=== modified file 'includes/path.inc'
--- includes/path.inc	2009-05-26 09:12:28 +0000
+++ includes/path.inc	2009-05-31 04:39:26 +0000
@@ -68,6 +68,11 @@ function drupal_lookup_path($action, $pa
     $no_aliases = array();
   }
   elseif ($count > 0 && $path != '') {
+    // Retrieve the path alias whitelist
+    $whitelist = variable_get('path_whitelist', array());
+    // And derive the top level component of the path
+    $top_level = strtok($path, '/');
+
     if ($action == 'alias') {
       // During the first call to drupal_lookup_path() per language, load the
       // expected system paths for the page from cache.
@@ -93,6 +98,12 @@ function drupal_lookup_path($action, $pa
       if (isset($map[$path_language][$path])) {
         return $map[$path_language][$path];
       }
+      elseif (!isset($whitelist[$top_level])) {
+        // Check the path whitelist, if the top_level part before the first /
+        // is not in the list, then there is no need to do anything further,
+        // it is not in the database
+        return FALSE;
+      }
       // For system paths which were not cached, query aliases individually.
       else if (!isset($no_aliases[$path_language][$path])) {
         // Get the most fitting result falling back with alias without language

=== modified file 'modules/block/block.module'
--- modules/block/block.module	2009-05-28 16:44:05 +0000
+++ modules/block/block.module	2009-05-31 06:00:03 +0000
@@ -176,7 +176,8 @@ function block_menu() {
  * Menu item access callback - only admin or enabled themes can be accessed.
  */
 function _block_themes_access($theme) {
-  return user_access('administer blocks') && ($theme->status || $theme->name == variable_get('admin_theme', 0));
+  $admin_theme = variable_get('admin_theme');
+  return user_access('administer blocks') && ($theme->status || ($admin_theme && ($theme->name == $admin_theme)));
 }
 
 /**

=== modified file 'modules/block/block.test'
--- modules/block/block.test	2009-05-28 11:31:20 +0000
+++ modules/block/block.test	2009-05-31 06:02:00 +0000
@@ -191,3 +191,24 @@ class NonDefaultBlockAdmin extends Drupa
     $this->assertRaw('stark/layout.css', t('Stark CSS found'));
   }
 }
+
+class BlockAdminThemeTestCase extends DrupalWebTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => t('Non default theme admin'),
+      'description' => t('Check the administer page for non default theme.'),
+      'group' => t('Block'),
+    );
+  }
+
+  function testAdminTheme() {
+    $admin_user = $this->drupalCreateUser(array('administer blocks', 'administer site configuration'));
+    $this->drupalLogin($admin_user);
+    $this->drupalGet('admin/build/block/list/stark');
+    $this->assertResponse(403, t('A disabled theme can not be accessed'));
+    $edit['admin_theme'] = 'stark';
+    $this->drupalPost('admin/build/themes', $edit, t('Save configuration'));
+    $this->drupalGet('admin/build/block/list/stark');
+    $this->assertResponse(200, t('The admin theme can be accessed'));
+  }
+}
\ No newline at end of file

=== modified file 'modules/path/path.module'
--- modules/path/path.module	2009-05-27 18:33:54 +0000
+++ modules/path/path.module	2009-05-31 02:44:08 +0000
@@ -141,10 +141,49 @@ function path_set_alias($path = NULL, $a
         ->execute();
     }
   }
+  $whitelist = variable_get('path_whitelist', array());
+  $part = strtok($path, '/');
+  if (!isset($whitelist[$part])) {
+    $whitelist[$part] = TRUE;
+    variable_set('path_whitelist', $whitelist);
+  }
   drupal_clear_path_cache();
 }
 
 /**
+ * Rebuild the path alias white list.
+ *
+ * The function uses indexed lookups in a loop and progressively excludes the
+ * top parts already found.
+ *
+ * So the initial query entering the look is like this:
+ *   SELECT src FROM url_alias LIMIT 1
+ * Suppose this returns 'node/nnnn', then the next query executed within the look will be:
+ *   SELECT src FROM url_alias WHERE src <> 'node' AND src NOT LIKE 'node/%' LIMIT 1
+ * This excludes the 'node' part, and suppose it returns 'user', the next query becomes
+ *   SELECT src FROM url_alias WHERE src <> 'node' AND src NOT LIKE 'node/%'
+ *     AND src <> 'user' AND src NOT LIKE 'user/%' LIMIT 1
+ * And so on. We keep going until we process all the top level parts, and store them in
+ * the whitelist array.
+ *
+ * @return
+ *   A list of system path first paths which have aliases as a key of an array.
+ */
+function path_whitelist_rebuild() {
+  $whitelist = array();
+  $query = db_select('url_alias', 'u');
+  $query->addField('u', 'src');
+  $query->range(0, 1);
+  while ($result = $query->execute()->fetchField()) {
+    $part = strtok($result, '/');
+    $whitelist[$part] = TRUE;
+    $query->condition('src', "$part/%", 'NOT LIKE');
+    $query->condition('src', $part, '<>');
+  }
+  return $whitelist;
+}
+
+/**
  * Implement hook_node_validate().
  */
 function path_node_validate($node, $form) {

=== modified file 'modules/path/path.test'
--- modules/path/path.test	2009-05-16 19:07:02 +0000
+++ modules/path/path.test	2009-05-31 02:38:12 +0000
@@ -235,3 +235,33 @@ class PathLanguageTestCase extends Drupa
   }
 }
 
+class PathWhiteListTestCase extends DrupalWebTestCase {
+  public static function getInfo() {
+    return array(
+      'name' => t('Path aliases whitelist'),
+      'description' => t('Confirm that the whitelist is built correctly.'),
+      'group' => t('Path'),
+    );
+  }
+
+  function setUp() {
+    parent::setUp('path');    
+  }
+  
+  function testWhiteList() {
+    // Lets create a bunch of aliases.
+    for ($i = 0; $i < 3; $i++) {
+      $prefix = $this->randomName();
+      $prefixes[] = $prefix;
+      path_set_alias($prefix, $this->randomName());
+      for ($j = 0; $j < 3; $j++) {
+        path_set_alias($prefix ."/$j", $this->randomName());
+      }
+    }
+    sort($prefixes);
+    $whitelist = array_keys(path_whitelist_rebuild());
+    sort($whitelist);
+    $this->assertIdentical($prefixes, $whitelist, t('Whitelist functionality OK'));
+  }
+}
+

=== modified file 'modules/simpletest/drupal_web_test_case.php'
--- modules/simpletest/drupal_web_test_case.php	2009-05-30 11:17:32 +0000
+++ modules/simpletest/drupal_web_test_case.php	2009-05-31 05:56:41 +0000
@@ -2320,6 +2320,7 @@ class DrupalWebTestCase extends DrupalTe
    */
   protected function assertResponse($code, $message = '') {
     $curl_code = curl_getinfo($this->curlHandle, CURLINFO_HTTP_CODE);
+    echo $curl_code;
     $match = is_array($code) ? in_array($curl_code, $code) : $curl_code == $code;
     return $this->assertTrue($match, $message ? $message : t('HTTP response expected !code, actual !curl_code', array('!code' => $code, '!curl_code' => $curl_code)), t('Browser'));
   }

=== modified file 'modules/system/system.admin.inc'
--- modules/system/system.admin.inc	2009-05-29 19:51:43 +0000
+++ modules/system/system.admin.inc	2009-05-31 02:38:07 +0000
@@ -931,6 +931,7 @@ function system_modules_submit($form, &$
     drupal_set_message(t('The configuration options have been saved.'));
   }
 
+  module_invoke('path', 'whitelist_rebuild');
   drupal_clear_css_cache();
   drupal_clear_js_cache();
 

=== modified file 'modules/system/system.install'
--- modules/system/system.install	2009-05-27 18:33:54 +0000
+++ modules/system/system.install	2009-05-31 02:38:19 +0000
@@ -3496,6 +3496,14 @@ function system_update_7023() {
 }
 
 /**
+ * Generate the URL alias white list.
+ */
+function system_update_7024() {
+  drupal_load('module', 'path');
+  path_whitelist_rebuild();
+}
+
+/**
  * @} End of "defgroup updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */