[Pkg-drupal-commits] r2025 - in /branches/drupal-5.0: ./ debian/ includes/ misc/ modules/aggregator/ modules/block/ modules/blog/ modules/blogapi/ modules/book/ modules/color/ modules/comment/ modules/contact/ modules/drupal/ modules/filter/ modules/forum/ modules/help/ modules/legacy/ modules/locale/ modules/menu/ modules/node/ modules/path/ modules/ping/ modules/poll/ modules/profile/ modules/search/ modules/statistics/ modules/system/ modules/taxonomy/ modules/throttle/ modules/tracker/ modules/upload/ modules/user/ modules/watchdog/ themes/bluemarine/ themes/chameleon/ themes/engines/phptemplate/ themes/garland/ themes/pushbutton/

luigi at users.alioth.debian.org luigi at users.alioth.debian.org
Mon May 4 17:54:05 UTC 2009 

Author: luigi
Date: Mon May  4 17:54:04 2009
New Revision: 2025

URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=2025
Log:
New upstream release - Fixes XSS vulnerability (Ref: SA-CORE-2009-005, CVE-TBD)

Modified:
    branches/drupal-5.0/.htaccess
    branches/drupal-5.0/CHANGELOG.txt
    branches/drupal-5.0/debian/changelog
    branches/drupal-5.0/includes/bootstrap.inc
    branches/drupal-5.0/includes/common.inc
    branches/drupal-5.0/includes/form.inc
    branches/drupal-5.0/includes/theme.inc
    branches/drupal-5.0/misc/drupal.js
    branches/drupal-5.0/modules/aggregator/aggregator.info
    branches/drupal-5.0/modules/block/block.info
    branches/drupal-5.0/modules/blog/blog.info
    branches/drupal-5.0/modules/blogapi/blogapi.info
    branches/drupal-5.0/modules/book/book.info
    branches/drupal-5.0/modules/color/color.info
    branches/drupal-5.0/modules/comment/comment.info
    branches/drupal-5.0/modules/comment/comment.module
    branches/drupal-5.0/modules/contact/contact.info
    branches/drupal-5.0/modules/drupal/drupal.info
    branches/drupal-5.0/modules/filter/filter.info
    branches/drupal-5.0/modules/forum/forum.info
    branches/drupal-5.0/modules/forum/forum.module
    branches/drupal-5.0/modules/help/help.info
    branches/drupal-5.0/modules/legacy/legacy.info
    branches/drupal-5.0/modules/locale/locale.info
    branches/drupal-5.0/modules/menu/menu.info
    branches/drupal-5.0/modules/menu/menu.module
    branches/drupal-5.0/modules/node/node.info
    branches/drupal-5.0/modules/path/path.info
    branches/drupal-5.0/modules/ping/ping.info
    branches/drupal-5.0/modules/poll/poll.info
    branches/drupal-5.0/modules/profile/profile.info
    branches/drupal-5.0/modules/search/search.info
    branches/drupal-5.0/modules/statistics/statistics.info
    branches/drupal-5.0/modules/system/system.info
    branches/drupal-5.0/modules/system/system.install
    branches/drupal-5.0/modules/system/system.module
    branches/drupal-5.0/modules/taxonomy/taxonomy.info
    branches/drupal-5.0/modules/throttle/throttle.info
    branches/drupal-5.0/modules/tracker/tracker.info
    branches/drupal-5.0/modules/upload/upload.info
    branches/drupal-5.0/modules/user/user.info
    branches/drupal-5.0/modules/watchdog/watchdog.info
    branches/drupal-5.0/themes/bluemarine/page.tpl.php
    branches/drupal-5.0/themes/chameleon/chameleon.theme
    branches/drupal-5.0/themes/engines/phptemplate/phptemplate.engine
    branches/drupal-5.0/themes/garland/page.tpl.php
    branches/drupal-5.0/themes/pushbutton/page.tpl.php

Modified: branches/drupal-5.0/.htaccess
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/.htaccess?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/.htaccess (original)
+++ branches/drupal-5.0/.htaccess Mon May  4 17:54:04 2009
@@ -13,8 +13,13 @@
 # Follow symbolic links in this directory.
 Options +FollowSymLinks
 
-# Customized error messages.
+# Make Drupal handle any 404 errors.
 ErrorDocument 404 /index.php
+
+# Force simple error message for requests for non-existent favicon.ico.
+<Files favicon.ico>
+  ErrorDocument 404 "The requested file favicon.ico was not found.
+</Files>
 
 # Set the default handler.
 DirectoryIndex index.php
@@ -104,10 +109,11 @@
   #RewriteCond %{QUERY_STRING} ^mod=([^&]+)$
   #RewriteRule module.php index.php?q=%1 [L]
 
-  # Rewrite current-style URLs of the form 'index.php?q=x'.
+  # Rewrite current-style URLs of the form 'x' to the form 'index.php?q=x'.
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
+  RewriteCond %{REQUEST_URI} !=/favicon.ico
   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
 </IfModule>
 
-# $Id: .htaccess,v 1.81.2.5 2008/12/10 20:12:26 drumm Exp $
+# $Id: .htaccess,v 1.81.2.6 2009/02/26 07:03:29 drumm Exp $

Modified: branches/drupal-5.0/CHANGELOG.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/CHANGELOG.txt?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/CHANGELOG.txt (original)
+++ branches/drupal-5.0/CHANGELOG.txt Mon May  4 17:54:04 2009
@@ -1,4 +1,10 @@
-// $Id: CHANGELOG.txt,v 1.173.2.37 2009/02/25 23:14:05 drumm Exp $
+// $Id: CHANGELOG.txt,v 1.173.2.39 2009/04/30 00:13:48 drumm Exp $
+
+Drupal 5.17, 2009-04-29
+-----------------------
+- Fixed security issues (Cross site scripting and limited information
+  disclosure) see SA-CORE-2009-005.
+- Fixed a variety of small bugs.
 
 Drupal 5.16, 2009-02-25
 -----------------------

Modified: branches/drupal-5.0/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/debian/changelog?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/debian/changelog (original)
+++ branches/drupal-5.0/debian/changelog Mon May  4 17:54:04 2009
@@ -1,3 +1,12 @@
+drupal5 (5.17-1) UNRELEASED; urgency=low
+
+  * (NOT RELEASED YET)
+
+  * New upstream release
+    - Fixes XSS vulnerability (Ref: SA-CORE-2009-005, CVE-TBD)
+
+ -- Luigi Gangitano <luigi at debian.org>  Mon, 04 May 2009 15:03:32 +0200
+
 drupal5 (5.16-1) unstable; urgency=low
 
   [ Luigi Gangitano ]

Modified: branches/drupal-5.0/includes/bootstrap.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/bootstrap.inc?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/includes/bootstrap.inc (original)
+++ branches/drupal-5.0/includes/bootstrap.inc Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: bootstrap.inc,v 1.145.2.13 2009/01/14 19:12:27 drumm Exp $
+// $Id: bootstrap.inc,v 1.145.2.14 2009/04/30 00:13:48 drumm Exp $
 
 /**
  * @file
@@ -725,6 +725,8 @@
       $uri = $_SERVER['SCRIPT_NAME'] .'?'. $_SERVER['QUERY_STRING'];
     }
   }
+  // Prevent multiple slashes to avoid cross site requests via the FAPI.
+  $uri = '/'. ltrim($uri, '/');
 
   return $uri;
 }

Modified: branches/drupal-5.0/includes/common.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/common.inc?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/includes/common.inc (original)
+++ branches/drupal-5.0/includes/common.inc Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.611.2.22 2009/01/16 19:26:09 drumm Exp $
+// $Id: common.inc,v 1.611.2.23 2009/04/30 00:13:48 drumm Exp $
 
 /**
  * @file
@@ -149,6 +149,15 @@
  */
 function drupal_get_headers() {
   return drupal_set_header();
+}
+
+/**
+ * Make any final alterations to the rendered xhtml.
+ */
+function drupal_final_markup($content) {
+  // Make sure that the charset is always specified as the first element of the
+  // head region to prevent encoding-based attacks.
+  return preg_replace('/<head[^>]*>/i', "\$0\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />", $content, 1);
 }
 
 /**

Modified: branches/drupal-5.0/includes/form.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/form.inc?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/includes/form.inc (original)
+++ branches/drupal-5.0/includes/form.inc Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: form.inc,v 1.174.2.16 2008/12/21 02:38:53 drumm Exp $
+// $Id: form.inc,v 1.174.2.17 2009/02/26 05:50:33 drumm Exp $
 
 /**
  * @defgroup form Form generation
@@ -1265,7 +1265,19 @@
   if (count($element['#options']) > 0) {
     foreach ($element['#options'] as $key => $choice) {
       if (!isset($element[$key])) {
-        $element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => check_plain($key), '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE);
+        // Generate the parents as the autogenerator does, so we will have a
+        // unique id for each radio button.
+        $parents_for_id = array_merge($element['#parents'], array($key));
+        $element[$key] = array(
+          '#type' => 'radio',
+          '#title' => $choice,
+          '#return_value' => check_plain($key),
+          '#default_value' => $element['#default_value'],
+          '#attributes' => $element['#attributes'],
+          '#id' => form_clean_id('edit-'. implode('-', $parents_for_id)),
+          '#parents' => $element['#parents'],
+          '#spawned' => TRUE
+        );
       }
     }
   }

Modified: branches/drupal-5.0/includes/theme.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/includes/theme.inc?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/includes/theme.inc (original)
+++ branches/drupal-5.0/includes/theme.inc Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: theme.inc,v 1.337.2.7 2008/12/05 22:32:50 dries Exp $
+// $Id: theme.inc,v 1.337.2.8 2009/04/30 00:13:48 drumm Exp $
 
 /**
  * @file
@@ -168,7 +168,12 @@
     $functions[$function] = theme_get_function($function);
   }
   if ($functions[$function]) {
-    return call_user_func_array($functions[$function], $args);
+    $output = call_user_func_array($functions[$function], $args);
+    // Add final markup to the full page.
+    if ($function == 'page') {
+      $output = drupal_final_markup($output);
+    }
+    return $output;
   }
 }
 

Modified: branches/drupal-5.0/misc/drupal.js
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/misc/drupal.js?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/misc/drupal.js (original)
+++ branches/drupal-5.0/misc/drupal.js Mon May  4 17:54:04 2009
@@ -1,4 +1,4 @@
-// $Id: drupal.js,v 1.29.2.2 2008/08/13 18:12:23 drumm Exp $
+// $Id: drupal.js,v 1.29.2.3 2009/02/26 06:46:48 drumm Exp $
 
 var Drupal = Drupal || {};
 
@@ -12,8 +12,8 @@
  */
 Drupal.extend = function(obj) {
   for (var i in obj) {
-    if (this[i]) {
-      Drupal.extend.apply(this[i], [obj[i]]);
+    if (this[i] && (typeof(this[i]) == 'function' || typeof(this[i]) == 'object')) {
+   	  Drupal.extend.apply(this[i], [obj[i]]);
     }
     else {
       this[i] = obj[i];

Modified: branches/drupal-5.0/modules/aggregator/aggregator.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/aggregator/aggregator.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/aggregator/aggregator.info (original)
+++ branches/drupal-5.0/modules/aggregator/aggregator.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/block/block.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/block/block.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/block/block.info (original)
+++ branches/drupal-5.0/modules/block/block.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/blog/blog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/blog/blog.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/blog/blog.info (original)
+++ branches/drupal-5.0/modules/blog/blog.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/blogapi/blogapi.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/blogapi/blogapi.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/blogapi/blogapi.info (original)
+++ branches/drupal-5.0/modules/blogapi/blogapi.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/book/book.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/book/book.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/book/book.info (original)
+++ branches/drupal-5.0/modules/book/book.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/color/color.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/color/color.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/color/color.info (original)
+++ branches/drupal-5.0/modules/color/color.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/comment/comment.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/comment/comment.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/comment/comment.info (original)
+++ branches/drupal-5.0/modules/comment/comment.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/comment/comment.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/comment/comment.module?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/comment/comment.module (original)
+++ branches/drupal-5.0/modules/comment/comment.module Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment.module,v 1.520.2.13 2008/12/03 17:55:49 drumm Exp $
+// $Id: comment.module,v 1.520.2.14 2009/04/29 18:32:15 drumm Exp $
 
 /**
  * @file
@@ -1656,7 +1656,7 @@
     // 2) Strip out all HTML tags
     // 3) Convert entities back to plain-text.
     // Note: format is checked by check_markup().
-    $form_values['subject'] = trim(truncate_utf8(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format']))), 29, TRUE));
+    $form_values['subject'] = truncate_utf8(trim(decode_entities(strip_tags(check_markup($form_values['comment'], $form_values['format'])))), 29, TRUE);
     // Edge cases where the comment body is populated only by HTML tags will
     // require a default subject.
     if ($form_values['subject'] == '') {

Modified: branches/drupal-5.0/modules/contact/contact.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/contact/contact.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/contact/contact.info (original)
+++ branches/drupal-5.0/modules/contact/contact.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/drupal/drupal.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/drupal/drupal.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/drupal/drupal.info (original)
+++ branches/drupal-5.0/modules/drupal/drupal.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/filter/filter.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/filter/filter.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/filter/filter.info (original)
+++ branches/drupal-5.0/modules/filter/filter.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/forum/forum.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/forum/forum.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/forum/forum.info (original)
+++ branches/drupal-5.0/modules/forum/forum.info Mon May  4 17:54:04 2009
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/forum/forum.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/forum/forum.module?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/forum/forum.module (original)
+++ branches/drupal-5.0/modules/forum/forum.module Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: forum.module,v 1.375.2.7 2008/04/05 02:18:59 drumm Exp $
+// $Id: forum.module,v 1.375.2.8 2009/04/29 18:53:38 drumm Exp $
 
 /**
  * @file
@@ -645,18 +645,8 @@
   return array('#type' => 'select', '#title' => $title, '#default_value' => $parent, '#options' => $options, '#description' => $description, '#required' => TRUE);
 }
 
-function forum_link_alter(&$node, &$links) {
-  foreach ($links as $module => $link) {
-    if (strstr($module, 'taxonomy_term')) {
-      // Link back to the forum and not the taxonomy term page. We'll only
-      // do this if the taxonomy term in question belongs to forums.
-      $tid = str_replace('taxonomy/term/', '', $link['href']);
-      $term = taxonomy_get_term($tid);
-      if ($term->vid == _forum_get_vid()) {
-        $links[$module]['href'] = str_replace('taxonomy/term', 'forum', $link['href']);
-      }
-    }
-  }
+function forum_term_path($term) {
+  return 'forum/'. $term->tid;
 }
 
 /**

Modified: branches/drupal-5.0/modules/help/help.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/help/help.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/help/help.info (original)
+++ branches/drupal-5.0/modules/help/help.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/legacy/legacy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/legacy/legacy.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/legacy/legacy.info (original)
+++ branches/drupal-5.0/modules/legacy/legacy.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/locale/locale.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/locale/locale.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/locale/locale.info (original)
+++ branches/drupal-5.0/modules/locale/locale.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/menu/menu.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/menu/menu.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/menu/menu.info (original)
+++ branches/drupal-5.0/modules/menu/menu.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/menu/menu.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/menu/menu.module?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/menu/menu.module (original)
+++ branches/drupal-5.0/modules/menu/menu.module Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.module,v 1.100.2.3 2008/11/15 02:47:59 drumm Exp $
+// $Id: menu.module,v 1.100.2.4 2009/02/26 06:56:26 drumm Exp $
 
 /**
  * @file
@@ -176,7 +176,7 @@
   if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
     $item = array();
     if ($form['nid']['#value'] > 0) {
-      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d'", $form['nid']['#value']));
+      $item = db_fetch_array(db_query("SELECT * FROM {menu} WHERE path = 'node/%d' ORDER BY mid", $form['nid']['#value']));
       if (isset($form['#post']['menu']) && is_array($form['#post']['menu'])) {
         $item = !is_array($item) ? $form['#post']['menu'] : (($form['#post']['op'] == t('Preview')) ? array_merge($item, $form['#post']['menu']) : array_merge($form['#post']['menu'], $item));
       }

Modified: branches/drupal-5.0/modules/node/node.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/node/node.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/node/node.info (original)
+++ branches/drupal-5.0/modules/node/node.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/path/path.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/path/path.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/path/path.info (original)
+++ branches/drupal-5.0/modules/path/path.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/ping/ping.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/ping/ping.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/ping/ping.info (original)
+++ branches/drupal-5.0/modules/ping/ping.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/poll/poll.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/poll/poll.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/poll/poll.info (original)
+++ branches/drupal-5.0/modules/poll/poll.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/profile/profile.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/profile/profile.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/profile/profile.info (original)
+++ branches/drupal-5.0/modules/profile/profile.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/search/search.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/search/search.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/search/search.info (original)
+++ branches/drupal-5.0/modules/search/search.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/statistics/statistics.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/statistics/statistics.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/statistics/statistics.info (original)
+++ branches/drupal-5.0/modules/statistics/statistics.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/system/system.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/system/system.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/system/system.info (original)
+++ branches/drupal-5.0/modules/system/system.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/system/system.install
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/system/system.install?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/system/system.install (original)
+++ branches/drupal-5.0/modules/system/system.install Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: system.install,v 1.69.2.11 2008/02/25 02:25:36 drumm Exp $
+// $Id: system.install,v 1.69.2.12 2009/03/22 19:55:22 drumm Exp $
 
 define('DRUPAL_MINIMUM_PHP',    '4.3.5');
 define('DRUPAL_MINIMUM_MYSQL',  '3.23.17'); // If using MySQL
@@ -1257,7 +1257,7 @@
   }
 
   // Flush the menu cache:
-  cache_clear_all('menu:', TRUE);
+  cache_clear_all('*', 'cache_menu', TRUE);
 
   return $ret;
 }

Modified: branches/drupal-5.0/modules/system/system.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/system/system.module?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/system/system.module (original)
+++ branches/drupal-5.0/modules/system/system.module Mon May  4 17:54:04 2009
@@ -1,12 +1,12 @@
 <?php
-// $Id: system.module,v 1.440.2.48 2009/02/25 23:14:05 drumm Exp $
+// $Id: system.module,v 1.440.2.51 2009/04/30 00:13:48 drumm Exp $
 
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.16');
+define('VERSION', '5.17');
 
 /**
  * Implementation of hook_help().
@@ -526,7 +526,7 @@
 
 function _system_zonelist() {
   $timestamp = time();
-  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4, -3.5, -3, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
+  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4, -3.5, -3, -2.5, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
   $zones = array();
   foreach ($zonelist as $offset) {
     $zone = $offset * 3600;

Modified: branches/drupal-5.0/modules/taxonomy/taxonomy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/taxonomy/taxonomy.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/taxonomy/taxonomy.info (original)
+++ branches/drupal-5.0/modules/taxonomy/taxonomy.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/throttle/throttle.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/throttle/throttle.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/throttle/throttle.info (original)
+++ branches/drupal-5.0/modules/throttle/throttle.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/tracker/tracker.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/tracker/tracker.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/tracker/tracker.info (original)
+++ branches/drupal-5.0/modules/tracker/tracker.info Mon May  4 17:54:04 2009
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/upload/upload.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/upload/upload.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/upload/upload.info (original)
+++ branches/drupal-5.0/modules/upload/upload.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/user/user.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/user/user.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/user/user.info (original)
+++ branches/drupal-5.0/modules/user/user.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/modules/watchdog/watchdog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/modules/watchdog/watchdog.info?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/modules/watchdog/watchdog.info (original)
+++ branches/drupal-5.0/modules/watchdog/watchdog.info Mon May  4 17:54:04 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-02-25
-version = "5.16"
+; Information added by drupal.org packaging script on 2009-04-30
+version = "5.17"
 project = "drupal"
-datestamp = "1235604023"
+datestamp = "1241050830"
 

Modified: branches/drupal-5.0/themes/bluemarine/page.tpl.php
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/themes/bluemarine/page.tpl.php?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/themes/bluemarine/page.tpl.php (original)
+++ branches/drupal-5.0/themes/bluemarine/page.tpl.php Mon May  4 17:54:04 2009
@@ -2,8 +2,8 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language ?>" xml:lang="<?php print $language ?>">
 
 <head>
+  <?php print $head ?>
   <title><?php print $head_title ?></title>
-  <?php print $head ?>
   <?php print $styles ?>
   <?php print $scripts ?>
   <script type="text/javascript"><?php /* Needed to avoid Flash of Unstyle Content in IE */ ?> </script>

Modified: branches/drupal-5.0/themes/chameleon/chameleon.theme
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/themes/chameleon/chameleon.theme?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/themes/chameleon/chameleon.theme (original)
+++ branches/drupal-5.0/themes/chameleon/chameleon.theme Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: chameleon.theme,v 1.56.2.2 2007/05/31 06:13:36 drumm Exp $
+// $Id: chameleon.theme,v 1.56.2.3 2009/04/30 00:13:49 drumm Exp $
 
 /**
  * @file
@@ -39,8 +39,8 @@
   $output  = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
   $output .= "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"$language\" xml:lang=\"$language\">\n";
   $output .= "<head>\n";
+  $output .= drupal_get_html_head();
   $output .= " <title>". ($title ? strip_tags($title) ." | ". variable_get("site_name", "Drupal") : variable_get("site_name", "Drupal") ." | ". variable_get("site_slogan", "")) ."</title>\n";
-  $output .= drupal_get_html_head();
   $output .= drupal_get_css();
   $output .= drupal_get_js();
   $output .= "</head>";

Modified: branches/drupal-5.0/themes/engines/phptemplate/phptemplate.engine
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/themes/engines/phptemplate/phptemplate.engine?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/themes/engines/phptemplate/phptemplate.engine (original)
+++ branches/drupal-5.0/themes/engines/phptemplate/phptemplate.engine Mon May  4 17:54:04 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: phptemplate.engine,v 1.54.2.5 2009/02/25 23:14:05 drumm Exp $
+// $Id: phptemplate.engine,v 1.54.2.6 2009/04/29 17:49:52 drumm Exp $
 
 /**
  * @file
@@ -257,7 +257,7 @@
   $suggestion = 'page';
   $suggestions = array($suggestion);
   while ($arg = arg($i++)) {
-    $arg = str_replace(array('/', '\\', '\0'), '', $arg);
+    $arg = str_replace(array("/", "\\", "\0"), '', $arg);
     $suggestions[] = $suggestion . '-' . $arg;
     if (!is_numeric($arg)) {
       $suggestion .= '-' . $arg;
@@ -377,9 +377,14 @@
 function _phptemplate_default($hook, $variables, $suggestions = array(), $extension = '.tpl.php') {
   global $theme_engine;
 
+  // Remove slashes or null to prevent files from being included from
+  // an unexpected location (especially on Windows servers).
+  $extension = str_replace(array("/", "\\", "\0"), '', $extension);
+
   // Loop through any suggestions in FIFO order.
   $suggestions = array_reverse($suggestions);
   foreach ($suggestions as $suggestion) {
+    $suggestion = str_replace(array("/", "\\", "\0"), '', $suggestion);
     if (!empty($suggestion) && file_exists(path_to_theme() .'/'. $suggestion . $extension)) {
       $file = path_to_theme() .'/'. $suggestion . $extension;
       break;

Modified: branches/drupal-5.0/themes/garland/page.tpl.php
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/themes/garland/page.tpl.php?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/themes/garland/page.tpl.php (original)
+++ branches/drupal-5.0/themes/garland/page.tpl.php Mon May  4 17:54:04 2009
@@ -2,8 +2,8 @@
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language ?>" lang="<?php print $language ?>">
   <head>
+    <?php print $head ?>
     <title><?php print $head_title ?></title>
-    <?php print $head ?>
     <?php print $styles ?>
     <?php print $scripts ?>
     <style type="text/css" media="print">@import "<?php print base_path() . path_to_theme() ?>/print.css";</style>

Modified: branches/drupal-5.0/themes/pushbutton/page.tpl.php
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/drupal-5.0/themes/pushbutton/page.tpl.php?rev=2025&op=diff
==============================================================================
--- branches/drupal-5.0/themes/pushbutton/page.tpl.php (original)
+++ branches/drupal-5.0/themes/pushbutton/page.tpl.php Mon May  4 17:54:04 2009
@@ -1,9 +1,9 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="<?php print $language ?>" xml:lang="<?php print $language ?>">
 <head>
-  <title><?php print $head_title ?></title>
   <meta http-equiv="Content-Style-Type" content="text/css" />
   <?php print $head ?>
+  <title><?php print $head_title ?></title>
   <?php print $styles ?>
   <?php print $scripts ?>
 </head>

More information about the Pkg-drupal-commits mailing list