- Restoring broken update path.
- Adding birthday/date function back, with update path.
- Show private fields when viewing your own profile, or for admins.
- Do not allow browsing of private fields for non admins (403)
- Throw a 404 for browsing unbrowsable fields, rather than an SQL error
- Fixing input processing: nothing is filtered twice anymore, and I replaced several strip_tags with specialchars (more flexible).
- Minor admin UI tweaks + added friendly field type names.

- Patch by Al: don't translate all help text upon every page view!

   * Refactored the "brains" of user_login() to user_authenticate($user, $pass) so that blogapi (and others) can authenticate users (including those using DistAuth) without all the html and drupal_goto calls
   * Updates blogapi_validate_user to use user_authenticate.

- Added missing quotes around 'name'.  Spotted by James.

   * Adds missing quotes around the username in "session closed" watchdog messages from user.module (session opened has quotes, but session closed does not).
   * Changed "view detals" after watchdog entries to "details".

- Patch #10044 by TDobes: fixed broken links in the statistics module. In the current statistics.module, clicking a page title should lead to the appropriate page within the local site. Instead, it leads to a 404 because the / character is turned into %2F... this is due to the paths being passed through urlencode(). The attached patch removes the problematic calls to urlencode.

  I had some trouble adding this feature but realized that the "who's online" block is a geek think, and therefore it won't hurt to add some more geekiness.  If you don't know what "offline users" means, you would not have understood "online users" in the first place.  Either way, I think most people who have the block enabled, will find this an interesting addition.

- Modified patch #9924 by njivi: added a basic member list to the profile module.  (If this deprecates the memberlist module, it ought to be deprecated.)
  I removed the permission njivi introduced and made the page title match the link title.

- Patch #6806 by UnConeD: prefixed form IDs with 'edit-' so they won't clash
  with other IDs.  Also makes things a tad more consistent.

- Patch #9983 by Stefan: various code style improvements.

- Patch #9972 by njivy: modified node_feed() for the instances where locale is not enabled. Without this patch, reset(array_keys($languages['name'])) throws an error.

- New locale module thanks to Gerhard, Goba, Marco, Kristjan and others.

  The new locale module provides every functionality on the web interface, so you don't need to edit the configuration files or add columns, when you add a new language. This module is an integration of the old locale and localegettext modules, plus a bunch of logic to parse Gettext Portable Object files (opposed to Machine Object files, as supported by localegettext).

  Note: I made some minor changes to the context-sensitive help texts and to some of the status messages.

- Cleaning up code a bit

- Removing some leftover dead code

- Patch #8155 by JonBob: removed legacy _system() hook.

- Patch #9663 by jvandyk: the $i counter variable in tablesort_get_order() is unused and should therefore be removed.

The Input formats - filter patch has landed. I still need to make update instructions for modules and update the hook docs.

Here's an overview of the changes:
1) Multiple Input formats: they are complete filter configurations (what filters to use, in what order and with which settings). Input formats are admin-definable, and usage of them is role-dependant. For example, you can set it up so that regular users can only use limited HTML, while admins can free HTML without any tag limitations.
The input format can be chosen per content item (nodes, comments, blocks, ...) when you add/edit them. If only a single format is available, there is no choice, and nothing changes with before.

The default install (and the upgrade) contains a basic set of formats which should satisfy the average user's needs.

2) Filters have toggles
Because now you might want to enable a filter only on some input formats, an explicit toggle is provided by the filter system. Modules do not need to worry about it and filters that still have their own on/off switch should get rid of it.

3) Multiple filters per module
This was necessary to accomodate the next change, and it's also a logical extension of the filter system.

4) Embedded PHP is now a filter
Thanks to the multiple input formats, I was able to move the 'embedded PHP' feature from block.module, page.module and book.module into a simple filter which executes PHP code. This filter is part of filter.module, and by default there is an input format 'PHP', restricted to the administrator only, which contains this filter.
This change means that block.module now passes custom block contents through the filter system.
As well as from reducing code duplication and avoiding two type selectors for page/book nodes, you can now combine PHP code with other filters.

5) User-supplied PHP code now requires <?php ?> tags.
This is required for teasers to work with PHP code. Because PHP evaluation is now just another step in the filter process, we can't do this. Also, because teasers are generated before filtering, this would result in errors when the teaser generation would cut off a piece of PHP code.

Also, regular PHP syntax explicitly includes the <?php ?> tags for PHP files, so it makes sense to use the same convention for embedded PHP in Drupal.

6) Filter caching was added.
Benchmarking shows that even for a simple setup (basic html filtering + legacy URL rewriting), filtercache can offer speedups. Unlike the old filtercache, this uses the normal cache table.

7) Filtertips were moved from help into a hook_filter_tips(). This was required to accomodate the fact that there are multiple filters per module, and that filter settings are format dependant. Shoehorning filter tips into _help was ugly and silly. The display of the filter tips is done through the input format selector, so filter_tips_short() no longer exists.

8) A more intelligent linebreak convertor was added, which doesn't stop working if you use block-level tags and which adds <p> tags.

- #4266: When editing a book page, hide the page and its children from the "Parent" selector to prevent circular relationships in the book hierarchy.

- Patch by Al: improved the admin/help pages (first step).

- Users who have not edited their account yet would be reset to GMT rather than the sitewide timezone.
- Users who chose GMT (zero timezone) on a site with a non-zero timezone as default would have incorrect timezone.

- Patch #9884 by Bart Jansens:
  + The 'previous topic' / 'next topic' links skipped topic without comments (changed one inner join back to a left join).
  + The default order setting in admin/settings/forum had no effect.
  + The 'first new topic' link jumped to the first unread topic ever instead of the first unread topic since NODE_NEW_LIMIT.
  + This also removes the unused $offset param from theme_forum_display and theme_forum_topic_list, so any themes using these functions should be updated (i checked the core themes but none of them used these functions).

- Patch #9865 by njivy: avoid mangling %'s in the profile SQL query.

- Patch #9866 by njivy: when the links are generated for each item in a list-type profile field, double quotes in the item name can break the link. To fix this, this patch gives drupal_specialchars() the ENT_QUOTES parameter to convert quotes into HTML entities. This fix is also applied to selection-type profile fields which can have the same problem.