Security update

This is the first stable version of G2 for Drupal 6.x.

It includes several security fixes over the pre-release -dev version, as well as a new XML-RPC client demo.

However, the -dev branch is quite stable and should be preferred in most cases.

The theme fails to sanitize a value in the url, leading to a Cross Site Scripting (XSS) vulnerability.

See SA-CONTRIB-2012-081 - Zen - Cross Site Scripting.

• #478134 by mithrill: Improve docs about sites/all/themes and sites/default/themes folders
• #600758 by mattyoung: Secondary links run together in one line with primary links
• #600344 by mgifford: Use of absolute font size in block editing links breaks WCAG 2.0
• #546904 by Jennifer_M: List $node as available variable in page.tpl.php
• #583716 by droidenator: Empty title can cause breadcrumbs to display incorrectly
• #600920 by kto.3decb: Fix incorrect comment block class name
• #297084: Remove ctype_lower() from zen_id_safe() to prevent WSOD/Fatal error on some systems
• #317417 by JohnAlbin and quicksketch: Fix off-line maintenance page since drupal_get_path('theme', 'zen') won't work
• #545320 by Deslack: Use of split() generate E_DEPRECATED warnings on PHP 5.3.0

Release for SA-CONTRIB-2009-094 - NGP COO/CWP Integration (crmngp) - Multiple Vulnerabilities
Access control fix, text filtering

Changes since DRUPAL-6--1-2:

Changes since DRUPAL-5--1-3:

• #223428 by hunmonk: add pager to protected user/admin bypass tables.
• #368722 by dboulet, cedarm: Fix warning when no User protection defaults are enabled.
• #516206 by cedarm: userprotect_administrator_bypass_defaults() should return keyed array.
• #623162 by hunmonk: SA-CONTRIB-2009-090 - User Protect - Cross Site Request Forgery.