Sync Drupal 6.2 to Ubuntu

Binary package hint: drupal5

Please package the new release of Drupal 6.2 Here are the the differences between 5.7 and 6.2

http://drupal.org/node/3060/release

drupal 6.2

SA-2008-026 - Drupal core - Drupal core - Access bypass

    * #228120 by jvandyk: typo in documentation in comment.tpl.php
    * #226480 by gpk: fix wording on when node access rebuild button is displayed in node_configure()
    * #229817 by mcarrera: l() attributes were not properly specified in theme.inc's theme_username()
    * #234403 by alienbrain: PHP.net documents we should use CRLF in mail headers, so do that
    * #226555 by jvandyk, Rok Zlender: fix notice level error in xmlrpc.inc
    * #204415 by chx: actually use 'administer content types' permission for node type editing instead of 'administer nodes'
    * #234699 by hass: theme_link() did not mark frontpage links active properly
    * #237717 by hass: missing t() in system_clear_cache_submit()
    * #232037 by pwolanin: (performance) block regions should only be populated when called for, not in all cases (fixes performance expectation on 403/404 pages)
    * #226728 by chx: (performance) temporary cache table entries were not flushed, causing cache_menu and cache_form to grow big
    * #231587 by pwolanin, killes: (performance) use two level cache in menus, instead of storing very large amounts of data multiple times
    * #239196 by jvandyk and myself: missing status check on nodes in search indexing counter
    * rolling back #234403 by Bevan and damz: we should keep using LF in mail headers, without CR, CRLF causes problems
    * #238564 by scor: two missing t() calls in update.module
    * #241629 by solotandem: dblog module left one more row in, when cleaning up in cron
    * #244597 by kbahey: remove cruft from user_login(), that added extra message to the form was never used or displayed

drupal 6.1

SA-2008-018 - Drupal core - Cross site scripting

    * #189568 by dvessel: module .css files were not overriden from theme .info files
    * #212608 by stefgosselin, webchick, slightly modified: get rid of notice when sorting blocks (minor)
    * #218513 by moshe weitzman, Pancho: code documentation formatting fixes for menu.inc (minor)
    * #220827 by Arancaytar, ax: fix code comments in _menu_navigation_links_rebuild() (minor)
    * #227548 by Heine, AjK: misuse of db_escape_string(), when db_escape_table() should have been used

drupal 6.0-rc4

    * #215992 by dww: provide information for upgrades from Drupal 5 with update status module
    * #216632 by webernet, dww: more accessible update information screen
    * #200028 by dww: trivial syntax fix in cache clearing
    * #216890 by gpk with documentation from myself: blog API clients do not pass on the teaser_include flag, so only act on that flag, if we have it
    * #157652 by beginner, Steven Merrill and killes: block_user() had a global user object and a user parameter colliding
    * #216404 by Rob Loach: path_nodeapi() only worked for users with permissions, although node loading requires the path to be loaded
    * #216858 by jvandyk, moshe weitzman: fix plain wrong and misleading user module phpdoc blocks
    * #216061 by Eaton: nid was not set in node creation (programatic node creation regression)
    * #217324 by Takafumi: trivial missing t() in taxonomy module
    * #216750 by dww: Security releases from higher branches were not ignored in all cases (critical)
    * #172597 by Rob Loach: minor double escaping in profile module
    * #197833 by gdevlugt: node filtering theme function was not applied (minor)
    * #204071 by Pancho: use UTF-8 aware string length counting in node_teaser() (minor)
    * #117748 by quicksketch: short fix to trim() required fields for validation, with documentation
    * #217180 by Gerhard Killesreiter: remove outdated information on Debian package maintainer
    * #215858 by pwolanin: localized menu options were saved into the database, avoid this by using different variable names / array keys
    * #216238 by theborg: theme descriptions were not translated properly (minor)
    * #117748 rollback: this was not well tested
    * #217926 by dropcube: Garland and Minnelli was updated for Drupal 6, but their code comments were not (minor)
    * #215958 by pwolanin: fix form API link in PHP filter module help (minor)
    * #217771 by dww: avoid confusing wrapping of release dates in update status module (minor)
    * #215858 follow up by pwolanin: fix a fatal error in book module breadcrumb creation (critical)
    * #218319 by moshe weitzman: translated menu link altering was not possible (critical regression)
    * #214513 by Lynn: break was missing in system_send_email_action(), causing the action code to fall over to a different context (critical)
    * #210131 by John Resig, dvessel with several testers: jQuery 1.2.3
    * #218436 by scor: update jQuery copyright year number as well in COPYRIGHT.txt (minor)
    * #218471 by pwolanin: exclude unpublished nodes from menus and books (critical)
    * #215858 follow up by pwolanin: external links were not properly localizing options (critical)
    * #218054 by pukku, Arancaytar: precision and scale arguments were not in proper order in SQL generation (critical)
    * #218539 by keith.smith: more prominent mention of the security awareness / documentation of Drupal
    * #218313 by jvandyk: uppercase forum topic sort ordering (minor)
    * #218116 by greggles: better documentation for session_save_session() for security education
    * #218403 by dmaz: avoid duplication in search index, when the database collation makes the words collide (critical)
    * #218915 by jakeg, keith.smith: arry syntax error in watchdog() use in file_save_upload()
    * #215308 by Pancho: 'Testing clean URLs...' was not removed in all cases when being checked
    * #216515 by chx and myself: cached forms made all subsequent forms on the page cached (critical); and a comment op check was buggy
    * #214209 patch by pwolanin and myself: do not allow users to post type of posts they are not configured to be able to post with Blog API (critical)
    * #217508 by boydjd, Pancho, keith.smith: incorrect and misleading of use i.e., where e.g. should have been used
    * #216813 by David_Rothstein, chx, pwolanin: primary and secondary links were broken on upgrade
    * #219366 by pwolanin: let external links appear in the system admin blocks
    * #219334 report by catch, patch by myself: upload table created in upgrade and upload table created by upload module enabled later collides
    * #117748 by webchick, Pancho, Rob Loach, pwolanin: required field values were not properly trim()ed on validation
    * #216904 by theborg, pwolanin: items were not properly ordered in tabledrag.js when more then the number of possible values
    * #211979 by theborg, chx, pwolanin: menu items moved out of the navigation menu were not found as parents
    * #184926 by Rob Loach: offline message was displayed to admin right after switching offline mode off
    * #139290 by dgtlmoon, msameer, ChrisKennedy, Freso, Rob Loach, matt@antinomia, Arancaytar: blog page was blank when user / site had no blog posts to display
    * #216511 by vladimir.dolgopolov: XHTML validation failed due to a misused & (minor)
    * #209240 by gopherspidey, soxofaan: fix settings file checking for multisite setups, and a bad file name used in an error message
    * #219380 by chx: bring back support for queries without WHERE clause to db_rewrite_sql() (regression)

drupal 6.0-rc3

SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0

    * #208427 report by Pancho, patch by dvessel: strpos() parameters were flipped in color module, resulting in bad colors
    * #208197 by dvessel: back to cloning the table header only in tableheader.js (fixes radio button issues and Safari 2 crashing)
    * - Patch #210140 by dww: fixed code comment: 'default_major' is now deprecated in favor of 'supported_majors'.
    * - Patch #209236 by traxer: added a validation function for the poll form.
    * - Patch #206495 by jvandyk: improved consistency of trigger descriptions.
    * - Patch #208926 by keith.smith: fixed broken link. The external link to the RSS specification changed.
    * - Patch #115606 by Junyor, thesaint_02: added support for PHP 5.2's 'recoverable fatal errors'.
    * - Patch #209034 by theborg: fixed small code style error that generates warnings.
    * - Patch #210141 by dww (with some modifications by me): implement hook_flush_caches().
    * #201540 follow up by zoo33: move jpeg quality validation to where it belongs, so it is only called if the current image toolkit requires it
    * #209584 by Rob Loach: 404/403 validation is also done in runtime so to allow more flexibility here, remove the submission time validation
    * #209045 by keith.smith: small typo in INSTALL.txt
    * #208991 by JirkaRybka: target sticky table headers to Drupal output tables only, so it won't sticky random tables in other site content
    * #190729 by aufumy, Pasqualle, slightly modified: report incompatibility early, if the dependencies key is not an array in the .info file
    * #209077 by bec: missing initialization for the placeholders array in drupal_write_record()
    * #200674 by scor, catch: update.php should inform users if their memory limit will possibly result in a WSOD
    * #196630 follow up by JirkaRybka: fix theme location information in maintenance theming, so IE6 fix CSS is loaded properly
    * #189785 by dropcube: anonymous users did not have permission to view the personal contact form, so catch them early
    * #210141 follow up by dww: cleaning up some code comments
    * #201641 by Ralf Stamm, Pancho: sort themes by their .info name, not their file name (just like modules)
    * #208938 by bjaspan, scor: use schema PI for index updates instead of database dependent code
    * #210211 by chx, theborg: removing the broken admin user search, which would provide the same as the public facing user search anyway
    * #210260 by dropcube: kill notice when anonymous users uses site-wide contact form
    * #208991 follow up by dvessel: forgot to mark the blocks table with sticky-enabled
    * #209242 by dww: local .info file changes (ie. updated code) was not taken properly into account in update module
    * #201641 by Ralf Stamm, Pancho: sort admin themes by info name as well
    * #209720 by theborg: avoid processing resizable teasers before teaser.js is run and the proper wrappers are in place
    * #211060 by boydjd: do not display the taxonomy-term-description div when there is no description
    * #208602 by KarenS: add support for aborting all updates of one module, when a critical error happens
    * #211322 by keith.smith: drag and drop documentation for input formats was missing, damn
    * #211322 follow up by catch: forums also support drag and drop, mention in changelog
    * #211443 by dropcube: kill a feed warning on taxonomy pages
    * #200210 by gaele: more accessible color contrast in Garland error messages
    * #210936 by Pancho: some padding around taxonomy descriptions on taxonomy pages, so that they get more breathing space
    * #211067 by webchick: blogapi_mt_get_post_categories() not using taxonomy_node_get_terms() properly
    * #211359 by chx: make dead menu items disappear on a Drupal 6 upgrade
    * #211353 follow up by JirkaRybka: ensure that on upgrades, if the file_directory_path was not set, set it to the Drupal 5 default
    * #210479 by catch, dvessel: add newlines to list items, so inline display and RTL issues are resolved
    * #208498 by pwolanin: remove pager from menu admin page (for big menus, you will need to use a contrib module)
    * #208602 follow up by myself and webernet: invert conditional to properly update schema versions, when needed
    * #212285 by wrwrwr: hr should be treated as a block level tag
    * #211404 by dvessel: improve tableheader.js performance in all browsers, solves freeze in IE7
    * #195283 by pwolanin: code documentation for the 'forms' function group
    * #211876 by hass: typo in profile module docs
    * #212050 by keith.smith: JS compression was removed, but not from the changelog
    * #209409 by Heine, webernet, dww: more accurate register globals value checking
    * #210335 by keith.smith: highly confusing example in trigger module help, use a better one instead
    * #206778 follow up by dvessel: better filtering for subtheme files
    * #211403 by dww: Removed fallback code for determining the project based on the directory.
    * #211053 by momendo: poll submission and editing field columns fixed
    * #119038 by ximo, Pancho: user role editing usability: include disabled checkbox for authenticated role
    * #212813 by dww: link project status information to the admin/reports/updates page (usability)
    * #212409 by theborg: avoid calling check_plain() twice on menu links
    * Outdated use of watchdog() noticed while creating translation templates
    * #213172 by skiquel: let color module run properly without a base image
    * #213064 by dvessel: fix sticky table headers bug when resizing
    * #194494 by Jax, slightly expanded: unify empty password handling is MySQL and MySQLi installer and runtime drivers
    * #208768 by dvessel, Arancaytar: language direction should be in the HTML source, so it is more accessible even without CSS
    * Three remaining instances of t() use in system module update code removed.
    * #204411 by catch: elevate MySQL requirements to 4.1.1 (the first production MySQL 4.1.x was 4.1.5 anyway)
    * #107375 follow up by zeta-zoo: fixed incorrect description for MySQL's 'Select_range_check'
    * #213319 by add1sun: minor code documentation fix at template_preprocess_block()
    * #211742 by theborg, chx: detect and solve the problem when blocks are assigned to invalid regions (happens in theme development)
    * #212921 by fgm: remove unused reference on update_process_info_list() parameter list, which causes strict warnings in PHP 5
    * #205067 by asimmonds: kill notice in install.php when the profile is not yet set
    * #204411 by chx, slightly modified: heal a possible MySQL import error when the anonymous user becomes broken
    * #194327 by dvessel, David_Rothstein, catch, theborg: IE form submission button correction was buggy
    * #212126 report by salvis, patch by myself: allow clearing of drupal_html_to_text() URL list, so it can be used multiple times on the page
    * #214213 by keith.smith: fix broken link in INSTALL.txt
    * #205523 by assimonds: (minor) add missing CVS Id tags
    * #213150 by Lynn: fix HTML validation problem with node term listings
    * #214058 by catch, Arancaytar: forum form alter was mistakenly dropping the parent field in all taxonomy forms
    * #187075 by dvessel: do not compute a breadcrumb for the home page (regression)
    * #200028 by agentrickard, dww: cache more project module data, so there is less burden on Drupal when generating admin pages (performance)
    * #214579 by keith.smith: vocabulary drag and drop was not properly documented (string change)
    * #204415 by Lynn, traxer, pwolanin: migrate node type URLs to a path model based on menu paths, so conflicts between action and node type names are not a problem
    * #212864 suggestion by pp, patch by gdevlugt: use format_date() for RSS item dates instead of date() to honor site time zone settings
    * #172571 by fgm, slightly modified: document that theme_xml_icon() was superceded in most cases by theme_feed_icon()
    * #207330 by c960657: allow custom URL rewriter to work on base_url and fix urlencoding of front page URL with a path prefix
    * #208888 by jvandyk: set access time when externally authenticated user first logs in
    * #206955 follow up by merlinofchaos: avoid misusing default values for image buttons
    * #206881 by ScoutBaker: (minor) fix whitespace at TRANSLATION_ENABLED, so the phpdoc shows up properly
    * #214922 by Eaton: fix code typo which prevented from image buttons in a tree form from working
    * #213657 by dopry and moshe weitzman: typo in rss feed build mode and better link handling
    * #207029 by JohnAlbin: some menu item properties were not passed along for theming (regression)
    * #213517 by ax: inline documentation cleanup, fixing four unclosed @defgroups
    * #193331 by ufku: the replace parameter was not used in file_save_upload() as documented, fix this
    * Translating menu items and taxonomies is not a core feature, so do not mislead users. Noticed while translating to Hungarian.
    * #213664 by chx, theborg: menu item not expanded on front page
    * #210219 by htalvitie, yched: initialize block caching properties properly on install (and update bugos RC2 sites as well)
    * #210219 follow by myself: update_sql() does not support placeholders, so we should compose our own SQL ourselfs
    * #215303 by Pancho, slightly modified: clean URL test support text was not green if not using JS
    * #214292 by theborg: collapse.js alters the default submit buttons in forms in Internet Explorer
    * #215361 by bec: phpdoc for menu_load_objects(), _menu_item_localize() and _menu_link_translate()
    * #202382 by Pasqualle and Pancho: phpdoc improvements and code style fixes in node module
    * #215252 by bdragon: reset the cache flush variable before the cache is flushed, so busy sites will not attempt multiple cache flushes at a time
    * #208556 by Pancho: fix broken display of OpenID links
    * #215335 by jvandyk: fix user_login_submit() phpdoc
    * #79018 by pwolanin, catch, Morbus Iff: document how can one hide CHANGELOG.txt, etc. to improve security a slight bit
    * #207863 by mikey_p, Pancho: use module_load_include() as intended
    * #214329 by starbow: avoid attaching scroll behavior multiple times
    * #215454 by keith.smith: cleaning up some language in INSTALL.txt
    * #215848 by simonc: SMALLTEXT is not a valid MySQL type, TINYTEXT is there instead
    * #208858 by theborg, gdevlugt: fix forum node and comment counting, taking term revisioning into account
    * #216014 report by meba, patch by myself: menu_install() did not use get_t() for its menu item creation
    * #105405 by chx, Pancho: (regression) remove web server version checking; it is not in Drupal 5; Apache 1.3 is surpassed for a long time now
    * #215127 by chx, webernet, catch; testing by theborg: menu item parenting was broken when moving menu items
    * #216042 by Eaton: provide the complete form to element validators as well (critical regression for CCK)
    * #216022 reported by johnnysxip, patch by walkah: (SA-2008-016) OpenID - Incorrect claimed_id returned for OpenID 2.0 and other minor OpenID 2.0 compliance fixes
    * #200028 follow up by dww: clear update module cache on update.php run as well