From 7c9637303875c21c550f04b444840e6b26372a5c Mon Sep 17 00:00:00 2001 From: Bachir Soussi Chiadmi Date: Sun, 26 Apr 2015 18:38:56 +0200 Subject: [PATCH] security update core+modules --- CHANGELOG.txt | 392 +++++- COPYRIGHT.txt | 2 +- INSTALL.mysql.txt | 15 +- INSTALL.txt | 2 + LICENSE.txt | 14 +- MAINTAINERS.txt | 24 +- README.txt | 12 +- authorize.php | 35 +- includes/ajax.inc | 95 +- includes/bootstrap.inc | 394 ++++-- includes/cache.inc | 153 ++- includes/common.inc | 456 +++++-- includes/database/database.inc | 74 +- includes/database/mysql/database.inc | 23 +- includes/database/mysql/query.inc | 19 +- includes/database/mysql/schema.inc | 30 +- includes/database/pgsql/database.inc | 2 +- includes/database/pgsql/query.inc | 3 +- includes/database/pgsql/schema.inc | 28 +- includes/database/query.inc | 132 +- includes/database/schema.inc | 6 +- includes/database/select.inc | 7 +- includes/database/sqlite/database.inc | 2 +- includes/database/sqlite/query.inc | 30 +- includes/database/sqlite/schema.inc | 28 +- includes/entity.inc | 43 +- includes/errors.inc | 4 +- includes/file.inc | 284 +++-- includes/file.mimetypes.inc | 20 + includes/filetransfer/filetransfer.inc | 10 + includes/filetransfer/ftp.inc | 6 +- includes/filetransfer/ssh.inc | 6 +- includes/form.inc | 221 ++-- includes/image.inc | 8 +- includes/install.core.inc | 59 +- includes/install.inc | 51 +- includes/iso.inc | 5 +- includes/language.inc | 180 ++- includes/locale.inc | 15 +- includes/lock.inc | 2 +- includes/mail.inc | 43 +- includes/menu.inc | 77 +- includes/module.inc | 71 +- includes/password.inc | 8 +- includes/path.inc | 16 +- includes/registry.inc | 9 +- includes/session.inc | 12 +- includes/stream_wrappers.inc | 42 +- includes/tablesort.inc | 23 +- includes/theme.inc | 277 +++-- includes/theme.maintenance.inc | 10 +- includes/token.inc | 18 +- includes/unicode.inc | 149 ++- includes/update.inc | 12 +- includes/utility.inc | 1 + includes/xmlrpc.inc | 36 +- includes/xmlrpcs.inc | 4 +- install.php | 4 +- misc/ajax.js | 31 +- misc/autocomplete.js | 5 +- misc/favicon.ico | Bin 1150 -> 5430 bytes misc/machine-name.js | 2 +- misc/states.js | 2 +- misc/tabledrag.js | 2 +- misc/tableheader.js | 2 +- misc/tableselect.js | 6 +- misc/throbber-active.gif | Bin 0 -> 1233 bytes misc/throbber-inactive.png | Bin 0 -> 320 bytes misc/vertical-tabs.js | 6 + modules/aggregator/aggregator-rtl.css | 3 + modules/aggregator/aggregator.admin.inc | 14 +- modules/aggregator/aggregator.api.php | 2 +- modules/aggregator/aggregator.css | 3 + modules/aggregator/aggregator.fetcher.inc | 2 +- modules/aggregator/aggregator.info | 6 + modules/aggregator/aggregator.install | 10 + modules/aggregator/aggregator.module | 10 +- modules/aggregator/aggregator.pages.inc | 69 +- modules/aggregator/aggregator.processor.inc | 6 + modules/aggregator/aggregator.test | 136 +- modules/aggregator/tests/aggregator_test.info | 6 + .../aggregator/tests/aggregator_test.module | 2 +- .../tests/aggregator_test_title_entities.xml | 14 + modules/block/block.admin.inc | 2 +- modules/block/block.api.php | 30 +- modules/block/block.info | 6 + modules/block/block.install | 18 +- modules/block/block.module | 93 +- modules/block/block.test | 126 +- modules/block/tests/block_test.info | 6 + modules/block/tests/block_test.module | 31 + .../block_test_theme/block_test_theme.info | 6 + modules/blog/blog.info | 6 + modules/blog/blog.test | 40 +- modules/book/book-rtl.css | 4 + modules/book/book.admin.inc | 15 +- modules/book/book.css | 4 + modules/book/book.info | 6 + modules/book/book.js | 1 - modules/book/book.module | 49 +- modules/book/book.pages.inc | 13 +- modules/book/book.test | 121 +- modules/color/color.info | 6 + modules/color/color.module | 56 +- modules/comment/comment.admin.inc | 3 +- modules/comment/comment.info | 6 + modules/comment/comment.module | 61 +- modules/comment/comment.test | 69 +- modules/contact/contact.info | 6 + modules/contact/contact.pages.inc | 4 +- modules/contact/contact.test | 66 +- modules/contextual/contextual.css | 2 +- modules/contextual/contextual.info | 6 + modules/contextual/contextual.js | 4 + modules/dashboard/dashboard.api.php | 2 +- modules/dashboard/dashboard.info | 6 + modules/dashboard/dashboard.js | 10 +- modules/dashboard/dashboard.test | 38 +- modules/dblog/dblog-rtl.css | 4 + modules/dblog/dblog.admin.inc | 79 +- modules/dblog/dblog.css | 5 + modules/dblog/dblog.info | 6 + modules/dblog/dblog.install | 17 + modules/dblog/dblog.module | 18 +- modules/dblog/dblog.test | 280 +++-- modules/field/field.api.php | 115 +- modules/field/field.attach.inc | 91 +- modules/field/field.crud.inc | 50 +- modules/field/field.info | 7 + modules/field/field.info.class.inc | 684 ++++++++++ modules/field/field.info.inc | 464 +++---- modules/field/field.install | 10 +- modules/field/field.module | 37 +- .../field_sql_storage/field_sql_storage.info | 6 + .../field_sql_storage.module | 64 +- .../field_sql_storage/field_sql_storage.test | 215 +++- modules/field/modules/list/list.info | 6 + modules/field/modules/list/tests/list.test | 102 +- .../field/modules/list/tests/list_test.info | 6 + modules/field/modules/number/number.info | 6 + modules/field/modules/number/number.test | 8 +- modules/field/modules/options/options.info | 6 + modules/field/modules/options/options.test | 46 +- modules/field/modules/text/text.info | 6 + modules/field/modules/text/text.js | 30 +- modules/field/modules/text/text.module | 2 +- modules/field/modules/text/text.test | 40 +- modules/field/tests/field.test | 783 ++++++++---- modules/field/tests/field_test.entity.inc | 6 + modules/field/tests/field_test.field.inc | 4 +- modules/field/tests/field_test.info | 6 + modules/field/tests/field_test.install | 18 +- modules/field/tests/field_test.module | 20 +- modules/field_ui/field_ui.admin.inc | 12 +- modules/field_ui/field_ui.api.php | 3 + modules/field_ui/field_ui.info | 6 + modules/field_ui/field_ui.js | 4 +- modules/field_ui/field_ui.module | 25 +- modules/field_ui/field_ui.test | 98 +- modules/file/file.field.inc | 35 +- modules/file/file.info | 6 + modules/file/file.js | 2 +- modules/file/file.module | 44 +- modules/file/tests/file.test | 334 +++-- modules/file/tests/file_module_test.info | 6 + modules/filter/filter.admin.inc | 65 +- modules/filter/filter.api.php | 48 +- modules/filter/filter.info | 6 + modules/filter/filter.install | 2 +- modules/filter/filter.module | 250 ++-- modules/filter/filter.pages.inc | 16 +- modules/filter/filter.test | 551 +++++---- modules/forum/forum-rtl.css | 4 + modules/forum/forum.css | 2 +- modules/forum/forum.info | 6 + modules/forum/forum.module | 13 +- modules/forum/forum.test | 67 +- modules/help/help.info | 6 + modules/help/help.test | 12 +- modules/image/image.admin.inc | 118 +- modules/image/image.api.php | 1 + modules/image/image.field.inc | 8 +- modules/image/image.info | 6 + modules/image/image.install | 36 +- modules/image/image.module | 174 ++- modules/image/image.test | 523 +++++--- modules/image/tests/image_module_test.info | 6 + modules/locale/locale.admin.inc | 14 +- modules/locale/locale.info | 6 + modules/locale/locale.module | 68 +- modules/locale/locale.test | 462 ++++--- modules/locale/tests/locale_test.info | 6 + modules/menu/menu.admin.inc | 8 +- modules/menu/menu.api.php | 8 +- modules/menu/menu.info | 6 + modules/menu/menu.module | 2 +- modules/menu/menu.test | 63 +- modules/node/content_types.inc | 15 +- modules/node/node.admin.inc | 137 ++- modules/node/node.api.php | 312 ++--- modules/node/node.info | 6 + modules/node/node.install | 10 + modules/node/node.module | 458 +++++-- modules/node/node.pages.inc | 143 ++- modules/node/node.test | 758 ++++++++---- modules/node/node.tokens.inc | 23 +- modules/node/tests/node_access_test.info | 6 + modules/node/tests/node_access_test.module | 8 +- modules/node/tests/node_test.info | 6 + modules/node/tests/node_test.module | 24 +- modules/node/tests/node_test_exception.info | 6 + modules/node/tests/node_test_exception.module | 3 +- modules/openid/openid.inc | 28 +- modules/openid/openid.info | 6 + modules/openid/openid.install | 76 +- modules/openid/openid.module | 19 +- modules/openid/openid.test | 7 - modules/openid/tests/openid_test.info | 6 + modules/openid/tests/openid_test.install | 2 +- modules/overlay/overlay-parent.js | 7 +- modules/overlay/overlay.info | 6 + modules/overlay/overlay.module | 6 +- modules/path/path.info | 6 + modules/path/path.test | 20 +- modules/php/php.info | 6 + modules/php/php.module | 8 +- modules/php/php.test | 22 +- modules/poll/poll.info | 6 + modules/poll/poll.module | 5 +- modules/poll/poll.test | 5 + modules/profile/profile.info | 6 + modules/profile/profile.module | 1 + modules/profile/profile.pages.inc | 13 +- modules/profile/profile.test | 76 +- modules/rdf/rdf.info | 6 + modules/rdf/rdf.module | 121 +- modules/rdf/rdf.test | 147 +-- modules/rdf/tests/rdf_test.info | 6 + modules/search/search-result.tpl.php | 2 +- modules/search/search.api.php | 90 +- modules/search/search.extender.inc | 68 +- modules/search/search.info | 6 + modules/search/search.module | 2 +- modules/search/search.pages.inc | 1 - modules/search/search.test | 202 ++- .../search/tests/search_embedded_form.info | 6 + modules/search/tests/search_extra_type.info | 6 + modules/search/tests/search_node_tags.info | 12 + modules/search/tests/search_node_tags.module | 23 + modules/shortcut/shortcut.admin.inc | 2 +- modules/shortcut/shortcut.info | 6 + modules/shortcut/shortcut.test | 8 +- modules/simpletest/drupal_web_test_case.php | 255 ++-- .../css_input_with_import.css.optimized.css | 2 +- .../css_input_with_import.css.unoptimized.css | 25 + .../css_subfolder/css_input_with_import.css | 29 + .../css_input_with_import.css.optimized.css | 6 + .../css_input_with_import.css.unoptimized.css | 54 + .../files/css_test_files/import1.css | 16 +- .../image-test-transparent-out-of-range.gif | Bin 0 -> 183 bytes .../Drupal/simpletest/Tests/PSR0WebTest.php | 18 + modules/simpletest/simpletest.info | 7 + modules/simpletest/simpletest.install | 2 +- modules/simpletest/simpletest.module | 129 ++ modules/simpletest/simpletest.pages.inc | 3 + modules/simpletest/simpletest.test | 166 ++- modules/simpletest/src/Tests/PSR4WebTest.php | 18 + .../simpletest/tests/actions_loop_test.info | 6 + modules/simpletest/tests/ajax.test | 93 +- modules/simpletest/tests/ajax_forms_test.info | 6 + .../simpletest/tests/ajax_forms_test.module | 20 +- modules/simpletest/tests/ajax_test.info | 6 + modules/simpletest/tests/batch_test.info | 6 + modules/simpletest/tests/bootstrap.test | 280 ++++- modules/simpletest/tests/cache.test | 74 +- modules/simpletest/tests/common.test | 943 ++++++++++---- modules/simpletest/tests/common_test.info | 6 + modules/simpletest/tests/common_test.module | 8 + .../tests/common_test_cron_helper.info | 6 + modules/simpletest/tests/database_test.info | 6 + .../simpletest/tests/database_test.install | 3 + modules/simpletest/tests/database_test.test | 1096 +++++++++++------ .../drupal_autoload_test.info | 14 + .../drupal_autoload_test.module | 6 + .../drupal_autoload_test_class.inc | 11 + .../drupal_autoload_test_interface.inc | 11 + ...drupal_system_listing_compatible_test.info | 6 + ...upal_system_listing_incompatible_test.info | 6 + .../simpletest/tests/entity_cache_test.info | 6 + .../tests/entity_cache_test_dependency.info | 6 + modules/simpletest/tests/entity_crud.test | 49 + .../tests/entity_crud_hook_test.info | 6 + modules/simpletest/tests/entity_query.test | 242 ++-- .../tests/entity_query_access_test.info | 6 + modules/simpletest/tests/error.test | 22 +- modules/simpletest/tests/error_test.info | 6 + modules/simpletest/tests/file.test | 708 +++++------ modules/simpletest/tests/file_test.info | 6 + modules/simpletest/tests/filter_test.info | 6 + modules/simpletest/tests/filter_test.module | 2 + modules/simpletest/tests/form.test | 512 ++++++-- modules/simpletest/tests/form_test.info | 6 + modules/simpletest/tests/form_test.module | 101 ++ modules/simpletest/tests/graph.test | 12 +- modules/simpletest/tests/image.test | 112 +- modules/simpletest/tests/image_test.info | 6 + modules/simpletest/tests/lock.test | 20 +- modules/simpletest/tests/mail.test | 27 +- modules/simpletest/tests/menu.test | 188 +-- modules/simpletest/tests/menu_test.info | 6 + modules/simpletest/tests/module.test | 82 +- modules/simpletest/tests/module_test.info | 6 + modules/simpletest/tests/pager.test | 24 +- modules/simpletest/tests/password.test | 41 +- modules/simpletest/tests/path.test | 36 +- modules/simpletest/tests/path_test.info | 6 + .../Drupal/psr_0_test/Tests/ExampleTest.php | 18 + .../Tests/Nested/NestedExampleTest.php | 18 + .../tests/psr_0_test/psr_0_test.info | 12 + .../tests/psr_0_test/psr_0_test.module | 1 + .../tests/psr_4_test/psr_4_test.info | 12 + .../tests/psr_4_test/psr_4_test.module | 1 + .../psr_4_test/src/Tests/ExampleTest.php | 18 + .../src/Tests/Nested/NestedExampleTest.php | 18 + .../simpletest/tests/requirements1_test.info | 6 + .../simpletest/tests/requirements2_test.info | 6 + modules/simpletest/tests/schema.test | 48 +- modules/simpletest/tests/session.test | 95 +- modules/simpletest/tests/session_test.info | 6 + .../tests/system_dependencies_test.info | 6 + ...atible_core_version_dependencies_test.info | 6 + ...system_incompatible_core_version_test.info | 6 + ...ible_module_version_dependencies_test.info | 6 + ...stem_incompatible_module_version_test.info | 6 + modules/simpletest/tests/system_test.info | 6 + modules/simpletest/tests/system_test.module | 78 +- modules/simpletest/tests/tablesort.test | 12 +- modules/simpletest/tests/taxonomy_test.info | 6 + modules/simpletest/tests/theme.test | 272 +++- modules/simpletest/tests/theme_test.info | 6 + modules/simpletest/tests/theme_test.module | 13 + .../themes/test_basetheme/test_basetheme.info | 6 + .../themes/test_subtheme/test_subtheme.info | 6 + .../test_theme/templates/node--1.tpl.php | 2 + .../tests/themes/test_theme/test_theme.info | 6 + modules/simpletest/tests/unicode.test | 14 +- modules/simpletest/tests/update.test | 18 +- .../simpletest/tests/update_script_test.info | 6 + modules/simpletest/tests/update_test_1.info | 6 + modules/simpletest/tests/update_test_2.info | 6 + modules/simpletest/tests/update_test_3.info | 6 + ...drupal-6.duplicate-permission.database.php | 8 + .../tests/upgrade/update.field.test | 2 +- .../tests/upgrade/update.trigger.test | 2 +- .../simpletest/tests/upgrade/update.user.test | 2 +- .../tests/upgrade/upgrade.comment.test | 2 +- .../tests/upgrade/upgrade.filter.test | 10 +- .../tests/upgrade/upgrade.forum.test | 8 +- .../tests/upgrade/upgrade.locale.test | 16 +- .../tests/upgrade/upgrade.menu.test | 2 +- .../tests/upgrade/upgrade.node.test | 12 +- .../tests/upgrade/upgrade.poll.test | 8 +- .../tests/upgrade/upgrade.taxonomy.test | 33 +- modules/simpletest/tests/upgrade/upgrade.test | 60 +- .../tests/upgrade/upgrade.translatable.test | 6 +- .../tests/upgrade/upgrade.trigger.test | 2 +- .../tests/upgrade/upgrade.upload.test | 2 +- .../tests/upgrade/upgrade.user.test | 29 + modules/simpletest/tests/url_alter_test.info | 6 + modules/simpletest/tests/xmlrpc.test | 21 +- modules/simpletest/tests/xmlrpc_test.info | 6 + modules/statistics/statistics.admin.inc | 20 +- modules/statistics/statistics.info | 6 + modules/statistics/statistics.install | 1 + modules/statistics/statistics.js | 10 + modules/statistics/statistics.module | 18 +- modules/statistics/statistics.pages.inc | 8 +- modules/statistics/statistics.php | 31 + modules/statistics/statistics.test | 19 +- modules/syslog/syslog.info | 7 + modules/system/form.api.php | 126 ++ modules/system/image.gd.inc | 58 +- modules/system/language.api.php | 86 +- modules/system/system.admin.inc | 51 +- modules/system/system.api.php | 436 +++++-- modules/system/system.base-rtl.css | 4 +- modules/system/system.base.css | 9 +- modules/system/system.info | 6 + modules/system/system.install | 107 +- modules/system/system.mail.inc | 2 +- modules/system/system.module | 75 +- modules/system/system.queue.inc | 13 +- modules/system/system.test | 502 +++++--- modules/system/system.updater.inc | 4 + modules/system/tests/cron_queue_test.info | 12 + modules/system/tests/cron_queue_test.module | 15 + modules/system/theme.api.php | 2 + modules/taxonomy/taxonomy-term.tpl.php | 3 +- modules/taxonomy/taxonomy.api.php | 73 +- modules/taxonomy/taxonomy.info | 6 + modules/taxonomy/taxonomy.install | 70 +- modules/taxonomy/taxonomy.module | 35 +- modules/taxonomy/taxonomy.pages.inc | 5 +- modules/taxonomy/taxonomy.test | 21 +- modules/toolbar/toolbar.info | 6 + modules/tracker/tracker.info | 6 + modules/tracker/tracker.module | 10 +- modules/tracker/tracker.pages.inc | 1 - modules/tracker/tracker.test | 108 +- .../translation/tests/translation_test.info | 6 + modules/translation/translation.info | 6 + modules/translation/translation.module | 33 +- modules/translation/translation.test | 50 +- modules/trigger/tests/trigger_test.info | 6 + modules/trigger/trigger.info | 6 + modules/trigger/trigger.test | 50 +- modules/update/tests/aaa_update_test.info | 6 + modules/update/tests/bbb_update_test.info | 6 + modules/update/tests/ccc_update_test.info | 6 + .../update_test_basetheme.info | 6 + .../update_test_subtheme.info | 6 + modules/update/tests/update_test.info | 6 + modules/update/update.compare.inc | 7 +- modules/update/update.fetch.inc | 2 +- modules/update/update.info | 6 + modules/update/update.module | 8 +- modules/update/update.test | 46 +- modules/user/tests/user_form_test.info | 6 + modules/user/user.admin.inc | 17 +- modules/user/user.api.php | 22 +- modules/user/user.info | 6 + modules/user/user.install | 16 +- modules/user/user.module | 213 +++- modules/user/user.pages.inc | 28 +- modules/user/user.test | 499 +++++--- profiles/minimal/minimal.info | 6 + profiles/standard/standard.info | 6 + profiles/standard/standard.install | 6 +- ...drupal_system_listing_compatible_test.info | 6 + ...upal_system_listing_incompatible_test.info | 6 + profiles/testing/testing.info | 6 + robots.txt | 8 +- scripts/run-tests.sh | 64 +- sites/all/modules/ckeditor/.gitignore | 1 + sites/all/modules/ckeditor/CHANGELOG.txt | 57 + sites/all/modules/ckeditor/README.txt | 363 +----- .../all/modules/ckeditor/TROUBLESHOOTING.txt | 215 ---- sites/all/modules/ckeditor/UPGRADE.txt | 30 - sites/all/modules/ckeditor/ckeditor.api.php | 45 +- sites/all/modules/ckeditor/ckeditor.config.js | 23 +- sites/all/modules/ckeditor/ckeditor.info | 8 +- sites/all/modules/ckeditor/ckeditor.install | 46 +- sites/all/modules/ckeditor/ckeditor.module | 105 +- sites/all/modules/ckeditor/ckeditor.styles.js | 2 +- .../ckeditor/{ => css}/ckeditor-rtl.css | 4 +- .../{ckeditor.css => css/ckeditor.admin.css} | 79 +- sites/all/modules/ckeditor/css/ckeditor.css | 32 + .../modules/ckeditor/css/ckeditor.editor.css | 24 + .../modules/ckeditor/images/buttons/about.png | Bin 1221 -> 843 bytes .../ckeditor/images/buttons/anchor.png | Bin 1215 -> 757 bytes .../images/buttons/backgroundColor.png | Bin 1238 -> 0 bytes .../ckeditor/images/buttons/bgcolor.png | Bin 0 -> 906 bytes .../ckeditor/images/buttons/bidiLeft.png | Bin 1149 -> 0 bytes .../ckeditor/images/buttons/bidiRight.png | Bin 1149 -> 0 bytes .../ckeditor/images/buttons/bidiltr.png | Bin 0 -> 769 bytes .../ckeditor/images/buttons/bidirtl.png | Bin 0 -> 768 bytes .../ckeditor/images/buttons/blockJustify.png | Bin 1124 -> 0 bytes .../ckeditor/images/buttons/blockQuote.png | Bin 1164 -> 0 bytes .../ckeditor/images/buttons/blockquote.png | Bin 0 -> 925 bytes .../modules/ckeditor/images/buttons/bold.png | Bin 1156 -> 813 bytes .../ckeditor/images/buttons/bulletedList.png | Bin 1131 -> 0 bytes .../ckeditor/images/buttons/bulletedlist.png | Bin 0 -> 646 bytes .../ckeditor/images/buttons/button.png | Bin 1191 -> 528 bytes .../ckeditor/images/buttons/centerJustify.png | Bin 1128 -> 0 bytes .../ckeditor/images/buttons/checkSpelling.png | Bin 1193 -> 0 bytes .../ckeditor/images/buttons/checkbox.png | Bin 1171 -> 756 bytes .../ckeditor/images/buttons/codesnippet.png | Bin 0 -> 597 bytes .../modules/ckeditor/images/buttons/copy.png | Bin 1193 -> 684 bytes .../images/buttons/createDivContainer.png | Bin 1166 -> 0 bytes .../ckeditor/images/buttons/creatediv.png | Bin 0 -> 862 bytes .../modules/ckeditor/images/buttons/cut.png | Bin 1233 -> 1031 bytes .../images/buttons/decreaseIndent.png | Bin 1153 -> 0 bytes .../ckeditor/images/buttons/docprops.png | Bin 0 -> 844 bytes .../modules/ckeditor/images/buttons/find.png | Bin 1199 -> 980 bytes .../modules/ckeditor/images/buttons/flash.png | Bin 1226 -> 1038 bytes .../modules/ckeditor/images/buttons/font.png | Bin 3663 -> 968 bytes .../ckeditor/images/buttons/fontSize.png | Bin 3657 -> 0 bytes .../modules/ckeditor/images/buttons/form.png | Bin 1141 -> 590 bytes .../ckeditor/images/buttons/format.png | Bin 3815 -> 1204 bytes .../ckeditor/images/buttons/hiddenField.png | Bin 1313 -> 0 bytes .../ckeditor/images/buttons/hiddenfield.png | Bin 0 -> 823 bytes .../images/buttons/horizontalLine.png | Bin 1158 -> 0 bytes .../images/buttons/horizontalrule.png | Bin 0 -> 519 bytes .../ckeditor/images/buttons/iframe.png | Bin 409 -> 989 bytes .../modules/ckeditor/images/buttons/image.png | Bin 1267 -> 756 bytes .../ckeditor/images/buttons/imageButton.png | Bin 1199 -> 0 bytes .../ckeditor/images/buttons/imagebutton.png | Bin 0 -> 680 bytes .../images/buttons/increaseIndent.png | Bin 1156 -> 0 bytes .../ckeditor/images/buttons/indent.png | Bin 0 -> 711 bytes .../ckeditor/images/buttons/italic.png | Bin 1142 -> 708 bytes .../ckeditor/images/buttons/justifyblock.png | Bin 0 -> 496 bytes .../ckeditor/images/buttons/justifycenter.png | Bin 0 -> 609 bytes .../ckeditor/images/buttons/justifyleft.png | Bin 0 -> 558 bytes .../ckeditor/images/buttons/justifyright.png | Bin 0 -> 554 bytes .../ckeditor/images/buttons/language.png | Bin 0 -> 668 bytes .../ckeditor/images/buttons/leftJustify.png | Bin 1128 -> 0 bytes .../modules/ckeditor/images/buttons/link.png | Bin 1224 -> 656 bytes .../ckeditor/images/buttons/mathjax.png | Bin 0 -> 703 bytes .../ckeditor/images/buttons/maximize.png | Bin 1184 -> 921 bytes .../ckeditor/images/buttons/newPage.png | Bin 1142 -> 0 bytes .../ckeditor/images/buttons/newpage.png | Bin 0 -> 580 bytes .../ckeditor/images/buttons/numberedList.png | Bin 1149 -> 0 bytes .../ckeditor/images/buttons/numberedlist.png | Bin 0 -> 645 bytes .../ckeditor/images/buttons/outdent.png | Bin 0 -> 699 bytes .../images/buttons/pageBreakPrinting.png | Bin 1185 -> 0 bytes .../ckeditor/images/buttons/pagebreak.png | Bin 0 -> 602 bytes .../modules/ckeditor/images/buttons/paste.png | Bin 1224 -> 724 bytes .../images/buttons/pastePlainText.png | Bin 1246 -> 0 bytes .../ckeditor/images/buttons/pasteWord.png | Bin 1242 -> 0 bytes .../ckeditor/images/buttons/pastefromword.png | Bin 0 -> 723 bytes .../ckeditor/images/buttons/pastetext.png | Bin 0 -> 750 bytes .../ckeditor/images/buttons/placeholder.png | Bin 0 -> 714 bytes .../ckeditor/images/buttons/preview.png | Bin 1193 -> 855 bytes .../modules/ckeditor/images/buttons/print.png | Bin 1183 -> 765 bytes .../modules/ckeditor/images/buttons/radio.png | Bin 0 -> 874 bytes .../ckeditor/images/buttons/radioButton.png | Bin 1164 -> 0 bytes .../modules/ckeditor/images/buttons/redo.png | Bin 1168 -> 842 bytes .../ckeditor/images/buttons/removeFormat.png | Bin 1176 -> 0 bytes .../ckeditor/images/buttons/removeformat.png | Bin 0 -> 871 bytes .../ckeditor/images/buttons/replace.png | Bin 1182 -> 948 bytes .../ckeditor/images/buttons/rightJustify.png | Bin 1128 -> 0 bytes .../modules/ckeditor/images/buttons/save.png | Bin 1197 -> 716 bytes .../modules/ckeditor/images/buttons/scayt.png | Bin 0 -> 836 bytes .../ckeditor/images/buttons/select.png | Bin 0 -> 616 bytes .../ckeditor/images/buttons/selectAll.png | Bin 1165 -> 0 bytes .../ckeditor/images/buttons/selectall.png | Bin 0 -> 665 bytes .../images/buttons/selectionField.png | Bin 912 -> 0 bytes .../ckeditor/images/buttons/showBlocks.png | Bin 1197 -> 0 bytes .../ckeditor/images/buttons/showblocks.png | Bin 0 -> 701 bytes .../modules/ckeditor/images/buttons/size.png | Bin 0 -> 1055 bytes .../ckeditor/images/buttons/smiley.png | Bin 1212 -> 916 bytes .../ckeditor/images/buttons/source.png | Bin 1171 -> 764 bytes .../ckeditor/images/buttons/sourcedialog.png | Bin 0 -> 764 bytes .../images/buttons/specialCharacter.png | Bin 1175 -> 0 bytes .../ckeditor/images/buttons/specialchar.png | Bin 0 -> 970 bytes .../ckeditor/images/buttons/spellchecker.png | Bin 0 -> 836 bytes .../ckeditor/images/buttons/strike.png | Bin 1147 -> 879 bytes .../ckeditor/images/buttons/styles.png | Bin 3822 -> 1339 bytes .../ckeditor/images/buttons/subscript.png | Bin 1170 -> 806 bytes .../ckeditor/images/buttons/superscript.png | Bin 1172 -> 859 bytes .../modules/ckeditor/images/buttons/table.png | Bin 1182 -> 535 bytes .../ckeditor/images/buttons/templates.png | Bin 1165 -> 639 bytes .../ckeditor/images/buttons/textColor.png | Bin 1201 -> 0 bytes .../ckeditor/images/buttons/textField.png | Bin 1197 -> 0 bytes .../ckeditor/images/buttons/textarea.png | Bin 956 -> 677 bytes .../ckeditor/images/buttons/textcolor.png | Bin 0 -> 813 bytes .../ckeditor/images/buttons/textfield.png | Bin 0 -> 588 bytes .../ckeditor/images/buttons/uicolor.png | Bin 0 -> 965 bytes .../ckeditor/images/buttons/underline.png | Bin 1143 -> 747 bytes .../modules/ckeditor/images/buttons/undo.png | Bin 1173 -> 850 bytes .../ckeditor/images/buttons/unlink.png | Bin 1220 -> 812 bytes .../ckeditor/includes/ckeditor.admin.inc | 340 +++-- .../ckeditor/includes/ckeditor.admin.js | 12 +- .../ckeditor/includes/ckeditor.drush.inc | 4 +- .../ckeditor/includes/ckeditor.features.inc | 20 +- .../ckeditor/includes/ckeditor.lib.inc | 248 +++- .../ckeditor/includes/ckeditor.page.inc | 107 +- .../ckeditor/includes/ckeditor.user.inc | 2 +- .../ckeditor/includes/ckeditor.utils.js | 137 ++- .../ckeditor/includes/filemanager.config.php | 11 +- .../includes/jqueryUI/jquery-ui.min.js | 414 ------- .../jqueryUI/jquery.ui.sortable.min.js | 60 - .../includes/jqueryUI/jquery.ui.widget.min.js | 15 - .../ckeditor/includes/jqueryUI/sort.js | 2 +- .../includes/uicolor/dialogs/uicolor.js | 2 +- .../ckeditor/includes/uicolor/lang/bg.js | 2 +- .../ckeditor/includes/uicolor/lang/cs.js | 2 +- .../ckeditor/includes/uicolor/lang/cy.js | 2 +- .../ckeditor/includes/uicolor/lang/da.js | 2 +- .../ckeditor/includes/uicolor/lang/de.js | 2 +- .../ckeditor/includes/uicolor/lang/el.js | 2 +- .../ckeditor/includes/uicolor/lang/en.js | 2 +- .../ckeditor/includes/uicolor/lang/eo.js | 2 +- .../ckeditor/includes/uicolor/lang/et.js | 2 +- .../ckeditor/includes/uicolor/lang/fa.js | 2 +- .../ckeditor/includes/uicolor/lang/fi.js | 2 +- .../ckeditor/includes/uicolor/lang/fr.js | 2 +- .../ckeditor/includes/uicolor/lang/he.js | 2 +- .../ckeditor/includes/uicolor/lang/hr.js | 2 +- .../ckeditor/includes/uicolor/lang/it.js | 2 +- .../ckeditor/includes/uicolor/lang/mk.js | 2 +- .../ckeditor/includes/uicolor/lang/nb.js | 2 +- .../ckeditor/includes/uicolor/lang/nl.js | 2 +- .../ckeditor/includes/uicolor/lang/no.js | 2 +- .../ckeditor/includes/uicolor/lang/pl.js | 2 +- .../ckeditor/includes/uicolor/lang/tr.js | 2 +- .../ckeditor/includes/uicolor/lang/ug.js | 2 +- .../ckeditor/includes/uicolor/lang/uk.js | 2 +- .../ckeditor/includes/uicolor/lang/vi.js | 2 +- .../ckeditor/includes/uicolor/lang/zh-cn.js | 2 +- .../ckeditor/includes/uicolor/plugin.js | 2 +- .../ckeditor/plugins/drupalbreaks/plugin.js | 2 +- .../modules/ckeditor/plugins/imce/plugin.js | 6 +- .../modules/ckeditor/plugins/media/plugin.js | 9 +- .../plugins/mediaembed/dialogs/mediaembed.js | 2 +- .../ckeditor/plugins/mediaembed/plugin.js | 6 +- sites/all/modules/context/README.txt | 2 +- sites/all/modules/context/context.api.php | 11 + sites/all/modules/context/context.core.inc | 43 +- sites/all/modules/context/context.info | 7 +- sites/all/modules/context/context.install | 1 + sites/all/modules/context/context.module | 8 +- sites/all/modules/context/context.plugins.inc | 56 +- .../context_layouts/context_layouts.info | 6 +- .../context_layouts/context_layouts.module | 4 +- .../all/modules/context/context_ui/README.txt | 25 +- .../context/context_ui/context_ui.info | 6 +- .../modules/context/context_ui/context_ui.js | 2 +- .../context/context_ui/context_ui.module | 18 +- .../context/context_ui/context_ui_dialog.css | 13 +- .../export_ui/context_export_ui.class.php | 1 + .../context/context_ui/tests/context_ui.test | 1 + .../plugins/context_condition_context.inc | 44 +- .../plugins/context_condition_context_all.inc | 29 + .../plugins/context_condition_default.inc | 35 + .../plugins/context_condition_menu.inc | 2 + .../context_condition_query_string.inc | 28 + .../plugins/context_reaction_block.css | 10 +- .../plugins/context_reaction_block.inc | 145 +-- .../context/plugins/context_reaction_block.js | 7 +- .../plugins/context_reaction_breadcrumb.inc | 52 +- .../plugins/context_reaction_debug.inc | 16 +- .../context/plugins/context_reaction_menu.inc | 189 +-- .../context_reaction_template_suggestions.inc | 47 + .../context/tests/context.conditions.test | 1 + .../context/tests/context.reactions.test | 35 +- .../theme/context_reaction_block.theme.inc | 18 +- sites/all/modules/ctools/API.txt | 9 +- .../ctools/bulk_export/bulk_export.info | 8 +- sites/all/modules/ctools/css/modal.css | 4 + sites/all/modules/ctools/ctools.info | 9 +- sites/all/modules/ctools/ctools.install | 74 +- sites/all/modules/ctools/ctools.module | 241 +++- .../ctools_access_ruleset.info | 7 +- .../ctools_ajax_sample.info | 7 +- .../ctools_custom_content.info | 7 +- .../ctools_custom_content.module | 20 + .../ctools_plugin_example.info | 7 +- .../ctools_plugin_example.module | 2 +- .../all/modules/ctools/drush/ctools.drush.inc | 6 +- .../modules/ctools/help/context-content.html | 4 + sites/all/modules/ctools/help/export.html | 3 + .../modules/ctools/help/plugins-creating.html | 11 + sites/all/modules/ctools/includes/ajax.inc | 28 + sites/all/modules/ctools/includes/content.inc | 28 +- .../modules/ctools/includes/content.menu.inc | 172 ++- .../ctools/includes/content.plugin-type.inc | 2 +- .../modules/ctools/includes/context-admin.inc | 30 +- .../ctools/includes/context-task-handler.inc | 6 +- sites/all/modules/ctools/includes/context.inc | 18 +- .../all/modules/ctools/includes/css-cache.inc | 52 + sites/all/modules/ctools/includes/css.inc | 4 +- .../ctools/includes/dropbutton.theme.inc | 2 + .../ctools/includes/dropdown.theme.inc | 3 + .../modules/ctools/includes/entity-access.inc | 150 +++ sites/all/modules/ctools/includes/export.inc | 16 +- sites/all/modules/ctools/includes/fields.inc | 13 + sites/all/modules/ctools/includes/modal.inc | 26 +- sites/all/modules/ctools/includes/plugins.inc | 44 +- sites/all/modules/ctools/includes/utility.inc | 13 - sites/all/modules/ctools/includes/uuid.inc | 67 + sites/all/modules/ctools/includes/wizard.inc | 2 +- .../modules/ctools/includes/wizard.theme.inc | 11 +- sites/all/modules/ctools/js/auto-submit.js | 5 + .../all/modules/ctools/js/collapsible-div.js | 1 + sites/all/modules/ctools/js/dependent.js | 8 +- sites/all/modules/ctools/js/modal.js | 49 +- .../page_manager/page_manager.admin.inc | 64 +- .../ctools/page_manager/page_manager.info | 7 +- .../ctools/page_manager/page_manager.module | 46 +- .../plugins/task_handlers/http_response.inc | 51 +- .../plugins/tasks/comment_reply.inc | 2 +- .../page_manager/plugins/tasks/node_edit.inc | 2 +- .../page_manager/plugins/tasks/node_view.inc | 24 +- .../page_manager/plugins/tasks/page.admin.inc | 12 +- .../page_manager/plugins/tasks/page.inc | 2 +- .../page_manager/plugins/tasks/term_view.inc | 4 +- .../page_manager/plugins/tasks/user_edit.inc | 6 +- .../page_manager/plugins/tasks/user_view.inc | 2 +- .../modules/ctools/plugins/access/book.inc | 94 ++ .../plugins/access/entity_field_value.inc | 301 ++++- .../ctools/plugins/access/node_comment.inc | 31 + .../ctools/plugins/access/string_length.inc | 4 +- .../ctools/plugins/access/term_vocabulary.inc | 60 +- .../ctools/plugins/arguments/entity_id.inc | 85 +- .../modules/ctools/plugins/arguments/rid.inc | 2 +- .../ctools/plugins/arguments/user_edit.inc | 1 - .../plugins/content_types/block/block.inc | 47 +- .../content_types/comment/comment_links.inc | 80 ++ .../comment/comment_reply_form.inc | 2 +- .../plugins/content_types/custom/custom.inc | 5 + .../entity_context/entity_field.inc | 61 +- .../entity_context/entity_field_extra.inc | 22 +- .../content_types/form/entity_form_field.inc | 5 + .../plugins/content_types/node/node.inc | 3 +- .../node_context/node_comment_wrapper.inc | 117 ++ .../content_types/node_context/node_title.inc | 49 +- .../node_context/node_updated.inc | 2 +- .../content_types/page/page_site_name.inc | 42 +- .../content_types/page/page_slogan.inc | 4 +- .../content_types/term_context/term_list.inc | 30 +- .../content_types/term_context/term_name.inc | 121 ++ .../plugins/content_types/token/token.inc | 11 +- .../user_context/profile_fields.inc | 2 +- .../content_types/user_context/user_links.inc | 84 ++ .../ctools/plugins/contexts/string.inc | 28 +- .../modules/ctools/plugins/contexts/token.inc | 3 +- .../modules/ctools/plugins/contexts/user.inc | 2 +- .../plugins/contexts/user_edit_form.inc | 6 +- .../export_ui/ctools_export_ui.class.php | 26 +- .../plugins/relationships/book_parent.inc | 4 +- .../relationships/entity_from_field.inc | 18 +- .../plugins/relationships/terms_from_node.inc | 2 +- .../all/modules/ctools/stylizer/stylizer.info | 7 +- .../term_depth/plugins/access/term_depth.inc | 128 ++ .../modules/ctools/term_depth/term_depth.info | 13 + .../ctools/term_depth/term_depth.module | 7 + sites/all/modules/ctools/tests/css_cache.test | 48 + .../ctools_export_test.info | 7 +- .../ctools/tests/ctools_plugin_test.info | 9 +- .../modules/ctools/tests/math_expression.test | 129 ++ .../ctools/tests/math_expression_stack.test | 63 + .../plugins/content_types/views.inc | 12 - .../plugins/content_types/views_panes.inc | 27 +- .../plugins/relationships/term_from_view.inc | 10 +- .../plugins/views/views_content.views.inc | 1 + .../ctools/views_content/views_content.info | 7 +- .../ctools/views_content/views_content.module | 14 + sites/all/modules/custom_search/README.txt | 23 +- .../custom_search/custom_search.admin.inc | 31 +- .../modules/custom_search/custom_search.css | 21 +- .../modules/custom_search/custom_search.info | 15 +- .../custom_search/custom_search.install | 92 +- .../custom_search/custom_search.module | 295 +++-- .../includes/apachesolr_search.inc | 32 +- .../modules/custom_search/includes/forms.inc | 72 +- .../includes/google_appliance.inc | 5 +- .../custom_search/includes/luceneapi_node.inc | 11 +- .../custom_search/includes/search_api.inc | 14 +- .../modules/custom_search/js/custom_search.js | 73 +- .../custom_search/js/custom_search_sort.js | 3 +- .../custom_search_blocks.admin.inc | 4 +- .../custom_search_blocks.info | 13 +- .../custom_search_blocks.install | 66 +- .../custom_search_blocks.module | 23 +- .../custom_search_i18n.admin.inc | 15 +- .../custom_search_i18n.info | 11 +- .../custom_search_i18n.install | 12 +- .../custom_search_i18n.module | 298 ++--- .../custom_search_taxonomy.admin.inc | 10 +- .../custom_search_taxonomy.info | 13 +- .../custom_search_taxonomy.install | 37 +- .../custom_search_taxonomy.module | 189 +-- .../theme/custom_search-result.tpl.php | 3 +- .../theme/custom_search-results.tpl.php | 8 +- .../theme/custom_search-sort-form.tpl.php | 12 +- .../theme/custom_search.pages.inc | 44 +- sites/all/modules/date/CHANGELOG.txt | 83 +- sites/all/modules/date/date.diff.inc | 79 ++ sites/all/modules/date/date.field.inc | 8 + sites/all/modules/date/date.info | 8 +- .../date/{date_migrate => }/date.migrate.inc | 89 +- sites/all/modules/date/date.module | 28 +- sites/all/modules/date/date.theme | 68 +- sites/all/modules/date/date_admin.inc | 9 +- .../date/date_all_day/date_all_day.info | 6 +- sites/all/modules/date/date_api/date_api.info | 6 +- .../all/modules/date/date_api/date_api.module | 127 +- .../date/date_api/date_api_elements.inc | 23 +- .../modules/date/date_api/date_api_sql.inc | 32 +- .../date/date_context/date_context.info | 6 +- .../plugins/date_context_date_condition.inc | 2 +- sites/all/modules/date/date_elements.inc | 15 +- .../date/date_migrate/date_migrate.info | 14 +- .../date/date_migrate/date_migrate.module | 12 +- .../date_migrate_example.info | 7 +- .../date_migrate_example.install | 9 + .../date_migrate_example.migrate.inc | 51 +- .../date_migrate_example.module | 3 + sites/all/modules/date/date_popup/README.txt | 6 +- .../modules/date/date_popup/date_popup.info | 6 +- .../modules/date/date_popup/date_popup.module | 8 +- .../modules/date/date_repeat/date_repeat.info | 6 +- .../date/date_repeat/date_repeat_calc.inc | 84 +- .../date/date_repeat/date_repeat_form.inc | 6 +- .../date/date_repeat/tests/date_repeat.test | 13 + .../date_repeat/tests/date_repeat_form.test | 19 +- .../date_repeat_field/date_repeat_field.info | 6 +- .../date_repeat_field.module | 38 +- .../modules/date/date_tools/date_tools.info | 6 +- .../modules/date/date_views/date_views.info | 7 +- .../date/date_views/date_views.install | 30 + .../modules/date/date_views/date_views.module | 75 ++ .../date_views/includes/date_views.views.inc | 2 +- .../date_views_argument_handler_simple.inc | 4 +- .../includes/date_views_filter_handler.inc | 4 + .../date_views_filter_handler_simple.inc | 52 +- .../date_views/theme/date-views-pager.tpl.php | 4 +- .../modules/date/date_views/theme/theme.inc | 12 +- sites/all/modules/date/tests/date.test | 143 +-- .../{date_migrate => tests}/date_migrate.test | 18 +- sites/all/modules/entity/entity.api.php | 29 +- sites/all/modules/entity/entity.features.inc | 6 +- sites/all/modules/entity/entity.info | 6 +- sites/all/modules/entity/entity.info.inc | 84 ++ sites/all/modules/entity/entity.install | 106 ++ sites/all/modules/entity/entity.module | 321 +++-- sites/all/modules/entity/entity.test | 447 ++++++- sites/all/modules/entity/entity_token.info | 6 +- .../modules/entity/entity_token.tokens.inc | 10 +- .../entity/includes/entity.controller.inc | 53 +- sites/all/modules/entity/includes/entity.inc | 36 +- .../entity/includes/entity.property.inc | 15 +- .../all/modules/entity/includes/entity.ui.inc | 177 ++- .../entity/includes/entity.wrapper.inc | 62 +- .../all/modules/entity/modules/book.info.inc | 9 +- .../all/modules/entity/modules/callbacks.inc | 172 ++- .../modules/entity/modules/comment.info.inc | 14 +- .../all/modules/entity/modules/field.info.inc | 7 +- .../all/modules/entity/modules/node.info.inc | 1 + .../entity/modules/statistics.info.inc | 3 + .../all/modules/entity/modules/user.info.inc | 6 +- .../modules/entity/tests/entity_feature.info | 6 +- .../all/modules/entity/tests/entity_test.info | 6 +- .../modules/entity/tests/entity_test.install | 10 +- .../modules/entity/tests/entity_test.module | 9 +- .../entity/tests/entity_test_i18n.info | 6 +- .../all/modules/entity/theme/entity.theme.css | 4 + .../all/modules/entity/theme/entity.theme.inc | 212 ++++ .../modules/entity/{ => theme}/entity.tpl.php | 0 .../all/modules/entity/views/entity.views.inc | 66 + .../entity_views_field_handler_helper.inc | 12 +- .../entity_views_handler_area_entity.inc | 17 +- .../entity_views_handler_field_duration.inc | 4 +- .../entity_views_handler_field_entity.inc | 10 +- .../entity_views_handler_field_options.inc | 5 +- .../entity_views_handler_field_text.inc | 4 +- ...y_views_handler_relationship_by_bundle.inc | 2 +- .../all/modules/field_group/field_group.info | 4 +- sites/all/modules/i18n/i18n.info | 8 +- sites/all/modules/i18n/i18n.install | 17 +- sites/all/modules/i18n/i18n.module | 40 +- sites/all/modules/i18n/i18n.test | 26 +- .../modules/i18n/i18n_block/i18n_block.info | 6 +- .../modules/i18n/i18n_block/i18n_block.module | 2 +- .../i18n/i18n_contact/i18n_contact.info | 6 +- .../i18n/i18n_field/i18n_field.api.php | 53 + .../i18n/i18n_field/i18n_field.i18n.inc | 1 + .../modules/i18n/i18n_field/i18n_field.info | 6 +- .../modules/i18n/i18n_field/i18n_field.module | 136 +- .../modules/i18n/i18n_forum/i18n_forum.info | 6 +- .../modules/i18n/i18n_forum/i18n_forum.module | 2 +- .../i18n/i18n_menu/i18n_menu.admin.inc | 12 +- .../modules/i18n/i18n_menu/i18n_menu.i18n.inc | 6 +- .../all/modules/i18n/i18n_menu/i18n_menu.inc | 1 + .../all/modules/i18n/i18n_menu/i18n_menu.info | 6 +- .../modules/i18n/i18n_menu/i18n_menu.module | 43 +- .../all/modules/i18n/i18n_menu/i18n_menu.test | 2 + .../all/modules/i18n/i18n_node/i18n_node.info | 6 +- .../modules/i18n/i18n_node/i18n_node.module | 32 +- .../i18n/i18n_node/i18n_node.pages.inc | 6 +- .../i18n/i18n_node/i18n_node.tokens.inc | 61 + .../all/modules/i18n/i18n_path/i18n_path.info | 6 +- .../i18n/i18n_redirect/i18n_redirect.info | 6 +- .../modules/i18n/i18n_select/i18n_select.info | 6 +- .../i18n/i18n_select/i18n_select.module | 2 +- .../modules/i18n/i18n_string/i18n_string.inc | 238 +++- .../modules/i18n/i18n_string/i18n_string.info | 6 +- .../i18n/i18n_string/i18n_string.install | 12 + .../i18n/i18n_string/i18n_string.pages.inc | 20 +- .../modules/i18n/i18n_string/i18n_string.test | 104 +- .../all/modules/i18n/i18n_sync/i18n_sync.info | 6 +- .../modules/i18n/i18n_sync/i18n_sync.module | 57 - .../modules/i18n/i18n_sync/i18n_sync.node.inc | 12 +- .../i18n_taxonomy/i18n_taxonomy.admin.inc | 26 +- .../i18n/i18n_taxonomy/i18n_taxonomy.info | 6 +- .../i18n/i18n_taxonomy/i18n_taxonomy.install | 2 +- .../i18n/i18n_taxonomy/i18n_taxonomy.module | 40 +- .../i18n_taxonomy/i18n_taxonomy.pages.inc | 31 - .../i18n_translation/i18n_translation.info | 6 +- .../all/modules/i18n/i18n_user/i18n_user.info | 6 +- .../i18n/i18n_variable/i18n_variable.info | 6 +- sites/all/modules/i18n/tests/i18n_test.info | 6 +- sites/all/modules/i18n/tests/i18n_test.module | 55 + sites/all/modules/less/.gitignore | 3 + sites/all/modules/less/README.md | 136 ++ sites/all/modules/less/README.txt | 16 - .../less/classes/class.lessautoprefixer.inc | 156 +++ .../all/modules/less/classes/class.lessjs.inc | 290 +++++ sites/all/modules/less/composer.json | 14 +- .../less/engines/abstract.LessEngine.inc | 106 ++ .../modules/less/engines/engine.less_js.inc | 71 ++ .../modules/less/engines/engine.less_php.inc | 63 + .../modules/less/engines/engine.lessphp.inc | 54 + .../less/engines/interface.LessEngine.inc | 67 + .../all/modules/less/includes/less.admin.inc | 137 +++ .../modules/less/includes/less.libraries.inc | 209 ++++ .../modules/less/includes/less.process.inc | 281 +++++ .../all/modules/less/includes/less.theme.inc | 116 ++ .../all/modules/less/includes/less.watch.inc | 61 + .../modules/less/includes/less.wysiwyg.inc | 94 ++ sites/all/modules/less/less.admin.inc | 39 - sites/all/modules/less/less.api.php | 175 +++ sites/all/modules/less/less.drush.inc | 17 +- sites/all/modules/less/less.info | 22 +- sites/all/modules/less/less.install | 71 +- sites/all/modules/less/less.module | 708 +++++++++-- .../modules/less/less_demo/images/logo.png | Bin 0 -> 13831 bytes .../imports/less_demo.clearfix.css.less | 25 + .../imports/less_demo.imported.css.less | 10 + .../less/less_demo/less_demo.demo_page.inc | 50 + .../all/modules/less/less_demo/less_demo.info | 30 + .../modules/less/less_demo/less_demo.less.inc | 86 ++ .../modules/less/less_demo/less_demo.module | 30 + .../less_demo/libs/less_demo.lib.css.less | 0 .../styles/less_demo.drupal_add_css.css.less | 9 + .../less_demo/styles/less_demo.info.css.less | 58 + sites/all/modules/less/scripts/less.watch.js | 91 ++ sites/all/modules/less/styles/less.theme.css | 3 + sites/all/modules/less/tests/less.test | 90 ++ .../modules/rules/includes/rules.upgrade.inc | 4 +- sites/all/modules/rules/modules/data.eval.inc | 3 +- .../all/modules/rules/modules/entity.eval.inc | 19 +- .../modules/rules/modules/entity.rules.inc | 165 +++ sites/all/modules/rules/rules.info | 6 +- sites/all/modules/rules/rules.install | 18 +- .../rules/rules_admin/rules_admin.info | 6 +- .../modules/rules/rules_i18n/rules_i18n.info | 6 +- .../rules_scheduler/rules_scheduler.info | 6 +- sites/all/modules/rules/tests/rules.test | 58 +- sites/all/modules/rules/tests/rules_test.info | 6 +- sites/all/modules/rules/ui/ui.core.inc | 2 +- sites/all/modules/rules/ui/ui.forms.inc | 2 +- .../handlers/views_handler_area_messages.inc | 34 + .../handlers/views_handler_area_text.inc | 2 +- .../views/handlers/views_handler_argument.inc | 30 +- .../views/handlers/views_handler_field.inc | 2 +- .../handlers/views_handler_field_boolean.inc | 33 +- .../handlers/views_handler_field_counter.inc | 22 +- .../handlers/views_handler_field_date.inc | 53 +- .../views/handlers/views_handler_filter.inc | 23 +- ...handler_filter_boolean_operator_string.inc | 2 +- .../views_handler_filter_fields_compare.inc | 142 +++ .../handlers/views_handler_filter_numeric.inc | 2 +- sites/all/modules/views/includes/admin.inc | 31 +- sites/all/modules/views/includes/ajax.inc | 6 +- sites/all/modules/views/includes/base.inc | 6 +- sites/all/modules/views/includes/cache.inc | 32 +- sites/all/modules/views/includes/handlers.inc | 5 +- sites/all/modules/views/includes/view.inc | 2 +- sites/all/modules/views/js/ajax.js | 4 +- sites/all/modules/views/js/ajax_view.js | 15 +- .../views/js/jquery.ui.dialog.patch.js | 2 +- sites/all/modules/views/js/views-admin.js | 7 +- .../all/modules/views/js/views-contextual.js | 2 +- .../views_handler_argument_aggregator_iid.inc | 4 +- .../views/modules/comment.views_default.inc | 6 +- .../all/modules/views/modules/field.views.inc | 8 +- .../field/views_handler_field_field.inc | 5 +- ...iews_handler_filter_field_list_boolean.inc | 33 + .../views/modules/node.views_default.inc | 9 +- .../views/modules/node.views_template.inc | 1 + .../views_handler_field_profile_date.inc | 9 +- .../views/modules/search.views_default.inc | 3 +- .../modules/statistics.views_default.inc | 3 +- .../views_handler_field_file_extension.inc | 34 +- .../views/modules/taxonomy.views_default.inc | 3 +- .../views_handler_filter_term_node_tid.inc | 33 +- ...ws_handler_relationship_node_term_data.inc | 4 +- ...plugin_argument_validate_taxonomy_term.inc | 13 +- .../views_handler_field_user_link_cancel.inc | 2 +- .../all/modules/views/modules/views.views.inc | 17 + .../views/plugins/views_plugin_cache.inc | 89 +- .../views/plugins/views_plugin_display.inc | 4 +- .../plugins/views_plugin_display_feed.inc | 2 +- .../plugins/views_plugin_display_page.inc | 20 +- .../plugins/views_plugin_exposed_form.inc | 2 +- ...ews_plugin_exposed_form_input_required.inc | 1 + .../views/plugins/views_plugin_pager.inc | 2 +- .../views/plugins/views_plugin_pager_full.inc | 20 +- .../views/plugins/views_plugin_pager_mini.inc | 2 +- .../plugins/views_plugin_query_default.inc | 18 +- .../plugins/views_plugin_style_jump_menu.inc | 21 +- .../views_plugin_style_summary_jump_menu.inc | 8 + .../views_ui_comment_views_wizard.class.php | 1 + .../views_ui_node_views_wizard.class.php | 1 + ...ws_ui_taxonomy_term_views_wizard.class.php | 1 + .../handlers/views_handler_field_boolean.test | 34 +- .../handlers/views_handler_field_date.test | 32 +- .../views_handler_field_file_extension.test | 66 + .../views/tests/handlers/views_handlers.test | 81 ++ .../test_handlers/views_test_area_access.inc | 28 + .../all/modules/views/tests/views_cache.test | 64 + .../all/modules/views/tests/views_module.test | 54 + sites/all/modules/views/tests/views_test.info | 6 +- .../all/modules/views/tests/views_test.module | 4 + .../views/tests/views_translatable.test | 23 +- sites/all/modules/views/views.api.php | 82 +- sites/all/modules/views/views.info | 12 +- sites/all/modules/views/views.module | 59 +- sites/all/modules/views/views_ui.info | 6 +- sites/all/modules/views/views_ui.module | 3 +- themes/bartik/bartik.info | 6 + themes/bartik/css/style-rtl.css | 4 +- themes/bartik/css/style.css | 11 +- themes/garland/garland.info | 6 + themes/seven/seven.info | 6 + themes/seven/style.css | 13 +- themes/seven/template.php | 3 + themes/stark/stark.info | 6 + update.php | 45 +- web.config | 3 + 1022 files changed, 30319 insertions(+), 11259 deletions(-) create mode 100644 misc/throbber-active.gif create mode 100644 misc/throbber-inactive.png create mode 100644 modules/aggregator/tests/aggregator_test_title_entities.xml create mode 100644 modules/field/field.info.class.inc create mode 100644 modules/search/tests/search_node_tags.info create mode 100644 modules/search/tests/search_node_tags.module create mode 100644 modules/simpletest/files/css_test_files/css_subfolder/css_input_with_import.css create mode 100644 modules/simpletest/files/css_test_files/css_subfolder/css_input_with_import.css.optimized.css create mode 100644 modules/simpletest/files/css_test_files/css_subfolder/css_input_with_import.css.unoptimized.css create mode 100644 modules/simpletest/files/image-test-transparent-out-of-range.gif create mode 100644 modules/simpletest/lib/Drupal/simpletest/Tests/PSR0WebTest.php create mode 100644 modules/simpletest/src/Tests/PSR4WebTest.php create mode 100644 modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.info create mode 100644 modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test.module create mode 100644 modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test_class.inc create mode 100644 modules/simpletest/tests/drupal_autoload_test/drupal_autoload_test_interface.inc create mode 100644 modules/simpletest/tests/entity_crud.test create mode 100644 modules/simpletest/tests/psr_0_test/lib/Drupal/psr_0_test/Tests/ExampleTest.php create mode 100644 modules/simpletest/tests/psr_0_test/lib/Drupal/psr_0_test/Tests/Nested/NestedExampleTest.php create mode 100644 modules/simpletest/tests/psr_0_test/psr_0_test.info create mode 100644 modules/simpletest/tests/psr_0_test/psr_0_test.module create mode 100644 modules/simpletest/tests/psr_4_test/psr_4_test.info create mode 100644 modules/simpletest/tests/psr_4_test/psr_4_test.module create mode 100644 modules/simpletest/tests/psr_4_test/src/Tests/ExampleTest.php create mode 100644 modules/simpletest/tests/psr_4_test/src/Tests/Nested/NestedExampleTest.php create mode 100644 modules/simpletest/tests/themes/test_theme/templates/node--1.tpl.php create mode 100644 modules/simpletest/tests/upgrade/drupal-6.duplicate-permission.database.php create mode 100644 modules/statistics/statistics.js create mode 100644 modules/statistics/statistics.php create mode 100644 modules/system/form.api.php create mode 100644 modules/system/tests/cron_queue_test.info create mode 100644 modules/system/tests/cron_queue_test.module create mode 100644 sites/all/modules/ckeditor/.gitignore delete mode 100644 sites/all/modules/ckeditor/TROUBLESHOOTING.txt delete mode 100644 sites/all/modules/ckeditor/UPGRADE.txt rename sites/all/modules/ckeditor/{ => css}/ckeditor-rtl.css (90%) rename sites/all/modules/ckeditor/{ckeditor.css => css/ckeditor.admin.css} (71%) create mode 100644 sites/all/modules/ckeditor/css/ckeditor.css create mode 100644 sites/all/modules/ckeditor/css/ckeditor.editor.css delete mode 100644 sites/all/modules/ckeditor/images/buttons/backgroundColor.png create mode 100644 sites/all/modules/ckeditor/images/buttons/bgcolor.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/bidiLeft.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/bidiRight.png create mode 100644 sites/all/modules/ckeditor/images/buttons/bidiltr.png create mode 100644 sites/all/modules/ckeditor/images/buttons/bidirtl.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/blockJustify.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/blockQuote.png create mode 100644 sites/all/modules/ckeditor/images/buttons/blockquote.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/bulletedList.png create mode 100644 sites/all/modules/ckeditor/images/buttons/bulletedlist.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/centerJustify.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/checkSpelling.png create mode 100644 sites/all/modules/ckeditor/images/buttons/codesnippet.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/createDivContainer.png create mode 100644 sites/all/modules/ckeditor/images/buttons/creatediv.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/decreaseIndent.png create mode 100644 sites/all/modules/ckeditor/images/buttons/docprops.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/fontSize.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/hiddenField.png create mode 100644 sites/all/modules/ckeditor/images/buttons/hiddenfield.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/horizontalLine.png create mode 100644 sites/all/modules/ckeditor/images/buttons/horizontalrule.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/imageButton.png create mode 100644 sites/all/modules/ckeditor/images/buttons/imagebutton.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/increaseIndent.png create mode 100644 sites/all/modules/ckeditor/images/buttons/indent.png create mode 100644 sites/all/modules/ckeditor/images/buttons/justifyblock.png create mode 100644 sites/all/modules/ckeditor/images/buttons/justifycenter.png create mode 100644 sites/all/modules/ckeditor/images/buttons/justifyleft.png create mode 100644 sites/all/modules/ckeditor/images/buttons/justifyright.png create mode 100644 sites/all/modules/ckeditor/images/buttons/language.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/leftJustify.png create mode 100644 sites/all/modules/ckeditor/images/buttons/mathjax.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/newPage.png create mode 100644 sites/all/modules/ckeditor/images/buttons/newpage.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/numberedList.png create mode 100644 sites/all/modules/ckeditor/images/buttons/numberedlist.png create mode 100644 sites/all/modules/ckeditor/images/buttons/outdent.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/pageBreakPrinting.png create mode 100644 sites/all/modules/ckeditor/images/buttons/pagebreak.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/pastePlainText.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/pasteWord.png create mode 100644 sites/all/modules/ckeditor/images/buttons/pastefromword.png create mode 100644 sites/all/modules/ckeditor/images/buttons/pastetext.png create mode 100644 sites/all/modules/ckeditor/images/buttons/placeholder.png create mode 100644 sites/all/modules/ckeditor/images/buttons/radio.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/radioButton.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/removeFormat.png create mode 100644 sites/all/modules/ckeditor/images/buttons/removeformat.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/rightJustify.png create mode 100644 sites/all/modules/ckeditor/images/buttons/scayt.png create mode 100644 sites/all/modules/ckeditor/images/buttons/select.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/selectAll.png create mode 100644 sites/all/modules/ckeditor/images/buttons/selectall.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/selectionField.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/showBlocks.png create mode 100644 sites/all/modules/ckeditor/images/buttons/showblocks.png create mode 100644 sites/all/modules/ckeditor/images/buttons/size.png create mode 100644 sites/all/modules/ckeditor/images/buttons/sourcedialog.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/specialCharacter.png create mode 100644 sites/all/modules/ckeditor/images/buttons/specialchar.png create mode 100644 sites/all/modules/ckeditor/images/buttons/spellchecker.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/textColor.png delete mode 100644 sites/all/modules/ckeditor/images/buttons/textField.png create mode 100644 sites/all/modules/ckeditor/images/buttons/textcolor.png create mode 100644 sites/all/modules/ckeditor/images/buttons/textfield.png create mode 100644 sites/all/modules/ckeditor/images/buttons/uicolor.png delete mode 100644 sites/all/modules/ckeditor/includes/jqueryUI/jquery-ui.min.js delete mode 100644 sites/all/modules/ckeditor/includes/jqueryUI/jquery.ui.sortable.min.js delete mode 100644 sites/all/modules/ckeditor/includes/jqueryUI/jquery.ui.widget.min.js create mode 100644 sites/all/modules/context/plugins/context_condition_context_all.inc create mode 100644 sites/all/modules/context/plugins/context_condition_default.inc create mode 100644 sites/all/modules/context/plugins/context_condition_query_string.inc create mode 100644 sites/all/modules/context/plugins/context_reaction_template_suggestions.inc create mode 100644 sites/all/modules/ctools/includes/css-cache.inc create mode 100644 sites/all/modules/ctools/includes/entity-access.inc create mode 100644 sites/all/modules/ctools/includes/uuid.inc create mode 100644 sites/all/modules/ctools/plugins/access/book.inc create mode 100644 sites/all/modules/ctools/plugins/access/node_comment.inc create mode 100644 sites/all/modules/ctools/plugins/content_types/comment/comment_links.inc create mode 100644 sites/all/modules/ctools/plugins/content_types/node_context/node_comment_wrapper.inc create mode 100644 sites/all/modules/ctools/plugins/content_types/term_context/term_name.inc create mode 100644 sites/all/modules/ctools/plugins/content_types/user_context/user_links.inc create mode 100644 sites/all/modules/ctools/term_depth/plugins/access/term_depth.inc create mode 100644 sites/all/modules/ctools/term_depth/term_depth.info create mode 100644 sites/all/modules/ctools/term_depth/term_depth.module create mode 100644 sites/all/modules/ctools/tests/css_cache.test create mode 100644 sites/all/modules/ctools/tests/math_expression.test create mode 100644 sites/all/modules/ctools/tests/math_expression_stack.test create mode 100644 sites/all/modules/date/date.diff.inc rename sites/all/modules/date/{date_migrate => }/date.migrate.inc (77%) create mode 100644 sites/all/modules/date/date_views/date_views.install rename sites/all/modules/date/{date_migrate => tests}/date_migrate.test (85%) create mode 100644 sites/all/modules/entity/theme/entity.theme.css create mode 100644 sites/all/modules/entity/theme/entity.theme.inc rename sites/all/modules/entity/{ => theme}/entity.tpl.php (100%) create mode 100644 sites/all/modules/i18n/i18n_field/i18n_field.api.php create mode 100644 sites/all/modules/i18n/i18n_node/i18n_node.tokens.inc create mode 100644 sites/all/modules/less/.gitignore create mode 100644 sites/all/modules/less/README.md delete mode 100644 sites/all/modules/less/README.txt create mode 100644 sites/all/modules/less/classes/class.lessautoprefixer.inc create mode 100644 sites/all/modules/less/classes/class.lessjs.inc create mode 100644 sites/all/modules/less/engines/abstract.LessEngine.inc create mode 100644 sites/all/modules/less/engines/engine.less_js.inc create mode 100644 sites/all/modules/less/engines/engine.less_php.inc create mode 100644 sites/all/modules/less/engines/engine.lessphp.inc create mode 100644 sites/all/modules/less/engines/interface.LessEngine.inc create mode 100644 sites/all/modules/less/includes/less.admin.inc create mode 100644 sites/all/modules/less/includes/less.libraries.inc create mode 100644 sites/all/modules/less/includes/less.process.inc create mode 100644 sites/all/modules/less/includes/less.theme.inc create mode 100644 sites/all/modules/less/includes/less.watch.inc create mode 100644 sites/all/modules/less/includes/less.wysiwyg.inc delete mode 100644 sites/all/modules/less/less.admin.inc create mode 100644 sites/all/modules/less/less.api.php create mode 100644 sites/all/modules/less/less_demo/images/logo.png create mode 100644 sites/all/modules/less/less_demo/imports/less_demo.clearfix.css.less create mode 100644 sites/all/modules/less/less_demo/imports/less_demo.imported.css.less create mode 100644 sites/all/modules/less/less_demo/less_demo.demo_page.inc create mode 100644 sites/all/modules/less/less_demo/less_demo.info create mode 100644 sites/all/modules/less/less_demo/less_demo.less.inc create mode 100644 sites/all/modules/less/less_demo/less_demo.module create mode 100644 sites/all/modules/less/less_demo/libs/less_demo.lib.css.less create mode 100644 sites/all/modules/less/less_demo/styles/less_demo.drupal_add_css.css.less create mode 100644 sites/all/modules/less/less_demo/styles/less_demo.info.css.less create mode 100644 sites/all/modules/less/scripts/less.watch.js create mode 100644 sites/all/modules/less/styles/less.theme.css create mode 100644 sites/all/modules/less/tests/less.test create mode 100644 sites/all/modules/views/handlers/views_handler_area_messages.inc create mode 100644 sites/all/modules/views/handlers/views_handler_filter_fields_compare.inc create mode 100644 sites/all/modules/views/modules/field/views_handler_filter_field_list_boolean.inc create mode 100644 sites/all/modules/views/tests/handlers/views_handler_field_file_extension.test create mode 100644 sites/all/modules/views/tests/handlers/views_handlers.test create mode 100644 sites/all/modules/views/tests/test_handlers/views_test_area_access.inc diff --git a/CHANGELOG.txt b/CHANGELOG.txt index b29a58a..039ab82 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,5 +1,395 @@ -Drupal 7.20, 2013-02-20 - test +Drupal 7.36, 2015-04-01 +----------------------- +- Added a 'file_public_schema' variable which allows modules that define + publicly-accessible streams in hook_stream_wrappers() to bypass file download + access checks when processing managed file upload fields. +- Fixed a bug that caused database query tags not to be added to search-related + database queries under many circumstances, and which prevented the + corresponding hook_query_TAG_alter() implementations from being called. +- Fixed the "for" attribute on managed file upload field labels to improve + accessibility (minor markup change). +- Added a 'javascript_always_use_jquery' variable which can be set to FALSE by + sites that may not need jQuery loaded on all pages, and a 'requires_jquery' + option to drupal_add_js() which modules can set to FALSE when adding + JavaScript files that have no dependency on jQuery (API addition: + https://www.drupal.org/node/2462717). +- Fixed incorrect foreign keys in the User module's role_permission and + users_roles database tables. +- Changed permission descriptions throughout Drupal core to consistently link + to relevant administrative pages, regardless of whether the user viewing the + Permissions page can view the page being linked to (minor UI change). +- Fixed the drupal_add_region_content() function so that it actually adds + content to the page. +- Added an 'image_suppress_itok_output' variable to allow sites already using + the existing 'image_allow_insecure_derivatives' variable to also prevent + security tokens from appearing in image derivative URLs. +- Fixed double-escaping of theme names in the Block module administrative + interface (minor string change). +- Added basic support for Xdebug when running automated tests. +- Fixed a bug which caused previewing a node to remove elements from the node + being edited. With this fix, calling node_preview() will no longer modify the + passed-in node object (minor API change). +- Added a user_has_role() function to check whether a user has a particular + role (API addition: https://www.drupal.org/node/2462411). +- Fixed installation failures when an opcode cache is enabled. +- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused private + files to be inaccessible. +- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused user + pictures to be lost. +- Fixed missing language code in hook_field_attach_view_alter() when it is + invoked from field_view_field(). +- Stopped sending ETag and Last-Modified headers for uncached page requests, + since they break caching for certain Varnish and Nginx configurations. +- Changed the Simpletest module to allow PSR-4 test classes to be used in + Drupal 7. +- Fixed a fatal error that occurred when using the Comment module's "Unpublish + comment containing keyword(s)" action. +- Changed the "lang" attribute on language links to "xml:lang" so it validates + as XHTML (minor markup change). +- Prevented the form API from allowing arrays to be submitted for various form + elements, such as textfields, textareas, and password fields (API change: + https://www.drupal.org/node/2462723). +- Fixed a bug in the Contact module which caused the global user object to have + the incorrect name and e-mail address during the remainder of the page + request after the contact form is submitted. +- Numerous small bug fixes. +- Numerous API documentation improvements. +- Additional automated test coverage. + +Drupal 7.35, 2015-03-18 +---------------------- +- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-001. + +Drupal 7.34, 2014-11-19 +---------------------- +- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006. + +Drupal 7.33, 2014-11-07 +----------------------- +- Began storing the file modification time of each module and theme in the + {system} database table so that contributed modules can use it to identify + recently changed modules and themes (minor data structure change to the + return value of system_get_info() and other related functions). +- Added a "Did you mean?" feature to the run-tests.sh script for running + automated tests from the command line, to help developers who are attempting + to run a particular test class or group. +- Changed the date format used in various HTTP headers output by Drupal core + from RFC 1123 format to RFC 7231 format. +- Added a "block_cache_bypass_node_grants" variable to allow sites which have + node access modules enabled to use the block cache if desired (API addition). +- Made image derivative generation HTTP requests return a 404 error (rather + than a 500 error) when the source image does not exist. +- Fixed a bug which caused user pictures to be removed from the user object + after saving, and resulted in data loss if the user account was subsequently + re-saved. +- Fixed a bug in which field_has_data() did not return TRUE for fields that + only had data in older entity revisions, leading to loss of the field's data + when the field configuration was edited. +- Fixed a bug which caused the Ajax progress throbber to appear misaligned in + many situatons (minor styling change). +- Prevented the Bartik theme from lower-casing the "Permalink" link on + comments, for improved multilingual support (minor UI change). +- Added a "preferred_menu_links" tag to the database query that is used by + menu_link_get_preferred() to find the preferred menu link for a given path, + to make it easier to alter. +- Increased the maximum allowed length of block titles to 255 characters + (database schema change to the {block} table). +- Removed the Field module's field_modules_uninstalled() function, since it did + not do anything when it was invoked. +- Added a "theme_hook_original" variable to templates and theme functions and + an optional sitewide theme debug mode, to provide contextual information in + the page's HTML to theme developers. The theme debug mode is based on the one + used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" + variable to TRUE (API addition). +- Added an entity_view_mode_prepare() API function to allow entity-defining + modules to properly invoke hook_entity_view_mode_alter(), and used it + throughout Drupal core to fix bugs with the invocation of that hook (API + change: https://www.drupal.org/node/2369141). +- Security improvement: Made the database API's orderBy() method sanitize the + sort direction ("ASC" or "DESC") for queries built with db_select(), so that + calling code does not have to. +- Changed the RDF module to consistently output RDF metadata for nodes and + comments near where the node is rendered in the HTML (minor markup and data + structure change). +- Added an HTML class to RDFa metatags throughout Drupal to prevent them from + accidentally affecting the site appearance (minor markup change). +- Fixed a bug in the Unicode requirements check which prevented installing + Drupal on PHP 5.6. +- Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap + when called early in the page request. +- Renamed the "Search result" view mode to "Search result highlighting input" + to better reflect how it is used (UI change). +- Improved database queries generated by EntityFieldQuery in the case where + delta or language condition groups are used, to reduce the number of INNER + JOINs (this is a minor data structure change affecting code which implements + hook_query_alter() on these queries). +- Removed special-case behavior for file uploads which allowed user #1 to + bypass maximum file size and user quota limits. +- Numerous small bug fixes. +- Numerous API documentation improvements. +- Additional automated test coverage. + +Drupal 7.32, 2014-10-15 +---------------------- +- Fixed security issues (SQL injection). See SA-CORE-2014-005. + +Drupal 7.31, 2014-08-06 +---------------------- +- Fixed security issues (denial of service). See SA-CORE-2014-004. + +Drupal 7.30, 2014-07-24 +----------------------- +- Fixed a regression introduced in Drupal 7.29 that caused files or images + attached to taxonomy terms to be deleted when the taxonomy term was edited + and resaved (and other related bugs with contributed and custom modules). +- Added a warning on the permissions page to recommend restricting access to + the "View site reports" permission to trusted administrators. See + DRUPAL-PSA-2014-002. +- Numerous API documentation improvements. +- Additional automated test coverage. + +Drupal 7.29, 2014-07-16 +---------------------- +- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-003. + +Drupal 7.28, 2014-05-08 +----------------------- +- Fixed a regression introduced in Drupal 7.27 that caused JavaScript to break + on older browsers (such as Internet Explorer 8 and earlier) when Ajax was + used. +- Increased the timeout used by the Update Manager module when it fetches data + from drupal.org (from 5 seconds to 30 seconds), to work around a problem + which causes incomplete information about security updates to be presented to + site administrators. This fix may lead to a performance slowdown on the + Update Manager administration pages, when installing Drupal distributions, + and (for sites that use the automated cron feature) on occasional page loads + by site visitors. +- Fixed the behavior of the token system's "[node:summary]" token when the body + field does not have a manual summary. +- Changed the behavior of db_query_temporary() so that it works on SELECT + queries even when they have leading comments/whitespace. A side effect of + this fix is that db_query_temporary() will now fail with an error if it is + ever used on non-SELECT queries. +- Added a "node_admin_filter" tag to the database query used to build the list + of nodes on the content administration page, to make it easier to alter. +- Made the cron queue system log any exceptions that are thrown while an item + in the queue is being processed, rather than stopping the entire PHP request. +- Improved screen reader support by adding an aria-live HTML attribute to file + upload fields when there is an error uploading the file (minor markup + change). +- Made the pager on the Tracker module listing pages show the same number of + items as other pagers throughout Drupal core (minor UI change). +- Fixed a bug which caused caches not to be properly cleared when a file entity + was saved or deleted. +- Added several missing countries to the default list returned by + country_get_list() (string change). +- Replaced the term "weight" with "influence" in the content ranking settings + for search, and added help text for administrators (string change). +- Fixed untranslatable text strings in the administrative interface for the + "Crop" effect provided by the Image module (minor string change). +- Fixed a bug in the Taxonomy module update function introduced in Drupal 7.26 + that caused memory and CPU problems on sites with very large numbers of + unpublished nodes. +- Numerous small bug fixes. +- Numerous API documentation improvements. +- Additional automated test coverage. + +Drupal 7.27, 2014-04-16 +---------------------- +- Fixed security issues (information disclosure). See SA-CORE-2014-002. + +Drupal 7.26, 2014-01-15 +---------------------- +- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-001. + +Drupal 7.25, 2014-01-02 +----------------------- +- Fixed a bug in node_save() which prevented the saved node from being updated + in hook_node_insert() and other similar hooks. +- Added a meta tag to install.php to prevent it from being indexed by search + engines even when Drupal is installed in a subfolder (minor markup change). +- Fixed a bug in the database API that caused frequent deadlock errors when + running merge queries on some servers. +- Performance improvement: Prevented block rehashing from writing blocks to the + database on every cache clear and cron run when the blocks have not changed. + This fix results in an extra 'saved' key which is added and set to TRUE for + each block returned by _block_rehash() that actually is saved to the database + (data structure change). +- Added an optional 'skip on cron' parameter to hook_cron_queue_info() to allow + queues to avoid being automatically processed on cron runs (API addition). +- Fixed a bug which caused hook_block_view_MODULE_DELTA_alter() to never be + invoked if the block delta had a hyphen in it. To implement the hook when the + block delta has a hyphen, modules should now replace hyphens with underscores + when constructing the function name for the hook implementation. +- Fixed a bug which caused cached pages to sometimes be sent to the browser + with incorrect compression. The fix adds a new 'page_compressed' key to the + $cache->data array returned by drupal_page_get_cache() (minor data structure + change). +- Fixed broken tests on PHP 5.5. +- Made the File and Image modules more robust when saving entities that have + deleted files attached. The code in file_field_presave() will now remove the + record of the deleted file from the entity before saving (minor data + structure change). +- Standardized menu callback functions throughout Drupal core to return + MENU_NOT_FOUND and MENU_ACCESS_DENIED rather than printing their own "page + not found" or "access denied" pages (minor API change in the return value of + these functions under some circumstances). +- Fixed a bug in which caches were not properly cleared when a node was deleted + via the administrative interface. +- Changed the Bartik theme to render content contained in 
,  and
+  similar tags in a larger font size, so it is easier to read.
+- Fixed a bug in the Search module that caused exceptions to be thrown during
+  searches if the server was not configured to represent decimal points as a
+  period.
+- Fixed a regression in the Image module that made image_style_url() not work
+  when a relative path (rather than a complete file URI) was passed to it.
+- Added an optional feature to the Statistics module to allow node views to be
+  tracked by Ajax requests rather than during the server-side generation of the
+  page. This allows the node counter to work on sites that use external page
+  caches (string change and new administrative option:
+  https://drupal.org/node/2164069).
+- Added a link to the drupal.org documentation page for cron to the Cron
+  settings page (string change).
+- Added a 'drupal_anonymous_user_object' variable to allow the anonymous user
+  object returned by drupal_anonymous_user() to be overridden with a classed
+  object (API addition).
+- Changed the database API to allow inserts based on a SELECT * query to work
+  correctly.
+- Changed the database schema of the {file_managed} table to allow Drupal to
+  manage files larger than 4 GB.
+- Changed the File module's hook_field_load() implementation to prevent file
+  entity properties which have the same name as file or image field properties
+  from overwriting the field properties (minor API change).
+- Numerous small bug fixes.
+- Numerous API documentation improvements.
+- Additional automated test coverage.
+
+Drupal 7.24, 2013-11-20
+----------------------
+- Fixed security issues (multiple vulnerabilities), see SA-CORE-2013-003.
+
+Drupal 7.23, 2013-08-07
+-----------------------
+- Fixed a fatal error on PostgreSQL databases when updating the Taxonomy module
+  from Drupal 6 to Drupal 7.
+- Fixed the default ordering of CSS files for sites using right-to-left
+  languages, to consistently place the right-to-left override file immediately
+  after the CSS it is overriding (API change: https://drupal.org/node/2058463).
+- Added a drupal_check_memory_limit() API function to allow the memory limit to
+  be checked consistently (API addition).
+- Changed the default web.config file for IIS servers to allow favicon.ico
+  files which are present in the filesystem to be accessed.
+- Fixed inconsistent support for the 'tel' protocol in Drupal's URL filtering
+  functions.
+- Performance improvement: Allowed all hooks to be included in the
+  module_implements() cache, even those that are only invoked on HTTP POST
+  requests.
+- Made the database system replace truncate queries with delete queries when
+  inside a transaction, to fix issues with PostgreSQL and other databases.
+- Fixed a bug which caused nested contextual links to display improperly.
+- Fixed a bug which prevented cached image derivatives from being flushed for
+  private files and other non-default file schemes.
+- Fixed drupal_render() to always return an empty string when there is no
+  output, rather than sometimes returning NULL (minor API change).
+- Added protection to cache_clear_all() to ensure that non-cache tables cannot
+  be truncated (API addition: a new isValidBin() method has been added to the
+  default database cache implementation).
+- Changed the default .htaccess file to support HTTP authorization in CGI
+  environments.
+- Changed the password reset form to pre-fill the username when requested via a
+  URL query parameter, and used this in the error message that appears after a
+  failed login attempt (minor data structure and behavior change).
+- Fixed broken support for foreign keys in the field API.
+- Fixed "No active batch" error when a user cancels their own account.
+- Added a description to the "access content overview" permission on the
+  permissions page (string change).
+- Added a drupal_array_diff_assoc_recursive() function to allow associative
+  arrays to be compared recursively (API addition).
+- Added human-readable labels to image styles, in addition to the existing
+  machine-readable name (API change: https://drupal.org/node/2058503).
+- Moved the drupal_get_hash_salt() function to bootstrap.inc and used it in
+  additional places in the code, for added security in the case where there is
+  no hash salt in settings.php.
+- Fixed a regression in Drupal 7.22 that caused internal server errors for
+  sites running on very old Apache 1.x web servers.
+- Numerous small bug fixes.
+- Numerous API documentation improvements.
+- Additional automated test coverage.
+
+Drupal 7.22, 2013-04-03
+-----------------------
+- Allowed the drupal_http_request() function to be overridden so that
+  additional HTTP request capabilities can be added by contributed modules.
+- Changed the Simpletest module to allow PSR-0 test classes to be used in
+  Drupal 7.
+- Removed an unnecessary "Content-Disposition" header from private file
+  downloads; it prevented many private files from being viewed inline in a web
+  browser.
+- Changed various field API functions to allow them to optionally act on a
+  single field within an entity (API addition: http://drupal.org/node/1825844).
+- Fixed a bug which prevented Drupal's file transfer functionality from working
+  on some PHP 5.4 systems.
+- Fixed incorrect log message when theme() is called for a theme hook that does
+  not exist (minor string change).
+- Fixed Drupal's token-replacement system to allow spaces in the token value.
+- Changed the default behavior after a user creates a node they do not have
+  access to view. The user will now be redirected to the front page rather than
+  an access denied page.
+- Fixed a bug which prevented empty HTTP headers (such as "0") from being set.
+  (Minor behavior change: Callers of drupal_add_http_header() must now set
+  FALSE explicitly to prevent a header from being sent at all; this was already
+  indicated in the function's documentation.)
+- Fixed OpenID errors when more than one module implements hook_openid(). The
+  behavior is now changed so that if more than one module tries to set the same
+  parameter, the last module's change takes effect.
+- Fixed a serious documentation bug: The $name variable in the
+  taxonomy-term.tpl.php theme template was incorrectly documented as being
+  sanitized when in fact it is not.
+- Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had
+  duplicate permission names in the User module's database tables.
+- Added an empty "datatype" attribute to taxonomy term and username links to
+  make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
+- Fixed a bug which caused the denial-of-service protection added in Drupal
+  7.20 to break certain valid image URLs that had an extra slash in them.
+- Fixed a bug with update queries in the SQLite database driver that prevented
+  Drupal from being installed with SQLite on PHP 5.4.
+- Fixed enforced dependencies errors updating to recent versions of Drupal 7 on
+  certain non-MySQL databases.
+- Refactored the Field module's caching behavior to obtain large improvements
+  in memory usage for sites with many fields and instances (API addition:
+  http://drupal.org/node/1915646).
+- Fixed entity argument not being passed to implementations of
+  hook_file_download_access_alter(). The fix adds an additional context
+  parameter that can be passed when calling drupal_alter() for any hook (API
+  change: http://drupal.org/node/1882722).
+- Fixed broken support for translatable comment fields (API change:
+  http://drupal.org/node/1874724).
+- Added an assertThemeOutput() method to Simpletest to allow tests to check
+  that themed output matches an expected HTML string (API addition).
+- Added a link to "Install another module" after a module has been successfully
+  downloaded via the Update Manager (UI change).
+- Added an optional "exclusive" flag to installation profile .info files which
+  allows Drupal distributions to force a profile to be selected during
+  installation (API addition: http://drupal.org/node/1961012).
+- Fixed a bug which caused the database API to not properly close database
+  connections.
+- Added a link to the URL for running cron from outside the site to the Cron
+  settings page (UI change).
+- Fixed a bug which prevented image styles from being reverted on PHP 5.4.
+- Made the default .htaccess rules protocol sensitive to improve security for
+  sites which use HTTPS and redirect between "www" and non-"www" versions of
+  the page.
+- Numerous small bug fixes.
+- Numerous API documentation improvements.
+- Additional automated test coverage.
+
+Drupal 7.21, 2013-03-06
+-----------------------
+- Allowed sites using the 'image_allow_insecure_derivatives' variable to still
+  have partial protection from the security issues fixed in Drupal 7.20.
+
+Drupal 7.20, 2013-02-20
 -----------------------
 - Fixed security issues (denial of service). See SA-CORE-2013-002.
 
diff --git a/COPYRIGHT.txt b/COPYRIGHT.txt
index a2a6511..dc8a855 100644
--- a/COPYRIGHT.txt
+++ b/COPYRIGHT.txt
@@ -1,4 +1,4 @@
-All Drupal code is Copyright 2001 - 2012 by the original authors.
+All Drupal code is Copyright 2001 - 2013 by the original authors.
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
diff --git a/INSTALL.mysql.txt b/INSTALL.mysql.txt
index bee5811..95a8734 100644
--- a/INSTALL.mysql.txt
+++ b/INSTALL.mysql.txt
@@ -20,18 +20,21 @@ initial database files. Next you must log in and set the access database rights:
 Again, you will be asked for the 'username' database password. At the MySQL
 prompt, enter the following command:
 
-  GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER
-  ON databasename.*
+  GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER,
+  CREATE TEMPORARY TABLES ON databasename.*
   TO 'username'@'localhost' IDENTIFIED BY 'password';
 
-where
+where:
 
  'databasename' is the name of your database
- 'username@localhost' is the username of your MySQL account
+ 'username' is the username of your MySQL account
+ 'localhost' is the web server host where Drupal is installed
  'password' is the password required for that username
 
-Note: Unless your database user has all of the privileges listed above, you will
-not be able to run Drupal.
+Note: Unless the database user/host combination for your Drupal installation
+has all of the privileges listed above (except possibly CREATE TEMPORARY TABLES,
+which is currently only used by Drupal core automated tests and some
+contributed modules), you will not be able to install or run Drupal.
 
 If successful, MySQL will reply with:
 
diff --git a/INSTALL.txt b/INSTALL.txt
index c3a26ad..6f02c05 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -20,6 +20,8 @@ Drupal requires:
   - MySQL 5.0.15 (or greater) (http://www.mysql.com/).
   - MariaDB 5.1.44 (or greater) (http://mariadb.org/). MariaDB is a fully
     compatible drop-in replacement for MySQL.
+  - Percona Server 5.1.70 (or greater) (http://www.percona.com/). Percona
+    Server is a backwards-compatible replacement for MySQL.
   - PostgreSQL 8.3 (or greater) (http://www.postgresql.org/).
   - SQLite 3.4.2 (or greater) (http://www.sqlite.org/).
 
diff --git a/LICENSE.txt b/LICENSE.txt
index 94fb846..d159169 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,12 +1,12 @@
-        GNU GENERAL PUBLIC LICENSE
-           Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
  Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-          Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -56,7 +56,7 @@ patent must be licensed for everyone's free use or not licensed at all.
   The precise terms and conditions for copying, distribution and
 modification follow.
 
-        GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -255,7 +255,7 @@ make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-          NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-         END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
 
-      How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
diff --git a/MAINTAINERS.txt b/MAINTAINERS.txt
index 6171566..f5cf6f8 100644
--- a/MAINTAINERS.txt
+++ b/MAINTAINERS.txt
@@ -27,7 +27,6 @@ Ajax system
 - Earl Miles 'merlinofchaos' http://drupal.org/user/26979
 
 Base system
-- Károly Négyesi 'chx' http://drupal.org/user/9446
 - Damien Tournoud 'DamZ' http://drupal.org/user/22211
 - Moshe Weitzman 'moshe weitzman' http://drupal.org/user/23
 
@@ -39,7 +38,6 @@ Cache system
 - Nathaniel Catchpole 'catch' http://drupal.org/user/35733
 
 Cron system
-- Károly Négyesi 'chx' http://drupal.org/user/9446
 - Derek Wright 'dww' http://drupal.org/user/46549
 
 Database system
@@ -55,10 +53,8 @@ Database system
 
   - Sqlite driver
     - Damien Tournoud 'DamZ' http://drupal.org/user/22211
-    - Károly Négyesi 'chx' http://drupal.org/user/9446
 
 Database update system
-- Károly Négyesi 'chx' http://drupal.org/user/9446
 - Ashok Modi 'BTMash' http://drupal.org/user/60422
 
 Entity system
@@ -71,7 +67,6 @@ File system
 - Aaron Winborn 'aaron' http://drupal.org/user/33420
 
 Form system
-- Károly Négyesi 'chx' http://drupal.org/user/9446
 - Alex Bronstein 'effulgentsia' http://drupal.org/user/78040
 - Wolfgang Ziegler 'fago' http://drupal.org/user/16747
 - Daniel F. Kudwien 'sun' http://drupal.org/user/54136
@@ -105,7 +100,6 @@ Markup
 
 Menu system
 - Peter Wolanin 'pwolanin' http://drupal.org/user/49851
-- Károly Négyesi 'chx' http://drupal.org/user/9446
 
 Path system
 - Dave Reid 'davereid' http://drupal.org/user/53892
@@ -139,9 +133,6 @@ Accessibility
 Documentation
 - Jennifer Hodgdon 'jhodgdon' http://drupal.org/user/155601
 
-Security
-- Greg Knaddison 'greggles' http://drupal.org/user/36762
-
 Translations
 - Gerhard Killesreiter 'killes' http://drupal.org/user/83
 
@@ -154,6 +145,20 @@ Node Access
 - Ken Rickard 'agentrickard' http://drupal.org/user/20975
 - Jess Myrbo 'xjm' http://drupal.org/user/65776
 
+
+Security team
+-----------------
+
+To report a security issue, see: https://drupal.org/security-team/report-issue
+
+The Drupal security team provides Security Advisories for vulnerabilities,
+assists developers in resolving security issues, and provides security
+documentation. See http://drupal.org/security-team for more information. The
+security team lead is:
+
+- Michael Hess 'mlhess' https://drupal.org/user/102818
+
+
 Module maintainers
 ------------------
 
@@ -250,7 +255,6 @@ Shortcut module
 
 Simpletest module
 - Jimmy Berry 'boombatower' http://drupal.org/user/214218
-- Károly Négyesi 'chx' http://drupal.org/user/9446
 
 Statistics module
 - Tim Millwood 'timmillwood' http://drupal.org/user/227849
diff --git a/README.txt b/README.txt
index f4c2f64..60d3da5 100644
--- a/README.txt
+++ b/README.txt
@@ -71,12 +71,12 @@ profiles/your_site_profile/themes respectively to restrict their usage to only
 sites that were installed with that specific profile.
 
 More about installation profiles and distributions:
-* Read about the difference between installation profiles and distributions:
-  http://drupal.org/node/1089736
-* Download contributed installation profiles and distributions:
-  http://drupal.org/project/distributions
-* Develop your own installation profile or distribution:
-  http://drupal.org/developing/distributions
+ * Read about the difference between installation profiles and distributions:
+   http://drupal.org/node/1089736
+ * Download contributed installation profiles and distributions:
+   http://drupal.org/project/distributions
+ * Develop your own installation profile or distribution:
+   http://drupal.org/developing/distributions
 
 APPEARANCE
 ----------
diff --git a/authorize.php b/authorize.php
index d14fa6e..3ea2b20 100644
--- a/authorize.php
+++ b/authorize.php
@@ -4,16 +4,16 @@
  * @file
  * Administrative script for running authorized file operations.
  *
- * Using this script, the site owner (the user actually owning the files on
- * the webserver) can authorize certain file-related operations to proceed
- * with elevated privileges, for example to deploy and upgrade modules or
- * themes. Users should not visit this page directly, but instead use an
- * administrative user interface which knows how to redirect the user to this
- * script as part of a multistep process. This script actually performs the
- * selected operations without loading all of Drupal, to be able to more
- * gracefully recover from errors. Access to the script is controlled by a
- * global killswitch in settings.php ('allow_authorize_operations') and via
- * the 'administer software updates' permission.
+ * Using this script, the site owner (the user actually owning the files on the
+ * webserver) can authorize certain file-related operations to proceed with
+ * elevated privileges, for example to deploy and upgrade modules or themes.
+ * Users should not visit this page directly, but instead use an administrative
+ * user interface which knows how to redirect the user to this script as part of
+ * a multistep process. This script actually performs the selected operations
+ * without loading all of Drupal, to be able to more gracefully recover from
+ * errors. Access to the script is controlled by a global killswitch in
+ * settings.php ('allow_authorize_operations') and via the 'administer software
+ * updates' permission.
  *
  * There are helper functions for setting up an operation to run via this
  * system in modules/system/system.module. For more information, see:
@@ -21,16 +21,17 @@
  */
 
 /**
- * Root directory of Drupal installation.
+ * Defines the root directory of the Drupal installation.
  */
 define('DRUPAL_ROOT', getcwd());
 
 /**
- * Global flag to identify update.php and authorize.php runs, and so
- * avoid various unwanted operations, such as hook_init() and
- * hook_exit() invokes, css/js preprocessing and translation, and
- * solve some theming issues. This flag is checked on several places
- * in Drupal code (not just authorize.php).
+ * Global flag to identify update.php and authorize.php runs.
+ *
+ * Identifies update.php and authorize.php runs, avoiding unwanted operations
+ * such as hook_init() and hook_exit() invokes, css/js preprocessing and
+ * translation, and solves some theming issues. The flag is checked in other
+ * places in Drupal code (not just authorize.php).
  */
 define('MAINTENANCE_MODE', 'update');
 
@@ -51,7 +52,7 @@ function authorize_access_denied_page() {
  * have access to the 'administer software updates' permission.
  *
  * @return
- *   TRUE if the current user can run authorize.php, otherwise FALSE.
+ *   TRUE if the current user can run authorize.php, and FALSE if not.
  */
 function authorize_access_allowed() {
   return variable_get('allow_authorize_operations', TRUE) && user_access('administer software updates');
diff --git a/includes/ajax.inc b/includes/ajax.inc
index 4107029..6e8e277 100644
--- a/includes/ajax.inc
+++ b/includes/ajax.inc
@@ -211,7 +211,7 @@
  *
  * When returning an Ajax command array, it is often useful to have
  * status messages rendered along with other tasks in the command array.
- * In that case the the Ajax commands array may be constructed like this:
+ * In that case the Ajax commands array may be constructed like this:
  * @code
  *   $commands = array();
  *   $commands[] = ajax_command_replace(NULL, $output);
@@ -251,8 +251,8 @@ function ajax_render($commands = array()) {
       //   reliably diffed with array_diff_key(), since the number can change
       //   due to factors unrelated to the inline content, so for now, we strip
       //   the inline items from Ajax responses, and can add support for them
-      //   when drupal_add_css() and drupal_add_js() are changed to using md5()
-      //   or some other hash of the inline content.
+      //   when drupal_add_css() and drupal_add_js() are changed to use a hash
+      //   of the inline content as the array key.
       foreach ($items[$type] as $key => $item) {
         if (is_numeric($key)) {
           unset($items[$type][$key]);
@@ -276,7 +276,7 @@ function ajax_render($commands = array()) {
 
   $extra_commands = array();
   if (!empty($styles)) {
-    $extra_commands[] = ajax_command_prepend('head', $styles);
+    $extra_commands[] = ajax_command_add_css($styles);
   }
   if (!empty($scripts_header)) {
     $extra_commands[] = ajax_command_prepend('head', $scripts_header);
@@ -292,7 +292,7 @@ function ajax_render($commands = array()) {
   $scripts = drupal_add_js();
   if (!empty($scripts['settings'])) {
     $settings = $scripts['settings'];
-    array_unshift($commands, ajax_command_settings(call_user_func_array('array_merge_recursive', $settings['data']), TRUE));
+    array_unshift($commands, ajax_command_settings(drupal_array_merge_deep_array($settings['data']), TRUE));
   }
 
   // Allow modules to alter any Ajax response.
@@ -308,10 +308,11 @@ function ajax_render($commands = array()) {
  * pulls the form info from $_POST.
  *
  * @return
- *   An array containing the $form and $form_state. Use the list() function
- *   to break these apart:
+ *   An array containing the $form, $form_state, $form_id, $form_build_id and an
+ *   initial list of Ajax $commands. Use the list() function to break these
+ *   apart:
  *   @code
- *     list($form, $form_state, $form_id, $form_build_id) = ajax_get_form();
+ *     list($form, $form_state, $form_id, $form_build_id, $commands) = ajax_get_form();
  *   @endcode
  */
 function ajax_get_form() {
@@ -331,6 +332,17 @@ function ajax_get_form() {
     drupal_exit();
   }
 
+  // When a page level cache is enabled, the form-build id might have been
+  // replaced from within form_get_cache. If this is the case, it is also
+  // necessary to update it in the browser by issuing an appropriate Ajax
+  // command.
+  $commands = array();
+  if (isset($form['#build_id_old']) && $form['#build_id_old'] != $form['#build_id']) {
+    // If the form build ID has changed, issue an Ajax command to update it.
+    $commands[] = ajax_command_update_build_id($form);
+    $form_build_id = $form['#build_id'];
+  }
+
   // Since some of the submit handlers are run, redirects need to be disabled.
   $form_state['no_redirect'] = TRUE;
 
@@ -345,7 +357,7 @@ function ajax_get_form() {
   $form_state['input'] = $_POST;
   $form_id = $form['#form_id'];
 
-  return array($form, $form_state, $form_id, $form_build_id);
+  return array($form, $form_state, $form_id, $form_build_id, $commands);
 }
 
 /**
@@ -366,7 +378,7 @@ function ajax_get_form() {
  * @see system_menu()
  */
 function ajax_form_callback() {
-  list($form, $form_state) = ajax_get_form();
+  list($form, $form_state, $form_id, $form_build_id, $commands) = ajax_get_form();
   drupal_process_form($form['#form_id'], $form, $form_state);
 
   // We need to return the part of the form (or some other content) that needs
@@ -379,7 +391,19 @@ function ajax_form_callback() {
     $callback = $form_state['triggering_element']['#ajax']['callback'];
   }
   if (!empty($callback) && function_exists($callback)) {
-    return $callback($form, $form_state);
+    $result = $callback($form, $form_state);
+
+    if (!(is_array($result) && isset($result['#type']) && $result['#type'] == 'ajax')) {
+      // Turn the response into a #type=ajax array if it isn't one already.
+      $result = array(
+        '#type' => 'ajax',
+        '#commands' => ajax_prepare_response($result),
+      );
+    }
+
+    $result['#commands'] = array_merge($commands, $result['#commands']);
+
+    return $result;
   }
 }
 
@@ -836,7 +860,8 @@ function ajax_command_insert($selector, $html, $settings = NULL) {
  * @return
  *   An array suitable for use with the ajax_render() function.
  *
- * See @link http://docs.jquery.com/Manipulation/replaceWith#content jQuery replaceWith command @endlink
+ * See
+ * @link http://docs.jquery.com/Manipulation/replaceWith#content jQuery replaceWith command @endlink
  */
 function ajax_command_replace($selector, $html, $settings = NULL) {
   return array(
@@ -1209,3 +1234,49 @@ function ajax_command_restripe($selector) {
     'selector' => $selector,
   );
 }
+
+/**
+ * Creates a Drupal Ajax 'update_build_id' command.
+ *
+ * This command updates the value of a hidden form_build_id input element on a
+ * form. It requires the form passed in to have keys for both the old build ID
+ * in #build_id_old and the new build ID in #build_id.
+ *
+ * The primary use case for this Ajax command is to serve a new build ID to a
+ * form served from the cache to an anonymous user, preventing one anonymous
+ * user from accessing the form state of another anonymous users on Ajax enabled
+ * forms.
+ *
+ * @param $form
+ *   The form array representing the form whose build ID should be updated.
+ */
+function ajax_command_update_build_id($form) {
+  return array(
+    'command' => 'updateBuildId',
+    'old' => $form['#build_id_old'],
+    'new' => $form['#build_id'],
+  );
+}
+
+/**
+ * Creates a Drupal Ajax 'add_css' command.
+ *
+ * This method will add css via ajax in a cross-browser compatible way.
+ *
+ * This command is implemented by Drupal.ajax.prototype.commands.add_css()
+ * defined in misc/ajax.js.
+ *
+ * @param $styles
+ *   A string that contains the styles to be added.
+ *
+ * @return
+ *   An array suitable for use with the ajax_render() function.
+ *
+ * @see misc/ajax.js
+ */
+function ajax_command_add_css($styles) {
+  return array(
+    'command' => 'add_css',
+    'data' => $styles,
+  );
+}
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 2cfdfe9..b9d49de 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '7.20');
+define('VERSION', '7.36');
 
 /**
  * Core API compatibility.
@@ -218,12 +218,16 @@ define('LANGUAGE_RTL', 1);
 define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
 
 /**
- * Flag for drupal_set_title(); text is not sanitized, so run check_plain().
+ * Flag used to indicate that text is not sanitized, so run check_plain().
+ *
+ * @see drupal_set_title()
  */
 define('CHECK_PLAIN', 0);
 
 /**
- * Flag for drupal_set_title(); text has already been sanitized.
+ * Flag used to indicate that text has already been sanitized.
+ *
+ * @see drupal_set_title()
  */
 define('PASS_THROUGH', -1);
 
@@ -240,10 +244,19 @@ define('REGISTRY_WRITE_LOOKUP_CACHE', 2);
 /**
  * Regular expression to match PHP function names.
  *
- * @see http://php.net/manual/en/language.functions.php
+ * @see http://php.net/manual/language.functions.php
  */
 define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*');
 
+/**
+ * A RFC7231 Compliant date.
+ *
+ * http://tools.ietf.org/html/rfc7231#section-7.1.1.1
+ *
+ * Example: Sun, 06 Nov 1994 08:49:37 GMT
+ */
+define('DATE_RFC7231', 'D, d M Y H:i:s \G\M\T');
+
 /**
  * Provides a caching wrapper to be used in place of large array structures.
  *
@@ -274,7 +287,7 @@ define('DRUPAL_PHP_FUNCTION_PATTERN', '[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*'
  * error, and $var will be populated with the contents of $object['foo'], but
  * that data will be passed by value, not reference. For more information on
  * the PHP limitation, see the note in the official PHP documentation at·
- * http://php.net/manual/en/arrayaccess.offsetget.php on
+ * http://php.net/manual/arrayaccess.offsetget.php on
  * ArrayAccess::offsetGet().
  *
  * By default, the class accounts for caches where calling functions might
@@ -380,11 +393,11 @@ abstract class DrupalCacheArray implements ArrayAccess {
    * without necessarily writing back to the persistent cache at the end.
    *
    * @param $offset
-   *   The array offset that was request.
+   *   The array offset that was requested.
    * @param $persist
    *   Optional boolean to specify whether the offset should be persisted or
    *   not, defaults to TRUE. When called with $persist = FALSE the offset will
-   *   be unflagged so that it will not written at the end of the request.
+   *   be unflagged so that it will not be written at the end of the request.
    */
   protected function persist($offset, $persist = TRUE) {
     $this->keysToPersist[$offset] = $persist;
@@ -516,9 +529,8 @@ function timer_stop($name) {
  * Returns the appropriate configuration directory.
  *
  * Returns the configuration path based on the site's hostname, port, and
- * pathname. Uses find_conf_path() to find the current configuration directory.
- * See default.settings.php for examples on how the URL is converted to a
- * directory.
+ * pathname. See default.settings.php for examples on how the URL is converted
+ * to a directory.
  *
  * @param bool $require_settings
  *   Only configuration directories with an existing settings.php file
@@ -679,7 +691,8 @@ function drupal_environment_initialize() {
   ini_set('session.use_only_cookies', '1');
   ini_set('session.use_trans_sid', '0');
   // Don't send HTTP headers using PHP's session handler.
-  ini_set('session.cache_limiter', 'none');
+  // An empty string is used here to disable the cache limiter.
+  ini_set('session.cache_limiter', '');
   // Use httponly session cookies.
   ini_set('session.cookie_httponly', '1');
 
@@ -695,7 +708,14 @@ function drupal_environment_initialize() {
  *  TRUE if only containing valid characters, or FALSE otherwise.
  */
 function drupal_valid_http_host($host) {
-  return preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
+  // Limit the length of the host name to 1000 bytes to prevent DoS attacks with
+  // long host names.
+  return strlen($host) <= 1000
+    // Limit the number of subdomains and port separators to prevent DoS attacks
+    // in conf_path().
+    && substr_count($host, '.') <= 100
+    && substr_count($host, ':') <= 100
+    && preg_match('/^\[?(?:[a-zA-Z0-9-:\]_]+\.?)+$/', $host);
 }
 
 /**
@@ -716,7 +736,6 @@ function drupal_settings_initialize() {
   if (isset($base_url)) {
     // Parse fixed base URL from settings.php.
     $parts = parse_url($base_url);
-    $http_protocol = $parts['scheme'];
     if (!isset($parts['path'])) {
       $parts['path'] = '';
     }
@@ -792,7 +811,7 @@ function drupal_settings_initialize() {
  *
  * This function plays a key role in allowing Drupal's resources (modules
  * and themes) to be located in different places depending on a site's
- * configuration. For example, a module 'foo' may legally be be located
+ * configuration. For example, a module 'foo' may legally be located
  * in any of these three places:
  *
  * modules/foo/foo.module
@@ -803,7 +822,7 @@ function drupal_settings_initialize() {
  * the above, depending on where the module is located.
  *
  * @param $type
- *   The type of the item (i.e. theme, theme_engine, module, profile).
+ *   The type of the item (theme, theme_engine, module, profile).
  * @param $name
  *   The name of the item for which the filename is requested.
  * @param $filename
@@ -811,7 +830,7 @@ function drupal_settings_initialize() {
  *   than by consulting the database.
  *
  * @return
- *   The filename of the requested item.
+ *   The filename of the requested item or NULL if the item is not found.
  */
 function drupal_get_filename($type, $name, $filename = NULL) {
   // The location of files will not change during the request, so do not use
@@ -841,7 +860,7 @@ function drupal_get_filename($type, $name, $filename = NULL) {
     try {
       if (function_exists('db_query')) {
         $file = db_query("SELECT filename FROM {system} WHERE name = :name AND type = :type", array(':name' => $name, ':type' => $type))->fetchField();
-        if (file_exists(DRUPAL_ROOT . '/' . $file)) {
+        if ($file !== FALSE && file_exists(DRUPAL_ROOT . '/' . $file)) {
           $files[$type][$name] = $file;
         }
       }
@@ -1186,10 +1205,11 @@ function _drupal_set_preferred_header_name($name = NULL) {
  * Headers are set in drupal_add_http_header(). Default headers are not set
  * if they have been replaced or unset using drupal_add_http_header().
  *
- * @param $default_headers
- *   An array of headers as name/value pairs.
- * @param $single
- *   If TRUE and headers have already be sent, send only the specified header.
+ * @param array $default_headers
+ *   (optional) An array of headers as name/value pairs.
+ * @param bool $only_default
+ *   (optional) If TRUE and headers have already been sent, send only the
+ *   specified headers.
  */
 function drupal_send_headers($default_headers = array(), $only_default = FALSE) {
   $headers_sent = &drupal_static(__FUNCTION__, FALSE);
@@ -1212,7 +1232,7 @@ function drupal_send_headers($default_headers = array(), $only_default = FALSE)
       header($_SERVER['SERVER_PROTOCOL'] . ' ' . $value);
     }
     // Skip headers that have been unset.
-    elseif ($value) {
+    elseif ($value !== FALSE) {
       header($header_names[$name_lower] . ': ' . $value);
     }
   }
@@ -1225,23 +1245,10 @@ function drupal_send_headers($default_headers = array(), $only_default = FALSE)
  * fresh page on every request. This prevents authenticated users from seeing
  * locally cached pages.
  *
- * Also give each page a unique ETag. This will force clients to include both
- * an If-Modified-Since header and an If-None-Match header when doing
- * conditional requests for the page (required by RFC 2616, section 13.3.4),
- * making the validation more robust. This is a workaround for a bug in Mozilla
- * Firefox that is triggered when Drupal's caching is enabled and the user
- * accesses Drupal via an HTTP proxy (see
- * https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an authenticated
- * user requests a page, and then logs out and requests the same page again,
- * Firefox may send a conditional request based on the page that was cached
- * locally when the user was logged in. If this page did not have an ETag
- * header, the request only contains an If-Modified-Since header. The date will
- * be recent, because with authenticated users the Last-Modified header always
- * refers to the time of the request. If the user accesses Drupal via a proxy
- * server, and the proxy already has a cached copy of the anonymous page with an
- * older Last-Modified date, the proxy may respond with 304 Not Modified, making
- * the client think that the anonymous and authenticated pageviews are
- * identical.
+ * ETag and Last-Modified headers are not set per default for authenticated
+ * users so that browsers do not send If-Modified-Since headers from
+ * authenticated user pages. drupal_serve_page_from_cache() will set appropriate
+ * ETag and Last-Modified headers for cached pages.
  *
  * @see drupal_page_set_cache()
  */
@@ -1254,9 +1261,7 @@ function drupal_page_header() {
 
   $default_headers = array(
     'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT',
-    'Last-Modified' => gmdate(DATE_RFC1123, REQUEST_TIME),
     'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0',
-    'ETag' => '"' . REQUEST_TIME . '"',
   );
   drupal_send_headers($default_headers);
 }
@@ -1274,7 +1279,7 @@ function drupal_page_header() {
  */
 function drupal_serve_page_from_cache(stdClass $cache) {
   // Negotiate whether to use compression.
-  $page_compression = variable_get('page_compression', TRUE) && extension_loaded('zlib');
+  $page_compression = !empty($cache->data['page_compressed']);
   $return_compressed = $page_compression && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== FALSE;
 
   // Get headers set in hook_boot(). Keys are lower-case.
@@ -1324,7 +1329,7 @@ function drupal_serve_page_from_cache(stdClass $cache) {
     drupal_add_http_header($name, $value);
   }
 
-  $default_headers['Last-Modified'] = gmdate(DATE_RFC1123, $cache->created);
+  $default_headers['Last-Modified'] = gmdate(DATE_RFC7231, $cache->created);
 
   // HTTP/1.0 proxies does not support the Vary header, so prevent any caching
   // by sending an Expires date in the past. HTTP/1.1 clients ignores the
@@ -1405,6 +1410,7 @@ function drupal_unpack($obj, $field = 'data') {
  * more information, including recommendations on how to break up or not
  * break up strings for translation.
  *
+ * @section sec_translating_vars Translating Variables
  * You should never use t() to translate variables, such as calling
  * @code t($text); @endcode, unless the text that the variable holds has been
  * passed through t() elsewhere (e.g., $text is one of several translated
@@ -1420,9 +1426,11 @@ function drupal_unpack($obj, $field = 'data') {
  * Basically, you can put variables like @name into your string, and t() will
  * substitute their sanitized values at translation time. (See the
  * Localization API pages referenced above and the documentation of
- * format_string() for details.) Translators can then rearrange the string as
- * necessary for the language (e.g., in Spanish, it might be "blog de @name").
+ * format_string() for details about how to define variables in your string.)
+ * Translators can then rearrange the string as necessary for the language
+ * (e.g., in Spanish, it might be "blog de @name").
  *
+ * @section sec_alt_funcs_install Use During Installation Phase
  * During the Drupal installation phase, some resources used by t() wil not be
  * available to code that needs localization. See st() and get_t() for
  * alternatives.
@@ -1484,21 +1492,34 @@ function t($string, array $args = array(), array $options = array()) {
 }
 
 /**
- * Replaces placeholders with sanitized values in a string.
+ * Formats a string for HTML display by replacing variable placeholders.
+ *
+ * This function replaces variable placeholders in a string with the requested
+ * values and escapes the values so they can be safely displayed as HTML. It
+ * should be used on any unknown text that is intended to be printed to an HTML
+ * page (especially text that may have come from untrusted users, since in that
+ * case it prevents cross-site scripting and other security problems).
+ *
+ * In most cases, you should use t() rather than calling this function
+ * directly, since it will translate the text (on non-English-only sites) in
+ * addition to formatting it.
  *
  * @param $string
  *   A string containing placeholders.
  * @param $args
  *   An associative array of replacements to make. Occurrences in $string of
- *   any key in $args are replaced with the corresponding value, after
- *   sanitization. The sanitization function depends on the first character of
- *   the key:
- *   - !variable: Inserted as is. Use this for text that has already been
- *     sanitized.
- *   - @variable: Escaped to HTML using check_plain(). Use this for anything
- *     displayed on a page on the site.
- *   - %variable: Escaped as a placeholder for user-submitted content using
- *     drupal_placeholder(), which shows up as emphasized text.
+ *   any key in $args are replaced with the corresponding value, after optional
+ *   sanitization and formatting. The type of sanitization and formatting
+ *   depends on the first character of the key:
+ *   - @variable: Escaped to HTML using check_plain(). Use this as the default
+ *     choice for anything displayed on a page on the site.
+ *   - %variable: Escaped to HTML and formatted using drupal_placeholder(),
+ *     which makes it display as emphasized text.
+ *   - !variable: Inserted as is, with no sanitization or formatting. Only use
+ *     this for text that has already been prepared for HTML display (for
+ *     example, user-supplied text that has already been run through
+ *     check_plain() previously, or is expected to contain some limited HTML
+ *     tags and has already been run through filter_xss() previously).
  *
  * @see t()
  * @ingroup sanitization
@@ -1531,12 +1552,13 @@ function format_string($string, array $args = array()) {
  * Also validates strings as UTF-8 to prevent cross site scripting attacks on
  * Internet Explorer 6.
  *
- * @param $text
+ * @param string $text
  *   The text to be checked or processed.
  *
- * @return
- *   An HTML safe version of $text, or an empty string if $text is not
- *   valid UTF-8.
+ * @return string
+ *   An HTML safe version of $text. If $text is not valid UTF-8, an empty string
+ *   is returned and, on PHP < 5.4, a warning may be issued depending on server
+ *   configuration (see @link https://bugs.php.net/bug.php?id=47494 @endlink).
  *
  * @see drupal_validate_utf8()
  * @ingroup sanitization
@@ -1621,14 +1643,14 @@ function request_uri() {
  *   information about the passed-in exception is used.
  * @param $variables
  *   Array of variables to replace in the message on display. Defaults to the
- *   return value of drupal_decode_exception().
+ *   return value of _drupal_decode_exception().
  * @param $severity
  *   The severity of the message, as per RFC 3164.
  * @param $link
  *   A link to associate with the message.
  *
  * @see watchdog()
- * @see drupal_decode_exception()
+ * @see _drupal_decode_exception()
  */
 function watchdog_exception($type, Exception $exception, $message = NULL, $variables = array(), $severity = WATCHDOG_ERROR, $link = NULL) {
 
@@ -1912,6 +1934,33 @@ function drupal_block_denied($ip) {
   }
 }
 
+/**
+ * Returns a URL-safe, base64 encoded string of highly randomized bytes (over the full 8-bit range).
+ *
+ * @param $byte_count
+ *   The number of random bytes to fetch and base64 encode.
+ *
+ * @return string
+ *   The base64 encoded result will have a length of up to 4 * $byte_count.
+ */
+function drupal_random_key($byte_count = 32) {
+  return drupal_base64_encode(drupal_random_bytes($byte_count));
+}
+
+/**
+ * Returns a URL-safe, base64 encoded version of the supplied string.
+ *
+ * @param $string
+ *   The string to convert to base64.
+ *
+ * @return string
+ */
+function drupal_base64_encode($string) {
+  $data = base64_encode($string);
+  // Modify the output so it's safe to use in URLs.
+  return strtr($data, array('+' => '-', '/' => '_', '=' => ''));
+}
+
 /**
  * Returns a string of highly randomized bytes (over the full 8-bit range).
  *
@@ -1925,38 +1974,34 @@ function drupal_block_denied($ip) {
  */
 function drupal_random_bytes($count)  {
   // $random_state does not use drupal_static as it stores random bytes.
-  static $random_state, $bytes, $php_compatible;
-  // Initialize on the first call. The contents of $_SERVER includes a mix of
-  // user-specific and system information that varies a little with each page.
-  if (!isset($random_state)) {
-    $random_state = print_r($_SERVER, TRUE);
-    if (function_exists('getmypid')) {
-      // Further initialize with the somewhat random PHP process ID.
-      $random_state .= getmypid();
-    }
-    $bytes = '';
-  }
-  if (strlen($bytes) < $count) {
+  static $random_state, $bytes, $has_openssl;
+
+  $missing_bytes = $count - strlen($bytes);
+
+  if ($missing_bytes > 0) {
     // PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes()
     // locking on Windows and rendered it unusable.
-    if (!isset($php_compatible)) {
-      $php_compatible = version_compare(PHP_VERSION, '5.3.4', '>=');
+    if (!isset($has_openssl)) {
+      $has_openssl = version_compare(PHP_VERSION, '5.3.4', '>=') && function_exists('openssl_random_pseudo_bytes');
     }
-    // /dev/urandom is available on many *nix systems and is considered the
-    // best commonly available pseudo-random source.
-    if ($fh = @fopen('/dev/urandom', 'rb')) {
+
+    // openssl_random_pseudo_bytes() will find entropy in a system-dependent
+    // way.
+    if ($has_openssl) {
+      $bytes .= openssl_random_pseudo_bytes($missing_bytes);
+    }
+
+    // Else, read directly from /dev/urandom, which is available on many *nix
+    // systems and is considered cryptographically secure.
+    elseif ($fh = @fopen('/dev/urandom', 'rb')) {
       // PHP only performs buffered reads, so in reality it will always read
       // at least 4096 bytes. Thus, it costs nothing extra to read and store
       // that much so as to speed any additional invocations.
-      $bytes .= fread($fh, max(4096, $count));
+      $bytes .= fread($fh, max(4096, $missing_bytes));
       fclose($fh);
     }
-    // openssl_random_pseudo_bytes() will find entropy in a system-dependent
-    // way.
-    elseif ($php_compatible && function_exists('openssl_random_pseudo_bytes')) {
-      $bytes .= openssl_random_pseudo_bytes($count - strlen($bytes));
-    }
-    // If /dev/urandom is not available or returns no bytes, this loop will
+
+    // If we couldn't get enough entropy, this simple hash-based PRNG will
     // generate a good set of pseudo-random bytes on any system.
     // Note that it may be important that our $random_state is passed
     // through hash() prior to being rolled into $output, that the two hash()
@@ -1964,9 +2009,23 @@ function drupal_random_bytes($count)  {
     // the microtime() - is prepended rather than appended. This is to avoid
     // directly leaking $random_state via the $output stream, which could
     // allow for trivial prediction of further "random" numbers.
-    while (strlen($bytes) < $count) {
-      $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
-      $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
+    if (strlen($bytes) < $count) {
+      // Initialize on the first call. The contents of $_SERVER includes a mix of
+      // user-specific and system information that varies a little with each page.
+      if (!isset($random_state)) {
+        $random_state = print_r($_SERVER, TRUE);
+        if (function_exists('getmypid')) {
+          // Further initialize with the somewhat random PHP process ID.
+          $random_state .= getmypid();
+        }
+        $bytes = '';
+      }
+
+      do {
+        $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
+        $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
+      }
+      while (strlen($bytes) < $count);
     }
   }
   $output = substr($bytes, 0, $count);
@@ -1977,17 +2036,21 @@ function drupal_random_bytes($count)  {
 /**
  * Calculates a base-64 encoded, URL-safe sha-256 hmac.
  *
- * @param $data
+ * @param string $data
  *   String to be validated with the hmac.
- * @param $key
+ * @param string $key
  *   A secret string key.
  *
- * @return
+ * @return string
  *   A base-64 encoded sha-256 hmac, with + replaced with -, / with _ and
  *   any = padding characters removed.
  */
 function drupal_hmac_base64($data, $key) {
-  $hmac = base64_encode(hash_hmac('sha256', $data, $key, TRUE));
+  // Casting $data and $key to strings here is necessary to avoid empty string
+  // results of the hash function if they are not scalar values. As this
+  // function is used in security-critical contexts like token validation it is
+  // important that it never returns an empty string.
+  $hmac = base64_encode(hash_hmac('sha256', (string) $data, (string) $key, TRUE));
   // Modify the hmac so it's safe to use in URLs.
   return strtr($hmac, array('+' => '-', '/' => '_', '=' => ''));
 }
@@ -2088,7 +2151,7 @@ function drupal_array_merge_deep_array($arrays) {
  * @return Object - the user object.
  */
 function drupal_anonymous_user() {
-  $user = new stdClass();
+  $user = variable_get('drupal_anonymous_user_object', new stdClass);
   $user->uid = 0;
   $user->hostname = ip_address();
   $user->roles = array();
@@ -2107,7 +2170,7 @@ function drupal_anonymous_user() {
  *   drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
  * @endcode
  *
- * @param $phase
+ * @param int $phase
  *   A constant telling which phase to bootstrap to. When you bootstrap to a
  *   particular phase, all earlier phases are run automatically. Possible
  *   values:
@@ -2120,11 +2183,11 @@ function drupal_anonymous_user() {
  *   - DRUPAL_BOOTSTRAP_LANGUAGE: Finds out the language of the page.
  *   - DRUPAL_BOOTSTRAP_FULL: Fully loads Drupal. Validates and fixes input
  *     data.
- * @param $new_phase
+ * @param boolean $new_phase
  *   A boolean, set to FALSE if calling drupal_bootstrap from inside a
  *   function called from drupal_bootstrap (recursion).
  *
- * @return
+ * @return int
  *   The most recently completed phase.
  */
 function drupal_bootstrap($phase = NULL, $new_phase = TRUE) {
@@ -2146,12 +2209,13 @@ function drupal_bootstrap($phase = NULL, $new_phase = TRUE) {
   // bootstrap state.
   static $stored_phase = -1;
 
-  // When not recursing, store the phase name so it's not forgotten while
-  // recursing.
-  if ($new_phase) {
-    $final_phase = $phase;
-  }
   if (isset($phase)) {
+    // When not recursing, store the phase name so it's not forgotten while
+    // recursing but take care of not going backwards.
+    if ($new_phase && $phase >= $stored_phase) {
+      $final_phase = $phase;
+    }
+
     // Call a phase if it has not been called before and is below the requested
     // phase.
     while ($phases && $phase > $stored_phase && $final_phase > $stored_phase) {
@@ -2218,6 +2282,19 @@ function drupal_get_user_timezone() {
   }
 }
 
+/**
+ * Gets a salt useful for hardening against SQL injection.
+ *
+ * @return
+ *   A salt based on information in settings.php, not in the database.
+ */
+function drupal_get_hash_salt() {
+  global $drupal_hash_salt, $databases;
+  // If the $drupal_hash_salt variable is empty, a hash of the serialized
+  // database credentials is used as a fallback salt.
+  return empty($drupal_hash_salt) ? hash('sha256', serialize($databases)) : $drupal_hash_salt;
+}
+
 /**
  * Provides custom PHP error handling.
  *
@@ -2404,6 +2481,26 @@ function _drupal_bootstrap_variables() {
   // Load bootstrap modules.
   require_once DRUPAL_ROOT . '/includes/module.inc';
   module_load_all(TRUE);
+
+  // Sanitize the destination parameter (which is often used for redirects) to
+  // prevent open redirect attacks leading to other domains. Sanitize both
+  // $_GET['destination'] and $_REQUEST['destination'] to protect code that
+  // relies on either, but do not sanitize $_POST to avoid interfering with
+  // unrelated form submissions. The sanitization happens here because
+  // url_is_external() requires the variable system to be available.
+  if (isset($_GET['destination']) || isset($_REQUEST['destination'])) {
+    require_once DRUPAL_ROOT . '/includes/common.inc';
+    // If the destination is an external URL, remove it.
+    if (isset($_GET['destination']) && url_is_external($_GET['destination'])) {
+      unset($_GET['destination']);
+      unset($_REQUEST['destination']);
+    }
+    // If there's still something in $_REQUEST['destination'] that didn't come
+    // from $_GET, check it too.
+    if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) {
+      unset($_REQUEST['destination']);
+    }
+  }
 }
 
 /**
@@ -2426,7 +2523,7 @@ function _drupal_bootstrap_page_header() {
  * @see drupal_bootstrap()
  */
 function drupal_get_bootstrap_phase() {
-  return drupal_bootstrap();
+  return drupal_bootstrap(NULL, FALSE);
 }
 
 /**
@@ -2438,7 +2535,6 @@ function drupal_get_bootstrap_phase() {
  *   HMAC and timestamp.
  */
 function drupal_valid_test_ua() {
-  global $drupal_hash_salt;
   // No reason to reset this.
   static $test_prefix;
 
@@ -2452,7 +2548,7 @@ function drupal_valid_test_ua() {
     // We use the salt from settings.php to make the HMAC key, since
     // the database is not yet initialized and we can't access any Drupal variables.
     // The file properties add more entropy not easily accessible to others.
-    $key = $drupal_hash_salt . filectime(__FILE__) . fileinode(__FILE__);
+    $key = drupal_get_hash_salt() . filectime(__FILE__) . fileinode(__FILE__);
     $time_diff = REQUEST_TIME - $time;
     // Since we are making a local request a 5 second time window is allowed,
     // and the HMAC must match.
@@ -2470,14 +2566,13 @@ function drupal_valid_test_ua() {
  * Generates a user agent string with a HMAC and timestamp for simpletest.
  */
 function drupal_generate_test_ua($prefix) {
-  global $drupal_hash_salt;
   static $key;
 
   if (!isset($key)) {
     // We use the salt from settings.php to make the HMAC key, since
     // the database is not yet initialized and we can't access any Drupal variables.
     // The file properties add more entropy not easily accessible to others.
-    $key = $drupal_hash_salt . filectime(__FILE__) . fileinode(__FILE__);
+    $key = drupal_get_hash_salt() . filectime(__FILE__) . fileinode(__FILE__);
   }
   // Generate a moderately secure HMAC based on the database credentials.
   $salt = uniqid('', TRUE);
@@ -2542,7 +2637,7 @@ function drupal_installation_attempted() {
  *
  * This would include implementations of hook_install(), which could run
  * during the Drupal installation phase, and might also be run during
- * non-installation time, such as while installing the module from the the
+ * non-installation time, such as while installing the module from the
  * module administration page.
  *
  * Example usage:
@@ -3071,10 +3166,13 @@ function _registry_check_code($type, $name = NULL) {
   // This function may get called when the default database is not active, but
   // there is no reason we'd ever want to not use the default database for
   // this query.
-  $file = Database::getConnection('default', 'default')->query("SELECT filename FROM {registry} WHERE name = :name AND type = :type", array(
-      ':name' => $name,
-      ':type' => $type,
-    ))
+  $file = Database::getConnection('default', 'default')
+    ->select('registry', 'r', array('target' => 'default'))
+    ->fields('r', array('filename'))
+    // Use LIKE here to make the query case-insensitive.
+    ->condition('r.name', db_like($name), 'LIKE')
+    ->condition('r.type', $type)
+    ->execute()
     ->fetchField();
 
   // Flag that we've run a lookup query and need to update the cache.
@@ -3222,8 +3320,8 @@ function registry_update() {
  * However, the above line of code does not work, because PHP only allows static
  * variables to be initializied by literal values, and does not allow static
  * variables to be assigned to references.
- * - http://php.net/manual/en/language.variables.scope.php#language.variables.scope.static
- * - http://php.net/manual/en/language.variables.scope.php#language.variables.scope.references
+ * - http://php.net/manual/language.variables.scope.php#language.variables.scope.static
+ * - http://php.net/manual/language.variables.scope.php#language.variables.scope.references
  * The example below shows the syntax needed to work around both limitations.
  * For benchmarks and more information, see http://drupal.org/node/619666.
  *
@@ -3248,11 +3346,9 @@ function registry_update() {
  * @param $default_value
  *   Optional default value.
  * @param $reset
- *   TRUE to reset a specific named variable, or all variables if $name is NULL.
- *   Resetting every variable should only be used, for example, for running
- *   unit tests with a clean environment. Should be used only though via
- *   function drupal_static_reset() and the return value should not be used in
- *   this case.
+ *   TRUE to reset one or all variables(s). This parameter is only used
+ *   internally and should not be passed in; use drupal_static_reset() instead.
+ *   (This function's return value should not be used when TRUE is passed in.)
  *
  * @return
  *   Returns a variable by reference.
@@ -3297,6 +3393,8 @@ function &drupal_static($name, $default_value = NULL, $reset = FALSE) {
  *
  * @param $name
  *   Name of the static variable to reset. Omit to reset all variables.
+ *   Resetting all variables should only be used, for example, for running unit
+ *   tests with a clean environment.
  */
 function drupal_static_reset($name = NULL) {
   drupal_static($name, NULL, TRUE);
@@ -3383,3 +3481,63 @@ function _drupal_shutdown_function() {
     }
   }
 }
+
+/**
+ * Compares the memory required for an operation to the available memory.
+ *
+ * @param $required
+ *   The memory required for the operation, expressed as a number of bytes with
+ *   optional SI or IEC binary unit prefix (e.g. 2, 3K, 5MB, 10G, 6GiB, 8bytes,
+ *   9mbytes).
+ * @param $memory_limit
+ *   (optional) The memory limit for the operation, expressed as a number of
+ *   bytes with optional SI or IEC binary unit prefix (e.g. 2, 3K, 5MB, 10G,
+ *   6GiB, 8bytes, 9mbytes). If no value is passed, the current PHP
+ *   memory_limit will be used. Defaults to NULL.
+ *
+ * @return
+ *   TRUE if there is sufficient memory to allow the operation, or FALSE
+ *   otherwise.
+ */
+function drupal_check_memory_limit($required, $memory_limit = NULL) {
+  if (!isset($memory_limit)) {
+    $memory_limit = ini_get('memory_limit');
+  }
+
+  // There is sufficient memory if:
+  // - No memory limit is set.
+  // - The memory limit is set to unlimited (-1).
+  // - The memory limit is greater than the memory required for the operation.
+  return ((!$memory_limit) || ($memory_limit == -1) || (parse_size($memory_limit) >= parse_size($required)));
+}
+
+/**
+ * Invalidates a PHP file from any active opcode caches.
+ *
+ * If the opcode cache does not support the invalidation of individual files,
+ * the entire cache will be flushed.
+ *
+ * @param string $filepath
+ *   The absolute path of the PHP file to invalidate.
+ */
+function drupal_clear_opcode_cache($filepath) {
+  if (!defined('PHP_VERSION_ID') || PHP_VERSION_ID < 50300) {
+    // Below PHP 5.3, clearstatcache does not accept any function parameters.
+    clearstatcache();
+  }
+  else {
+    clearstatcache(TRUE, $filepath);
+  }
+
+  // Zend OPcache.
+  if (function_exists('opcache_invalidate')) {
+    opcache_invalidate($filepath, TRUE);
+  }
+  // APC.
+  if (function_exists('apc_delete_file')) {
+    // apc_delete_file() throws a PHP warning in case the specified file was
+    // not compiled yet.
+    // @see http://php.net/apc-delete-file
+    @apc_delete_file($filepath);
+  }
+}
diff --git a/includes/cache.inc b/includes/cache.inc
index a19d3c3..207bf66 100644
--- a/includes/cache.inc
+++ b/includes/cache.inc
@@ -80,43 +80,15 @@ function cache_get_multiple(array &$cids, $bin = 'cache') {
  * same name. Other implementations might want to store several bins in data
  * structures that get flushed together. While it is not a problem for most
  * cache bins if the entries in them are flushed before their expire time, some
- * might break functionality or are extremely expensive to recalculate. These
- * will be marked with a (*). The other bins expired automatically by core.
- * Contributed modules can add additional bins and get them expired
- * automatically by implementing hook_flush_caches().
- *
- *  - cache: Generic cache storage bin (used for variables, theme registry,
- *  locale date, list of simpletest tests etc).
- *
- *  - cache_block: Stores the content of various blocks.
- *
- *  - cache field: Stores the field data belonging to a given object.
- *
- *  - cache_filter: Stores filtered pieces of content.
- *
- *  - cache_form(*): Stores multistep forms. Flushing this bin means that some
- *  forms displayed to users lose their state and the data already submitted
- *  to them.
- *
- *  - cache_menu: Stores the structure of visible navigation menus per page.
- *
- *  - cache_page: Stores generated pages for anonymous users. It is flushed
- *  very often, whenever a page changes, at least for every ode and comment
- *  submission. This is the only bin affected by the page cache setting on
- *  the administrator panel.
- *
- *  - cache path: Stores the system paths that have an alias.
- *
- *  - cache update(*): Stores available releases. The update server (for
- *  example, drupal.org) needs to produce the relevant XML for every project
- *  installed on the current site. As this is different for (almost) every
- *  site, it's very expensive to recalculate for the update server.
+ * might break functionality or are extremely expensive to recalculate. The
+ * other bins are expired automatically by core. Contributed modules can add
+ * additional bins and get them expired automatically by implementing
+ * hook_flush_caches().
  *
  * The reasons for having several bins are as follows:
- *
- * - smaller bins mean smaller database tables and allow for faster selects and
- *   inserts
- * - we try to put fast changing cache items and rather static ones into
+ * - Smaller bins mean smaller database tables and allow for faster selects and
+ *   inserts.
+ * - We try to put fast changing cache items and rather static ones into
  *   different bins. The effect is that only the fast changing bins will need a
  *   lot of writes to disk. The more static bins will also be better cacheable
  *   with MySQL's query cache.
@@ -125,15 +97,31 @@ function cache_get_multiple(array &$cids, $bin = 'cache') {
  *   The cache ID of the data to store.
  * @param $data
  *   The data to store in the cache. Complex data types will be automatically
- *   serialized before insertion.
- *   Strings will be stored as plain text and not serialized.
+ *   serialized before insertion. Strings will be stored as plain text and are
+ *   not serialized. Some storage engines only allow objects up to a maximum of
+ *   1MB in size to be stored by default. When caching large arrays or similar,
+ *   take care to ensure $data does not exceed this size.
  * @param $bin
- *   The cache bin to store the data in. Valid core values are 'cache_block',
- *   'cache_bootstrap', 'cache_field', 'cache_filter', 'cache_form',
- *   'cache_menu', 'cache_page', 'cache_update' or 'cache' for the default
- *   cache.
+ *   (optional) The cache bin to store the data in. Valid core values are:
+ *   - cache: (default) Generic cache storage bin (used for theme registry,
+ *     locale date, list of simpletest tests, etc.).
+ *   - cache_block: Stores the content of various blocks.
+ *   - cache_bootstrap: Stores the class registry, the system list of modules,
+ *     the list of which modules implement which hooks, and the Drupal variable
+ *     list.
+ *   - cache_field: Stores the field data belonging to a given object.
+ *   - cache_filter: Stores filtered pieces of content.
+ *   - cache_form: Stores multistep forms. Flushing this bin means that some
+ *     forms displayed to users lose their state and the data already submitted
+ *     to them. This bin should not be flushed before its expired time.
+ *   - cache_menu: Stores the structure of visible navigation menus per page.
+ *   - cache_page: Stores generated pages for anonymous users. It is flushed
+ *     very often, whenever a page changes, at least for every node and comment
+ *     submission. This is the only bin affected by the page cache setting on
+ *     the administrator panel.
+ *   - cache_path: Stores the system paths that have an alias.
  * @param $expire
- *   One of the following values:
+ *   (optional) One of the following values:
  *   - CACHE_PERMANENT: Indicates that the item should never be removed unless
  *     explicitly told to using cache_clear_all() with a cache ID.
  *   - CACHE_TEMPORARY: Indicates that the item should be removed at the next
@@ -141,6 +129,7 @@ function cache_get_multiple(array &$cids, $bin = 'cache') {
  *   - A Unix timestamp: Indicates that the item should be kept at least until
  *     the given time, after which it behaves like CACHE_TEMPORARY.
  *
+ * @see _update_cache_set()
  * @see cache_get()
  */
 function cache_set($cid, $data, $bin = 'cache', $expire = CACHE_PERMANENT) {
@@ -150,18 +139,20 @@ function cache_set($cid, $data, $bin = 'cache', $expire = CACHE_PERMANENT) {
 /**
  * Expires data from the cache.
  *
- * If called without arguments, expirable entries will be cleared from the
- * cache_page and cache_block bins.
+ * If called with the arguments $cid and $bin set to NULL or omitted, then
+ * expirable entries will be cleared from the cache_page and cache_block bins,
+ * and the $wildcard argument is ignored.
  *
  * @param $cid
- *   If set, the cache ID to delete. Otherwise, all cache entries that can
- *   expire are deleted.
+ *   If set, the cache ID or an array of cache IDs. Otherwise, all cache entries
+ *   that can expire are deleted. The $wildcard argument will be ignored if set
+ *   to NULL.
  * @param $bin
  *   If set, the cache bin to delete from. Mandatory argument if $cid is set.
  * @param $wildcard
- *   If TRUE, cache IDs starting with $cid are deleted in addition to the
- *   exact cache ID specified by $cid. If $wildcard is TRUE and $cid is '*',
- *   the entire cache bin is emptied.
+ *   If TRUE, the $cid argument must contain a string value and cache IDs
+ *   starting with $cid are deleted in addition to the exact cache ID specified
+ *   by $cid. If $wildcard is TRUE and $cid is '*', the entire cache is emptied.
  */
 function cache_clear_all($cid = NULL, $bin = NULL, $wildcard = FALSE) {
   if (!isset($cid) && !isset($bin)) {
@@ -230,13 +221,6 @@ function cache_is_empty($bin) {
  * @see DrupalDatabaseCache
  */
 interface DrupalCacheInterface {
-  /**
-   * Constructs a new cache interface.
-   *
-   * @param $bin
-   *   The cache bin for which the object is created.
-   */
-  function __construct($bin);
 
   /**
    * Returns data from the persistent cache.
@@ -272,10 +256,12 @@ interface DrupalCacheInterface {
    *   The cache ID of the data to store.
    * @param $data
    *   The data to store in the cache. Complex data types will be automatically
-   *   serialized before insertion.
-   *   Strings will be stored as plain text and not serialized.
+   *   serialized before insertion. Strings will be stored as plain text and not
+   *   serialized. Some storage engines only allow objects up to a maximum of
+   *   1MB in size to be stored by default. When caching large arrays or
+   *   similar, take care to ensure $data does not exceed this size.
    * @param $expire
-   *   One of the following values:
+   *   (optional) One of the following values:
    *   - CACHE_PERMANENT: Indicates that the item should never be removed unless
    *     explicitly told to using cache_clear_all() with a cache ID.
    *   - CACHE_TEMPORARY: Indicates that the item should be removed at the next
@@ -293,12 +279,14 @@ interface DrupalCacheInterface {
    * cache_page and cache_block bins.
    *
    * @param $cid
-   *   If set, the cache ID to delete. Otherwise, all cache entries that can
-   *   expire are deleted.
+   *   If set, the cache ID or an array of cache IDs. Otherwise, all cache
+   *   entries that can expire are deleted. The $wildcard argument will be
+   *   ignored if set to NULL.
    * @param $wildcard
-   *   If set to TRUE, the $cid is treated as a substring
-   *   to match rather than a complete ID. The match is a right hand
-   *   match. If '*' is given as $cid, the bin $bin will be emptied.
+   *   If TRUE, the $cid argument must contain a string value and cache IDs
+   *   starting with $cid are deleted in addition to the exact cache ID
+   *   specified by $cid. If $wildcard is TRUE and $cid is '*', the entire
+   *   cache is emptied.
    */
   function clear($cid = NULL, $wildcard = FALSE);
 
@@ -324,7 +312,10 @@ class DrupalDatabaseCache implements DrupalCacheInterface {
   protected $bin;
 
   /**
-   * Constructs a new DrupalDatabaseCache object.
+   * Constructs a DrupalDatabaseCache object.
+   *
+   * @param $bin
+   *   The cache bin for which the object is created.
    */
   function __construct($bin) {
     $this->bin = $bin;
@@ -518,7 +509,16 @@ class DrupalDatabaseCache implements DrupalCacheInterface {
     else {
       if ($wildcard) {
         if ($cid == '*') {
-          db_truncate($this->bin)->execute();
+          // Check if $this->bin is a cache table before truncating. Other
+          // cache_clear_all() operations throw a PDO error in this situation,
+          // so we don't need to verify them first. This ensures that non-cache
+          // tables cannot be truncated accidentally.
+          if ($this->isValidBin()) {
+            db_truncate($this->bin)->execute();
+          }
+          else {
+            throw new Exception(t('Invalid or missing cache bin specified: %bin', array('%bin' => $this->bin)));
+          }
         }
         else {
           db_delete($this->bin)
@@ -555,4 +555,25 @@ class DrupalDatabaseCache implements DrupalCacheInterface {
       ->fetchField();
     return empty($result);
   }
+
+  /**
+   * Checks if $this->bin represents a valid cache table.
+   *
+   * This check is required to ensure that non-cache tables are not truncated
+   * accidentally when calling cache_clear_all().
+   *
+   * @return boolean
+   */
+  function isValidBin() {
+    if ($this->bin == 'cache' || substr($this->bin, 0, 6) == 'cache_') {
+      // Skip schema check for bins with standard table names.
+      return TRUE;
+    }
+    // These fields are required for any cache table.
+    $fields = array('cid', 'data', 'expire', 'created', 'serialized');
+    // Load the table schema.
+    $schema = drupal_get_schema($this->bin);
+    // Confirm that all fields are present.
+    return isset($schema['fields']) && !array_diff($fields, array_keys($schema['fields']));
+  }
 }
diff --git a/includes/common.inc b/includes/common.inc
index 8276576..0437ec1 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -281,7 +281,7 @@ function drupal_get_rdf_namespaces() {
 /**
  * Adds output to the HEAD tag of the HTML page.
  *
- * This function can be called as long the headers aren't sent. Pass no
+ * This function can be called as long as the headers aren't sent. Pass no
  * arguments (or NULL for both) to retrieve the currently stored elements.
  *
  * @param $data
@@ -458,7 +458,7 @@ function drupal_get_query_array($query) {
   $result = array();
   if (!empty($query)) {
     foreach (explode('&', $query) as $param) {
-      $param = explode('=', $param);
+      $param = explode('=', $param, 2);
       $result[$param[0]] = isset($param[1]) ? rawurldecode($param[1]) : '';
     }
   }
@@ -544,37 +544,32 @@ function drupal_get_destination() {
 }
 
 /**
- * Parses a system URL string into an associative array suitable for url().
+ * Parses a URL string into its path, query, and fragment components.
  *
- * This function should only be used for URLs that have been generated by the
- * system, such as via url(). It should not be used for URLs that come from
- * external sources, or URLs that link to external resources.
+ * This function splits both internal paths like @code node?b=c#d @endcode and
+ * external URLs like @code https://example.com/a?b=c#d @endcode into their
+ * component parts. See
+ * @link http://tools.ietf.org/html/rfc3986#section-3 RFC 3986 @endlink for an
+ * explanation of what the component parts are.
  *
- * The returned array contains a 'path' that may be passed separately to url().
- * For example:
- * @code
- *   $options = drupal_parse_url($_GET['destination']);
- *   $my_url = url($options['path'], $options);
- *   $my_link = l('Example link', $options['path'], $options);
- * @endcode
+ * Note that, unlike the RFC, when passed an external URL, this function
+ * groups the scheme, authority, and path together into the path component.
  *
- * This is required, because url() does not support relative URLs containing a
- * query string or fragment in its $path argument. Instead, any query string
- * needs to be parsed into an associative query parameter array in
- * $options['query'] and the fragment into $options['fragment'].
+ * @param string $url
+ *   The internal path or external URL string to parse.
  *
- * @param $url
- *   The URL string to parse, f.e. $_GET['destination'].
+ * @return array
+ *   An associative array containing:
+ *   - path: The path component of $url. If $url is an external URL, this
+ *     includes the scheme, authority, and path.
+ *   - query: An array of query parameters from $url, if they exist.
+ *   - fragment: The fragment component from $url, if it exists.
  *
- * @return
- *   An associative array containing the keys:
- *   - 'path': The path of the URL. If the given $url is external, this includes
- *     the scheme and host.
- *   - 'query': An array of query parameters of $url, if existent.
- *   - 'fragment': The fragment of $url, if existent.
- *
- * @see url()
  * @see drupal_goto()
+ * @see l()
+ * @see url()
+ * @see http://tools.ietf.org/html/rfc3986
+ *
  * @ingroup php_wrappers
  */
 function drupal_parse_url($url) {
@@ -641,7 +636,7 @@ function drupal_encode_path($path) {
 }
 
 /**
- * Sends the user to a different Drupal page.
+ * Sends the user to a different page.
  *
  * This issues an on-site HTTP redirect. The function makes sure the redirected
  * URL is formatted correctly.
@@ -785,6 +780,13 @@ function drupal_access_denied() {
  *   - data: A string containing the response body that was received.
  */
 function drupal_http_request($url, array $options = array()) {
+  // Allow an alternate HTTP client library to replace Drupal's default
+  // implementation.
+  $override_function = variable_get('drupal_http_request_function', FALSE);
+  if (!empty($override_function) && function_exists($override_function)) {
+    return $override_function($url, $options);
+  }
+
   $result = new stdClass();
 
   // Parse the URL and make sure we can handle the schema.
@@ -922,7 +924,7 @@ function drupal_http_request($url, array $options = array()) {
 
   // If the server URL has a user then attempt to use basic authentication.
   if (isset($uri['user'])) {
-    $options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (isset($uri['pass']) ? ':' . $uri['pass'] : ''));
+    $options['headers']['Authorization'] = 'Basic ' . base64_encode($uri['user'] . (isset($uri['pass']) ? ':' . $uri['pass'] : ':'));
   }
 
   // If the database prefix is being used by SimpleTest to run the tests in a copied
@@ -983,9 +985,10 @@ function drupal_http_request($url, array $options = array()) {
   $response = preg_split("/\r\n|\n|\r/", $response);
 
   // Parse the response status line.
-  list($protocol, $code, $status_message) = explode(' ', trim(array_shift($response)), 3);
-  $result->protocol = $protocol;
-  $result->status_message = $status_message;
+  $response_status_array = _drupal_parse_response_status(trim(array_shift($response)));
+  $result->protocol = $response_status_array['http_version'];
+  $result->status_message = $response_status_array['reason_phrase'];
+  $code = $response_status_array['response_code'];
 
   $result->headers = array();
 
@@ -1076,12 +1079,43 @@ function drupal_http_request($url, array $options = array()) {
       }
       break;
     default:
-      $result->error = $status_message;
+      $result->error = $result->status_message;
   }
 
   return $result;
 }
 
+/**
+ * Splits an HTTP response status line into components.
+ *
+ * See the @link http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html status line definition @endlink
+ * in RFC 2616.
+ *
+ * @param string $respone
+ *   The response status line, for example 'HTTP/1.1 500 Internal Server Error'.
+ *
+ * @return array
+ *   Keyed array containing the component parts. If the response is malformed,
+ *   all possible parts will be extracted. 'reason_phrase' could be empty.
+ *   Possible keys:
+ *   - 'http_version'
+ *   - 'response_code'
+ *   - 'reason_phrase'
+ */
+function _drupal_parse_response_status($response) {
+  $response_array = explode(' ', trim($response), 3);
+  // Set up empty values.
+  $result = array(
+    'reason_phrase' => '',
+  );
+  $result['http_version'] = $response_array[0];
+  $result['response_code'] = $response_array[1];
+  if (isset($response_array[2])) {
+    $result['reason_phrase'] = $response_array[2];
+  }
+  return $result;
+}
+
 /**
  * Helper function for determining hosts excluded from needing a proxy.
  *
@@ -1127,7 +1161,7 @@ function _fix_gpc_magic(&$item) {
  * @param $key
  *   The key for the item within $_FILES.
  *
- * @see http://php.net/manual/en/features.file-upload.php#42280
+ * @see http://php.net/manual/features.file-upload.php#42280
  */
 function _fix_gpc_magic_files(&$item, $key) {
   if ($key != 'tmp_name') {
@@ -1167,7 +1201,8 @@ function fix_gpc_magic() {
 /**
  * Verifies the syntax of the given e-mail address.
  *
- * See @link http://tools.ietf.org/html/rfc5321 RFC 5321 @endlink for details.
+ * This uses the
+ * @link http://php.net/manual/filter.filters.validate.php PHP e-mail validation filter. @endlink
  *
  * @param $mail
  *   A string containing an e-mail address.
@@ -1418,7 +1453,6 @@ function filter_xss_admin($string) {
  *   valid UTF-8.
  *
  * @see drupal_validate_utf8()
- * @ingroup sanitization
  */
 function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')) {
   // Only operate on valid UTF-8 strings. This is necessary to prevent cross
@@ -1942,7 +1976,7 @@ function format_interval($interval, $granularity = 2, $langcode = NULL) {
  *   get interpreted as date format characters.
  * @param $timezone
  *   (optional) Time zone identifier, as described at
- *   http://php.net/manual/en/timezones.php Defaults to the time zone used to
+ *   http://php.net/manual/timezones.php Defaults to the time zone used to
  *   display the page.
  * @param $langcode
  *   (optional) Language code to translate to. Defaults to the language used to
@@ -2078,6 +2112,9 @@ function _format_date_callback(array $matches = NULL, $new_langcode = NULL) {
 /**
  * Format a username.
  *
+ * This is also the label callback implementation of
+ * callback_entity_info_label() for user_entity_info().
+ *
  * By default, the passed-in object's 'name' property is used if it exists, or
  * else, the site-defined value for the 'anonymous' variable. However, a module
  * may override this by implementing hook_username_alter(&$name, $account).
@@ -2177,14 +2214,20 @@ function url($path = NULL, array $options = array()) {
     'prefix' => ''
   );
 
+  // A duplicate of the code from url_is_external() to avoid needing another
+  // function call, since performance inside url() is critical.
   if (!isset($options['external'])) {
-    // Return an external link if $path contains an allowed absolute URL. Only
-    // call the slow drupal_strip_dangerous_protocols() if $path contains a ':'
-    // before any / ? or #. Note: we could use url_is_external($path) here, but
-    // that would require another function call, and performance inside url() is
-    // critical.
+    // Return an external link if $path contains an allowed absolute URL. Avoid
+    // calling drupal_strip_dangerous_protocols() if there is any slash (/),
+    // hash (#) or question_mark (?) before the colon (:) occurrence - if any -
+    // as this would clearly mean it is not a URL. If the path starts with 2
+    // slashes then it is always considered an external URL without an explicit
+    // protocol part.
     $colonpos = strpos($path, ':');
-    $options['external'] = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path);
+    $options['external'] = (strpos($path, '//') === 0)
+      || ($colonpos !== FALSE
+        && !preg_match('![/?#]!', substr($path, 0, $colonpos))
+        && drupal_strip_dangerous_protocols($path) == $path);
   }
 
   // Preserve the original path before altering or aliasing.
@@ -2222,6 +2265,11 @@ function url($path = NULL, array $options = array()) {
     return $path . $options['fragment'];
   }
 
+  // Strip leading slashes from internal paths to prevent them becoming external
+  // URLs without protocol. /example.com should not be turned into
+  // //example.com.
+  $path = ltrim($path, '/');
+
   global $base_url, $base_secure_url, $base_insecure_url;
 
   // The base_url might be rewritten from the language rewrite in domain mode.
@@ -2299,10 +2347,15 @@ function url($path = NULL, array $options = array()) {
  */
 function url_is_external($path) {
   $colonpos = strpos($path, ':');
-  // Avoid calling drupal_strip_dangerous_protocols() if there is any
-  // slash (/), hash (#) or question_mark (?) before the colon (:)
-  // occurrence - if any - as this would clearly mean it is not a URL.
-  return $colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && drupal_strip_dangerous_protocols($path) == $path;
+  // Avoid calling drupal_strip_dangerous_protocols() if there is any slash (/),
+  // hash (#) or question_mark (?) before the colon (:) occurrence - if any - as
+  // this would clearly mean it is not a URL. If the path starts with 2 slashes
+  // then it is always considered an external URL without an explicit protocol
+  // part.
+  return (strpos($path, '//') === 0)
+    || ($colonpos !== FALSE
+      && !preg_match('![/?#]!', substr($path, 0, $colonpos))
+      && drupal_strip_dangerous_protocols($path) == $path);
 }
 
 /**
@@ -2379,6 +2432,14 @@ function drupal_attributes(array $attributes = array()) {
  * internal links output by modules should be generated by this function if
  * possible.
  *
+ * However, for links enclosed in translatable text you should use t() and
+ * embed the HTML anchor tag directly in the translated string. For example:
+ * @code
+ * t('Visit the settings page', array('@url' => url('admin')));
+ * @endcode
+ * This keeps the context of the link title ('settings' in the example) for
+ * translators.
+ *
  * @param string $text
  *   The translated link text for the anchor tag.
  * @param string $path
@@ -2591,7 +2652,10 @@ function drupal_deliver_html_page($page_callback_result) {
 
         // Keep old path for reference, and to allow forms to redirect to it.
         if (!isset($_GET['destination'])) {
-          $_GET['destination'] = $_GET['q'];
+          // Make sure that the current path is not interpreted as external URL.
+          if (!url_is_external($_GET['q'])) {
+            $_GET['destination'] = $_GET['q'];
+          }
         }
 
         $path = drupal_get_normal_path(variable_get('site_404', ''));
@@ -2620,7 +2684,10 @@ function drupal_deliver_html_page($page_callback_result) {
 
         // Keep old path for reference, and to allow forms to redirect to it.
         if (!isset($_GET['destination'])) {
-          $_GET['destination'] = $_GET['q'];
+          // Make sure that the current path is not interpreted as external URL.
+          if (!url_is_external($_GET['q'])) {
+            $_GET['destination'] = $_GET['q'];
+          }
         }
 
         $path = drupal_get_normal_path(variable_get('site_403', ''));
@@ -2779,7 +2846,7 @@ function drupal_set_time_limit($time_limit) {
  *   The name of the item for which the path is requested.
  *
  * @return
- *   The path to the requested item.
+ *   The path to the requested item or an empty string if the item is not found.
  */
 function drupal_get_path($type, $name) {
   return dirname(drupal_get_filename($type, $name));
@@ -3429,7 +3496,11 @@ function drupal_pre_render_styles($elements) {
             $import_batch = array_slice($import, 0, 31);
             $import = array_slice($import, 31);
             $element = $style_element_defaults;
-            $element['#value'] = implode("\n", $import_batch);
+            // This simplifies the JavaScript regex, allowing each line
+            // (separated by \n) to be treated as a completely different string.
+            // This means that we can use ^ and $ on one line at a time, and not
+            // worry about style tags since they'll never match the regex.
+            $element['#value'] = "\n" . implode("\n", $import_batch) . "\n";
             $element['#attributes']['media'] = $group['media'];
             $element['#browsers'] = $group['browsers'];
             $elements[] = $element;
@@ -3654,17 +3725,23 @@ function drupal_load_stylesheet($file, $optimize = NULL, $reset_basepath = TRUE)
   if ($basepath && !file_uri_scheme($file)) {
     $file = $basepath . '/' . $file;
   }
+  // Store the parent base path to restore it later.
+  $parent_base_path = $basepath;
+  // Set the current base path to process possible child imports.
   $basepath = dirname($file);
 
   // Load the CSS stylesheet. We suppress errors because themes may specify
   // stylesheets in their .info file that don't exist in the theme's path,
   // but are merely there to disable certain module CSS files.
+  $content = '';
   if ($contents = @file_get_contents($file)) {
     // Return the processed stylesheet.
-    return drupal_load_stylesheet_content($contents, $_optimize);
+    $content = drupal_load_stylesheet_content($contents, $_optimize);
   }
 
-  return '';
+  // Restore the parent base path as the file and its childen are processed.
+  $basepath = $parent_base_path;
+  return $content;
 }
 
 /**
@@ -3681,7 +3758,7 @@ function drupal_load_stylesheet($file, $optimize = NULL, $reset_basepath = TRUE)
  */
 function drupal_load_stylesheet_content($contents, $optimize = FALSE) {
   // Remove multiple charset declarations for standards compliance (and fixing Safari problems).
-  $contents = preg_replace('/^@charset\s+[\'"](\S*)\b[\'"];/i', '', $contents);
+  $contents = preg_replace('/^@charset\s+[\'"](\S*?)\b[\'"];/i', '', $contents);
 
   if ($optimize) {
     // Perform some safe CSS optimizations.
@@ -3700,7 +3777,7 @@ function drupal_load_stylesheet_content($contents, $optimize = FALSE) {
     // Remove certain whitespace.
     // There are different conditions for removing leading and trailing
     // whitespace.
-    // @see http://php.net/manual/en/regexp.reference.subpatterns.php
+    // @see http://php.net/manual/regexp.reference.subpatterns.php
     $contents = preg_replace('<
       # Strip leading and trailing whitespace.
         \s*([@{};,])\s*
@@ -3749,7 +3826,7 @@ function _drupal_load_stylesheet($matches) {
   // Alter all internal url() paths. Leave external paths alone. We don't need
   // to normalize absolute paths here (i.e. remove folder/... segments) because
   // that will be done later.
-  return preg_replace('/url\(\s*([\'"]?)(?![a-z]+:|\/+)/i', 'url(\1'. $directory, $file);
+  return preg_replace('/url\(\s*([\'"]?)(?![a-z]+:|\/+)([^\'")]+)([\'"]?)\s*\)/i', 'url(\1' . $directory . '\2\3)', $file);
 }
 
 /**
@@ -3814,7 +3891,14 @@ function drupal_clean_css_identifier($identifier, $filter = array(' ' => '-', '_
  *   The cleaned class name.
  */
 function drupal_html_class($class) {
-  return drupal_clean_css_identifier(drupal_strtolower($class));
+  // The output of this function will never change, so this uses a normal
+  // static instead of drupal_static().
+  static $classes = array();
+
+  if (!isset($classes[$class])) {
+    $classes[$class] = drupal_clean_css_identifier(drupal_strtolower($class));
+  }
+  return $classes[$class];
 }
 
 /**
@@ -3869,7 +3953,16 @@ function drupal_html_id($id) {
       // requested id. $_POST['ajax_html_ids'] contains the ids as they were
       // returned by this function, potentially with the appended counter, so
       // we parse that to reconstruct the $seen_ids array.
-      foreach ($_POST['ajax_html_ids'] as $seen_id) {
+      if (isset($_POST['ajax_html_ids'][0]) && strpos($_POST['ajax_html_ids'][0], ',') === FALSE) {
+        $ajax_html_ids = $_POST['ajax_html_ids'];
+      }
+      else {
+        // jquery.form.js may send the server a comma-separated string as the
+        // first element of an array (see http://drupal.org/node/1575060), so
+        // we need to convert it to an array in that case.
+        $ajax_html_ids = explode(',', $_POST['ajax_html_ids'][0]);
+      }
+      foreach ($ajax_html_ids as $seen_id) {
         // We rely on '--' being used solely for separating a base id from the
         // counter, which this function ensures when returning an id.
         $parts = explode('--', $seen_id, 2);
@@ -4069,7 +4162,14 @@ function drupal_region_class($region) {
  *       else being the same, JavaScript added by a call to drupal_add_js() that
  *       happened later in the page request gets added to the page after one for
  *       which drupal_add_js() happened earlier in the page request.
- *   - defer: If set to TRUE, the defer attribute is set on the <script>
+ *   - requires_jquery: Set this to FALSE if the JavaScript you are adding does
+ *     not have a dependency on jQuery. Defaults to TRUE, except for JavaScript
+ *     settings where it defaults to FALSE. This is used on sites that have the
+ *     'javascript_always_use_jquery' variable set to FALSE; on those sites, if
+ *     all the JavaScript added to the page by drupal_add_js() does not have a
+ *     dependency on jQuery, then for improved front-end performance Drupal
+ *     will not add jQuery and related libraries and settings to the page.
+ *   - defer: If set to TRUE, the defer attribute is set on the ';
+    filter_format_save($format);
+    user_role_change_permissions(DRUPAL_ANONYMOUS_RID, array(filter_permission_name($format) => 1));
+    $this->drupalGet('filter/tips');
+    $this->assertNoRaw($format->name, 'Text format name contains no xss.');
   }
 
   /**
-   * Verify that a text format is properly stored.
+   * Verifies that a text format is properly stored.
    */
   function verifyTextFormat($format) {
     $t_args = array('%format' => $format->name);
@@ -83,17 +92,17 @@ class FilterCRUDTestCase extends DrupalWebTestCase {
       ->condition('format', $format->format)
       ->execute()
       ->fetchObject();
-    $this->assertEqual($db_format->format, $format->format, t('Database: Proper format id for text format %format.', $t_args));
-    $this->assertEqual($db_format->name, $format->name, t('Database: Proper title for text format %format.', $t_args));
-    $this->assertEqual($db_format->cache, $format->cache, t('Database: Proper cache indicator for text format %format.', $t_args));
-    $this->assertEqual($db_format->weight, $format->weight, t('Database: Proper weight for text format %format.', $t_args));
+    $this->assertEqual($db_format->format, $format->format, format_string('Database: Proper format id for text format %format.', $t_args));
+    $this->assertEqual($db_format->name, $format->name, format_string('Database: Proper title for text format %format.', $t_args));
+    $this->assertEqual($db_format->cache, $format->cache, format_string('Database: Proper cache indicator for text format %format.', $t_args));
+    $this->assertEqual($db_format->weight, $format->weight, format_string('Database: Proper weight for text format %format.', $t_args));
 
     // Verify filter_format_load().
     $filter_format = filter_format_load($format->format);
-    $this->assertEqual($filter_format->format, $format->format, t('filter_format_load: Proper format id for text format %format.', $t_args));
-    $this->assertEqual($filter_format->name, $format->name, t('filter_format_load: Proper title for text format %format.', $t_args));
-    $this->assertEqual($filter_format->cache, $format->cache, t('filter_format_load: Proper cache indicator for text format %format.', $t_args));
-    $this->assertEqual($filter_format->weight, $format->weight, t('filter_format_load: Proper weight for text format %format.', $t_args));
+    $this->assertEqual($filter_format->format, $format->format, format_string('filter_format_load: Proper format id for text format %format.', $t_args));
+    $this->assertEqual($filter_format->name, $format->name, format_string('filter_format_load: Proper title for text format %format.', $t_args));
+    $this->assertEqual($filter_format->cache, $format->cache, format_string('filter_format_load: Proper cache indicator for text format %format.', $t_args));
+    $this->assertEqual($filter_format->weight, $format->weight, format_string('filter_format_load: Proper weight for text format %format.', $t_args));
 
     // Verify the 'cache' text format property according to enabled filters.
     $filter_info = filter_get_filters();
@@ -107,11 +116,11 @@ class FilterCRUDTestCase extends DrupalWebTestCase {
         break;
       }
     }
-    $this->assertEqual($filter_format->cache, $cacheable, t('Text format contains proper cache property.'));
+    $this->assertEqual($filter_format->cache, $cacheable, 'Text format contains proper cache property.');
   }
 
   /**
-   * Verify that filters are properly stored for a text format.
+   * Verifies that filters are properly stored for a text format.
    */
   function verifyFilters($format) {
     // Verify filter database records.
@@ -121,20 +130,20 @@ class FilterCRUDTestCase extends DrupalWebTestCase {
       $t_args = array('%format' => $format->name, '%filter' => $name);
 
       // Verify that filter status is properly stored.
-      $this->assertEqual($filter->status, $format_filters[$name]['status'], t('Database: Proper status for %filter in text format %format.', $t_args));
+      $this->assertEqual($filter->status, $format_filters[$name]['status'], format_string('Database: Proper status for %filter in text format %format.', $t_args));
 
       // Verify that filter settings were properly stored.
-      $this->assertEqual(unserialize($filter->settings), isset($format_filters[$name]['settings']) ? $format_filters[$name]['settings'] : array(), t('Database: Proper filter settings for %filter in text format %format.', $t_args));
+      $this->assertEqual(unserialize($filter->settings), isset($format_filters[$name]['settings']) ? $format_filters[$name]['settings'] : array(), format_string('Database: Proper filter settings for %filter in text format %format.', $t_args));
 
       // Verify that each filter has a module name assigned.
-      $this->assertTrue(!empty($filter->module), t('Database: Proper module name for %filter in text format %format.', $t_args));
+      $this->assertTrue(!empty($filter->module), format_string('Database: Proper module name for %filter in text format %format.', $t_args));
 
       // Remove the filter from the copy of saved $format to check whether all
       // filters have been processed later.
       unset($format_filters[$name]);
     }
     // Verify that all filters have been processed.
-    $this->assertTrue(empty($format_filters), t('Database contains values for all filters in the saved format.'));
+    $this->assertTrue(empty($format_filters), 'Database contains values for all filters in the saved format.');
 
     // Verify filter_list_format().
     $filters = filter_list_format($format->format);
@@ -143,23 +152,26 @@ class FilterCRUDTestCase extends DrupalWebTestCase {
       $t_args = array('%format' => $format->name, '%filter' => $name);
 
       // Verify that filter status is properly stored.
-      $this->assertEqual($filter->status, $format_filters[$name]['status'], t('filter_list_format: Proper status for %filter in text format %format.', $t_args));
+      $this->assertEqual($filter->status, $format_filters[$name]['status'], format_string('filter_list_format: Proper status for %filter in text format %format.', $t_args));
 
       // Verify that filter settings were properly stored.
-      $this->assertEqual($filter->settings, isset($format_filters[$name]['settings']) ? $format_filters[$name]['settings'] : array(), t('filter_list_format: Proper filter settings for %filter in text format %format.', $t_args));
+      $this->assertEqual($filter->settings, isset($format_filters[$name]['settings']) ? $format_filters[$name]['settings'] : array(), format_string('filter_list_format: Proper filter settings for %filter in text format %format.', $t_args));
 
       // Verify that each filter has a module name assigned.
-      $this->assertTrue(!empty($filter->module), t('filter_list_format: Proper module name for %filter in text format %format.', $t_args));
+      $this->assertTrue(!empty($filter->module), format_string('filter_list_format: Proper module name for %filter in text format %format.', $t_args));
 
       // Remove the filter from the copy of saved $format to check whether all
       // filters have been processed later.
       unset($format_filters[$name]);
     }
     // Verify that all filters have been processed.
-    $this->assertTrue(empty($format_filters), t('filter_list_format: Loaded filters contain values for all filters in the saved format.'));
+    $this->assertTrue(empty($format_filters), 'filter_list_format: Loaded filters contain values for all filters in the saved format.');
   }
 }
 
+/**
+ * Tests the administrative functionality of the Filter module.
+ */
 class FilterAdminTestCase extends DrupalWebTestCase {
   public static function getInfo() {
     return array(
@@ -185,6 +197,9 @@ class FilterAdminTestCase extends DrupalWebTestCase {
     $this->drupalLogin($this->admin_user);
   }
 
+  /**
+   * Tests the format administration functionality.
+   */
   function testFormatAdmin() {
     // Add text format.
     $this->drupalGet('admin/config/content/formats');
@@ -199,14 +214,14 @@ class FilterAdminTestCase extends DrupalWebTestCase {
 
     // Verify default weight of the text format.
     $this->drupalGet('admin/config/content/formats');
-    $this->assertFieldByName("formats[$format_id][weight]", 0, t('Text format weight was saved.'));
+    $this->assertFieldByName("formats[$format_id][weight]", 0, 'Text format weight was saved.');
 
     // Change the weight of the text format.
     $edit = array(
       "formats[$format_id][weight]" => 5,
     );
     $this->drupalPost('admin/config/content/formats', $edit, t('Save changes'));
-    $this->assertFieldByName("formats[$format_id][weight]", 5, t('Text format weight was saved.'));
+    $this->assertFieldByName("formats[$format_id][weight]", 5, 'Text format weight was saved.');
 
     // Edit text format.
     $this->drupalGet('admin/config/content/formats');
@@ -216,7 +231,7 @@ class FilterAdminTestCase extends DrupalWebTestCase {
 
     // Verify that the custom weight of the text format has been retained.
     $this->drupalGet('admin/config/content/formats');
-    $this->assertFieldByName("formats[$format_id][weight]", 5, t('Text format weight was retained.'));
+    $this->assertFieldByName("formats[$format_id][weight]", 5, 'Text format weight was retained.');
 
     // Disable text format.
     $this->assertLinkByHref('admin/config/content/formats/' . $format_id . '/disable');
@@ -225,7 +240,7 @@ class FilterAdminTestCase extends DrupalWebTestCase {
 
     // Verify that disabled text format no longer exists.
     $this->drupalGet('admin/config/content/formats/' . $format_id);
-    $this->assertResponse(404, t('Disabled text format no longer exists.'));
+    $this->assertResponse(404, 'Disabled text format no longer exists.');
 
     // Attempt to create a format of the same machine name as the disabled
     // format but with a different human readable name.
@@ -249,7 +264,7 @@ class FilterAdminTestCase extends DrupalWebTestCase {
   }
 
   /**
-   * Test filter administration functionality.
+   * Tests filter administration functionality.
    */
   function testFilterAdmin() {
     // URL filter.
@@ -262,44 +277,44 @@ class FilterAdminTestCase extends DrupalWebTestCase {
     $plain = 'plain_text';
 
     // Check that the fallback format exists and cannot be disabled.
-    $this->assertTrue($plain == filter_fallback_format(), t('The fallback format is set to plain text.'));
+    $this->assertTrue($plain == filter_fallback_format(), 'The fallback format is set to plain text.');
     $this->drupalGet('admin/config/content/formats');
-    $this->assertNoRaw('admin/config/content/formats/' . $plain . '/disable', t('Disable link for the fallback format not found.'));
+    $this->assertNoRaw('admin/config/content/formats/' . $plain . '/disable', 'Disable link for the fallback format not found.');
     $this->drupalGet('admin/config/content/formats/' . $plain . '/disable');
-    $this->assertResponse(403, t('The fallback format cannot be disabled.'));
+    $this->assertResponse(403, 'The fallback format cannot be disabled.');
 
     // Verify access permissions to Full HTML format.
-    $this->assertTrue(filter_access(filter_format_load($full), $this->admin_user), t('Admin user may use Full HTML.'));
-    $this->assertFalse(filter_access(filter_format_load($full), $this->web_user), t('Web user may not use Full HTML.'));
+    $this->assertTrue(filter_access(filter_format_load($full), $this->admin_user), 'Admin user may use Full HTML.');
+    $this->assertFalse(filter_access(filter_format_load($full), $this->web_user), 'Web user may not use Full HTML.');
 
     // Add an additional tag.
     $edit = array();
     $edit['filters[filter_html][settings][allowed_html]'] = '