# HG changeset patch
# User Franck Deroche <webmaster@defr.org>
# Date 1230039008 -3600
# Node ID 2427550111ae73b847d7011dd48ee97d0093f797
# Parent  d94886ac61a07b69f0eafa7b4bb8d9f523b53182
Drupal 6.2

diff -r d94886ac61a0 -r 2427550111ae CHANGELOG.txt
--- a/CHANGELOG.txt	Tue Dec 23 14:29:21 2008 +0100
+++ b/CHANGELOG.txt	Tue Dec 23 14:30:08 2008 +0100
@@ -1,4 +1,9 @@
-// $Id: CHANGELOG.txt,v 1.253.2.5 2008/02/27 19:44:44 goba Exp $
+// $Id: CHANGELOG.txt,v 1.253.2.7 2008/04/09 21:11:43 goba Exp $
+
+Drupal 6.2, 2008-04-09 
+----------------------
+- fixed a variety of small bugs
+- fixed a security issue (Access bypasses), see SA-2008-026
 
 Drupal 6.1, 2008-02-27
 ----------------------
diff -r d94886ac61a0 -r 2427550111ae includes/common.inc
--- a/includes/common.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/includes/common.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.inc,v 1.756.2.7 2008/02/27 19:44:44 goba Exp $
+// $Id: common.inc,v 1.756.2.9 2008/04/09 21:11:44 goba Exp $
 
 /**
  * @file
diff -r d94886ac61a0 -r 2427550111ae includes/mail.inc
--- a/includes/mail.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/includes/mail.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: mail.inc,v 1.8 2008/01/25 17:04:00 goba Exp $
+// $Id: mail.inc,v 1.8.2.2 2008/04/02 08:41:30 goba Exp $
 
 /**
  * Compose and optionally send an e-mail message.
@@ -187,6 +187,8 @@
       // Note: e-mail uses CRLF for line-endings, but PHP's API requires LF.
       // They will appear correctly in the actual e-mail that is sent.
       str_replace("\r", '', $message['body']),
+      // For headers, PHP's API suggests that we use CRLF normally,
+      // but some MTAs incorrecly replace LF with CRLF. See #234403.
       join("\n", $mimeheaders)
     );
   }
diff -r d94886ac61a0 -r 2427550111ae includes/menu.inc
--- a/includes/menu.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/includes/menu.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.inc,v 1.255.2.9 2008/02/27 12:12:01 goba Exp $
+// $Id: menu.inc,v 1.255.2.11 2008/04/09 21:11:44 goba Exp $
 
 /**
  * @file
@@ -772,16 +772,22 @@
 
   // Use $mlid as a flag for whether the data being loaded is for the whole tree.
   $mlid = isset($item['mlid']) ? $item['mlid'] : 0;
-  // Generate the cache ID.
-  $cid = 'links:'. $menu_name .':all:'. $mlid;
+  // Generate a cache ID (cid) specific for this $menu_name and $item.
+  $cid = 'links:'. $menu_name .':all-cid:'. $mlid;
 
   if (!isset($tree[$cid])) {
     // If the static variable doesn't have the data, check {cache_menu}.
     $cache = cache_get($cid, 'cache_menu');
     if ($cache && isset($cache->data)) {
-      $data = $cache->data;
+      // If the cache entry exists, it will just be the cid for the actual data.
+      // This avoids duplication of large amounts of data.
+      $cache = cache_get($cache->data, 'cache_menu');
+      if ($cache && isset($cache->data)) {
+        $data = $cache->data;
+      }
     }
-    else {
+    // If the tree data was not in the cache, $data will be NULL.
+    if (!isset($data)) {
       // Build and run the query, and build the tree.
       if ($mlid) {
         // The tree is for a single item, so we need to match the values in its
@@ -813,8 +819,13 @@
         ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC", $args), $parents);
       $data['node_links'] = array();
       menu_tree_collect_node_links($data['tree'], $data['node_links']);
-      // Cache the data.
-      cache_set($cid, $data, 'cache_menu');
+      // Cache the data, if it is not already in the cache.
+      $tree_cid = _menu_tree_cid($menu_name, $data);
+      if (!cache_get($tree_cid, 'cache_menu')) {
+        cache_set($tree_cid, $data, 'cache_menu');
+      }
+      // Cache the cid of the (shared) data using the menu and item-specific cid.
+      cache_set($cid, $tree_cid, 'cache_menu');
     }
     // Check access for the current user to each item in the tree.
     menu_tree_check_access($data['tree'], $data['node_links']);
@@ -844,16 +855,22 @@
 
   // Load the menu item corresponding to the current page.
   if ($item = menu_get_item()) {
-    // Generate the cache ID.
-    $cid = 'links:'. $menu_name .':page:'. $item['href'] .':'. (int)$item['access'];
+    // Generate a cache ID (cid) specific for this page.
+    $cid = 'links:'. $menu_name .':page-cid:'. $item['href'] .':'. (int)$item['access'];
 
     if (!isset($tree[$cid])) {
       // If the static variable doesn't have the data, check {cache_menu}.
       $cache = cache_get($cid, 'cache_menu');
       if ($cache && isset($cache->data)) {
-        $data = $cache->data;
+        // If the cache entry exists, it will just be the cid for the actual data.
+        // This avoids duplication of large amounts of data.
+        $cache = cache_get($cache->data, 'cache_menu');
+        if ($cache && isset($cache->data)) {
+          $data = $cache->data;
+        }
       }
-      else {
+      // If the tree data was not in the cache, $data will be NULL.
+      if (!isset($data)) {
         // Build and run the query, and build the tree.
         if ($item['access']) {
           // Check whether a menu link exists that corresponds to the current path.
@@ -909,8 +926,13 @@
           ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC", $args), $parents);
         $data['node_links'] = array();
         menu_tree_collect_node_links($data['tree'], $data['node_links']);
-        // Cache the data.
-        cache_set($cid, $data, 'cache_menu');
+        // Cache the data, if it is not already in the cache.
+        $tree_cid = _menu_tree_cid($menu_name, $data);
+        if (!cache_get($tree_cid, 'cache_menu')) {
+          cache_set($tree_cid, $data, 'cache_menu');
+        }
+        // Cache the cid of the (shared) data using the page-specific cid.
+        cache_set($cid, $tree_cid, 'cache_menu');
       }
       // Check access for the current user to each item in the tree.
       menu_tree_check_access($data['tree'], $data['node_links']);
@@ -923,6 +945,13 @@
 }
 
 /**
+ * Helper function - compute the real cache ID for menu tree data.
+ */
+function _menu_tree_cid($menu_name, $data) {
+  return 'links:'. $menu_name .':tree-data:'. md5(serialize($data));
+}
+
+/**
  * Recursive helper function - collect node links.
  */
 function menu_tree_collect_node_links(&$tree, &$node_links) {
@@ -2246,9 +2275,10 @@
         if (!isset($item['tab_root']) && !$parent['_tab']) {
           $item['tab_root'] = $parent_path;
         }
-        // If a callback is not found, we try to find the first parent that
-        // has a callback.
-        if (!isset($item['access callback']) && isset($parent['access callback'])) {
+        // If an access callback is not found for a default local task we use
+        // the callback from the parent, since we expect them to be identical.
+        // In all other cases, the access parameters must be specified.
+        if (($item['type'] == MENU_DEFAULT_LOCAL_TASK) && !isset($item['access callback']) && isset($parent['access callback'])) {
           $item['access callback'] = $parent['access callback'];
           if (!isset($item['access arguments']) && isset($parent['access arguments'])) {
             $item['access arguments'] = $parent['access arguments'];
diff -r d94886ac61a0 -r 2427550111ae includes/theme.inc
--- a/includes/theme.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/includes/theme.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: theme.inc,v 1.415 2008/01/27 19:47:06 goba Exp $
+// $Id: theme.inc,v 1.415.2.2 2008/03/25 11:55:08 goba Exp $
 
 /**
  * @file
@@ -1103,7 +1103,7 @@
       if ($i == $num_links) {
         $class .= ' last';
       }
-      if (isset($link['href']) && $link['href'] == $_GET['q']) {
+      if (isset($link['href']) && ($link['href'] == $_GET['q'] || ($link['href'] == '<front>' && drupal_is_front_page()))) {
         $class .= ' active';
       }
       $output .= '<li class="'. $class .'">';
@@ -1552,7 +1552,7 @@
     }
 
     if (user_access('access user profiles')) {
-      $output = l($name, 'user/'. $object->uid, array('title' => t('View user profile.')));
+      $output = l($name, 'user/'. $object->uid, array('attributes' => array('title' => t('View user profile.'))));
     }
     else {
       $output = check_plain($name);
diff -r d94886ac61a0 -r 2427550111ae includes/xmlrpc.inc
--- a/includes/xmlrpc.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/includes/xmlrpc.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: xmlrpc.inc,v 1.47 2008/01/09 21:52:43 goba Exp $
+// $Id: xmlrpc.inc,v 1.47.2.1 2008/03/21 22:12:56 goba Exp $
 
 /**
  * @file
@@ -256,7 +256,7 @@
     case 'value':
       // If no type is indicated, the type is string
       // We take special care for empty values
-      if (trim($xmlrpc_message->current_tag_contents) != '' || $xmlrpc_message->last_open == 'value') {
+      if (trim($xmlrpc_message->current_tag_contents) != '' || (isset($xmlrpc_message->last_open) && ($xmlrpc_message->last_open == 'value'))) {
         $value = (string)$xmlrpc_message->current_tag_contents;
         $value_flag = TRUE;
       }
diff -r d94886ac61a0 -r 2427550111ae modules/aggregator/aggregator.module
--- a/modules/aggregator/aggregator.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/aggregator/aggregator.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: aggregator.module,v 1.374 2008/01/15 08:06:32 dries Exp $
+// $Id: aggregator.module,v 1.374.2.1 2008/04/09 21:11:44 goba Exp $
 
 /**
  * @file
@@ -201,6 +201,7 @@
   $items['aggregator/sources/%aggregator_feed'] = array(
     'page callback' => 'aggregator_page_source',
     'page arguments' => array(2),
+    'access arguments' => array('access news feeds'),
     'type' => MENU_CALLBACK,
     'file' => 'aggregator.pages.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/block/block.module
--- a/modules/block/block.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/block/block.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: block.module,v 1.299 2008/02/03 19:12:57 goba Exp $
+// $Id: block.module,v 1.299.2.2 2008/04/09 21:11:45 goba Exp $
 
 /**
  * @file
@@ -132,6 +132,7 @@
   $items['admin/build/block/list/js'] = array(
     'title' => 'JavaScript List Form',
     'page callback' => 'block_admin_display_js',
+    'access arguments' => array('administer blocks'),
     'type' => MENU_CALLBACK,
     'file' => 'block.admin.inc',
   );
@@ -139,6 +140,7 @@
     'title' => 'Configure block',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('block_admin_configure'),
+    'access arguments' => array('administer blocks'),
     'type' => MENU_CALLBACK,
     'file' => 'block.admin.inc',
   );
@@ -146,6 +148,7 @@
     'title' => 'Delete block',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('block_box_delete'),
+    'access arguments' => array('administer blocks'),
     'type' => MENU_CALLBACK,
     'file' => 'block.admin.inc',
   );
@@ -153,6 +156,7 @@
     'title' => 'Add block',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('block_add_block_form'),
+    'access arguments' => array('administer blocks'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'block.admin.inc',
   );
@@ -439,8 +443,23 @@
       else {
         $page_match = TRUE;
       }
+      $block->enabled = $enabled;
+      $block->page_match = $page_match;
+      $blocks[$block->region]["{$block->module}_{$block->delta}"] = $block;
+    }
+  }
 
-      if ($enabled && $page_match) {
+  // Create an empty array if there were no entries
+  if (!isset($blocks[$region])) {
+    $blocks[$region] = array();
+  }
+
+  foreach ($blocks[$region] as $key => $block) {
+    // Render the block content if it has not been created already.
+    if (!isset($block->content)) {
+      // Erase the block from the static array - we'll put it back if it has content.
+      unset($blocks[$region][$key]);
+      if ($block->enabled && $block->page_match) {
         // Check the current throttle status and see if block should be displayed
         // based on server load.
         if (!($block->throttle && (module_invoke('throttle', 'status') > 0))) {
@@ -477,10 +496,6 @@
       }
     }
   }
-  // Create an empty array if there were no entries
-  if (!isset($blocks[$region])) {
-    $blocks[$region] = array();
-  }
   return $blocks[$region];
 }
 
diff -r d94886ac61a0 -r 2427550111ae modules/blog/blog.module
--- a/modules/blog/blog.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/blog/blog.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: blog.module,v 1.297 2008/01/09 09:51:34 goba Exp $
+// $Id: blog.module,v 1.297.2.1 2008/04/09 21:11:45 goba Exp $
 
 /**
  * @file
@@ -140,19 +140,20 @@
     'type' => MENU_SUGGESTED_ITEM,
     'file' => 'blog.pages.inc',
   );
-  $items['blog/%user_current'] = array(
+  $items['blog/%user_uid_optional'] = array(
     'title' => 'My blog',
     'page callback' => 'blog_page_user',
     'page arguments' => array(1),
-    'access callback' => 'user_access',
-    'access arguments' => array('create blog entries', 1),
+    'access callback' => 'blog_page_user_access',
+    'access arguments' => array(1),
     'file' => 'blog.pages.inc',
   );
   $items['blog/%user/feed'] = array(
     'title' => 'Blogs',
     'page callback' => 'blog_feed_user',
     'page arguments' => array(1),
-    'access arguments' => array('access content'),
+    'access callback' => 'blog_page_user_access',
+    'access arguments' => array(1),
     'type' => MENU_CALLBACK,
     'file' => 'blog.pages.inc',
   );
@@ -168,6 +169,23 @@
 }
 
 /**
+ * Access callback for user blog pages.
+ */
+function blog_page_user_access($account) {
+  // The visitor must be able to access the site's content.
+  // For a blog to 'exist' the user must either be able to
+  // create new blog entries, or it must have existing posts.
+  return $account->uid && user_access('access content') && (user_access('create blog entries', $account) || _blog_post_exists($account));
+}
+
+/**
+ * Helper function to determine if a user has blog posts already.
+ */
+function _blog_post_exists($account) {
+  return (bool)db_result(db_query_range(db_rewrite_sql("SELECT 1 FROM {node} n WHERE n.type = 'blog' AND n.uid = %d AND n.status = 1"), $account->uid, 0, 1));
+}
+
+/**
  * Implementation of hook_block().
  *
  * Displays the most recent 10 blog titles.
diff -r d94886ac61a0 -r 2427550111ae modules/book/book.module
--- a/modules/book/book.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/book/book.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: book.module,v 1.454.2.2 2008/02/13 11:20:47 goba Exp $
+// $Id: book.module,v 1.454.2.3 2008/03/25 14:03:02 goba Exp $
 
 /**
  * @file
@@ -1044,14 +1044,21 @@
 function book_menu_subtree_data($item) {
   static $tree = array();
 
-  $cid = 'links:'. $item['menu_name'] .':subtree:'. $item['mlid'];
+  // Generate a cache ID (cid) specific for this $menu_name and $item.
+  $cid = 'links:'. $item['menu_name'] .':subtree-cid:'. $item['mlid'];
 
   if (!isset($tree[$cid])) {
     $cache = cache_get($cid, 'cache_menu');
     if ($cache && isset($cache->data)) {
-      $data = $cache->data;
+      // If the cache entry exists, it will just be the cid for the actual data.
+      // This avoids duplication of large amounts of data.
+      $cache = cache_get($cache->data, 'cache_menu');
+      if ($cache && isset($cache->data)) {
+        $data = $cache->data;
+      }
     }
-    else {
+    // If the subtree data was not in the cache, $data will be NULL.
+    if (!isset($data)) {
       $match = array("menu_name = '%s'");
       $args = array($item['menu_name']);
       $i = 1;
@@ -1070,8 +1077,14 @@
       $data['tree'] = menu_tree_data(db_query($sql, $args), array(), $item['depth']);
       $data['node_links'] = array();
       menu_tree_collect_node_links($data['tree'], $data['node_links']);
-      // Cache the data.
-      cache_set($cid, $data, 'cache_menu');
+      // Compute the real cid for book subtree data.
+      $tree_cid = 'links:'. $menu_name .':subtree-data:'. md5(serialize($data));
+      // Cache the data, if it is not already in the cache.
+      if (!cache_get($tree_cid, 'cache_menu')) {
+        cache_set($tree_cid, $data, 'cache_menu');
+      }
+      // Cache the cid of the (shared) data using the menu and item-specific cid.
+      cache_set($cid, $tree_cid, 'cache_menu');
     }
     // Check access for the current user to each item in the tree.
     menu_tree_check_access($data['tree'], $data['node_links']);
diff -r d94886ac61a0 -r 2427550111ae modules/comment/comment.module
--- a/modules/comment/comment.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/comment/comment.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment.module,v 1.617 2008/01/25 16:19:12 goba Exp $
+// $Id: comment.module,v 1.617.2.1 2008/04/09 21:11:46 goba Exp $
 
 /**
  * @file
@@ -211,6 +211,7 @@
   $items['admin/content/comment/approval'] = array(
     'title' => 'Approval queue',
     'page arguments' => array('approval'),
+    'access arguments' => array('administer comments'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'comment.admin.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/comment/comment.tpl.php
--- a/modules/comment/comment.tpl.php	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/comment/comment.tpl.php	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: comment.tpl.php,v 1.4 2008/01/04 19:24:23 goba Exp $
+// $Id: comment.tpl.php,v 1.4.2.1 2008/03/21 21:58:28 goba Exp $
 
 /**
  * @file comment.tpl.php
@@ -14,7 +14,7 @@
  * - $picture: Authors picture.
  * - $signature: Authors signature.
  * - $status: Comment status. Possible values are:
- *   comment-unpublished, comment-published or comment-review.
+ *   comment-unpublished, comment-published or comment-preview.
  * - $submitted: By line with date and time.
  * - $title: Linked title.
  *
diff -r d94886ac61a0 -r 2427550111ae modules/contact/contact.module
--- a/modules/contact/contact.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/contact/contact.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: contact.module,v 1.103 2008/01/16 12:46:52 goba Exp $
+// $Id: contact.module,v 1.103.2.1 2008/04/09 21:11:46 goba Exp $
 
 /**
  * @file
@@ -59,6 +59,7 @@
     'title' => 'Add category',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('contact_admin_edit', 3),
+    'access arguments' => array('administer site-wide contact form'),
     'type' => MENU_LOCAL_TASK,
     'weight' => 1,
     'file' => 'contact.admin.inc',
@@ -67,6 +68,7 @@
     'title' => 'Edit contact category',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('contact_admin_edit', 3, 4),
+    'access arguments' => array('administer site-wide contact form'),
     'type' => MENU_CALLBACK,
     'file' => 'contact.admin.inc',
   );
@@ -74,6 +76,7 @@
     'title' => 'Delete contact',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('contact_admin_delete', 4),
+    'access arguments' => array('administer site-wide contact form'),
     'type' => MENU_CALLBACK,
     'file' => 'contact.admin.inc',
   );
@@ -81,6 +84,7 @@
     'title' => 'Settings',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('contact_admin_settings'),
+    'access arguments' => array('administer site-wide contact form'),
     'type' => MENU_LOCAL_TASK,
     'weight' => 2,
     'file' => 'contact.admin.inc',
diff -r d94886ac61a0 -r 2427550111ae modules/dblog/dblog.module
--- a/modules/dblog/dblog.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/dblog/dblog.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: dblog.module,v 1.21 2008/01/08 10:35:41 goba Exp $
+// $Id: dblog.module,v 1.21.2.2 2008/04/09 21:11:46 goba Exp $
 
 /**
  * @file
@@ -47,6 +47,7 @@
     'description' => 'Settings for logging to the Drupal database logs. This is the most common method for small to medium sites on shared hosting. The logs are viewable from the admin pages.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('dblog_admin_settings'),
+    'access arguments' => array('administer site configuration'),
     'file' => 'dblog.admin.inc',
   );
 
@@ -54,6 +55,7 @@
     'title' => 'Recent log entries',
     'description' => 'View events that have recently been logged.',
     'page callback' => 'dblog_overview',
+    'access arguments' => array('access site reports'),
     'weight' => -1,
     'file' => 'dblog.admin.inc',
   );
@@ -62,6 +64,7 @@
     'description' => "View 'page not found' errors (404s).",
     'page callback' => 'dblog_top',
     'page arguments' => array('page not found'),
+    'access arguments' => array('access site reports'),
     'file' => 'dblog.admin.inc',
   );
   $items['admin/reports/access-denied'] = array(
@@ -69,12 +72,14 @@
     'description' => "View 'access denied' errors (403s).",
     'page callback' => 'dblog_top',
     'page arguments' => array('access denied'),
+    'access arguments' => array('access site reports'),
     'file' => 'dblog.admin.inc',
   );
   $items['admin/reports/event/%'] = array(
     'title' => 'Details',
     'page callback' => 'dblog_event',
     'page arguments' => array(3),
+    'access arguments' => array('access site reports'),
     'type' => MENU_CALLBACK,
     'file' => 'dblog.admin.inc',
   );
@@ -98,7 +103,7 @@
 function dblog_cron() {
   // Cleanup the watchdog table
   $max = db_result(db_query('SELECT MAX(wid) FROM {watchdog}'));
-  db_query('DELETE FROM {watchdog} WHERE wid < %d', $max - variable_get('dblog_row_limit', 1000));
+  db_query('DELETE FROM {watchdog} WHERE wid <= %d', $max - variable_get('dblog_row_limit', 1000));
 }
 
 /**
diff -r d94886ac61a0 -r 2427550111ae modules/filter/filter.module
--- a/modules/filter/filter.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/filter/filter.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: filter.module,v 1.204 2008/01/21 15:08:24 goba Exp $
+// $Id: filter.module,v 1.204.2.1 2008/04/09 21:11:47 goba Exp $
 
 /**
  * @file
@@ -82,6 +82,7 @@
   $items['admin/settings/filters/add'] = array(
     'title' => 'Add input format',
     'page callback' => 'filter_admin_format_page',
+    'access arguments' => array('administer filters'),
     'type' => MENU_LOCAL_TASK,
     'weight' => 1,
     'file' => 'filter.admin.inc',
@@ -90,6 +91,7 @@
     'title' => 'Delete input format',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('filter_admin_delete'),
+    'access arguments' => array('administer filters'),
     'type' => MENU_CALLBACK,
     'file' => 'filter.admin.inc',
   );
@@ -120,6 +122,7 @@
     'title' => 'Configure',
     'page callback' => 'filter_admin_configure_page',
     'page arguments' => array(3),
+    'access arguments' => array('administer filters'),
     'type' => MENU_LOCAL_TASK,
     'weight' => 1,
     'file' => 'filter.admin.inc',
@@ -128,6 +131,7 @@
     'title' => 'Rearrange',
     'page callback' => 'filter_admin_order_page',
     'page arguments' => array(3),
+    'access arguments' => array('administer filters'),
     'type' => MENU_LOCAL_TASK,
     'weight' => 2,
     'file' => 'filter.admin.inc',
diff -r d94886ac61a0 -r 2427550111ae modules/forum/forum.module
--- a/modules/forum/forum.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/forum/forum.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: forum.module,v 1.448.2.2 2008/02/13 14:06:36 goba Exp $
+// $Id: forum.module,v 1.448.2.3 2008/04/09 21:11:47 goba Exp $
 
 /**
  * @file
@@ -106,6 +106,7 @@
     'title' => 'Add container',
     'page callback' => 'forum_form_main',
     'page arguments' => array('container'),
+    'access arguments' => array('administer forums'),
     'type' => MENU_LOCAL_TASK,
     'parent' => 'admin/content/forum',
     'file' => 'forum.admin.inc',
@@ -114,6 +115,7 @@
     'title' => 'Add forum',
     'page callback' => 'forum_form_main',
     'page arguments' => array('forum'),
+    'access arguments' => array('administer forums'),
     'type' => MENU_LOCAL_TASK,
     'parent' => 'admin/content/forum',
     'file' => 'forum.admin.inc',
@@ -122,6 +124,7 @@
     'title' => 'Settings',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('forum_admin_settings'),
+    'access arguments' => array('administer forums'),
     'weight' => 5,
     'type' => MENU_LOCAL_TASK,
     'parent' => 'admin/content/forum',
@@ -129,6 +132,7 @@
   );
   $items['admin/content/forum/edit/%forum_term'] = array(
     'page callback' => 'forum_form_main',
+    'access arguments' => array('administer forums'),
     'type' => MENU_CALLBACK,
     'file' => 'forum.admin.inc',
   );
@@ -136,6 +140,7 @@
     'title' => 'Edit container',
     'page callback' => 'forum_form_main',
     'page arguments' => array('container', 5),
+    'access arguments' => array('administer forums'),
     'type' => MENU_CALLBACK,
     'file' => 'forum.admin.inc',
   );
@@ -143,6 +148,7 @@
     'title' => 'Edit forum',
     'page callback' => 'forum_form_main',
     'page arguments' => array('forum', 5),
+    'access arguments' => array('administer forums'),
     'type' => MENU_CALLBACK,
     'file' => 'forum.admin.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/help/help.module
--- a/modules/help/help.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/help/help.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: help.module,v 1.78 2007/12/14 18:08:46 goba Exp $
+// $Id: help.module,v 1.78.2.1 2008/04/09 21:11:48 goba Exp $
 
 /**
  * @file
@@ -23,6 +23,7 @@
       'title' => $module,
       'page callback' => 'help_page',
       'page arguments' => array(2),
+      'access arguments' => array('access administration pages'),
       'type' => MENU_CALLBACK,
       'file' => 'help.admin.inc',
     );
diff -r d94886ac61a0 -r 2427550111ae modules/locale/locale.module
--- a/modules/locale/locale.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/locale/locale.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: locale.module,v 1.212 2008/01/28 17:16:34 goba Exp $
+// $Id: locale.module,v 1.212.2.1 2008/04/09 21:11:48 goba Exp $
 
 /**
  * @file
@@ -99,6 +99,7 @@
     'title' => 'Add language',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('locale_languages_add_screen'), // two forms concatenated
+    'access arguments' => array('administer languages'),
     'weight' => 5,
     'type' => MENU_LOCAL_TASK,
   );
@@ -106,6 +107,7 @@
     'title' => 'Configure',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('drupal_get_form', 'locale_languages_configure_form'),
+    'access arguments' => array('administer languages'),
     'weight' => 10,
     'type' => MENU_LOCAL_TASK,
   );
@@ -113,12 +115,14 @@
     'title' => 'Edit language',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('drupal_get_form', 'locale_languages_edit_form', 4),
+    'access arguments' => array('administer languages'),
     'type' => MENU_CALLBACK,
   );
   $items['admin/settings/language/delete/%'] = array(
     'title' => 'Confirm',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('drupal_get_form', 'locale_languages_delete_form', 4),
+    'access arguments' => array('administer languages'),
     'type' => MENU_CALLBACK,
   );
 
@@ -141,11 +145,13 @@
     'type' => MENU_LOCAL_TASK,
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('locale_translate_seek_screen'), // search results and form concatenated
+    'access arguments' => array('translate interface'),
   );
   $items['admin/build/translate/import'] = array(
     'title' => 'Import',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('drupal_get_form', 'locale_translate_import_form'),
+    'access arguments' => array('translate interface'),
     'weight' => 20,
     'type' => MENU_LOCAL_TASK,
   );
@@ -153,6 +159,7 @@
     'title' => 'Export',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('locale_translate_export_screen'), // possibly multiple forms concatenated
+    'access arguments' => array('translate interface'),
     'weight' => 30,
     'type' => MENU_LOCAL_TASK,
   );
@@ -160,12 +167,14 @@
     'title' => 'Edit string',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('drupal_get_form', 'locale_translate_edit_form', 4),
+    'access arguments' => array('translate interface'),
     'type' => MENU_CALLBACK,
   );
   $items['admin/build/translate/delete/%'] = array(
     'title' => 'Delete string',
     'page callback' => 'locale_inc_callback',
     'page arguments' => array('locale_translate_delete', 4),  // directly deletes, no confirmation
+    'access arguments' => array('translate interface'),
     'type' => MENU_CALLBACK,
   );
 
diff -r d94886ac61a0 -r 2427550111ae modules/menu/menu.module
--- a/modules/menu/menu.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/menu/menu.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: menu.module,v 1.157.2.1 2008/02/11 15:12:53 goba Exp $
+// $Id: menu.module,v 1.157.2.2 2008/04/09 21:11:48 goba Exp $
 
 /**
  * @file
@@ -63,6 +63,7 @@
     'title' => 'Add menu',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('menu_edit_menu', 'add'),
+    'access arguments' => array('administer menu'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'menu.admin.inc',
   );
@@ -70,6 +71,7 @@
     'title' => 'Settings',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('menu_configure'),
+    'access arguments' => array('administer menu'),
     'type' => MENU_LOCAL_TASK,
     'weight' => 5,
     'file' => 'menu.admin.inc',
@@ -94,6 +96,7 @@
     'title' => 'Add item',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('menu_edit_item', 'add', NULL, 3),
+    'access arguments' => array('administer menu'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'menu.admin.inc',
   );
@@ -101,6 +104,7 @@
     'title' => 'Edit menu',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('menu_edit_menu', 'edit', 3),
+    'access arguments' => array('administer menu'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'menu.admin.inc',
   );
@@ -108,6 +112,7 @@
     'title' => 'Delete menu',
     'page callback' => 'menu_delete_menu_page',
     'page arguments' => array(3),
+    'access arguments' => array('administer menu'),
     'type' => MENU_CALLBACK,
     'file' => 'menu.admin.inc',
   );
@@ -115,6 +120,7 @@
     'title' => 'Edit menu item',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('menu_edit_item', 'edit', 4, NULL),
+    'access arguments' => array('administer menu'),
     'type' => MENU_CALLBACK,
     'file' => 'menu.admin.inc',
   );
@@ -122,6 +128,7 @@
     'title' => 'Reset menu item',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('menu_reset_item_confirm', 4),
+    'access arguments' => array('administer menu'),
     'type' => MENU_CALLBACK,
     'file' => 'menu.admin.inc',
   );
@@ -129,6 +136,7 @@
     'title' => 'Delete menu item',
     'page callback' => 'menu_item_delete_page',
     'page arguments' => array(4),
+    'access arguments' => array('administer menu'),
     'type' => MENU_CALLBACK,
     'file' => 'menu.admin.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/node/node.admin.inc
--- a/modules/node/node.admin.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/node/node.admin.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: node.admin.inc,v 1.19 2008/02/03 19:39:52 goba Exp $
+// $Id: node.admin.inc,v 1.19.2.1 2008/03/21 22:01:05 goba Exp $
 
 /**
  * @file
@@ -10,8 +10,9 @@
  * Menu callback; presents general node configuration options.
  */
 function node_configure() {
-  // Only show rebuild button if there is 0 or more than 2 rows in node_access table,
-  // or if there are modules that implement node_grant.
+  // Only show rebuild button if there are either 0, or 2 or more, rows
+  // in the {node_access} table, or if there are modules that
+  // implement hook_node_grants().
   if (db_result(db_query('SELECT COUNT(*) FROM {node_access}')) != 1 || count(module_implements('node_grants')) > 0) {
     $status = '<p>'. t('If the site is experiencing problems with permissions to content, you may have to rebuild the permissions cache. Possible causes for permission problems are disabling modules or configuration changes to permissions. Rebuilding will remove all privileges to posts, and replace them with permissions based on the current modules and settings.') .'</p>';
     $status .= '<p>'. t('Rebuilding may take some time if there is a lot of content or complex permission settings. After rebuilding has completed posts will automatically use the new permissions.') .'</p>';
diff -r d94886ac61a0 -r 2427550111ae modules/node/node.module
--- a/modules/node/node.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/node/node.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: node.module,v 1.947.2.3 2008/02/27 17:12:58 goba Exp $
+// $Id: node.module,v 1.947.2.6 2008/04/09 21:11:48 goba Exp $
 
 /**
  * @file
@@ -1150,7 +1150,7 @@
 
     case 'status':
       $total = db_result(db_query('SELECT COUNT(*) FROM {node} WHERE status = 1'));
-      $remaining = db_result(db_query("SELECT COUNT(*) FROM {node} n LEFT JOIN {search_dataset} d ON d.type = 'node' AND d.sid = n.nid WHERE d.sid IS NULL OR d.reindex <> 0"));
+      $remaining = db_result(db_query("SELECT COUNT(*) FROM {node} n LEFT JOIN {search_dataset} d ON d.type = 'node' AND d.sid = n.nid WHERE n.status = 1 AND (d.sid IS NULL OR d.reindex <> 0)"));
       return array('remaining' => $remaining, 'total' => $total);
 
     case 'admin':
@@ -1447,6 +1447,7 @@
     'title' => 'Add content type',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('node_type_form'),
+    'access arguments' => array('administer content types'),
     'file' => 'content_types.inc',
     'type' => MENU_LOCAL_TASK,
   );
@@ -1485,6 +1486,7 @@
       'title' => $type->name,
       'page callback' => 'drupal_get_form',
       'page arguments' => array('node_type_form', $type),
+      'access arguments' => array('administer content types'),
       'file' => 'content_types.inc',
       'type' => MENU_CALLBACK,
     );
@@ -1495,6 +1497,7 @@
     $items['admin/content/node-type/'. $type_url_str .'/delete'] = array(
       'title' => 'Delete',
       'page arguments' => array('node_type_delete_confirm', $type),
+      'access arguments' => array('administer content types'),
       'file' => 'content_types.inc',
       'type' => MENU_CALLBACK,
     );
@@ -1545,6 +1548,8 @@
     'load arguments' => array(3),
     'page callback' => 'node_show',
     'page arguments' => array(1, NULL, TRUE),
+    'access callback' => '_node_revision_access',
+    'access arguments' => array(1),
     'type' => MENU_CALLBACK,
   );
   $items['node/%node/revisions/%/revert'] = array(
diff -r d94886ac61a0 -r 2427550111ae modules/openid/openid.module
--- a/modules/openid/openid.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/openid/openid.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: openid.module,v 1.19 2008/01/30 22:11:22 goba Exp $
+// $Id: openid.module,v 1.19.2.1 2008/04/09 21:11:48 goba Exp $
 
 /**
  * @file
@@ -30,6 +30,8 @@
     'title' => 'Delete OpenID',
     'page callback' => 'openid_user_delete',
     'page arguments' => array(1),
+    'access callback' => 'user_edit_access',
+    'access arguments' => array(1),
     'type' => MENU_CALLBACK,
     'file' => 'openid.pages.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/path/path.module
--- a/modules/path/path.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/path/path.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: path.module,v 1.138 2008/02/03 19:20:35 goba Exp $
+// $Id: path.module,v 1.138.2.1 2008/04/09 21:11:48 goba Exp $
 
 /**
  * @file
@@ -46,6 +46,7 @@
   $items['admin/build/path/edit'] = array(
     'title' => 'Edit alias',
     'page callback' => 'path_admin_edit',
+    'access arguments' => array('administer url aliases'),
     'type' => MENU_CALLBACK,
     'file' => 'path.admin.inc',
   );
@@ -53,6 +54,7 @@
     'title' => 'Delete alias',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('path_admin_delete_confirm'),
+    'access arguments' => array('administer url aliases'),
     'type' => MENU_CALLBACK,
     'file' => 'path.admin.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/profile/profile.module
--- a/modules/profile/profile.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/profile/profile.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: profile.module,v 1.236 2008/02/03 19:36:46 goba Exp $
+// $Id: profile.module,v 1.236.2.1 2008/04/09 21:11:49 goba Exp $
 
 /**
  * @file
@@ -95,12 +95,14 @@
     'title' => 'Add field',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('profile_field_form'),
+    'access arguments' => array('administer users'),
     'type' => MENU_CALLBACK,
     'file' => 'profile.admin.inc',
   );
   $items['admin/user/profile/autocomplete'] = array(
     'title' => 'Profile category autocomplete',
     'page callback' => 'profile_admin_settings_autocomplete',
+    'access arguments' => array('administer users'),
     'type' => MENU_CALLBACK,
     'file' => 'profile.admin.inc',
   );
@@ -108,6 +110,7 @@
     'title' => 'Edit field',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('profile_field_form'),
+    'access arguments' => array('administer users'),
     'type' => MENU_CALLBACK,
     'file' => 'profile.admin.inc',
   );
@@ -115,6 +118,7 @@
     'title' => 'Delete field',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('profile_field_delete'),
+    'access arguments' => array('administer users'),
     'type' => MENU_CALLBACK,
     'file' => 'profile.admin.inc',
   );
@@ -453,7 +457,7 @@
       'title' => $category->category,
       'weight' => 3,
       'access callback' => 'profile_category_access',
-      'access arguments' => array($category->category)
+      'access arguments' => array(1, $category->category)
     );
   }
   return $data;
@@ -462,12 +466,12 @@
 /**
  * Menu item access callback - check if a user has access to a profile category.
  */
-function profile_category_access($category) {
-  if (user_access('administer users')) {
+function profile_category_access($account, $category) {
+  if (user_access('administer users') && $account->uid > 0) {
     return TRUE;
   }
   else {
-    return db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN));
+    return user_edit_access($account) && db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN));
   }
 }
 
diff -r d94886ac61a0 -r 2427550111ae modules/search/search.module
--- a/modules/search/search.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/search/search.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: search.module,v 1.250.2.1 2008/02/07 16:42:03 goba Exp $
+// $Id: search.module,v 1.250.2.2 2008/04/09 21:11:49 goba Exp $
 
 /**
  * @file
@@ -194,6 +194,7 @@
     'description' => 'View most popular search phrases.',
     'page callback' => 'dblog_top',
     'page arguments' => array('search'),
+    'access arguments' => array('access site reports'),
     'file' => 'dblog.admin.inc',
     'file path' => drupal_get_path('module', 'dblog'),
   );
diff -r d94886ac61a0 -r 2427550111ae modules/syslog/syslog.module
--- a/modules/syslog/syslog.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/syslog/syslog.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: syslog.module,v 1.14 2007/12/14 18:08:48 goba Exp $
+// $Id: syslog.module,v 1.14.2.1 2008/04/09 21:11:49 goba Exp $
 
 /**
  * @file
@@ -32,6 +32,7 @@
     'description'    => 'Settings for syslog logging. Syslog is an operating system administrative logging tool used in systems management and security auditing. Most suited to medium and large sites, syslog provides filtering tools that allow messages to be routed by type and severity.',
     'page callback'  => 'drupal_get_form',
     'page arguments' => array('syslog_admin_settings'),
+    'access arguments' => array('administer site configuration'),
   );
   return $items;
 }
diff -r d94886ac61a0 -r 2427550111ae modules/system/system.admin.inc
--- a/modules/system/system.admin.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/system/system.admin.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: system.admin.inc,v 1.63 2008/02/04 12:35:48 goba Exp $
+// $Id: system.admin.inc,v 1.63.2.1 2008/03/25 11:58:16 goba Exp $
 
 /**
  * @file
@@ -1359,7 +1359,7 @@
  */
 function system_clear_cache_submit(&$form_state, $form) {
   drupal_flush_all_caches();
-  drupal_set_message('Caches cleared.');
+  drupal_set_message(t('Caches cleared.'));
 }
 
 /**
diff -r d94886ac61a0 -r 2427550111ae modules/system/system.module
--- a/modules/system/system.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/system/system.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: system.module,v 1.585.2.8 2008/02/27 19:44:44 goba Exp $
+// $Id: system.module,v 1.585.2.11 2008/04/09 21:11:49 goba Exp $
 
 /**
  * @file
@@ -9,7 +9,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '6.1');
+define('VERSION', '6.2');
 
 /**
  * Core API compatibility.
@@ -212,18 +212,21 @@
   $items['admin/compact'] = array(
     'title' => 'Compact mode',
     'page callback' => 'system_admin_compact_page',
+    'access arguments' => array('access administration pages'),
     'type' => MENU_CALLBACK,
     'file' => 'system.admin.inc',
   );
   $items['admin/by-task'] = array(
     'title' => 'By task',
     'page callback' => 'system_main_admin_page',
+    'access arguments' => array('access administration pages'),
     'file' => 'system.admin.inc',
     'type' => MENU_DEFAULT_LOCAL_TASK,
   );
   $items['admin/by-module'] = array(
     'title' => 'By module',
     'page callback' => 'system_admin_by_module',
+    'access arguments' => array('access administration pages'),
     'file' => 'system.admin.inc',
     'type' => MENU_LOCAL_TASK,
     'weight' => 2,
@@ -234,6 +237,7 @@
     'position' => 'left',
     'weight' => -10,
     'page callback' => 'system_admin_menu_block_page',
+    'access arguments' => array('access administration pages'),
     'file' => 'system.admin.inc',
   );
 
@@ -244,6 +248,7 @@
     'position' => 'right',
     'weight' => -5,
     'page callback' => 'system_settings_overview',
+    'access arguments' => array('access administration pages'),
     'file' => 'system.admin.inc',
   );
   $items['admin/build'] = array(
@@ -252,6 +257,7 @@
     'position' => 'right',
     'weight' => -10,
     'page callback' => 'system_admin_menu_block_page',
+    'access arguments' => array('access administration pages'),
     'file' => 'system.admin.inc',
   );
   $items['admin/settings/admin'] = array(
@@ -282,6 +288,7 @@
   $items['admin/build/themes/settings'] = array(
     'title' => 'Configure',
     'page arguments' => array('system_theme_settings'),
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_LOCAL_TASK,
   );
   // Theme configuration subtabs
@@ -316,15 +323,18 @@
   );
   $items['admin/build/modules/list/confirm'] = array(
     'title' => 'List',
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_CALLBACK,
   );
   $items['admin/build/modules/uninstall'] = array(
     'title' => 'Uninstall',
     'page arguments' => array('system_modules_uninstall'),
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_LOCAL_TASK,
   );
   $items['admin/build/modules/uninstall/confirm'] = array(
     'title' => 'Uninstall',
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_CALLBACK,
   );
 
@@ -346,6 +356,7 @@
     'title' => 'Configure an advanced action',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('system_actions_configure'),
+    'access arguments' => array('administer actions'),
     'type' => MENU_CALLBACK,
   );
   $items['admin/settings/actions/delete/%actions'] = array(
@@ -353,11 +364,13 @@
     'description' => 'Delete an action.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('system_actions_delete_form', 4),
+    'access arguments' => array('administer actions'),
     'type' => MENU_CALLBACK,
   );
   $items['admin/settings/actions/orphan'] = array(
     'title' => 'Remove orphans',
     'page callback' => 'system_actions_remove_orphans',
+    'access arguments' => array('administer actions'),
     'type' => MENU_CALLBACK,
   );
 
@@ -429,6 +442,7 @@
     'title' => 'Date and time lookup',
     'type' => MENU_CALLBACK,
     'page callback' => 'system_date_time_lookup',
+    'access arguments' => array('administer site configuration'),
     'file' => 'system.admin.inc',
   );
   $items['admin/settings/site-maintenance'] = array(
@@ -485,18 +499,21 @@
   $items['admin/reports/status/run-cron'] = array(
     'title' => 'Run cron',
     'page callback' => 'system_run_cron',
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_CALLBACK,
     'file' => 'system.admin.inc',
   );
   $items['admin/reports/status/php'] = array(
     'title' => 'PHP',
     'page callback' => 'system_php',
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_CALLBACK,
     'file' => 'system.admin.inc',
   );
   $items['admin/reports/status/sql'] = array(
     'title' => 'SQL',
     'page callback' => 'system_sql',
+    'access arguments' => array('administer site configuration'),
     'type' => MENU_CALLBACK,
     'file' => 'system.admin.inc',
   );
@@ -1227,6 +1244,11 @@
     }
     db_query('DELETE FROM {files} WHERE fid = %d', $file->fid);
   }
+  $core = array('cache', 'cache_block', 'cache_filter', 'cache_page', 'cache_form', 'cache_menu');
+  $cache_tables = array_merge(module_invoke_all('flush_caches'), $core);
+  foreach ($cache_tables as $table) {
+    cache_clear_all(NULL, $table);
+  }
 }
 
 /**
diff -r d94886ac61a0 -r 2427550111ae modules/taxonomy/taxonomy.module
--- a/modules/taxonomy/taxonomy.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/taxonomy/taxonomy.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: taxonomy.module,v 1.414 2008/01/27 17:55:15 goba Exp $
+// $Id: taxonomy.module,v 1.414.2.1 2008/04/09 21:11:51 goba Exp $
 
 /**
  * @file
@@ -128,6 +128,7 @@
     'title' => 'Add vocabulary',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('taxonomy_form_vocabulary'),
+    'access arguments' => array('administer taxonomy'),
     'type' => MENU_LOCAL_TASK,
     'parent' => 'admin/content/taxonomy',
     'file' => 'taxonomy.admin.inc',
@@ -137,6 +138,7 @@
     'title' => 'Edit vocabulary',
     'page callback' => 'taxonomy_admin_vocabulary_edit',
     'page arguments' => array(5),
+    'access arguments' => array('administer taxonomy'),
     'type' => MENU_CALLBACK,
     'file' => 'taxonomy.admin.inc',
   );
@@ -144,6 +146,7 @@
   $items['admin/content/taxonomy/edit/term'] = array(
     'title' => 'Edit term',
     'page callback' => 'taxonomy_admin_term_edit',
+    'access arguments' => array('administer taxonomy'),
     'type' => MENU_CALLBACK,
     'file' => 'taxonomy.admin.inc',
   );
@@ -183,6 +186,7 @@
     'title' => 'Add term',
     'page callback' => 'taxonomy_add_term_page',
     'page arguments' => array(3),
+    'access arguments' => array('administer taxonomy'),
     'type' => MENU_LOCAL_TASK,
     'parent' => 'admin/content/taxonomy/%taxonomy_vocabulary',
     'file' => 'taxonomy.admin.inc',
diff -r d94886ac61a0 -r 2427550111ae modules/tracker/tracker.module
--- a/modules/tracker/tracker.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/tracker/tracker.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: tracker.module,v 1.154 2007/12/14 18:08:49 goba Exp $
+// $Id: tracker.module,v 1.154.2.1 2008/04/09 21:11:51 goba Exp $
 
 /**
  * @file
@@ -33,11 +33,11 @@
   $items['tracker/all'] = array(
     'title' => 'All recent posts',
     'type' => MENU_DEFAULT_LOCAL_TASK,
-    'access callback' => 'user_is_logged_in',
   );
-  $items['tracker/%user_current'] = array(
+  $items['tracker/%user_uid_optional'] = array(
     'title' => 'My recent posts',
-    'access callback' => 'user_is_logged_in',
+    'access callback' => '_tracker_myrecent_access',
+    'access arguments' => array(1),
     'page arguments' => array(1),
     'type' => MENU_LOCAL_TASK,
   );
@@ -46,6 +46,8 @@
     'title' => 'Track',
     'page callback' => 'tracker_page',
     'page arguments' => array(1, TRUE),
+    'access callback' => '_tracker_user_access',
+    'access arguments' => array(1),
     'type' => MENU_LOCAL_TASK,
     'file' => 'tracker.pages.inc',
   );
@@ -55,3 +57,19 @@
   );
   return $items;
 }
+
+/**
+ * Access callback for tracker/%user_uid_optional
+ */
+function _tracker_myrecent_access($account) {
+  // This path is only allowed for authenticated users looking at their own posts.
+  return $account->uid && ($GLOBALS['user']->uid == $account->uid) && user_access('access content');
+}
+
+/**
+ * Access callback for user/%user/track
+ */
+function _tracker_user_access($account) {
+  return user_view_access($account) && user_access('access content');
+}
+
diff -r d94886ac61a0 -r 2427550111ae modules/trigger/trigger.module
--- a/modules/trigger/trigger.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/trigger/trigger.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: trigger.module,v 1.13 2008/01/21 20:08:15 goba Exp $
+// $Id: trigger.module,v 1.13.2.1 2008/04/09 21:11:51 goba Exp $
 
 /**
  * @file
@@ -49,6 +49,7 @@
     'title' => 'Content',
     'page callback' => 'trigger_assign',
     'page arguments' => array('node'),
+    'access callback' => 'trigger_access_check',
     'access arguments' => array('node'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'trigger.admin.inc',
@@ -57,6 +58,7 @@
     'title' => 'Users',
     'page callback' => 'trigger_assign',
     'page arguments' => array('user'),
+    'access callback' => 'trigger_access_check',
     'access arguments' => array('user'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'trigger.admin.inc',
@@ -83,6 +85,7 @@
     'title' => 'Cron',
     'page callback' => 'trigger_assign',
     'page arguments' => array('cron'),
+    'access arguments' => array('administer actions'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'trigger.admin.inc',
   );
@@ -112,6 +115,7 @@
     'description' => 'Unassign an action from a trigger.',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('trigger_unassign'),
+    'access arguments' => array('administer actions'),
     'type' => MENU_CALLBACK,
     'file' => 'trigger.admin.inc',
   );
diff -r d94886ac61a0 -r 2427550111ae modules/update/update.fetch.inc
--- a/modules/update/update.fetch.inc	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/update/update.fetch.inc	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: update.fetch.inc,v 1.7 2008/01/30 10:14:42 goba Exp $
+// $Id: update.fetch.inc,v 1.7.2.1 2008/04/09 18:36:58 goba Exp $
 
 /**
  * @file
@@ -54,11 +54,11 @@
     $frequency = variable_get('update_check_frequency', 1);
     cache_set('update_info', $available, 'cache_update', time() + (60 * 60 * 24 * $frequency));
     variable_set('update_last_check', time());
-    watchdog('update', 'Fetched information about all available new releases and updates.', array(), WATCHDOG_NOTICE, l('view', 'admin/reports/updates'));
+    watchdog('update', 'Fetched information about all available new releases and updates.', array(), WATCHDOG_NOTICE, l(t('view'), 'admin/reports/updates'));
   }
   else {
     module_invoke('system', 'check_http_request');
-    watchdog('update', 'Unable to fetch any information about available new releases and updates.', array(), WATCHDOG_ERROR, l('view', 'admin/reports/updates'));
+    watchdog('update', 'Unable to fetch any information about available new releases and updates.', array(), WATCHDOG_ERROR, l(t('view'), 'admin/reports/updates'));
   }
   return $available;
 }
diff -r d94886ac61a0 -r 2427550111ae modules/user/user.module
--- a/modules/user/user.module	Tue Dec 23 14:29:21 2008 +0100
+++ b/modules/user/user.module	Tue Dec 23 14:30:08 2008 +0100
@@ -1,5 +1,5 @@
 <?php
-// $Id: user.module,v 1.892 2008/02/03 19:23:01 goba Exp $
+// $Id: user.module,v 1.892.2.2 2008/04/09 21:11:51 goba Exp $
 
 /**
  * @file
@@ -867,6 +867,9 @@
     );
 }
 
+/**
+ * Access callback for user account editing.
+ */
 function user_edit_access($account) {
   return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0;
 }
@@ -956,6 +959,7 @@
   $items['admin/user/user/create'] = array(
     'title' => 'Add user',
     'page arguments' => array('create'),
+    'access arguments' => array('administer users'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'user.admin.inc',
   );
@@ -988,6 +992,7 @@
   $items['admin/user/roles/edit'] = array(
     'title' => 'Edit role',
     'page arguments' => array('user_admin_role'),
+    'access arguments' => array('administer permissions'),
     'type' => MENU_CALLBACK,
     'file' => 'user.admin.inc',
   );
@@ -1006,18 +1011,21 @@
   $items['admin/user/rules/add'] = array(
     'title' => 'Add rule',
     'page callback' => 'user_admin_access_add',
+    'access arguments' => array('administer permissions'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'user.admin.inc',
   );
   $items['admin/user/rules/check'] = array(
     'title' => 'Check rules',
     'page callback' => 'user_admin_access_check',
+    'access arguments' => array('administer permissions'),
     'type' => MENU_LOCAL_TASK,
     'file' => 'user.admin.inc',
   );
   $items['admin/user/rules/edit'] = array(
     'title' => 'Edit rule',
     'page callback' => 'user_admin_access_edit',
+    'access arguments' => array('administer permissions'),
     'type' => MENU_CALLBACK,
     'file' => 'user.admin.inc',
   );
@@ -1025,6 +1033,7 @@
     'title' => 'Delete rule',
     'page callback' => 'drupal_get_form',
     'page arguments' => array('user_admin_access_delete_confirm'),
+    'access arguments' => array('administer permissions'),
     'type' => MENU_CALLBACK,
     'file' => 'user.admin.inc',
   );
@@ -1037,7 +1046,7 @@
     'file' => 'user.pages.inc',
   );
 
-  $items['user/%user_current'] = array(
+  $items['user/%user_uid_optional'] = array(
     'title' => 'My account',
     'title callback' => 'user_page_title',
     'title arguments' => array(1),
@@ -1092,8 +1101,8 @@
           'title arguments' => array($category['title']),
           'page callback' => 'user_edit',
           'page arguments' => array(1, 3),
-          'access callback' => isset($category['access callback']) ? $category['access callback'] : TRUE,
-          'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(),
+          'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access',
+          'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(1),
           'type' => MENU_LOCAL_TASK,
           'weight' => $category['weight'],
           'load arguments' => array('%map', '%index'),
@@ -1110,8 +1119,8 @@
   drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
 }
 
-function user_current_load($arg) {
-  return user_load($arg ? $arg : $GLOBALS['user']->uid);
+function user_uid_optional_load($arg) {
+  return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid);
 }
 
 /**
@@ -1156,7 +1165,7 @@
 /**
  * Returns the user id of the currently logged in user.
  */
-function user_current_to_arg($arg) {
+function user_uid_optional_to_arg($arg) {
   // Give back the current user uid when called from eg. tracker, aka.
   // with an empty arg. Also use the current user uid when called from
   // the menu with a % for the current account link.
@@ -1224,7 +1233,7 @@
  *
  * @ingroup forms
  */
-function user_login(&$form_state, $msg = '') {
+function user_login(&$form_state) {
   global $user;
 
   // If we are already logged on, go to the user page instead.
@@ -1233,9 +1242,6 @@
   }
 
   // Display login form:
-  if ($msg) {
-    $form['message'] = array('#value' => '<p>'. check_plain($msg) .'</p>');
-  }
   $form['name'] = array('#type' => 'textfield',
     '#title' => t('Username'),
     '#size' => 60,