Security update

XSS and CSRF issue fixes

Prevent users with 'administer workflow' permission from using workflow and state names containing XSS.

Prevent users with 'administer workflow' permission from using workflow and state names containing XSS.

Significant rewrite to use native FAQ form. Allows better taxonomy support as well as standard node add-ons. Now supports free tagging.

• Use filter_xss on term name and description.
• Change category sql to use db_rewrite_sql for i18n. #307531: Category select box currently not language-aware
• Correct variable_del in uninstall.
• Added feature to not show categories. #308881: Category
• Add feature to re-assign anonymous question to expert. #338165: "Give" anonymous page to expert.
• Fix vocabulary check in settings. #299480: No vocabulary error for "FAQ" content type
• Corrected test for expert categorization. #336602: "Ask A Question" block and page do not respect the categorization settings
• Fixed users without 'answer question' not able to choose category when asking question. #385650: Users without 'answer question' permission can't choose 'category'
• Fix for long question input error #364054: Problems with long questionsin FAQ and FAQ_ASK
• Fix 'ask a question' menu item appearing with arrow beside it, as if it had child menu items.
• Fix questions not in Faq vocabulary showing in block.
• German translation. #378022: German translation
• Add setting to give all questions to expert. #369308: Registered users' questions reassigned to the Expert.
• Fix message body problem. #406498: Fatal error: [] operator not supported
• Correct string substitution in notification mail. #408332: Category mentioned in email to expert not shown
• Change summary to textarea so it fits in block better. #602282: Ask a question block takes over whole page
• Remove block region stuff. #556080: I hate the status message that appears when a question is asked.
• Correct user_access check. #580566: Possible permission check error
• Correct mail variables. #533614: notification email link incomplete

First alpha release of Abuse module. Plugged the security (Cross Site Scripting) holes that were in the module.

For more details on the security release: http://drupal.org/node/611078

DRUPAL-SA-CONTRIB-2009-076