Security update

Changes since DRUPAL-5--2-13:

• #650354 - fix for screenreader issue
• SA-CONTRIB-2009-113 - FAQ - Cross Site Scripting

The fifteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-009 - Drupal Core - Cross site scripting

In addition to this security vulnerability, the following bugs have been fixed since the 6.14 release:

• #193383 follow up by TheRec: (regression) - some set_time_limit() numbers were inadvertently removed in the previous patch.
• #499828 by Darren Oh, Dave Reid, dww: Wrong release dates were recorded on multi-module projects if deployed from CVS
• #563526 by jhodgdon: fix @see and @code phpdoc in user-profile.tpl.php
• #485350 by jhodgdon: better documentation and add code example for module_load_include()
• #574862 by jhodgdon: better documentation for menu_set_active_trail()
• #263517 by mfb: fix notice when parsing an RSS feed with file attachments

The twenty-first maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-009 - Drupal Core - Cross site scripting

* Remove useless section selection item in node form.
* #492692: Add section variable to page template.
* #636908: Fixed theme switch failure.
* Added hook_enabled/disabled for admin theme settings take over.
* Changed user access logic in node forms
* Fixed documentation typos
* Theme switcher moved to extra function
* Added more template suggestions.
* Refactor template suggestion to remove duplicate code.
* New default "Administration theme" section
- Migrate core setting to section
- Disabled core settings form

* #636908: Fixed theme switch failure.
* Added hook_enabled/disabled for admin theme settings take over.
* New default "Administration theme" section
- Migrate core setting to section
- Disabled core settings form
* Exit looping in _sections_in_section() if section with highest weight match.
* #340044 by hass: Prevent WYSIWYG editors attaching to textarea

3-3:
) Security-Issue: #649292: Security issue - draggableviews_repaired_msg not properly sanitized: Apply xss-filter before outputting draggableviews_repaired_msg before drupal_set_message.
) Bug-Fix: #604682: Handler includes use deprecated call-time pass-by-reference: pass-by-reference. Changed &$ to $ in function calls.
) Bug-Fix: Used wrong variable as filter display value.
) Change: #605206: Could you make 'Save' button text customizable please: Make Save-button text customizable
) Change: Changed README.txt (Preview mode works now).

BETA2:
) Bug-Fix: #565146: Defined order not respected when Style different than Draggable Table: Native Handler: Respect arguments in all displays if only one of the displays uses arguments. (If the displays doesn't tell us explicitly something else). Thanks Tri for reporting this bug.
) Bug-Fix: #577300: CCK draggable class does not have parent: Forgot extending class from draggableviews_handler. Reported by minenet.
) Bug-Fix: #573920: Fatal error: Call to a member function set_range() on a non-object in /.../draggableviews.module on line 356: Catch a fatal error: Don't attach the info array to the view if no order field is defined. So hook_pre_render (and thus ->set_range) will not be called.
) Bug-Fix: Corrected a typo: $filter instead of $filters. That caused a warning.
) Bug-Fix: Don't define fields and theme function if no fields were selected by the user. That caused a warning.
) Change: #541130: Theme registery issues: Don't need one theme per display any more. Now we just set the #theme function at hook_form. Many thanks to markus_petrux.

BETA1:
) BIG FEATURE: #463756: book module handler: Introduced DraggableViews Book handler.