[Pkg-drupal-commits] r2072 - in /branches/upstream/current-5: ./ includes/ modules/aggregator/ modules/block/ modules/blog/ modules/blogapi/ modules/book/ modules/color/ modules/comment/ modules/contact/ modules/drupal/ modules/filter/ modules/forum/ modules/help/ modules/legacy/ modules/locale/ modules/menu/ modules/node/ modules/path/ modules/ping/ modules/poll/ modules/profile/ modules/search/ modules/statistics/ modules/system/ modules/taxonomy/ modules/throttle/ modules/tracker/ modules/upload/ modules/user/ modules/watchdog/ themes/garland/

[luigi at users.alioth.debian.org]

Author: luigi
Date: Sat Sep 19 23:34:47 2009
New Revision: 2072

URL: http://svn.debian.org/wsvn/pkg-drupal/?sc=1&rev=2072
Log:
[svn-upgrade] Integrating new upstream version, drupal5 (5.20)

Modified:
    branches/upstream/current-5/CHANGELOG.txt
    branches/upstream/current-5/includes/cache.inc
    branches/upstream/current-5/includes/common.inc
    branches/upstream/current-5/includes/database.mysql.inc
    branches/upstream/current-5/includes/database.mysqli.inc
    branches/upstream/current-5/includes/menu.inc
    branches/upstream/current-5/modules/aggregator/aggregator.info
    branches/upstream/current-5/modules/block/block.info
    branches/upstream/current-5/modules/blog/blog.info
    branches/upstream/current-5/modules/blogapi/blogapi.info
    branches/upstream/current-5/modules/book/book.info
    branches/upstream/current-5/modules/color/color.info
    branches/upstream/current-5/modules/comment/comment.info
    branches/upstream/current-5/modules/contact/contact.info
    branches/upstream/current-5/modules/drupal/drupal.info
    branches/upstream/current-5/modules/filter/filter.info
    branches/upstream/current-5/modules/forum/forum.info
    branches/upstream/current-5/modules/help/help.info
    branches/upstream/current-5/modules/legacy/legacy.info
    branches/upstream/current-5/modules/locale/locale.info
    branches/upstream/current-5/modules/menu/menu.info
    branches/upstream/current-5/modules/node/node.info
    branches/upstream/current-5/modules/path/path.info
    branches/upstream/current-5/modules/ping/ping.info
    branches/upstream/current-5/modules/poll/poll.info
    branches/upstream/current-5/modules/profile/profile.info
    branches/upstream/current-5/modules/search/search.info
    branches/upstream/current-5/modules/search/search.module
    branches/upstream/current-5/modules/statistics/statistics.info
    branches/upstream/current-5/modules/system/system.info
    branches/upstream/current-5/modules/system/system.module
    branches/upstream/current-5/modules/taxonomy/taxonomy.info
    branches/upstream/current-5/modules/taxonomy/taxonomy.module
    branches/upstream/current-5/modules/throttle/throttle.info
    branches/upstream/current-5/modules/tracker/tracker.info
    branches/upstream/current-5/modules/upload/upload.info
    branches/upstream/current-5/modules/user/user.info
    branches/upstream/current-5/modules/user/user.module
    branches/upstream/current-5/modules/watchdog/watchdog.info
    branches/upstream/current-5/themes/garland/style.css

Modified: branches/upstream/current-5/CHANGELOG.txt
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/CHANGELOG.txt?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/CHANGELOG.txt (original)
+++ branches/upstream/current-5/CHANGELOG.txt Sat Sep 19 23:34:47 2009
@@ -1,4 +1,11 @@
-// $Id: CHANGELOG.txt,v 1.173.2.41 2009/07/01 20:52:11 drumm Exp $
+// $Id: CHANGELOG.txt,v 1.173.2.44 2009/09/16 19:33:40 drumm Exp $
+
+Drupal 5.20, 2009-09-16
+-----------------------
+- Avoid security problems resulting from writing Drupal 6-style menu
+  declarations.
+- Fixed security issues (session fixation), see SA-CORE-2009-008.
+- Fixed a variety of small bugs.
 
 Drupal 5.19, 2009-07-01
 -----------------------

Modified: branches/upstream/current-5/includes/cache.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/cache.inc?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/includes/cache.inc (original)
+++ branches/upstream/current-5/includes/cache.inc Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: cache.inc,v 1.5.2.5 2008/02/10 02:05:00 drumm Exp $
+// $Id: cache.inc,v 1.5.2.6 2009/07/10 05:41:24 drumm Exp $
 
 /**
  * Return data from the persistent cache.
@@ -14,10 +14,10 @@
   global $user;
 
   // Garbage collection necessary when enforcing a minimum cache lifetime
-  $cache_flush = variable_get('cache_flush', 0);
+  $cache_flush = variable_get('cache_flush_'. $table, 0);
   if ($cache_flush && ($cache_flush + variable_get('cache_lifetime', 0) <= time())) {
     // Reset the variable immediately to prevent a meltdown in heavy load situations.
-    variable_set('cache_flush', 0);
+    variable_set('cache_flush_'. $table, 0);
     // Time to flush old cache data
     db_query("DELETE FROM {". $table ."} WHERE expire != %d AND expire <= %d", CACHE_PERMANENT, $cache_flush);
   }
@@ -134,16 +134,16 @@
       // cached data that was cached before the timestamp.
       $user->cache = time();
 
-      $cache_flush = variable_get('cache_flush', 0);
+      $cache_flush = variable_get('cache_flush_'. $table, 0);
       if ($cache_flush == 0) {
         // This is the first request to clear the cache, start a timer.
-        variable_set('cache_flush', time());
+        variable_set('cache_flush_'. $table, time());
       }
       else if (time() > ($cache_flush + variable_get('cache_lifetime', 0))) {
-        // Clear the cache for everyone, cache_flush_delay seconds have
+        // Clear the cache for everyone, cache_lifetime seconds have
         // passed since the first request to clear the cache.
         db_query("DELETE FROM {". $table. "} WHERE expire != %d AND expire < %d", CACHE_PERMANENT, time());
-        variable_set('cache_flush', 0);
+        variable_set('cache_flush_'. $table, 0);
       }
     }
     else {

Modified: branches/upstream/current-5/includes/common.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/common.inc?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/includes/common.inc (original)
+++ branches/upstream/current-5/includes/common.inc Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.611.2.24 2009/05/13 17:10:36 drumm Exp $
+// $Id: common.inc,v 1.611.2.25 2009/09/16 17:29:09 drumm Exp $
 
 /**
  * @file
@@ -427,6 +427,18 @@
   // Parse the URL, and make sure we can handle the schema.
   $uri = parse_url($url);
 
+  if ($uri == FALSE) {
+    $result->error = 'unable to parse URL';
+    $result->code = -1001;
+    return $result;
+  }
+
+  if (!isset($uri['scheme'])) {
+    $result->error = 'missing schema';
+    $result->code = -1002;
+    return $result;
+  }
+
   switch ($uri['scheme']) {
     case 'http':
       $port = isset($uri['port']) ? $uri['port'] : 80;
@@ -441,6 +453,7 @@
       break;
     default:
       $result->error = 'invalid schema '. $uri['scheme'];
+      $result->code = -1003;
       return $result;
   }
 

Modified: branches/upstream/current-5/includes/database.mysql.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/database.mysql.inc?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/includes/database.mysql.inc (original)
+++ branches/upstream/current-5/includes/database.mysql.inc Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: database.mysql.inc,v 1.66.2.3 2008/09/15 06:14:52 drumm Exp $
+// $Id: database.mysql.inc,v 1.66.2.4 2009/07/10 06:09:38 drumm Exp $
 
 /**
  * @file
@@ -360,7 +360,7 @@
   $tablename = array_pop($args);
   array_shift($args);
 
-  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query));
+  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
   if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
     $args = $args[0];
   }

Modified: branches/upstream/current-5/includes/database.mysqli.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/database.mysqli.inc?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/includes/database.mysqli.inc (original)
+++ branches/upstream/current-5/includes/database.mysqli.inc Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: database.mysqli.inc,v 1.32.2.5 2008/09/15 06:14:52 drumm Exp $
+// $Id: database.mysqli.inc,v 1.32.2.6 2009/07/10 06:09:38 drumm Exp $
 
 /**
  * @file
@@ -343,7 +343,7 @@
   $tablename = array_pop($args);
   array_shift($args);
 
-  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' SELECT', db_prefix_tables($query));
+  $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
   if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
     $args = $args[0];
   }

Modified: branches/upstream/current-5/includes/menu.inc
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/includes/menu.inc?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/includes/menu.inc (original)
+++ branches/upstream/current-5/includes/menu.inc Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.inc,v 1.146.2.2 2008/02/11 05:26:53 drumm Exp $
+// $Id: menu.inc,v 1.146.2.3 2009/07/10 05:56:51 drumm Exp $
 
 /**
  * @file
@@ -1055,6 +1055,10 @@
   $temp_mid = -1;
 
   foreach ($menu_item_list as $item) {
+    // Protect against D6 style access
+    if (isset($item['access']) && is_array($item['access']) && count($item['access']) == 1 && isset($item['access'][0]) && is_string($item['access'][0])) {
+      $item['access'] = FALSE;
+    }
     if (!isset($item['path'])) {
       $item['path'] = '';
     }
@@ -1225,6 +1229,10 @@
   $new_items = array();
 
   foreach ($menu_item_list as $item) {
+    // Protect against D6 style access
+    if (isset($item['access']) && is_array($item['access']) && count($item['access']) == 1 && isset($item['access'][0]) && is_string($item['access'][0])) {
+      $item['access'] = FALSE;
+    }
     if (isset($item['callback'])) {
       $_menu['callbacks'][$item['path']] = array('callback' => $item['callback']);
       if (isset($item['callback arguments'])) {

Modified: branches/upstream/current-5/modules/aggregator/aggregator.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/aggregator/aggregator.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/aggregator/aggregator.info (original)
+++ branches/upstream/current-5/modules/aggregator/aggregator.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/block/block.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/block/block.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/block/block.info (original)
+++ branches/upstream/current-5/modules/block/block.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/blog/blog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/blog/blog.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/blog/blog.info (original)
+++ branches/upstream/current-5/modules/blog/blog.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/blogapi/blogapi.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/blogapi/blogapi.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/blogapi/blogapi.info (original)
+++ branches/upstream/current-5/modules/blogapi/blogapi.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/book/book.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/book/book.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/book/book.info (original)
+++ branches/upstream/current-5/modules/book/book.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/color/color.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/color/color.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/color/color.info (original)
+++ branches/upstream/current-5/modules/color/color.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/comment/comment.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/comment/comment.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/comment/comment.info (original)
+++ branches/upstream/current-5/modules/comment/comment.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/contact/contact.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/contact/contact.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/contact/contact.info (original)
+++ branches/upstream/current-5/modules/contact/contact.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/drupal/drupal.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/drupal/drupal.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/drupal/drupal.info (original)
+++ branches/upstream/current-5/modules/drupal/drupal.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/filter/filter.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/filter/filter.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/filter/filter.info (original)
+++ branches/upstream/current-5/modules/filter/filter.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/forum/forum.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/forum/forum.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/forum/forum.info (original)
+++ branches/upstream/current-5/modules/forum/forum.info Sat Sep 19 23:34:47 2009
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/help/help.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/help/help.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/help/help.info (original)
+++ branches/upstream/current-5/modules/help/help.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/legacy/legacy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/legacy/legacy.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/legacy/legacy.info (original)
+++ branches/upstream/current-5/modules/legacy/legacy.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/locale/locale.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/locale/locale.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/locale/locale.info (original)
+++ branches/upstream/current-5/modules/locale/locale.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/menu/menu.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/menu/menu.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/menu/menu.info (original)
+++ branches/upstream/current-5/modules/menu/menu.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/node/node.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/node/node.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/node/node.info (original)
+++ branches/upstream/current-5/modules/node/node.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/path/path.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/path/path.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/path/path.info (original)
+++ branches/upstream/current-5/modules/path/path.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/ping/ping.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/ping/ping.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/ping/ping.info (original)
+++ branches/upstream/current-5/modules/ping/ping.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/poll/poll.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/poll/poll.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/poll/poll.info (original)
+++ branches/upstream/current-5/modules/poll/poll.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/profile/profile.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/profile/profile.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/profile/profile.info (original)
+++ branches/upstream/current-5/modules/profile/profile.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/search/search.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/search/search.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/search/search.info (original)
+++ branches/upstream/current-5/modules/search/search.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/search/search.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/search/search.module?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/search/search.module (original)
+++ branches/upstream/current-5/modules/search/search.module Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: search.module,v 1.209.2.6 2008/05/14 06:35:29 drumm Exp $
+// $Id: search.module,v 1.209.2.7 2009/09/16 04:27:01 drumm Exp $
 
 /**
  * @file
@@ -1052,6 +1052,17 @@
  * Process a block search form submission.
  */
 function search_box_form_submit($form_id, $form_values) {
+  // The search form relies on control of the redirect destination for its
+  // functionality, so we override any static destination set in the request,
+  // for example by drupal_access_denied() or drupal_not_found()
+  // (see http://drupal.org/node/292565).
+  if (isset($_REQUEST['destination'])) {
+    unset($_REQUEST['destination']);
+  }
+  if (isset($_REQUEST['edit']['destination'])) {
+    unset($_REQUEST['edit']['destination']);
+  }
+
   return 'search/node/'. trim($form_values[$form_id .'_keys']);
 }
 

Modified: branches/upstream/current-5/modules/statistics/statistics.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/statistics/statistics.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/statistics/statistics.info (original)
+++ branches/upstream/current-5/modules/statistics/statistics.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/system/system.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/system/system.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/system/system.info (original)
+++ branches/upstream/current-5/modules/system/system.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/system/system.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/system/system.module?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/system/system.module (original)
+++ branches/upstream/current-5/modules/system/system.module Sat Sep 19 23:34:47 2009
@@ -1,12 +1,12 @@
 <?php
-// $Id: system.module,v 1.440.2.54 2009/07/01 20:52:11 drumm Exp $
+// $Id: system.module,v 1.440.2.57 2009/09/16 19:33:40 drumm Exp $
 
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '5.19');
+define('VERSION', '5.20');
 
 /**
  * Implementation of hook_help().
@@ -526,7 +526,7 @@
 
 function _system_zonelist() {
   $timestamp = time();
-  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4, -3.5, -3, -2.5, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
+  $zonelist = array(-11, -10, -9.5, -9, -8, -7, -6, -5, -4.5, -4, -3.5, -3, -2.5, -2, -1, 0, 1, 2, 3, 3.5, 4, 5, 5.5, 5.75, 6, 6.5, 7, 8, 9, 9.5, 10, 10.5, 11, 11.5, 12, 12.75, 13, 14);
   $zones = array();
   foreach ($zonelist as $offset) {
     $zone = $offset * 3600;

Modified: branches/upstream/current-5/modules/taxonomy/taxonomy.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/taxonomy/taxonomy.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/taxonomy/taxonomy.info (original)
+++ branches/upstream/current-5/modules/taxonomy/taxonomy.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/taxonomy/taxonomy.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/taxonomy/taxonomy.module?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/taxonomy/taxonomy.module (original)
+++ branches/upstream/current-5/modules/taxonomy/taxonomy.module Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: taxonomy.module,v 1.330.2.20 2009/05/13 19:49:11 drumm Exp $
+// $Id: taxonomy.module,v 1.330.2.21 2009/07/10 05:47:16 drumm Exp $
 
 /**
  * @file
@@ -57,7 +57,6 @@
  * @return
  *   An internal Drupal path.
  */
-
 function taxonomy_term_path($term) {
   $vocabulary = taxonomy_get_vocabulary($term->vid);
   if ($vocabulary->module != 'taxonomy' && $path = module_invoke($vocabulary->module, 'term_path', $term)) {

Modified: branches/upstream/current-5/modules/throttle/throttle.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/throttle/throttle.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/throttle/throttle.info (original)
+++ branches/upstream/current-5/modules/throttle/throttle.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/tracker/tracker.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/tracker/tracker.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/tracker/tracker.info (original)
+++ branches/upstream/current-5/modules/tracker/tracker.info Sat Sep 19 23:34:47 2009
@@ -5,8 +5,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/upload/upload.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/upload/upload.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/upload/upload.info (original)
+++ branches/upstream/current-5/modules/upload/upload.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - optional
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/user/user.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/user/user.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/user/user.info (original)
+++ branches/upstream/current-5/modules/user/user.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/modules/user/user.module
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/user/user.module?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/user/user.module (original)
+++ branches/upstream/current-5/modules/user/user.module Sat Sep 19 23:34:47 2009
@@ -1,5 +1,5 @@
 <?php
-// $Id: user.module,v 1.745.2.35 2008/10/08 20:10:26 drumm Exp $
+// $Id: user.module,v 1.745.2.36 2009/09/16 19:33:40 drumm Exp $
 
 /**
  * @file
@@ -1149,6 +1149,8 @@
           $user = $account;
           // And proceed with normal login, going to user page.
           $edit = array();
+          // Regenerate the session ID to prevent against session fixation attacks.
+          sess_regenerate();
           user_module_invoke('login', $edit, $user);
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
           drupal_goto('user/'. $user->uid .'/edit');

Modified: branches/upstream/current-5/modules/watchdog/watchdog.info
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/modules/watchdog/watchdog.info?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/modules/watchdog/watchdog.info (original)
+++ branches/upstream/current-5/modules/watchdog/watchdog.info Sat Sep 19 23:34:47 2009
@@ -4,8 +4,8 @@
 package = Core - required
 version = VERSION
 
-; Information added by drupal.org packaging script on 2009-07-01
-version = "5.19"
+; Information added by drupal.org packaging script on 2009-09-16
+version = "5.20"
 project = "drupal"
-datestamp = "1246482059"
+datestamp = "1253130023"
 

Modified: branches/upstream/current-5/themes/garland/style.css
URL: http://svn.debian.org/wsvn/pkg-drupal/branches/upstream/current-5/themes/garland/style.css?rev=2072&op=diff
==============================================================================
--- branches/upstream/current-5/themes/garland/style.css (original)
+++ branches/upstream/current-5/themes/garland/style.css Sat Sep 19 23:34:47 2009
@@ -1,4 +1,4 @@
-/* $Id: style.css,v 1.14.2.4 2007/07/09 03:50:59 drumm Exp $ */
+/* $Id: style.css,v 1.14.2.5 2009/09/16 04:38:12 drumm Exp $ */
 
 /**
  * Garland, for Drupal 5.0
@@ -606,6 +606,7 @@
   text-decoration: none;
   position: relative;
   top: -1px;
+  display: inline-block;
 }
 ul.primary li.active a, ul.primary li.active a:link, ul.primary li.active a:visited, ul.primary li a:hover,
 ul.secondary li.active a, ul.secondary li.active a:link, ul.secondary li.active a:visited, ul.secondary li a:hover {