5 files changed, 33 insertions, 8 deletions

diff --git a/modules/aggregator/aggregator.admin.inc b/modules/aggregator/aggregator.admin.inc
index 9d78e5491..2f1485cf5 100644
--- a/modules/aggregator/aggregator.admin.inc
+++ b/modules/aggregator/aggregator.admin.inc
@@ -176,15 +176,31 @@ function aggregator_form_feed_submit($form, &$form_state) {
   }
 }
 
+function aggregator_admin_remove_feed($form_state, $feed) {
+  return confirm_form(
+    array(
+      'feed' => array(
+        '#type' => 'value',
+        '#value' => $feed,
+      ),
+    ),
+    t('Are you sure you want to remove all items from the feed %feed?', array('%feed' => $feed['title'])),
+    'admin/content/aggregator',
+    t('This action cannot be undone.'),
+    t('Remove items'),
+    t('Cancel')
+  );
+}
+
 /**
- * Menu callback; removes all items from a feed, then redirects to the overview page.
+ * Remove all items from a feed and redirect to the overview page.
  *
  * @param $feed
  *   An associative array describing the feed to be cleared.
  */
-function aggregator_admin_remove_feed($feed) {
-  aggregator_remove($feed);
-  drupal_goto('admin/content/aggregator');
+function aggregator_admin_remove_feed_submit($form, &$form_state) {
+  aggregator_remove($form_state['values']['feed']);
+  $form_state['redirect'] = 'admin/content/aggregator';
 }
 
 /**
diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module
index b988e637b..ac827e927 100644
--- a/modules/aggregator/aggregator.module
+++ b/modules/aggregator/aggregator.module
@@ -106,8 +106,8 @@ function aggregator_menu() {
   );
   $items['admin/content/aggregator/remove/%aggregator_feed'] = array(
     'title' => 'Remove items',
-    'page callback' => 'aggregator_admin_remove_feed',
-    'page arguments' => array(4),
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('aggregator_admin_remove_feed', 4),
     'access arguments' => array('administer news feeds'),
     'type' => MENU_CALLBACK,
     'file' => 'aggregator.admin.inc',
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index 3d1e2ccaa..f35fd43db 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -953,6 +953,11 @@ function filter_xss_admin($string) {
  *   The format to use.
  */
 function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) {
+  // Only operate on valid UTF-8 strings. This is necessary to prevent cross
+  // site scripting issues on Internet Explorer 6.
+  if (!drupal_validate_utf8($string)) {
+    return '';
+  }
   // Store the input format
   _filter_xss_split($allowed_tags, TRUE);
   // Remove NUL characters (ignored by some browsers)
diff --git a/modules/system/system.install b/modules/system/system.install
index 4a7868a79..be9fbcf5b 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -52,6 +52,10 @@ function system_requirements($phase) {
     $requirements['webserver']['description'] = $t('Unable to determine your web server type and version. Drupal might not work properly.');
     $requirements['webserver']['severity'] = REQUIREMENT_WARNING;
   }
+  if (ini_get('register_globals')) {
+    $requirements['php']['description'] = $t('<em>register_globals</em> is enabled. Drupal requires this configuration directive to be disabled. Your site may not be secure when <em>register_globals</em> is enabled. The PHP manual has instructions for <a href="http://php.net/configuration.changes">how to change configuration settings</a>.');
+    $requirements['php']['severity'] = REQUIREMENT_ERROR;
+  }
 
   // Test PHP version
   $requirements['php'] = array(
diff --git a/modules/system/system.module b/modules/system/system.module
index f6b4409ad..5d37772e3 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -9,7 +9,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '6.0-dev');
+define('VERSION', '6.0-rc2');
 
 /**
  * Core API compatibility.
@@ -19,7 +19,7 @@ define('DRUPAL_CORE_COMPATIBILITY', '6.x');
 /**
  * Minimum supported version of PHP.
  */
-define('DRUPAL_MINIMUM_PHP',    '4.3.3');
+define('DRUPAL_MINIMUM_PHP',    '4.3.5');
 
 /**
  * Minimum recommended value of PHP memory_limit.