[Pkg-drupal-commits] r1974 - in /branches/upstream/current-5: ./ includes/ modules/aggregator/ modules/block/ modules/blog/ modules/blogapi/ modules/book/ modules/color/ modules/comment/ modules/contact/ modules/drupal/ modules/filter/ modules/forum/ modules/help/ modules/legacy/ modules/locale/ modules/menu/ modules/node/ modules/path/ modules/ping/ modules/poll/ modules/profile/ modules/search/ modules/statistics/ modules/system/ modules/taxonomy/ modules/throttle/ modules/tracker/ modules/upload/ modules/user/ modules/watchdog/

luigi at users.alioth.debian.org luigi at users.alioth.debian.org
Thu Jan 8 19:28:57 UTC 2009 

Author: luigi
Date: Thu Jan  8 19:28:57 2009
New Revision: 1974

URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=1974
Log:
[svn-upgrade] Integrating new upstream version, drupal5 (5.14)

Modified:
    branches/upstream/current-5/.htaccess
    branches/upstream/current-5/CHANGELOG.txt
    branches/upstream/current-5/includes/bootstrap.inc
    branches/upstream/current-5/includes/session.inc
    branches/upstream/current-5/includes/theme.inc
    branches/upstream/current-5/modules/aggregator/aggregator.info
    branches/upstream/current-5/modules/block/block.info
    branches/upstream/current-5/modules/blog/blog.info
    branches/upstream/current-5/modules/blogapi/blogapi.info
    branches/upstream/current-5/modules/book/book.info
    branches/upstream/current-5/modules/color/color.info
    branches/upstream/current-5/modules/comment/comment.info
    branches/upstream/current-5/modules/comment/comment.module
    branches/upstream/current-5/modules/contact/contact.info
    branches/upstream/current-5/modules/drupal/drupal.info
    branches/upstream/current-5/modules/filter/filter.info
    branches/upstream/current-5/modules/filter/filter.module
    branches/upstream/current-5/modules/forum/forum.info
    branches/upstream/current-5/modules/help/help.info
    branches/upstream/current-5/modules/legacy/legacy.info
    branches/upstream/current-5/modules/locale/locale.info
    branches/upstream/current-5/modules/menu/menu.info
    branches/upstream/current-5/modules/menu/menu.module
    branches/upstream/current-5/modules/node/node.info
    branches/upstream/current-5/modules/path/path.info
    branches/upstream/current-5/modules/ping/ping.info
    branches/upstream/current-5/modules/poll/poll.info
    branches/upstream/current-5/modules/profile/profile.info
    branches/upstream/current-5/modules/profile/profile.module
    branches/upstream/current-5/modules/search/search.info
    branches/upstream/current-5/modules/statistics/statistics.info
    branches/upstream/current-5/modules/system/system.info
    branches/upstream/current-5/modules/system/system.module
    branches/upstream/current-5/modules/taxonomy/taxonomy.info
    branches/upstream/current-5/modules/throttle/throttle.info
    branches/upstream/current-5/modules/tracker/tracker.info
    branches/upstream/current-5/modules/upload/upload.info
    branches/upstream/current-5/modules/user/user.info
    branches/upstream/current-5/modules/watchdog/watchdog.info
    branches/upstream/current-5/robots.txt
    branches/upstream/current-5/update.php

Modified: branches/upstream/current-5/.htaccess
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/.htaccess?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/.htaccess (original)
+++ branches/upstream/current-5/.htaccess Thu Jan  8 19:28:57 2009
@@ -3,7 +3,7 @@
 #
 
 # Protect files and directories from prying eyes.
-<FilesMatch "\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$">
+<FilesMatch "\.(engine|inc|info|install|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
   Order allow,deny
 </FilesMatch>
 
@@ -110,4 +110,4 @@
   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
 </IfModule>
 
-# $Id: .htaccess,v 1.81.2.4 2008/01/22 09:01:39 drumm Exp $
+# $Id: .htaccess,v 1.81.2.5 2008/12/10 20:12:26 drumm Exp $

Modified: branches/upstream/current-5/CHANGELOG.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/CHANGELOG.txt?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/CHANGELOG.txt (original)
+++ branches/upstream/current-5/CHANGELOG.txt Thu Jan  8 19:28:57 2009
@@ -1,9 +1,18 @@
-// $Id: CHANGELOG.txt,v 1.173.2.29 2008/10/22 19:25:27 drumm Exp $
+// $Id: CHANGELOG.txt,v 1.173.2.33 2008/12/11 17:37:27 drumm Exp $
+
+Drupal 5.14, 2008-12-11
+-----------------------
+- removed a previous change incompatible with PHP 5.1.x and lower.
+
+Drupal 5.13, 2008-12-10
+-----------------------
+- fixed a variety of small bugs.
+- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073
+- updated robots.txt and .htaccess to match current file use.
 
 Drupal 5.12, 2008-10-22
 -----------------------
 - fixed security issues, (File inclusion), see SA-2008-067
-
 
 Drupal 5.11, 2008-10-08
 -----------------------

Modified: branches/upstream/current-5/includes/bootstrap.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/bootstrap.inc?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/includes/bootstrap.inc (original)
+++ branches/upstream/current-5/includes/bootstrap.inc Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: bootstrap.inc,v 1.145.2.10 2008/10/22 19:25:28 drumm Exp $
+// $Id: bootstrap.inc,v 1.145.2.12 2008/12/10 18:16:03 drumm Exp $
 
 /**
  * @file
@@ -201,11 +201,6 @@
 
   $confdir = 'sites';
   $uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
-  if (strpos($_SERVER['HTTP_HOST'], '/') !== FALSE) {
-    // A HTTP_HOST containing slashes may be an attack and is invalid.
-    header('HTTP/1.1 400 Bad Request');
-    exit;
-  }
   $server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
   for ($i = count($uri) - 1; $i > 0; $i--) {
     for ($j = count($server); $j > 0; $j--) {
@@ -235,6 +230,21 @@
 }
 
 /**
+ * Validate that $_SERVER['HTTP_HOST'] is safe.
+ *
+ * As $_SERVER['HTTP_HOST'] is user input, ensure it only contains characters
+ * allowed in hostnames.  See RFC 952 (and RFC 2181). $_SERVER['HTTP_HOST'] is
+ * lowercased.
+ *
+ * @return
+ *  TRUE if only containing valid characters, or FALSE otherwise.
+ */
+function drupal_valid_http_host() {
+  $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
+  return preg_match('/^\[?(?:[a-z0-9-:\]_]+\.?)+$/', $_SERVER['HTTP_HOST']);
+}
+
+/**
  * Loads the configuration and sets the base URL, cookie domain, and
  * session name correctly.
  */
@@ -244,6 +254,12 @@
   // Export the following settings.php variables to the global namespace
   global $db_url, $db_prefix, $cookie_domain, $conf, $installed_profile;
   $conf = array();
+
+  if (!drupal_valid_http_host()) {
+    // HTTP_HOST is invalid, e.g. if containing slashes it may be an attack.
+    header('HTTP/1.1 400 Bad Request');
+    exit;
+  }
 
   include_once './'. conf_path() .'/settings.php';
 
@@ -261,9 +277,7 @@
     // Create base URL
     $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
 
-    // As $_SERVER['HTTP_HOST'] is user input, ensure it only contains
-    // characters allowed in hostnames.
-    $base_url = $base_root .= '://'. preg_replace('/[^a-z0-9-:._]/i', '', $_SERVER['HTTP_HOST']);
+    $base_url = $base_root .= '://'. $_SERVER['HTTP_HOST'];
 
     // $_SERVER['SCRIPT_NAME'] can, in contrast to $_SERVER['PHP_SELF'], not
     // be modified by a visitor.
@@ -572,7 +586,7 @@
     header('HTTP/1.1 304 Not Modified');
     // All 304 responses must send an etag if the 200 response for the same object contained an etag
     header("Etag: $etag");
-    exit();
+    return;
   }
 
   // Send appropriate response:

Modified: branches/upstream/current-5/includes/session.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/session.inc?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/includes/session.inc (original)
+++ branches/upstream/current-5/includes/session.inc Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: session.inc,v 1.37.2.2 2007/07/26 19:16:45 drumm Exp $
+// $Id: session.inc,v 1.37.2.7 2008/12/11 00:23:01 drumm Exp $
 
 /**
  * @file
@@ -45,7 +45,7 @@
     }
   }
   // We didn't find the client's record (session has expired), or they are an anonymous user.
-  else  {
+  else {
     $session = isset($user->session) ? $user->session : '';
     $user = drupal_anonymous_user($session);
   }
@@ -57,29 +57,25 @@
   global $user;
 
   // If saving of session data is disabled or if the client doesn't have a session,
-  // and one isn't being created ($value), do nothing.
-  if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) {
+  // and one isn't being created ($value), do nothing. This keeps crawlers out of
+  // the session table. This reduces memory and server load, and gives more useful
+  // statistics. We can't eliminate anonymous session table rows without breaking
+  // the throttle module and the "Who's Online" block.
+  if (!session_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) {
     return TRUE;
   }
 
-  $result = db_query("SELECT sid FROM {sessions} WHERE sid = '%s'", $key);
-
-  if (!db_num_rows($result)) {
-    // Only save session data when when the browser sends a cookie. This keeps
-    // crawlers out of session table. This reduces memory and server load,
-    // and gives more useful statistics. We can't eliminate anonymous session
-    // table rows without breaking throttle module and "Who's Online" block.
-    if ($user->uid || $value || count($_COOKIE)) {
-      db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time());
-    }
-  }
-  else {
-    db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, $user->cache, $_SERVER["REMOTE_ADDR"], $value, time(), $key);
-
+  db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', $_SERVER["REMOTE_ADDR"], $value, time(), $key);
+  if (db_affected_rows()) {
     // TODO: this can be an expensive query. Perhaps only execute it every x minutes. Requires investigation into cache expiration.
     if ($user->uid) {
       db_query("UPDATE {users} SET access = %d WHERE uid = %d", time(), $user->uid);
     }
+  }
+  else {
+    // If this query fails, another parallel request probably got here first.
+    // In that case, any session data generated in this request is discarded.
+    @db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', $_SERVER["REMOTE_ADDR"], $value, time());
   }
 
   return TRUE;
@@ -163,8 +159,8 @@
  *
  * @param $status
  *   Disables writing of session data when FALSE, (re-)enables writing when TRUE.
- *
- * @return FALSE if writing session data has been disabled. Otherwise, TRUE.
+ * @return
+ *   FALSE if writing session data has been disabled. Otherwise, TRUE.
  */
 function session_save_session($status = NULL) {
   static $save_session = TRUE;

Modified: branches/upstream/current-5/includes/theme.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/theme.inc?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/includes/theme.inc (original)
+++ branches/upstream/current-5/includes/theme.inc Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: theme.inc,v 1.337.2.6 2008/10/01 22:48:47 drumm Exp $
+// $Id: theme.inc,v 1.337.2.7 2008/12/05 22:32:50 dries Exp $
 
 /**
  * @file
@@ -923,10 +923,10 @@
  *   All other elements are treated as attributes of the list item element.
  * @param $title
  *   The title of the list.
+ * @param $type
+ *   The type of list to return (e.g. "ul", "ol")
  * @param $attributes
  *   The attributes applied to the list element.
- * @param $type
- *   The type of list to return (e.g. "ul", "ol")
  * @return
  *   A string containing the list output.
  */

Modified: branches/upstream/current-5/modules/aggregator/aggregator.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/aggregator/aggregator.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/aggregator/aggregator.info (original)
+++ branches/upstream/current-5/modules/aggregator/aggregator.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/block/block.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/block/block.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/block/block.info (original)
+++ branches/upstream/current-5/modules/block/block.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/blog/blog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/blog/blog.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/blog/blog.info (original)
+++ branches/upstream/current-5/modules/blog/blog.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/blogapi/blogapi.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/blogapi/blogapi.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/blogapi/blogapi.info (original)
+++ branches/upstream/current-5/modules/blogapi/blogapi.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/book/book.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/book/book.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/book/book.info (original)
+++ branches/upstream/current-5/modules/book/book.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/color/color.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/color/color.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/color/color.info (original)
+++ branches/upstream/current-5/modules/color/color.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/comment/comment.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/comment/comment.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/comment/comment.info (original)
+++ branches/upstream/current-5/modules/comment/comment.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/comment/comment.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/comment/comment.module?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/comment/comment.module (original)
+++ branches/upstream/current-5/modules/comment/comment.module Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment.module,v 1.520.2.12 2007/11/07 08:03:30 drumm Exp $
+// $Id: comment.module,v 1.520.2.13 2008/12/03 17:55:49 drumm Exp $
 
 /**
  * @file
@@ -1809,23 +1809,33 @@
 
 function theme_comment_post_forbidden($nid) {
   global $user;
-  if ($user->uid) {
-    return t("you can't post comments");
-  }
-  else {
-    // we cannot use drupal_get_destination() because these links sometimes appear on /node and taxo listing pages
-    if (variable_get('comment_form_location', COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
-      $destination = "destination=". drupal_urlencode("comment/reply/$nid#comment-form");
-    }
-    else {
-      $destination = "destination=". drupal_urlencode("node/$nid#comment-form");
-    }
-
-    if (variable_get('user_register', 1)) {
-      return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', $destination), '@register' => url('user/register', $destination)));
-    }
-    else {
-      return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', $destination)));
+  static $authenticated_post_comments;
+
+  if (!$user->uid) {
+    if (!isset($authenticated_post_comments)) {
+      // We only output any link if we are certain, that users get permission
+      // to post comments by logging in. We also locally cache this information.
+      $authenticated_post_comments = array_key_exists(DRUPAL_AUTHENTICATED_RID, user_roles(TRUE, 'post comments') + user_roles(TRUE, 'post comments without approval'));
+    }
+
+    if ($authenticated_post_comments) {
+      // We cannot use drupal_get_destination() because these links
+      // sometimes appear on /node and taxonomy listing pages.
+      if (variable_get('comment_form_location', COMMENT_FORM_SEPARATE_PAGE) == COMMENT_FORM_SEPARATE_PAGE) {
+        $destination = 'destination='. drupal_urlencode("comment/reply/$nid#comment-form");
+      }
+      else {
+        $destination = 'destination='. drupal_urlencode("node/$nid#comment-form");
+      }
+
+      if (variable_get('user_register', 1)) {
+        // Users can register themselves.
+        return t('<a href="@login">Login</a> or <a href="@register">register</a> to post comments', array('@login' => url('user/login', $destination), '@register' => url('user/register', $destination)));
+      }
+      else {
+        // Only admins can add new users, no public registration.
+        return t('<a href="@login">Login</a> to post comments', array('@login' => url('user/login', $destination)));
+      }
     }
   }
 }

Modified: branches/upstream/current-5/modules/contact/contact.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/contact/contact.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/contact/contact.info (original)
+++ branches/upstream/current-5/modules/contact/contact.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/drupal/drupal.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/drupal/drupal.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/drupal/drupal.info (original)
+++ branches/upstream/current-5/modules/drupal/drupal.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/filter/filter.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/filter/filter.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/filter/filter.info (original)
+++ branches/upstream/current-5/modules/filter/filter.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/filter/filter.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/filter/filter.module?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/filter/filter.module (original)
+++ branches/upstream/current-5/modules/filter/filter.module Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: filter.module,v 1.160.2.10 2008/09/17 19:14:19 drumm Exp $
+// $Id: filter.module,v 1.160.2.11 2008/12/10 22:21:27 drumm Exp $
 
 /**
  * @file
@@ -709,13 +709,20 @@
   static $filters = array();
 
   if (!isset($filters[$format])) {
-    $filters[$format] = array();
     $result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight ASC", $format);
-    while ($filter = db_fetch_object($result)) {
-      $list = module_invoke($filter->module, 'filter', 'list');
-      if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
-        $filter->name = $list[$filter->delta];
-        $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+    if (db_num_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) {
+      // The format has no filters and does not exist, use the default input
+      // format.
+      $filters[$format] = filter_list_format(variable_get('filter_default_format', 1));
+    }
+    else {
+      $filters[$format] = array();
+      while ($filter = db_fetch_object($result)) {
+        $list = module_invoke($filter->module, 'filter', 'list');
+        if (isset($list) && is_array($list) && isset($list[$filter->delta])) {
+          $filter->name = $list[$filter->delta];
+          $filters[$format][$filter->module .'/'. $filter->delta] = $filter;
+        }
       }
     }
   }

Modified: branches/upstream/current-5/modules/forum/forum.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/forum/forum.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/forum/forum.info (original)
+++ branches/upstream/current-5/modules/forum/forum.info Thu Jan  8 19:28:57 2009
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/help/help.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/help/help.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/help/help.info (original)
+++ branches/upstream/current-5/modules/help/help.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/legacy/legacy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/legacy/legacy.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/legacy/legacy.info (original)
+++ branches/upstream/current-5/modules/legacy/legacy.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/locale/locale.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/locale/locale.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/locale/locale.info (original)
+++ branches/upstream/current-5/modules/locale/locale.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/menu/menu.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/menu/menu.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/menu/menu.info (original)
+++ branches/upstream/current-5/modules/menu/menu.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/menu/menu.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/menu/menu.module?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/menu/menu.module (original)
+++ branches/upstream/current-5/modules/menu/menu.module Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.module,v 1.100.2.2 2008/01/07 02:13:58 drumm Exp $
+// $Id: menu.module,v 1.100.2.3 2008/11/15 02:47:59 drumm Exp $
 
 /**
  * @file
@@ -357,6 +357,7 @@
     '#title' => t('Description'),
     '#default_value' => $item['description'],
     '#description' => t('The description displayed when hovering over a menu item.'),
+    '#maxlength' => 255,
   );
 
   if ($item['type'] & MENU_CREATED_BY_ADMIN) {

Modified: branches/upstream/current-5/modules/node/node.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/node/node.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/node/node.info (original)
+++ branches/upstream/current-5/modules/node/node.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/path/path.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/path/path.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/path/path.info (original)
+++ branches/upstream/current-5/modules/path/path.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/ping/ping.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/ping/ping.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/ping/ping.info (original)
+++ branches/upstream/current-5/modules/ping/ping.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/poll/poll.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/poll/poll.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/poll/poll.info (original)
+++ branches/upstream/current-5/modules/poll/poll.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/profile/profile.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/profile/profile.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/profile/profile.info (original)
+++ branches/upstream/current-5/modules/profile/profile.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/profile/profile.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/profile/profile.module?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/profile/profile.module (original)
+++ branches/upstream/current-5/modules/profile/profile.module Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: profile.module,v 1.189.2.9 2008/02/11 05:36:07 drumm Exp $
+// $Id: profile.module,v 1.189.2.10 2008/11/15 02:43:55 drumm Exp $
 
 /**
  * @file
@@ -750,7 +750,15 @@
 }
 
 function profile_categories() {
-  $result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
+  // Hide hidden profile fields from users that don't have permission to administer users.
+  // For these users, categories with only hidden profile fields will not be returned.
+  if (user_access('administer users')) {
+    $result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
+  }
+  else {
+    $result = db_query("SELECT DISTINCT(category) FROM {profile_fields} WHERE visibility <> %d", PROFILE_HIDDEN);
+  }
+
   while ($category = db_fetch_object($result)) {
     $data[] = array('name' => $category->category, 'title' => $category->category, 'weight' => 3);
   }

Modified: branches/upstream/current-5/modules/search/search.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/search/search.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/search/search.info (original)
+++ branches/upstream/current-5/modules/search/search.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/statistics/statistics.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/statistics/statistics.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/statistics/statistics.info (original)
+++ branches/upstream/current-5/modules/statistics/statistics.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/system/system.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/system/system.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/system/system.info (original)
+++ branches/upstream/current-5/modules/system/system.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/system/system.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/system/system.module?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/system/system.module (original)
+++ branches/upstream/current-5/modules/system/system.module Thu Jan  8 19:28:57 2009
@@ -1,12 +1,12 @@
 <?php
-// $Id: system.module,v 1.440.2.39 2008/10/22 19:25:28 drumm Exp $
+// $Id: system.module,v 1.440.2.44 2008/12/11 17:37:27 drumm Exp $
 
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.12');
+define('VERSION', '5.14');
 
 /**
  * Implementation of hook_help().
@@ -1432,11 +1432,11 @@
 function system_module_build_dependencies($modules, $form_values) {
   static $dependencies;
 
-  if (!isset($dependencies) && isset($form_values)) {
+  if (!isset($dependencies) && isset($form_values) && is_array($form_values)) {
     $dependencies = array();
     foreach ($modules as $name => $module) {
       // If the module is disabled, will be switched on and it has dependencies.
-      if (!$module->status && $form_values['status'][$name] && isset($module->info['dependencies'])) {
+      if (!$module->status && isset($form_values['status'][$name]) && $form_values['status'][$name] && isset($module->info['dependencies'])) {
         foreach ($module->info['dependencies'] as $dependency) {
           if (!$form_values['status'][$dependency] && isset($modules[$dependency])) {
             if (!isset($dependencies[$name])) {

Modified: branches/upstream/current-5/modules/taxonomy/taxonomy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/taxonomy/taxonomy.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/taxonomy/taxonomy.info (original)
+++ branches/upstream/current-5/modules/taxonomy/taxonomy.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/throttle/throttle.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/throttle/throttle.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/throttle/throttle.info (original)
+++ branches/upstream/current-5/modules/throttle/throttle.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/tracker/tracker.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/tracker/tracker.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/tracker/tracker.info (original)
+++ branches/upstream/current-5/modules/tracker/tracker.info Thu Jan  8 19:28:57 2009
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/upload/upload.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/upload/upload.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/upload/upload.info (original)
+++ branches/upstream/current-5/modules/upload/upload.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/user/user.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/user/user.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/user/user.info (original)
+++ branches/upstream/current-5/modules/user/user.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/modules/watchdog/watchdog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/watchdog/watchdog.info?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/modules/watchdog/watchdog.info (original)
+++ branches/upstream/current-5/modules/watchdog/watchdog.info Thu Jan  8 19:28:57 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2008-10-22
-version = "5.12"
+; Information added by drupal.org packaging script on 2008-12-11
+version = "5.14"
 project = "drupal"
-datestamp = "1224703813"
+datestamp = "1229017817"
 

Modified: branches/upstream/current-5/robots.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/robots.txt?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/robots.txt (original)
+++ branches/upstream/current-5/robots.txt Thu Jan  8 19:28:57 2009
@@ -1,4 +1,4 @@
-# $Id: robots.txt,v 1.7.2.2 2008/02/25 02:18:25 drumm Exp $
+# $Id: robots.txt,v 1.7.2.3 2008/12/10 20:24:38 drumm Exp $
 #
 # robots.txt
 #
@@ -20,27 +20,25 @@
 User-agent: *
 Crawl-delay: 10
 # Directories
-Disallow: /database/
 Disallow: /includes/
 Disallow: /misc/
 Disallow: /modules/
+Disallow: /profiles/
+Disallow: /scripts/
 Disallow: /sites/
 Disallow: /themes/
-Disallow: /scripts/
-Disallow: /updates/
-Disallow: /profiles/
 # Files
-Disallow: /xmlrpc.php
+Disallow: /CHANGELOG.txt
 Disallow: /cron.php
-Disallow: /update.php
+Disallow: /INSTALL.mysql.txt
+Disallow: /INSTALL.pgsql.txt
 Disallow: /install.php
 Disallow: /INSTALL.txt
-Disallow: /INSTALL.mysql.txt
-Disallow: /INSTALL.pgsql.txt
-Disallow: /CHANGELOG.txt
+Disallow: /LICENSE.txt
 Disallow: /MAINTAINERS.txt
-Disallow: /LICENSE.txt
+Disallow: /update.php
 Disallow: /UPGRADE.txt
+Disallow: /xmlrpc.php
 # Paths (clean URLs)
 Disallow: /admin/
 Disallow: /comment/reply/

Modified: branches/upstream/current-5/update.php
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/update.php?rev=1974&op=diff
==============================================================================
--- branches/upstream/current-5/update.php (original)
+++ branches/upstream/current-5/update.php Thu Jan  8 19:28:57 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: update.php,v 1.211.2.2 2007/04/08 00:54:04 drumm Exp $
+// $Id: update.php,v 1.211.2.3 2008/12/10 22:21:27 drumm Exp $
 
 /**
  * @file
@@ -562,10 +562,11 @@
 
 function update_info_page() {
   drupal_set_title('Drupal database update');
+  $link = 'update.php?op=selection&token='. drupal_get_token('update');
   $output = "<ol>\n";
   $output .= "<li>Use this script to <strong>upgrade an existing Drupal installation</strong>. You don't need this script when installing Drupal from scratch.</li>";
   $output .= "<li>Before doing anything, backup your database. This process will change your database and its values, and some things might get lost.</li>\n";
-  $output .= "<li>Update your Drupal sources, check the notes below and <a href=\"update.php?op=selection\">run the database upgrade script</a>. Don't upgrade your database twice as it may cause problems.</li>\n";
+  $output .= "<li>Update your Drupal sources, check the notes below and <a href=\"$link\">run the database upgrade script</a>. Don't upgrade your database twice as it may cause problems.</li>\n";
   $output .= "<li>Go through the various administration pages to change the existing and new settings to your liking.</li>\n";
   $output .= "</ol>";
   $output .= '<p>For more help, see the <a href="http://drupal.org/node/258">Installation and upgrading handbook</a>. If you are unsure what these terms mean you should probably contact your hosting provider.</p>';
@@ -793,10 +794,6 @@
 
   $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
   switch ($op) {
-    case 'Update':
-      $output = update_update_page();
-      break;
-
     case 'finished':
       $output = update_finished_page(TRUE);
       break;
@@ -813,10 +810,18 @@
       $output = update_progress_page_nojs();
       break;
 
+    case 'Update':
+      if ($_GET['token'] == drupal_get_token('update')) {
+        $output = update_update_page();
+        break;
+      }
+      // If the token did not match we just display the default page.
     case 'selection':
-      $output = update_selection_page();
-      break;
-
+      if ($_GET['token'] == drupal_get_token('update')) {
+        $output = update_selection_page();
+        break;
+      }
+      // If the token did not match we just display the default page.
     default:
       $output = update_info_page();
       break;

More information about the Pkg-drupal-commits mailing list