Security update

The triggers for this release include updates for the drupal.org deployment (l10n_project submodule) as well as important fixes to existing functionality. A cross site scripting issue was resolved with the commit message:

Fix for XSS reported by Psicomante. Strings output for JavaScript display were not escaped properly. Due to how the Drupal.org policy limits security announcements to 'stable' software (that is not alpha packages like l10n_server), this fix is not accompanied by an SA.

Other changes since DRUPAL-6--1-0-ALPHA4:

6.x-1.1 has been skipped due to packaging issues.

Fixes SA-CONTRIB-2009-049 - Live - Privilege escalation, Impersonation. Also fixes a CSRF issue that only existed in 6.x-1.x-dev.

Changes since DRUPAL-6--1-0:

fixes XSS vulnerability

New features...

6.x-1.6

1. Added configurable "type" mapping #520828. This feature allows mapping between various input file format publication types and Biblio publication types.
2. Added a per-user setting for OpenURL information #528930
3. EndNote XML files are now formated in the latest XML format by default, good for versions 8 and newer of EndNote.
4. Added new setting in the OpenURL section to set the Site ID (sid) of the OpenURL link

6.x-1.5

1. Added Views handlers for sorting, filtering and arguments on most fields.
2. Added new settings in the ISI Web of Knowledge section on the admin/settings/biblio page. Turning this on automatically converts EndNote "Go to ISI" links to valid ISI search links. (ISI subscription required)
3. Added new settings in the links section on the admin/settings/biblio page. You choose to carry "inline" mode through to all subsequent links. Inline mode is used primarily by people accessing biblio data from custom code, so the average user will not need this.
4. Added new settings in the links section on the admin/settings/biblio page. You can now toggle the export links on/off individually as well as the Google Scholar link

Version 6.2.2
=============
- #429446 Col element must not be in thead.
- #506944 Localize more link in jcalendar popup.
- #529826 Add check_plain().
- #489722 Remove mistake that caused year calendar to process endlessly.
- #389294 Require the date field in calendar style, needed to identify what cell the date belongs in.
- #452690 Avoid errors when some date fields are empty (usually when there are multiple date fields in view.)
- #389294 Avoid errors when date argument or filter is not available as a date field.

Version 6.2.3
=============

- #494350 Add 'c' format.
- #352975 Remove filter:mask in datepicker css and add help in settings on how to add back in theme.
- #352975 Add hook_requirements warning to suggest using jQuery UI for datepicker.
- #529826 Change date tools permission name to add 'administrator' to make it clear it has important powers.
- #529826 Check for invalid content type name in Date Tools.
- #529826 Add check_plain to label.
- #418874 Don't run timestamp format through date_limit_format().
- #456308 Don't reset date_api_fields cache over and over.
- #424006 Add flexibility to date filter options by passing them directly to date_create.
- #465870 Make sure date_repeat_form.inc is included in validation.
- #453688 Use is_a() function so date handler will work for any handler derived from views_handler_field_date.
- #452934 Make sure format_interval() doesn't do anything with empty dates.
- #483682 Make searches case-insensitive.
- #395156 Change table name for date formats from 'date_format' to 'date_formats' because 'date_format' is reserved word in some dbs.
- #342357 Make jQuery timepicker optional.
- #473308 Add handling for year-only date stored in timestamp field.
- Get rid of
in admin summary that was going through check_plain.
- #482436 Removed deprecated code to remove empty field values, CCK does that now.