- Bugfix: renamed the SQL field 'types' to 'nodes' because 'types' is a reserved keyword in MySQL 4. This fixes critical bug #1618. Patch by Marco.

  ==> This fix requires to run update.php!

- Bugfix: made sessions work without warnings when register_globals is turned off. The solution is to use $_SESSION instead of session_register().  This fixes critical bug #1797.  Patch by Marco.

- Bugfix: sometimes error messages where being discarded when previewing a node.  Patch by Craig Courtney.

- Bugfix: fixed charset problems.  This fixes critical bug #1549.  Patch '0023.charset.patch' by Al.

- Code improvements: removed some dead code from the comment module.  Patch by Marco.

- Documentation improvements: polished the node module help texts and form descriptions.  Patch '0019.node.module.help.patch' by Al.

- CSS improvements all over the map!  Patch '0021.more.css.patch' by Al.

- GUI improvements: improved the position of Druplicon in the admin menu.  Patch '0020.admin.logo.patch' by Al.

- GUI improvements: new logos for theme Marvin and theme UnConeD.  Logos by Kristjan Jansen.

- GUI improvements: small changes to the output emitted by the profile module.  Suggestions by Steven Wittens.

- GUI improvements: small fixes to Xtemplate.  Patch '0022.xtemplate.css.patch' by Al.

TODO:

- Some modules such as the buddy list module and the annotation module in the contributions repository are also using session_register().  They should be updated.  We should setup a task on Drupal.

- There is code emitting '<div align="right">' which doesn't validate.

- Does our XML feeds validate with the charset changes?

- The forum module's SQL doesn't work properly on PostgreSQL.

3 files changed, 25 insertions, 26 deletions

diff --git a/includes/common.inc b/includes/common.inc
index 532720898..708ee9a39 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -453,11 +453,8 @@ function drupal_goto($url) {
 */
 
 function referer_save() {
-  global $referer;
-
   if (!strstr($_SERVER["HTTP_REFERER"], request_uri())) {
-    $referer = $_SERVER["HTTP_REFERER"];
-    session_register("referer");
+    $_SESSION["referer"] = $_SERVER["HTTP_REFERER"];
   }
 }
 
@@ -466,10 +463,8 @@ function referer_save() {
 */
 
 function referer_load() {
-  global $referer;
-
-  if (session_is_registered("referer")) {
-    return $referer;
+  if (isset($_SESSION["referer"])) {
+    return $_SESSION["referer"];
   }
   else {
     return 0;
@@ -608,12 +603,12 @@ function format_rss_channel($title, $link, $description, $items, $language = "en
   // arbitrary elements may be added using the $args associative array
 
   $output .= "<channel>\n";
-  $output .= " <title>". htmlentities(strip_tags($title)) ."</title>\n";
-  $output .= " <link>". htmlentities(strip_tags($link)) ."</link>\n";
-  $output .= " <description>". htmlentities($description) ."</description>\n";
-  $output .= " <language>". htmlentities(strip_tags($language)) ."</language>\n";
+  $output .= " <title>". htmlspecialchars(strip_tags($title)) ."</title>\n";
+  $output .= " <link>". htmlspecialchars(strip_tags($link)) ."</link>\n";
+  $output .= " <description>". htmlspecialchars($description) ."</description>\n";
+  $output .= " <language>". htmlspecialchars(strip_tags($language)) ."</language>\n";
   foreach ($args as $key => $value) {
-    $output .= "<$key>". htmlentities(strip_tags($value)) ."</$key>";
+    $output .= "<$key>". htmlspecialchars(strip_tags($value)) ."</$key>";
   }
   $output .= $items;
   $output .= "</channel>\n";
@@ -625,11 +620,11 @@ function format_rss_item($title, $link, $description, $args = array()) {
   // arbitrary elements may be added using the $args associative array
 
   $output .= "<item>\n";
-  $output .= " <title>". htmlentities(strip_tags($title)) ."</title>\n";
-  $output .= " <link>". htmlentities(strip_tags($link)) ."</link>\n";
-  $output .= " <description>". htmlentities(check_output($description)) ."</description>\n";
+  $output .= " <title>". htmlspecialchars(strip_tags($title)) ."</title>\n";
+  $output .= " <link>". htmlspecialchars(strip_tags($link)) ."</link>\n";
+  $output .= " <description>". htmlspecialchars(check_output($description)) ."</description>\n";
   foreach ($args as $key => $value) {
-    $output .= "<$key>". htmlentities(strip_tags($value)) ."</$key>";
+    $output .= "<$key>". htmlspecialchars(strip_tags($value)) ."</$key>";
   }
   $output .= "</item>\n";
 
@@ -1004,6 +999,9 @@ $conf = variable_init(isset($conf) ? $conf : array());
 // set error handler:
 set_error_handler("error_handler");
 
+// spit out the correct charset http header
+header("Content-Type: text/html; charset=". variable_get("charset", "iso-8859-1"));
+
 // initialize installed modules:
 module_init();
 
diff --git a/includes/pager.inc b/includes/pager.inc
index f031f3a33..a567499b2 100644
--- a/includes/pager.inc
+++ b/includes/pager.inc
@@ -31,13 +31,13 @@ function pager_display($tags = "", $limit = 10, $element = 0, $type = "default",
 function pager_display_default($tags = "", $limit = 10, $element = 0, $attributes = array()) {
   global $pager_total;
   if ($pager_total[$element] > $limit) {
-    $output .= "<div align=\"center\"><table cellpadding=\"10\"><tbody><tr>";
-    $output .= "<td align=\"center\">". pager_first(($tags[0] ? $tags[0] : t("first page")), $limit, $element, $attributes) ."</td>";
-    $output .= "<td align=\"center\">". pager_previous(($tags[1] ? $tags[1] : t("previous page")), $limit, $element, 1, $attributes) ."</td>";
-    $output .= "<td align=\"center\">". pager_list($limit, $element, ($tags[2] ? $tags[2] : 9 ), "", $attributes) ."</td>";
-    $output .= "<td align=\"center\">". pager_next(($tags[3] ? $tags[3] : t("next page")), $limit, $element, 1, $attributes) ."</td>";
-    $output .= "<td align=\"center\">". pager_last(($tags[4] ? $tags[4] : t("last page")), $limit, $element, $attributes) ."</td>";
-    $output .= "</tr></tbody></table></div>";
+    $output .= "<div id=\"pager\" class=\"container-inline\">";
+    $output .= "<div>". pager_first(($tags[0] ? $tags[0] : t("first page")), $limit, $element, $attributes) ."</div>";
+    $output .= "<div>". pager_previous(($tags[1] ? $tags[1] : t("previous page")), $limit, $element, 1, $attributes) ."</div>";
+    $output .= "<div>". pager_list($limit, $element, ($tags[2] ? $tags[2] : 9 ), "", $attributes) ."</div>";
+    $output .= "<div>". pager_next(($tags[3] ? $tags[3] : t("next page")), $limit, $element, 1, $attributes) ."</div>";
+    $output .= "<div>". pager_last(($tags[4] ? $tags[4] : t("last page")), $limit, $element, $attributes) ."</div>";
+    $output .= "</div>";
 
     return $output;
   }
diff --git a/includes/theme.inc b/includes/theme.inc
index c410e36a7..dce4cff1b 100644
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -92,7 +92,7 @@ function theme_mark() {
   ** Return a marker.  Used to indicate new comments or required form
   ** fields.
   */
-  return "<span style=\"color: red;\">*</span>";
+  return "<span class=\"marker\">*</span>";
 }
 
 function theme_item_list($items = array(), $title = NULL) {
@@ -119,7 +119,7 @@ function theme_error($message) {
   /*
   ** Return an error message.
   */
-  return "<div style=\"color: red;\">$message</div>";
+  return "<div class=\"error\">$message</div>";
 }
 
 function theme_list($refresh = 0) {
@@ -144,6 +144,7 @@ function theme_list($refresh = 0) {
 
 function theme_head($main = 0) {
   global $base_url;
+  $output .= "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=". variable_get("site_charset", "iso-8859-1") ."\" />";
   $output .= "<base href=\"$base_url/\" />\n";
   $output .= "<style type=\"text/css\">\n";
   $output .= "@import url(misc/drupal.css);\n";