Security update

This security release fixes SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting. Also contains a few bugfixes, better indexes to improve performance and more tests for improved stability.

Changes since 6.x-1.2:

Changes since 5.x-1.2:

Changes since 6.x-1.20:

This release addresses a security issue where block titles and menu titles were not escaped properly for XSS. Both vulnerabilities require the administer menu and administer blocks permissions to be exploited.

• Updated Hungarian translation.
• Fix for breadcrumb build if root menu is adjacent to link.
• Disable PURL rewriting on admin block menu items.
• #797492 by bibo, andermt: Fix for conflict with other JS in Safari, Chrome, IE.
• Fix for IE clone bug.
• #773204 by mfer: Expand scope of admin menu title CSS
• #850104: Ensure module is included for update 6202.
• #781410: Fix for installation of admin when menu module is off or 'admin' custom menu exists.
• Fix for extra border on My account block.
• Ensure no active classes when settings active class on initial drilldown state.
• #709872 by realityloop: Autohide on new pages option for Admin toolbar. #825422: Fixed height for horizontal menu and body push.
• #825532 by c4rl: Ensure delimiter is found before splitting.
• Improved IE7 support.
• #662662: Allow menus to be structured without a single root node.
• More IE fixes.
• #835796: Add wipe and rebuild tab.
• #746432: Push admin blocks through core theming stack to ensure preprocessors are run.

This release fixes a security vulnerability, all users of Kaltura are urged to upgrade. For more details, see SA-CONTRIB-2010-078 - Kaltura - Information disclosure.

Changes since DRUPAL-5--1-3:

• [#392736] Remove hidden stats iframes from install / uninstall / admin setup.
• [#779774] Fix fatal error when importing Kaltura nodes.

Security release.

See SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure.