- Patch #6760 by JonBob: refactored the taxonomy module URLs to be nicer, improved the code/Doxygen comments.

  As discussed before, the path "taxonomy/page/or/1,2" becomes "taxonomy/term/1+2" and the path "taxonomy/page/and/1,2" becomes "taxonomy/term/1,2". The most common case of listing nodes attached to a single term becomes simpler, since it doesn't require a meaningless "or" or "and". A depth of "0" is assumed, but a positive integer or "all" can be used. Feeds are available at "taxonomy/term/1+2/all/feed" and the like.

  This iteration of the patch also changes the structure of taxonomy_select_nodes(), since it was not following Drupal conventions. A handful of contrib modules call this function, and will need to be updated. Instead of passing in a $taxonomy object containing parameters for the function, the parameters are passed independently. This simplifies the code quite a bit. The queries were changed to only return node IDs for speed; all results from this function are passed through node_load() anyway, so the extra information returned was discarded. The AND query was also changed to avoid the strange trick and remove an extra query, at the expense of a table join per root term in the AND. This cleans up the code substantially while at the same time enabling the use of AND with a depth parameter.

  TODO: update contribution modules.

- Made the taxonomy module use drupal_goto() to fix up the interaction behavior.

Added an upgrade path for old URL aliases to node/view, book/view and user/view. This is amongst other things required for old node aliases to appear in the node form.

- Patch #9812 by Adrian: fixed some PostgreSQL/ANSI SQL compabitibility
  problems created by the new comment and node access permissions code.

- Patch #7968 by Adrian: use the complete URL as the cache ID to make Drupal's
  caching work on virtual hosts.

- Patch #9330: ucfirst() gives problem when used with multibyte charset.
  Replaced the use of ucfirst() with a CSS-based solution.

- #9811: Remove session ID before matching block path

- Patch #8523 by killes: avoid profile data being deleted when requesting a new
  password.

- Patch by Jeremy: usability improvements for the statistics.module's GUI.

- Patch #9794 by JonBob: a bug introduced late in the review process makes individual node views inaccessible to users who should have permission. This does not affect node listings, so was missed.

- Patch #9775 by TDobes: consistency operation.  Changed to "edit foo," "delete foo," and "view foo" links into simply "edit," "delete," and "view".

- Removing gAMA chunk from xtemplate logo.png for less to avoid more gamma issues.

- Patch #9497 by gordon: made <!--break--> work even when the teaser length
  is set to unlimited and fixed up some code comments.

- Patch #9768 by killes: admin/user/edit/$uid is no more, removed some left-overs.

- Patch #9657: more intelligent theme() function.  Hopefully, Adrian will be
  able to use this patch too.

- Patch #7458 by killes: conditionally include xmlrpc.inc.

- Patch #9757 by Al: improved the aggregator help.  Help texts should be to the point.

- Patch #9740 by Bart: added missing {} for table prefixing.

- Patch #7336 by TDobes: in various parts of Drupal, we use the title attribute for links to provide a slightly more detailed explanation as to the purpose of a link or where it goes.

   + the confirmation before deleting a comment was missing a check_output.
   + after editing a comment, two pages were shown (two calls to theme('page',..)), replaced this by a drupal_goto.

- Patch by Jeremy: statistics module improvements.

- Simplified the block help a bit by removing some dated information.  It
  should be simplified more.

- Fixed broken link + removed redundant form descriptions (there is no point
  in repeating the title).

- Patch #9654 by Bart: since the $category paramater was added to user_save,
  update 80 (moving the profile fields to their own tables) no longer works.

  to set book breadcrumbs for nodes that weren't books.

- Patch #9650 by Adrian: this change introduces a module_load function, which maintains a list of modules that have already been loaded in a static array, and will not load another module of the same name, or if the file does not exist.

Modules can be stored anywhere, as there is now a set of functions called module_get_filename, and module_set_filename .. which allow system_listing and module_list to specify the locations of the files.

A new function module_load_all() replaces the hardcoded includes in module_init, and loads all modules which have been enabled, using module_load.

module_listing no longer includes files itself, instead it just keeps the listing (and sets the filenames).

This patch is a requirement for the multisite configuration patch, as overriding modules are currently being loaded due to the only protection of loading them is include_once.

- Patch #9543 by JonBob: added node-level access control!

- Patch #5347 by JonBob:

Here's a new patch that unifies the node/52 and book/view/52 paths for nodes. It involves a small change to hook_view(), which is discussed first:

Currently hook_view() expects node modules to return a themed node. However, each module does this the same way; they modify $node as necessary, then call theme('node', $node) and return the result. We can refactor this so that the calling function node_view() calls theme('node') instead. By doing this, it becomes possible for hook_nodeapi('view') to be called after hook_view() where the node contents are filtered, and before theme('node') where the body is enclosed in other HTML. This way the book module can insert its navigation into the body right before the theming.

Advantages of this refactoring:
- I can use it for book.module to remove the extra viewing path.
- The function of hook_nodeapi('view') becomes more like hook_view(), as neither will expect a return value.
- We more closely follow the flow of other nodeapi calls, which usually directly follow their corresponding specific node type hooks (instead of preceding them).
- The attachment.module people could use it to append their attachments in a list after the node.
- Gabor could use it instead of his filter perversion for his "articles in a series" module.
- A little less code in each view hook.
- The content hook is no longer needed, so that means even less code.

Disadvantages:
- Any modules written to use nodeapi('view') could be affected (but these would all be post-4.4 modules).
- Implementations of hook_view() would need to be updated (but return values would be ignored, so most would work without updates anyway).

Now the patch takes advantage of this API shift to inject its navigation at the end of all book nodes, regardless of the viewing path. In fact, since the paths become identical, I've removed the book/view handler entirely. We should probably provide an .htaccess rewrite for this (one is still needed for node/view/nn anyway). At the same time, there is a check in book_block() that shows the block appropriately on these pages.

The headers stored for cached pages ended in a newline, which caused header("") to get called when serving the page.
On some PHP versions (happens on 4.3.3 at least, but not in 5.0), PHP adds a blank header to the HTTP request (i.e. just \r\n) which ends HTTP headers prematurely and adds a newline at the beginning of the page.

This was not an issue before because we output HTML. Now that we have GZip compression, this bug caused corruption of the output. :P
*phew*