- Bugfix: renamed the SQL field 'types' to 'nodes' because 'types' is a reserved keyword in MySQL 4. This fixes critical bug #1618. Patch by Marco.

  ==> This fix requires to run update.php!

- Bugfix: made sessions work without warnings when register_globals is turned off. The solution is to use $_SESSION instead of session_register().  This fixes critical bug #1797.  Patch by Marco.

- Bugfix: sometimes error messages where being discarded when previewing a node.  Patch by Craig Courtney.

- Bugfix: fixed charset problems.  This fixes critical bug #1549.  Patch '0023.charset.patch' by Al.

- Code improvements: removed some dead code from the comment module.  Patch by Marco.

- Documentation improvements: polished the node module help texts and form descriptions.  Patch '0019.node.module.help.patch' by Al.

- CSS improvements all over the map!  Patch '0021.more.css.patch' by Al.

- GUI improvements: improved the position of Druplicon in the admin menu.  Patch '0020.admin.logo.patch' by Al.

- GUI improvements: new logos for theme Marvin and theme UnConeD.  Logos by Kristjan Jansen.

- GUI improvements: small changes to the output emitted by the profile module.  Suggestions by Steven Wittens.

- GUI improvements: small fixes to Xtemplate.  Patch '0022.xtemplate.css.patch' by Al.

TODO:

- Some modules such as the buddy list module and the annotation module in the contributions repository are also using session_register().  They should be updated.  We should setup a task on Drupal.

- There is code emitting '<div align="right">' which doesn't validate.

- Does our XML feeds validate with the charset changes?

- The forum module's SQL doesn't work properly on PostgreSQL.

1 files changed, 15 insertions, 17 deletions

diff --git a/includes/common.inc b/includes/common.inc
index 532720898..708ee9a39 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -453,11 +453,8 @@ function drupal_goto($url) {
 */
 
 function referer_save() {
-  global $referer;
-
   if (!strstr($_SERVER["HTTP_REFERER"], request_uri())) {
-    $referer = $_SERVER["HTTP_REFERER"];
-    session_register("referer");
+    $_SESSION["referer"] = $_SERVER["HTTP_REFERER"];
   }
 }
 
@@ -466,10 +463,8 @@ function referer_save() {
 */
 
 function referer_load() {
-  global $referer;
-
-  if (session_is_registered("referer")) {
-    return $referer;
+  if (isset($_SESSION["referer"])) {
+    return $_SESSION["referer"];
   }
   else {
     return 0;
@@ -608,12 +603,12 @@ function format_rss_channel($title, $link, $description, $items, $language = "en
   // arbitrary elements may be added using the $args associative array
 
   $output .= "<channel>\n";
-  $output .= " <title>". htmlentities(strip_tags($title)) ."</title>\n";
-  $output .= " <link>". htmlentities(strip_tags($link)) ."</link>\n";
-  $output .= " <description>". htmlentities($description) ."</description>\n";
-  $output .= " <language>". htmlentities(strip_tags($language)) ."</language>\n";
+  $output .= " <title>". htmlspecialchars(strip_tags($title)) ."</title>\n";
+  $output .= " <link>". htmlspecialchars(strip_tags($link)) ."</link>\n";
+  $output .= " <description>". htmlspecialchars($description) ."</description>\n";
+  $output .= " <language>". htmlspecialchars(strip_tags($language)) ."</language>\n";
   foreach ($args as $key => $value) {
-    $output .= "<$key>". htmlentities(strip_tags($value)) ."</$key>";
+    $output .= "<$key>". htmlspecialchars(strip_tags($value)) ."</$key>";
   }
   $output .= $items;
   $output .= "</channel>\n";
@@ -625,11 +620,11 @@ function format_rss_item($title, $link, $description, $args = array()) {
   // arbitrary elements may be added using the $args associative array
 
   $output .= "<item>\n";
-  $output .= " <title>". htmlentities(strip_tags($title)) ."</title>\n";
-  $output .= " <link>". htmlentities(strip_tags($link)) ."</link>\n";
-  $output .= " <description>". htmlentities(check_output($description)) ."</description>\n";
+  $output .= " <title>". htmlspecialchars(strip_tags($title)) ."</title>\n";
+  $output .= " <link>". htmlspecialchars(strip_tags($link)) ."</link>\n";
+  $output .= " <description>". htmlspecialchars(check_output($description)) ."</description>\n";
   foreach ($args as $key => $value) {
-    $output .= "<$key>". htmlentities(strip_tags($value)) ."</$key>";
+    $output .= "<$key>". htmlspecialchars(strip_tags($value)) ."</$key>";
   }
   $output .= "</item>\n";
 
@@ -1004,6 +999,9 @@ $conf = variable_init(isset($conf) ? $conf : array());
 // set error handler:
 set_error_handler("error_handler");
 
+// spit out the correct charset http header
+header("Content-Type: text/html; charset=". variable_get("charset", "iso-8859-1"));
+
 // initialize installed modules:
 module_init();