Bug fixes

The third maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 6.0 release.

This release fixes five security vulnerabilities. Sites are urged to upgrade immediately. For more details, please see the security announcements:

• SA-2007-024 - Drupal Core - HTTP response splitting
• SA-2007-025 - Drupal Core - Arbitrary code execution via installer.
• SA-2007-026 - Drupal Core - Cross site scripting via uploads
• SA-2007-029 - Drupal Core - User deletion cross site request forgery
• SA-2007-030 - Drupal Core - API handling of unpublished comment

In addition to these security vulnerabilities, the following bugs have been fixed since the 5.2 release:

• #163092 by Wesley Tanaka. Add forum css only to pages which need it.
• #163458 by heyrocker. Make sure the user object has roles before checking them.
• #164974 by ricflomag. Better use of t().

New features:
- Added 'track invitations' permission to be able to hide the invitation overview from anonymous users.
- #175786: Fixed up ui by 1) separating invite overviews using tabs and 2) using a pager.
- #178652 by Gwen Park: Pass invite code to hook_invite($op = 'invite').
- Added delete invitation confirmation dialog.

Bugs fixed:
- #182017: Tried to produce XHTML (or XML in this case) compliant output.
- #176983: Fixed bogus email header.
- Fixed queries for counting pending and expired invites had swapped comparison logic.

Changes since DRUPAL-4-7--3-3:

Changes since DRUPAL-5--3-3:

Yikes, a second brown paper bag release. The first didn't quite work as advertised, resulting in an error when trying to flush the cache_menu table.

This is primarily a security release in response to the token_values potential Cross Site Scripting issue. Pathauto on its own is not affected, but token values provided by Pathauto were not properly checked and may have caused a problem if used by another module (no known examples exist).

Other Changes since DRUPAL-5--2-0-BETA3: