- Patch #352180 by Garret Albright, wrwrwr: better multi-site friendly 'www' addition/removal in .htaccess.

#289120 by jastern: Set magic_quotes_sybase = 0 to prevent default php.ini settings from double-quoting JavaScript in Drupal.

- Patch #308834 by c960657: move setting of magic_quotes_runtime out of settings.php because (i) we don't want a user to change it and (ii) it gets executed a bit earlier in the Drupal bootstrap.

- Patch #217170 by maartenvg, rbiffl: boolean PHP settings are best set with php_flag instead of php_value.

- Patch #150245 by webchick, bjaspan, ralf, Arancaytar et al: move the .schema files into .install files to prevent mistakes.

- Patch #144634 by chx: fixed critical bug that prevented language negotiation to work after/when drupal_goto() is called.

#117151 by profix898: the second part of our FilesMatch list contained complete file names which should be protected (eg. Tag), but should not match parts of the file names (eg. Tagging.txt)

#151634 by Ralf Stamm: protect .schema files from being read over the web, if .htaccess is parsed and adhered to

- Fix locations links in watchdog
- Fix repeated subdirectory in page cache CIDs

Per TDobes' comments:

* INSTALL.txt corrected to use 4.3.3, not 4.33.
* .htaccess: removed allow_call_time_pass_reference. two confirmations that a) the setting was wrong in the first place, b) there were no adverse affects for the incorrect setting, c) the PHP docs say it is deprecated.
* .htaccess: removed short_open_tag. Running grep -r "<? " * across the entire directory tree of both core and contributions only brought up contributions and no core. I agree that the fuller form is better. The following contributions will need to be updated: modules/edit_template/edit_template.module, sandbox/garym/themes/marvin_2k/templates/page.tpl.php, sandbox/killes/compare.php, sandbox/paolino/import/click.php, themes/spreadfirefox/block.tpl.php. For error's sake, I also did a manual verification for "<?" (no space) across core and came up against nothing in addition to the above contribs.

Per Goba's comments:

* .htaccess: Moved session.auto_start back.
* sites/default/settings.php: Removed track_vars.

Per mailing list comments:

* INSTALL.txt: Added text about the files/ directory, creating it, and permissions.
* INSTALL.txt: Added an example of why Drupal requires cron (the search.module) in an attempt to justify why a crontab is a good, nay, required step.

And my own further analities:

* .htaccess: cleaned up some whitespace valleys (i hate 'em, hate 'em!) and fixed a few stray colons.
* settings.php: minor whitespace error.