diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 6463e4844531668df0477523d23d2a60113d8509..34122b6aadfcf945839e33b38dd86c8a89187c0c 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,6 @@
 // $Id$
 
-Drupal 6.0, xxxx-xx-xx (development version)
+Drupal 6.0-beta4, 2007-12-05
 ----------------------
 - New, faster and better menu system.
 - New watchdog as a hook functionality.
@@ -97,6 +97,11 @@ Drupal 6.0, xxxx-xx-xx (development version)
 - Removed old system updates. Updates from Drupal versions prior to 4.7.x will
   require upgrading to 4.7.x or 5.x before upgrading to 6.x.
 
+Drupal 5.4, 2007-12-05
+----------------------
+- fixed a variety of small bugs.
+- fixed a security issue (SQL injection), see SA-2007-031
+
 Drupal 5.3, 2007-10-17
 ----------------------
 - fixed a variety of small bugs.
@@ -195,6 +200,10 @@ Drupal 5.0, 2007-01-15
     * Added nested lists generation.
     * Added a self-clearing block class.
 
+Drupal 4.7.9, 2007-12-05
+------------------------
+- fixed a security issue (SQL injection), see SA-2007-031
+
 Drupal 4.7.8, 2007-10-17
 ----------------------
 - fixed a security issue (HTTP response splitting), see SA-2007-024
diff --git a/includes/common.inc b/includes/common.inc
index a6128675ddf9e56082ebb746b9b73dec3a2c197c..8f0b4f5d97df46838840785e3dc0e521aafc0e8d 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -562,7 +562,7 @@ function drupal_error_handler($errno, $message, $filename, $line, $context) {
     return;
   }
 
-  if ($errno & (E_ALL)) {
+  if ($errno & (E_ALL ^ E_NOTICE)) {
     $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
 
     // For database errors, we want the line number/file name of the place that
diff --git a/modules/system/system.module b/modules/system/system.module
index ca8e54703dc5965df30c7c7bb4d178870d1f66d8..be06e9020bcafd833690dfdb495ead5345df72f3 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
  * Configuration system that lets administrators modify the workings of the site.
  */
 
-define('VERSION', '6.0-dev');
+define('VERSION', '6.0-beta4');
 define('DRUPAL_CORE_COMPATIBILITY', '6.x');
 
 define('DRUPAL_MINIMUM_PHP',    '4.3.3');
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index dd203c2e33fe879652adecddac39eda1d0391dd9..a247954b1907e6e76b2f456ba8e39253c81764a2 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -1074,16 +1074,19 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
     }
 
     if ($operator == 'or') {
-      $str_tids = implode(',', call_user_func_array('array_merge', $descendant_tids));
-      $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1 ORDER BY '. $order;
-      $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1';
+      $args = call_user_func_array('array_merge', $descendant_tids);
+      $placeholders = db_placeholders($args, 'int');
+      $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1 ORDER BY '. $order;
+      $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.vid = tn.vid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1';
     }
     else {
       $joins = '';
       $wheres = '';
+      $args = array();
       foreach ($descendant_tids as $index => $tids) {
         $joins .= ' INNER JOIN {term_node} tn'. $index .' ON n.vid = tn'. $index .'.vid';
-        $wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')';
+        $wheres .= ' AND tn'. $index .'.tid IN ('. db_placeholders($tids, 'int') .')';
+        $args = array_merge($args, $tids);
       }
       $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY '. $order;
       $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres;
@@ -1091,10 +1094,10 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
     $sql = db_rewrite_sql($sql);
     $sql_count = db_rewrite_sql($sql_count);
     if ($pager) {
-      $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count);
+      $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count, $args);
     }
     else {
-      $result = db_query_range($sql, 0, variable_get('feed_default_items', 10));
+      $result = db_query_range($sql, 0, variable_get('feed_default_items', 10), $args);
     }
   }