Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.34.2.4
diff -u -p -r1.34.2.4 install.php
--- install.php	7 Nov 2007 08:10:16 -0000	1.34.2.4
+++ install.php	9 Jul 2008 20:37:35 -0000
@@ -153,6 +153,15 @@ function install_change_settings($profil
   include_once './includes/form.inc';
   drupal_maintenance_theme();
 
+  // Don't fill in placeholders
+  if ($db_url == 'mysql://username:password@localhost/databasename') {
+    $db_user = $db_pass = $db_path = '';
+  }
+  elseif (!empty($db_url)) {
+    // Do not install over a configured settings.php.
+    install_already_done_error();
+  }
+
   // The existing database settings are not working, so we need write access
   // to settings.php to change them.
   if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_WRITABLE)) {
@@ -163,14 +172,6 @@ function install_change_settings($profil
     exit;
   }
 
-  // Don't fill in placeholders
-  if ($db_url == 'mysql://username:password@localhost/databasename') {
-    $db_user = $db_pass = $db_path = '';
-  }
-  elseif (!empty($db_url)) {
-    // Do not install over a configured settings.php.
-    install_already_done_error();
-  }
   $output = drupal_get_form('install_settings_form', $profile, $install_locale, $settings_file, $db_url, $db_type, $db_prefix, $db_user, $db_pass, $db_host, $db_port, $db_path);
   drupal_set_title(st('Database configuration'));
   print theme('install_page', $output);
Index: includes/theme.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/theme.inc,v
retrieving revision 1.337.2.2
diff -u -p -r1.337.2.2 theme.inc
--- includes/theme.inc	31 May 2007 05:52:42 -0000	1.337.2.2
+++ includes/theme.inc	9 Jul 2008 20:37:57 -0000
@@ -544,16 +544,14 @@ function theme_links($links, $attributes
     $i = 1;
 
     foreach ($links as $key => $link) {
-      $class = '';
+      $class = $key;
 
       // Automatically add a class to each link and also to each LI
       if (isset($link['attributes']) && isset($link['attributes']['class'])) {
         $link['attributes']['class'] .= ' ' . $key;
-        $class = $key;
       }
       else {
         $link['attributes']['class'] = $key;
-        $class = $key;
       }
 
       // Add first and last classes to the list of links to help out themers.
@@ -564,7 +562,7 @@ function theme_links($links, $attributes
       if ($i == $num_links) {
         $extra_class .= 'last ';
       }
-      $output .= '<li class="'. $extra_class . $class .'">';
+      $output .= '<li '. drupal_attributes(array('class' => $extra_class . $class)) .'>';
 
       // Is the title HTML?
       $html = isset($link['html']) && $link['html'];
Index: modules/filter/filter.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v
retrieving revision 1.160.2.6
diff -u -p -r1.160.2.6 filter.module
--- modules/filter/filter.module	22 Jan 2008 08:43:34 -0000	1.160.2.6
+++ modules/filter/filter.module	9 Jul 2008 20:37:46 -0000
@@ -1244,7 +1244,7 @@ function _filter_autop($text) {
  * for scripts and styles.
  */
 function filter_xss_admin($string) {
-  return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
+  return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var'));
 }
 
 /**
Index: modules/locale/locale.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/locale/locale.module,v
retrieving revision 1.155
diff -u -p -r1.155 locale.module
--- modules/locale/locale.module	27 Dec 2006 13:11:59 -0000	1.155
+++ modules/locale/locale.module	9 Jul 2008 20:37:41 -0000
@@ -111,7 +111,7 @@ function locale_menu($may_cache) {
         'type' => MENU_CALLBACK);
       $items[] = array('path' => 'admin/settings/locale/string/delete/'. arg(5),
         'title' => t('Delete string'),
-        'callback' => 'locale_admin_string_delete',
+        'callback' => 'locale_admin_string_delete_page',
         'callback arguments' => array(arg(5)),
         'access' => $access,
         'type' => MENU_CALLBACK);
@@ -407,9 +407,29 @@ function locale_admin_string_edit_submit
 }
 
 /**
- * Delete a string.
+ * String deletion confirmation page.
  */
-function locale_admin_string_delete($lid) {
+function locale_admin_string_delete_page($lid) {
+  if ($source = db_fetch_object(db_query('SELECT * FROM {locales_source} WHERE lid = %d', $lid))) {
+    return drupal_get_form('locale_string_delete_form', $source);
+  }
+  else {
+    return drupal_not_found();
+  }
+}
+
+/**
+ * User interface for the string deletion confirmation screen.
+ */
+function locale_string_delete_form($source) {
+  $form['lid'] = array('#type' => 'value', '#value' => $source->lid);
+  return confirm_form($form, t('Are you sure you want to delete the string "%source"?', array('%source' => $source->source)), 'admin/build/translate/search', t('Deleting the string will remove all translations of this string in all languages. This action cannot be undone.'), t('Delete'), t('Cancel'));
+}
+
+/**
+ * Process string deletion submissions.
+ */
+function locale_string_delete_form_submit($form_id, $form_values) {
   include_once './includes/locale.inc';
-  _locale_string_delete($lid);
+  _locale_string_delete($form_values['lid']);
 }
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.745.2.26
diff -u -p -r1.745.2.26 user.module
--- modules/user/user.module	7 Jan 2008 02:30:35 -0000	1.745.2.26
+++ modules/user/user.module	9 Jul 2008 20:37:51 -0000
@@ -968,9 +968,11 @@ function user_login_submit($form_id, $fo
     // Update the user table timestamp noting user has logged in.
     db_query("UPDATE {users} SET login = %d WHERE uid = %d", time(), $user->uid);
 
+    // Regenerate the session ID to prevent against session fixation attacks.
+    sess_regenerate();
+
     user_module_invoke('login', $form_values, $user);
 
-    sess_regenerate();
     return 'user/'. $user->uid;
   }
 }