cache_flush', 0);
+        variable_set('cache_flush_'. $table, 0);
       }
     }
     else {
diff -Naur drupal-5.17/includes/common.inc drupal-5.23/includes/common.inc
--- drupal-5.17/includes/common.inc	2009-04-30 02:13:48.000000000 +0200
+++ drupal-5.23/includes/common.inc	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.611.2.23 2009/04/30 00:13:48 drumm Exp $
+// $Id: common.inc,v 1.611.2.26 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -302,11 +302,22 @@
  * @see drupal_get_destination()
  */
 function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {
+
+  $destination = FALSE;
   if (isset($_REQUEST['destination'])) {
-    extract(parse_url(urldecode($_REQUEST['destination'])));
+    $destination = $_REQUEST['destination'];
   }
   else if (isset($_REQUEST['edit']['destination'])) {
-    extract(parse_url(urldecode($_REQUEST['edit']['destination'])));
+    $destination = $_REQUEST['edit']['destination'];
+  }
+
+  if ($destination) {
+    // Do not redirect to an absolute URL originating from user input.
+    $colonpos = strpos($destination, ':');
+    $absolute = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($destination, 0, $colonpos)));
+    if (!$absolute) {
+      extract(parse_url(urldecode($destination)));
+    }
   }
 
   $url = url($path, $query, $fragment, TRUE);
@@ -427,6 +438,18 @@
   // Parse the URL, and make sure we can handle the schema.
   $uri = parse_url($url);
 
+  if ($uri == FALSE) {
+    $result->error = 'unable to parse URL';
+    $result->code = -1001;
+    return $result;
+  }
+
+  if (!isset($uri['scheme'])) {
+    $result->error = 'missing schema';
+    $result->code = -1002;
+    return $result;
+  }
+
   switch ($uri['scheme']) {
     case 'http':
       $port = isset($uri['port']) ? $uri['port'] : 80;
@@ -441,6 +464,7 @@
       break;
     default:
       $result->error = 'invalid schema '. $uri['scheme'];
+      $result->code = -1003;
       return $result;
   }
 
@@ -2047,7 +2071,7 @@
  * @param $body
  *   Message to be sent. Drupal will format the correct line endings for you.
  * @param $from
- *   Sets From, Reply-To, Return-Path and Error-To to this value, if given.
+ *   Sets From to this value, if given.
  * @param $headers
  *   Associative array containing the headers to add. This is typically
  *   used to add extra headers (From, Cc, and Bcc).
@@ -2067,10 +2091,10 @@
   // SMTP server.  Errors-To is redundant, but shouldn't hurt.
   $default_from = variable_get('site_mail', ini_get('sendmail_from'));
   if ($default_from) {
-    $defaults['From'] = $defaults['Reply-To'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from;
+    $defaults['From'] = $defaults['Sender'] = $defaults['Return-Path'] = $defaults['Errors-To'] = $default_from;
   }
   if ($from) {
-    $defaults['From'] = $defaults['Reply-To'] = $from;
+    $defaults['From'] = $from;
   }
   $headers = array_merge($defaults, $headers);
   // Custom hook traversal to allow pass by reference
diff -Naur drupal-5.17/includes/database.mysql.inc drupal-5.23/includes/database.mysql.inc
--- drupal-5.17/includes/database.mysql.inc	2008-09-15 08:14:52.000000000 +0200
+++ drupal-5.23/includes/database.mysql.inc	2009-07-10 08:09:38.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: database.mysql.inc,v 1.66.2.3 2008/09/15 06:14:52 drumm Exp $
+// $Id: database.mysql.inc,v 1.66.2.4 2009/07/10 06:09:38 drumm Exp $
 
 /**
  * @file
@@ -360,7 +360,7 @@
   $tablename = array_pop($args);
   array_shift($args);
 
-  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query));
+  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
   if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
     $args = $args[0];
   }
diff -Naur drupal-5.17/includes/database.mysqli.inc drupal-5.23/includes/database.mysqli.inc
--- drupal-5.17/includes/database.mysqli.inc	2008-09-15 08:14:52.000000000 +0200
+++ drupal-5.23/includes/database.mysqli.inc	2009-07-10 08:09:38.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: database.mysqli.inc,v 1.32.2.5 2008/09/15 06:14:52 drumm Exp $
+// $Id: database.mysqli.inc,v 1.32.2.6 2009/07/10 06:09:38 drumm Exp $
 
 /**
  * @file
@@ -343,7 +343,7 @@
   $tablename = array_pop($args);
   array_shift($args);
 
-  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query));
+  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
   if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
     $args = $args[0];
   }
diff -Naur drupal-5.17/includes/locale.inc drupal-5.23/includes/locale.inc
--- drupal-5.17/includes/locale.inc	2007-12-17 02:53:52.000000000 +0100
+++ drupal-5.23/includes/locale.inc	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.inc,v 1.105.2.5 2007/12/17 01:53:52 drumm Exp $
+// $Id: locale.inc,v 1.105.2.6 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -41,6 +41,9 @@
   $options = array();
   $form['name'] = array('#tree' => TRUE);
   foreach ($languages['name'] as $key => $lang) {
+    // Language code should contain no markup, but is emitted
+    // by radio and checkbox options.
+    $key = check_plain($key);
     $options[$key] = '';
     $status = db_fetch_object(db_query("SELECT isdefault, enabled FROM {locales_meta} WHERE locale = '%s'", $key));
     if ($status->enabled) {
@@ -97,6 +100,14 @@
   return $output;
 }
 
+function _locale_admin_manage_screen_validate($form_id, $form_values) {
+  foreach ($form_values['name'] as $key => $value) {
+    if (preg_match('/["<>\']/', $value)) {
+      form_set_error('name][' . $key, t('The characters &lt;, &gt;, " and \' are not allowed in the language name in English field.'));
+    }
+  }
+}
+
 /**
  * Process locale admin manager form submissions.
  */
@@ -184,12 +195,22 @@
     form_set_error(t('The language %language (%code) already exists.', array('%language' => $form_values['langname'], '%code' => $form_values['langcode'])));
   }
 
+  // If we are adding a non-custom language, check for a valid langcode.
   if (!isset($form_values['langname'])) {
     $isocodes = _locale_get_iso639_list();
     if (!isset($isocodes[$form_values['langcode']])) {
       form_set_error('langcode', t('Invalid language code.'));
     }
   }
+  // Otherwise, check for invlaid characters
+  else {
+    if (preg_match('/["<>\']/', $form_values['langcode'])) {
+      form_set_error('langcode', t('The characters &lt;, &gt;, " and \' are not allowed in the language code field.'));
+    }
+    if (preg_match('/["<>\']/', $form_values['langname'])) {
+      form_set_error('langname', t('The characters &lt;, &gt;, " and \' are not allowed in the language name in English field.'));
+    }
+  }
 }
 
 /**
@@ -331,8 +352,14 @@
 function _locale_string_seek_form() {
   // Get *all* languages set up
   $languages = locale_supported_languages(FALSE, TRUE);
-  asort($languages['name']); unset($languages['name']['en']);
-  $languages['name'] = array_map('check_plain', $languages['name']);
+  unset($languages['name']['en']);
+  // Sanitize the values to be used in radios.
+  $languages_name = array();
+  foreach ($languages['name'] as $key => $value) {
+    $languages_name[check_plain($key)] = check_plain($value);
+  }
+  $languages['name'] = $languages_name;
+  asort($languages['name']);
 
   // Present edit form preserving previous user settings
   $query = _locale_string_seek_query();
diff -Naur drupal-5.17/includes/menu.inc drupal-5.23/includes/menu.inc
--- drupal-5.17/includes/menu.inc	2008-02-11 06:26:53.000000000 +0100
+++ drupal-5.23/includes/menu.inc	2009-07-10 07:56:51.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.inc,v 1.146.2.2 2008/02/11 05:26:53 drumm Exp $
+// $Id: menu.inc,v 1.146.2.3 2009/07/10 05:56:51 drumm Exp $
 
 /**
  * @file
@@ -1055,6 +1055,10 @@
   $temp_mid = -1;
 
   foreach ($menu_item_list as $item) {
+    // Protect against D6 style access
+    if (isset($item['access']) && is_array($item['access']) && count($item['access']) == 1 && isset($item['access'][0]) && is_string($item['access'][0])) {
+      $item['access'] = FALSE;
+    }
     if (!isset($item['path'])) {
       $item['path'] = '';
     }
@@ -1225,6 +1229,10 @@
   $new_items = array();
 
   foreach ($menu_item_list as $item) {
+    // Protect against D6 style access
+    if (isset($item['access']) && is_array($item['access']) && count($item['access']) == 1 && isset($item['access'][0]) && is_string($item['access'][0])) {
+      $item['access'] = FALSE;
+    }
     if (isset($item['callback'])) {
       $_menu['callbacks'][$item['path']] = array('callback' => $item['callback']);
       if (isset($item['callback arguments'])) {
diff -Naur drupal-5.17/includes/pager.inc drupal-5.23/includes/pager.inc
--- drupal-5.17/includes/pager.inc	2006-10-15 21:57:05.000000000 +0200
+++ drupal-5.23/includes/pager.inc	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: pager.inc,v 1.59 2006/10/15 19:57:05 dries Exp $
+// $Id: pager.inc,v 1.59.2.1 2009/07/01 20:52:11 drumm Exp $
 
 /**
  * @file
@@ -85,7 +85,7 @@
 function pager_get_querystring() {
   static $string = NULL;
   if (!isset($string)) {
-    $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE)));
+    $string = drupal_query_string_encode($_REQUEST, array_merge(array('q', 'page', 'pass'), array_keys($_COOKIE)));
   }
   return $string;
 }
diff -Naur drupal-5.17/includes/session.inc drupal-5.23/includes/session.inc
--- drupal-5.17/includes/session.inc	2008-12-11 01:23:01.000000000 +0100
+++ drupal-5.23/includes/session.inc	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: session.inc,v 1.37.2.7 2008/12/11 00:23:01 drumm Exp $
+// $Id: session.inc,v 1.37.2.8 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -31,8 +31,9 @@
   // Otherwise, if the session is still active, we have a record of the client's session in the database.
   $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
 
-  // We found the client's session record and they are an authenticated user
-  if ($user && $user->uid > 0) {
+  // We found the client's session record and they are an authenticated,
+  // active user.
+  if ($user && $user->uid > 0 && $user->status == 1) {
     // This is done to unserialize the data member of $user
     $user = drupal_unpack($user);
 
@@ -44,7 +45,8 @@
       $user->roles[$role->rid] = $role->name;
     }
   }
-  // We didn't find the client's record (session has expired), or they are an anonymous user.
+  // We didn't find the client's record (session has expired), or they are
+  // blocked, or they are an anonymous user.
   else {
     $session = isset($user->session) ? $user->session : '';
     $user = drupal_anonymous_user($session);
diff -Naur drupal-5.17/includes/tablesort.inc drupal-5.23/includes/tablesort.inc
--- drupal-5.17/includes/tablesort.inc	2007-06-17 00:29:25.000000000 +0200
+++ drupal-5.23/includes/tablesort.inc	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: tablesort.inc,v 1.43.2.1 2007/06/16 22:29:25 drumm Exp $
+// $Id: tablesort.inc,v 1.43.2.2 2009/07/01 20:52:11 drumm Exp $
 
 /**
  * @file
@@ -131,7 +131,7 @@
  *   except for those pertaining to table sorting.
  */
 function tablesort_get_querystring() {
-  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order'), array_keys($_COOKIE)));
+  return drupal_query_string_encode($_REQUEST, array_merge(array('q', 'sort', 'order', 'pass'), array_keys($_COOKIE)));
 }
 
 /**
diff -Naur drupal-5.17/includes/theme.inc drupal-5.23/includes/theme.inc
--- drupal-5.17/includes/theme.inc	2009-04-30 02:13:48.000000000 +0200
+++ drupal-5.23/includes/theme.inc	2009-05-13 21:41:56.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: theme.inc,v 1.337.2.8 2009/04/30 00:13:48 drumm Exp $
+// $Id: theme.inc,v 1.337.2.9 2009/05/13 19:41:56 drumm Exp $
 
 /**
  * @file
@@ -170,7 +170,7 @@
   if ($functions[$function]) {
     $output = call_user_func_array($functions[$function], $args);
     // Add final markup to the full page.
-    if ($function == 'page') {
+    if ($function == 'page' || $function == 'book_export_html') {
       $output = drupal_final_markup($output);
     }
     return $output;
diff -Naur drupal-5.17/modules/aggregator/aggregator.info drupal-5.23/modules/aggregator/aggregator.info
--- drupal-5.17/modules/aggregator/aggregator.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/aggregator/aggregator.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/block/block.info drupal-5.23/modules/block/block.info
--- drupal-5.17/modules/block/block.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/block/block.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/blog/blog.info drupal-5.23/modules/blog/blog.info
--- drupal-5.17/modules/blog/blog.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/blog/blog.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/blogapi/blogapi.info drupal-5.23/modules/blogapi/blogapi.info
--- drupal-5.17/modules/blogapi/blogapi.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/blogapi/blogapi.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/book/book.info drupal-5.23/modules/book/book.info
--- drupal-5.17/modules/book/book.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/book/book.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/book/book.module drupal-5.23/modules/book/book.module
--- drupal-5.17/modules/book/book.module	2007-02-14 05:30:33.000000000 +0100
+++ drupal-5.23/modules/book/book.module	2009-05-13 21:41:56.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: book.module,v 1.406.2.1 2007/02/14 04:30:33 drumm Exp $
+// $Id: book.module,v 1.406.2.2 2009/05/13 19:41:56 drumm Exp $
 
 /**
  * @file
@@ -702,8 +702,9 @@
   global $base_url;
   $html = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
   $html .= '<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">';
-  $html .= "<head>\n<title>". $title ."</title>\n";
+  $html .= "\n<head>\n";
   $html .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
+  $html .= "\n<title>". $title ."</title>\n";
   $html .= '<base href="'. $base_url .'/" />' . "\n";
   $html .= "<style type=\"text/css\">\n@import url(misc/print.css);\n</style>\n";
   $html .= "</head>\n<body>\n". $content ."\n</body>\n</html>\n";
diff -Naur drupal-5.17/modules/color/color.info drupal-5.23/modules/color/color.info
--- drupal-5.17/modules/color/color.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/color/color.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/comment/comment.info drupal-5.23/modules/comment/comment.info
--- drupal-5.17/modules/comment/comment.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/comment/comment.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/comment/comment.module drupal-5.23/modules/comment/comment.module
--- drupal-5.17/modules/comment/comment.module	2009-04-29 20:32:15.000000000 +0200
+++ drupal-5.23/modules/comment/comment.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment.module,v 1.520.2.14 2009/04/29 18:32:15 drumm Exp $
+// $Id: comment.module,v 1.520.2.15 2010/08/11 20:37:49 drumm Exp $
 
 /**
  * @file
@@ -575,7 +575,7 @@
   global $user;
 
   if ($op == 'edit') {
-    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0) || user_access('administer comments');
+    return ($user->uid && $user->uid == $comment->uid && comment_num_replies($comment->cid) == 0 && $comment->status == COMMENT_PUBLISHED) || user_access('administer comments');
   }
 }
 
diff -Naur drupal-5.17/modules/contact/contact.info drupal-5.23/modules/contact/contact.info
--- drupal-5.17/modules/contact/contact.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/contact/contact.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/contact/contact.module drupal-5.23/modules/contact/contact.module
--- drupal-5.17/modules/contact/contact.module	2008-09-15 08:19:06.000000000 +0200
+++ drupal-5.23/modules/contact/contact.module	2009-12-16 21:46:31.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: contact.module,v 1.74.2.2 2008/09/15 06:19:06 drumm Exp $
+// $Id: contact.module,v 1.74.2.3 2009/12/16 20:46:31 drumm Exp $
 
 /**
  * @file
@@ -145,7 +145,7 @@
   $result = db_query('SELECT cid, category, recipients, selected FROM {contact} ORDER BY weight, category');
   $rows = array();
   while ($category = db_fetch_object($result)) {
-    $rows[] = array($category->category, $category->recipients, ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
+    $rows[] = array(check_plain($category->category), check_plain($category->recipients), ($category->selected ? t('Yes') : t('No')), l(t('edit'), 'admin/build/contact/edit/'. $category->cid), l(t('delete'), 'admin/build/contact/delete/'. $category->cid));
   }
   $header = array(t('Category'), t('Recipients'), t('Selected'), array('data' => t('Operations'), 'colspan' => 2));
 
@@ -549,4 +549,3 @@
   // Jump to home page rather than back to contact page to avoid contradictory messages if flood control has been activated.
   return '';
 }
-
diff -Naur drupal-5.17/modules/drupal/drupal.info drupal-5.23/modules/drupal/drupal.info
--- drupal-5.17/modules/drupal/drupal.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/drupal/drupal.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/filter/filter.info drupal-5.23/modules/filter/filter.info
--- drupal-5.17/modules/filter/filter.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/filter/filter.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/filter/filter.module drupal-5.23/modules/filter/filter.module
--- drupal-5.17/modules/filter/filter.module	2009-01-28 23:45:42.000000000 +0100
+++ drupal-5.23/modules/filter/filter.module	2009-06-03 19:52:13.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: filter.module,v 1.160.2.13 2009/01/28 22:45:42 drumm Exp $
+// $Id: filter.module,v 1.160.2.14 2009/06/03 17:52:13 drumm Exp $
 
 /**
  * @file
@@ -1187,7 +1187,7 @@
  */
 function _filter_autop($text) {
   // All block level tags
-  $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6])';
+  $block = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|p|h[1-6]|hr)';
 
   // Split at <pre>, <script>, <style> and </pre>, </script>, </style> tags.
   // We don't apply any processing to the contents of these tags to avoid messing
diff -Naur drupal-5.17/modules/forum/forum.info drupal-5.23/modules/forum/forum.info
--- drupal-5.17/modules/forum/forum.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/forum/forum.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/forum/forum.module drupal-5.23/modules/forum/forum.module
--- drupal-5.17/modules/forum/forum.module	2009-04-29 20:53:38.000000000 +0200
+++ drupal-5.23/modules/forum/forum.module	2009-07-01 22:52:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: forum.module,v 1.375.2.8 2009/04/29 18:53:38 drumm Exp $
+// $Id: forum.module,v 1.375.2.9 2009/07/01 20:52:11 drumm Exp $
 
 /**
  * @file
@@ -833,6 +833,11 @@
  * Menu callback; prints a forum listing.
  */
 function forum_page($tid = 0) {
+  if (!is_numeric($tid)) {
+    return MENU_NOT_FOUND;
+  }
+  $tid = (int)$tid;
+
   drupal_add_css(drupal_get_path('module', 'forum') .'/forum.css');
   $forum_per_page = variable_get('forum_per_page', 25);
   $sortby = variable_get('forum_order', 1);
diff -Naur drupal-5.17/modules/help/help.info drupal-5.23/modules/help/help.info
--- drupal-5.17/modules/help/help.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/help/help.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/legacy/legacy.info drupal-5.23/modules/legacy/legacy.info
--- drupal-5.17/modules/legacy/legacy.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/legacy/legacy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/locale/locale.info drupal-5.23/modules/locale/locale.info
--- drupal-5.17/modules/locale/locale.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/locale/locale.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/locale/locale.install drupal-5.23/modules/locale/locale.install
--- drupal-5.17/modules/locale/locale.install	2006-11-14 07:20:40.000000000 +0100
+++ drupal-5.23/modules/locale/locale.install	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.install,v 1.7 2006/11/14 06:20:40 drumm Exp $
+// $Id: locale.install,v 1.7.2.1 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * Implementation of hook_install().
@@ -85,3 +85,23 @@
   db_query('DROP TABLE {locales_source}');
   db_query('DROP TABLE {locales_target}');
 }
+
+/**
+ * Neutralize unsafe language names in the database.
+ */
+function locale_update_1() {
+  $ret = array();
+  $matches = db_result(db_query("SELECT 1 FROM {locales_meta} WHERE name LIKE '%<%' OR name LIKE '%>%'"));
+  if ($matches) {
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '<', '')");
+    $ret[] = update_sql("UPDATE {locales_meta} SET name = REPLACE(name, '>', '')");
+    drupal_set_message('The language name in English of all the existing custom languages of your site have been sanitized for security purposes. Visit the <a href="'. url('admin/settings/language') .'">Languages</a> page to check these and fix them if necessary.', 'warning');
+  }
+  // Check if some langcode values contain potentially dangerous characters and
+  // warn the user if so. These are not fixed since they are referenced in other
+  // tables (e.g. {node}).
+  if (db_result(db_query("SELECT 1 FROM {locales_meta} WHERE locale LIKE '%<%' OR locale LIKE '%>%' OR locale LIKE '%\"%' OR locale LIKE '%\\\\\%'"))) {
+    drupal_set_message('Some of your custom language code values contain invalid characters. You should examine the <a href="'. url('admin/settings/language') .'">Languages</a> page. These must be fixed manually.', 'error');
+  }
+  return $ret;
+}
diff -Naur drupal-5.17/modules/locale/locale.module drupal-5.23/modules/locale/locale.module
--- drupal-5.17/modules/locale/locale.module	2008-07-09 23:48:42.000000000 +0200
+++ drupal-5.23/modules/locale/locale.module	2010-03-04 01:16:02.000000000 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.module,v 1.155.2.1 2008/07/09 21:48:42 drumm Exp $
+// $Id: locale.module,v 1.155.2.2 2010/03/04 00:16:02 drumm Exp $
 
 /**
  * @file
@@ -137,15 +137,17 @@
     if ($user->language == '') {
       $user->language = key($languages['name']);
     }
-    $languages['name'] = array_map('check_plain', array_map('t', $languages['name']));
+    foreach (array_map('t', $languages['name']) as $key => $value) {
+      $languages_name[check_plain($key)] = check_plain($value);
+    }
     $form['locale'] = array('#type' => 'fieldset',
       '#title' => t('Interface language settings'),
       '#weight' => 1,
     );
     $form['locale']['language'] = array('#type' => 'radios',
       '#title' => t('Language'),
-      '#default_value' => $user->language,
-      '#options' => $languages['name'],
+      '#default_value' => check_plain($user->language),
+      '#options' => $languages_name,
       '#description' => t('Selecting a different locale will change the interface language of the site.'),
     );
     return $form;
diff -Naur drupal-5.17/modules/menu/menu.info drupal-5.23/modules/menu/menu.info
--- drupal-5.17/modules/menu/menu.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/menu/menu.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/node/node.info drupal-5.23/modules/node/node.info
--- drupal-5.17/modules/node/node.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/node/node.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/path/path.info drupal-5.23/modules/path/path.info
--- drupal-5.17/modules/path/path.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/path/path.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/ping/ping.info drupal-5.23/modules/ping/ping.info
--- drupal-5.17/modules/ping/ping.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/ping/ping.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/poll/poll.info drupal-5.23/modules/poll/poll.info
--- drupal-5.17/modules/poll/poll.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/poll/poll.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/profile/profile.info drupal-5.23/modules/profile/profile.info
--- drupal-5.17/modules/profile/profile.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/profile/profile.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/search/search.info drupal-5.23/modules/search/search.info
--- drupal-5.17/modules/search/search.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/search/search.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/search/search.module drupal-5.23/modules/search/search.module
--- drupal-5.17/modules/search/search.module	2008-05-14 08:35:29.000000000 +0200
+++ drupal-5.23/modules/search/search.module	2009-09-16 06:27:01.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: search.module,v 1.209.2.6 2008/05/14 06:35:29 drumm Exp $
+// $Id: search.module,v 1.209.2.7 2009/09/16 04:27:01 drumm Exp $
 
 /**
  * @file
@@ -1052,6 +1052,17 @@
  * Process a block search form submission.
  */
 function search_box_form_submit($form_id, $form_values) {
+  // The search form relies on control of the redirect destination for its
+  // functionality, so we override any static destination set in the request,
+  // for example by drupal_access_denied() or drupal_not_found()
+  // (see http://drupal.org/node/292565).
+  if (isset($_REQUEST['destination'])) {
+    unset($_REQUEST['destination']);
+  }
+  if (isset($_REQUEST['edit']['destination'])) {
+    unset($_REQUEST['edit']['destination']);
+  }
+
   return 'search/node/'. trim($form_values[$form_id .'_keys']);
 }
 
diff -Naur drupal-5.17/modules/statistics/statistics.info drupal-5.23/modules/statistics/statistics.info
--- drupal-5.17/modules/statistics/statistics.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/statistics/statistics.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/system/system.info drupal-5.23/modules/system/system.info
--- drupal-5.17/modules/system/system.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/system/system.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/system/system.module drupal-5.23/modules/system/system.module
--- drupal-5.17/modules/system/system.module	2009-04-30 02:13:48.000000000 +0200
+++ drupal-5.23/modules/system/system.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,12 +1,12 @@
 <?php
-// $Id: system.module,v 1.440.2.51 2009/04/30 00:13:48 drumm Exp $
+// $Id: system.module,v 1.440.2.63 2010/08/11 20:37:49 drumm Exp $
 
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.17');
+define('VERSION', '5.23');
 
 /**
  * Implementation of hook_help().
@@ -526,7 +526,7 @@
 
 function _system_zonelist() {
   $timestamp = time();
-  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4, -3.5, -3, -2.5, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
+  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4.5, -4, -3.5, -3, -2.5, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
   $zones = array();
   foreach ($zonelist as $offset) {
     $zone = $offset * 3600;
@@ -2371,7 +2371,7 @@
     }
   }
 
-  $output = '<div class="admin">';
+  $output = '<div class="admin clear-block">';
   foreach ($container as $id => $data) {
     $output .= '<div class="'. $id .' clear-block">';
     $output .= $data;
diff -Naur drupal-5.17/modules/taxonomy/taxonomy.info drupal-5.23/modules/taxonomy/taxonomy.info
--- drupal-5.17/modules/taxonomy/taxonomy.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/taxonomy/taxonomy.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/taxonomy/taxonomy.module drupal-5.23/modules/taxonomy/taxonomy.module
--- drupal-5.17/modules/taxonomy/taxonomy.module	2009-02-23 06:42:20.000000000 +0100
+++ drupal-5.23/modules/taxonomy/taxonomy.module	2009-07-10 07:47:16.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: taxonomy.module,v 1.330.2.18 2009/02/23 05:42:20 drumm Exp $
+// $Id: taxonomy.module,v 1.330.2.21 2009/07/10 05:47:16 drumm Exp $
 
 /**
  * @file
@@ -57,7 +57,6 @@
  * @return
  *   An internal Drupal path.
  */
-
 function taxonomy_term_path($term) {
   $vocabulary = taxonomy_get_vocabulary($term->vid);
   if ($vocabulary->module != 'taxonomy' && $path = module_invoke($vocabulary->module, 'term_path', $term)) {
@@ -621,7 +620,7 @@
  */
 function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
   $vocabulary = taxonomy_get_vocabulary($vid);
-  $help = ($help) ? $help : $vocabulary->help;
+  $help = ($help) ? $help : filter_xss_admin($vocabulary->help);
 
   if (!$vocabulary->multiple) {
     $blank = ($vocabulary->required) ? t('- Please choose -') : t('- None selected -');
@@ -718,7 +717,7 @@
         $typed_string = implode(', ', $typed_terms) . (array_key_exists('tags', $terms) ? $terms['tags'][$vocabulary->vid] : NULL);
 
         if ($vocabulary->help) {
-          $help = $vocabulary->help;
+          $help = filter_xss_admin($vocabulary->help);
         }
         else {
           $help = t('A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".');
@@ -741,7 +740,7 @@
             $default_terms[$term->tid] = $term;
           }
         }
-        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), $vocabulary->help);
+        $form['taxonomy'][$vocabulary->vid] = taxonomy_form($vocabulary->vid, array_keys($default_terms), filter_xss_admin($vocabulary->help));
         $form['taxonomy'][$vocabulary->vid]['#weight'] = $vocabulary->weight;
         $form['taxonomy'][$vocabulary->vid]['#required'] = $vocabulary->required;
       }
@@ -1178,6 +1177,35 @@
   return $terms[$tid];
 }
 
+/**
+ * Create a select form element for a given taxonomy vocabulary.
+ *
+ * NOTE: This function expects input that has already been sanitized and is
+ * safe for display. Callers must properly sanitize the $title and
+ * $description arguments to prevent XSS vulnerabilities.
+ *
+ * @param $title
+ *   The title of the vocabulary. This MUST be sanitized by the caller.
+ * @param $name
+ *   Ignored.
+ * @param $value
+ *   The currently selected terms from this vocabulary, if any.
+ * @param $vocabulary_id
+ *   The vocabulary ID to build the form element for.
+ * @param $description
+ *   Help text for the form element. This MUST be sanitized by the caller.
+ * @param $multiple
+ *   Boolean to control if the form should use a single or multiple select.
+ * @param $blank
+ *   Optional form choice to use when no value has been selected.
+ * @param $exclude
+ *   Optional array of term ids to exclude in the selector.
+ * @return
+ *   A FAPI form array to select terms from the given vocabulary.
+ *
+ * @see taxonomy_form()
+ * @see taxonomy_form_term()
+ */
 function _taxonomy_term_select($title, $name, $value, $vocabulary_id, $description, $multiple, $blank, $exclude = array()) {
   $tree = taxonomy_get_tree($vocabulary_id);
   $options = array();
diff -Naur drupal-5.17/modules/throttle/throttle.info drupal-5.23/modules/throttle/throttle.info
--- drupal-5.17/modules/throttle/throttle.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/throttle/throttle.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/tracker/tracker.info drupal-5.23/modules/tracker/tracker.info
--- drupal-5.17/modules/tracker/tracker.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/tracker/tracker.info	2010-08-11 22:46:30.000000000 +0200
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/upload/upload.info drupal-5.23/modules/upload/upload.info
--- drupal-5.17/modules/upload/upload.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/upload/upload.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/upload/upload.module drupal-5.23/modules/upload/upload.module
--- drupal-5.17/modules/upload/upload.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/upload/upload.module	2010-08-11 22:37:49.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: upload.module,v 1.148.2.5 2008/10/08 20:10:26 drumm Exp $
+// $Id: upload.module,v 1.148.2.6 2010/08/11 20:37:49 drumm Exp $
 
 /**
  * @file
@@ -259,9 +259,15 @@
 }
 
 function upload_file_download($file) {
-  $file = file_create_path($file);
-  $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $file);
-  if ($file = db_fetch_object($result)) {
+  $filepath = file_create_path($file);
+  $result = db_query("SELECT f.* FROM {files} f WHERE filepath = '%s'", $filepath);
+  while ($file = db_fetch_object($result)) {
+    if ($filepath !== $file->filepath) {
+      // Since some database servers sometimes use a case-insensitive
+      // comparison by default, double check that the filename is an exact
+      // match.
+      continue;
+    }
     if (user_access('view uploaded files')) {
       $node = node_load($file->nid);
       if (node_access('view', $node)) {
@@ -271,13 +277,8 @@
           'Content-Length: '. $file->filesize,
         );
       }
-      else {
-        return -1;
-      }
-    }
-    else {
-      return -1;
     }
+    return -1;
   }
 }
 
diff -Naur drupal-5.17/modules/user/user.info drupal-5.23/modules/user/user.info
--- drupal-5.17/modules/user/user.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/user/user.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/modules/user/user.module drupal-5.23/modules/user/user.module
--- drupal-5.17/modules/user/user.module	2008-10-08 22:10:26.000000000 +0200
+++ drupal-5.23/modules/user/user.module	2009-09-16 21:33:40.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: user.module,v 1.745.2.35 2008/10/08 20:10:26 drumm Exp $
+// $Id: user.module,v 1.745.2.36 2009/09/16 19:33:40 drumm Exp $
 
 /**
  * @file
@@ -1149,6 +1149,8 @@
           $user = $account;
           // And proceed with normal login, going to user page.
           $edit = array();
+          // Regenerate the session ID to prevent against session fixation attacks.
+          sess_regenerate();
           user_module_invoke('login', $edit, $user);
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
           drupal_goto('user/'. $user->uid .'/edit');
diff -Naur drupal-5.17/modules/watchdog/watchdog.info drupal-5.23/modules/watchdog/watchdog.info
--- drupal-5.17/modules/watchdog/watchdog.info	2009-04-30 02:20:30.000000000 +0200
+++ drupal-5.23/modules/watchdog/watchdog.info	2010-08-11 22:46:30.000000000 +0200
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-04-30
-version = "5.17"
+; Information added by drupal.org packaging script on 2010-08-11
+version = "5.23"
 project = "drupal"
-datestamp = "1241050830"
+datestamp = "1281559590"
 
diff -Naur drupal-5.17/sites/default/settings.php drupal-5.23/sites/default/settings.php
--- drupal-5.17/sites/default/settings.php	2007-07-09 06:28:12.000000000 +0200
+++ drupal-5.23/sites/default/settings.php	2009-06-16 20:29:52.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: settings.php,v 1.39.2.3 2007/07/09 04:28:12 drumm Exp $
+// $Id: settings.php,v 1.39.2.4 2009/06/16 18:29:52 drumm Exp $
 
 /**
  * @file
@@ -132,6 +132,7 @@
 ini_set('session.cookie_lifetime',  2000000);
 ini_set('session.gc_maxlifetime',   200000);
 ini_set('session.save_handler',     'user');
+ini_set('session.use_cookies',      1);
 ini_set('session.use_only_cookies', 1);
 ini_set('session.use_trans_sid',    0);
 ini_set('url_rewriter.tags',        '');
diff -Naur drupal-5.17/themes/engines/phptemplate/phptemplate.engine drupal-5.23/themes/engines/phptemplate/phptemplate.engine
--- drupal-5.17/themes/engines/phptemplate/phptemplate.engine	2009-04-29 19:49:52.000000000 +0200
+++ drupal-5.23/themes/engines/phptemplate/phptemplate.engine	2009-05-13 18:36:22.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-// $Id: phptemplate.engine,v 1.54.2.6 2009/04/29 17:49:52 drumm Exp $
+// $Id: phptemplate.engine,v 1.54.2.9 2009/05/13 16:36:22 drumm Exp $
 
 /**
  * @file
@@ -372,19 +372,17 @@
  * @param $variables
  *   A sequential array of variables passed to the theme function.
  * @param $suggestions
- *   An array of suggested template files to use.
+ *   An array of suggested template files to use. This may include a path when
+ *   the suggested template is contained within a sub-directory of the theme.
+ *   They are set from _phptemplate_variables() or the theming hook invoking
+ *   _phptemplate_callback().
  */
 function _phptemplate_default($hook, $variables, $suggestions = array(), $extension = '.tpl.php') {
   global $theme_engine;
 
-  // Remove slashes or null to prevent files from being included from
-  // an unexpected location (especially on Windows servers).
-  $extension = str_replace(array("/", "\\", "\0"), '', $extension);
-
   // Loop through any suggestions in FIFO order.
   $suggestions = array_reverse($suggestions);
   foreach ($suggestions as $suggestion) {
-    $suggestion = str_replace(array("/", "\\", "\0"), '', $suggestion);
     if (!empty($suggestion) && file_exists(path_to_theme() .'/'. $suggestion . $extension)) {
       $file = path_to_theme() .'/'. $suggestion . $extension;
       break;
@@ -420,5 +418,3 @@
   ob_end_clean();                  // End buffering and discard
   return $contents;                // Return the contents
 }
-
-?>
diff -Naur drupal-5.17/themes/garland/style.css drupal-5.23/themes/garland/style.css
--- drupal-5.17/themes/garland/style.css	2007-07-09 05:50:59.000000000 +0200
+++ drupal-5.23/themes/garland/style.css	2009-09-16 06:38:12.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: style.css,v 1.14.2.4 2007/07/09 03:50:59 drumm Exp $ */
+/* $Id: style.css,v 1.14.2.5 2009/09/16 04:38:12 drumm Exp $ */
 
 /**
  * Garland, for Drupal 5.0
@@ -606,6 +606,7 @@
   text-decoration: none;
   position: relative;
   top: -1px;
+  display: inline-block;
 }
 ul.primary li.active a, ul.primary li.active a:link, ul.primary li.active a:visited, ul.primary li a:hover,
 ul.secondary li.active a, ul.secondary li.active a:link, ul.secondary li.active a:visited, ul.secondary li a:hover {