GitLab

#14591, User.module links for blocked/non-existant accounts + menu 403/404 issue, patch by Steven and merlinofchaos

#46617, Restore some module listings, partially applied, I've omitted places where I felt that sortign by weight would be wanted.
We can discuss those on the issue. Patch by chx.

- Patch #24398: make password reset work in case someone does prefetching.  (Today's critical bugfix #4.))

    * Makes the user login and password fields in the login _block_ required.
    * Uses just if ($form['name']) rather than if (isset($form['name']) && $form['name']). AFAIK, using both is unnecessary with the form API.
    * Changes maxlength for usernames to 60 which is the (rather odd) database value. The maxlength fields at present don't accomodate affiliate logins with extra long usernames/domains, but I've left that issue alone for now.
    * Removes all instances of maxlength for password. They were a)not being applied with any degree of consistency, and b)unnecessary as only the hash is stored.
    * Corrects an e-mail address maxlength from 55 to 64.
    * unset() accepts more than one variable.

- Patch #44290 by Steve Dondley: fixed problem with user picture getting deleted after editing user account.

- Patch #35499 by samo, m3avrck, et al: one-time login link does not provide adequate feedback to user errors.

- Patch #40200 by Ax, Drewish, Zen et al: user_view() isn't merging view items correctly + CSS cleanup + form handling cleanup.