Security update

* #636908: Fixed theme switch failure.
* Added hook_enabled/disabled for admin theme settings take over.
* New default "Administration theme" section
- Migrate core setting to section
- Disabled core settings form
* Exit looping in _sections_in_section() if section with highest weight match.
* #340044 by hass: Prevent WYSIWYG editors attaching to textarea

3-3:
) Security-Issue: #649292: Security issue - draggableviews_repaired_msg not properly sanitized: Apply xss-filter before outputting draggableviews_repaired_msg before drupal_set_message.
) Bug-Fix: #604682: Handler includes use deprecated call-time pass-by-reference: pass-by-reference. Changed &$ to $ in function calls.
) Bug-Fix: Used wrong variable as filter display value.
) Change: #605206: Could you make 'Save' button text customizable please: Make Save-button text customizable
) Change: Changed README.txt (Preview mode works now).

BETA2:
) Bug-Fix: #565146: Defined order not respected when Style different than Draggable Table: Native Handler: Respect arguments in all displays if only one of the displays uses arguments. (If the displays doesn't tell us explicitly something else). Thanks Tri for reporting this bug.
) Bug-Fix: #577300: CCK draggable class does not have parent: Forgot extending class from draggableviews_handler. Reported by minenet.
) Bug-Fix: #573920: Fatal error: Call to a member function set_range() on a non-object in /.../draggableviews.module on line 356: Catch a fatal error: Don't attach the info array to the view if no order field is defined. So hook_pre_render (and thus ->set_range) will not be called.
) Bug-Fix: Corrected a typo: $filter instead of $filters. That caused a warning.
) Bug-Fix: Don't define fields and theme function if no fields were selected by the user. That caused a warning.
) Change: #541130: Theme registery issues: Don't need one theme per display any more. Now we just set the #theme function at hook_form. Many thanks to markus_petrux.

BETA1:
) BIG FEATURE: #463756: book module handler: Introduced DraggableViews Book handler.

In some cases versions prior to 5.x-1.9/6.x-alpha2 did not properly sanitize user input, leading to a SQL Injection (SQL Injection) vulnerability. Such an attack may lead to a malicious user gaining full administrative access. Please upgrade to this version.

In some cases versions prior to 5.x-1.9/6.x-alpha2 did not properly sanitize user input, leading to a SQL Injection (SQL Injection) vulnerability. Such an attack may lead to a malicious user gaining full administrative access. Please upgrade to this version.

SA-CONTRIB-2009-109 - Printfriendly - Cross Site Scripting

2009-11-18
The following bugs have been fixed since Ubercart 6.x-2.0 (-r 2001..2015), including two security updates outlined in SA-CONTRIB-2009-107:

• #610664 by Island Usurper: fix the country_id column in uc_countries to be an integer without auto_increment.
• #609444 by Island Usurper: Make countries that don't have different names work for USPS again.
• #611044 by Carsten Müller: Avoid conflict with date_order().
• #613498 by Island Usurper: Let product features affect product shippability correctly.
• #622998 by FiNeX: supply a missing t() in an order pane.
• #622998 by FiNeX: supply a missing t() in an order pane (again).
• Updating the version number for the next release.
• #618932 by Island Usurper: Remove predicate locking entirely.
• u#14100 by Lyle: Allow product nodes to have titles with 255 characters.