Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Remove Drupal. Only track the vulnscan project

  • Loading branch information...
commit 4546827dfb17e30e74f966fcfc908bbc6e60b044 1 parent 8eebb1f
Shawn Webb lattera authored

Showing 1,047 changed files with 0 additions and 44,384 deletions. Show diff stats Hide diff stats

  1. +0 131 .htaccess
  2. +0 1,425 CHANGELOG.txt
  3. +0 25 COPYRIGHT.txt
  4. +0 42 INSTALL.mysql.txt
  5. +0 44 INSTALL.pgsql.txt
  6. +0 31 INSTALL.sqlite.txt
  7. +0 398 INSTALL.txt
  8. +0 339 LICENSE.txt
  9. +0 298 MAINTAINERS.txt
  10. +0 88 README.txt
  11. +0 236 UPGRADE.txt
  12. +0 174 authorize.php
  13. +0 26 cron.php
  14. 0  {sites/all/modules/wayfair/vulnscan → }/helpers.inc
  15. +0 382 includes/actions.inc
  16. +0 1,206 includes/ajax.inc
  17. +0 66 includes/archiver.inc
  18. +0 326 includes/authorize.inc
  19. +0 534 includes/batch.inc
  20. +0 71 includes/batch.queue.inc
  21. +0 3,283 includes/bootstrap.inc
  22. +0 58 includes/cache-install.inc
  23. +0 508 includes/cache.inc
  24. +0 7,888 includes/common.inc
  25. +0 3,010 includes/database/database.inc
  26. +0 159 includes/database/log.inc
  27. +0 204 includes/database/mysql/database.inc
  28. +0 33 includes/database/mysql/install.inc
  29. +0 107 includes/database/mysql/query.inc
  30. +0 531 includes/database/mysql/schema.inc
  31. +0 214 includes/database/pgsql/database.inc
  32. +0 197 includes/database/pgsql/install.inc
  33. +0 209 includes/database/pgsql/query.inc
  34. +0 617 includes/database/pgsql/schema.inc
  35. +0 108 includes/database/pgsql/select.inc
  36. +0 507 includes/database/prefetch.inc
  37. +0 1,959 includes/database/query.inc
  38. +0 722 includes/database/schema.inc
  39. +0 1,609 includes/database/select.inc
  40. +0 521 includes/database/sqlite/database.inc
  41. +0 51 includes/database/sqlite/install.inc
  42. +0 160 includes/database/sqlite/query.inc
  43. +0 683 includes/database/sqlite/schema.inc
  44. +0 27 includes/database/sqlite/select.inc
  45. +0 196 includes/date.inc
  46. +0 1,351 includes/entity.inc
  47. +0 295 includes/errors.inc
  48. +0 2,469 includes/file.inc
  49. +0 859 includes/file.mimetypes.inc
  50. +0 417 includes/filetransfer/filetransfer.inc
  51. +0 144 includes/filetransfer/ftp.inc
  52. +0 76 includes/filetransfer/local.inc
  53. +0 108 includes/filetransfer/ssh.inc
  54. +0 4,481 includes/form.inc
  55. +0 146 includes/graph.inc
  56. +0 436 includes/image.inc
  57. +0 1,840 includes/install.core.inc
  58. +0 1,307 includes/install.inc
  59. +0 483 includes/iso.inc
  60. +0 102 includes/json-encode.inc
  61. +0 467 includes/language.inc
Sorry, we could not display the entire diff because too many files (1,047) changed.
131 .htaccess
... ... @@ -1,131 +0,0 @@
1   -#
2   -# Apache/PHP/Drupal settings:
3   -#
4   -
5   -# Protect files and directories from prying eyes.
6   -<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
7   - Order allow,deny
8   -</FilesMatch>
9   -
10   -# Don't show directory listings for URLs which map to a directory.
11   -Options -Indexes
12   -
13   -# Follow symbolic links in this directory.
14   -Options +FollowSymLinks
15   -
16   -# Make Drupal handle any 404 errors.
17   -ErrorDocument 404 /index.php
18   -
19   -# Set the default handler.
20   -DirectoryIndex index.php index.html index.htm
21   -
22   -# Override PHP settings that cannot be changed at runtime. See
23   -# sites/default/default.settings.php and drupal_initialize_variables() in
24   -# includes/bootstrap.inc for settings that can be changed at runtime.
25   -
26   -# PHP 5, Apache 1 and 2.
27   -<IfModule mod_php5.c>
28   - php_flag magic_quotes_gpc off
29   - php_flag magic_quotes_sybase off
30   - php_flag register_globals off
31   - php_flag session.auto_start off
32   - php_value mbstring.http_input pass
33   - php_value mbstring.http_output pass
34   - php_flag mbstring.encoding_translation off
35   -</IfModule>
36   -
37   -# Requires mod_expires to be enabled.
38   -<IfModule mod_expires.c>
39   - # Enable expirations.
40   - ExpiresActive On
41   -
42   - # Cache all files for 2 weeks after access (A).
43   - ExpiresDefault A1209600
44   -
45   - <FilesMatch \.php$>
46   - # Do not allow PHP scripts to be cached unless they explicitly send cache
47   - # headers themselves. Otherwise all scripts would have to overwrite the
48   - # headers set by mod_expires if they want another caching behavior. This may
49   - # fail if an error occurs early in the bootstrap process, and it may cause
50   - # problems if a non-Drupal PHP file is installed in a subdirectory.
51   - ExpiresActive Off
52   - </FilesMatch>
53   -</IfModule>
54   -
55   -# Various rewrite rules.
56   -<IfModule mod_rewrite.c>
57   - RewriteEngine on
58   -
59   - # Block access to "hidden" directories whose names begin with a period. This
60   - # includes directories used by version control systems such as Subversion or
61   - # Git to store control files. Files whose names begin with a period, as well
62   - # as the control files used by CVS, are protected by the FilesMatch directive
63   - # above.
64   - #
65   - # NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
66   - # not possible to block access to entire directories from .htaccess, because
67   - # <DirectoryMatch> is not allowed here.
68   - #
69   - # If you do not have mod_rewrite installed, you should remove these
70   - # directories from your webroot or otherwise protect them from being
71   - # downloaded.
72   - RewriteRule "(^|/)\." - [F]
73   -
74   - # If your site can be accessed both with and without the 'www.' prefix, you
75   - # can use one of the following settings to redirect users to your preferred
76   - # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
77   - #
78   - # To redirect all users to access the site WITH the 'www.' prefix,
79   - # (http://example.com/... will be redirected to http://www.example.com/...)
80   - # uncomment the following:
81   - # RewriteCond %{HTTP_HOST} !^www\. [NC]
82   - # RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
83   - #
84   - # To redirect all users to access the site WITHOUT the 'www.' prefix,
85   - # (http://www.example.com/... will be redirected to http://example.com/...)
86   - # uncomment the following:
87   - # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
88   - # RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
89   -
90   - # Modify the RewriteBase if you are using Drupal in a subdirectory or in a
91   - # VirtualDocumentRoot and the rewrite rules are not working properly.
92   - # For example if your site is at http://example.com/drupal uncomment and
93   - # modify the following line:
94   - # RewriteBase /drupal
95   - #
96   - # If your site is running in a VirtualDocumentRoot at http://example.com/,
97   - # uncomment the following line:
98   - # RewriteBase /
99   -
100   - # Pass all requests not referring directly to files in the filesystem to
101   - # index.php. Clean URLs are handled in drupal_environment_initialize().
102   - RewriteCond %{REQUEST_FILENAME} !-f
103   - RewriteCond %{REQUEST_FILENAME} !-d
104   - RewriteCond %{REQUEST_URI} !=/favicon.ico
105   - RewriteRule ^ index.php [L]
106   -
107   - # Rules to correctly serve gzip compressed CSS and JS files.
108   - # Requires both mod_rewrite and mod_headers to be enabled.
109   - <IfModule mod_headers.c>
110   - # Serve gzip compressed CSS files if they exist and the client accepts gzip.
111   - RewriteCond %{HTTP:Accept-encoding} gzip
112   - RewriteCond %{REQUEST_FILENAME}\.gz -s
113   - RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
114   -
115   - # Serve gzip compressed JS files if they exist and the client accepts gzip.
116   - RewriteCond %{HTTP:Accept-encoding} gzip
117   - RewriteCond %{REQUEST_FILENAME}\.gz -s
118   - RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
119   -
120   - # Serve correct content types, and prevent mod_deflate double gzip.
121   - RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
122   - RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
123   -
124   - <FilesMatch "(\.js\.gz|\.css\.gz)$">
125   - # Serve correct encoding type.
126   - Header set Content-Encoding gzip
127   - # Force proxies to cache gzipped & non-gzipped css/js files separately.
128   - Header append Vary Accept-Encoding
129   - </FilesMatch>
130   - </IfModule>
131   -</IfModule>
1,425 CHANGELOG.txt
... ... @@ -1,1425 +0,0 @@
1   -
2   -Drupal 7.11 xxxx-xx-xx (development version)
3   -----------------------
4   -
5   -
6   -Drupal 7.10, 2011-12-05
7   -----------------------
8   -- Fixed Content-Language HTTP header to not cause issues with Drush 5.x.
9   -- Reduce memory usage of theme registry (performance).
10   -- Fixed PECL upload progress bar for FileField
11   -- Fixed running update.php doesn't always clear the cache.
12   -- Fixed PDO exceptions on long titles.
13   -- Fixed Overlay redirect does not include query string.
14   -- Fixed D6 modules satisfy D7 module dependencies.
15   -- Fixed the ordering of module hooks when using module_implements_alter().
16   -- Fixed "floating" submit buttons during AJAX requests.
17   -- Fixed timezone selected on install not propogating to admin account.
18   -- Added msgctx context to JS translation functions, for feature parity with t().
19   -- Profiles' .install files now available during hook_install_tasks().
20   -- Added test coverage of 7.0 -> 7.x upgrade path.
21   -- Numerous notice fixes.
22   -- Numerous documentation improvements.
23   -- Additional automated test coverage.
24   -
25   -Drupal 7.9, 2011-10-26
26   -----------------------
27   -- Critical fixes to OpenID to spec violations that could allow for
28   - impersonation in certain scenarios. Existing OpenID users should see
29   - http://drupal.org/node/1120290#comment-5092796 for more information on
30   - transitioning.
31   -- Fixed files getting lost when adding multiple files to multiple file fields
32   - at the same time.
33   -- Improved usability of the clean URL test screens.
34   -- Restored height/width attributes on images run through the theme system.
35   -- Fixed usability bug with first password field being pre-filled by certain
36   - browser plugins.
37   -- Fixed file_usage_list() so that it can return more than one result.
38   -- Fixed bug preventing preview of private images on node form.
39   -- Fixed PDO error when inserting an aggregator title longer than 255 characters.
40   -- Spelled out what TRADITIONAL means in MySQL sql_mode.
41   -- Deprecated "!=" operator for DBTNG; should be "<>".
42   -- Added two new API functions (menu_tree_set_path()/menu_tree_get_path()) were
43   - added in order to enable setting the active menu trail for dynamically
44   - generated menu paths.
45   -- Added new "fast 404" capability in settings.php to bypass Drupal bootstrap
46   - when serving 404 pages for certain file types.
47   -- Added format_string() function which can perform string munging ala the t()
48   - function without the overhead of the translation system.
49   -- Numerous #states system fixes.
50   -- Numerous EntityFieldQuery, DBTNG, and SQLite fixes.
51   -- Numerous Shortcut module fixes.
52   -- Numerous language system fixes.
53   -- Numerous token fixes.
54   -- Numerous CSS fixes.
55   -- Numerous upgrade path fixes.
56   -- Numerous minor string fixes.
57   -- Numerous notice fixes.
58   -
59   -Drupal 7.8, 2011-08-31
60   -----------------------
61   -- Fixed critical upgrade path issue with multilingual sites, leading to lost
62   - content.
63   -- Numerous fixes to upgrade path, preventing fatal errors due to incorrect
64   - dependencies.
65   -- Fixed issue with saving files on hosts with open_basedir restrictions.
66   -- Fixed Update manger error when used with Overlay.
67   -- Fixed RTL support in Seven administration theme and Overlay.
68   -- Fixes to nested transaction support.
69   -- Introduced performance pattern to reduce Drupal core's RAM usage.
70   -- Added support for HTML 5 tags to filter_xss_admin().
71   -- Added exception handling to cron.
72   -- Added new hook hook_field_widget_form_alter() for contribtued modules.
73   -- element_validate_*() functions now available to contrib.
74   -- Added new maintainers for several subsystems.
75   -- Numerous testing system improvements.
76   -- Numerous markup and CSS fixes.
77   -- Numerous poll module fixes.
78   -- Numerous notice/warning fixes.
79   -- Numerous documentation fixes.
80   -- Numerous token fixes.
81   -
82   -Drupal 7.7, 2011-07-27
83   -----------------------
84   -- Fixed VERSION string.
85   -
86   -Drupal 7.6, 2011-07-27
87   -----------------------
88   -- Fixed support for remote streamwrappers.
89   -- AJAX now binds to 'click' instead of 'mousedown'.
90   -- 'Translatable' flag on fields created in UI now defaults to FALSE, to match those created via the API.
91   -- Performance enhancement to permissions page on large numbers of permissions.
92   -- More secure password generation.
93   -- Fix for temporary directory on Windows servers.
94   -- run-tests.sh now uses proc_open() instead of pcntl_fork() for better Windows support.
95   -- Numerous upgrade path fixes.
96   -- Numerous documentation fixes.
97   -- Numerous notice fixes.
98   -- Numerous fixes to improve PHP 5.4 support.
99   -- Numerous RTL improvements.
100   -
101   -Drupal 7.5, 2011-07-27
102   -----------------------
103   -- Fixed security issue (Access bypass), see SA-CORE-2011-003.
104   -
105   -Drupal 7.4, 2011-06-29
106   -----------------------
107   -- Rolled back patch that caused fatal errors in CTools, Feeds, and other modules using the class registry.
108   -- Fixed critical bug with saving default images.
109   -- Fixed fatal errors when uninstalling some modules.
110   -- Added workaround for MySQL transaction support breaking on DDL statments.
111   -- Improved page caching with external caching systems.
112   -- Fix to Batch API, which was terminating too early.
113   -- Numerous upgrade path fixes.
114   -- Performance fixes.
115   -- Additional test coverage.
116   -- Numerous documentation fixes.
117   -
118   -Drupal 7.3, 2011-06-29
119   -----------------------
120   -- Fixed security issue (Access bypass), see SA-CORE-2011-002.
121   -
122   -Drupal 7.2, 2011-05-25
123   -----------------------
124   -- Added a default .gitignore file.
125   -- Improved PostgreSQL and SQLite support.
126   -- Numerous critical performance improvements.
127   -- Numerous critical fixes to the upgrade path.
128   -- Numerous fixes to language and translation systems.
129   -- Numerous fixes to AJAX and #states systems.
130   -- Improvements to the locking system.
131   -- Numerous documentation fixes.
132   -- Numerous styling and theme system fixes.
133   -- Numerous fixes for schema mis-matches between Drupal 6 and 7.
134   -- Minor internal API clean-ups.
135   -
136   -Drupal 7.1, 2011-05-25
137   -----------------------
138   -- Fixed security issues (Cross site scripting, File access bypass), see SA-CORE-2011-001.
139   -
140   -Drupal 7.0, 2011-01-05
141   -----------------------
142   -- Database:
143   - * Fully rewritten database layer utilizing PHP 5's PDO abstraction layer.
144   - * Drupal now requires MySQL >= 5.0.15 or PostgreSQL >= 8.3.
145   - * Added query builders for INSERT, UPDATE, DELETE, MERGE, and SELECT queries.
146   - * Support for master/slave replication, transactions, multi-insert queries,
147   - and other features.
148   - * Added support for the SQLite database engine.
149   - * Default to InnoDB engine, rather than MyISAM, on MySQL when available.
150   - This offers increased scalability and data integrity.
151   -- Security:
152   - * Protected cron.php -- cron will only run if the proper key is provided.
153   - * Implemented a pluggable password system and much stronger password hashes
154   - that are compatible with the Portable PHP password hashing framework.
155   - * Rate limited login attempts to prevent brute-force password guessing, and
156   - improved the flood control API to allow variable time windows and
157   - identifiers for limiting user access to resources.
158   - * Transformed the "Update status" module into the "Update manager" which
159   - can securely install or update modules and themes via a web interface.
160   -- Usability:
161   - * Added contextual links (a.k.a. local tasks) to page elements, such as
162   - blocks, nodes, or comments, which allows to perform the most common tasks
163   - with a single click only.
164   - * Improved installer requirements check.
165   - * Improved support for integration of WYSIWYG editors.
166   - * Implemented drag-and-drop positioning for input format listings.
167   - * Implemented drag-and-drop positioning for language listing.
168   - * Implemented drag-and-drop positioning for poll options.
169   - * Provided descriptions and human-readable names for user permissions.
170   - * Removed comment controls for users.
171   - * Removed display order settings for comment module. Comment display
172   - order can now be customized using the Views module.
173   - * Removed the 'related terms' feature from taxonomy module since this can
174   - now be achieved with Field API.
175   - * Added additional features to the default install profile, and implemented
176   - a "slimmed down" install profile designed for developers.
177   - * Added a built-in, automated cron run feature, which is triggered by site
178   - visitors.
179   - * Added an administrator role which is assigned all permissions for
180   - installed modules automatically.
181   - * Image toolkits are now provided by modules (rather than requiring a
182   - manual file copy to the includes directory).
183   - * Added an edit tab to taxonomy term pages.
184   - * Redesigned password strength validator.
185   - * Redesigned the add content type screen.
186   - * Highlight duplicate URL aliases.
187   - * Renamed "input formats" to "text formats".
188   - * Moved text format permissions to the main permissions page.
189   - * Added configurable ability for users to cancel their own accounts.
190   - * Added "vertical tabs", a reusable interface component that features
191   - automatic summaries and increases usability.
192   - * Replaced fieldsets on node edit and add pages with vertical tabs.
193   -- Performance:
194   - * Improved performance on uncached page views by loading multiple core
195   - objects in a single database query.
196   - * Improved performance for logged-in users by reducing queries for path
197   - alias lookups.
198   - * Improved support for HTTP proxies (including reverse proxies), allowing
199   - anonymous page views to be served entirely from the proxy.
200   -- Documentation:
201   - * Hook API documentation now included in Drupal core.
202   -- News aggregator:
203   - * Added OPML import functionality for RSS feeds.
204   - * Optionally, RSS feeds may be configured to not automatically generate feed blocks.
205   -- Search:
206   - * Added support for language-aware searches.
207   -- Aggregator:
208   - * Introduced architecture that allows pluggable parsers and processors for
209   - syndicating RSS and Atom feeds.
210   - * Added options to suspend updating specific feeds and never discard feeds
211   - items.
212   -- Testing:
213   - * Added test framework and tests.
214   -- Improved time zone support:
215   - * Drupal now uses PHP's time zone database when rendering dates in local
216   - time. Site-wide and user-configured time zone offsets have been converted
217   - to time zone names, e.g. Africa/Abidjan.
218   - * In some cases the upgrade and install scripts do not choose the preferred
219   - site default time zone. The automatically-selected time zone can be
220   - corrected at admin/config/regional/settings.
221   - * If your site is being upgraded from Drupal 6 and you do not have the
222   - contributed date or event modules installed, user time zone settings will
223   - fallback to the system time zone and will have to be reconfigured by each user.
224   - * User-configured time zones now serve as the default time zone for PHP
225   - date/time functions.
226   -- Filter system:
227   - * Revamped the filter API and text format storage.
228   - * Added support for default text formats to be assigned on a per-role basis.
229   - * Refactored the HTML corrector to take advantage of PHP 5 features.
230   -- User system:
231   - * Added clean API functions for creating, loading, updating, and deleting
232   - user roles and permissions.
233   - * Refactored the "access rules" component of user module: The user module
234   - now provides a simple interface for blocking single IP addresses. The
235   - previous functionality in the user module for restricting certain e-mail
236   - addresses and usernames is now available as a contributed module. Further,
237   - IP address range blocking is no longer supported and should be implemented
238   - at the operating system level.
239   - * Removed per-user themes: Contributed modules with similar functionality
240   - are available.
241   -- OpenID:
242   - * Added support for Gmail and Google Apps for Domain identifiers. Users can
243   - now login with their user@example.com identifier when example.com is powered
244   - by Google.
245   - * Made the OpenID module more pluggable.
246   -- Added code registry:
247   - * Using the registry, modules declare their includable files via their .info file,
248   - allowing Drupal to lazy-load classes and interfaces as needed.
249   -- Theme system:
250   - * Removed the Bluemarine, Chameleon and Pushbutton themes. These themes live
251   - on as contributed themes (http://drupal.org/project/bluemarine,
252   - http://drupal.org/project/chameleon and http://drupal.org/project/pushbutton).
253   - * Added Stark theme to make analyzing Drupal's default HTML and CSS easier.
254   - * Added Seven as the default administration theme.
255   - * Variable preprocessing of theme hooks prior to template rendering now goes
256   - through two phases: a 'preprocess' phase and a new 'process' phase. See
257   - http://api.drupal.org/api/function/theme/7 for details.
258   - * Theme hooks implemented as functions (rather than as templates) can now
259   - also have preprocess (and process) functions. See
260   - http://api.drupal.org/api/function/theme/7 for details.
261   - * Added Bartik as the default theme.
262   -- File handling:
263   - * Files are now first class Drupal objects with file_load(), file_save(),
264   - and file_validate() functions and corresponding hooks.
265   - * The file_move(), file_copy() and file_delete() functions now operate on
266   - file objects and invoke file hooks so that modules are notified and can
267   - respond to changes.
268   - * For the occasions when only basic file manipulation are needed--such as
269   - uploading a site logo--that don't require the overhead of databases and
270   - hooks, the current unmanaged copy, move and delete operations have been
271   - preserved but renamed to file_unmanaged_*().
272   - * Rewrote file handling to use PHP stream wrappers to enable support for
273   - both public and private files and to support pluggable storage mechanisms
274   - and access to remote resources (e.g. S3 storage or Flickr photos).
275   - * The mime_extension_mapping variable has been removed. Modules that need to
276   - alter the default MIME type extension mappings should implement
277   - hook_file_mimetype_mapping_alter().
278   - * Added the hook_file_url_alter() hook, which makes it possible to serve
279   - files from a CDN.
280   - * Added a field specifically for uploading files, previously provided by
281   - the contributed module FileField.
282   -- Image handling:
283   - * Improved image handling, including better support for add-on image
284   - libraries.
285   - * Added API and interface for creating advanced image thumbnails.
286   - * Inclusion of additional effects such as rotate and desaturate.
287   - * Added a field specifically for uploading images, previously provided by
288   - the contributed module ImageField.
289   -- Added aliased multi-site support:
290   - * Added support for mapping domain names to sites directories.
291   -- Added RDF support:
292   - * Modules can declare RDF namespaces which are serialized in the <html> tag
293   - for RDFa support.
294   - * Modules can specify how their data structure maps to RDF.
295   - * Added support for RDFa export of nodes, comments, terms, users, etc. and
296   - their fields.
297   -- Search engine optimization and web linking:
298   - * Added a rel="canonical" link on node and comment pages to prevent
299   - duplicate content indexing by search engines.
300   - * Added a default rel="shortlink" link on node and comment pages that
301   - advertises a short link as an alternative URL to third-party services.
302   - * Meta information is now alterable by all modules before rendering.
303   -- Field API:
304   - * Custom data fields may be attached to nodes, users, comments and taxonomy
305   - terms.
306   - * Node bodies and teasers are now Field API fields instead of
307   - being a hard-coded property of node objects.
308   - * In addition, any other object type may register with Field API
309   - and allow custom data fields to be attached to itself.
310   - * Provides most of the features of the former Content Construction
311   - Kit (CCK) module.
312   - * Taxonomy terms are now Field API fields that can be added to any fieldable
313   - object.
314   -- Installer:
315   - * Refactored the installer into an API that allows Drupal to be installed
316   - via a command line script.
317   -- Page organization
318   - * Made the help text area a full featured region with blocks.
319   - * Site mission is replaced with the highlighted content block region and
320   - separate RSS feed description settings.
321   - * The footer message setting was removed in favor of custom blocks.
322   - * Made the main page content a block which can be moved and ordered
323   - with other blocks in the same region.
324   - * Blocks can now return structured arrays for later rendering just
325   - like page callbacks.
326   -- Translation system
327   - * The translation system now supports message context (msgctxt).
328   - * Added support for translatable fields to Field API.
329   -- JavaScript changes
330   - * Upgraded the core JavaScript library to jQuery version 1.4.4.
331   - * Upgraded the jQuery Forms library to 2.52.
332   - * Added jQuery UI 1.8.7, which allows improvements to Drupal's user
333   - experience.
334   -- Better module version support
335   - * Modules now can specify which version of another module they depend on.
336   -- Removed modules from core
337   - * The following modules have been removed from core, because contributed
338   - modules with similar functionality are available:
339   - * Blog API module
340   - * Ping module
341   - * Throttle module
342   -- Improved node access control system.
343   - * All modules may now influence the access to a node at runtime, not just
344   - the module that defined a node.
345   - * Users may now be allowed to bypass node access restrictions without giving
346   - them complete access to the site.
347   - * Access control affects both published and unpublished nodes.
348   - * Numerous other improvements to the node access system.
349   -- Actions system
350   - * Simplified definitions of actions and triggers.
351   - * Removed dependency on the combination of hooks and operations. Triggers
352   - now directly map to module hooks.
353   -- Task handling
354   - * Added a queue API to process many or long-running tasks.
355   - * Added queue API support to cron API.
356   - * Added a locking framework to coordinate long-running operations across
357   - requests.
358   -
359   -Drupal 6.23-dev, xxxx-xx-xx (development release)
360   ------------------------
361   -
362   -Drupal 6.22, 2011-05-25
363   ------------------------
364   -- Made Drupal 6 work better with IIS and Internet Explorer.
365   -- Fixed .po file imports to work better with custom textgroups.
366   -- Improved code documentation at various places.
367   -- Fixed a variety of other bugs.
368   -
369   -Drupal 6.21, 2011-05-25
370   -----------------------
371   -- Fixed security issues (Cross site scripting), see SA-CORE-2011-001.
372   -
373   -Drupal 6.20, 2010-12-15
374   -----------------------
375   -- Fixed a variety of small bugs, improved code documentation.
376   -
377   -Drupal 6.19, 2010-08-11
378   -----------------------
379   -- Fixed a variety of small bugs, improved code documentation.
380   -
381   -Drupal 6.18, 2010-08-11
382   -----------------------
383   -- Fixed security issues (OpenID authentication bypass, File download access
384   - bypass, Comment unpublishing bypass, Actions cross site scripting),
385   - see SA-CORE-2010-002.
386   -
387   -Drupal 6.17, 2010-06-02
388   -----------------------
389   -- Improved PostgreSQL compatibility
390   -- Better PHP 5.3 and PHP 4 compatibility
391   -- Better browser compatibility of CSS and JS aggregation
392   -- Improved logging for login failures
393   -- Fixed an incompatibility with some contributed modules and the locking system
394   -- Fixed a variety of other bugs.
395   -
396   -Drupal 6.16, 2010-03-03
397   -----------------------
398   -- Fixed security issues (Installation cross site scripting, Open redirection,
399   - Locale module cross site scripting, Blocked user session regeneration),
400   - see SA-CORE-2010-001.
401   -- Better support for updated jQuery versions.
402   -- Reduced resource usage of update.module.
403   -- Fixed several issues relating to support of install profiles and
404   - distributions.
405   -- Added a locking framework to avoid data corruption on long operations.
406   -- Fixed a variety of other bugs.
407   -
408   -Drupal 6.15, 2009-12-16
409   -----------------------
410   -- Fixed security issues (Cross site scripting), see SA-CORE-2009-009.
411   -- Fixed a variety of other bugs.
412   -
413   -Drupal 6.14, 2009-09-16
414   -----------------------
415   -- Fixed security issues (OpenID association cross site request forgeries,
416   - OpenID impersonation and File upload), see SA-CORE-2009-008.
417   -- Changed the system modules page to not run all cache rebuilds; use the
418   - button on the performance settings page to achieve the same effect.
419   -- Added support for PHP 5.3.0 out of the box.
420   -- Fixed a variety of small bugs.
421   -
422   -Drupal 6.13, 2009-07-01
423   -----------------------
424   -- Fixed security issues (Cross site scripting, Input format access bypass and
425   - Password leakage in URL), see SA-CORE-2009-007.
426   -- Fixed a variety of small bugs.
427   -
428   -Drupal 6.12, 2009-05-13
429   -----------------------
430   -- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
431   -- Fixed a variety of small bugs.
432   -
433   -Drupal 6.11, 2009-04-29
434   -----------------------
435   -- Fixed security issues (Cross site scripting and limited information
436   - disclosure), see SA-CORE-2009-005
437   -- Fixed performance issues with the menu router cache, the update
438   - status cache and improved cache invalidation
439   -- Fixed a variety of small bugs.
440   -
441   -Drupal 6.10, 2009-02-25
442   -----------------------
443   -- Fixed a security issue, (Local file inclusion on Windows),
444   - see SA-CORE-2009-003
445   -- Fixed node_feed() so custom fields can show up in RSS feeds.
446   -- Improved PostgreSQL compatibility.
447   -- Fixed a variety of small bugs.
448   -
449   -Drupal 6.9, 2009-01-14
450   -----------------------
451   -- Fixed security issues, (Access Bypass, Validation Bypass and Hardening
452   - against SQL injection), see SA-CORE-2009-001
453   -- Made HTTP request checking more robust and informative.
454   -- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and
455   - basic shell scripts.
456   -- Removed t() calls from all schema documentation. Suggested best practice
457   - changed for contributed modules, see http://drupal.org/node/322731.
458   -- Fixed a variety of small bugs.
459   -
460   -Drupal 6.8, 2008-12-11
461   -----------------------
462   -- Removed a previous change incompatible with PHP 5.1.x and lower.
463   -
464   -Drupal 6.7, 2008-12-10
465   -----------------------
466   -- Fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073
467   -- Updated robots.txt and .htaccess to match current file use.
468   -- Fixed a variety of small bugs.
469   -
470   -Drupal 6.6, 2008-10-22
471   -----------------------
472   -- Fixed security issues, (File inclusion, Cross site scripting), see SA-2008-067
473   -- Fixed a variety of small bugs.
474   -
475   -Drupal 6.5, 2008-10-08
476   -----------------------
477   -- Fixed security issues, (File upload access bypass, Access rules bypass,
478   - BlogAPI access bypass), see SA-2008-060.
479   -- Fixed a variety of small bugs.
480   -
481   -Drupal 6.4, 2008-08-13
482   -----------------------
483   -- Fixed a security issue (Cross site scripting, Arbitrary file uploads via
484   - BlogAPI, Cross site request forgeries and Various Upload module
485   - vulnerabilities), see SA-2008-047.
486   -- Improved error messages during installation.
487   -- Fixed a bug that prevented AHAH handlers to be attached to radios widgets.
488   -- Fixed a variety of small bugs.
489   -
490   -Drupal 6.3, 2008-07-09
491   -----------------------
492   -- Fixed security issues, (Cross site scripting, cross site request forgery,
493   - session fixation and SQL injection), see SA-2008-044.
494   -- Slightly modified installation process to prevent file ownership issues on
495   - shared hosts.
496   -- Improved PostgreSQL compatibility (rewritten queries; custom blocks).
497   -- Upgraded to jQuery 1.2.6.
498   -- Performance improvements to search, menu handling and form API caches.
499   -- Fixed Views compatibility issues (Views for Drupal 6 requires Drupal 6.3+).
500   -- Fixed a variety of small bugs.
501   -
502   -Drupal 6.2, 2008-04-09
503   -----------------------
504   -- Fixed a variety of small bugs.
505   -- Fixed a security issue (Access bypasses), see SA-2008-026.
506   -
507   -Drupal 6.1, 2008-02-27
508   -----------------------
509   -- Fixed a variety of small bugs.
510   -- Fixed a security issue (Cross site scripting), see SA-2008-018.
511   -
512   -Drupal 6.0, 2008-02-13
513   -----------------------
514   -- New, faster and better menu system.
515   -- New watchdog as a hook functionality.
516   - * New hook_watchdog that can be implemented by any module to route log
517   - messages to various destinations.
518   - * Expands the severity levels from 3 (Error, Warning, Notice) to the 8
519   - levels defined in RFC 3164.
520   - * The watchdog module is now called dblog, and is optional, but enabled by
521   - default in the default install profile.
522   - * Extended the database log module so log messages can be filtered.
523   - * Added syslog module: useful for monitoring large Drupal installations.
524   -- Added optional e-mail notifications when users are approved, blocked, or
525   - deleted.
526   -- Drupal works with error reporting set to E_ALL.
527   -- Added scripts/drupal.sh to execute Drupal code from the command line. Useful
528   - to use Drupal as a framework to build command-line tools.
529   -- Made signature support optional and made it possible to theme signatures.
530   -- Made it possible to filter the URL aliases on the URL alias administration
531   - screen.
532   -- Language system improvements:
533   - * Support for right to left languages.
534   - * Language detection based on parts of the URL.
535   - * Browser based language detection.
536   - * Made it possible to specify a node's language.
537   - * Support for translating posts on the site to different languages.
538   - * Language dependent path aliases.
539   - * Automatically import translations when adding a new language.
540   - * JavaScript interface translation.
541   - * Automatically import a module's translation upon enabling that module.
542   -- Moved "PHP input filter" to a standalone module so it can be deleted for
543   - security reasons.
544   -- Usability:
545   - * Improved handling of teasers in posts.
546   - * Added sticky table headers.
547   - * Check for clean URL support automatically with JavaScript.
548   - * Removed default/settings.php. Instead the installer will create it from
549   - default.settings.php.
550   - * Made it possible to configure your own date formats.
551   - * Remember anonymous comment posters.
552   - * Only allow modules and themes to be enabled that have explicitly been
553   - ported to the correct core API version.
554   - * Can now specify the minimum PHP version required for a module within the
555   - .info file.
556   - * Drupal core no longer requires CREATE TEMPORARY TABLES or LOCK TABLES
557   - database rights.
558   - * Dynamically check password strength and confirmation.
559   - * Refactored poll administration.
560   - * Implemented drag-and-drop positioning for blocks, menu items, taxonomy
561   - vocabularies and terms, forums, profile fields, and input format filters.
562   -- Theme system:
563   - * Added .info files to themes and made it easier to specify regions and
564   - features.
565   - * Added theme registry: modules can directly provide .tpl.php files for
566   - their themes without having to create theme_ functions.
567   - * Used the Garland theme for the installation and maintenance pages.
568   - * Added theme preprocess functions for themes that are templates.
569   - * Added support for themeable functions in JavaScript.
570   -- Refactored update.php to a generic batch API to be able to run time-consuming
571   - operations in multiple subsequent HTTP requests.
572   -- Installer:
573   - * Themed the installer with the Garland theme.
574   - * Added form to provide initial site information during installation.
575   - * Added ability to provide extra installation steps programmatically.
576   - * Made it possible to import interface translations at install time.
577   -- Added the HTML corrector filter:
578   - * Fixes faulty and chopped off HTML in postings.
579   - * Tags are now automatically closed at the end of the teaser.
580   -- Performance:
581   - * Made it easier to conditionally load .include files and split up many core
582   - modules.
583   - * Added a JavaScript aggregator.
584   - * Added block-level caching, improving performance for both authenticated
585   - and anonymous users.
586   - * Made Drupal work correctly when running behind a reverse proxy like
587   - Squid or Pound.
588   -- File handling improvements:
589   - * Entries in the files table are now keyed to a user instead of a node.
590   - * Added reusable validation functions to check for uploaded file sizes,
591   - extensions, and image resolution.
592   - * Added ability to create and remove temporary files during a cron job.
593   -- Forum improvements:
594   - * Any node type may now be posted in a forum.
595   -- Taxonomy improvements:
596   - * Descriptions for terms are now shown on taxonomy/term pages as well
597   - as RSS feeds.
598   - * Added versioning support to categories by associating them with node
599   - revisions.
600   -- Added support for OpenID.
601   -- Added support for triggering configurable actions.
602   -- Added the Update status module to automatically check for available updates
603   - and warn sites if they are missing security updates or newer versions.
604   - Sites deploying from CVS should use http://drupal.org/project/cvs_deploy.
605   - Advanced settings provided by http://drupal.org/project/update_advanced.
606   -- Upgraded the core JavaScript library to jQuery version 1.2.3.
607   -- Added a new Schema API, which provides built-in support for core and
608   - contributed modules to work with databases other than MySQL.
609   -- Removed drupal.module. The functionality lives on as the Site network
610   - contributed module (http://drupal.org/project/site_network).
611   -- Removed old system updates. Updates from Drupal versions prior to 5.x will
612   - require upgrading to 5.x before upgrading to 6.x.
613   -
614   -Drupal 5.23, 2010-08-11
615   ------------------------
616   -- Fixed security issues (File download access bypass, Comment unpublishing
617   - bypass), see SA-CORE-2010-002.
618   -
619   -Drupal 5.22, 2010-03-03
620   ------------------------
621   -- Fixed security issues (Open redirection, Locale module cross site scripting,
622   - Blocked user session regeneration), see SA-CORE-2010-001.
623   -
624   -Drupal 5.21, 2009-12-16
625   ------------------------
626   -- Fixed a security issue (Cross site scripting), see SA-CORE-2009-009.
627   -- Fixed a variety of small bugs.
628   -
629   -Drupal 5.20, 2009-09-16
630   ------------------------
631   -- Avoid security problems resulting from writing Drupal 6-style menu
632   - declarations.
633   -- Fixed security issues (session fixation), see SA-CORE-2009-008.
634   -- Fixed a variety of small bugs.
635   -
636   -Drupal 5.19, 2009-07-01
637   ------------------------
638   -- Fixed security issues (Cross site scripting and Password leakage in URL), see
639   - SA-CORE-2009-007.
640   -- Fixed a variety of small bugs.
641   -
642   -Drupal 5.18, 2009-05-13
643   ------------------------
644   -- Fixed security issues (Cross site scripting), see SA-CORE-2009-006.
645   -- Fixed a variety of small bugs.
646   -
647   -Drupal 5.17, 2009-04-29
648   ------------------------
649   -- Fixed security issues (Cross site scripting and limited information
650   - disclosure) see SA-CORE-2009-005.
651   -- Fixed a variety of small bugs.
652   -
653   -Drupal 5.16, 2009-02-25
654   ------------------------
655   -- Fixed a security issue, (Local file inclusion on Windows), see SA-CORE-2009-004.
656   -- Fixed a variety of small bugs.
657   -
658   -Drupal 5.15, 2009-01-14
659   ------------------------
660   -- Fixed security issues, (Hardening against SQL injection), see
661   - SA-CORE-2009-001
662   -- Fixed HTTP_HOST checking to work again with HTTP 1.0 clients and basic shell
663   - scripts.
664   -- Fixed a variety of small bugs.
665   -
666   -Drupal 5.14, 2008-12-11
667   ------------------------
668   -- removed a previous change incompatible with PHP 5.1.x and lower.
669   -
670   -Drupal 5.13, 2008-12-10
671   ------------------------
672   -- fixed a variety of small bugs.
673   -- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073
674   -- updated robots.txt and .htaccess to match current file use.
675   -
676   -Drupal 5.12, 2008-10-22
677   ------------------------
678   -- fixed security issues, (File inclusion), see SA-2008-067
679   -
680   -Drupal 5.11, 2008-10-08
681   ------------------------
682   -- fixed a variety of small bugs.
683   -- fixed security issues, (File upload access bypass, Access rules bypass,
684   - BlogAPI access bypass, Node validation bypass), see SA-2008-060
685   -
686   -Drupal 5.10, 2008-08-13
687   ------------------------
688   -- fixed a variety of small bugs.
689   -- fixed security issues, (Cross site scripting, Arbitrary file uploads via
690   - BlogAPI and Cross site request forgery), see SA-2008-047
691   -
692   -Drupal 5.9, 2008-07-23
693   -----------------------
694   -- fixed a variety of small bugs.
695   -- fixed security issues, (Session fixation), see SA-2008-046
696   -
697   -Drupal 5.8, 2008-07-09
698   -----------------------
699   -- fixed a variety of small bugs.
700   -- fixed security issues, (Cross site scripting, cross site request forgery, and
701   - session fixation), see SA-2008-044
702   -
703   -Drupal 5.7, 2008-01-28
704   -----------------------
705   -- fixed the input format configuration page.
706   -- fixed a variety of small bugs.
707   -
708   -Drupal 5.6, 2008-01-10
709   -----------------------
710   -- fixed a variety of small bugs.
711   -- fixed a security issue (Cross site request forgery), see SA-2008-005
712   -- fixed a security issue (Cross site scripting, UTF8), see SA-2008-006
713   -- fixed a security issue (Cross site scripting, register_globals), see SA-2008-007
714   -
715   -Drupal 5.5, 2007-12-06
716   -----------------------
717   -- fixed missing missing brackets in a query in the user module.
718   -- fixed taxonomy feed bug introduced by SA-2007-031
719   -
720   -Drupal 5.4, 2007-12-05
721   -----------------------
722   -- fixed a variety of small bugs.
723   -- fixed a security issue (SQL injection), see SA-2007-031
724   -
725   -Drupal 5.3, 2007-10-17
726   -----------------------
727   -- fixed a variety of small bugs.
728   -- fixed a security issue (HTTP response splitting), see SA-2007-024
729   -- fixed a security issue (Arbitrary code execution via installer), see SA-2007-025
730   -- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
731   -- fixed a security issue (User deletion cross site request forgery), see SA-2007-029
732   -- fixed a security issue (API handling of unpublished comment), see SA-2007-030
733   -
734   -Drupal 5.2, 2007-07-26
735   -----------------------
736   -- changed hook_link() $teaser argument to match documentation.
737   -- fixed a variety of small bugs.
738   -- fixed a security issue (cross-site request forgery), see SA-2007-017
739   -- fixed a security issue (cross-site scripting), see SA-2007-018
740   -
741   -Drupal 5.1, 2007-01-29
742   -----------------------
743   -- fixed security issue (code execution), see SA-2007-005
744   -- fixed a variety of small bugs.
745   -
746   -Drupal 5.0, 2007-01-15
747   -----------------------
748   -- Completely retooled the administration page
749   - * /Admin now contains an administration page which may be themed
750   - * Reorganised administration menu items by task and by module
751   - * Added a status report page with detailed PHP/MySQL/Drupal information
752   -- Added web-based installer which can:
753   - * Check installation and run-time requirements
754   - * Automatically generate the database configuration file
755   - * Install pre-made 'install profiles' or distributions
756   - * Import the database structure with automatic table prefixing
757   - * Be localized
758   -- Added new default Garland theme
759   -- Added color module to change some themes' color schemes
760   -- Included the jQuery JavaScript library 1.0.4 and converted all core JavaScript to use it
761   -- Introduced the ability to alter mail sent from system
762   -- Module system:
763   - * Added .info files for module meta-data
764   - * Added support for module dependencies
765   - * Improved module installation screen
766   - * Moved core modules to their own directories
767   - * Added support for module uninstalling
768   -- Added support for different cache backends
769   -- Added support for a generic "sites/all" directory.
770   -- Usability:
771   - * Added support for auto-complete forms (AJAX) to user profiles.
772   - * Made it possible to instantly assign roles to newly created user accounts.
773   - * Improved configurability of the contact forms.
774   - * Reorganized the settings pages.
775   - * Made it easy to investigate popular search terms.
776   - * Added a 'select all' checkbox and a range select feature to administration tables.
777   - * Simplified the 'break' tag to split teasers from body.
778   - * Use proper capitalization for titles, menu items and operations.
779   -- Integrated urlfilter.module into filter.module
780   -- Block system:
781   - * Extended the block visibility settings with a role specific setting.
782   - * Made it possible to customize all block titles.
783   -- Poll module:
784   - * Optionally allow people to inspect all votes.
785   - * Optionally allow people to cancel their vote.
786   -- Distributed authentication:
787   - * Added default server option.
788   -- Added default robots.txt to control crawlers.
789   -- Database API:
790   - * Added db_table_exists().
791   -- Blogapi module:
792   - * 'Blogapi new' and 'blogapi edit' nodeapi operations.
793   -- User module:
794   - * Added hook_profile_alter().
795   - * E-mail verification is made optional.
796   - * Added mass editing and filtering on admin/user/user.
797   -- PHP Template engine:
798   - * Add the ability to look for a series of suggested templates.
799   - * Look for page templates based upon the path.
800   - * Look for block templates based upon the region, module, and delta.
801   -- Content system:
802   - * Made it easier for node access modules to work well with each other.
803   - * Added configurable content types.
804   - * Changed node rendering to work with structured arrays.
805   -- Performance:
806   - * Improved session handling: reduces database overhead.
807   - * Improved access checking: reduces database overhead.
808   - * Made it possible to do memcached based session management.
809   - * Omit sidebars when serving a '404 - Page not found': saves CPU cycles and bandwidth.
810   - * Added an 'aggressive' caching policy.
811   - * Added a CSS aggregator and compressor (up to 40% faster page loads).
812   -- Removed the archive module.
813   -- Upgrade system:
814   - * Created space for update branches.
815   -- Forms API:
816   - * Made it possible to programmatically submit forms.
817   - * Improved api for multistep forms.
818   -- Theme system:
819   - * Split up and removed drupal.css.
820   - * Added nested lists generation.
821   - * Added a self-clearing block class.
822   -
823   -Drupal 4.7.11, 2008-01-10
824   --------------------------
825   -- fixed a security issue (Cross site request forgery), see SA-2008-005
826   -- fixed a security issue (Cross site scripting, UTF8), see SA-2008-006
827   -- fixed a security issue (Cross site scripting, register_globals), see SA-2008-007
828   -
829   -Drupal 4.7.10, 2007-12-06
830   --------------------------
831   -- fixed taxonomy feed bug introduced by SA-2007-031
832   -
833   -Drupal 4.7.9, 2007-12-05
834   -------------------------
835   -- fixed a security issue (SQL injection), see SA-2007-031
836   -
837   -Drupal 4.7.8, 2007-10-17
838   -----------------------
839   -- fixed a security issue (HTTP response splitting), see SA-2007-024
840   -- fixed a security issue (Cross site scripting via uploads), see SA-2007-026
841   -- fixed a security issue (API handling of unpublished comment), see SA-2007-030
842   -
843   -Drupal 4.7.7, 2007-07-26
844   -------------------------
845   -- fixed security issue (XSS), see SA-2007-018
846   -
847   -Drupal 4.7.6, 2007-01-29
848   -------------------------
849   -- fixed security issue (code execution), see SA-2007-005
850   -
851   -Drupal 4.7.5, 2007-01-05
852   -------------------------
853   -- Fixed security issue (XSS), see SA-2007-001
854   -- Fixed security issue (DoS), see SA-2007-002
855   -
856   -Drupal 4.7.4, 2006-10-18
857   -------------------------
858   -- Fixed security issue (XSS), see SA-2006-024
859   -- Fixed security issue (CSRF), see SA-2006-025
860   -- Fixed security issue (Form action attribute injection), see SA-2006-026
861   -
862   -Drupal 4.7.3, 2006-08-02
863   -------------------------
864   -- Fixed security issue (XSS), see SA-2006-011
865   -
866   -Drupal 4.7.2, 2006-06-01
867   -------------------------
868   -- Fixed critical upload issue, see SA-2006-007
869   -- Fixed taxonomy XSS issue, see SA-2006-008
870   -- Fixed a variety of small bugs.
871   -
872   -Drupal 4.7.1, 2006-05-24
873   -------------------------
874   -- Fixed critical SQL issue, see SA-2006-005
875   -- Fixed a serious upgrade related bug.
876   -- Fixed a variety of small bugs.
877   -
878   -Drupal 4.7.0, 2006-05-01
879   -------------------------
880   -- Added free tagging support.
881   -- Added a site-wide contact form.
882   -- Theme system:
883   - * Added the PHPTemplate theme engine and removed the Xtemplate engine.
884   - * Converted the bluemarine theme from XTemplate to PHPTemplate.
885   - * Converted the pushbutton theme from XTemplate to PHPTemplate.
886   -- Usability:
887   - * Reworked the 'request new password' functionality.
888   - * Reworked the node and comment edit forms.
889   - * Made it easy to add nodes to the navigation menu.
890   - * Added site 'offline for maintenance' feature.
891   - * Added support for auto-complete forms (AJAX).
892   - * Added support for collapsible page sections (JS).
893   - * Added support for resizable text fields (JS).
894   - * Improved file upload functionality (AJAX).
895   - * Reorganized some settings pages.
896   - * Added friendly database error screens.
897   - * Improved styling of update.php.
898   -- Refactored the forms API.
899   - * Made it possible to alter, extend or theme forms.
900   -- Comment system:
901   - * Added support for "mass comment operations" to ease repetitive tasks.
902   - * Comment moderation has been removed.
903   -- Node system:
904   - * Reworked the revision functionality.
905   - * Removed the bookmarklet code. Third-party modules can now handle
906   - This.
907   -- Upgrade system:
908   - * Allows contributed modules to plug into the upgrade system.
909   -- Profiles:
910   - * Added a block to display author information along with posts.
911   - * Added support for private profile fields.
912   -- Statistics module:
913   - * Added the ability to track page generation times.
914   - * Made it possible to block certain IPs/hostnames.
915   -- Block system:
916   - * Added support for theme-specific block regions.
917   -- Syndication:
918   - * Made the aggregator module parse Atom feeds.
919   - * Made the aggregator generate RSS feeds.
920   - * Added RSS feed settings.
921   -- XML-RPC:
922   - * Replaced the XML-RPC library by a better one.
923   -- Performance:
924   - * Added 'loose caching' option for high-traffic sites.
925   - * Improved performance of path aliasing.
926   - * Added the ability to track page generation times.
927   -- Internationalization:
928   - * Improved Unicode string handling API.
929   - * Added support for PHP's multibyte string module.
930   -- Added support for PHP5's 'mysqli' extension.
931   -- Search module:
932   - * Made indexer smarter and more robust.
933   - * Added advanced search operators (e.g. phrase, node type, ...).
934   - * Added customizable result ranking.
935   -- PostgreSQL support:
936   - * Removed dependency on PL/pgSQL procedural language.
937   -- Menu system:
938   - * Added support for external URLs.
939   -- Queue module:
940   - * Removed from core.
941   -- HTTP handling:
942   - * Added support for a tolerant Base URL.
943   - * Output URIs relative to the root, without a base tag.
944   -
945   -Drupal 4.6.11, 2007-01-05
946   --------------------------
947   -- Fixed security issue (XSS), see SA-2007-001
948   -- Fixed security issue (DoS), see SA-2007-002
949   -
950   -Drupal 4.6.10, 2006-10-18
951   -------------------------
952   -- Fixed security issue (XSS), see SA-2006-024
953   -- Fixed security issue (CSRF), see SA-2006-025
954   -- Fixed security issue (Form action attribute injection), see SA-2006-026
955   -
956   -Drupal 4.6.9, 2006-08-02
957   -------------------------
958   -- Fixed security issue (XSS), see SA-2006-011
959   -
960   -Drupal 4.6.8, 2006-06-01
961   -------------------------
962   -- Fixed critical upload issue, see SA-2006-007
963   -- Fixed taxonomy XSS issue, see SA-2006-008
964   -
965   -Drupal 4.6.7, 2006-05-24
966   -------------------------
967   -- Fixed critical SQL issue, see SA-2006-005
968   -
969   -Drupal 4.6.6, 2006-03-13
970   -------------------------
971   -- Fixed bugs, including 4 security vulnerabilities.
972   -
973   -Drupal 4.6.5, 2005-12-12
974   -------------------------
975   -- Fixed bugs: no critical bugs were identified.
976   -
977   -Drupal 4.6.4, 2005-11-30
978   -------------------------
979   -- Fixed bugs, including 3 security vulnerabilities.
980   -
981   -Drupal 4.6.3, 2005-08-15
982   -------------------------
983   -- Fixed bugs, including a critical "arbitrary PHP code execution" bug.
984   -
985   -Drupal 4.6.2, 2005-06-29
986   -------------------------
987   -- Fixed bugs, including two critical "arbitrary PHP code execution" bugs.
988   -
989   -Drupal 4.6.1, 2005-06-01
990   -------------------------
991   -- Fixed bugs, including a critical input validation bug.
992   -
993   -Drupal 4.6.0, 2005-04-15
994   -------------------------
995   -- PHP5 compliance
996   -- Search:
997   - * Added UTF-8 support to make it work with all languages.
998   - * Improved search indexing algorithm.
999   - * Improved search output.
1000   - * Impose a throttle on indexing of large sites.
1001   - * Added search block.
1002   -- Syndication:
1003   - * Made the ping module ping pingomatic.com which, in turn, will ping all the major ping services.
1004   - * Made Drupal generate RSS 2.0 feeds.
1005   - * Made RSS feeds extensible.
1006   - * Added categories to RSS feeds.
1007   - * Added enclosures to RSS feeds.
1008   -- Flood control mechanism:
1009   - * Added a mechanism to throttle certain operations.
1010   -- Usability:
1011   - * Refactored the block configuration pages.
1012   - * Refactored the statistics pages.
1013   - * Refactored the watchdog pages.
1014   - * Refactored the throttle module configuration.
1015   - * Refactored the access rules page.
1016   - * Refactored the content administration page.
1017   - * Introduced forum configuration pages.
1018   - * Added a 'add child page' link to book pages.
1019   -- Contact module:
1020   - * Added a simple contact module that allows users to contact each other using e-mail.
1021   -- Multi-site configuration:
1022   - * Made it possible to run multiple sites from a single code base.
1023   -- Added an image API: enables better image handling.
1024   -- Block system:
1025   - * Extended the block visibility settings.
1026   -- Theme system:
1027   - * Added new theme functions.
1028   -- Database backend:
1029   - * The PEAR database backend is no longer supported.
1030   -- Performance:
1031   - * Improved performance of the forum topics block.
1032   - * Improved performance of the tracker module.
1033   - * Improved performance of the node pages.
1034   -- Documentation:
1035   - * Improved and extended PHPDoc/Doxygen comments.
1036   -
1037   -Drupal 4.5.8, 2006-03-13
1038   -------------------------
1039   -- Fixed bugs, including 3 security vulnerabilities.
1040   -
1041   -Drupal 4.5.7, 2005-12-12
1042   -------------------------
1043   -- Fixed bugs: no critical bugs were identified.
1044   -
1045   -Drupal 4.5.6, 2005-11-30
1046   -------------------------
1047   -- Fixed bugs, including 3 security vulnerabilities.
1048   -
1049   -Drupal 4.5.5, 2005-08-15
1050   -------------------------
1051   -- Fixed bugs, including a critical "arbitrary PHP code execution" bug.
1052   -
1053   -Drupal 4.5.4, 2005-06-29
1054