Security update

The thirteenth maintenance and security release of the Drupal 6 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the security announcement:

• SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed since the 6.12 release:

• - Patch #463450 by wulff: fixed documentation glitch.
• #193577 by Rob Loach, Damien Tournoud, andypost: JavaScript string split() function does not behave like PHP explode(); causes problems with multiple node body break tags
• #454992 by sun, bengtan: _drupal_flush_css_js() should not have 'q' as a possible CSS query character, since that is the Drupal path name character too
• #452704 by andypost, catch: Names of compressed CSS and JS files should have a prefix, so that names starting in ad* will not happen. Those are easily blocked by firewalls, Firefox's Adblock, etc.

Fixes SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities.

Other changes since 1.0:
#422652 by NeoID: Closed tag on break in advanced_forum-forum-legend.tpl.php

Fixes SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities.

Corrected unchecked title text field (security).

Fixed an unchecked title text field (security vulnerability).

This release fixes Security vulnerabilities from #488092 SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities.