Security update

Fixing broken 'delete menu' and 'delete menu item' links.
Plugging CSRF vulnerability with enabling and disabling menu items.

. See SA-CONTRIB-2010-097 - Imagemenu - Multiple vulnerabilities for details.

Fixing XSS vulnerability with menu description. See SA-CONTRIB-2010-097 - Imagemenu - Multiple vulnerabilities for details.

This release fixes a security vulnerability, all users of Domain access are urged to upgrade. For more details, see SA-CONTRIB-2010-096.

Bugfixes

-- Fixes missing argument in domain_conf_variable_set().
-- #895284: Undefinde variable : reset in domain_settings_form_submit() line 119 - domain_settings.module when submiting user settings form by mac_perlinksi. Fixes bad variable from #873706: Saving checkboxes fails in domain_settings_form_submit.
-- #884756: Consistency in watchdog entries by nonsie. Fix watchdog label.
-- #873706: Saving checkboxes fails in domain_settings_form_submit by Jasu_M. Domain settings must filter checkbox values.
-- #227947: After editing nodes user is redirected to the main domain by yhager and bleen18 (and others). Fix redirect to primary domain issue.
-- #848856: Empty HTTP_HOST throws errors by jastern. Ensure that empty HTTP_HOST value does not crash DA.
-- #883180: domain_set_domain(0, TRUE); does not bootstrap main domain by morningtime and zerno. Domain Prefix does not properly reset when switching domains.
-- #864128: Duplicate domains autocreated upon submitting settings form by OnkelTem and brt. Duplicate entry of default domain.
-- #842338: Allow editors to add cross-domain autocomplete nodereferences by johnpitcairn. Allow other modules to alter domain_grant_all().
-- #840220: implementations of hook_domain_settings can't know if they should set or reset by dougp. Pass full form values to hook_domain_settings().
-- patch #754092: Generating copy table prefix from selected subdomain don't work by mathiaz.sk. Bad variable reset in Domain Prefix.
-- patch #835208: Can't set drupal variables to (int)0 with domain_conf/domain_settings by dougp. Fixes type check on zero values for Domain Conf.
-- Fixes DBTNG errors in Domain Content.
-- Fixes bad link in Domain Conf.
-- Fixes index error in Domain Conf.
-- Fixes index warnings in domain_invalid_domain_requested().
-- #825734. Fixes use of hook_field_extra_fields().
-- Fixes bad index warning in domain_theme.admin.

This release fixes a security vulnerability, all users of Domain access are urged to upgrade. For more details, see SA-CONTRIB-2010-096.

This release fixes a security vulnerability, all users of Domain access are urged to upgrade. For more details, see SA-CONTRIB-2010-096.

Bugfixes

-- Auto-install the primary domain.
-- Update custom_url_rewrite_outbound.patch to Drupal 5.23.
-- Wrap Domain Prefix define statements in quotes.

Changes since DRUPAL-6--1-9:

SA-CONTRIB-2010-095 - fixes XSS vulnerability and access bypass issues with modal content.