Security update

This security release fixes a permission bypass issue in pm_email_notify.module. It also features compatibility fixes for both PostgreSQL and PHP4. Additionaly, a few bugs and testing issues were fixed and some very minor UI additions and a small performance improvement was added.

Changes since DRUPAL-6--1-1:

Some of the changes and improvements since Alpha 3 (thanks to cwgordon7 for help with curation):

• #705668 by dereine: Fix glossary view, add tests for glossary view.
• #699426 by dereine: Tests pluggable pagers.
• #679714 by dereine: test: groupby sum. avg, min, max.
• #706464 by dereine: Test full(normal) pager plugin.
• #681726 by drewish: Allow term edit link field.
• #422434 by BWPanda: Correct (NULL) to (NOT NULL) in varios operator descriptions for empty/not empty.
• #685622 by dereine: Field to provide link to a node revision.
• #692428 by Roi Danton: Documentation typo fix.
• #484600 by dereine: Ability to disable the automatic live preview.
• #694094 by yhahn: Allow default views cache to be reset.
• #654738 by Scott Reynolds: Offset date filter missing current time.
• #716236 by jmiccolis: Allow default menu tabs to also have menu entries.

• #177494 by moshe weitzman: Added node author's e-mail as field.
• #142347 by merlinofchaos: Fixed missing taxonomy terms in exposed filter.
• #174044 by douggreen: Fixed coding-style in exported views.
• #193888 by mvc: Fixed select lists options in Views UI are not sorted.
• #247420 and #217015 by smk-ka, webchick: Fixed SQL error when using empty text as argument default.
• #191420 by sun: Fixed missing t() for view import page title.
• #166608: missing ->status setting caused access control on various node links to fail.
• #257004: Ensure cache is loaded for exposed filters so that external stuff can use cached forms for AJAX calls
• #211944: Wildcard substitution for arguments ignored in RSS feeds.
• #171505: Fixed missing closing apostrophe in date sorting.
• #167978: Fixed sort granularity.

ATTENTION POSTGRES USERS: DO NOT UPGRADE TO THIS RELEASE. The update.php has a problem with postgres that causes data loss.

see: http://drupal.org/node/765892 for a security-only patch for 6.x-2.8

Bug fixes

• #650152: Book: Top Level Book relationship broken by earlier patch and caused broken query.
• #651244 by dagmar: Other instances of are not translatable and should not be run trhough t().
• #653628: init declaration for views_handler_filter_many_to_one() did not match parent init.
• #657700: Fixed 'Override normal sorting if click sorting is used' setting on the table style plugin that was broken by #622602.
• #473698 by jrglasgow: Fix error in help text regarding custom theming.
• #387448 by joachim: Provide better help text to describe how to use sticky sort.
• #652716 by dagmar: "no single" flag on filter objects not completely respected, causing improper default filters.

Security update:
- Fixed multiple XSS issues with string and blocktranslations
Other bug fixes:
- Added some unit tests for strings, blocks and taxonomy
- Fixed: Block translations deleted on refresh, #732680
- Fixed: warning in node form causes PHP notice, by swentel, #664944
- Fixed: i18nblocks conflicts with modules and themes, by JohnAlbin, #457512
- Some clean up to i18nstrings API: Dropped update option from i18nstrings_translate()
- Disable content selection during synchronization, by Pisco, #648348