Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.947.2.12
diff -u -p -r1.947.2.12 node.module
--- modules/node/node.module	12 Jan 2009 16:02:33 -0000	1.947.2.12
+++ modules/node/node.module	14 Jan 2009 23:02:37 -0000
@@ -1977,7 +1977,9 @@ function node_search_validate($form, &$f
 function node_access($op, $node, $account = NULL) {
   global $user;
 
-  if (!$node) {
+  if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+    // If there was no node to check against, or the $op was not one of the
+    // supported ones, we return access denied.
     return FALSE;
   }
   // Convert the node to an object if necessary:
Index: modules/translation/translation.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/translation/translation.module,v
retrieving revision 1.23.2.3
diff -u -p -r1.23.2.3 translation.module
--- modules/translation/translation.module	10 Dec 2008 20:35:06 -0000	1.23.2.3
+++ modules/translation/translation.module	14 Jan 2009 23:02:37 -0000
@@ -76,10 +76,7 @@ function translation_menu() {
  * all languages).
  */
 function _translation_tab_access($node) {
-  if (!empty($node->language) && translation_supported_type($node->type)) {
-    return user_access('translate content');
-  }
-  return FALSE;
+  return !empty($node->language) && translation_supported_type($node->type) && node_access('view', $node) && user_access('translate content');
 }
 
 /**
@@ -192,15 +189,27 @@ function translation_nodeapi(&$node, $op
 
   switch ($op) {
     case 'prepare':
-      if (empty($node->nid) && isset($_GET['translation']) && isset($_GET['language']) &&
-          ($source_nid = $_GET['translation']) && ($language = $_GET['language']) &&
-          (user_access('translate content'))) {
-        // We are translating a node from a source node, so
-        // load the node to be translated and populate fields.
-        $node->language = $language;
-        $node->translation_source = node_load($source_nid);
-        $node->title = $node->translation_source->title;
-        $node->body = $node->translation_source->body;
+      if (empty($node->nid) && user_access('translate content') && isset($_GET['translation']) && isset($_GET['language']) && is_numeric($_GET['translation'])) {
+        $translation_source = node_load($_GET['translation']);
+        if (empty($translation_source) || !node_access('view', $translation_source)) {
+          // Source node not found or no access to view. We should not check
+          // for edit access, since the translator might not have permissions
+          // to edit the source node but should still be able to translate.
+          return;
+        }
+        $language_list = language_list();
+        if (!isset($language_list[$_GET['language']]) || ($translation_source->language == $_GET['language'])) {
+          // If not supported language, or same language as source node, break.
+          return;
+        }
+        // Populate fields based on source node.
+        $node->language = $_GET['language'];
+        $node->translation_source = $translation_source;
+        $node->title = $translation_source->title;
+        // If user has no access to the filter used for the body, Drupal core
+        // does not let the edit form to appear, so we should avoid exposing
+        // the source text here too.
+        $node->body = filter_access($translation_source->format) ? $translation_source->body : '';
         // Let every module add custom translated fields.
         node_invoke_nodeapi($node, 'prepare translation');
       }
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.892.2.10
diff -u -p -r1.892.2.10 user.module
--- modules/user/user.module	6 Jan 2009 16:26:05 -0000	1.892.2.10
+++ modules/user/user.module	14 Jan 2009 23:02:38 -0000
@@ -1534,6 +1534,7 @@ function user_edit_form(&$form_state, $u
       $form['picture']['picture_delete'] = array('#type' => 'hidden');
     }
     $form['picture']['picture_upload'] = array('#type' => 'file', '#title' => t('Upload picture'), '#size' => 48, '#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) .' '. variable_get('user_picture_guidelines', ''));
+    $form['#validate'][] = 'user_profile_form_validate';
     $form['#validate'][] = 'user_validate_picture';
   }
   $form['#uid'] = $uid;