Drupal 5.8

The eighth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes security vulnerabilities and also changes APIs. Sites are urged to upgrade immediately after reading the security announcement:

• SA-2008-044 - Drupal core - Multiple vulnerabilities

In addition to this security vulnerability, the following bugs have been fixed in the 5.8 release:

• #215252 by bdragon: reset the cache flush variable before the cache is flushed, so busy sites will not attempt multiple cache flushes at a time
• #165642 by Bart Jansens. Use a local variable rather than overwriting the global $user.
• Remove typo.
• #157652 by beginner, Steven Merrill and killes: block_user() had a global user object and a user parameter colliding
• #216404 by Rob Loach: path_nodeapi() only worked for users with permissions, although node loading requires the path to be loaded.
• #101904 by David_Rothstein. Make secondary links work for primary links with '' path.
• #84754: fix 404 and 403 error pages if the path set for these error pages does not exist
• #176503 by chx and bennybobw: hidden profile fields cannot be required and cannot be put on the registration form, so we needed warnings on the editing form to not let admins save forms set with these combinations.
  Backport by Bart Jansens.
• #104220 by ChrisKennedy: remove arbitrary half post max size restriction on maximum uploadable file size.
  Backport by Bart Jansens.
• #209488 by Bart Jansens. Use mysqli_connect_error() when mysqli database connection fails.
• #211825 by webchick. Fix revision revert log message.
• #213172 by skiquel: let color module run properly without a base image
• #212864 suggestion by pp, patch by gdevlugt: use format_date() for RSS item dates instead of date() to honor site time zone settings
• #171951 by dvessel: fix account specific theme selection form
  Backport in #109459.
• #208023 by traxer. Order node/add by name, not internal type.
• #204415 by pwolanin et al. Blacklist problematic machine-readable content type names.
• #75916 follow up patch by Richard Eriksson: allow aggregator pages to be indexed by default
• #113318 by dww: correct Postgres support.
• #176273 by Bart Jansens. Fix argument order.
• #227548 by Heine, AjK: misuse of db_escape_string(), when db_escape_table() should have been used
• #244597 by kbahey: remove cruft from user_login(), that added extra message to the form was never used or displayed
• #232037 by pwolanin: (performance) block regions should only be populated when called for, not in all cases (fixes performance expectation on 403/404 pages)
• #226869 by boydj and hswong3i: minor code style cleanup with aggregator module queries
• #175743 by Desbeers: fix numerous issues around node submission dates and content editing.
  5.x backport by Freso.
• - Patch #231132 by snufkin: fixed invalid XML-RPC error messages due to HTML tags being inserted in the message string.
• #208888 by jvandyk: set access time when externally authenticated user first logs in
  Backport by joshk and stevecrozz.
• #246476 by Jacine. Correct block admin column count.
• #104662 by chx: the search block form might not be available on the search page itself, so that target was not right for search block form submissions. Backport by webchick.
• - Patch #258128 by webchick: @parameter should be @param. Gets the Most Trivial Patch of the Month Award.
  Backport by gpk.
• #140162 by maartenvg. Clear the PHP stat cache after resizing images.
• #214390 by shrop. Partial backport of #153998, use a separate permission for blogapi since it does not depend on blog module.
• #264647 by clemens.tolboom. Fix seconds parsing for XML-RPC dates.
• #155337 by gpk and Bevan: only treat newlines teaser breakers, if the newline filter is present in the particular input format
• - Patch #169899 by Island Usurper: taxonomy caching not always working.
• #171461 by chx, ejhildreth and dvessel: empty tbody fails validation. Backport by m1mic.
• #193891 by mvc: fix NOTICE in database.mysqli.inc because of possibly missing port number
• - Patch #273761 by catch: removed inconsistent delete behavior of nodes. It would leave comments, ratings, etc behind in the database.
• #159538 by Wesley Tanaka. 404 instead of showing recent blog posts for invalid paths.
• - Patch #180646 by John Morahan: SQL in taxonomy_get_term_by_name() should use = instead of LIKE.
• #276615 by JacobSingh. Clear page cache when CSS cache is cleared?