Issue #829464 by Berdir, klausi, sepgil | Heine: Fixed orderby() should verify that the sort direction is always ASC or DESC.

Issue #1317628 by Albert Volkman, Gaelan, disasm, mjonesdinero, xjm: Clean up API docs for include files n-z

Issue #839556 by dalin, jrchamp, effulgentsia, dmitrig01, David_Rothstein: fix isset regression in tablesort, add tests, and cleanup theme_process_registry().

- Patch #520764 by Damien Tournoud, JoshuaRogers, brianV: fixed SA-CORE-2009-007: request values in URL, including password/username.

- Patch #572618 by effulgentsia, pwolanin, sun: all theme functions should take a single argument. Code clean-up and performance improvement. Woot.

- Patch #578520 by sun | c960657, mfb, Dries, catch, mattyoung: make  in url() only accept an array. Another nice API clean-up!

#564394 by Berdir and Crell: Removed database BC layer. nah nah nah nah... hey hey hey... gooood byeeee...

#496516 by Crell and Berdir: Moved query_alter() into a preExecute() method, so that modules can know the final query/arguments before they are run.

#326539 by JohnAlbin, sun, cha0s, ultimateboy, Rob Loach, Damien Tournoud: Convert 'class' attribute to use an array, not a string.

- Patch #396284 by Berdir, chx, jcfiala, csevb10 et al: make sure to order by table headers first, before ordering by other fields.

#242962 by Heine: Add a 'tablesort' Form API element to unify various places we use a big table with JS-enabled checkboxes next to each item (with tests).

- Patch #245115 by kkaefer, John Morahan, JohnAlbin et al: after a long discussion we've decided to make the concatenation operator consistent with the other operators.

#198856 by hswong3i: Fix some incorrect use of %s for table name escaping, implement better security checks

- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."

Tablesort used to output class=" active" for active columns with other properties (align="right"). Now it correctly uses class="foo active" if a class 'foo' was specified, and class="active" otherwise.

- Patch #10663 by JonBob: documentation improvements: fixed some typos and improved consistency to the use of Doxygen/api.module commands in the comments.

- Patch #9663 by jvandyk: the $i counter variable in tablesort_get_order() is unused and should therefore be removed.

- Patch #9657: more intelligent theme() function.  Hopefully, Adrian will be
  able to use this patch too.