GitLab

  * split up the menu callback for editing/adding/deleting rules
  * improved the delete message
  * fixed a double page printing bug

- Clean URLs: search/type/keywords e.g. "search/node/drupal release". The search
  form is POST submitted, but drupal_gotos to a GET page. This makes it easy to
  copy/paste search URLs, and makes the pager a lot cleaner.

- Remember the search keywords when switching between the search tabs. This is
  done through the same GET URLs rather than the session, so it does not mess up
  between multiple browser tabs.

- Report which keywords were ignored because they were too short.

- #820: Provide search block

- Treat multiple wildcards in a row as one

    - permissions menu link updates in a number of modules help
    - anchor link fix in distributed auth help
    - "my account" link fix in user help
    - spelling correction in tracker.module help

- I also changed 'admin/access/perms' to 'admin/access/permissions'.

- Patch #16246 by Moshe: added mechanism to direct the user back to the referring page after completing a form.
  (Moshe: the patch against node.module failed to apply.)

- Patch #16358 by James: added toolkit to enable better image handling.  The avatar code and the upload module have been updated to take advantage of the new image API.

There are 5 main functions that modules may now utilize to handle images:

* image_get_info() - this function checks a file.  If it exists and is a valid image file, it will return an array containing things like the pixel dimensions of the image, plus the 'type' and common extension.
* image_scale - resizes a given image to fit within a given width / height dimensions, while maintaining aspect ratio (not distorting the image).  This function can be used to generate thumbnails, or ensure a maximum resolution, etc.
* image_resize - similar to image_scale (but will not respect aspect ratio - may well distort the image).
* image_rotate - rotate an image by X degrees
* image_crop - crops an image to a given rectangle (defined as top-left x/y coordinates plus a width & height of the rectangle).

Contribution modules will now be able to rely on these base manipulation functions to offer additional functionality (such as image nodes, photo galleries, advanced image manipulation, etc).

- Patch #16028 by Goba: added class="form-password" to the password form.

- Consistency glitch: 'operations' => 'Operations'.

  We added a 'severity' column to watchdog():
    watchdog($type, $message, $link) --> watchdog($type, $message, $severity, $link);

    * Specify a severity in case you are reporting a warning or error.
    * The $link-parameter is now the fourth parameter instead of the third.

  TODO: document this in the upgrade guide.

- Patch #15247 by Drumm: simplified the logout code.

  + After mailing the password, set a message and go to the login form (was print a message as the entire page).
  + Provide feedback if neither field was filled in.
  + Make it a full menu callback instead of going through user_page().
  + Fixed some indentation.
  + Changed some double quotes to single quotes.
  + Made sure all if statements have {}.

   * Less logic in theme code.
   * Encourages use of the menu system.
   * Easier to find where a title or breadcrumb comes from in other people's code because there are less places to look. Look in menu and then grep for the appropriate set function. Looking for calls to theme_page() is hard because there are too many of them.
   * Very slightly more efficient.

- Removed some cruft: left-over xxx_help_page() functions.

   * user/view/$n has been replaced with user/$n.
   * More blank lines in the right places.
   * Prevent unwanted case fallthrough.

   1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
   2. Removed t() functions from user contributed content.

- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:

db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));

This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.

However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.

This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.

I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.

Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);

and

- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);

I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.

This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query.  This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself.  With the new, documented syntax, there is no more excuse to put data directly in the query.

- Patch #12363: fixed glitch in user_access() as pointed out by TDobes.

- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."

- Patch #12783 by Stefan: various small consistency/usability improvements.

- Performance improvement: made 'sid' the primary key of the sessions table.
  That should improve performance of session handling as well improve
  performance of the "Who's online"-block.  Drupal.org's sessions table
  contains appr. 40.000 sessions on a slow day and rendering the "Who's
  online"-block became a performance bottleneck.

  This change has yet to be tested on a busy site so things might go wrong.

- Patch #12658 by menesis: when an administrator adds a user, the 'authenticated user' role was not assigned to the new user.

- Patch #12515 by Goba: fixed problem with cookies not being set properly, causing users getting logged out.