Remove wp-db-backup.php from 2.0

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@6752 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -40,7 +40,7 @@
 </head>
 <body>
 <h1 style="text-align: center"><img alt="WordPress" src="http://wordpress.org/images/wordpress.gif" /> <br />
-	Version 1.5</h1>
+	Version 2.0</h1>
 <p style="text-align: center"> Semantic Personal Publishing Platform </p>
 <h1>First Things First</h1>
 <p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I'm proud to be a part of. Thousands of hours have gone into WordPress, and we're dedicated to making it better every day. Thank you for making it part of your world.</p>
@@ -52,14 +52,14 @@
 	<li>Open up <code>wp-config-sample.php</code> with a text editor like WordPad or similar and fill in your database connection details</li>
 	<li>Save the file as <code>wp-config.php</code> </li>
 	<li>Upload everything.</li>
-	<li>Launch <span class="file"><a href="wp-admin/install.php">/wp-admin/install.php</a></span> in your browser. This should setup the tables needed for your blog. If there is an error, double check your <span class="file">wp-config.php</span> file, and try again. If it fails again, please go to the <a href="http://wordpress.org/support/">support forums</a> with as much data as you can gather. </li>
+	<li>Open <span class="file"><a href="wp-admin/install.php">/wp-admin/install.php</a></span> in your browser. This should setup the tables needed for your blog. If there is an error, double check your <span class="file">wp-config.php</span> file, and try again. If it fails again, please go to the <a href="http://wordpress.org/support/">support forums</a> with as much data as you can gather. </li>
 	<li><strong>Note the password given to you.</strong></li>
 	<li> The install script should then send you to the <a href="wp-login.php">login page</a>. Sign in with the username <code>admin</code> and the password generated during the installation. You can then click on 'Profile' to change the password.</li>
 </ol>
 
 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 1.5:</h2>
+<h2>Upgrading from any previous WordPress to 2.0:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified </li>
 	<li>Upload the new files</li>
@@ -80,14 +80,14 @@
 	<dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
 	<dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible. </dd>
 	<dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
-	<dd>Finally, there is an online chat channel that is used for discussion amoung people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpresss) </dd>
+	<dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress) </dd>
 </dl>
 
 <h1 id="requirements">System Recommendations</h1>
 <ul>
 	<li>PHP version <strong>4.1</strong> or higher</li>
 	<li>MySQL version <strong>3.23.23</strong> or higher</li>
-	<li>... and a link to <a href="http://wordpress.org">http://wordpress.org</a> on your site.</li>
+	<li>... and a link to <a href="http://wordpress.org/">http://wordpress.org</a> on your site.</li>
 </ul>
 <p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&eacute;log</a>, which came from Michel V. The work has been continued by the <a href="http://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="http://wordpress.org/donate/">donating</a>. </p>
 
@@ -100,16 +100,10 @@
 <h1>Post via Email</h1>
 <p>You can post from an email client! To set this up go to your &quot;Writing&quot; options screen and fill in the connection details for your secret POP3 account. Then you need to set up <code>wp-mail.php</code> to execute periodically to check the mailbox for new posts. You can do it with Cron-jobs, or if your host doesn't support it you can look into the various website-monitoring services, and make them check your <code>wp-mail.php</code> URL. </p>
 <p> Posting is easy: Any email sent to the address you specify will be posted, with the subject as the title. It is best to keep the address dicrete. The script will <i>delete</i> emails that are successfully posted. </p>
-<h1 id="notes">User Levels </h1>
-<p>You may allow or disallow user registration in your <a href="wp-admin/options-general.php">General options</a>. If &quot;new users can blog&quot; is disabled you must first raise the level of a newly registered user to allow them to post. Click the plus sign next to their name on the <a href="wp-admin/users.php">Users</a> page. </p>
-<h2>User Levels</h2>
-<ul>
-	<li>0 - New User </li>
-	<li>1 - User can post, edit, and delete their own posts.</li>
-	<li>5+ - Admin; can post, edit, delete other people's posts, and change the options.</li>
-	<li>Any user whose level is higher than 1, can edit and delete the posts and change the level of lower users. Example: a level 2 user is not an admin, but can edit the posts of level 1 users, and up the level of a new user from 0 to 1.</li>
-</ul>
-<p>Usually you want to have a team of level 1 users except for you.</p>
+<h1 id="roles">User Roles </h1>
+
+<p>We've eliminated user levels in order to make way for the much more flexible roles system introduced in 2.0. You can <a href="http://codex.wordpress.org/Roles_and_Capabilities">read more about Roles and Capabilities on the Codex</a>.</p>
+
 <h1> Final notes</h1>
 <ul>
 	<li>If you have any suggestions, ideas, comments, or if you (gasp!) found a bug, join us in the <a href="http://wordpress.org/support/">Support Forums</a></li>

wp-admin/admin-db.php

@@ -0,0 +1,387 @@
+<?php
+
+function get_users_drafts( $user_id ) {
+	global $wpdb;
+	$user_id = (int) $user_id;
+	$query = "SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author = $user_id ORDER BY ID DESC";
+	$query = apply_filters('get_users_drafts', $query);
+	return $wpdb->get_results( $query );
+}
+
+function get_others_drafts( $user_id ) {
+	global $wpdb;
+	$user = get_userdata( $user_id );
+	$level_key = $wpdb->prefix . 'user_level';
+
+	$editable = get_editable_user_ids( $user_id );
+	
+	if( !$editable ) {
+		$other_drafts = '';
+	} else {
+		$editable = join(',', $editable);
+		$other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) AND post_author != '$user_id' ");
+	}
+
+	return apply_filters('get_others_drafts', $other_drafts);
+}
+
+function get_editable_authors( $user_id ) {
+	global $wpdb;
+
+	$editable = get_editable_user_ids( $user_id );
+
+	if( !$editable ) {
+		return false;
+	} else {
+		$editable = join(',', $editable);
+		$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
+	}
+
+	return apply_filters('get_editable_authors', $authors);
+}
+
+function get_editable_user_ids( $user_id, $exclude_zeros = true ) {
+	global $wpdb;
+	
+	$user = new WP_User( $user_id );
+	
+	if ( ! $user->has_cap('edit_others_posts') ) {
+		if ( $user->has_cap('edit_posts') || $exclude_zeros == false )
+			return array($user->id);
+		else 
+			return false;
+	}
+
+	$level_key = $wpdb->prefix . 'user_level';
+
+	$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'";
+	if ( $exclude_zeros )
+		$query .= " AND meta_value != '0'";
+		
+	return $wpdb->get_col( $query );
+}
+
+function get_author_user_ids() {
+	global $wpdb;
+	$level_key = $wpdb->prefix . 'user_level';
+
+	$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'";
+
+	return $wpdb->get_col( $query );
+}
+
+function get_nonauthor_user_ids() {
+	global $wpdb;
+	$level_key = $wpdb->prefix . 'user_level';
+
+	$query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'";
+
+	return $wpdb->get_col( $query );
+}
+
+function wp_insert_category($catarr) {
+	global $wpdb;
+
+	extract($catarr);
+
+	$cat_ID = (int) $cat_ID;
+
+	// Are we updating or creating?
+	if (!empty ($cat_ID))
+		$update = true;
+	else
+		$update = false;
+
+	$cat_name = apply_filters('pre_category_name', $cat_name);
+	
+	if (empty ($category_nicename))
+		$category_nicename = sanitize_title($cat_name);
+	else
+		$category_nicename = sanitize_title($category_nicename);
+	$category_nicename = apply_filters('pre_category_nicename', $category_nicename);
+
+	if (empty ($category_description))
+		$category_description = '';
+	$category_description = apply_filters('pre_category_description', $category_description);
+
+	$category_parent = (int) $category_parent;
+	if (empty ($category_parent))
+		$category_parent = 0;
+
+	if (!$update) {
+		$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$category_parent')");
+		$cat_ID = (int) $wpdb->insert_id;
+	} else {
+		$wpdb->query ("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$category_parent' WHERE cat_ID = '$cat_ID'");
+	}
+	
+	if ( $category_nicename == '' ) {
+		$category_nicename = sanitize_title($cat_name, $cat_ID );
+		$wpdb->query( "UPDATE $wpdb->categories SET category_nicename = '$category_nicename' WHERE cat_ID = '$cat_ID'" );
+	}
+
+	wp_cache_delete($cat_ID, 'category');
+
+	if ($update) {
+		do_action('edit_category', $cat_ID);
+	} else {
+		wp_cache_delete('all_category_ids', 'category');
+		do_action('create_category', $cat_ID);
+		do_action('add_category', $cat_ID);
+	}
+
+	return $cat_ID;
+}
+
+function wp_update_category($catarr) {
+	global $wpdb;
+
+	$cat_ID = (int) $catarr['cat_ID'];
+
+	// First, get all of the original fields
+	$category = get_category($cat_ID, ARRAY_A);
+
+	// Escape data pulled from DB.
+	$category = add_magic_quotes($category);
+
+	// Merge old and new fields with new fields overwriting old ones.
+	$catarr = array_merge($category, $catarr);
+
+	return wp_insert_category($catarr);
+}
+
+function wp_delete_category($cat_ID) {
+	global $wpdb;
+
+	$cat_ID = (int) $cat_ID;
+
+	// Don't delete the default cat.
+	if ($cat_ID == get_option('default_category'))
+		return 0;
+
+	$category = get_category($cat_ID);
+
+	$parent = $category->category_parent;
+
+	// Delete the category.
+	$wpdb->query("DELETE FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
+
+	// Update children to point to new parent.
+	$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$parent' WHERE category_parent = '$cat_ID'");
+
+	// TODO: Only set categories to general if they're not in another category already
+	$default_cat = get_option('default_category');
+	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='$default_cat' WHERE category_id='$cat_ID'");
+
+	wp_cache_delete($cat_ID, 'category');
+	wp_cache_delete('all_category_ids', 'category');
+
+	do_action('delete_category', $cat_ID);
+
+	return 1;
+}
+
+function wp_create_category($cat_name) {
+	$cat_array = compact('cat_name');
+	return wp_insert_category($cat_array);
+}
+
+function wp_create_categories($categories, $post_id = '') {
+	$cat_ids = array ();
+	foreach ($categories as $category) {
+		if ($id = category_exists($category))
+			$cat_ids[] = $id;
+		else
+			if ($id = wp_create_category($category))
+				$cat_ids[] = $id;
+	}
+
+	if ($post_id)
+		wp_set_post_cats('', $post_id, $cat_ids);
+
+	return $cat_ids;
+}
+
+function category_exists($cat_name) {
+	global $wpdb;
+	if (!$category_nicename = sanitize_title($cat_name))
+		return 0;
+
+	return (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE category_nicename = '$category_nicename'");
+}
+
+function wp_delete_user($id, $reassign = 'novalue') {
+	global $wpdb;
+
+	$id = (int) $id;
+	$user = get_userdata($id);
+
+	if ($reassign == 'novalue') {
+		$post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_author = $id");
+
+		if ($post_ids) {
+			foreach ($post_ids as $post_id)
+				wp_delete_post($post_id);
+		}
+
+		// Clean links
+		$wpdb->query("DELETE FROM $wpdb->links WHERE link_owner = $id");
+	} else {
+		$reassign = (int) $reassign;
+		$wpdb->query("UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}");
+		$wpdb->query("UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}");
+	}
+
+	// FINALLY, delete user
+	$wpdb->query("DELETE FROM $wpdb->users WHERE ID = $id");
+	$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$id'");
+
+	wp_cache_delete($id, 'users');
+	wp_cache_delete($user->user_login, 'userlogins');
+
+	do_action('delete_user', $id);
+
+	return true;
+}
+
+function get_link($link_id, $output = OBJECT) {
+	global $wpdb;
+	
+	$link = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = '$link_id'");
+
+	if ( $output == OBJECT ) {
+		return $link;
+	} elseif ( $output == ARRAY_A ) {
+		return get_object_vars($link);
+	} elseif ( $output == ARRAY_N ) {
+		return array_values(get_object_vars($link));
+	} else {
+		return $link;
+	}
+}
+
+function wp_insert_link($linkdata) {
+	global $wpdb, $current_user;
+	
+	extract($linkdata);
+
+	$update = false;
+
+	if ( !empty($link_id) )
+		$update = true;
+
+	$link_id = (int) $link_id;
+
+	if( trim( $link_name ) == '' )
+		return 0;
+	$link_name = apply_filters('pre_link_name', $link_name);
+
+	if( trim( $link_url ) == '' )
+		return 0;
+	$link_url = apply_filters('pre_link_url', $link_url);
+
+	if ( empty($link_rating) )
+		$link_rating = 0;	
+	else
+		$link_rating = (int) $link_rating;
+
+	if ( empty($link_image) )
+		$link_image = '';
+	$link_image = apply_filters('pre_link_image', $link_image);
+
+	if ( empty($link_target) )
+		$link_target = '';	
+	$link_target = apply_filters('pre_link_target', $link_target);
+
+	if ( empty($link_visible) )
+		$link_visible = 'Y';
+	$link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
+
+	if ( empty($link_owner) )
+		$link_owner = $current_user->id;
+	else
+		$link_owner = (int) $link_owner;
+
+	if ( empty($link_notes) )
+		$link_notes = '';
+	$link_notes = apply_filters('pre_link_notes', $link_notes);
+
+	if ( empty($link_description) )
+		$link_description = '';
+	$link_description = apply_filters('pre_link_description', $link_description);
+
+	if ( empty($link_rss) )
+		$link_rss = '';
+	$link_rss = apply_filters('pre_link_rss', $link_rss);
+
+	if ( empty($link_rel) )
+		$link_rel = '';
+	$link_rel = apply_filters('pre_link_rel', $link_rel);
+
+	if ( $update ) {
+		$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
+			link_name='$link_name', link_image='$link_image',
+			link_target='$link_target', link_category='$link_category',
+			link_visible='$link_visible', link_description='$link_description',
+			link_rating='$link_rating', link_rel='$link_rel',
+			link_notes='$link_notes', link_rss = '$link_rss'
+			WHERE link_id='$link_id'");
+	} else {
+		$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_category', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
+		$link_id = (int) $wpdb->insert_id;
+	}
+	
+	if ( $update )
+		do_action('edit_link', $link_id);
+	else
+		do_action('add_link', $link_id);
+
+	return $link_id;
+}
+
+function wp_update_link($linkdata) {
+	global $wpdb;
+
+	$link_id = (int) $linkdata['link_id'];
+	
+	$link = get_link($link_id, ARRAY_A);
+	
+	// Escape data pulled from DB.
+	$link = add_magic_quotes($link);
+	
+	// Merge old and new fields with new fields overwriting old ones.
+	$linkdata = array_merge($link, $linkdata);
+
+	return wp_insert_link($linkdata);
+}
+
+function wp_delete_link($link_id) {
+	global $wpdb;
+
+	do_action('delete_link', $link_id);
+	return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");	
+}
+
+function post_exists($title, $content = '', $post_date = '') {
+	global $wpdb;
+
+	if (!empty ($post_date))
+		$post_date = "AND post_date = '$post_date'";
+
+	if (!empty ($title))
+		return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
+	else
+		if (!empty ($content))
+			return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
+
+	return 0;
+}
+
+function comment_exists($comment_author, $comment_date) {
+	global $wpdb;
+
+	return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments
+			WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'");
+}
+
+?>

wp-admin/admin-footer.php

@@ -1,13 +1,19 @@
 
-<div id="footer"><p><a href="http://wordpress.org/"><img src="../wp-images/wp-small.png" alt="WordPress" /></a><br />
-<?php bloginfo('version'); ?> <br /> 
+<div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
+<p>
 <a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> &#8212; <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
-<?php printf(__('%s seconds'), number_format(timer_stop(), 2)); ?>
+<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), timer_stop(0, 2)); ?>
 </p>
 
 </div>
-
 <?php do_action('admin_footer', ''); ?>
+<script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
+
+<?php
+if ( (substr(php_sapi_name(), 0, 3) == 'cgi') && spawn_pinger() ) {
+	echo '<iframe id="pingcheck" src="' . get_settings('siteurl') .'/wp-admin/execute-pings.php?time=' . time() . '" style="border:none;width:1px;height:1px;"></iframe>';
+}
+?>
 
 </body>
-</html>
+</html>

wp-admin/admin-header.php

@@ -1,93 +1,67 @@
 <?php 
 @header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
-if (!isset($_GET["page"])) require_once('admin.php'); ?>
+if (!isset($_GET["page"])) require_once('admin.php');
+if ( $editing ) {
+	$dbx_js = true;
+	if ( current_user_can('manage_categories') )
+		$cat_js = true;
+}
+if ( $list_js || $cat_js )
+	$sack_js = true;
+?>
 <?php get_admin_page_title(); ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
+<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
 <title><?php bloginfo('name') ?> &rsaquo; <?php echo $title; ?> &#8212; WordPress</title>
 <link rel="stylesheet" href="<?php echo get_settings('siteurl') ?>/wp-admin/wp-admin.css?version=<?php bloginfo('version'); ?>" type="text/css" />
-<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
-
 <script type="text/javascript">
 //<![CDATA[
-
-function customToggleLink() {
-	// TODO: Only show link if there's a hidden row
-	document.write('<small>(<a href="javascript:;" id="customtoggle" onclick="toggleHidden()"><?php _e('Show hidden'); ?></a>)</small>');
-	// TODO: Rotate link to say "show" or "hide"
-	// TODO: Use DOM
-}
-
-function toggleHidden() {
-	var allElements = document.getElementsByTagName('tr');
-	for (i = 0; i < allElements.length; i++) {
-		if ( allElements[i].className.indexOf('hidden') != -1 ) {
-			 allElements[i].className = allElements[i].className.replace('hidden', '');
-		}
-	}
-}
-
-<?php if ( isset($xfn) ) : ?>
-
-function GetElementsWithClassName(elementName, className) {
-	var allElements = document.getElementsByTagName(elementName);
-	var elemColl = new Array();
-	for (i = 0; i < allElements.length; i++) {
-		if (allElements[i].className == className) {
-			elemColl[elemColl.length] = allElements[i];
-		}
-	}
-	return elemColl;
-}
-
-function meChecked() {
-  var undefined;
-  var eMe = document.getElementById('me');
-  if (eMe == undefined) return false;
-  else return eMe.checked;
-}
-
-function upit() {
-	var isMe = meChecked(); //document.getElementById('me').checked;
-	var inputColl = GetElementsWithClassName('input', 'valinp');
-	var results = document.getElementById('rel');
-	var linkText, linkUrl, inputs = '';
-	for (i = 0; i < inputColl.length; i++) {
-		 inputColl[i].disabled = isMe;
-		 inputColl[i].parentNode.className = isMe ? 'disabled' : '';
-		 if (!isMe && inputColl[i].checked && inputColl[i].value != '') {
-			inputs += inputColl[i].value + ' ';
-				}
-		 }
-	inputs = inputs.substr(0,inputs.length - 1);
-	if (isMe) inputs='me';
-	results.value = inputs;
-	}
-
-function blurry() {
-	if (!document.getElementById) return;
-
-	var aInputs = document.getElementsByTagName('input');
-
-	for (var i = 0; i < aInputs.length; i++) {		
-		 aInputs[i].onclick = aInputs[i].onkeyup = upit;
-	}
-}
-
-window.onload = blurry;
-<?php endif; ?>
-
+function addLoadEvent(func) {if ( typeof wpOnload!='function'){wpOnload=func;}else{ var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}
 //]]>
 </script>
-
-<?php do_action('admin_head', ''); ?>
+<script type="text/javascript" src="../wp-includes/js/fat.js"></script>
+<?php if ( $xfn_js ) { ?>
+<script type="text/javascript" src="xfn.js"></script>
+<?php } ?>
+<?php if ( $sack_js ) { ?>
+<script type="text/javascript" src="../wp-includes/js/tw-sack.js"></script>
+<?php } ?>
+<?php if ( $list_js ) { ?>
+<script type="text/javascript" src="list-manipulation.js"></script>
+<?php } ?>
+<?php if ( $dbx_js ) { ?>
+<script type="text/javascript" src="../wp-includes/js/dbx.js"></script>
+<script type="text/javascript">
+//<![CDATA[
+addLoadEvent( function() {
+<?php switch ( $pagenow ) : case 'post.php' : ?>
+var manager = new dbxManager('postmeta');
+<?php break; case 'page-new.php' : ?>
+var manager = new dbxManager('pagemeta');
+<?php break; endswitch; ?>
+});
+//]]>
+</script>
+<script type="text/javascript" src="../wp-includes/js/dbx-key.js"></script>
+<?php } ?>
+<?php if ( $editing && user_can_richedit() ) { ?>
+<script type="text/javascript" src="../wp-includes/js/tinymce/tiny_mce_gzip.php?ver=20051211"></script>
+<?php } ?>
+<?php if ( $cat_js ) { ?>
+<script type="text/javascript" src="cat-js.php"></script>
+<?php } ?>
+<?php if ( ($parent_file != 'link-manager.php') && ($parent_file != 'options-general.php') ) : ?>
+<style type="text/css">* html { overflow-x: hidden; }</style>
+<?php endif; ?>
+<?php do_action('admin_head'); ?>
 </head>
 <body>
-
 <div id="wphead">
 <h1><?php echo wptexturize(get_settings(('blogname'))); ?> <span>(<a href="<?php echo get_settings('home') . '/'; ?>"><?php _e('View site') ?> &raquo;</a>)</span></h1>
 </div>
+<div id="user_info"><p><?php printf(__('Howdy, <strong>%s</strong>.'), $user_identity) ?> [<a href="<?php echo get_settings('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php _e('Sign Out'); ?></a>, <a href="profile.php"><?php _e('My Account'); ?></a>] </p></div>
 
 <?php
 require(ABSPATH . '/wp-admin/menu-header.php');

wp-admin/admin.php

@@ -3,18 +3,21 @@ if ( defined('ABSPATH') )
 	require_once( ABSPATH . 'wp-config.php');
 else
     require_once('../wp-config.php');
+
+if ( get_option('db_version') != $wp_db_version )
+	die (sprintf(__("Your database is out-of-date.  Please <a href='%s'>upgrade</a>."), get_option('siteurl') . '/wp-admin/upgrade.php'));
     
 require_once(ABSPATH . 'wp-admin/admin-functions.php');
+require_once(ABSPATH . 'wp-admin/admin-db.php');
+require_once(ABSPATH . WPINC . '/registration-functions.php');
+
 auth_redirect();
 
-header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-header('Cache-Control: no-cache, must-revalidate, max-age=0');
-header('Pragma: no-cache');
+nocache_headers();
 
 update_category_cache();
 
-get_currentuserinfo();
+wp_get_current_user();
 
 $posts_per_page = get_settings('posts_per_page');
 $what_to_show = get_settings('what_to_show');
@@ -37,11 +40,17 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
     }
 }
 
+$xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
+
+if (isset($_GET['page'])) {
+	$plugin_page = stripslashes($_GET['page']);
+	$plugin_page = plugin_basename($plugin_page);
+}
+
 require(ABSPATH . '/wp-admin/menu.php');
 
 // Handle plugin admin pages.
-if (isset($_GET['page'])) {
-	$plugin_page = plugin_basename($_GET['page']);
+if (isset($plugin_page)) {
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
 
 	if ( $page_hook ) {
@@ -65,7 +74,39 @@ if (isset($_GET['page'])) {
 	
 	include(ABSPATH . 'wp-admin/admin-footer.php');
 
+	exit();
+} else if (isset($_GET['import'])) {
+	
+	$importer = $_GET['import'];
+
+	if ( ! current_user_can('import') )
+		wp_die(__('You are not allowed to import.'));
+
+	if ( validate_file($importer) ) {
+		die(__('Invalid importer.'));
+	}
+		
+	if (! file_exists(ABSPATH . "wp-admin/import/$importer.php"))
+		die(__('Cannot load importer.'));
+	
+	include(ABSPATH . "wp-admin/import/$importer.php");
+
+	$parent_file = 'import.php';
+	$title = __('Import');
+	
+	if (! isset($_GET['noheader']))
+		require_once(ABSPATH . 'wp-admin/admin-header.php');
+
+	require_once(ABSPATH . 'wp-admin/upgrade-functions.php');
+
+	define('WP_IMPORTING', true);
+	kses_init_filters();  // Always filter imported data with kses.
+
+	call_user_func($wp_importers[$importer][2]);
+			
+	include(ABSPATH . 'wp-admin/admin-footer.php');
+
 	exit();
 }
 
-?>
+?>

wp-admin/bookmarklet.php

@@ -2,11 +2,10 @@
 $mode = 'bookmarklet';
 require_once('admin.php');
 
-if ($user_level == 0)
+if ( ! current_user_can('edit_posts') )
 	die ("Cheatin' uh?");
 
-if ('b' == $a) {
-
+if ('b' == $a):
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
@@ -19,33 +18,32 @@ window.close()
 <body></body>
 </html>
 <?php
-} else {
-	$popuptitle = wp_specialchars(stripslashes($popuptitle));
-	$text       = wp_specialchars(stripslashes(urldecode($text)));
-	
-	$popuptitle = funky_javascript_fix($popuptitle);
-	$text       = funky_javascript_fix($text);
-	
-	$post_title = wp_specialchars($_REQUEST['post_title']);
-	if (!empty($post_title)) {
-		$post_title =  stripslashes($post_title);
-	} else {
-		$post_title = $popuptitle;
-	}
-	
-	$edited_post_title = wp_specialchars($post_title);
+exit;
+endif;
 
-// $post_pingback needs to be set in any file that includes edit-form.php
-    $post_pingback = get_settings('default_pingback_flag');
-    
-    $content  = wp_specialchars($_REQUEST['content']);
-	$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$post = get_default_post_to_edit();
+
+$popuptitle = wp_specialchars(stripslashes($popuptitle));
+$text       = wp_specialchars(stripslashes(urldecode($text)));
+	
+$popuptitle = funky_javascript_fix($popuptitle);
+$text       = funky_javascript_fix($text);
+	
+$post_title = wp_specialchars($_REQUEST['post_title']);
+if (!empty($post_title))
+	$post->post_title =  stripslashes($post_title);
+else
+	$post->post_title = $popuptitle;
+	
+  
+$content  = wp_specialchars($_REQUEST['content']);
+$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
     if ( !empty($content) ) {
-        $content = wp_specialchars( stripslashes($_REQUEST['content']) );
+        $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
     } else {
-        $content = '<a href="'.$popupurl.'">'.$popuptitle.'</a>'."\n$text";
+        $post->post_content = '<a href="'.$popupurl.'">'.$popuptitle.'</a>'."\n$text";
     }
-    
+
     /* /big funky fixes */
 
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -103,6 +101,4 @@ window.close()
 <?php do_action('admin_footer', ''); ?>
 
 </body>
-</html><?php
-}
-?>
+</html>

wp-admin/cat-js.php

@@ -0,0 +1,178 @@
+<?php
+require_once('admin.php');
+header('Content-type: text/javascript; charset=' . get_settings('blog_charset'), true);
+?>
+var ajaxCat = new sack();
+var newcat;
+ 
+function newCatAddIn() {
+	if ( !document.getElementById('jaxcat') ) return false;
+	var ajaxcat = document.createElement('span');
+	ajaxcat.id = 'ajaxcat';
+
+	newcat = document.createElement('input');
+	newcat.type = 'text';
+	newcat.name = 'newcat';
+	newcat.id = 'newcat';
+	newcat.size = '16';
+	newcat.setAttribute('autocomplete', 'off');
+	newcat.onkeypress = ajaxNewCatKeyPress;
+
+	var newcatSub = document.createElement('input');
+	newcatSub.type = 'button';
+	newcatSub.name = 'Button';
+	newcatSub.id = 'catadd';
+	newcatSub.value = '<?php echo addslashes(__('Add')); ?>';
+	newcatSub.onclick = ajaxNewCat;
+
+	ajaxcat.appendChild(newcat);
+	ajaxcat.appendChild(newcatSub);
+	document.getElementById('jaxcat').appendChild(ajaxcat);
+
+	howto = document.createElement('span');
+	howto.innerHTML = '<?php echo addslashes(__('Separate multiple categories with commas.')); ?>';
+	howto.id = 'howto';
+	ajaxcat.appendChild(howto);
+}
+
+addLoadEvent(newCatAddIn);
+
+function getResponseElement() {
+	var p = document.getElementById('ajaxcatresponse');
+	if (!p) {
+		p = document.createElement('span');
+		document.getElementById('jaxcat').appendChild(p);
+		p.id = 'ajaxcatresponse';
+	}
+	return p;
+}
+
+function newCatLoading() {
+	var p = getResponseElement();
+	p.innerHTML = '<?php echo addslashes(__('Sending Data...')); ?>';
+}
+
+function newCatLoaded() {
+	var p = getResponseElement();
+	p.innerHTML = '<?php echo addslashes(__('Data Sent...')); ?>';
+}
+
+function newCatInteractive() {
+	var p = getResponseElement();
+	p.innerHTML = '<?php echo addslashes(__('Processing Request...')); ?>';
+}
+
+function newCatCompletion() {
+	var p = getResponseElement();
+	var id    = 0;
+	var ids   = new Array();
+	var names = new Array();
+	
+	ids   = myPload( ajaxCat.response );
+	names = myPload( newcat.value );
+	for ( i = 0; i < ids.length; i++ ) {
+		id = ids[i].replace(/[\n\r]+/g, "");
+		if ( id == '-1' ) {
+			p.innerHTML = "<?php echo addslashes(__("You don't have permission to do that.")); ?>";
+			return;
+		}
+		if ( id == '0' ) {
+			p.innerHTML = "<?php echo addslashes(__('That category name is invalid.  Try something else.')); ?>";
+			return;
+		}
+		
+		var exists = document.getElementById('category-' + id);
+		
+		if (exists) {
+			var moveIt = exists.parentNode;
+			var container = moveIt.parentNode;
+			container.removeChild(moveIt);
+			container.insertBefore(moveIt, container.firstChild);
+			moveIt.id = 'new-category-' + id;
+			exists.checked = 'checked';
+			var nowClass = moveIt.className;
+			moveIt.className = nowClass + ' fade';
+			Fat.fade_all();
+			moveIt.className = nowClass;
+		} else {
+			var catDiv = document.getElementById('categorychecklist');
+			var newLabel = document.createElement('label');
+			newLabel.setAttribute('for', 'category-' + id);
+			newLabel.id = 'new-category-' + id;
+			newLabel.className = 'selectit fade';
+	
+			var newCheck = document.createElement('input');
+			newCheck.type = 'checkbox';
+			newCheck.value = id;
+			newCheck.name = 'post_category[]';
+			newCheck.id = 'category-' + id;
+			newLabel.appendChild(newCheck);
+	
+			var newLabelText = document.createTextNode(' ' + names[i]);
+			newLabel.appendChild(newLabelText);
+	
+			catDiv.insertBefore(newLabel, catDiv.firstChild);
+			newCheck.checked = 'checked';
+	
+			Fat.fade_all();
+			newLabel.className = 'selectit';
+		}
+		newcat.value = '';
+	}
+	p.parentNode.removeChild(p);
+//	var id = parseInt(ajaxCat.response, 10);
+}
+
+function ajaxNewCatKeyPress(e) {
+	if (!e) {
+		if (window.event) {
+			e = window.event;
+		} else {
+			return;
+		}
+	}
+	if (e.keyCode == 13) {
+		ajaxNewCat();
+		e.returnValue = false;
+		e.cancelBubble = true;
+		return false;
+	}
+}
+
+function ajaxNewCat() {
+	var newcat = document.getElementById('newcat');
+	var split_cats = new Array(1);
+	var catString = '';
+
+	catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie);
+	ajaxCat.requestFile = 'edit-form-ajax-cat.php';
+	ajaxCat.method = 'POST';
+	ajaxCat.onLoading = newCatLoading;
+	ajaxCat.onLoaded = newCatLoaded;
+	ajaxCat.onInteractive = newCatInteractive;
+	ajaxCat.onCompletion = newCatCompletion;
+	ajaxCat.runAJAX(catString);
+}
+
+function myPload( str ) {
+	var fixedExplode = new Array();
+	var comma = new String(',');
+	var count = 0;
+	var currentElement = '';
+
+	for( x=0; x < str.length; x++) {
+		andy = str.charAt(x);
+		if ( comma.indexOf(andy) != -1 ) {
+			currentElement = currentElement.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // trim
+			fixedExplode[count] = currentElement;
+			currentElement = "";
+			count++;
+		} else {
+			currentElement += andy;
+		}
+	}
+
+	if ( currentElement != "" )
+		fixedExplode[count] = currentElement;
+	return fixedExplode;
+}

wp-admin/categories.php

@@ -3,6 +3,7 @@ require_once('admin.php');
 
 $title = __('Categories');
 $parent_file = 'edit.php';
+$list_js = true;
 
 $wpvarstoreset = array('action','cat');
 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@@ -23,79 +24,69 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 switch($action) {
 
 case 'addcat':
-	if ($user_level < 3)
+
+	check_admin_referer('add-category');
+
+	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
-	$cat_name= wp_specialchars($_POST['cat_name']);
-	$id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->categories'");
-	$cat_ID = $id_result->Auto_increment;
-	$category_nicename = sanitize_title($cat_name, $cat_ID);
-	$category_description = $_POST['category_description'];
-	$cat = intval($_POST['cat']);
-	
-	$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES ('0', '$cat_name', '$category_nicename', '$category_description', '$cat')");
-	do_action('add_category', $wpdb->insert_id);
-	
-	header('Location: categories.php?message=1#addcat');
+	wp_insert_category($_POST);
+
+	wp_redirect('categories.php?message=1#addcat');
+	exit;
 break;
 
 case 'delete':
-
-	check_admin_referer();
-
 	$cat_ID = (int) $_GET['cat_ID'];
-	$cat_name = get_catname($cat_ID);
-	$category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
-	$cat_parent = $category->category_parent;
+	check_admin_referer('delete-category_' .  $cat_ID);
 
-	if ( 1 == $cat_ID )
-		die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name));
-
-	if ( $user_level < 3 )
+	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 
-	$wpdb->query("DELETE FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
-	$wpdb->query("UPDATE $wpdb->categories SET category_parent = '$cat_parent' WHERE category_parent = '$cat_ID'");
-	// TODO: Only set categories to general if they're not in another category already
-	$wpdb->query("UPDATE $wpdb->post2cat SET category_id='1' WHERE category_id='$cat_ID'");
-	do_action('delete_category', $cat_ID);
+	$cat_name = get_catname($cat_ID);
 
-	header('Location: categories.php?message=2');
+	// Don't delete the default cats.
+	if ( $cat_ID == get_option('default_category') )
+		die(sprintf(__("Can't delete the <strong>%s</strong> category: this is the default one"), $cat_name));
 
+	wp_delete_category($cat_ID);
+
+	wp_redirect('categories.php?message=2');
+	exit;
 break;
 
 case 'edit':
 
     require_once ('admin-header.php');
     $cat_ID = (int) $_GET['cat_ID'];
-    $category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
-    $cat_name = $category->cat_name;
+    $category = get_category_to_edit($cat_ID);
     ?>
 
 <div class="wrap">
  <h2><?php _e('Edit Category') ?></h2>
  <form name="editcat" action="categories.php" method="post">
+	  <?php wp_nonce_field('update-category_' .  $category->cat_ID); ?>
 	  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 		  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
-		  <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
-<input type="hidden" name="cat_ID" value="<?php echo $cat_ID ?>" /></td>
+		  <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+<input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category slug:') ?></th>
-			<td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+			<td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category parent:') ?></th>
 			<td>        
-			<select name='cat'>
+			<select name='category_parent'>
 	  <option value='0' <?php if (!$category->category_parent) echo " selected='selected'"; ?>><?php _e('None') ?></option>
 	  <?php wp_dropdown_cats($category->cat_ID, $category->category_parent); ?>
 	  </select></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Description:') ?></th>
-			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
 		</tr>
 		</table>
 	  <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
@@ -107,17 +98,16 @@ case 'edit':
 break;
 
 case 'editedcat':
-	if ($user_level < 3)
+	$cat_ID = (int) $_POST['cat_ID'];
+	check_admin_referer('update-category_' . $cat_ID);
+
+	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin&#8217; uh?'));
 	
-	$cat_name = wp_specialchars($_POST['cat_name']);
-	$cat_ID = (int) $_POST['cat_ID'];
-	$category_nicename = sanitize_title($_POST['category_nicename'], $cat_ID);
-	$category_description = $_POST['category_description'];
-	
-	$wpdb->query("UPDATE $wpdb->categories SET cat_name = '$cat_name', category_nicename = '$category_nicename', category_description = '$category_description', category_parent = '$cat' WHERE cat_ID = '$cat_ID'");
+	wp_update_category($_POST);
 
-	header('Location: categories.php?message=3');
+	wp_redirect('categories.php?message=3');
+	exit;
 break;
 
 default:
@@ -130,16 +120,16 @@ $messages[3] = __('Category updated.');
 ?>
 
 <?php if (isset($_GET['message'])) : ?>
-<div class="updated"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
 <?php endif; ?>
 
 <div class="wrap">
-<?php if ( $user_level > 3 ) : ?>
+<?php if ( current_user_can('manage_categories') ) : ?>
 	<h2><?php printf(__('Categories (<a href="%s">add new</a>)'), '#addcat') ?> </h2>
 <?php else : ?>
 	<h2><?php _e('Categories') ?> </h2>
 <?php endif; ?>
-<table width="100%" cellpadding="3" cellspacing="3">
+<table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
 	<tr>
 		<th scope="col"><?php _e('ID') ?></th>
         <th scope="col"><?php _e('Name') ?></th>
@@ -152,22 +142,23 @@ cat_rows();
 ?>
 </table>
 
+<div id="ajax-response"></div>
+
 </div>
 
-<?php if ( $user_level > 3 ) : ?>
+<?php if ( current_user_can('manage_categories') ) : ?>
 <div class="wrap">
-    <p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete posts from that category, it will just set them back to the default category <strong>%s</strong>.'), get_catname(1)) ?>
-  </p>
+<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete posts from that category, it will just set them back to the default category <strong>%s</strong>.'), get_catname(get_option('default_category'))) ?></p>
 </div>
 
 <div class="wrap">
     <h2><?php _e('Add New Category') ?></h2>
     <form name="addcat" id="addcat" action="categories.php" method="post">
-        
+    <?php wp_nonce_field('add-category'); ?>
         <p><?php _e('Name:') ?><br />
         <input type="text" name="cat_name" value="" /></p>
         <p><?php _e('Category parent:') ?><br />
-        <select name='cat' class='postform'>
+        <select name='category_parent' class='postform'>
         <option value='0'><?php _e('None') ?></option>
         <?php wp_dropdown_cats(0); ?>
         </select></p>

wp-admin/edit-comments.php

@@ -3,10 +3,11 @@ require_once('admin.php');
 
 $title = __('Edit Comments');
 $parent_file = 'edit.php';
+$list_js = true;
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
@@ -29,7 +30,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
   <fieldset> 
   <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
   <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
@@ -38,13 +39,15 @@ function checkAll(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer('bulk-comments');
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
-		$post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
+		$post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
 		$authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
-		if ( user_can_delete_post_comments($user_ID, $post_id) ) :
-			$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID = $comment");
+		if ( current_user_can('edit_post', $post_id) ) :
+			wp_set_comment_status($comment, "delete");
 			++$i;
 		endif;
 	endforeach;
@@ -76,7 +79,7 @@ if ('view' == $mode) {
 		else
 			$start = '';
 
-		echo "<ol class='commentlist' $start>";
+		echo "<ol id='the-list' class='commentlist' $start>";
 		$i = 0;
 		foreach ($comments as $comment) {
 		++$i; $class = '';
@@ -86,24 +89,22 @@ if ('view' == $mode) {
 				$class .= ' unapproved';
 			if ($i % 2)
 				$class .= ' alternate';
-			echo "<li class='$class'>";
+			echo "<li id='comment-$comment->comment_ID' class='$class'>";
 ?>		
-        <p><strong><?php _e('Name:') ?></strong> <?php comment_author() ?> <?php if ($comment->comment_author_email) { ?>| <strong><?php _e('E-mail:') ?></strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url) { ?> | <strong><?php _e('URI:') ?></strong> <?php comment_author_url_link() ?> <?php } ?>| <strong><?php _e('IP:') ?></strong> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
+        <p><strong><?php _e('Name:') ?></strong> <?php comment_author() ?> <?php if ($comment->comment_author_email) { ?>| <strong><?php _e('E-mail:') ?></strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url ) { ?> | <strong><?php _e('URI:') ?></strong> <?php comment_author_url_link() ?> <?php } ?>| <strong><?php _e('IP:') ?></strong> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
 		
 		<?php comment_text() ?>
 
         <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');  
-			if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID) ) {
+			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
-			}
-			if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) {
-				echo " | <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\">" . __('Delete Comment') . "</a> &#8212; ";
+				echo ' | <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
 			} // end if any comments to show
 			// Get post title
-			if ( user_can_edit_post($user_ID, $comment->comment_post_ID) ) {
+			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 				$post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID");
 				$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
-				?> <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
+				?> | <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
 				<?php } ?>
 			 | <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a></p>
 		</li>
@@ -111,6 +112,8 @@ if ('view' == $mode) {
 <?php } // end foreach ?>
 </ol>
 
+<div id="ajax-response"></div>
+
 <?php
 	} else {
 
@@ -123,8 +126,9 @@ if ('view' == $mode) {
 } elseif ('edit' == $mode) {
 
 	if ($comments) {
-		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 
-		<table width="100%" cellpadding="3" cellspacing="3">
+		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
+		wp_nonce_field('bulk-comments');
+		echo '<table width="100%" cellpadding="3" cellspacing="3">
   <tr>
     <th scope="col">*</th>
     <th scope="col">' .  __('Name') . '</th>
@@ -138,22 +142,22 @@ if ('view' == $mode) {
 		$class = ('alternate' == $class) ? '' : 'alternate';
 ?>
   <tr class='<?php echo $class; ?>'>
-    <td><?php if (user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
+    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
     <td><?php comment_author_link() ?></td>
     <td><?php comment_author_email_link() ?></td>
     <td><a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></td>
     <td><?php comment_excerpt(); ?></td>
     <td><a href="<?php echo get_permalink($comment->comment_post_ID); ?>#comment-<?php comment_ID() ?>" class="edit"><?php _e('View') ?></a></td>
-    <td><?php if ( user_can_edit_post_comments($user_ID, $comment->comment_post_ID) ) {
+    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
 	echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
-    <td><?php if ( user_can_delete_post_comments($user_ID, $comment->comment_post_ID) ) {
-            echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
+    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
+            echo "<a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return confirm('" . __("You are about to delete this comment.\\n  \'Cancel\' to stop, \'OK\' to delete.") . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
   </tr>
 		<?php 
 		} // end foreach
 	?></table>
     <p><a href="javascript:;" onclick="checkAll(document.getElementById('deletecomments')); return false; "><?php _e('Invert Checkbox Selection') ?></a></p>
-            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
+            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently.\\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
   </form>
 <?php
 	} else {
@@ -168,4 +172,4 @@ if ('view' == $mode) {
 
 </div>
 
-<?php include('admin-footer.php'); ?>
+<?php include('admin-footer.php'); ?>

wp-admin/edit-form-advanced.php

@@ -1,190 +1,273 @@
 <?php
+if ( isset($_GET['message']) )
+	$_GET['message'] = (int) $_GET['message'];
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 $messages[3] = __('Custom field deleted.');
 ?>
 <?php if (isset($_GET['message'])) : ?>
-<div class="updated"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
 <?php endif; ?>
 
 <form name="post" action="post.php" method="post" id="post">
+<?php if ( (isset($mode) && 'bookmarklet' == $mode) || 
+            isset($_GET['popupurl']) ): ?>
+<input type="hidden" name="mode" value="bookmarklet" />
+<?php endif; ?>
 
 <div class="wrap">
-<h2><?php _e('Write Post'); ?></h2>
+<h2 id="write-post"><?php _e('Write Post'); ?><?php if ( 0 != $post_ID ) : ?>
+ <small class="quickjump"><a href="#preview-post"><?php _e('preview &darr;'); ?></a></small><?php endif; ?></h2>
 <?php
 
 if (0 == $post_ID) {
 	$form_action = 'post';
+	$temp_ID = -1 * time();
+	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+	wp_nonce_field('add-post');
 } else {
+	$post_ID = (int) $post_ID;
 	$form_action = 'editpost';
 	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	wp_nonce_field('update-post_' .  $post_ID);
 }
 
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />'; 
 
-$form_prevstatus = '<input type="hidden" name="prev_status" value="'.$post_status.'" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />'; 
 
-$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $to_ping) .'" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 
-if ('' != $pinged) {
-	$pings .= '<p>'. __('Already pinged:') . '</p><ul>';
-	$already_pinged = explode("\n", trim($pinged));
+if ('' != $post->pinged) {
+	$pings = '<p>'. __('Already pinged:') . '</p><ul>';
+	$already_pinged = explode("\n", trim($post->pinged));
 	foreach ($already_pinged as $pinged_url) {
-		$pings .= "\n\t<li>$pinged_url</li>";
+		$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
 	}
 	$pings .= '</ul>';
 }
 
-$saveasdraft = '<input name="save" type="submit" id="save" tabindex="6" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape(__('Save and Continue Editing')) . '" />';
 
-if (empty($post_status)) $post_status = 'draft';
+if (empty($post->post_status)) $post->post_status = 'draft';
 
 ?>
 
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo $post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape($post->post_author) ?>" />
 
 <?php echo $form_extra ?>
 <?php if (isset($_GET['message']) && 2 > $_GET['message']) : ?>
 <script type="text/javascript">
-<!--
 function focusit() {
 	// focus on first input field
 	document.post.title.focus();
 }
-window.onload = focusit;
-//-->
+addLoadEvent(focusit);
 </script>
 <?php endif; ?>
 <div id="poststuff">
-    <fieldset id="titlediv">
-      <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
-	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $edited_post_title; ?>" id="title" /></div>
-    </fieldset>
 
-    <fieldset id="categorydiv">
-      <legend><a href="http://wordpress.org/docs/reference/post/#category" title="<?php _e('Help on categories') ?>"><?php _e('Categories') ?></a></legend> 
-	  <div><?php dropdown_categories(get_settings('default_category')); ?></div>
-    </fieldset>
+<div id="moremeta">
+<div id="grabit" class="dbx-group">
 
-    <fieldset id="commentstatusdiv">
-      <legend><a href="http://wordpress.org/docs/reference/post/#comments" title="<?php _e('Help on comment status') ?>"><?php _e('Discussion') ?></a></legend> 
-	  <div>
-	  <input name="advanced_view" type="hidden" value="1" />
-	  <label for="comment_status" class="selectit">
-	      <input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($comment_status, 'open'); ?> />
-         <?php _e('Allow Comments') ?></label> 
-		 <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
+<fieldset id="commentstatusdiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Discussion') ?></h3>
+<div class="dbx-content">
+<input name="advanced_view" type="hidden" value="1" />
+<label for="comment_status" class="selectit">
+<input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> />
+<?php _e('Allow Comments') ?></label> 
+<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
 </div>
 </fieldset>
-    <fieldset id="postpassworddiv">
-      <legend><a href="http://wordpress.org/docs/reference/post/#post_password" title="<?php _e('Help on post password') ?>"><?php _e('Post Password') ?></a></legend> 
-	  <div><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post_password ?>" /></div>
-    </fieldset>
 
-<br />
-<fieldset id="postexcerpt">
-<legend><a href="http://wordpress.org/docs/reference/post/#excerpt" title="<?php _e('Help with excerpts') ?>"><?php _e('Excerpt') ?></a></legend>
-<div><textarea rows="1" cols="40" name="excerpt" tabindex="4" id="excerpt"><?php echo $excerpt ?></textarea></div>
+<fieldset id="passworddiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password) ?>" /></div>
 </fieldset>
-<fieldset id="postdiv">
-       <legend><a href="http://wordpress.org/docs/reference/post/#post" title="<?php _e('Help with post field') ?>"><?php _e('Post') ?></a></legend>
-<?php the_quicktags(); ?>
+
+<fieldset id="slugdiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name) ?>" /></div>
+</fieldset>
+
+<fieldset id="categorydiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Categories') ?></h3>
+<div class="dbx-content">
+<p id="jaxcat"></p>
+<div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
+</fieldset>
+
+<fieldset id="poststatusdiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
+<div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
+<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
+<?php endif; ?>
+	  <label for="post_status_draft" class="selectit"><input id="post_status_draft" name="post_status" type="radio" value="draft" <?php checked($post->post_status, 'draft'); ?> /> <?php _e('Draft') ?></label>
+	  <label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="radio" value="private" <?php checked($post->post_status, 'private'); ?> /> <?php _e('Private') ?></label></div>
+</fieldset>
+
+<?php if ( current_user_can('edit_posts') ) : ?>
+<fieldset id="posttimestampdiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
+<div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
+</fieldset>
+<?php endif; ?>
+
+<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
+<fieldset id="authordiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
+<div class="dbx-content">
+<select name="post_author_override" id="post_author_override">
+<?php 
+foreach ($authors as $o) :
+$o = get_userdata( $o->ID );
+if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
+else $selected = '';
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars($o->display_name) . "</option>";
+endforeach;
+?>
+</select>
+</div>
+</fieldset>
+<?php endif; ?>
+
+<?php do_action('dbx_post_sidebar'); ?>
+
+</div>
+</div>
+
+<fieldset id="titlediv">
+  <legend><?php _e('Title') ?></legend> 
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
+</fieldset>
+
+<fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
+<legend><?php _e('Post') ?></legend>
+
 <?php
  $rows = get_settings('default_post_edit_rows');
  if (($rows < 3) || ($rows > 100)) {
-     $rows = 10;
+     $rows = 12;
  }
 ?>
-<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="5" id="content"><?php echo $content ?></textarea></div>
+<?php the_quicktags(); ?>
+
+<div><textarea <?php if ( user_can_richedit() ) echo 'title="true" '; ?>rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="2" id="content"><?php echo user_can_richedit() ? wp_richedit_pre($post->post_content) : $post->post_content; ?></textarea></div>
 </fieldset>
-<?php
-?>
+
 <script type="text/javascript">
-<!--
+// <![CDATA[
 edCanvas = document.getElementById('content');
-//-->
+<?php if ( user_can_richedit() ) : ?>
+// This code is meant to allow tabbing from Title to Post (TinyMCE).
+if ( tinyMCE.isMSIE )
+	document.getElementById('title').onkeydown = function (e)
+		{
+			e = e ? e : window.event;
+			if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
+				var i = tinyMCE.selectedInstance;
+				if(typeof i ==  'undefined')
+					return true;
+                                tinyMCE.execCommand("mceStartTyping");
+				this.blur();
+				i.contentWindow.focus();
+				e.returnValue = false;
+				return false;
+			}
+		}
+else
+	document.getElementById('title').onkeypress = function (e)
+		{
+			e = e ? e : window.event;
+			if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
+				var i = tinyMCE.selectedInstance;
+				if(typeof i ==  'undefined')
+					return true;
+                                tinyMCE.execCommand("mceStartTyping");
+				this.blur();
+				i.contentWindow.focus();
+				e.returnValue = false;
+				return false;
+			}
+		}
+<?php endif; ?>
+// ]]>
 </script>
 
 <?php echo $form_pingback ?>
 <?php echo $form_prevstatus ?>
 
 
-<p class="submit"><?php echo $saveasdraft; ?> <input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="6" /> 
+<p class="submit"><?php echo $saveasdraft; ?> <input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" /> 
 <?php 
-if ('publish' != $post_status || 0 == $post_ID) {
+if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
-<?php if ( user_can_create_post($user_ID) ) : ?>
-	<input name="publish" type="submit" id="publish" tabindex="10" value="<?php _e('Publish') ?>" /> 
+<?php if ( current_user_can('publish_posts') ) : ?>
+	<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" /> 
 <?php endif; ?>
 <?php
 }
 ?>
-	<input name="referredby" type="hidden" id="referredby" value="<?php echo wp_specialchars($_SERVER['HTTP_REFERER']); ?>" />
-</p>
+<input name="referredby" type="hidden" id="referredby" value="<?php 
+if ( !empty($_REQUEST['popupurl']) )
+	echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
+	echo 'redo';
+else
+	echo attribute_escape(stripslashes(wp_get_referer()));
+?>" /></p>
 
-<?php do_action('edit_form_advanced', ''); ?>
+<?php do_action('edit_form_advanced'); ?>
+
+<?php
+if (current_user_can('upload_files')) {
+	$uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
+	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
+	if ( false != $uploading_iframe_src )
+		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+}
+?>
+
+<div id="advancedstuff" class="dbx-group" >
+
+<div class="dbx-b-ox-wrapper">
+<fieldset id="postexcerpt" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
+<h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
+</div>
+<div class="dbx-c-ontent-wrapper">
+<div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
+</div>
+</fieldset>
 </div>
 
+<div class="dbx-b-ox-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
+<h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
+</div>
+<div class="dbx-c-ontent-wrapper">
+<div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
+<?php 
+if ( ! empty($pings) )
+	echo $pings;
+?>
+</div>
+</div>
+</fieldset>
 </div>
 
-<div class="wrap">
-<h2><?php _e('Advanced'); ?></h2>
-
-<table width="100%" cellspacing="2" cellpadding="5" class="editform">
-	<tr>
-		<th scope="row" valign="top"><?php _e('Post Status') ?>:</th>
-		<td><?php if ( user_can_create_post($user_ID) ) : ?>
-<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post_status, 'publish'); ?> /> <?php _e('Published') ?></label><br />
-<?php endif; ?>
-	  <label for="post_status_draft" class="selectit"><input id="post_status_draft" name="post_status" type="radio" value="draft" <?php checked($post_status, 'draft'); ?> /> <?php _e('Draft') ?></label><br />
-	  <label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="radio" value="private" <?php checked($post_status, 'private'); ?> /> <?php _e('Private') ?></label></td>
-	</tr>
-	<tr>
-		<th scope="row" valign="top"><?php _e('Send trackbacks to'); ?>:</th>
-		<td><?php echo $form_trackback; ?> <br />
-		<?php _e('Separate multiple URIs with spaces'); ?></td>
-	</tr>
-	<tr valign="top">
-		<th scope="row" width="25%"><?php _e('Post slug') ?>:</th>
-		<td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post_name ?>" /></td>
-	</tr>
-<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login, user_firstname, user_lastname FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?>
-	<tr>
-		<th scope="row"><?php _e('Post author'); ?>:</th>
-		<td>
-		<select name="post_author_override" id="post_author_override">
-		<?php 
-		foreach ($users as $o) :
-			if ( $post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
-			else $selected = '';
-			echo "<option value='$o->ID' $selected>$o->user_login ($o->user_firstname $o->user_lastname)</option>";
-		endforeach;
-		?>
-		</select>
-		</td>
-	</tr>
-<?php endif; ?>
-<?php if ($user_level > 4) : ?>
-	<tr>
-		<th scope="row"><?php _e('Edit time'); ?>:</th>
-		<td><?php touch_time(($action == 'edit')); ?></td>
-	</tr>
-<?php endif; ?>
-<?php if ('edit' == $action) : ?>
-	<tr>
-		<th scope="row"><?php _e('Delete'); ?>:</th>
-		<td>
-		<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($edited_post_title) ) . "')\""; ?> />
-</td>
-<?php endif; ?>
-	</tr>
-</table>
-
-<fieldset id="postcustom">
-<legend><?php _e('Custom Fields') ?></legend>
-<div id="postcustomstuff">
+<div class="dbx-b-ox-wrapper">
+<fieldset id="postcustom" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
+<h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+</div>
+<div class="dbx-c-ontent-wrapper">
+<div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
 ?>
@@ -196,11 +279,20 @@ if($metadata = has_meta($post_ID)) {
 	meta_form();
 ?>
 </div>
+</div>
 </fieldset>
-<?php 
-if ('' != $pinged)
-	echo $pings;
-?>
 </div>
 
-</form>
+<?php do_action('dbx_post_advanced'); ?>
+
+</div>
+
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
+<?php endif; ?>
+
+</div>
+
+</div>
+
+</form>

wp-admin/edit-form-ajax-cat.php

@@ -0,0 +1,37 @@
+<?php
+require_once('../wp-config.php');
+require_once('admin-functions.php');
+require_once('admin-db.php');
+
+if ( !current_user_can('manage_categories') )
+	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
+
+function get_out_now() { exit; }
+
+add_action('shutdown', 'get_out_now', -1);
+
+$names = explode(',', rawurldecode($_POST['ajaxnewcat']) );
+$ids   = array();
+
+foreach ($names as $cat_name) {
+	$cat_name = trim( $cat_name );
+	
+	if ( !$category_nicename = sanitize_title($cat_name) )
+		continue;
+	if ( $already = category_exists($cat_name) ) {
+		$ids[] = (string) $already;
+		continue;
+	}
+	
+	$new_cat_id = wp_create_category($cat_name);
+	
+	$ids[] = (string) $new_cat_id;
+}
+
+$return = join(',', $ids);
+
+die( (string) $return );
+
+?>

wp-admin/edit-form-comment.php

@@ -1,61 +1,95 @@
 <?php
 $submitbutton_text = __('Edit Comment &raquo;');
-$toprow_title = sprintf(__('Editing Comment # %s'), $commentdata['comment_ID']);
+$toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
-$form_extra = "' />\n<input type='hidden' name='comment_ID' value='$comment' />\n<input type='hidden' name='comment_post_ID' value='".$commentdata["comment_post_ID"];
+$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
 ?>
 
 <form name="post" action="post.php" method="post" id="post">
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 
 <script type="text/javascript">
-function focusit() {
-	// focus on first input field
+function focusit() { // focus on first input field
 	document.post.name.focus();
 }
-window.onload = focusit;
+addLoadEvent(focusit);
 </script>
 <fieldset id="namediv">
     <legend><?php _e('Name:') ?></legend>
 	<div>
-	  <input type="text" name="newcomment_author" size="22" value="<?php echo format_to_edit($commentdata['comment_author']) ?>" tabindex="1" id="name" />
+	  <input type="text" name="newcomment_author" size="22" value="<?php echo attribute_escape($comment->comment_author); ?>" tabindex="1" id="name" />
     </div>
 </fieldset>
 <fieldset id="emaildiv">
         <legend><?php _e('E-mail:') ?></legend>
 		<div>
-		  <input type="text" name="newcomment_author_email" size="30" value="<?php echo format_to_edit($commentdata['comment_author_email']) ?>" tabindex="2" id="email" />
+		  <input type="text" name="newcomment_author_email" size="30" value="<?php echo attribute_escape($comment->comment_author_email); ?>" tabindex="2" id="email" />
     </div>
 </fieldset>
 <fieldset id="uridiv">
         <legend><?php _e('URI:') ?></legend>
 		<div>
-		  <input type="text" name="newcomment_author_url" size="35" value="<?php echo format_to_edit($commentdata['comment_author_url']) ?>" tabindex="3" id="URL" />
+		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape($comment->comment_author_url); ?>" tabindex="3" id="URL" />
     </div>
 </fieldset>
 
 <fieldset style="clear: both;">
         <legend><?php _e('Comment') ?></legend>
 <?php the_quicktags(); ?>
+
 <?php
  $rows = get_settings('default_post_edit_rows');
  if (($rows < 3) || ($rows > 100)) {
      $rows = 10;
  }
 ?>
-<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content" style="width: 99%"><?php echo $content ?></textarea></div>
+<div><textarea title="true" rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content" style="width: 99%"><?php echo user_can_richedit() ? wp_richedit_pre($comment->comment_content) : $comment->comment_content; ?></textarea></div>
 </fieldset>
 
 <script type="text/javascript">
 <!--
 edCanvas = document.getElementById('content');
+<?php if ( user_can_richedit() ) : ?>
+// This code is meant to allow tabbing from Author URL to Post (TinyMCE).
+if ( tinyMCE.isMSIE )
+	document.getElementById('newcomment_author_url').onkeydown = function (e)
+		{
+			e = e ? e : window.event;
+			if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
+				var i = tinyMCE.selectedInstance;
+				if(typeof i ==  'undefined')
+					return true;
+                                tinyMCE.execCommand("mceStartTyping");
+				this.blur();
+				i.contentWindow.focus();
+				e.returnValue = false;
+				return false;
+			}
+		}
+else
+	document.getElementById('newcomment_author_url').onkeypress = function (e)
+		{
+			e = e ? e : window.event;
+			if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
+				var i = tinyMCE.selectedInstance;
+				if(typeof i ==  'undefined')
+					return true;
+                                tinyMCE.execCommand("mceStartTyping");
+				this.blur();
+				i.contentWindow.focus();
+				e.returnValue = false;
+				return false;
+			}
+		}
+<?php endif; ?>
 //-->
 </script>
 
 <p class="submit"><input type="submit" name="editcomment" id="editcomment" value="<?php echo $submitbutton_text ?>" style="font-weight: bold;" tabindex="6" />
-  <input name="referredby" type="hidden" id="referredby" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php echo wp_get_referer(); ?>" />
 </p>
 
 </div>
@@ -66,12 +100,12 @@ edCanvas = document.getElementById('content');
 <table width="100%" cellspacing="2" cellpadding="5" class="editform">
 	<tr>
 		<th scope="row" valign="top"><?php _e('Comment Status') ?>:</th>
-		<td><label for="comment_status_approved" class="selectit"><input id="comment_status_approved" name="comment_status" type="radio" value="1" <?php checked($comment_status, '1'); ?> /> <?php _e('Approved') ?></label><br />
-	  <label for="comment_status_moderated" class="selectit"><input id="comment_status_moderated" name="comment_status" type="radio" value="0" <?php checked($comment_status, '0'); ?> /> <?php _e('Moderated') ?></label><br />
-	  <label for="comment_status_spam" class="selectit"><input id="comment_status_spam" name="comment_status" type="radio" value="spam" <?php checked($comment_status, 'spam'); ?> /> <?php _e('Spam') ?></label></td>
+		<td><label for="comment_status_approved" class="selectit"><input id="comment_status_approved" name="comment_status" type="radio" value="1" <?php checked($comment->comment_approved, '1'); ?> /> <?php _e('Approved') ?></label><br />
+	  <label for="comment_status_moderated" class="selectit"><input id="comment_status_moderated" name="comment_status" type="radio" value="0" <?php checked($comment->comment_approved, '0'); ?> /> <?php _e('Moderated') ?></label><br />
+	  <label for="comment_status_spam" class="selectit"><input id="comment_status_spam" name="comment_status" type="radio" value="spam" <?php checked($comment->comment_approved, 'spam'); ?> /> <?php _e('Spam') ?></label></td>
 	</tr>
 
-<?php if ($user_level > 4) : ?>
+<?php if ( current_user_can('edit_posts') ) : ?>
 	<tr>
 		<th scope="row"><?php _e('Edit time'); ?>:</th>
 		<td><?php touch_time(('editcomment' == $action), 0); ?></td>
@@ -80,7 +114,7 @@ edCanvas = document.getElementById('content');
 
 	<tr>
 		<th scope="row"><?php _e('Delete'); ?>:</th>
-		<td><p><a class="delete" href="post.php?action=confirmdeletecomment&amp;noredir=true&amp;comment=<?php echo $commentdata['comment_ID']; ?>&amp;p=<?php echo $commentdata['comment_post_ID']; ?>"><?php _e('Delete comment') ?></a></p></td>
+		<td><p><a class="delete" href="post.php?action=confirmdeletecomment&amp;noredir=true&amp;comment=<?php echo $comment->comment_ID; ?>&amp;p=<?php echo $comment->comment_post_ID; ?>"><?php _e('Delete comment') ?></a></p></td>
 	</tr>
 </table>
 

wp-admin/edit-form.php

@@ -6,28 +6,27 @@
 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='post' />
 
 <script type="text/javascript">
 <!--
-function focusit() {
-	// focus on first input field
+function focusit() { // focus on first input field
 	document.getElementById('title').focus();
 }
-window.onload = focusit;
+addLoadEvent(focusit);
 //-->
 </script>
 
 <div id="poststuff">
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
-	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $edited_post_title; ?>" id="title" /></div>
+	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
     </fieldset>
 
     <fieldset id="categorydiv">
       <legend><a href="http://wordpress.org/docs/reference/post/#category" title="<?php _e('Help on categories') ?>"><?php _e('Categories') ?></a></legend> 
-	  <div><?php dropdown_categories($default_post_cat); ?></div>
+	  <div><?php dropdown_categories($post->post_category); ?></div>
     </fieldset>
 
 <br />
@@ -40,7 +39,7 @@ window.onload = focusit;
      $rows = 10;
  }
 ?>
-<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $content ?></textarea></div>
+<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $post->post_content ?></textarea></div>
 </fieldset>
 
 
@@ -50,7 +49,7 @@ edCanvas = document.getElementById('content');
 //-->
 </script>
 
-<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
 
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Identifier">URI</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Identifier">URI</abbr>s with spaces.)<br />'), 'http://wordpress.org/docs/reference/post/#trackback') ?>
 	<input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
@@ -58,14 +57,14 @@ edCanvas = document.getElementById('content');
 <p class="submit"><input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" value="<?php _e('Save as Draft') ?>" /> 
   <input name="saveasprivate" type="submit" id="saveasprivate" tabindex="10" value="<?php _e('Save as Private') ?>" />
 
-	 <?php if ( user_can_create_post($user_ID) ) : ?>
+	 <?php if ( current_user_can('edit_posts') ) : ?>
   <input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="<?php _e('Publish') ?>" /> 
 <?php endif; ?>
 
 <?php if ('bookmarklet' != $mode) {
       echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
   } ?>
-  <input name="referredby" type="hidden" id="referredby" value="<?php if (isset($_SERVER['HTTP_REFERER'])) echo urlencode($_SERVER['HTTP_REFERER']); ?>" />
+  <input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>

wp-admin/edit-link-form.php

@@ -0,0 +1,239 @@
+<?php
+if ( ! empty($link_id) ) {
+	$editing = true;
+	$heading = __('Edit a link:');
+	$submit_text = __('Save Changes &raquo;');
+	$form = '<form action="" method="post" name="editlink" id="editlink">'; 
+	$nonce_action = 'update-bookmark_' . $link_id;
+} else {
+	$editing = false;
+	$heading = __('<strong>Add</strong> a link:');
+	$submit_text = __('Add Link &raquo;');
+	$form = '<form name="addlink" method="post" action="link-manager.php">';
+	$nonce_action = 'add-bookmark';
+}
+
+function xfn_check($class, $value = '', $type = 'check') {
+	global $link;
+
+	$link_rel = $link->link_rel;
+	$rels = preg_split('/\s+/', $link_rel);
+
+	if ('' != $value && in_array($value, $rels) ) {
+		echo ' checked="checked"';
+	}
+
+	if ('' == $value) {
+		if ('family' == $class && !strstr($link_rel, 'child') && !strstr($link_rel, 'parent') && !strstr($link_rel, 'sibling') && !strstr($link_rel, 'spouse') && !strstr($link_rel, 'kin')) echo ' checked="checked"';
+		if ('friendship' == $class && !strstr($link_rel, 'friend') && !strstr($link_rel, 'acquaintance') && !strstr($link_rel, 'contact') ) echo ' checked="checked"';
+		if ('geographical' == $class && !strstr($link_rel, 'co-resident') && !strstr($link_rel, 'neighbor') ) echo ' checked="checked"';
+		if ('identity' == $class && in_array('me', $rels) ) echo ' checked="checked"';
+	}
+}
+
+?>
+
+<div class="wrap"> 
+  <?php echo $form ?>
+  <?php wp_nonce_field($nonce_action); ?>
+  <h2><?php echo $heading ?></h2>
+<fieldset class="options">
+    <legend><?php _e('Basics') ?></legend>
+        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
+         <tr>
+           <th width="33%" scope="row"><?php _e('URI:') ?></th>
+           <td width="67%"><input type="text" name="link_url" value="<?php echo $link->link_url; ?>" style="width: 95%;" /></td>
+         </tr>
+         <tr>
+           <th scope="row"><?php _e('Link Name:') ?></th>
+           <td><input type="text" name="link_name" value="<?php echo $link->link_name; ?>" style="width: 95%" /></td>
+         </tr>
+         <tr>
+            <th scope="row"><?php _e('Short description:') ?></th>
+         	<td><input type="text" name="link_description" value="<?php echo $link->link_description; ?>" style="width: 95%" /></td>
+         	</tr>
+        <tr>
+           <th scope="row"><?php _e('Category:') ?></th>
+           <td><?php link_category_dropdown('link_category', $link->link_category); ?></td>
+         </tr>
+</table>
+</fieldset>
+       <p class="submit">
+       <input type="submit" name="submit" value="<?php echo $submit_text ?>" />
+       </p>
+	<fieldset class="options">
+        <legend><?php _e('Link Relationship (XFN)') ?></legend>
+        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
+            <tr>
+                <th width="33%" scope="row"><?php _e('rel:') ?></th>
+            	<td width="67%"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo $link->link_rel; ?>" /></td>
+           	</tr>
+            <tr>
+                <th scope="row"><?php _e('<a href="http://gmpg.org/xfn/">XFN</a> Creator:') ?></th>
+            	<td>
+					<table cellpadding="3" cellspacing="5">
+	          <tr>
+              <th scope="row"> <?php _e('identity') ?> </th>
+              <td>
+                <label for="me">
+                <input type="checkbox" name="identity" value="me" id="me" <?php xfn_check('identity', 'me'); ?> />
+          <?php _e('another web address of mine') ?></label>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row"> <?php _e('friendship') ?> </th>
+              <td>
+			    <label for="contact">
+                <input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
+                <label for="acquaintance">
+                <input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
+                <label for="friend">
+                <input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
+                <label for="friendship">
+                <input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row"> <?php _e('physical') ?> </th>
+              <td>
+                <label for="met">
+                <input class="valinp" type="checkbox" name="physical" value="met" id="met" <?php xfn_check('physical', 'met'); ?> />
+          <?php _e('met') ?></label>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row"> <?php _e('professional') ?> </th>
+              <td>
+                <label for="co-worker">
+                <input class="valinp" type="checkbox" name="professional" value="co-worker" id="co-worker" <?php xfn_check('professional', 'co-worker'); ?> />
+          <?php _e('co-worker') ?></label>
+                <label for="colleague">
+                <input class="valinp" type="checkbox" name="professional" value="colleague" id="colleague" <?php xfn_check('professional', 'colleague'); ?> />
+          <?php _e('colleague') ?></label>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row"> <?php _e('geographical') ?> </th>
+              <td>
+                <label for="co-resident">
+                <input class="valinp" type="radio" name="geographical" value="co-resident" id="co-resident" <?php xfn_check('geographical', 'co-resident', 'radio'); ?> />
+          <?php _e('co-resident') ?></label>
+                <label for="neighbor">
+                <input class="valinp" type="radio" name="geographical" value="neighbor" id="neighbor" <?php xfn_check('geographical', 'neighbor', 'radio'); ?> />
+          <?php _e('neighbor') ?></label>
+                <label for="geographical">
+                <input class="valinp" type="radio" name="geographical" value="" id="geographical" <?php xfn_check('geographical', '', 'radio'); ?> />
+          <?php _e('none') ?></label>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row"> <?php _e('family') ?> </th>
+              <td>
+                <label for="child">
+                <input class="valinp" type="radio" name="family" value="child" id="child" <?php xfn_check('family', 'child', 'radio'); ?>  />
+          <?php _e('child') ?></label>
+                <label for="kin">
+                <input class="valinp" type="radio" name="family" value="kin" id="kin" <?php xfn_check('family', 'kin', 'radio'); ?>  />
+          <?php _e('kin') ?></label>
+                <label for="parent">
+                <input class="valinp" type="radio" name="family" value="parent" id="parent" <?php xfn_check('family', 'parent', 'radio'); ?> />
+          <?php _e('parent') ?></label>
+                <label for="sibling">
+                <input class="valinp" type="radio" name="family" value="sibling" id="sibling" <?php xfn_check('family', 'sibling', 'radio'); ?> />
+          <?php _e('sibling') ?></label>
+                <label for="spouse">
+                <input class="valinp" type="radio" name="family" value="spouse" id="spouse" <?php xfn_check('family', 'spouse', 'radio'); ?> />
+          <?php _e('spouse') ?></label>
+                <label for="family">
+                <input class="valinp" type="radio" name="family" value="" id="family" <?php xfn_check('family', '', 'radio'); ?> />
+          <?php _e('none') ?></label>
+              </td>
+            </tr>
+            <tr>
+              <th scope="row"> <?php _e('romantic') ?> </th>
+              <td>
+                <label for="muse">
+                <input class="valinp" type="checkbox" name="romantic" value="muse" id="muse" <?php xfn_check('romantic', 'muse'); ?> />
+         <?php _e('muse') ?></label>
+                <label for="crush">
+                <input class="valinp" type="checkbox" name="romantic" value="crush" id="crush" <?php xfn_check('romantic', 'crush'); ?> />
+         <?php _e('crush') ?></label>
+                <label for="date">
+                <input class="valinp" type="checkbox" name="romantic" value="date" id="date" <?php xfn_check('romantic', 'date'); ?> />
+         <?php _e('date') ?></label>
+                <label for="romantic">
+                <input class="valinp" type="checkbox" name="romantic" value="sweetheart" id="romantic" <?php xfn_check('romantic', 'sweetheart'); ?> />
+         <?php _e('sweetheart') ?></label>
+              </td>
+            </tr>
+        </table>
+		  </td>
+           	</tr>
+</table>
+</fieldset>
+       <p class="submit">
+       <input type="submit" name="submit" value="<?php echo $submit_text ?>" />
+       </p>
+<fieldset class="options">
+        <legend><?php _e('Advanced') ?></legend>
+        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
+         <tr>
+           <th width="33%" scope="row"><?php _e('Image URI:') ?></th>
+           <td width="67%"><input type="text" name="link_image" size="50" value="<?php echo $link->link_image; ?>" style="width: 95%" /></td>
+         </tr>
+<tr>
+           <th scope="row"><?php _e('RSS URI:') ?> </th>
+           <td><input name="link_rss" type="text" id="rss_uri" value="<?php echo $link->link_rss; ?>" size="50" style="width: 95%" /></td>
+         </tr>
+         <tr>
+           <th scope="row"><?php _e('Notes:') ?></th>
+           <td><textarea name="link_notes" cols="50" rows="10" style="width: 95%"><?php echo $link->link_notes; ?></textarea></td>
+         </tr>
+         <tr>
+           <th scope="row"><?php _e('Rating:') ?></th>
+           <td><select name="link_rating" size="1">
+<?php
+    for ($r = 0; $r < 10; $r++) {
+      echo('            <option value="'.$r.'" ');
+      if ($link->link_rating == $r)
+        echo 'selected="selected"';
+      echo('>'.$r.'</option>');
+    }
+?>
+           </select>
+         &nbsp;<?php _e('(Leave at 0 for no rating.)') ?> </td>
+         </tr>
+         <tr>
+           <th scope="row"><?php _e('Target') ?></th>
+           <td><label>
+          <input type="radio" name="link_target" value="_blank"   <?php echo(($link->link_target == '_blank') ? 'checked="checked"' : ''); ?> />
+          <code>_blank</code></label><br />
+<label>
+<input type="radio" name="link_target" value="_top" <?php echo(($link->link_target == '_top') ? 'checked="checked"' : ''); ?> />
+<code>_top</code></label><br />
+<label>
+<input type="radio" name="link_target" value=""     <?php echo(($link->link_target == '') ? 'checked="checked"' : ''); ?> />
+<?php _e('none') ?></label><br />
+<?php _e('(Note that the <code>target</code> attribute is illegal in XHTML 1.1 and 1.0 Strict.)') ?></td>
+         </tr>
+         <tr>
+           <th scope="row"><?php _e('Visible:') ?></th>
+           <td><label>
+             <input type="radio" name="link_visible" <?php if ($link->link_visible == 'Y') echo "checked='checked'"; ?> value="Y" />
+<?php _e('Yes') ?></label><br /><label>
+<input type="radio" name="link_visible" <?php if ($link->link_visible == 'N') echo "checked='checked'"; ?> value="N" />
+<?php _e('No') ?></label></td>
+         </tr>
+</table>
+</fieldset>
+<p class="submit"><input type="submit" name="submit" value="<?php echo $submit_text ?>" /></p>
+<?php if ( $editing ) : ?>
+          <input type="hidden" name="action" value="editlink" />
+          <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
+          <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
+          <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
+<?php else: ?>
+       	<input type="hidden" name="action" value="Add" />
+<?php endif; ?>
+</form> 
+</div>

wp-admin/edit-page-form.php

@@ -1,150 +1,212 @@
 
 <div class="wrap">
-<h2><?php _e('Write Page'); ?></h2>
+<h2 id="write-post"><?php _e('Write Page'); ?><?php if ( 0 != $post_ID ) : ?>
+<small class="quickjump"><a href="#preview-post"><?php _e('preview &darr;'); ?></a></small><?php endif; ?></h2>
 <?php
 if (0 == $post_ID) {
 	$form_action = 'post';
-	$form_extra = '';
+	$nonce_action = 'add-post';
+	$temp_ID = -1 * time();
+	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
 } else {
+	$post_ID = (int) $post_ID;
 	$form_action = 'editpost';
-	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+	$nonce_action = 'update-post_' . $post_ID;
+	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
-$sendto = $_SERVER['HTTP_REFERER'];
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
+
+$sendto = attribute_escape(wp_get_referer());
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
  	$sendto = 'redo';
-$sendto = wp_specialchars( $sendto );
 
 ?>
 
 <form name="post" action="post.php" method="post" id="post">
 
 <?php
+wp_nonce_field($nonce_action);
+
 if (isset($mode) && 'bookmarklet' == $mode) {
     echo '<input type="hidden" name="mode" value="bookmarklet" />';
 }
 ?>
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value='<?php echo $form_action ?>' />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
 <?php echo $form_extra ?>
 <input type="hidden" name="post_status" value="static" />
 
 <script type="text/javascript">
-<!--
-function focusit() {
-	// focus on first input field
+// <![CDATA[
+function focusit() { // focus on first input field
 	document.post.title.focus();
 }
-window.onload = focusit;
-//-->
+addLoadEvent(focusit);
+// ]]>
 </script>
-    <fieldset id="titlediv">
-      <legend><?php _e('Page Title') ?></legend> 
- 	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $edited_post_title; ?>" id="title" /></div>
-    </fieldset>
-<fieldset id="commentstatusdiv">
-      <legend><?php _e('Discussion') ?></legend> 
-	  <div>
-	  <input name="advanced_view" type="hidden" value="1" />
-	  <label for="comment_status" class="selectit">
-	      <input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($comment_status, 'open'); ?> />
-         <?php _e('Allow Comments') ?></label> 
-		 <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
-	</div>
+<div id="poststuff">
+
+<div id="moremeta">
+<div id="grabit" class="dbx-group">
+<fieldset id="commentstatusdiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Discussion') ?></h3>
+<div class="dbx-content">
+<input name="advanced_view" type="hidden" value="1" />
+<label for="comment_status" class="selectit">
+<input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> />
+<?php _e('Allow Comments') ?></label> 
+<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
+</div>
 </fieldset>
-    <fieldset id="postpassworddiv">
-      <legend><?php _e('Page Password') ?></legend> 
-	  <div><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post_password ?>" /></div>
-    </fieldset>
-    <fieldset id="pageparent">
-      <legend><?php _e('Page Parent') ?></legend> 
-	  <div><select name="parent_id">
-	  <option value='0'><?php _e('Main Page (no parent)'); ?></option>
-			<?php parent_dropdown($post_parent); ?>
-        </select>
-	  </div>
-    </fieldset>
-<fieldset id="postdiv">
+
+<fieldset id="passworddiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
+</fieldset>
+
+<fieldset id="pageparent" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Page Parent') ?></h3> 
+<div class="dbx-content"><p><select name="parent_id">
+<option value='0'><?php _e('Main Page (no parent)'); ?></option>
+<?php parent_dropdown($post->post_parent); ?>
+</select></p>
+</div>
+</fieldset>
+
+<?php if ( 0 != count( get_page_templates() ) ) { ?>
+<fieldset id="pagetemplate" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Page Template:') ?></h3> 
+<div class="dbx-content"><p><select name="page_template">
+		<option value='default'><?php _e('Default Template'); ?></option>
+		<?php page_template_dropdown($post->page_template); ?>
+		</select></p>
+</div>
+</fieldset>
+<?php } ?>
+
+<fieldset id="slugdiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
+</fieldset>
+
+<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
+<fieldset id="authordiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
+<div class="dbx-content">
+<select name="post_author_override" id="post_author_override">
+<?php 
+foreach ($authors as $o) :
+$o = get_userdata( $o->ID );
+if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
+else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
+echo "<option value='$o->ID' $selected>$o->display_name</option>";
+endforeach;
+?>
+</select>
+</div>
+</fieldset>
+<?php endif; ?>
+
+<fieldset id="pageorder" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Page Order') ?></h3> 
+<div class="dbx-content"><p><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $post->menu_order ?>" /></p></div>
+</fieldset>
+
+<?php do_action('dbx_page_sidebar'); ?>
+
+</div>
+</div>
+
+<fieldset id="titlediv">
+  <legend><?php _e('Page Title') ?></legend> 
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
+</fieldset>
+
+
+<fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
     <legend><?php _e('Page Content') ?></legend>
-<?php the_quicktags(); ?>
 <?php
  $rows = get_settings('default_post_edit_rows');
  if (($rows < 3) || ($rows > 100)) {
      $rows = 10;
  }
 ?>
-<div><textarea rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo $content ?></textarea></div>
-</fieldset>
+<?php the_quicktags(); ?>
 
+<div><textarea title="true" rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo user_can_richedit() ? wp_richedit_pre($post->post_content) : $post->post_content; ?></textarea></div>
+</fieldset>
 
 <script type="text/javascript">
 <!--
 edCanvas = document.getElementById('content');
+<?php if ( user_can_richedit() ) : ?>
+// This code is meant to allow tabbing from Title to Post (TinyMCE).
+if ( tinyMCE.isMSIE )
+	document.getElementById('title').onkeydown = function (e)
+		{
+			e = e ? e : window.event;
+			if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
+				var i = tinyMCE.selectedInstance;
+				if(typeof i ==  'undefined')
+					return true;
+                                tinyMCE.execCommand("mceStartTyping");
+				this.blur();
+				i.contentWindow.focus();
+				e.returnValue = false;
+				return false;
+			}
+		}
+else
+	document.getElementById('title').onkeypress = function (e)
+		{
+			e = e ? e : window.event;
+			if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
+				var i = tinyMCE.selectedInstance;
+				if(typeof i ==  'undefined')
+					return true;
+                                tinyMCE.execCommand("mceStartTyping");
+				this.blur();
+				i.contentWindow.focus();
+				e.returnValue = false;
+				return false;
+			}
+		}
+<?php endif; ?>
 //-->
 </script>
 
 <p class="submit">
 <?php if ( $post_ID ) : ?>
 <input name="save" type="submit" id="save" tabindex="5" value=" <?php _e('Save and Continue Editing'); ?> "/> 
-<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Edit Page') : _e('Create New Page') ?> &raquo;" /> 
+<input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Save') : _e('Create New Page') ?> &raquo;" /> 
 <?php else : ?>
 <input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php _e('Create New Page') ?> &raquo;" /> 
 <?php endif; ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php echo $sendto; ?>" />
 </p>
 
-<fieldset id="pageoptions">
-	 <legend><?php _e('Page Options') ?></legend>
-<table width="100%" cellspacing="2" cellpadding="5" class="editform">
-<?php if ( 0 != count( get_page_templates() ) ) { ?>
-	<tr valign="top">
-		<th scope="row" width="30%"><?php _e('Page Template:') ?></th>
-		<td><div><select name="page_template">
-		<option value='default'><?php _e('Default Template'); ?></option>
-		<?php page_template_dropdown($page_template); ?>
-		</select>
-		
-		</div>
-		</td>
-	</tr>
-<?php } ?>
-	<tr valign="top">
-		<th scope="row" width="30%"><?php _e('Page slug') ?>:</th>
-		<td><input name="post_name" type="text" size="25" id="post_name" value="<?php echo $post_name ?>" /></td>
-	</tr>
-<?php if ($user_level > 7 && $users = $wpdb->get_results("SELECT ID, user_login, user_firstname, user_lastname FROM $wpdb->users WHERE user_level <= $user_level AND user_level > 0") ) : ?>
-	<tr>
-		<th scope="row" width="30%"><?php _e('Page owner'); ?>:</th>
-		<td>
-		<select name="post_author" id="post_author">
-		<?php 
-		foreach ($users as $o) :
-			if ( $post_author == $o->ID ) $selected = 'selected="selected"';
-			else $selected = '';
-			echo "<option value='$o->ID' $selected>$o->user_login ($o->user_firstname $o->user_lastname)</option>";
-		endforeach;
-		?>
-		</select>
-		</td>
-	</tr>
-<?php endif; ?>
-	<tr>
-		<th scope="row" width="25%"><?php _e('Page Order') ?>:</th>
-		<td><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $menu_order ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Delete'); ?>:</th>
-		<td><?php if ('edit' == $action) : ?>
-		<input name="deletepost" class="delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($edited_post_title) ) . "')\""; ?> />
-<?php endif; ?></td>
-	</tr>
-</table>
-</fieldset>
+<?php do_action('edit_page_form'); ?>
 
-<fieldset id="postcustom">
-<legend><?php _e('Custom Fields') ?> <script type="text/javascript">customToggleLink();</script></legend>
-<div id="postcustomstuff">
+<?php
+if (current_user_can('upload_files')) {
+	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
+	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
+	if ( false != $uploading_iframe_src )
+		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+}
+?>
+
+<div id="advancedstuff" class="dbx-group">
+
+<fieldset id="postcustom" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+<div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
 ?>
@@ -156,9 +218,19 @@ if($metadata = has_meta($post_ID)) {
 	meta_form();
 ?>
 </div>
+<div id="ajax-response"></div>
 </fieldset>
 
-<?php do_action('edit_page_form', ''); ?>
+<?php do_action('dbx_page_advanced'); ?>
+
+</div>
+
+<?php if ('edit' == $action) :
+	$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
+	<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
+<?php endif; ?>
+</div>
+
 </form>
 
 </div>

wp-admin/edit-pages.php

@@ -2,29 +2,34 @@
 require_once('admin.php');
 $title = __('Pages');
 $parent_file = 'edit.php';
+$list_js = true;
 require_once('admin-header.php');
-
-get_currentuserinfo();
 ?>
 
 <div class="wrap">
 <h2><?php _e('Page Management'); ?></h2>
+<p><?php _e('Pages are like posts except they live outside of the normal blog chronology and can be hierarchical. You can use pages to organize and manage any amount of content.'); ?> <a href="page-new.php"><?php _e('Create a new page'); ?> &raquo;</a></p>
+
+<form name="searchform" action="" method="get"> 
+  <fieldset> 
+  <legend><?php _e('Search Pages&hellip;') ?></legend>
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
+  <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
+  </fieldset>
+</form>
 
 <?php
-if (isset($user_ID) && ('' != intval($user_ID))) {
-	$posts = $wpdb->get_results("
-	SELECT $wpdb->posts.*, $wpdb->users.user_level FROM $wpdb->posts
-	INNER JOIN $wpdb->users ON ($wpdb->posts.post_author = $wpdb->users.ID)
-	WHERE $wpdb->posts.post_status = 'static'
-	AND ($wpdb->users.user_level < $user_level OR $wpdb->posts.post_author = $user_ID)
-	");
-} else {
-    $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
-}
+
+$show_post_type = 'page';
+
+if ( isset($_GET['s']) )
+	wp();
+else
+	$posts = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_status = 'static'");
 
 if ($posts) {
 ?>
-<table width="100%" cellpadding="3" cellspacing="3"> 
+<table id="the-list-x" width="100%" cellpadding="3" cellspacing="3"> 
   <tr> 
     <th scope="col"><?php _e('ID') ?></th> 
     <th scope="col"><?php _e('Title') ?></th> 
@@ -34,8 +39,31 @@ if ($posts) {
     <th scope="col"></th> 
     <th scope="col"></th> 
   </tr> 
-<?php page_rows(); ?>
+<?php
+if ( isset($_GET['s']) ) {
+foreach ( $posts as $post ) : 
+	$class = ('alternate' != $class) ? 'alternate' : ''; ?>
+  <tr id='page-<?php echo $post->ID; ?>' class='<?php echo $class; ?>'> 
+    <th scope="row"><?php echo $post->ID; ?></th> 
+    <td>
+      <?php echo $pad; ?><?php the_title() ?> 
+    </td> 
+    <td><?php the_author() ?></td>
+    <td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td> 
+	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 
+    <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title('','',0))) . "' );\">" . __('Delete') . "</a>"; } ?></td> 
+  </tr>
+<?php
+endforeach;
+} else {
+	page_rows();
+}
+?>
 </table> 
+
+<div id="ajax-response"></div>
+
 <?php
 } else {
 ?>
@@ -43,9 +71,9 @@ if ($posts) {
 <?php
 } // end if ($posts)
 ?> 
-<p><?php _e('Pages are like posts except they live outside of the normal blog chronology. You can use pages to organize and manage any amount of content.'); ?></p>
-<h3><a href="page-new.php"><?php _e('Create New Page'); ?> &raquo;</a></h3>
-</div> 
 
+<h3><a href="page-new.php"><?php _e('Create New Page'); ?> &raquo;</a></h3>
+
+</div>
 
 <?php include('admin-footer.php'); ?> 

wp-admin/edit.php

@@ -3,24 +3,13 @@ require_once('admin.php');
 
 $title = __('Posts');
 $parent_file = 'edit.php';
+$list_js = true;
 require_once('admin-header.php');
 
 $_GET['m'] = (int) $_GET['m'];
 
-get_currentuserinfo();
-
-$drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author = $user_ID");
-if (1 < $user_level) {
-	$editable = $wpdb->get_col("SELECT ID FROM $wpdb->users WHERE user_level <= '$user_level' AND ID != $user_ID");
-	if( is_array( $editable ) == false )
-			$other_drafts = '';
-	else {
-		$editable = join(',', $editable);
-		$other_drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author IN ($editable) ");
-	}
-} else {
-	$other_drafts = false;
-}
+$drafts = get_users_drafts( $user_ID );
+$other_drafts = get_others_drafts( $user_ID);
 
 if ($drafts || $other_drafts) {
 ?> 
@@ -70,14 +59,16 @@ $what_to_show = 'posts';
 $posts_per_page = 15;
 $posts_per_archive_page = -1;
 
-include(ABSPATH.'wp-blog-header.php');
+wp();
 
 if ( is_month() ) {
 	single_month_title(' ');
 } elseif ( is_search() ) {
 	printf(__('Search for &#8220;%s&#8221;'), wp_specialchars($_GET['s']) );
 } else {
-	if ( ! is_paged() || get_query_var('paged') == 1 )
+	if ( is_single() )
+		printf(__('Comments on %s'), $post->post_title);
+	elseif ( ! is_paged() || get_query_var('paged') == 1 )
 		_e('Last 15 Posts');
 	else
 		_e('Previous Posts');
@@ -88,17 +79,20 @@ if ( is_month() ) {
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
   <fieldset> 
   <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
   <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
   </fieldset>
 </form>
 
+<?php $arc_result = $wpdb->get_results("SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_date != '0000-00-00 00:00:00' ORDER BY post_date DESC");
+
+if ( count($arc_result) ) { ?>
+
 <form name="viewarc" action="" method="get" style="float: left; width: 20em; margin-bottom: 1em;">
 	<fieldset>
 	<legend><?php _e('Browse Month&hellip;') ?></legend>
     <select name='m'>
 	<?php
-		$arc_result=$wpdb->get_results("SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts ORDER BY post_date DESC");
 		foreach ($arc_result as $arc_row) {			
 			$arc_year  = $arc_row->yyear;
 			$arc_month = $arc_row->mmonth;
@@ -118,6 +112,8 @@ if ( is_month() ) {
 	</fieldset>
 </form>
 
+<?php } ?>
+
 <br style="clear:both;" />
 
 <?php
@@ -140,7 +136,7 @@ $posts_columns['control_delete'] = '';
 
 ?>
 
-<table width="100%" cellpadding="3" cellspacing="3"> 
+<table id="the-list-x" width="100%" cellpadding="3" cellspacing="3"> 
 	<tr>
 
 <?php foreach($posts_columns as $column_display_name) { ?>
@@ -154,7 +150,7 @@ $bgcolor = '';
 foreach ($posts as $post) { start_wp();
 $class = ('alternate' == $class) ? '' : 'alternate';
 ?> 
-	<tr class='<?php echo $class; ?>'>
+	<tr id='post-<?php echo $id; ?>' class='<?php echo $class; ?>'>
 
 <?php
 
@@ -208,13 +204,13 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'control_edit':
 		?>
-		<td><?php if ( user_can_edit_post($user_ID,$post->ID) ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
+		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
 		<?php
 		break;
 
 	case 'control_delete':
 		?>
-		<td><?php if ( user_can_edit_post($user_ID,$post->ID) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'OK\' to delete, \'Cancel\' to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "')\">" . __('Delete') . "</a>"; } ?></td>
+		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
 		<?php
 		break;
 
@@ -237,7 +233,9 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 <?php
 } // end if ($posts)
 ?> 
-</table> 
+</table>
+
+<div id="ajax-response"></div>
 
 <div class="navigation">
 <div class="alignleft"><?php next_posts_link(__('&laquo; Previous Entries')) ?></div>
@@ -262,14 +260,15 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
   @
   <?php comment_time('g:m:s a') ?> 
   <?php 
-			if (($user_level > $authordata->user_level) or ($user_login == $authordata->user_login)) {
+			if ( current_user_can('edit_post', $post->ID) ) {
 				echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" .  __('Edit') . "</a>";
-				echo " - <a href=\"post.php?action=deletecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'OK\' to delete, \'Cancel\' to stop."), $comment->comment_author) . "')\">" . __('Delete') . "</a> ";
-				if ( ('none' != $comment_status) && ($user_level >= 3) ) {
+				echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
+
+				if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
 					if ('approved' == wp_get_comment_status($comment->comment_ID)) {
-						echo " - <a href=\"post.php?action=unapprovecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
 					} else {
-						echo " - <a href=\"post.php?action=approvecomment&amp;p=".$post->ID."&amp;comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
+						echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
 					}
 				}
 				echo "]";

wp-admin/execute-pings.php

@@ -0,0 +1,25 @@
+<?php
+
+require_once('../wp-config.php');
+
+// Do pingbacks
+while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) {
+	$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';");
+	pingback($ping->post_content, $ping->ID);
+}
+
+// Do Enclosures
+while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
+	$wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
+	do_enclose($enclosure->post_content, $enclosure->ID);
+}
+
+// Do Trackbacks
+$trackbacks = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE CHAR_LENGTH(TRIM(to_ping)) > 7 AND post_status != 'draft'");
+if ( is_array($trackbacks) ) {
+	foreach ( $trackbacks as $trackback ) {
+		do_trackbacks($trackback->ID);
+	}
+}
+
+?>

wp-admin/import-b2.php

@@ -1,247 +0,0 @@
-<?php
-if (!file_exists('../wp-config.php')) die("There doesn't seem to be a wp-config.php file. Double check that you updated wp-config-sample.php with the proper database connection information and renamed it to wp-config.php.");
-require_once('../wp-config.php');
-require('upgrade-functions.php');
-$step = $_GET['step'];
-if (!$step) $step = 0;
-header( 'Content-Type: text/html; charset=utf-8' );
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-	<title>WordPress &#8212; b2 Conversion</title>
-	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-	<style media="screen" type="text/css">
-	body {
-		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 15%;
-		margin-right: 15%;
-	}
-	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/wordpress.gif);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
-	}
-	#logo a {
-		display: block;
-		height: 60px;
-	}
-	#logo a span {
-		display: none;
-	}
-	p, li {
-		line-height: 140%;
-	}
-	</style>
-</head>
-<body>
-<h1 id="logo"><a href="http://wordpress.org"><span>WordPress</span></a></h1>
-<?php
-switch($step) {
-
-	case 0:
-?>
-<p>Welcome to WordPress. Since you&#8217;re upgrading from b2 everything should be relatively 
-  familiar to you. Here are some notes on upgrading:</p>
-<ul>
-  <li>If you&#8217;re using an older version of b2, it's probably a good idea to upgrade 
-    to at least .61 before making the leap to WordPress.</li>
-  <li>The templates are so much better, and there is so much more going on than 
-    before it&#8217;s probably worth it to start from scratch and work back to your 
-    design.</li>
-  <li>You need to transfer some of your settings from your old <code>b2config.php</code>
-    to <code>wp-config.php</code> file.</li>
-  <li>WordPress issues should be discussed in our <a href="http://wordpress.org/support/">support 
-    forums</a>.</li>
-  <li><strong>Back up</strong> your database before you do anything. Yes, you.</li>
-</ul>
-<p>Have you looked at the <a href="../readme.html">readme</a>? If 
-  you&#8217;re all ready, <a href="import-b2.php?step=1">let&#8217;s go</a>!</p>
-<?php
-	break;
-	
-	case 1:
-?>
-<h1>Step 1</h1>
-<p>Okay first we&#8217;re going to set up the links database. This will allow you to host your own blogroll, complete with Weblogs.com updates.</p>
-<?php
-
-$got_links = false;
-$got_cats = false;
-$got_row = false;
-?>
-<p>Installing WP-Links.</p>
-<p>Checking for tables...</p>
-<?php
-$result = mysql_list_tables(DB_NAME);
-if (!$result) {
-    print "DB Error, could not list tables\n";
-    print 'MySQL Error: ' . mysql_error();
-    exit;
-}
-
-while ($row = mysql_fetch_row($result)) {
-    if ($row[0] == $wpdb->links)
-        $got_links = true;
-    if ($row[0] == $wpdb->linkcategories)
-        $got_cats = true;
-    //print "Table: $row[0]<br />\n";
-}
-if (!$got_cats) {
-    echo "<p>Can't find table '$wpdb->linkcategories', gonna create it...</p>\n";
-    $sql = "CREATE TABLE $wpdb->linkcategories ( " .
-           " cat_id int(11) NOT NULL auto_increment, " .
-           " cat_name tinytext NOT NULL, ".
-           " auto_toggle enum ('Y','N') NOT NULL default 'N', ".
-           " PRIMARY KEY (cat_id) ".
-           ") ";
-    $result = mysql_query($sql) or print ("Can't create the table '$wpdb->linkcategories' in the database.<br />" . $sql . "<br />" . mysql_error());
-    if ($result != false) {
-        echo "<p>Table '$wpdb->linkcategories' created OK</p>\n";
-        $got_cats = true;
-    }
-} else {
-    echo "<p>Found table '$wpdb->linkcategories', don't need to create it...</p>\n";
-        $got_cats = true;
-}
-if (!$got_links) {
-    echo "<p>Can't find '$wpdb->links', gonna create it...</p>\n";
-    $sql = "CREATE TABLE $wpdb->links ( " .
-           " link_id int(11) NOT NULL auto_increment,           " .
-           " link_url varchar(255) NOT NULL default '',         " .
-           " link_name varchar(255) NOT NULL default '',        " .
-           " link_image varchar(255) NOT NULL default '',       " .
-           " link_target varchar(25) NOT NULL default '',       " .
-           " link_category int(11) NOT NULL default 0,          " .
-           " link_description varchar(255) NOT NULL default '', " .
-           " link_visible enum ('Y','N') NOT NULL default 'Y',  " .
-           " link_owner int NOT NULL DEFAULT '1',               " .
-           " link_rating int NOT NULL DEFAULT '0',              " .
-           " link_updated DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', " .
-           " link_rel varchar(255) NOT NULL default '',         " .
-           " link_notes MEDIUMTEXT NOT NULL default '',         " .
-           " PRIMARY KEY (link_id)                              " .
-           ") ";
-    $result = mysql_query($sql) or print ("Can't create the table '$wpdb->links' in the database.<br />" . $sql . "<br />" . mysql_error());
-	$links = mysql_query("INSERT INTO $wpdb->links VALUES ('', 'http://wordpress.org/', 'WordPress', '', '', 1, '', 'Y', 1, 0, '0000-00-00 00:00:00', '');");
-	$links = mysql_query("INSERT INTO $wpdb->links VALUES ('', 'http://photomatt.net/', 'Matt', '', '', 1, '', 'Y', 1, 0, '0000-00-00 00:00:00', '');");
-	$links = mysql_query("INSERT INTO $wpdb->links VALUES ('', 'http://zed1.com/b2/', 'Mike', '', '', 1, '', 'Y', 1, 0, '0000-00-00 00:00:00', '');");
-
-    if ($result != false) {
-        echo "<p>Table '$wpdb->links' created OK</p>\n";
-        $got_links = true;
-    }
-} else {
-    echo "<p>Found table '$wpdb->links', don't need to create it...</p>\n";
-    echo "<p>... may need to update it though. Looking for column link_updated...</p>\n";
-    $query = "SELECT link_updated FROM $wpdb->links LIMIT 1";
-    $q = @mysql_query($query);
-    if ($q != false) {
-        if ($row = mysql_fetch_object($q)) {
-            echo "<p>You have  column link_updated. Good!</p>\n";
-        }
-    } else {
-        $query = "ALTER TABLE $wpdb->links ADD COLUMN link_updated DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00'";
-        $q = mysql_query($query) or mysql_doh("Doh, couldn't add column.", $query, mysql_error());
-        echo "<p>Added column link_updated...</p>\n";
-    }
-    echo "<p>Looking for column link_rel...</p>\n";
-    $query = "SELECT link_rel FROM $wpdb->links LIMIT 1";
-    $q = @mysql_query($query);
-    if ($q != false) {
-        if ($row = mysql_fetch_object($q)) {
-            echo "<p>You have column link_rel. Good!</p>\n";
-        }
-    } else {
-        $query = "ALTER TABLE $wpdb->links ADD COLUMN link_rel varchar(255) NOT NULL DEFAULT '' ";
-        $q = mysql_query($query) or mysql_doh("Doh, couldn't add column.", $query, mysql_error());
-        echo "<p>Added column link_rel...</p>\n";
-    }
-    $got_links = true;
-}
-
-if ($got_links && $got_cats) {
-    echo "<p>Looking for category 1...</p>\n";
-    $sql = "SELECT * FROM $wpdb->linkcategories WHERE cat_id=1 ";
-    $result = mysql_query($sql) or print ("Can't query '$wpdb->linkcategories'.<br />" . $sql . "<br />" . mysql_error());
-    if ($result != false) {
-        if ($row = mysql_fetch_object($result)) {
-            echo "<p>You have at least 1 category. Good!</p>\n";
-            $got_row = true;
-        } else {
-            echo "<p>Gonna insert category 1...</p>\n";
-            $sql = "INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, 'General')";
-            $result = mysql_query($sql) or print ("Can't query insert category.<br />" . $sql . "<br />" . mysql_error());
-            if ($result != false) {
-                echo "<p>Inserted category Ok</p>\n";
-                $got_row = true;
-            }
-        }
-    }
-}
-
-if ($got_row) {
-    echo "<p>All done!</p>\n";
-}
-?>
-<p>Did you defeat the boss monster at the end? Good, then you&#8217;re ready for 
-  <a href="import-b2.php?step=2">Step 2</a>.</p>
-<?php
-	break;
-	case 2:
-?>
-<h1>Step 2</h1>
-<p>First we&#8217;re going to add excerpt, post, and password functionality...</p>
-
-<?php
-
-$query = "ALTER TABLE $wpdb->posts ADD COLUMN post_excerpt text NOT NULL;";
-$q = $wpdb->query($query);
-// 0.71 mods
-$query = "ALTER TABLE $wpdb->posts ADD post_status ENUM('publish','draft','private') NOT NULL,
-ADD comment_status ENUM('open','closed') NOT NULL,
-ADD ping_status ENUM('open','closed') NOT NULL,
-ADD post_password varchar(20) NOT NULL;";
-$q = $wpdb->query($query);
-?>
-
-<p>That went well! Now let's clean up the b2 database structure a bit...</p>
-
-<?php
-$query = "ALTER TABLE $wpdb->posts DROP INDEX ID";
-
-$q = $wpdb->query($query);
-
-?>
-
-<p>One down, two to go...</p>
-
-
-<p>So far so good.</p>
-<?php
-
-$query="ALTER TABLE $wpdb->posts DROP post_karma";
-$q = $wpdb->query($query);
-flush();
-?>
-
-<p>Almost there...</p>
-
-<?php
-
-$query = "ALTER TABLE $wpdb->users DROP INDEX ID";
-
-$q = $wpdb->query($query);
-upgrade_all();
-?>
-
-<p>Welcome to the family. <a href="../">Have fun</a>!</p>
-  <?php
-	break;
-}
-?>
-
-</body>
-</html>

wp-admin/import-blogger.php

@@ -1,221 +0,0 @@
-<?php
-
-$wpvarstoreset = array('action');
-for ($i=0; $i<count($wpvarstoreset); $i += 1) {
-	$wpvar = $wpvarstoreset[$i];
-	if (!isset($$wpvar)) {
-		if (empty($_POST["$wpvar"])) {
-			if (empty($_GET["$wpvar"])) {
-				$$wpvar = '';
-			} else {
-				$$wpvar = $_GET["$wpvar"];
-			}
-		} else {
-			$$wpvar = $_POST["$wpvar"];
-		}
-	}
-}
-require_once('../wp-config.php');
-require('upgrade-functions.php');
-header( 'Content-Type: text/html; charset=utf-8' );
-switch ($action) {
-
-case "step1":
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-	<title>Blogger to WordPress - Converting...</title>
-	<link rel="stylesheet" href="wp-admin.css" type="text/css">
-</head>
-<body>
-<div class="wrap">
-<h1>Blogger to <img src="../wp-images/wpminilogo.png" width="50" height="50" border="0" alt="WordPress" align="top" /></h1>
-<p>The importer is running...</p>
-<ul>
-	<li>Importing posts and users
-		<ul><?php
-
-	for($bgy=1999; $bgy<=(date('Y')); $bgy++) {
-		for($bgm=1; $bgm<13; $bgm++) {
-
-		$bgmm = zeroise($bgm,2);
-	
-		$archivefile = "../$bgy"."_"."$bgmm"."_01_wordpress.php";
-		
-		if (file_exists($archivefile)) {
-
-			$f = fopen($archivefile,"r");
-			$archive = fread($f, filesize($archivefile));
-			fclose($f);
-			echo "<li>$bgy/$bgmm ";
-
-			$posts = explode('<wordpresspost>', $archive);
-
-			for ($i = 1; $i < count($posts); $i = $i + 1) {
-
-			$postinfo = explode('|||', $posts[$i]);
-			$post_date = $postinfo[0];
-			$post_content = $postinfo[2];
-			// Don't try to re-use the original numbers
-			// because the new, longer numbers are too
-			// big to handle as ints.
-			//$post_number = $postinfo[3];
-			$post_title = $postinfo[4];
-
-			$post_author = trim(addslashes($postinfo[1]));
-			// we'll check the author is registered already
-			$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_login = '$post_author'");
-			if (!$user) { // seems s/he's not, so let's register
-				$user_ip = '127.0.0.1';
-				$user_domain = 'localhost';
-				$user_browser = 'server';
-				$user_joindate = '1979-06-06 00:41:00'; // that's my birthdate (gmt+1) - I could choose any other date. You could change the date too. Just remember the year must be >=1970 or the world would just randomly fall on your head (everything might look fine, and then blam! major headache!)
-				$user_login = addslashes($post_author);
-				$pass1 = addslashes('password');
-				$user_nickname = addslashes($post_author);
-				$user_email = addslashes('user@wordpress.org');
-				$user_url = addslashes('');
-				$user_joindate = addslashes($user_joindate);
-				$result = $wpdb->query("
-				INSERT INTO $wpdb->users (
-					user_login,
-					user_pass,
-					user_nickname,
-					user_email,
-					user_url,
-					user_ip,
-					user_domain,
-					user_browser,
-					user_registered,
-					user_level,
-					user_idmode
-				) VALUES (
-					'$user_login',
-					'$pass1',
-					'$user_nickname',
-					'$user_email',
-					'$user_url',
-					'$user_ip',
-					'$user_domain',
-					'$user_browser',
-					'$user_joindate',
-					'1',
-					'nickname'
-				)");
-
-				echo ": Registered user <strong>$user_login</strong>";
-			}
-
-			$post_author_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$post_author'");
-
-			$post_date = explode(' ', $post_date);
-			$post_date_Ymd = explode('/', $post_date[0]);
-			$postyear = $post_date_Ymd[2];
-			$postmonth = zeroise($post_date_Ymd[0], 2);
-			$postday = zeroise($post_date_Ymd[1], 2);
-			$post_date_His = explode(':', $post_date[1]);
-			$posthour = zeroise($post_date_His[0], 2);
-			$postminute = zeroise($post_date_His[1], 2);
-			$postsecond = zeroise($post_date_His[2], 2);
-
-			if (($post_date[2] == 'PM') && ($posthour != '12'))
-				$posthour = $posthour + 12;
-			else if (($post_date[2] == 'AM') && ($posthour == '12'))
-				$posthour = '00';
-
-			$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-
-			$post_content = addslashes($post_content);
-			$post_content = str_replace('<br>', '<br />', $post_content); // the XHTML touch... ;)
-			
-			$post_title = addslashes($post_title);
-			
-			// Quick-n-dirty check for dups:
-			$dupcheck = $wpdb->get_results("SELECT ID,post_date,post_title FROM $wpdb->posts WHERE post_date='$post_date' AND post_title='$post_title' LIMIT 1",ARRAY_A);
-			if ($dupcheck[0]['ID']) {
-				print "<br />\nSkipping duplicate post, ID = '" . $dupcheck[0]['ID'] . "'<br />\n";
-				print "Timestamp: " . $post_date . "<br />\n";
-				print "Post Title: '" . stripslashes($post_title) . "'<br />\n";
-				continue;
-			}
-
-			$result = $wpdb->query("
-			INSERT INTO $wpdb->posts 
-				(post_author,post_date,post_content,post_title,post_category)
-			VALUES 
-				('$post_author_ID','$post_date','$post_content','$post_title','1')
-			");
-
-
-			} echo '... <strong>Done</strong></li>';
-			
-		}}
-	}
-
-	upgrade_all();
-	?>
-</ul>
-<strong>Done</strong>
-</li>
-</ul>
-<p>&nbsp;</p>
-<p>Completed Blogger to WordPress import!</p>
-<p>Now you can go and <a href="../wp-login.php">log in</a>, have fun!</p>
-</div>
-</body>
-</html>
-	<?php
-	break;
-
-default:
-
-	?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-	<title>Blogger to WordPress Import Utility</title>
-	<link rel="stylesheet" href="wp-admin.css" type="text/css">
-</head>
-
-<body>
-<div class="wrap">
-<h1>Blogger to <img src="../wp-images/wpminilogo.png" width="50" height="50" border="0" alt="WordPress" align="top" /></h1>
-<p>This is a basic Blogger to WordPress import script.</p>
-<p>What it does:</p>
-<ul>
-	<li>Parses your archives to retrieve your blogger posts.</li>
-	<li>Adds an author whenever it sees a new nickname, all authors are imported at level 1, with a default profile and the password 'password'</li>
-</ul>
-<p>What it does not:</p>
-<ul>
-	<li>It sucks at making coffee.</li>
-	<li>It always forgets to call back.</li>
-</ul>
-
-<h2>First step: Install WordPress</h2>
-<p>Install the WordPress blog as explained in the <a href="../readme.html">read me</a>, then immediately come back here.</p>
-
-<h3>Second step: let's play with Blogger</h3>
-<p>Log into your Blogger account.<br />
-Go to the Settings, and make Blogger publish your files in the directory where your WordPress resides. Change the Date/Time format to be mm/dd/yyyy hh:mm:ss AM/PM (the first choice in the dropdown menu). In Archives: set the frequency to 'monthly' and the archive filename to 'wordpress.php' (without the quotes), set the ftp archive path to make Blogger publish the archives in your WordPress directory. Click 'save changes'.<br />
-Go to the Templates. Replace your existing template with this line (copy and paste):
-<blockquote>&lt;Blogger>&lt;wordpresspost>&lt;$BlogItemDateTime$>|||&lt;$BlogItemAuthorNickname$>|||&lt;$BlogItemBody$>|||&lt;$BlogItemNumber$>|||&lt;$BlogItemSubject$>&lt;/Blogger></blockquote>
-Go to the Archives, and click 'republish all'.<br />
-Check in your FTP that you've got the archive files published. They should look like this example: <code>2001_10_01_wordpress.php</code>. If they aren't there, redo the republish process.</p>
-<p>You're done with the hard part. :)</p>
-
-<form name="stepOne" method="get">
-<input type="hidden" name="action" value="step1" />
-<h3>Third step: w00t, let's click OK:</h3>
-<p>When you're ready, click OK to start importing: <input type="submit" name="submit" value="OK" /><br /><br />
-<i>Note: the script might take some time, like 1 second for 100 entries
-imported. DO NOT STOP IT or else you won't have a complete import.</i></p>
-</form>
-</div>
-</body>
-</html>
-	<?php
-	break;
-
-}
-
-?>

wp-admin/import-greymatter.php

@@ -1,322 +0,0 @@
-<?php
-if (!file_exists('../wp-config.php')) die("There doesn't seem to be a wp-config.php file. You must install WordPress before you import any entries.");
-
-require_once('../wp-config.php');
-require('upgrade-functions.php');
-
-$wpvarstoreset = array('action', 'gmpath', 'archivespath', 'lastentry');
-for ($i=0; $i<count($wpvarstoreset); $i += 1) {
-	$wpvar = $wpvarstoreset[$i];
-	if (!isset($$wpvar)) {
-		if (empty($_POST["$wpvar"])) {
-			if (empty($_GET["$wpvar"])) {
-				$$wpvar = '';
-			} else {
-				$$wpvar = $_GET["$wpvar"];
-			}
-		} else {
-			$$wpvar = $_POST["$wpvar"];
-		}
-	}
-}
-
-header( 'Content-Type: text/html; charset=utf-8' );
-?>
-
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<title>WordPress &rsaquo; Import from GreyMatter</title>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<style media="screen" type="text/css">
-	body {
-		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 20%;
-		margin-right: 20%;
-	}
-	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
-	}
-	#logo a {
-		display: block;
-		text-decoration: none;
-		text-indent: -100em;
-		height: 60px;
-	}
-	p {
-		line-height: 140%;
-	}
-	#authors li 	{
-		padding:3px;
-		border: 1px solid #ccc;
-		width: 40%;
-		margin-bottom:2px;
-	}
-	</style>
-</head><body> 
-<h1 id="logo"><a href="http://wordpress.org">WordPress</a></h1> 
-
-<?php
-switch ($action) {
-
-case "step1":
-
-	function gm2autobr($string) { // transforms GM's |*| into wp's <br />\n
-		$string = str_replace("|*|","<br />\n",$string);
-		return($string);
-	}
-
-	if (!@chdir($archivespath))
-		die("Wrong path, $archivespath\ndoesn't exist\non the server");
-
-	if (!@chdir($gmpath))
-		die("Wrong path, $gmpath\ndoesn't exist\non the server");
-?>
-
-<p>The importer is running...</p>
-<ul>
-<li>importing users... <ul><?php
-
-	chdir($gmpath);
-	$userbase = file("gm-authors.cgi");
-
-	foreach($userbase as $user) {
-		$userdata=explode("|", $user);
-
-		$user_ip="127.0.0.1";
-		$user_domain="localhost";
-		$user_browser="server";
-
-		$s=$userdata[4];
-		$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
-
-		$user_login=addslashes($userdata[0]);
-		$pass1=addslashes($userdata[1]);
-		$user_nickname=addslashes($userdata[0]);
-		$user_email=addslashes($userdata[2]);
-		$user_url=addslashes($userdata[3]);
-		$user_joindate=addslashes($user_joindate);
-
-		$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
-		if ($loginthere) {
-			echo "<li>user <i>$user_login</i>... <b>Already exists</b></li>";
-			continue;
-		}
-
-		$query = "INSERT INTO $wpdb->users (user_login,user_pass,user_nickname,user_email,user_url,user_ip,user_domain,user_browser,user_registered,user_level,user_idmode) VALUES ('$user_login','$pass1','$user_nickname','$user_email','$user_url','$user_ip','$user_domain','$user_browser','$user_joindate','1','nickname')";
-		$result = $wpdb->query($query);
-		if ($result==false) {
-			die ("<strong>ERROR</strong>: couldn't register an user!");
-		}
-		echo "<li>user <i>$user_login</i>... <b>Done</b></li>";
-
-	}
-
-?></ul><b>Done</b></li>
-<li>importing posts, comments, and karma...<br /><ul><?php
-
-	chdir($archivespath);
-	
-	for($i = 0; $i <= $lastentry; $i = $i + 1) {
-		
-		$entryfile = "";
-		
-		if ($i<10000000) {
-			$entryfile .= "0";
-			if ($i<1000000) {
-				$entryfile .= "0";
-				if ($i<100000) {
-					$entryfile .= "0";
-					if ($i<10000) {
-						$entryfile .= "0";
-						if ($i<1000) {
-							$entryfile .= "0";
-							if ($i<100) {
-								$entryfile .= "0";
-								if ($i<10) {
-									$entryfile .= "0";
-		}}}}}}}
-
-		$entryfile .= "$i";
-
-		if (is_file($entryfile.".cgi")) {
-
-			$entry=file($entryfile.".cgi");
-			echo "<li>entry # $entryfile ";
-			$postinfo=explode("|",$entry[0]);
-			$postmaincontent=gm2autobr($entry[2]);
-			$postmorecontent=gm2autobr($entry[3]);
-
-			$post_author=trim(addslashes($postinfo[1]));
-			// we'll check the author is registered, or if it's a deleted author
-			$sql = "SELECT * FROM $wpdb->users WHERE user_login = '$post_author'";
-			$result = $wpdb->query($sql);
-			if (! $result) { // if deleted from GM, we register the author as a level 0 user in wp
-				$user_ip="127.0.0.1";
-				$user_domain="localhost";
-				$user_browser="server";
-				$user_joindate="1979-06-06 00:41:00";
-				$user_login=addslashes($post_author);
-				$pass1=addslashes("password");
-				$user_nickname=addslashes($post_author);
-				$user_email=addslashes("user@deleted.com");
-				$user_url=addslashes("");
-				$user_joindate=addslashes($user_joindate);
-				$query = "INSERT INTO $wpdb->users (user_login,user_pass,user_nickname,user_email,user_url,user_ip,user_domain,user_browser,user_registered,user_level,user_idmode) VALUES ('$user_login','$pass1','$user_nickname','$user_email','$user_url','$user_ip','$user_domain','$user_browser','$user_joindate','0','nickname')";
-				$result = $wpdb->query($query);
-				if ($result==false) {
-					die ("<strong>ERROR</strong>: couldn't register an user!");
-				}
-				echo ": registered deleted user <i>$user_login</i> at level 0 ";
-			}
-
-			$sql = "SELECT ID FROM $wpdb->users WHERE user_login = '$post_author'";
-			$post_author_ID = $wpdb->get_var($sql);
-
-			$post_title=gm2autobr($postinfo[2]);
-			$post_title=addslashes($post_title);
-
-			$postyear=$postinfo[6];
-			$postmonth=zeroise($postinfo[4],2);
-			$postday=zeroise($postinfo[5],2);
-			$posthour=zeroise($postinfo[7],2);
-			$postminute=zeroise($postinfo[8],2);
-			$postsecond=zeroise($postinfo[9],2);
-
-			if (($postinfo[10]=="PM") && ($posthour!="12"))
-				$posthour=$posthour+12;
-
-			$post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-
-			$post_content=$postmaincontent;
-			if (strlen($postmorecontent)>3)
-				$post_content .= "<!--more--><br /><br />".$postmorecontent;
-			$post_content=addslashes($post_content);
-
-			$post_karma=$postinfo[12];
-
-			$query = "INSERT INTO $wpdb->posts (post_author,post_date,post_content,post_title) VALUES ('$post_author_ID','$post_date','$post_content','$post_title')";
-			$result = $wpdb->query($query);
-
-			if (!$result)
-				die ("Error in posting...");
-			
-			$query = "SELECT ID FROM $wpdb->posts ORDER BY ID DESC LIMIT 1";
-			$post_ID = $wpdb->get_var($query);
-
-			// Grab a default category.
-			$post_category = $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories LIMIT 1");
-
-			// Update the post2cat table.
-			$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_ID AND category_id = $post_category");
-			  
-			if (!$exists) {
-			  $wpdb->query("
-					INSERT INTO $wpdb->post2cat
-					(post_id, category_id)
-					VALUES
-					($post_ID, $post_category)
-					");
-			}
-
-			$c=count($entry);
-			if ($c>4) {
-				for ($j=4;$j<$c;$j++) {
-					$entry[$j]=gm2autobr($entry[$j]);
-					$commentinfo=explode("|",$entry[$j]);
-					$comment_post_ID=$post_ID;
-					$comment_author=addslashes($commentinfo[0]);
-					$comment_author_email=addslashes($commentinfo[2]);
-					$comment_author_url=addslashes($commentinfo[3]);
-					$comment_author_IP=addslashes($commentinfo[1]);
-
-					$commentyear=$commentinfo[7];
-					$commentmonth=zeroise($commentinfo[5],2);
-					$commentday=zeroise($commentinfo[6],2);
-					$commenthour=zeroise($commentinfo[8],2);
-					$commentminute=zeroise($commentinfo[9],2);
-					$commentsecond=zeroise($commentinfo[10],2);
-					if (($commentinfo[11]=="PM") && ($commenthour!="12"))
-						$commenthour=$commenthour+12;
-					$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
-
-					$comment_content=addslashes($commentinfo[12]);
-
-					$sql3 = "INSERT INTO $wpdb->comments (comment_post_ID,comment_author,comment_author_email,comment_author_url,comment_author_IP,comment_date,comment_content) VALUES ('$comment_post_ID','$comment_author','$comment_author_email','$comment_author_url','$comment_author_IP','$comment_date','$comment_content')";
-					$result3 = $wpdb->query($sql3);
-					if (!$result3)
-						die ("There is an error with the database, it can't store your comment..");
-				}
-				$comments=$c-4;
-				echo ": imported $comments comment";
-				if ($comments>1)
-					echo "s";
-			}
-			echo "... <b>Done</b></li>";
-		}
-	} 
-	upgrade_all();
-	?>
-</ul><b>Done</b></li></ul>
-<p>&nbsp;</p>
-<p>Completed GM 2 WordPress import !</p>
-<p>Now you can go and <a href="wp-login.php">log in</a>, have fun !</p>
-	<?php
-	break;
-
-default:
-?>
-
-<p>This is a basic GreyMatter to WordPress import script.</p>
-<p>What it does:</p>
-<ul>
-<li>parses gm-authors.cgi to import authors: everyone is imported at level 1</li>
-<li>parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress); if authors are found not to be in gm-authors.cgi, imports them at level 0</li>
-</ul>
-<p>What it does not:</p>
-<ul>
-<li>parse gm-counter.cgi (what's the use of that file ?), gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log)</li>
-<li>import gm-templates. you'll start with the basic template wp.php</li>
-<li>doesn't keep entries on top</li>
-</ul>
-
-<h3>First step: Install WordPress</h3>
-<p>Install the WordPress blog as explained in the <a href="../readme.html" target="_blank">ReadMe</a>, then immediately come back here.</p>
-
-<form name="stepOne" method="get">
-<input type="hidden" name="action" value="step1" />
-<h3>Second step: Provide GreyMatter details</h3>
-<table cellpadding="0">
-<tr>
-<td>Path to GM files:</td>
-<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
-</tr>
-<tr>
-<td>Path to GM entries:</td>
-<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
-</tr>
-</table>
-
-<p>This importer will search for files 00000001.cgi to 000-whatever.cgi, so you need to enter the number of the last GM post here. (If you don't know that number, just log into your FTP and look it up in the entries' folder)</p>
-
-<table>
-<tr>
-<td>Last entry's number:</td>
-<td><input type="text" name="lastentry" value="00000001" /></td>
-</tr>
-</table>
-
-<p>When you're ready, click OK to start importing: <input type="submit" name="submit" value="OK" class="search" /></p>
-</form>
-
-</body>
-</html>
-	<?php
-	break;
-}
-
-?>

wp-admin/import-livejournal.php

@@ -1,124 +0,0 @@
-<?php
-define('XMLFILE', '');
-// Example:
-// define('XMLFILE', '/home/example/public_html/rss.xml');
-// or if it's in the same directory as import-rss.php
-// define('XMLFILE', 'rss.xml');
-
-$post_author = 1; // Author to import posts as author ID
-$timezone_offset = 0; // GMT offset of posts your importing
-
-
-$add_hours = intval($timezone_offset);
-$add_minutes = intval(60 * ($timezone_offset - $add_hours));
-
-if (!file_exists('../wp-config.php')) die("There doesn't seem to be a wp-config.php file. You must install WordPress before you import any entries.");
-require('../wp-config.php');
-
-$step = $_GET['step'];
-if (!$step) $step = 0;
-header( 'Content-Type: text/html; charset=utf-8' );
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<title>WordPress &rsaquo; Import from RSS</title>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<style media="screen" type="text/css">
-	body {
-		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 20%;
-		margin-right: 20%;
-	}
-	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
-	}
-	#logo a {
-		display: block;
-		text-decoration: none;
-		text-indent: -100em;
-		height: 60px;
-	}
-	p {
-		line-height: 140%;
-	}
-	</style>
-</head><body> 
-<h1 id="logo"><a href="http://wordpress.org/">WordPress</a></h1> 
-<?php
-switch($step) {
-
-	case 0:
-?> 
-<p>Howdy! This importer allows you to extract posts from a LiveJournal XML export file. To get started you must edit the following line in this file (<code>import-livejournal.php</code>) </p>
-<p><code>define('XMLFILE', '');</code></p>
-<p>You want to define where the XML file we'll be working with is, for example: </p>
-<p><code>define('XMLFILE', '2002-04.xml');</code></p>
-<p>You have to do this manually for security reasons.</p>
-<p>If you've done that and you&#8217;re all ready, <a href="import-livejournal.php?step=1">let's go</a>!</p>
-<?php
-	break;
-	
-	case 1:
-if ('' != XMLFILE && !file_exists(XMLFILE)) die("The file you specified does not seem to exist. Please check the path you've given.");
-if ('' == XMLFILE) die("You must edit the XMLFILE line as described on the <a href='import-rss.php'>previous page</a> to continue.");
-
-// Bring in the data
-set_magic_quotes_runtime(0);
-$datalines = file(XMLFILE); // Read the file into an array
-$importdata = implode('', $datalines); // squish it
-$importdata = str_replace(array("\r\n", "\r"), "\n", $importdata);
-
-preg_match_all('|<entry>(.*?)</entry>|is', $importdata, $posts);
-$posts = $posts[1];
-
-echo '<ol>';
-foreach ($posts as $post) :
-$title = $date = $categories = $content = $post_id =  '';
-echo "<li>Importing post... ";
-
-preg_match('|<subject>(.*?)</subject>|is', $post, $title);
-$title = addslashes( trim($title[1]) );
-$post_name = sanitize_title($title);
-
-preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $date);
-$date = strtotime($date[1]);
-
-$post_date = date('Y-m-d H:i:s', $date);
-
-
-preg_match('|<event>(.*?)</event>|is', $post, $content);
-$content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );
-
-// Now lets put it in the DB
-if ($wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'")) :
-	echo 'Post already imported';
-else : 
-	
-	$wpdb->query("INSERT INTO $wpdb->posts 
-		(post_author, post_date, post_date_gmt, post_content, post_title,post_status, comment_status, ping_status, post_name)
-		VALUES 
-		('$post_author', '$post_date', DATE_ADD('$post_date', INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE), '$content', '$title', 'publish', '$comment_status', '$ping_status', '$post_name')");
-	$post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'");
-	if (!$post_id) die("couldn't get post ID");
-	$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_id AND category_id = 1");
-	if (!$exists) $wpdb->query("INSERT INTO $wpdb->post2cat (post_id, category_id) VALUES ($post_id, 1) ");
-	echo 'Done!</li>';
-endif;
-
-
-endforeach;
-?>
-</ol>
-
-<h3>All done. <a href="../">Have fun!</a></h3>
-<?php
-	break;
-}
-?> 
-</body>
-</html>

wp-admin/import-mt.php

@@ -1,418 +0,0 @@
-<?php
-define('MTEXPORT', '');
-// enter the relative path of the import.txt file containing the mt entries. If the file is called import.txt and it is /wp-admin, then this line
-//should be define('MTEXPORT', 'import.txt');
-
-if (!file_exists('../wp-config.php')) die("There doesn't seem to be a wp-config.php file. You must install WordPress before you import any entries.");
-require('../wp-config.php');
-require ('upgrade-functions.php');
-$step = $_GET['step'];
-if (!$step) $step = 0;
-header( 'Content-Type: text/html; charset=utf-8' );
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<title>WordPress &rsaquo; Import from Movable Type</title>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<style media="screen" type="text/css">
-	body {
-		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 20%;
-		margin-right: 20%;
-	}
-	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
-	}
-	#logo a {
-		display: block;
-		text-decoration: none;
-		text-indent: -100em;
-		height: 60px;
-	}
-	p {
-		line-height: 140%;
-	}
-	#authors li 	{
-		padding:3px;
-		border: 1px solid #ccc;
-		width: 40%;
-		margin-bottom:2px;
-	}
-	</style>
-</head><body> 
-<h1 id="logo"><a href="http://wordpress.org">WordPress</a></h1> 
-<?php
-switch($step) {
-
-	case 0:
-?> 
-<p>Howdy! We&#8217;re about to begin the process to import all of your Movable Type entries into WordPress. Before we get started, you need to edit this file (<code>import-mt.php</code>) and change one line so we know where to find your MT export file. To make this easy put the import file into the <code>wp-admin</code> directory. Look for the line that says:</p>
-<p><code>define('MTEXPORT', '');</code></p>
-<p>and change it to</p>
-<p><code>define('MTEXPORT', 'import.txt');</code></p>
-<p>You have to do this manually for security reasons.</p>
-<p>If you've done that and you&#8217;re all ready, <a href="import-mt.php?step=1">let's go</a>! Remember that the import process may take a minute or so if you have a large number of entries and comments. Think of all the rebuilding time you'll be saving once it's done. :)</p>
-<p>The importer is smart enough not to import duplicates, so you can run this multiple times without worry if&#8212;for whatever reason&#8212;it doesn't finish. If you get an <strong>out of memory</strong> error try splitting up the import file into pieces. </p>
-<?php
-	break;
-	
-	case 1:
-if ('' != MTEXPORT && !file_exists(MTEXPORT)) die("The file you specified does not seem to exist. Please check the path you've given.");
-if ('' == MTEXPORT) die("You must edit the MTEXPORT line as described on the <a href='import-mt.php'>previous page</a> to continue.");
-// Bring in the data
-set_magic_quotes_runtime(0);
-$importdata = file(MTEXPORT); // Read the file into an array
-$importdata = implode('', $importdata); // squish it
-$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
-$importdata = preg_replace("/\n--------\n/", "--MT-ENTRY--\n", $importdata);
-$authors = array();
-$temp = array();
-$posts = explode("--MT-ENTRY--", $importdata);
-unset( $importdata ); // Free up memory
-
-function users_form($n) {
-	global $wpdb, $testing;
-	$users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
-	?><select name="userselect[<?php echo $n; ?>]">
-	<option value="#NONE#">- Select -</option>
-	<?php foreach($users as $user) {
-		echo '<option value="'.$user->user_login.'">'.$user->user_login.'</option>';
-		} ?>
-	</select>
-<?php }
-
-$i = -1;
-foreach ($posts as $post) { 
-	if ('' != trim($post)) {
-		++$i;
-		unset($post_categories);
-		preg_match("|AUTHOR:(.*)|", $post, $thematch);
-		$thematch = trim($thematch[1]);
-		array_push($temp,"$thematch"); //store the extracted author names in a temporary array
-		}
-	}//end of foreach
-//we need to find unique values of author names, while preserving the order, so this function emulates the unique_value(); php function, without the sorting.
-$authors[0] = array_shift($temp); 
-$y = count($temp) + 1;
-for ($x = 1; $x < $y; $x++) {
-	$next = array_shift($temp);
-	if (!(in_array($next,$authors))) array_push($authors, "$next");
-	}
-//by this point, we have all unique authors in the array $authors
-?><p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
-<p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
-<p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
-	<?php
-	echo '<ol id="authors">';
-	echo '<form action="?step=2" method="post">';
-	$j = -1;
-	foreach ($authors as $author) {
-	++$j;
-	echo '<li><i>'.$author.'</i><br />'.'<input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30">';
-	users_form($j);
-	echo '</li>';
-	}
-	echo '<input type="submit" value="Submit">'.'<br/>';
-	echo '</form>';
-	echo '</ol>';
-	
-	flush();
-
-	break;
-	
-	case 2:
-	$newauthornames = array();
-	$formnames = array();
-	$selectnames = array();
-	$mtnames = array();
-	foreach($_POST['user'] as $key => $line) { 
-	$newname = trim(stripslashes($line)); 
-	if ($newname == '') $newname = 'left_blank';//passing author names from step 1 to step 2 is accomplished by using POST. left_blank denotes an empty entry in the form.
-	array_push($formnames,"$newname");
-	}// $formnames is the array with the form entered names
-	foreach ($_POST['userselect'] as $user => $key) {
-	$selected = trim(stripslashes($key));
-	array_push($selectnames,"$selected");
-	}
-	$count = count($formnames);
-	for ($i = 0; $i < $count; $i++) {
-	if ( $selectnames[$i] != '#NONE#') {//if no name was selected from the select menu, use the name entered in the form
-	array_push($newauthornames,"$selectnames[$i]");
-	} 
-	else {
-	array_push($newauthornames,"$formnames[$i]");
-	}
-	}
-
-	$j = -1;
-	//function to check the authorname and do the mapping
-	function checkauthor($author) {
-	global $wpdb, $mtnames, $newauthornames, $j;//mtnames is an array with the names in the mt import file
-	$md5pass = md5(changeme);
-	if (!(in_array($author, $mtnames))) { //a new mt author name is found
-		++$j;
-		$mtnames[$j] = $author; //add that new mt author name to an array 
-		$user_id = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$newauthornames[$j]'"); //check if the new author name defined by the user is a pre-existing wp user
-		if (!$user_id) { //banging my head against the desk now. 
-			if ($newauthornames[$j] == 'left_blank') { //check if the user does not want to change the authorname
-				$wpdb->query("INSERT INTO $wpdb->users (user_level, user_login, user_pass, user_nickname) VALUES ('1', '$author', '$md5pass', '$author')"); // if user does not want to change, insert the authorname $author
-				$user_id = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$author'");
-				$newauthornames[$j] = $author; //now we have a name, in the place of left_blank.
-			} else {
-			$wpdb->query("INSERT INTO $wpdb->users (user_level, user_login, user_pass, user_nickname) VALUES ('1', '$newauthornames[$j]', '$md5pass', '$newauthornames[$j]')"); //if not left_blank, insert the user specified name
-			$user_id = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$newauthornames[$j]'");
-			}
-		} else return $user_id; // return pre-existing wp username if it exists
-    } else {
-    $key = array_search($author, $mtnames); //find the array key for $author in the $mtnames array
-    $user_id = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$newauthornames[$key]'");//use that key to get the value of the author's name from $newauthornames
-	}
-	return $user_id;
-}//function checkauthor ends here
-
-	//bring in the posts now
-set_magic_quotes_runtime(0);
-$importdata = file(MTEXPORT); // Read the file into an array
-$importdata = implode('', $importdata); // squish it
-$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
-$importdata = preg_replace("/\n--------\n/", "--MT-ENTRY--", $importdata);
-$authors = array();
-$temp = array();
-$posts = explode("--MT-ENTRY--", $importdata);
-unset( $importdata ); // Free up memory
-
-$i = -1;
-echo "<ol>";
-foreach ($posts as $post) { if ('' != trim($post)) {
-	++$i;
-	unset($post_categories);
-	echo "<li>Processing post... ";
-
-	// Take the pings out first
-	preg_match("|(-----\n\nPING:.*)|s", $post, $pings);
-	$post = preg_replace("|(-----\n\nPING:.*)|s", '', $post);
-
-	// Then take the comments out
-	preg_match("|(-----\nCOMMENT:.*)|s", $post, $comments);
-	$post = preg_replace("|(-----\nCOMMENT:.*)|s", '', $post);
-	
-	// We ignore the keywords
-	$post = preg_replace("|(-----\nKEYWORDS:.*)|s", '', $post);
-	
-	// We want the excerpt
-	preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
-	$excerpt = addslashes(trim($excerpt[1]));
-	$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
-	
-	// We're going to put extended body into main body with a more tag
-	preg_match("|-----\nEXTENDED BODY:(.*)|s", $post, $extended);
-	$extended = trim($extended[1]);
-	if ('' != $extended) $extended = "\n<!--more-->\n$extended";
-	$post = preg_replace("|(-----\nEXTENDED BODY:.*)|s", '', $post);
-	
-	// Now for the main body
-	preg_match("|-----\nBODY:(.*)|s", $post, $body);
-	$body = trim($body[1]);
-	$post_content = addslashes($body . $extended);
-	$post = preg_replace("|(-----\nBODY:.*)|s", '', $post);
-	
-	// Grab the metadata from what's left
-	$metadata = explode("\n", $post);
-	foreach ($metadata as $line) {
-		preg_match("/^(.*?):(.*)/", $line, $token);
-		$key = trim($token[1]);
-		$value = trim($token[2]);
-		// Now we decide what it is and what to do with it
-        switch($key) {
-			case '':
-				break;
-            case 'AUTHOR':
-                $post_author = $value;
-                break;
-            case 'TITLE':
-                $post_title = addslashes($value);
-				echo '<i>'.stripslashes($post_title).'</i>... ';
-				$post_name = sanitize_title($post_title);
-                break;
-            case 'STATUS':
-                // "publish" and "draft" enumeration items match up; no change required
-                $post_status = $value;
-				if (empty($post_status)) $post_status = 'publish';
-                break;
-            case 'ALLOW COMMENTS':
-                $post_allow_comments = $value;
-                if ($post_allow_comments == 1) {
-                    $comment_status = 'open';
-                } else {
-                    $comment_status = 'closed';
-                }
-                break;
-            case 'CONVERT BREAKS':
-                $post_convert_breaks = $value;
-                break;
-            case 'ALLOW PINGS':
-                $post_allow_pings = trim($meta[2][0]);
-                if ($post_allow_pings == 1) {
-                    $post_allow_pings = 'open';
-                } else {
-                    $post_allow_pings = 'closed';
-                }
-                break;
-            case 'PRIMARY CATEGORY':
-				$post_categories[] = addslashes($value);
-                break;
-            case 'CATEGORY':    
-				$post_categories[] = addslashes($value);
-                break;
-			case 'DATE':
-				$post_date = strtotime($value);
-				$post_date = date('Y-m-d H:i:s', $post_date);
-				$post_date_gmt = get_gmt_from_date("$post_date");
-				break;
-			default:
-//				echo "\n$key: $value";
-				break;
-        } // end switch
-	} // End foreach
-
-	// Let's check to see if it's in already
-	if ($wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$post_title' AND post_date = '$post_date'")) {
-		echo "Post already imported.";
-	} else {
-		$post_author = checkauthor($post_author);//just so that if a post already exists, new users are not created by checkauthor
-	    $wpdb->query("INSERT INTO $wpdb->posts (
-			post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_name, post_modified, post_modified_gmt)
-			VALUES 
-			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_name','$post_date', '$post_date_gmt')");
-		$post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$post_title' AND post_date = '$post_date'");
-		if (0 != count($post_categories)) {
-			foreach ($post_categories as $post_category) {
-			// See if the category exists yet
-			$cat_id = $wpdb->get_var("SELECT cat_ID from $wpdb->categories WHERE cat_name = '$post_category'");
-			if (!$cat_id && '' != trim($post_category)) {
-				$cat_nicename = sanitize_title($post_category);
-				$wpdb->query("INSERT INTO $wpdb->categories (cat_name, category_nicename) VALUES ('$post_category', '$cat_nicename')");
-				$cat_id = $wpdb->get_var("SELECT cat_ID from $wpdb->categories WHERE cat_name = '$post_category'");
-			}
-			if ('' == trim($post_category)) $cat_id = 1;
-			// Double check it's not there already
-			$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_id AND category_id = $cat_id");
-
-			 if (!$exists) { 
-				$wpdb->query("
-				INSERT INTO $wpdb->post2cat
-				(post_id, category_id)
-				VALUES
-				($post_id, $cat_id)
-				");
-			}
-		} // end category loop
-		} else {
-			$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_id AND category_id = 1");
-			if (!$exists) $wpdb->query("INSERT INTO $wpdb->post2cat (post_id, category_id) VALUES ($post_id, 1) ");
-		}
-		echo " Post imported successfully...";
-		// Now for comments
-		$comments = explode("-----\nCOMMENT:", $comments[0]);
-		foreach ($comments as $comment) {
-		if ('' != trim($comment)) {
-			// Author
-			preg_match("|AUTHOR:(.*)|", $comment, $comment_author);
-			$comment_author = addslashes(trim($comment_author[1]));
-			$comment = preg_replace('|(\n?AUTHOR:.*)|', '', $comment);
-
-			preg_match("|EMAIL:(.*)|", $comment, $comment_email);
-			$comment_email = addslashes(trim($comment_email[1]));
-			$comment = preg_replace('|(\n?EMAIL:.*)|', '', $comment);
-
-			preg_match("|IP:(.*)|", $comment, $comment_ip);
-			$comment_ip = trim($comment_ip[1]);
-			$comment = preg_replace('|(\n?IP:.*)|', '', $comment);
-
-			preg_match("|URL:(.*)|", $comment, $comment_url);
-			$comment_url = addslashes(trim($comment_url[1]));
-			$comment = preg_replace('|(\n?URL:.*)|', '', $comment);
-
-			preg_match("|DATE:(.*)|", $comment, $comment_date);
-			$comment_date = trim($comment_date[1]);
-			$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
-			$comment = preg_replace('|(\n?DATE:.*)|', '', $comment);
-
-			$comment_content = addslashes(trim($comment));
-			$comment_content = str_replace('-----', '', $comment_content);
-
-			// Check if it's already there
-			if (!$wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_date = '$comment_date' AND comment_content = '$comment_content'")) {
-				$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_content, comment_approved)
-				VALUES
-				($post_id, '$comment_author', '$comment_email', '$comment_url', '$comment_ip', '$comment_date', '$comment_content', '1')");
-				echo " Comment added.";
-			}
-		}
-		}
-
-		// Finally the pings
-		// fix the double newline on the first one
-		$pings[0] = str_replace("-----\n\n", "-----\n", $pings[0]);
-		$pings = explode("-----\nPING:", $pings[0]);
-		foreach ($pings as $ping) {
-		if ('' != trim($ping)) {
-			// 'Author'
-			preg_match("|BLOG NAME:(.*)|", $ping, $comment_author);
-			$comment_author = addslashes(trim($comment_author[1]));
-			$ping = preg_replace('|(\n?BLOG NAME:.*)|', '', $ping);
-
-			$comment_email = '';
-
-			preg_match("|IP:(.*)|", $ping, $comment_ip);
-			$comment_ip = trim($comment_ip[1]);
-			$ping = preg_replace('|(\n?IP:.*)|', '', $ping);
-
-			preg_match("|URL:(.*)|", $ping, $comment_url);
-			$comment_url = addslashes(trim($comment_url[1]));
-			$ping = preg_replace('|(\n?URL:.*)|', '', $ping);
-
-			preg_match("|DATE:(.*)|", $ping, $comment_date);
-			$comment_date = trim($comment_date[1]);
-			$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
-			$ping = preg_replace('|(\n?DATE:.*)|', '', $ping);
-      
- 			preg_match("|TITLE:(.*)|", $ping, $ping_title);
-			$ping_title = addslashes(trim($ping_title[1]));
-			$ping = preg_replace('|(\n?TITLE:.*)|', '', $ping);
-
-			$comment_content = addslashes(trim($ping));
-			$comment_content = str_replace('-----', '', $comment_content);
-			
-			$comment_content = "<strong>$ping_title</strong>\n\n$comment_content";
-      
-			// Check if it's already there
-			if (!$wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_date = '$comment_date' AND comment_content = '$comment_content'")) {
-				$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_content, comment_approved, comment_type)
-				VALUES
-				($post_id, '$comment_author', '$comment_email', '$comment_url', '$comment_ip', '$comment_date', '$comment_content', '1', 'trackback')");
-				echo " Comment added.";
-			}
-
-		}
-		}
-	}
-	echo "</li>";
-	flush();
-
-} }
-upgrade_all();
-?>
-</ol>
-<h3>All done. <a href="../">Have fun!</a></h3>
-<?php
-	break;
-}
-?> 
-</body>
-</html>

wp-admin/import-rss.php

@@ -1,191 +0,0 @@
-<?php
-define('RSSFILE', '');
-// Example:
-// define('RSSFILE', '/home/example/public_html/rss.xml');
-// or if it's in the same directory as import-rss.php
-// define('RSSFILE', 'rss.xml');
-
-$post_author = 1; // Author to import posts as author ID
-$timezone_offset = 0; // GMT offset of posts your importing
-
-function unhtmlentities($string) { // From php.net for < 4.3 compat
-   $trans_tbl = get_html_translation_table(HTML_ENTITIES);
-   $trans_tbl = array_flip($trans_tbl);
-   return strtr($string, $trans_tbl);
-}
-
-$add_hours = intval($timezone_offset);
-$add_minutes = intval(60 * ($timezone_offset - $add_hours));
-
-if (!file_exists('../wp-config.php')) die("There doesn't seem to be a wp-config.php file. You must install WordPress before you import any entries.");
-require('../wp-config.php');
-
-$step = $_GET['step'];
-if (!$step) $step = 0;
-header( 'Content-Type: text/html; charset=utf-8' );
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<title>WordPress &rsaquo; Import from RSS</title>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<style media="screen" type="text/css">
-	body {
-		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 20%;
-		margin-right: 20%;
-	}
-	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
-	}
-	#logo a {
-		display: block;
-		text-decoration: none;
-		text-indent: -100em;
-		height: 60px;
-	}
-	p {
-		line-height: 140%;
-	}
-	</style>
-</head><body> 
-<h1 id="logo"><a href="http://wordpress.org/">WordPress</a></h1> 
-<?php
-switch($step) {
-
-	case 0:
-?> 
-<p>Howdy! This importer allows you to extract posts from any RSS 2.0 file into your blog. This is useful if you want to import your posts from a system that is not handled by a custom import tool. To get started you must edit the following line in this file (<code>import-rss.php</code>) </p>
-<p><code>define('RSSFILE', '');</code></p>
-<p>You want to define where the RSS file we'll be working with is, for example: </p>
-<p><code>define('RSSFILE', 'rss.xml');</code></p>
-<p>You have to do this manually for security reasons. When you're done reload this page and we'll take you to the next step.</p>
-<?php if ('' != RSSFILE) : ?>
-<h2 style="text-align: right;"><a href="import-rss.php?step=1">Begin RSS Import &raquo;</a></h2>
-<?php endif; ?>
-<?php
-	break;
-
-	case 1:
-
-// Bring in the data
-set_magic_quotes_runtime(0);
-$datalines = file(RSSFILE); // Read the file into an array
-$importdata = implode('', $datalines); // squish it
-$importdata = str_replace(array("\r\n", "\r"), "\n", $importdata);
-
-preg_match_all('|<item>(.*?)</item>|is', $importdata, $posts);
-$posts = $posts[1];
-
-echo '<ol>';
-foreach ($posts as $post) :
-$title = $date = $categories = $content = $post_id =  '';
-echo "<li>Importing post... ";
-
-preg_match('|<title>(.*?)</title>|is', $post, $title);
-$title = addslashes( trim($title[1]) );
-$post_name = sanitize_title($title);
-
-preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $date);
-
-if ($date) :
-	$date = strtotime($date[1]);
-else : // if we don't already have something from pubDate
-	preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $date);
-	$date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $date[1]);
-	$date = str_replace('T', ' ', $date);
-	$date = strtotime($date);
-endif;
-
-$post_date = gmdate('Y-m-d H:i:s', $date);
-
-preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
-$categories = $categories[1];
-
-if (!$categories) :
-	preg_match_all('|<dc:subject>(.*?)</dc:subject>|is', $post, $categories);
-	$categories = $categories[1];
-endif;
-
-preg_match('|<guid.+?>(.*?)</guid>|is', $post, $guid);
-if ($guid) $guid = addslashes( trim($guid[1]) );
-else $guid = '';
-
-preg_match('|<content:encoded>(.*?)</content:encoded>|is', $post, $content);
-$content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );
-
-if (!$content) : // This is for feeds that put content in description
-	preg_match('|<description>(.*?)</description>|is', $post, $content);
-	$content = $wpdb->escape( unhtmlentities( trim($content[1]) ) );
-endif;
-
-// Clean up content
-$content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $content);
-$content = str_replace('<br>', '<br />', $content);
-$content = str_replace('<hr>', '<hr />', $content);
-
-// This can mess up on posts with no titles, but checking content is much slower
-// So we do it as a last resort
-if ('' == $title) : 
-	$dupe = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' AND post_date = '$post_date'");
-else :
-	$dupe = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'");
-endif;
-
-// Now lets put it in the DB
-if ($dupe) :
-	echo 'Post already imported';
-else : 
-	
-	$wpdb->query("INSERT INTO $wpdb->posts 
-		(post_author, post_date, post_date_gmt, post_content, post_title,post_status, comment_status, ping_status, post_name, guid)
-		VALUES 
-		('$post_author', '$post_date', DATE_ADD('$post_date', INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE), '$content', '$title', 'publish', '$comment_status', '$ping_status', '$post_name', '$guid')");
-	$post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'");
-	if (!$post_id) die("couldn't get post ID");
-	if (0 != count($categories)) :
-		foreach ($categories as $post_category) :
-		$post_category = unhtmlentities($post_category);
-		// See if the category exists yet
-		$cat_id = $wpdb->get_var("SELECT cat_ID from $wpdb->categories WHERE cat_name = '$post_category'");
-		if (!$cat_id && '' != trim($post_category)) {
-			$cat_nicename = sanitize_title($post_category);
-			$wpdb->query("INSERT INTO $wpdb->categories (cat_name, category_nicename) VALUES ('$post_category', '$cat_nicename')");
-			$cat_id = $wpdb->get_var("SELECT cat_ID from $wpdb->categories WHERE cat_name = '$post_category'");
-		}
-		if ('' == trim($post_category)) $cat_id = 1;
-		// Double check it's not there already
-		$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_id AND category_id = $cat_id");
-	
-		 if (!$exists) { 
-			$wpdb->query("
-			INSERT INTO $wpdb->post2cat
-			(post_id, category_id)
-			VALUES
-			($post_id, $cat_id)
-			");
-			}
-	endforeach;
-	else:
-		$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_id AND category_id = 1");
-		if (!$exists) $wpdb->query("INSERT INTO $wpdb->post2cat (post_id, category_id) VALUES ($post_id, 1) ");
-	endif;
-	echo 'Done!</li>';
-endif;
-
-
-endforeach;
-?>
-</ol>
-
-<h3>All done. <a href="../">Have fun!</a></h3>
-<?php
-	break;
-}
-?> 
-</body>
-</html>

wp-admin/import-textpattern.php

@@ -1,138 +0,0 @@
-<?php
-
-// For security reasons, fill in the connection details to your Textpattern database below:
-
-$tp_database_name = 'textpattern';
-$tp_database_username = 'username';
-$tp_database_password = 'password';
-$tp_database_host = 'localhost';
-
-if (!file_exists('../wp-config.php')) die("There doesn't seem to be a wp-config.php file. Double check that you updated wp-config-sample.php with the proper database connection information and renamed it to wp-config.php.");
-require('../wp-config.php');
-require('upgrade-functions.php');
-
-$step = $_GET['step'];
-if (!$step) $step = 0;
-header( 'Content-Type: text/html; charset=utf-8' );
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<title>WordPress &rsaquo; Textpattern Import</title>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<style media="screen" type="text/css">
-	body {
-		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 15%;
-		margin-right: 15%;
-	}
-	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/wordpress.gif);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
-	}
-	#logo a {
-		display: block;
-		text-decoration: none;
-		text-indent: -100em;
-		height: 60px;
-	}
-	p {
-		line-height: 140%;
-	}
-	</style>
-</head><body> 
-<h1 id="logo"><a href="http://wordpress.org">WordPress</a></h1> 
-<?php
-switch($step) {
-
-	case 0:
-?> 
-<p>This script imports your entries from Textpattern into WordPress. It should be relatively painless, and we hope you're happy with the result.</p>
-<p>To run this, you first need to edit this file (<code>import-textpattern.php</code>) and enter your Textpattern database connection details. Let's check if the database connection information works...</p>
-<?php
-$connection = @mysql_connect($tp_database_host, $tp_database_username, $tp_database_password);
-$database = @mysql_select_db($tp_database_name);
-if ($connection && $database) {
-?>
-<p>Everything seems dandy so far, <a href="?step=1">let's get started</a>!</p>
-<?php
-} else {
-?>
-<p><em>It looks like your database information is incorrect. Please re-edit this file and double-check all the settings.</em></p>
-<?php
-}
-	break;
-	
-	case 1:
-?> 
-<h1>Step 1</h1> 
-<p>First let's get posts and comments.</p> 
-<?php
-// For people running this on .72
-$query = "ALTER TABLE `$wpdb->posts` ADD `post_name` VARCHAR(200) NOT NULL";
-maybe_add_column($wpdb->posts, 'post_name', $query);
-
-// Create post_name field
-$connection = @mysql_connect($tp_database_host, $tp_database_username, $tp_database_password);
-$database = @mysql_select_db($tp_database_name);
-
-// For now we're going to give everything the same author and same category
-$author = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_level = 10 LIMIT 1");
-$category = $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories LIMIT 1");
-
-$posts = mysql_query('SELECT * FROM textpattern', $connection);
-
-while ($post = mysql_fetch_array($posts)) {
-	//  ID, AuthorID, LastMod, LastModID, Posted, Title, Body, Body_html, Abstract, Category1, Category2, Annotate, AnnotateInvite, Status, Listing1, Listing2, Section
-	$posted = $post['Posted'];
-	// 20030216162119
-	$year = substr($posted,0,4);
-	$month = substr($posted,4,2);
-	$day = substr($posted,6,2);
-	$hour = substr($posted,8,2);
-	$minute = substr($posted,10,2);
-	$second = substr($posted,12,2);
-	$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
-	$posted = date('Y-m-d H:i:s', $timestamp);
-	
-	$content = addslashes($post['Body_html']);
-	$title = addslashes($post['Title']);
-	$post_name = sanitize_title($title);
-
-	$wpdb->query("INSERT INTO $wpdb->posts
-		(post_author, post_date, post_content, post_title, post_category, post_name, post_status)
-		VALUES
-		('$author', '$posted', '$content', '$title', '$category', '$post_name', 'publish')");
-
-	// Get wordpress post id
-	$wp_post_ID = $wpdb->get_var("SELECT ID FROM $wpdb->posts ORDER BY ID DESC LIMIT 1");
-	
-	// Now let's insert comments if there are any for the TP post
-	$tp_id = $post['ID'];
-	$comments = mysql_query("SELECT * FROM txp_Discuss WHERE parentid = $tp_id");
-	if ($comments) {
-		while($comment = mysql_fetch_object($comments)) {
-			//  discussid, parentid, name, email, web, ip, posted, message
-			// For some reason here "posted" is a real MySQL date, so we don't have to do anything about it
-			//  comment_post_ID  	 comment_author  	 comment_author_email  	 comment_author_url  	 comment_author_IP  	 comment_date  	 comment_content  	 comment_karma
-			$wpdb->query("INSERT INTO $wpdb->comments
-				(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_content)
-				VALUES
-				($wp_post_ID, '$comment->name', '$comment->email', '$comment->web', '$comment->ip', '$comment->posted', '$comment->message')");
-		}
-	}
-}
-
-upgrade_all();
-?>
-<p><strong>All done.</strong> Wasn&#8217;t that fun? <a href="../">Have fun</a>.</p> 
-<?php
-break;
-}
-?> 
-
-</body>
-</html>

wp-admin/import.php

@@ -0,0 +1,62 @@
+<?php
+require_once ('admin.php');
+$title = __('Import');
+$parent_file = 'import.php';
+require_once ('admin-header.php');
+?>
+
+<div class="wrap">
+<h2><?php _e('Import'); ?></h2>
+<p><?php _e('If you have posts or comments in another system WordPress can import them into your current blog. To get started, choose a system to import from below:'); ?></p>
+
+<?php
+
+// Load all importers so that they can register.
+$import_loc = 'wp-admin/import';
+$import_root = ABSPATH.$import_loc;
+$imports_dir = @ dir($import_root);
+if ($imports_dir) {
+	while (($file = $imports_dir->read()) !== false) {
+		if (preg_match('|^\.+$|', $file))
+			continue;
+		if (preg_match('|\.php$|', $file))
+			require_once("$import_root/$file");
+	}
+}
+
+$importers = get_importers();
+
+if (empty ($importers)) {
+	echo '<p>'.__('No importers are available.').'</p>'; // TODO: make more helpful
+} else {
+?>
+<table width="100%" cellpadding="3" cellspacing="3">
+
+<?php
+	$style = '';
+	foreach ($importers as $id => $data) {
+		$style = ('class="alternate"' == $style || 'class="alternate active"' == $style) ? '' : 'alternate';
+		$action = "<a href='admin.php?import=$id' title='".wptexturize(strip_tags($data[1]))."'>{$data[0]}</a>";
+
+		if ($style != '')
+			$style = 'class="'.$style.'"';
+		echo "
+			<tr $style>
+				<td class=\"togl\">$action</td>
+				<td class=\"desc\">{$data[1]}</td>
+			</tr>";
+	}
+?>
+
+</table>
+<?php
+}
+?>
+
+</div>
+
+<?php
+
+include ('admin-footer.php');
+?>
+

wp-admin/import/blogger.php

@@ -0,0 +1,668 @@
+<?php
+
+class Blogger_Import {
+
+	var $lump_authors = false;
+	var $import = array();
+
+	// Shows the welcome screen and the magic iframe.
+	function greet() {
+		$title = __('Import Old Blogger');
+		$welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
+		$noiframes = __('This feature requires iframe support.');
+		$warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
+		$reset = __('Reset this importer');
+		$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');
+
+		echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+		echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
+		if ( function_exists('curl_init') )
+			echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
+		else
+			echo "<p>$incompat</p>";
+		echo "</div>\n";
+	}
+
+	// Deletes saved data and redirect.
+	function restart() {
+		delete_option('import-blogger');
+		wp_redirect("admin.php?import=blogger");
+		die();
+	}
+
+	// Generates a string that will make the page reload in a specified interval.
+	function refresher($msec) {
+		if ( $msec )
+			return "<html><head><script type='text/javascript'>window.onload=setTimeout('window.location.reload()', $msec);</script>\n</head>\n<body>\n";
+		else
+			return "<html><head><script type='text/javascript'>window.onload=window.location.reload();</script>\n</head>\n<body>\n";
+	}
+
+	// Returns associative array of code, header, cookies, body. Based on code from php.net.
+	function parse_response($this_response) {
+		// Split response into header and body sections
+		list($response_headers, $response_body) = explode("\r\n\r\n", $this_response, 2);
+		$response_header_lines = explode("\r\n", $response_headers);
+
+		// First line of headers is the HTTP response code
+		$http_response_line = array_shift($response_header_lines);
+		if(preg_match('@^HTTP/[0-9]\.[0-9] ([0-9]{3})@',$http_response_line, $matches)) { $response_code = $matches[1]; }
+
+		// put the rest of the headers in an array
+		$response_header_array = array();
+		foreach($response_header_lines as $header_line) {
+			list($header,$value) = explode(': ', $header_line, 2);
+			$response_header_array[$header] .= $value."\n";
+		}
+
+		$cookie_array = array();
+		$cookies = explode("\n", $response_header_array["Set-Cookie"]);
+		foreach($cookies as $this_cookie) { array_push($cookie_array, "Cookie: ".$this_cookie); }
+
+		return array("code" => $response_code, "header" => $response_header_array, "cookies" => $cookie_array, "body" => $response_body);
+	}
+
+	// Prints a form for the user to enter Blogger creds.
+	function login_form($text='') {
+		echo '<h1>' . __('Log in to Blogger') . "</h1>\n$text\n";
+		echo '<form method="post" action="admin.php?import=blogger&amp;noheader=true&amp;step=0"><table><tr><td>' . __('Username') . ':</td><td><input type="text" name="user" /></td></tr><tr><td>' . __('Password') . ':</td><td><input type="password" name="pass" /></td><td><input type="submit" value="' . __('Start') . '" /></td></tr></table></form>';
+		die;
+	}
+
+	// Sends creds to Blogger, returns the session cookies an array of headers.
+	function login_blogger($user, $pass) {
+		$_url = 'http://www.blogger.com/login.do';
+		$params = "username=$user&password=$pass";
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_POST,1);
+		curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+		curl_setopt($ch, CURLOPT_URL,$_url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter');
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
+		curl_setopt($ch, CURLOPT_HEADER,1);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
+		$response = curl_exec ($ch);
+
+		$response = $this->parse_response($response);
+
+		sleep(1);
+
+		return $response['cookies'];
+	}
+
+	// Requests page from Blogger, returns the response array.
+	function get_blogger($url, $header = '', $user=false, $pass=false) {
+		$ch = curl_init();
+		if ($user && $pass) curl_setopt($ch, CURLOPT_USERPWD,"{$user}:{$pass}");
+		curl_setopt($ch, CURLOPT_URL,$url);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter');
+		curl_setopt($ch, CURLOPT_HEADER,1);
+		if (is_array($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
+		$response = curl_exec ($ch);
+
+		$response = $this->parse_response($response);
+		$response['url'] = $url;
+
+		if (curl_errno($ch)) {
+			print curl_error($ch);
+		} else {
+			curl_close($ch);
+		}
+
+		return $response;
+	}
+
+	// Posts data to Blogger, returns response array.
+	function post_blogger($url, $header = false, $paramary = false, $parse=true) {
+		$params = '';
+		if ( is_array($paramary) ) {
+			foreach($paramary as $key=>$value)
+				if($key && $value != '')
+					$params.=$key."=".urlencode(stripslashes($value))."&";
+		}
+		if ($user && $pass) $params .= "username=$user&password=$pass";
+		$params = trim($params,'&');
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_POST,1);
+		curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+		if ($user && $pass) curl_setopt($ch, CURLOPT_USERPWD,"{$user}:{$pass}");
+		curl_setopt($ch, CURLOPT_URL,$url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Blogger Exporter');
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+		curl_setopt($ch, CURLOPT_HEADER,$parse);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
+		if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
+		$response = curl_exec ($ch);
+
+		if ($parse) {
+			$response = $this->parse_response($response);
+			$response['url'] = $url;
+			return $response;
+		}
+
+		return $response;
+	}
+
+	// Prints the list of blogs for import.
+	function show_blogs() {
+		global $import;
+		echo '<h1>' . __('Selecting a Blog') . "</h1>\n<ul>";
+		foreach ( $this->import['blogs'] as $blog ) {
+			if (9 == $blog['nextstep']) $status = "100%";
+			elseif (8 == $blog['nextstep']) $status = "90%";
+			elseif (7 == $blog['nextstep']) $status = "82.5%";
+			elseif (6 == $blog['nextstep']) $status = "75%";
+			elseif (5 == $blog['nextstep']) $status = "57%";
+			elseif (4 == $blog['nextstep']) $status = "28%";
+			elseif (3 == $blog['nextstep']) $status = "14%";
+			else $status = "0%";
+			echo "\t<li><a href='admin.php?import=blogger&amp;noheader=true&amp;blog={$blog['id']}'>{$blog['title']}</a> $status</li>\n";
+		}
+		die("</ul>\n");
+	}
+
+	// Publishes.
+	function publish_blogger($i, $text) {
+		$head = $this->refresher(2000) . "<h1>$text</h1>\n";
+		if ( ! strstr($this->import['blogs'][$_GET['blog']]['publish'][$i], 'http') ) {
+			// First call. Start the publish process with a fresh set of cookies.
+			$this->import['cookies'] = $this->login_blogger($this->import['user'], $this->import['pass']);
+			update_option('import-blogger', $this->import);
+			$paramary = array('blogID' => $_GET['blog'], 'all' => '1', 'republishAll' => 'Republish Entire Blog', 'publish' => '1', 'redirectUrl' => "/publish.do?blogID={$_GET['blog']}&inprogress=true");
+
+			$response = $this->post_blogger("http://www.blogger.com/publish.do?blogID={$_GET['blog']}", $this->import['cookies'], $paramary);
+			if ( $response['code'] == '302' ) {
+				$url = str_replace('publish.g', 'publish-body.g', $response['header']['Location']);
+				$this->import['blogs'][$_GET['blog']]['publish'][$i] = $url;
+				update_option('import-blogger', $this->import);
+				$response = $this->get_blogger($url, $this->import['cookies']);
+				preg_match('#<p class="progressIndicator">.*</p>#U', $response['body'], $matches);
+				$progress = $matches[0];
+				die($head . $progress);
+			} else {
+				$this->import['blogs'][$_GET['blog']]['publish'][$i] = false;
+				update_option('import-blogger', $this->import);
+				die($head);
+			}
+		} else {
+			// Subsequent call. Keep checking status until Blogger reports publish complete.
+			$url = $this->import['blogs'][$_GET['blog']]['publish'][$i];
+			$response = $this->get_blogger($url, $this->import['cookies']);
+			if ( preg_match('#<p class="progressIndicator">.*</p>#U', $response['body'], $matches) ) {
+				$progress = $matches[0];
+				if ( strstr($progress, '100%') ) {
+					$this->set_next_step($i);
+					$progress .= '<p>'.__('Moving on...').'</p>';
+				}
+				die($head . $progress);
+			} else {
+				$this->import['blogs'][$_GET['blog']]['publish'][$i] = false;
+				update_option('import-blogger', $this->import);
+				die("$head<p>" . __('Trying again...') . '</p>');
+			}
+		}
+	}
+
+	// Sets next step, saves options
+	function set_next_step($step) {
+		$this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
+		update_option('import-blogger', $this->import);
+	}
+
+	// Redirects to next step
+	function do_next_step() {
+		wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
+		die();
+	}
+
+	// Step 0: Do Blogger login, get blogid/title pairs.
+	function do_login() {
+		if ( ( ! $this->import['user'] && ! is_array($this->import['cookies']) ) ) {
+			// The user must provide a Blogger username and password.
+			if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
+				$this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
+			}
+
+			// Try logging in. If we get an array of cookies back, we at least connected.
+			$this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
+			if ( !is_array( $this->import['cookies'] ) ) {
+				$this->login_form(__('Login failed. Please enter your credentials again.'));
+			}
+
+			// Save the password so we can log the browser in when it's time to publish.
+			$this->import['pass'] = $_POST['pass'];
+			$this->import['user'] = $_POST['user'];
+
+			// Get the Blogger welcome page and scrape the blog numbers and names from it
+			$response = $this->get_blogger('http://www.blogger.com/home', $this->import['cookies']);
+			if (! stristr($response['body'], 'signed in as') ) $this->login_form(__('Login failed. Please re-enter your username and password.'));
+			$blogsary = array();
+			preg_match_all('#posts\.g\?blogID=(\d+)">([^<]+)</a>#U', $response['body'], $blogsary);
+			if ( ! count( $blogsary[1] < 1 ) )
+				die(__('No blogs found for this user.'));
+			$this->import['blogs'] = array();
+			$template = '<MainPage><br /><br /><br /><p>'.__('Are you looking for %title%? It is temporarily out of service. Please try again in a few minutes. Meanwhile, discover <a href="http://wordpress.org/">a better blogging tool</a>.').'</p><BloggerArchives><a class="archive" href="<$BlogArchiveURL$>"><$BlogArchiveName$></a><br /></BloggerArchives></MainPage><ArchivePage><Blogger><wordpresspost><$BlogItemDateTime$>|W|P|<$BlogItemAuthorNickname$>|W|P|<$BlogItemBody$>|W|P|<$BlogItemNumber$>|W|P|<$BlogItemTitle$>|W|P|<$BlogItemAuthorEmail$><BlogItemCommentsEnabled><BlogItemComments><wordpresscomment><$BlogCommentDateTime$>|W|P|<$BlogCommentAuthor$>|W|P|<$BlogCommentBody$></BlogItemComments></BlogItemCommentsEnabled></Blogger></ArchivePage>';
+			foreach ( $blogsary[1] as $key => $id ) {
+				// Define the required Blogger options.
+				$blog_opts = array(
+					'blog-options-basic' => false,
+					'blog-options-archiving' => array('archiveFrequency' => 'm'),
+					'blog-publishing' => array('publishMode'=>'0', 'blogID' => "$id", 'subdomain' => mt_rand().mt_rand(), 'pingWeblogs' => 'false'),
+					'blog-formatting' => array('timeStampFormat' => '0', 'encoding'=>'UTF-8', 'convertLineBreaks'=>'false', 'floatAlignment'=>'false'),
+					'blog-comments' => array('commentsTimeStampFormat' => '0'),
+					'template-edit' => array( 'templateText' =>  str_replace('%title%', trim($blogsary[2][$key]), $template) )
+				);
+
+				// Build the blog options array template
+				foreach ($blog_opts as $blog_opt => $modify)
+					$new_opts["$blog_opt"] = array('backup'=>false, 'modify' => $modify, 'error'=>false);
+
+				$this->import['blogs']["$id"] = array(
+					'id' => $id,
+					'title' => trim($blogsary[2][$key]),
+					'options' => $new_opts,
+					'url' => false,
+					'publish_cookies' => false,
+					'published' => false,
+					'archives' => false,
+					'lump_authors' => false,
+					'newusers' => array(),
+					'nextstep' => 2
+				);
+			}
+			update_option('import-blogger', $this->import);
+			wp_redirect("admin.php?import=blogger&noheader=true&step=1");
+		}
+		die();
+	}
+
+	// Step 1: Select one of the blogs belonging to the user logged in.
+	function select_blog() {
+		if ( is_array($this->import['blogs']) ) {
+			$this->show_blogs();
+			die();
+		} else {
+			$this->restart();
+		}
+	}
+
+	// Step 2: Backup the Blogger options pages, updating some of them.
+	function backup_settings() {
+		$output.= '<h1>'.__('Backing up Blogger options')."</h1>\n";
+		$form = false;
+		foreach ($this->import['blogs'][$_GET['blog']]['options'] as $blog_opt => $optary) {
+			if ( $blog_opt == $_GET['form'] ) {
+				// Save the posted form data
+				$this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['backup'] = $_POST;
+				update_option('import-blogger',$this->import);
+
+				// Post the modified form data to Blogger
+				if ( $optary['modify'] ) {
+					$posturl = "http://www.blogger.com/{$blog_opt}.do";
+					$headers = array_merge($this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['cookies'], $this->import['cookies']);
+					if ( 'blog-publishing' == $blog_opt ) {
+						if ( $_POST['publishMode'] > 0 ) {
+							$response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode=0", $headers);
+							if ( $response['code'] >= 400 )
+								die('<h2>'.__('Failed attempt to change publish mode from FTP to BlogSpot.').'</h2><pre>' . addslashes(print_r($headers, 1)) . addslashes(print_r($response, 1)) . '</pre>');
+							$this->import['blogs'][$_GET['blog']]['url'] = 'http://' . $optary['modify']['subdomain'] . '.blogspot.com/';
+							sleep(2);
+						} else {
+							$this->import['blogs'][$_GET['blog']]['url'] = 'http://' . $_POST['subdomain'] . '.blogspot.com/';
+							update_option('import-blogger', $this->import);
+							$output .= "<del><p>$blog_opt</p></del>\n";
+							continue;
+						}
+						$paramary = $optary['modify'];
+					} else {
+						$paramary = array_merge($_POST, $optary['modify']);
+					}
+					$response = $this->post_blogger($posturl, $headers, $paramary);
+					if ( $response['code'] >= 400 || strstr($response['body'], 'There are errors on this form') )
+						die('<p>'.__('Error on form submission. Retry or reset the importer.').'</p>' . addslashes(print_r($response, 1)));
+				}
+				$output .= "<del><p>$blog_opt</p></del>\n";
+			} elseif ( is_array($this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['backup']) ) {
+				// This option set has already been backed up.
+				$output .= "<del><p>$blog_opt</p></del>\n";
+			} elseif ( ! $form ) {
+				// This option page needs to be downloaded and given to the browser for submission back to this script.
+				$response = $this->get_blogger("http://www.blogger.com/{$blog_opt}.g?blogID={$_GET['blog']}", $this->import['cookies']);
+				$this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['cookies'] = $response['cookies'];
+				update_option('import-blogger',$this->import);
+				$body = $response['body'];
+				$body = preg_replace("|\<!DOCTYPE.*\<body[^>]*>|ms","",$body);
+				$body = preg_replace("|/?{$blog_opt}.do|","admin.php?import=blogger&amp;noheader=true&amp;step=2&amp;blog={$_GET['blog']}&amp;form={$blog_opt}",$body);
+				$body = str_replace("name='submit'","name='supermit'",$body);
+				$body = str_replace('name="submit"','name="supermit"',$body);
+				$body = str_replace('</body>','',str_replace('</html>','',$body));
+				$form = "<div style='height:0px;width:0px;overflow:hidden;'>";
+				$form.= $body;
+				$form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
+				$output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
+			} else {
+				$output.= "<p>$blog_opt</p>\n";
+			}
+		}
+		if ( $form )
+			die($output . $form);
+
+		$this->set_next_step(4);
+		$this->do_next_step();
+	}
+
+	// Step 3: Cancelled :-)
+
+	// Step 4: Publish with the new template and settings.
+	function publish_blog() {
+		$this->publish_blogger(5, __('Publishing with new template and options'));
+	}
+
+	// Step 5: Get the archive URLs from the new blog.
+	function get_archive_urls() {
+		$bloghtml = $this->get_blogger($this->import['blogs'][$_GET['blog']]['url']);
+		if (! strstr($bloghtml['body'], '<a class="archive"') )
+			die(__('Your Blogger blog did not take the new template or did not respond.'));
+		preg_match_all('#<a class="archive" href="([^"]*)"#', $bloghtml['body'], $archives);
+		foreach ($archives[1] as $archive) {
+			$this->import['blogs'][$_GET['blog']]['archives'][$archive] = false;
+		}
+		$this->set_next_step(6);
+		$this->do_next_step();
+	}
+
+	// Step 6: Get each monthly archive, import it, mark it done.
+	function get_archive() {
+		global $wpdb;
+		$output = '<h2>'.__('Importing Blogger archives into WordPress').'</h2>';
+		$did_one = false;
+		$post_array = $posts = array();
+		foreach ( $this->import['blogs'][$_GET['blog']]['archives'] as $url => $status ) {
+			$archivename = substr(basename($url),0,7);
+			if ( $status || $did_one ) {
+				$foo = 'bar';
+				// Do nothing.
+			} else {
+				// Import the selected month
+				$postcount = 0;
+				$skippedpostcount = 0;
+				$commentcount = 0;
+				$skippedcommentcount = 0;
+				$status = __('in progress...');
+				$this->import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
+				update_option('import-blogger', $import);
+				$archive = $this->get_blogger($url);
+				if ( $archive['code'] > 200 )
+					continue;
+				$posts = explode('<wordpresspost>', $archive['body']);
+				for ($i = 1; $i < count($posts); $i = $i + 1) {
+					$postparts = explode('<wordpresscomment>', $posts[$i]);
+					$postinfo = explode('|W|P|', $postparts[0]);
+					$post_date = $postinfo[0];
+					$post_content = $postinfo[2];
+					// Don't try to re-use the original numbers
+					// because the new, longer numbers are too
+					// big to handle as ints.
+					//$post_number = $postinfo[3];
+					$post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
+					$post_author_name = $wpdb->escape(trim($postinfo[1]));
+					$post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
+
+					if ( $this->lump_authors ) {
+						// Ignore Blogger authors. Use the current user_ID for all posts imported.
+						$post_author = $GLOBALS['user_ID'];
+					} else {
+						// Add a user for each new author encountered.
+						if (! username_exists($post_author_name) ) {
+							$user_login = $wpdb->escape($post_author_name);
+							$user_email = $wpdb->escape($post_author_email);
+							$user_password = substr(md5(uniqid(microtime())), 0, 6);
+							$result = wp_create_user( $user_login, $user_password, $user_email );
+							$status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
+							$this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
+						}
+						$userdata = get_userdatabylogin( $post_author_name );
+						$post_author = $userdata->ID;
+					}
+					$post_date = explode(' ', $post_date);
+					$post_date_Ymd = explode('/', $post_date[0]);
+					$postyear = $post_date_Ymd[2];
+					$postmonth = zeroise($post_date_Ymd[0], 2);
+					$postday = zeroise($post_date_Ymd[1], 2);
+					$post_date_His = explode(':', $post_date[1]);
+					$posthour = zeroise($post_date_His[0], 2);
+					$postminute = zeroise($post_date_His[1], 2);
+					$postsecond = zeroise($post_date_His[2], 2);
+
+					if (($post_date[2] == 'PM') && ($posthour != '12'))
+						$posthour = $posthour + 12;
+					else if (($post_date[2] == 'AM') && ($posthour == '12'))
+						$posthour = '00';
+
+					$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+					$post_content = addslashes($post_content);
+					$post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
+
+					$post_title = addslashes($post_title);
+
+					$post_status = 'publish';
+
+					if ( $ID = post_exists($post_title, '', $post_date) ) {
+						$post_array[$i]['ID'] = $ID;
+						$skippedpostcount++;
+					} else {
+						$post_array[$i]['post'] = compact('post_author', 'post_content', 'post_title', 'post_category', 'post_author', 'post_date', 'post_status');
+						$post_array[$i]['comments'] = false;
+					}
+
+					// Import any comments attached to this post.
+					if ($postparts[1]) :
+					for ($j = 1; $j < count($postparts); $j = $j + 1) {
+						$commentinfo = explode('|W|P|', $postparts[$j]);
+						$comment_date = explode(' ', $commentinfo[0]);
+						$comment_date_Ymd = explode('/', $comment_date[0]);
+						$commentyear = $comment_date_Ymd[2];
+						$commentmonth = zeroise($comment_date_Ymd[0], 2);
+						$commentday = zeroise($comment_date_Ymd[1], 2);
+						$comment_date_His = explode(':', $comment_date[1]);
+						$commenthour = zeroise($comment_date_His[0], 2);
+						$commentminute = zeroise($comment_date_His[1], 2);
+						$commentsecond = '00';
+						if (($comment_date[2] == 'PM') && ($commenthour != '12'))
+							$commenthour = $commenthour + 12;
+						else if (($comment_date[2] == 'AM') && ($commenthour == '12'))
+							$commenthour = '00';
+						$comment_date = "$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+						$comment_author = addslashes(strip_tags($commentinfo[1]));
+						if ( strpos($commentinfo[1], 'a href') ) {
+							$comment_author_parts = explode('&quot;', htmlentities($commentinfo[1]));
+							$comment_author_url = $comment_author_parts[1];
+						} else $comment_author_url = '';
+						$comment_content = $commentinfo[2];
+						$comment_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $comment_content);
+						$comment_approved = 1;
+						if ( comment_exists($comment_author, $comment_date) ) {
+							$skippedcommentcount++;
+						} else {
+							$comment = compact('comment_author', 'comment_author_url', 'comment_date', 'comment_content', 'comment_approved');
+							$post_array[$i]['comments'][$j] = wp_filter_comment($comment);
+						}
+						$commentcount++;
+					}
+					endif;
+					$postcount++;
+				}
+				if ( count($post_array) ) {
+					krsort($post_array);
+					foreach($post_array as $post) {
+						if ( ! $comment_post_ID = $post['ID'] )
+							$comment_post_ID = wp_insert_post($post['post']);
+						if ( $post['comments'] ) {
+							foreach ( $post['comments'] as $comment ) {
+								$comment['comment_post_ID'] = $comment_post_ID;
+								wp_insert_comment($comment);
+							}
+						}
+					}
+				}
+				$status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount,  $skippedpostcount).' '.
+					sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '.
+					' <strong>'.__('Done').'</strong>';
+				$import = $this->import;
+				$import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
+				update_option('import-blogger', $import);
+				$did_one = true;
+			}
+			$output.= "<p>$archivename $status</p>\n";
+ 		}
+		if ( ! $did_one )
+			$this->set_next_step(7);
+		die( $this->refresher(1000) . $output );
+	}
+
+	// Step 7: Restore the backed-up settings to Blogger
+	function restore_settings() {
+		$output = '<h1>'.__('Restoring your Blogger options')."</h1>\n";
+		$did_one = false;
+		// Restore options in reverse order.
+		if ( ! $this->import['reversed'] ) {
+			$this->import['blogs'][$_GET['blog']]['options'] = array_reverse($this->import['blogs'][$_GET['blog']]['options'], true);
+			$this->import['reversed'] = true;
+			update_option('import-blogger', $this->import);
+		}
+		foreach ( $this->import['blogs'][$_GET['blog']]['options'] as $blog_opt => $optary ) {
+			if ( $did_one ) {
+				$output .= "<p>$blog_opt</p>\n";
+			} elseif ( $optary['restored'] || ! $optary['modify'] ) {
+				$output .= "<p><del>$blog_opt</del></p>\n";
+			} else {
+				$posturl = "http://www.blogger.com/{$blog_opt}.do";
+				$headers = array_merge($this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['cookies'], $this->import['cookies']);
+				if ( 'blog-publishing' == $blog_opt) {
+					if ( $optary['backup']['publishMode'] > 0 ) {
+						$response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
+						sleep(2);
+						if ( $response['code'] >= 400 )
+							die('<h1>'.__('Error restoring publishMode').'</h1><p>'.__('Please tell the devs.').'</p>' . addslashes(print_r($response, 1)) );
+					}
+				}
+				if ( $optary['backup'] != $optary['modify'] ) {
+					$response = $this->post_blogger($posturl, $headers, $optary['backup']);
+					if ( $response['code'] >= 400 || strstr($response['body'], 'There are errors on this form') ) {
+						$this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['error'] = true;
+						update_option('import-blogger', $this->import);
+						$output .= sprintf(__('%s failed. Trying again.'), "<p><strong>$blog_opt</strong> ").'</p>';
+					} else {
+						$this->import['blogs'][$_GET['blog']]['options']["$blog_opt"]['restored'] = true;
+						update_option('import-blogger', $this->import);
+						$output .= sprintf(__('%s restored.'), "<p><strong>$blog_opt</strong> ").'</p>';
+					}
+				}
+				$did_one = true;
+			}
+		}
+
+		if ( $did_one ) {
+			die( $this->refresher(1000) . $output );
+		} elseif ( $this->import['blogs'][$_GET['blog']]['options']['blog-publishing']['backup']['publishMode'] > 0 ) {
+			$this->set_next_step(9);
+		} else {
+			$this->set_next_step(8);
+		}
+
+		$this->do_next_step();
+	}
+
+	// Step 8: Republish, all back to normal
+	function republish_blog() {
+		$this->publish_blogger(9, __('Publishing with original template and options'));
+	}
+
+	// Step 9: Congratulate the user
+	function congrats() {
+		echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>';
+		if ( count($this->import['blogs']) > 1 )
+			echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
+		if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) )
+			echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors &amp; Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>';
+		echo '<li>'.__('For security, click the link below to reset this importer. That will clear your Blogger credentials and options from the database.').'</li>';
+		echo '</ul>';
+	}
+
+	// Figures out what to do, then does it.
+	function start() {
+		if ( $_GET['restart'] == 'true' ) {
+			$this->restart();
+		}
+
+		if ( isset($_GET['noheader']) ) {
+			header('Content-Type: text/html; charset=utf-8');
+
+			$this->import = get_option('import-blogger');
+
+			if ( false === $this->import ) {
+				$step = 0;
+			} elseif ( isset($_GET['step']) ) {
+				$step = (int) $_GET['step'];
+			} elseif ( isset($_GET['blog']) && isset($this->import['blogs'][$_GET['blog']]['nextstep']) ) {
+				$step = $this->import['blogs'][$_GET['blog']]['nextstep'];
+			} elseif ( is_array($this->import['blogs']) ) {
+				$step = 1;
+			} else {
+				$step = 0;
+			}
+//echo "Step $step.";
+//die('<pre>'.print_r($this->import,1).'</pre');
+			switch ($step) {
+				case 0 :
+					$this->do_login();
+					break;
+				case 1 :
+					$this->select_blog();
+					break;
+				case 2 :
+					$this->backup_settings();
+					break;
+				case 3 :
+					$this->wait_for_blogger();
+					break;
+				case 4 :
+					$this->publish_blog();
+					break;
+				case 5 :
+					$this->get_archive_urls();
+					break;
+				case 6 :
+					$this->get_archive();
+					break;
+				case 7 :
+					$this->restore_settings();
+					break;
+				case 8 :
+					$this->republish_blog();
+					break;
+				case 9 :
+					$this->congrats();
+					break;
+			}
+			die;
+
+		} else {
+			$this->greet();
+		}
+	}
+
+	function Blogger_Import() {
+		// This space intentionally left blank.
+	}
+}
+
+$blogger_import = new Blogger_Import();
+
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));
+
+?>

wp-admin/import/dotclear.php

@@ -0,0 +1,756 @@
+<?php
+/*
+ * DotClear import plugin
+ * by Thomas Quinot - http://thomas.quinot.org/
+ */
+
+/**
+	Add These Functions to make our lives easier
+**/
+if(!function_exists('get_catbynicename'))
+{
+	function get_catbynicename($category_nicename)
+	{
+	global $wpdb;
+
+	$cat_id -= 0; 	// force numeric
+	$name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
+
+	return $name;
+	}
+}
+
+if(!function_exists('get_comment_count'))
+{
+	function get_comment_count($post_ID)
+	{
+		global $wpdb;
+		return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+	}
+}
+
+if(!function_exists('link_cat_exists'))
+{
+	function link_cat_exists($catname)
+	{
+		global $wpdb;
+		return $wpdb->get_var('SELECT cat_id FROM '.$wpdb->linkcategories.' WHERE cat_name = "'.$wpdb->escape($catname).'"');
+	}
+}
+
+if(!function_exists('link_exists'))
+{
+	function link_exists($linkname)
+	{
+		global $wpdb;
+		return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"');
+	}
+}
+
+/*
+ Identify UTF-8 text
+ Taken from http://www.php.net/manual/fr/function.mb-detect-encoding.php#50087
+*/
+//
+//    utf8 encoding validation developed based on Wikipedia entry at:
+//    http://en.wikipedia.org/wiki/UTF-8
+//
+//    Implemented as a recursive descent parser based on a simple state machine
+//    copyright 2005 Maarten Meijer
+//
+//    This cries out for a C-implementation to be included in PHP core
+//
+
+function valid_1byte($char) {
+	if(!is_int($char)) return false;
+		return ($char & 0x80) == 0x00;
+}
+
+function valid_2byte($char) {
+	if(!is_int($char)) return false;
+		return ($char & 0xE0) == 0xC0;
+}
+
+function valid_3byte($char) {
+	if(!is_int($char)) return false;
+		return ($char & 0xF0) == 0xE0;
+}
+
+function valid_4byte($char) {
+	if(!is_int($char)) return false;
+		return ($char & 0xF8) == 0xF0;
+}
+
+function valid_nextbyte($char) {
+	if(!is_int($char)) return false;
+		return ($char & 0xC0) == 0x80;
+}
+
+function valid_utf8($string) {
+	$len = strlen($string);
+	$i = 0;
+	while( $i < $len ) {
+		$char = ord(substr($string, $i++, 1));
+		if(valid_1byte($char)) {    // continue
+			continue;
+		} else if(valid_2byte($char)) { // check 1 byte
+			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+				return false;
+		} else if(valid_3byte($char)) { // check 2 bytes
+			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+				return false;
+			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+				return false;
+		} else if(valid_4byte($char)) { // check 3 bytes
+			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+				return false;
+			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+				return false;
+			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
+				return false;
+		} // goto next char
+	}
+	return true; // done
+}
+
+function csc ($s) {
+	if (valid_utf8 ($s)) {
+		return $s;
+	} else {
+		return iconv(get_option ("dccharset"),"UTF-8",$s);
+	}
+}
+
+function textconv ($s) {
+	return csc (preg_replace ('|(?<!<br />)\s*\n|', ' ', $s));
+}
+
+/**
+	The Main Importer Class
+**/
+class Dotclear_Import {
+
+	function header() 
+	{
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import DotClear').'</h2>';
+		echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'</p>';
+	}
+
+	function footer() 
+	{
+		echo '</div>';
+	}
+
+	function greet() 
+	{
+		echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog.  Mileage may vary.').'</p>';
+		echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
+		echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
+		wp_nonce_field('import-dotclear');
+		$this->db_form();
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
+		echo '</form></div>';
+	}
+
+	function get_dc_cats()
+	{
+		global $wpdb;
+		// General Housekeeping
+		$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
+		set_magic_quotes_runtime(0);
+		$dbprefix = get_option('dcdbprefix');
+
+		// Get Categories
+		return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A);
+	}
+
+	function get_dc_users()
+	{
+		global $wpdb;
+		// General Housekeeping
+		$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
+		set_magic_quotes_runtime(0);
+		$dbprefix = get_option('dcdbprefix');
+
+		// Get Users
+
+		return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A);
+	}
+
+	function get_dc_posts()
+	{
+		// General Housekeeping
+		$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
+		set_magic_quotes_runtime(0);
+		$dbprefix = get_option('dcdbprefix');
+
+		// Get Posts
+		return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name
+						FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie
+						ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A);
+	}
+
+	function get_dc_comments()
+	{
+		global $wpdb;
+		// General Housekeeping
+		$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
+		set_magic_quotes_runtime(0);
+		$dbprefix = get_option('dcdbprefix');
+
+		// Get Comments
+		return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A);
+	}
+
+	function get_dc_links()
+	{
+		//General Housekeeping
+		$dcdb = new wpdb(get_option('dcuser'), get_option('dcpass'), get_option('dcname'), get_option('dchost'));
+		set_magic_quotes_runtime(0);
+		$dbprefix = get_option('dcdbprefix');
+
+		return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A);
+	}
+
+	function cat2wp($categories='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$dccat2wpcat = array();
+		// Do the Magic
+		if(is_array($categories))
+		{
+			echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
+			foreach ($categories as $category)
+			{
+				$count++;
+				extract($category);
+
+				// Make Nice Variables
+				$name = $wpdb->escape($cat_libelle_url);
+				$title = $wpdb->escape(csc ($cat_libelle));
+				$desc = $wpdb->escape(csc ($cat_desc));
+
+				if($cinfo = category_exists($name))
+				{
+					$ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title, 'category_description' => $desc));
+				}
+				else
+				{
+					$ret_id = wp_insert_category(array('category_nicename' => $name, 'cat_name' => $title, 'category_description' => $desc));
+				}
+				$dccat2wpcat[$id] = $ret_id;
+			}
+
+			// Store category translation for future use
+			add_option('dccat2wpcat',$dccat2wpcat);
+			echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
+			return true;
+		}
+		echo __('No Categories to Import!');
+		return false;
+	}
+
+	function users2wp($users='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$dcid2wpid = array();
+
+		// Midnight Mojo
+		if(is_array($users))
+		{
+			echo '<p>'.__('Importing Users...').'<br /><br /></p>';
+			foreach($users as $user)
+			{
+				$count++;
+				extract($user);
+
+				// Make Nice Variables
+				$name = $wpdb->escape(csc ($name));
+				$RealName = $wpdb->escape(csc ($user_pseudo));
+
+				if($uinfo = get_userdatabylogin($name))
+				{
+
+					$ret_id = wp_insert_user(array(
+								'ID'		=> $uinfo->ID,
+								'user_login'	=> $user_id,
+								'user_nicename'	=> $Realname,
+								'user_email'	=> $user_email,
+								'user_url'	=> 'http://',
+								'display_name'	=> $Realname)
+								);
+				}
+				else
+				{
+					$ret_id = wp_insert_user(array(
+								'user_login'	=> $user_id,
+								'user_nicename'	=> csc ($user_pseudo),
+								'user_email'	=> $user_email,
+								'user_url'	=> 'http://',
+								'display_name'	=> $Realname)
+								);
+				}
+				$dcid2wpid[$user_id] = $ret_id;
+
+				// Set DotClear-to-WordPress permissions translation
+
+				// Update Usermeta Data
+				$user = new WP_User($ret_id);
+				$wp_perms = $user_level + 1;
+				if(10 == $wp_perms) { $user->set_role('administrator'); }
+				else if(9  == $wp_perms) { $user->set_role('editor'); }
+				else if(5  <= $wp_perms) { $user->set_role('editor'); }
+				else if(4  <= $wp_perms) { $user->set_role('author'); }
+				else if(3  <= $wp_perms) { $user->set_role('contributor'); }
+				else if(2  <= $wp_perms) { $user->set_role('contributor'); }
+				else                     { $user->set_role('subscriber'); }
+
+				update_usermeta( $ret_id, 'wp_user_level', $wp_perms);
+				update_usermeta( $ret_id, 'rich_editing', 'false');
+				update_usermeta( $ret_id, 'first_name', csc ($user_prenom));
+				update_usermeta( $ret_id, 'last_name', csc ($user_nom));
+			}// End foreach($users as $user)
+
+			// Store id translation array for future use
+			add_option('dcid2wpid',$dcid2wpid);
+
+
+			echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
+			return true;
+		}// End if(is_array($users)
+
+		echo __('No Users to Import!');
+		return false;
+
+	}// End function user2wp()
+
+	function posts2wp($posts='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$dcposts2wpposts = array();
+		$cats = array();
+
+		// Do the Magic
+		if(is_array($posts))
+		{
+			echo '<p>'.__('Importing Posts...').'<br /><br /></p>';
+			foreach($posts as $post)
+			{
+				$count++;
+				extract($post);
+
+				// Set DotClear-to-WordPress status translation
+				$stattrans = array(0 => 'draft', 1 => 'publish');
+				$comment_status_map = array (0 => 'closed', 1 => 'open');
+
+				//Can we do this more efficiently?
+				$uinfo = ( get_userdatabylogin( $user_id ) ) ? get_userdatabylogin( $user_id ) : 1;
+				$authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
+
+				$Title = $wpdb->escape(csc ($post_titre));
+				$post_content = textconv ($post_content);
+				$post_excerpt = "";
+				if ($post_chapo != "") {
+					$post_excerpt = textconv ($post_chapo);
+					$post_content = $post_excerpt ."\n<!--more-->\n".$post_content;
+				}
+				$post_excerpt = $wpdb->escape ($post_excerpt);
+				$post_content = $wpdb->escape ($post_content);
+				$post_status = $stattrans[$post_pub];
+
+				// Import Post data into WordPress
+
+				if($pinfo = post_exists($Title,$post_content))
+				{
+					$ret_id = wp_insert_post(array(
+							'ID'			=> $pinfo,
+							'post_author'		=> $authorid,
+							'post_date'		=> $post_dt,
+							'post_date_gmt'		=> $post_dt,
+							'post_modified'		=> $post_upddt,
+							'post_modified_gmt'	=> $post_upddt,
+							'post_title'		=> $Title,
+							'post_content'		=> $post_content,
+							'post_excerpt'		=> $post_excerpt,
+							'post_status'		=> $post_status,
+							'post_name'		=> $post_titre_url,
+							'comment_status'	=> $comment_status_map[$post_open_comment],
+							'ping_status'		=> $comment_status_map[$post_open_tb],
+							'comment_count'		=> $post_nb_comment + $post_nb_trackback)
+							);
+				}
+				else
+				{
+					$ret_id = wp_insert_post(array(
+							'post_author'		=> $authorid,
+							'post_date'		=> $post_dt,
+							'post_date_gmt'		=> $post_dt,
+							'post_modified'		=> $post_modified_gmt,
+							'post_modified_gmt'	=> $post_modified_gmt,
+							'post_title'		=> $Title,
+							'post_content'		=> $post_content,
+							'post_excerpt'		=> $post_excerpt,
+							'post_status'		=> $post_status,
+							'post_name'		=> $post_titre_url,
+							'comment_status'	=> $comment_status_map[$post_open_comment],
+							'ping_status'		=> $comment_status_map[$post_open_tb],
+							'comment_count'		=> $post_nb_comment + $post_nb_trackback)
+							);
+				}
+				$dcposts2wpposts[$post_id] = $ret_id;
+
+				// Make Post-to-Category associations
+				$cats = array();
+				if($cat1 = get_catbynicename($post_cat_name)) { $cats[1] = $cat1; }
+
+				if(!empty($cats)) { wp_set_post_cats('', $ret_id, $cats); }
+			}
+		}
+		// Store ID translation for later use
+		add_option('dcposts2wpposts',$dcposts2wpposts);
+
+		echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
+		return true;
+	}
+
+	function comments2wp($comments='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$dccm2wpcm = array();
+		$postarr = get_option('dcposts2wpposts');
+
+		// Magic Mojo
+		if(is_array($comments))
+		{
+			echo '<p>'.__('Importing Comments...').'<br /><br /></p>';
+			foreach($comments as $comment)
+			{
+				$count++;
+				extract($comment);
+
+				// WordPressify Data
+				$comment_ID = (int) ltrim($comment_id, '0');
+				$comment_post_ID = (int) $postarr[$post_id];
+				$comment_approved = "$comment_pub";
+				$name = $wpdb->escape(csc ($comment_auteur));
+				$email = $wpdb->escape($comment_email);
+				$web = "http://".$wpdb->escape($comment_site);
+				$message = $wpdb->escape(textconv ($comment_content));
+
+				if($cinfo = comment_exists($name, $comment_dt))
+				{
+					// Update comments
+					$ret_id = wp_update_comment(array(
+							'comment_ID'		=> $cinfo,
+							'comment_post_ID'	=> $comment_post_ID,
+							'comment_author'	=> $name,
+							'comment_author_email'	=> $email,
+							'comment_author_url'	=> $web,
+							'comment_author_IP'	=> $comment_ip,
+							'comment_date'		=> $comment_dt,
+							'comment_date_gmt'	=> $comment_dt,
+							'comment_content'	=> $message,
+							'comment_approved'	=> $comment_approved)
+							);
+				}
+				else
+				{
+					// Insert comments
+					$ret_id = wp_insert_comment(array(
+							'comment_post_ID'	=> $comment_post_ID,
+							'comment_author'	=> $name,
+							'comment_author_email'	=> $email,
+							'comment_author_url'	=> $web,
+							'comment_author_IP'	=> $comment_ip,
+							'comment_date'		=> $comment_dt,
+							'comment_date_gmt'	=> $comment_dt,
+							'comment_content'	=> $message,
+							'comment_approved'	=> $comment_approved)
+							);
+				}
+				$dccm2wpcm[$comment_ID] = $ret_id;
+			}
+			// Store Comment ID translation for future use
+			add_option('dccm2wpcm', $dccm2wpcm);
+
+			// Associate newly formed categories with posts
+			get_comment_count($ret_id);
+
+
+			echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
+			return true;
+		}
+		echo __('No Comments to Import!');
+		return false;
+	}
+
+	function links2wp($links='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+
+		// Deal with the links
+		if(is_array($links))
+		{
+			echo '<p>'.__('Importing Links...').'<br /><br /></p>';
+			foreach($links as $link)
+			{
+				$count++;
+				extract($link);
+
+				if ($title != "") {
+					if ($cinfo = link_cat_exists (csc ($title))) {
+						$category = $cinfo;
+					} else {
+						$wpdb->query ("INSERT INTO $wpdb->linkcategories (cat_name) VALUES ('".
+							$wpdb->escape (csc ($title))."')");
+						$category = $wpdb->insert_id;
+					}
+				} else {
+					$linkname = $wpdb->escape(csc ($label));
+					$description = $wpdb->escape(csc ($title));
+
+					if($linfo = link_exists($linkname)) {
+						$ret_id = wp_insert_link(array(
+									'link_id'		=> $linfo,
+									'link_url'		=> $href,
+									'link_name'		=> $linkname,
+									'link_category'		=> $category,
+									'link_description'	=> $description)
+									);
+					} else {
+						$ret_id = wp_insert_link(array(
+									'link_url'		=> $url,
+									'link_name'		=> $linkname,
+									'link_category'		=> $category,
+									'link_description'	=> $description)
+									);
+					}
+					$dclinks2wplinks[$link_id] = $ret_id;
+				}
+			}
+			add_option('dclinks2wplinks',$dclinks2wplinks);
+			echo '<p>';
+			printf(__('Done! <strong>%s</strong> links or link categories imported'), $count);
+			echo '<br /><br /></p>';
+			return true;
+		}
+		echo __('No Links to Import!');
+		return false;
+	}
+
+	function import_categories()
+	{
+		// Category Import
+		$cats = $this->get_dc_cats();
+		$this->cat2wp($cats);
+		add_option('dc_cats', $cats);
+
+
+
+		echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
+		echo '</form>';
+
+	}
+
+	function import_users()
+	{
+		// User Import
+		$users = $this->get_dc_users();
+		$this->users2wp($users);
+
+		echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
+		echo '</form>';
+	}
+
+	function import_posts()
+	{
+		// Post Import
+		$posts = $this->get_dc_posts();
+		$this->posts2wp($posts);
+
+		echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
+		echo '</form>';
+	}
+
+	function import_comments()
+	{
+		// Comment Import
+		$comments = $this->get_dc_comments();
+		$this->comments2wp($comments);
+
+		echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
+		echo '</form>';
+	}
+
+	function import_links()
+	{
+		//Link Import
+		$links = $this->get_dc_links();
+		$this->links2wp($links);
+		add_option('dc_links', $links);
+
+		echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
+		echo '</form>';
+	}
+
+	function cleanup_dcimport()
+	{
+		delete_option('dcdbprefix');
+		delete_option('dc_cats');
+		delete_option('dcid2wpid');
+		delete_option('dccat2wpcat');
+		delete_option('dcposts2wpposts');
+		delete_option('dccm2wpcm');
+		delete_option('dclinks2wplinks');
+		delete_option('dcuser');
+		delete_option('dcpass');
+		delete_option('dcname');
+		delete_option('dchost');
+		delete_option('dccharset');
+		$this->tips();
+	}
+
+	function tips()
+	{
+		echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from DotClear, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
+		echo '<h3>'.__('Users').'</h3>';
+		echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in DotClear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+		echo '<h3>'.__('Preserving Authors').'</h3>';
+		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
+		echo '<h3>'.__('Textile').'</h3>';
+		echo '<p>'.__('Also, since you\'re coming from DotClear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<h3>'.__('WordPress Resources').'</h3>';
+		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
+		echo '<ul>';
+		echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
+		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
+		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
+		echo '</ul>';
+		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
+	}
+
+	function db_form()
+	{
+		echo '<table class="editform">';
+		printf('<tr><th><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('DotClear Database User:'));
+		printf('<tr><th><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('DotClear Database Password:'));
+		printf('<tr><th><label for="dbname">%s</label></th><td><input type="text" name="dbname" id="dbname" /></td></tr>', __('DotClear Database Name:'));
+		printf('<tr><th><label for="dbhost">%s</label></th><td><input type="text" name="dbhost" nameid="dbhost" value="localhost" /></td></tr>', __('DotClear Database Host:'));
+		printf('<tr><th><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix" value="dc_"/></td></tr>', __('DotClear Table prefix:'));
+		printf('<tr><th><label for="dccharset">%s</label></th><td><input type="text" name="dccharset" id="dccharset" value="ISO-8859-15"/></td></tr>', __('Originating character set:'));
+		echo '</table>';
+	}
+
+	function dispatch()
+	{
+
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+		$this->header();
+
+		if ( $step > 0 )
+		{
+			check_admin_referer('import-dotclear');
+
+			if($_POST['dbuser'])
+			{
+				if(get_option('dcuser'))
+					delete_option('dcuser');
+				add_option('dcuser', sanitize_user($_POST['dbuser'], true));
+			}
+			if($_POST['dbpass'])
+			{
+				if(get_option('dcpass'))
+					delete_option('dcpass');
+				add_option('dcpass', sanitize_user($_POST['dbpass'], true));
+			}
+
+			if($_POST['dbname'])
+			{
+				if(get_option('dcname'))
+					delete_option('dcname');
+				add_option('dcname', sanitize_user($_POST['dbname'], true));
+			}
+			if($_POST['dbhost'])
+			{
+				if(get_option('dchost'))
+					delete_option('dchost');
+				add_option('dchost', sanitize_user($_POST['dbhost'], true));
+			}
+			if($_POST['dccharset'])
+			{
+				if(get_option('dccharset'))
+					delete_option('dccharset');
+				add_option('dccharset', sanitize_user($_POST['dccharset'], true));
+			}
+			if($_POST['dbprefix'])
+			{
+				if(get_option('dcdbprefix'))
+					delete_option('dcdbprefix');
+				add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
+			}
+
+
+		}
+
+		switch ($step)
+		{
+			default:
+			case 0 :
+				$this->greet();
+				break;
+			case 1 :
+				$this->import_categories();
+				break;
+			case 2 :
+				$this->import_users();
+				break;
+			case 3 :
+				$this->import_posts();
+				break;
+			case 4 :
+				$this->import_comments();
+				break;
+			case 5 :
+				$this->import_links();
+				break;
+			case 6 :
+				$this->cleanup_dcimport();
+				break;
+		}
+
+		$this->footer();
+	}
+
+	function Dotclear_Import()
+	{
+		// Nothing.
+	}
+}
+
+$dc_import = new Dotclear_Import();
+register_importer('dotclear', __('DotClear'), __('Import categories, users, posts, comments, and links from a DotClear blog'), array ($dc_import, 'dispatch'));
+?>

wp-admin/import/greymatter.php

@@ -0,0 +1,317 @@
+<?php
+
+class GM_Import {
+
+	var $gmnames = array ();
+
+	function header() {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import GreyMatter').'</h2>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function greet() {
+		$this->header();
+?>
+<p><?php _e('This is a basic GreyMatter to WordPress import script.') ?></p>
+<p><?php _e('What it does:') ?></p>
+<ul>
+<li><?php _e('Parses gm-authors.cgi to import (new) authors. Everyone is imported at level 1.') ?></li>
+<li><?php _e('Parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress yet).<br />If authors are found not to be in gm-authors.cgi, imports them at level 0.') ?></li>
+<li><?php _e("Detects duplicate entries or comments. If you don't import everything the first time, or this import should fail in the middle, duplicate entries will not be made when you try again.") ?></li>
+</ul>
+<p><?php _e('What it does not:') ?></p>
+<ul>
+<li><?php _e('Parse gm-counter.cgi, gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log).') ?></li>
+<li><?php _e('Import gm-templates.') ?></li>
+<li><?php _e("Doesn't keep entries on top.")?></li>
+</ul>
+<p>&nbsp;</p>
+
+<form name="stepOne" method="get">
+<input type="hidden" name="import" value="greymatter" />
+<input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
+<h3><?php _e('Second step: GreyMatter details:') ?></h3>
+<p><table cellpadding="0">
+<tr>
+<td><?php _e('Path to GM files:') ?></td>
+<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
+</tr>
+<tr>
+<td><?php _e('Path to GM entries:') ?></td>
+<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
+</tr>
+<tr>
+<td colspan="2"><br /><?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+</tr>
+<tr>
+<td><?php _e("Last entry's number:") ?></td>
+<td><input type="text" name="lastentry" value="00000001" /></td>
+</tr>
+</table>
+</p>
+<p><?php _e("When you're ready, click OK to start importing: ") ?><input type="submit" name="submit" value="<?php _e('OK') ?>" class="search" /></p>
+</form>
+<p>&nbsp</p>
+<?php
+		$this->footer();
+	}
+
+
+
+	function gm2autobr($string) { // transforms GM's |*| into b2's <br />\n
+		$string = str_replace("|*|","<br />\n",$string);
+		return($string);
+	}
+
+	function import() {
+		global $wpdb;
+
+		$wpvarstoreset = array('gmpath', 'archivespath', 'lastentry');
+		for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+			$wpvar = $wpvarstoreset[$i];
+			if (!isset($$wpvar)) {
+				if (empty($_POST["$wpvar"])) {
+					if (empty($_GET["$wpvar"])) {
+						$$wpvar = '';
+					} else {
+						$$wpvar = $_GET["$wpvar"];
+					}
+				} else {
+					$$wpvar = $_POST["$wpvar"];
+				}
+			}
+		}
+
+		if (!chdir($archivespath))
+			wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
+
+		if (!chdir($gmpath))
+			wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+		$lastentry = (int) $lastentry;
+
+		$this->header();
+?>
+<p><?php _e('The importer is running...') ?></p>
+<ul>
+<li><?php _e('importing users...') ?><ul><?php
+
+	chdir($gmpath);
+	$userbase = file("gm-authors.cgi");
+
+	foreach($userbase as $user) {
+		$userdata=explode("|", $user);
+
+		$user_ip="127.0.0.1";
+		$user_domain="localhost";
+		$user_browser="server";
+
+		$s=$userdata[4];
+		$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
+
+		$user_login=$wpdb->escape($userdata[0]);
+		$pass1=$wpdb->escape($userdata[1]);
+		$user_nickname=$wpdb->escape($userdata[0]);
+		$user_email=$wpdb->escape($userdata[2]);
+		$user_url=$wpdb->escape($userdata[3]);
+		$user_joindate=$wpdb->escape($user_joindate);
+
+		$user_id = username_exists($user_login);
+		if ($user_id) {
+			printf('<li>'.__('user %s').'<strong>'.__('Already exists').'</strong></li>', "<em>$user_login</em>");
+			$this->gmnames[$userdata[0]] = $user_id;
+			continue;
+		}
+
+		$user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
+		$user_id = wp_insert_user($user_info);
+		$this->gmnames[$userdata[0]] = $user_id;
+
+		printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
+	}
+
+?></ul><strong><?php _e('Done') ?></strong></li>
+<li><?php _e('importing posts, comments, and karma...') ?><br /><ul><?php
+
+	chdir($archivespath);
+
+	for($i = 0; $i <= $lastentry; $i = $i + 1) {
+
+		$entryfile = "";
+
+		if ($i<10000000) {
+			$entryfile .= "0";
+			if ($i<1000000) {
+				$entryfile .= "0";
+				if ($i<100000) {
+					$entryfile .= "0";
+					if ($i<10000) {
+						$entryfile .= "0";
+						if ($i<1000) {
+							$entryfile .= "0";
+							if ($i<100) {
+								$entryfile .= "0";
+								if ($i<10) {
+									$entryfile .= "0";
+		}}}}}}}
+
+		$entryfile .= "$i";
+
+		if (is_file($entryfile.".cgi")) {
+
+			$entry=file($entryfile.".cgi");
+			$postinfo=explode("|",$entry[0]);
+			$postmaincontent=$this->gm2autobr($entry[2]);
+			$postmorecontent=$this->gm2autobr($entry[3]);
+
+			$post_author=trim($wpdb->escape($postinfo[1]));
+
+			$post_title=$this->gm2autobr($postinfo[2]);
+			printf('<li>'.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]);
+			$post_title=$wpdb->escape($post_title);
+
+			$postyear=$postinfo[6];
+			$postmonth=zeroise($postinfo[4],2);
+			$postday=zeroise($postinfo[5],2);
+			$posthour=zeroise($postinfo[7],2);
+			$postminute=zeroise($postinfo[8],2);
+			$postsecond=zeroise($postinfo[9],2);
+
+			if (($postinfo[10]=="PM") && ($posthour!="12"))
+				$posthour=$posthour+12;
+
+			$post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+			$post_content=$postmaincontent;
+			if (strlen($postmorecontent)>3)
+				$post_content .= "<!--more--><br /><br />".$postmorecontent;
+			$post_content=$wpdb->escape($post_content);
+
+			$post_karma=$postinfo[12];
+
+			$post_status = 'publish'; //in greymatter, there are no drafts
+			$comment_status = 'open';
+			$ping_status = 'closed';
+
+			if ($post_ID = post_exists($post_title, '', $post_date)) {
+				echo ' ';
+				_e('(already exists)');
+			} else {
+				//just so that if a post already exists, new users are not created by checkauthor
+				// we'll check the author is registered, or if it's a deleted author
+				$user_id = username_exists($post_author);
+				if (!$user_id) {	// if deleted from GM, we register the author as a level 0 user
+					$user_ip="127.0.0.1";
+					$user_domain="localhost";
+					$user_browser="server";
+					$user_joindate="1979-06-06 00:41:00";
+					$user_login=$wpdb->escape($post_author);
+					$pass1=$wpdb->escape("password");
+					$user_nickname=$wpdb->escape($post_author);
+					$user_email=$wpdb->escape("user@deleted.com");
+					$user_url=$wpdb->escape("");
+					$user_joindate=$wpdb->escape($user_joindate);
+
+					$user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
+					$user_id = wp_insert_user($user_info);
+					$this->gmnames[$postinfo[1]] = $user_id;
+
+					echo ': ';
+					printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
+				}
+
+				if (array_key_exists($postinfo[1], $this->gmnames)) {
+					$post_author = $this->gmnames[$postinfo[1]];
+				} else {
+					$post_author = $user_id;
+				}
+
+				$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+				$post_ID = wp_insert_post($postdata);
+			}
+
+			$c=count($entry);
+			if ($c>4) {
+				$numAddedComments = 0;
+				$numComments = 0;
+				for ($j=4;$j<$c;$j++) {
+					$entry[$j]=$this->gm2autobr($entry[$j]);
+					$commentinfo=explode("|",$entry[$j]);
+					$comment_post_ID=$post_ID;
+					$comment_author=$wpdb->escape($commentinfo[0]);
+					$comment_author_email=$wpdb->escape($commentinfo[2]);
+					$comment_author_url=$wpdb->escape($commentinfo[3]);
+					$comment_author_IP=$wpdb->escape($commentinfo[1]);
+
+					$commentyear=$commentinfo[7];
+					$commentmonth=zeroise($commentinfo[5],2);
+					$commentday=zeroise($commentinfo[6],2);
+					$commenthour=zeroise($commentinfo[8],2);
+					$commentminute=zeroise($commentinfo[9],2);
+					$commentsecond=zeroise($commentinfo[10],2);
+					if (($commentinfo[11]=="PM") && ($commenthour!="12"))
+						$commenthour=$commenthour+12;
+					$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+
+					$comment_content=$wpdb->escape($commentinfo[12]);
+
+					if (!comment_exists($comment_author, $comment_date)) {
+						$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+						$commentdata = wp_filter_comment($commentdata);
+						wp_insert_comment($commentdata);
+						$numAddedComments++;
+					}
+					$numComments++;
+				}
+				if ($numAddedComments > 0) {
+					echo ': ';
+					printf(__('imported %d comment(s)'), $numAddedComments);
+				}
+				$preExisting = $numComments - numAddedComments;
+				if ($preExisting > 0) {
+					echo ' ';
+					printf(__('ignored %d pre-existing comments'), $preExisting);
+				}
+			}
+			echo '... <strong>'.__('Done').'</strong></li>';
+		}
+	}
+	?>
+</ul><strong><?php _e('Done') ?></strong></li></ul>
+<p>&nbsp;</p>
+<p><?php _e('Completed GreyMatter import!') ?></p>
+<?php
+	$this->footer();
+	}
+
+	function dispatch() {
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+
+		switch ($step) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1:
+				check_admin_referer('import-greymatter');
+				$this->import();
+				break;
+		}
+	}
+
+	function GM_Import() {
+		// Nothing.
+	}
+}
+
+$gm_import = new GM_Import();
+
+register_importer('greymatter', __('GreyMatter'), __('Import users, posts, and comments from a Greymatter blog'), array ($gm_import, 'dispatch'));
+?>

wp-admin/import/livejournal.php

@@ -0,0 +1,172 @@
+<?php
+
+class LJ_Import {
+
+	var $file;
+
+	function header() {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import LiveJournal').'</h2>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function unhtmlentities($string) { // From php.net for < 4.3 compat
+		$trans_tbl = get_html_translation_table(HTML_ENTITIES);
+		$trans_tbl = array_flip($trans_tbl);
+		return strtr($string, $trans_tbl);
+	}
+	
+	function greet() {
+		echo '<p>'.__('Howdy! This importer allows you to extract posts from LiveJournal XML export file into your blog.  Pick a LiveJournal file to upload and click Import.').'</p>';
+		wp_import_upload_form("admin.php?import=livejournal&amp;step=1");
+	}
+
+	function import_posts() {
+		global $wpdb, $current_user;
+		
+		set_magic_quotes_runtime(0);
+		$importdata = file($this->file); // Read the file into an array
+		$importdata = implode('', $importdata); // squish it
+		$importdata = str_replace(array ("\r\n", "\r"), "\n", $importdata);
+
+		preg_match_all('|<entry>(.*?)</entry>|is', $importdata, $posts);
+		$posts = $posts[1];
+		unset($importdata);
+		echo '<ol>';		
+		foreach ($posts as $post) {
+			flush();
+			preg_match('|<subject>(.*?)</subject>|is', $post, $post_title);
+			$post_title = $wpdb->escape(trim($post_title[1]));
+			if ( empty($post_title) ) {
+				preg_match('|<itemid>(.*?)</itemid>|is', $post, $post_title);
+				$post_title = $wpdb->escape(trim($post_title[1]));
+			}
+
+			preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $post_date);
+			$post_date = strtotime($post_date[1]);
+			$post_date = gmdate('Y-m-d H:i:s', $post_date);
+
+			preg_match('|<event>(.*?)</event>|is', $post, $post_content);
+			$post_content = str_replace(array ('<![CDATA[', ']]>'), '', trim($post_content[1]));
+			$post_content = $this->unhtmlentities($post_content);
+
+			// Clean up content
+			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = str_replace('<br>', '<br />', $post_content);
+			$post_content = str_replace('<hr>', '<hr />', $post_content);
+			$post_content = $wpdb->escape($post_content);
+
+			$post_author = $current_user->ID;
+			$post_status = 'publish';
+
+			echo '<li>';
+			if ($post_id = post_exists($post_title, $post_content, $post_date)) {
+				printf(__('Post <i>%s</i> already exists.'), stripslashes($post_title));
+			} else {
+				printf(__('Importing post <i>%s</i>...'), stripslashes($post_title));
+				$postdata = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status');
+				$post_id = wp_insert_post($postdata);
+				if (!$post_id) {
+					_e("Couldn't get post ID");
+					echo '</li>';
+					break;
+				}
+			}
+
+			preg_match_all('|<comment>(.*?)</comment>|is', $post, $comments);
+			$comments = $comments[1];
+			
+			if ( $comments ) {
+				$comment_post_ID = (int) $post_id;
+				$num_comments = 0;
+				foreach ($comments as $comment) {
+					preg_match('|<event>(.*?)</event>|is', $comment, $comment_content);
+					$comment_content = str_replace(array ('<![CDATA[', ']]>'), '', trim($comment_content[1]));
+					$comment_content = $this->unhtmlentities($comment_content);
+
+					// Clean up content
+					$comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content);
+					$comment_content = str_replace('<br>', '<br />', $comment_content);
+					$comment_content = str_replace('<hr>', '<hr />', $comment_content);
+					$comment_content = $wpdb->escape($comment_content);
+
+					preg_match('|<eventtime>(.*?)</eventtime>|is', $comment, $comment_date);
+					$comment_date = trim($comment_date[1]);
+					$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
+
+					preg_match('|<name>(.*?)</name>|is', $comment, $comment_author);
+					$comment_author = $wpdb->escape(trim($comment_author[1]));
+
+					preg_match('|<email>(.*?)</email>|is', $comment, $comment_author_email);
+					$comment_author_email = $wpdb->escape(trim($comment_author_email[1]));
+
+					$comment_approved = 1;
+					// Check if it's already there
+					if (!comment_exists($comment_author, $comment_date)) {
+						$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_date', 'comment_content', 'comment_approved');
+						$commentdata = wp_filter_comment($commentdata);
+						wp_insert_comment($commentdata);
+						$num_comments++;
+					}
+				}
+			}
+			if ( $num_comments ) {
+				echo ' ';
+				printf(__('(%s comments)'), $num_comments);
+			}
+			echo '</li>';
+			flush();
+			ob_flush();
+		}
+		echo '</ol>';
+	}
+
+	function import() {
+		$file = wp_import_handle_upload();
+		if ( isset($file['error']) ) {
+			echo $file['error'];
+			return;
+		}
+
+		$this->file = $file['file'];
+		$this->import_posts();
+		wp_import_cleanup($file['id']);
+		
+		echo '<h3>';
+		printf(__('All done. <a href="%s">Have fun!</a>'), get_option('home'));
+		echo '</h3>';
+	}
+
+	function dispatch() {
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+
+		$this->header();
+		
+		switch ($step) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1 :
+				check_admin_referer('import-upload');
+				$this->import();
+				break;
+		}
+		
+		$this->footer();
+	}
+
+	function LJ_Import() {
+		// Nothing.	
+	}
+}
+
+$livejournal_import = new LJ_Import();
+
+register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
+?>

wp-admin/import/mt.php

@@ -0,0 +1,437 @@
+<?php
+
+class MT_Import {
+
+	var $posts = array ();
+	var $file;
+	var $id;
+	var $mtnames = array ();
+	var $newauthornames = array ();
+	var $j = -1;
+
+	function header() {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import Movable Type and Typepad').'</h2>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function greet() {
+		$this->header();
+?>
+<p><?php _e('Howdy! We&#8217;re about to begin the process to import all of your Movable Type entries into WordPress. To begin, select a file to upload and click Import.'); ?></p>
+<?php wp_import_upload_form( add_query_arg('step', 1) ); ?>
+	<p><?php _e('The importer is smart enough not to import duplicates, so you can run this multiple times without worry if&#8212;for whatever reason&#8212;it doesn\'t finish. If you get an <strong>out of memory</strong> error try splitting up the import file into pieces.'); ?> </p>
+<?php
+		$this->footer();
+	}
+
+	function users_form($n) {
+		global $wpdb, $testing;
+		$users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
+?><select name="userselect[<?php echo $n; ?>]">
+	<option value="#NONE#"><?php _e('- Select -') ?></option>
+	<?php
+
+
+		foreach ($users as $user) {
+			echo '<option value="'.$user->user_login.'">'.$user->user_login.'</option>';
+		}
+?>
+	</select>
+	<?php
+
+
+	}
+
+	//function to check the authorname and do the mapping
+	function checkauthor($author) {
+		global $wpdb;
+		//mtnames is an array with the names in the mt import file
+		$pass = 'changeme';
+		if (!(in_array($author, $this->mtnames))) { //a new mt author name is found
+			++ $this->j;
+			$this->mtnames[$this->j] = $author; //add that new mt author name to an array 
+			$user_id = username_exists($this->newauthornames[$this->j]); //check if the new author name defined by the user is a pre-existing wp user
+			if (!$user_id) { //banging my head against the desk now. 
+				if ($newauthornames[$this->j] == 'left_blank') { //check if the user does not want to change the authorname
+					$user_id = wp_create_user($author, $pass);
+					$this->newauthornames[$this->j] = $author; //now we have a name, in the place of left_blank.
+				} else {
+					$user_id = wp_create_user($this->newauthornames[$this->j], $pass);
+				}
+			} else {
+				return $user_id; // return pre-existing wp username if it exists
+			}
+		} else {
+			$key = array_search($author, $this->mtnames); //find the array key for $author in the $mtnames array
+			$user_id = username_exists($this->newauthornames[$key]); //use that key to get the value of the author's name from $newauthornames
+		}
+
+		return $user_id;
+	}
+
+	function get_entries() {
+		set_magic_quotes_runtime(0);
+		$importdata = file($this->file); // Read the file into an array
+		$importdata = implode('', $importdata); // squish it
+		$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
+		$importdata = preg_replace("/\n--------\n/", "--MT-ENTRY--\n", $importdata);
+		$this->posts = explode("--MT-ENTRY--", $importdata);
+	}
+
+	function get_mt_authors() {
+		$temp = array ();
+		$i = -1;
+		foreach ($this->posts as $post) {
+			if ('' != trim($post)) {
+				++ $i;
+				preg_match("|AUTHOR:(.*)|", $post, $thematch);
+				$thematch = trim($thematch[1]);
+				array_push($temp, "$thematch"); //store the extracted author names in a temporary array
+			}
+		}
+
+		//we need to find unique values of author names, while preserving the order, so this function emulates the unique_value(); php function, without the sorting.
+		$authors[0] = array_shift($temp);
+		$y = count($temp) + 1;
+		for ($x = 1; $x < $y; $x ++) {
+			$next = array_shift($temp);
+			if (!(in_array($next, $authors)))
+				array_push($authors, "$next");
+		}
+
+		return $authors;
+	}
+
+	function get_authors_from_post() {
+		$formnames = array ();
+		$selectnames = array ();
+
+		foreach ($_POST['user'] as $key => $line) {
+			$newname = trim(stripslashes($line));
+			if ($newname == '')
+				$newname = 'left_blank'; //passing author names from step 1 to step 2 is accomplished by using POST. left_blank denotes an empty entry in the form.
+			array_push($formnames, "$newname");
+		} // $formnames is the array with the form entered names
+
+		foreach ($_POST['userselect'] as $user => $key) {
+			$selected = trim(stripslashes($key));
+			array_push($selectnames, "$selected");
+		}
+
+		$count = count($formnames);
+		for ($i = 0; $i < $count; $i ++) {
+			if ($selectnames[$i] != '#NONE#') { //if no name was selected from the select menu, use the name entered in the form
+				array_push($this->newauthornames, "$selectnames[$i]");
+			} else {
+				array_push($this->newauthornames, "$formnames[$i]");
+			}
+		}
+	}
+
+	function mt_authors_form() {
+?>
+<div class="wrap">
+<h2><?php _e('Assign Authors'); ?></h2>
+<p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
+<p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
+<p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
+	<?php
+
+
+		$authors = $this->get_mt_authors();
+		echo '<ol id="authors">';
+		echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-mt');
+		$j = -1;
+		foreach ($authors as $author) {
+			++ $j;
+			echo '<li>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
+			$this->users_form($j);
+			echo '</li>';
+		}
+
+		echo '<input type="submit" value="'.__('Submit').'">'.'<br/>';
+		echo '</form>';
+		echo '</ol></div>';
+
+	}
+
+	function select_authors() {
+		$file = wp_import_handle_upload();
+		if ( isset($file['error']) ) {
+			$this->header();
+			echo '<p>'.__('Sorry, there has been an error').'.</p>';
+			echo '<p><strong>' . $file['error'] . '</strong></p>';
+			$this->footer();
+			return;
+		}
+		$this->file = $file['file'];
+		$this->id = (int) $file['id'];
+
+		$this->get_entries();
+		$this->mt_authors_form();
+	}
+
+	function process_posts() {
+		global $wpdb;
+		$i = -1;
+		echo "<div class='wrap'><ol>";
+		foreach ($this->posts as $post) {
+			if ('' != trim($post)) {
+				++ $i;
+				unset ($post_categories);
+
+				// Take the pings out first
+				preg_match("|(-----\n\nPING:.*)|s", $post, $pings);
+				$post = preg_replace("|(-----\n\nPING:.*)|s", '', $post);
+
+				// Then take the comments out
+				preg_match("|(-----\nCOMMENT:.*)|s", $post, $comments);
+				$post = preg_replace("|(-----\nCOMMENT:.*)|s", '', $post);
+
+				// We ignore the keywords
+				$post = preg_replace("|(-----\nKEYWORDS:.*)|s", '', $post);
+
+				// We want the excerpt
+				preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
+				$post_excerpt = $wpdb->escape(trim($excerpt[1]));
+				$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
+
+				// We're going to put extended body into main body with a more tag
+				preg_match("|-----\nEXTENDED BODY:(.*)|s", $post, $extended);
+				$extended = trim($extended[1]);
+				if ('' != $extended)
+					$extended = "\n<!--more-->\n$extended";
+				$post = preg_replace("|(-----\nEXTENDED BODY:.*)|s", '', $post);
+
+				// Now for the main body
+				preg_match("|-----\nBODY:(.*)|s", $post, $body);
+				$body = trim($body[1]);
+				$post_content = $wpdb->escape($body.$extended);
+				$post = preg_replace("|(-----\nBODY:.*)|s", '', $post);
+
+				// Grab the metadata from what's left
+				$metadata = explode("\n", $post);
+				foreach ($metadata as $line) {
+					preg_match("/^(.*?):(.*)/", $line, $token);
+					$key = trim($token[1]);
+					$value = trim($token[2]);
+					// Now we decide what it is and what to do with it
+					switch ($key) {
+						case '' :
+							break;
+						case 'AUTHOR' :
+							$post_author = $value;
+							break;
+						case 'TITLE' :
+							$post_title = $wpdb->escape($value);
+							break;
+						case 'STATUS' :
+							// "publish" and "draft" enumeration items match up; no change required
+							$post_status = $value;
+							if (empty ($post_status))
+								$post_status = 'publish';
+							break;
+						case 'ALLOW COMMENTS' :
+							$post_allow_comments = $value;
+							if ($post_allow_comments == 1) {
+								$comment_status = 'open';
+							} else {
+								$comment_status = 'closed';
+							}
+							break;
+						case 'CONVERT BREAKS' :
+							$post_convert_breaks = $value;
+							break;
+						case 'ALLOW PINGS' :
+							$ping_status = trim($meta[2][0]);
+							if ($ping_status == 1) {
+								$ping_status = 'open';
+							} else {
+								$ping_status = 'closed';
+							}
+							break;
+						case 'PRIMARY CATEGORY' :
+							if (! empty ($value) )
+								$post_categories[] = $wpdb->escape($value);
+							break;
+						case 'CATEGORY' :
+							if (! empty ($value) )
+								$post_categories[] = $wpdb->escape($value);
+							break;
+						case 'DATE' :
+							$post_modified = strtotime($value);
+							$post_modified = date('Y-m-d H:i:s', $post_modified);
+							$post_modified_gmt = get_gmt_from_date("$post_modified");
+							$post_date = $post_modified;
+							$post_date_gmt = $post_modified_gmt;
+							break;
+						default :
+							// echo "\n$key: $value";
+							break;
+					} // end switch
+				} // End foreach
+
+				// Let's check to see if it's in already
+				if ($post_id = post_exists($post_title, '', $post_date)) {
+					echo '<li>';
+					printf(__('Post <i>%s</i> already exists.'), stripslashes($post_title));
+				} else {
+					echo '<li>';
+					printf(__('Importing post <i>%s</i>...'), stripslashes($post_title));
+
+					$post_author = $this->checkauthor($post_author); //just so that if a post already exists, new users are not created by checkauthor
+
+					$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+					$post_id = wp_insert_post($postdata);
+					// Add categories.
+					if (0 != count($post_categories)) {
+						wp_create_categories($post_categories, $post_id);
+					}
+				}
+
+				$comment_post_ID = (int) $post_id;
+				$comment_approved = 1;
+
+				// Now for comments
+				$comments = explode("-----\nCOMMENT:", $comments[0]);
+				$num_comments = 0;
+				foreach ($comments as $comment) {
+					if ('' != trim($comment)) {
+						// Author
+						preg_match("|AUTHOR:(.*)|", $comment, $comment_author);
+						$comment_author = $wpdb->escape(trim($comment_author[1]));
+						$comment = preg_replace('|(\n?AUTHOR:.*)|', '', $comment);
+						preg_match("|EMAIL:(.*)|", $comment, $comment_author_email);
+						$comment_author_email = $wpdb->escape(trim($comment_author_email[1]));
+						$comment = preg_replace('|(\n?EMAIL:.*)|', '', $comment);
+
+						preg_match("|IP:(.*)|", $comment, $comment_author_IP);
+						$comment_author_IP = trim($comment_author_IP[1]);
+						$comment = preg_replace('|(\n?IP:.*)|', '', $comment);
+
+						preg_match("|URL:(.*)|", $comment, $comment_author_url);
+						$comment_author_url = $wpdb->escape(trim($comment_author_url[1]));
+						$comment = preg_replace('|(\n?URL:.*)|', '', $comment);
+
+						preg_match("|DATE:(.*)|", $comment, $comment_date);
+						$comment_date = trim($comment_date[1]);
+						$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
+						$comment = preg_replace('|(\n?DATE:.*)|', '', $comment);
+
+						$comment_content = $wpdb->escape(trim($comment));
+						$comment_content = str_replace('-----', '', $comment_content);
+						// Check if it's already there
+						if (!comment_exists($comment_author, $comment_date)) {
+							$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+							$commentdata = wp_filter_comment($commentdata);
+							wp_insert_comment($commentdata);
+							$num_comments++;
+						}
+					}
+				}
+				if ( $num_comments )
+					printf(' '.__('(%s comments)'), $num_comments);
+
+				// Finally the pings
+				// fix the double newline on the first one
+				$pings[0] = str_replace("-----\n\n", "-----\n", $pings[0]);
+				$pings = explode("-----\nPING:", $pings[0]);
+				$num_pings = 0;
+				foreach ($pings as $ping) {
+					if ('' != trim($ping)) {
+						// 'Author'
+						preg_match("|BLOG NAME:(.*)|", $ping, $comment_author);
+						$comment_author = $wpdb->escape(trim($comment_author[1]));
+						$ping = preg_replace('|(\n?BLOG NAME:.*)|', '', $ping);
+
+						preg_match("|IP:(.*)|", $ping, $comment_author_IP);
+						$comment_author_IP = trim($comment_author_IP[1]);
+						$ping = preg_replace('|(\n?IP:.*)|', '', $ping);
+
+						preg_match("|URL:(.*)|", $ping, $comment_author_url);
+						$comment_author_url = $wpdb->escape(trim($comment_author_url[1]));
+						$ping = preg_replace('|(\n?URL:.*)|', '', $ping);
+
+						preg_match("|DATE:(.*)|", $ping, $comment_date);
+						$comment_date = trim($comment_date[1]);
+						$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
+						$ping = preg_replace('|(\n?DATE:.*)|', '', $ping);
+
+						preg_match("|TITLE:(.*)|", $ping, $ping_title);
+						$ping_title = $wpdb->escape(trim($ping_title[1]));
+						$ping = preg_replace('|(\n?TITLE:.*)|', '', $ping);
+
+						$comment_content = $wpdb->escape(trim($ping));
+						$comment_content = str_replace('-----', '', $comment_content);
+
+						$comment_content = "<strong>$ping_title</strong>\n\n$comment_content";
+
+						$comment_type = 'trackback';
+
+						// Check if it's already there
+						if (!comment_exists($comment_author, $comment_date)) {
+							$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_type', 'comment_approved');
+							$commentdata = wp_filter_comment($commentdata);
+							wp_insert_comment($commentdata);
+							$num_pings++;
+						}
+					}
+				}
+				if ( $num_pings )
+					printf(' '.__('(%s pings)'), $num_pings);
+
+				echo "</li>";
+			}
+		}
+
+		echo '</ol>';
+
+		wp_import_cleanup($this->id);
+
+		echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3></div>';
+	}
+
+	function import() {
+		$this->id = (int) $_GET['id'];
+		
+		$this->file = get_attached_file($this->id);
+		$this->get_authors_from_post();
+		$this->get_entries();
+		$this->process_posts();
+	}
+
+	function dispatch() {
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+
+		switch ($step) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1 :
+				check_admin_referer('import-upload');
+				$this->select_authors();
+				break;
+			case 2:
+				check_admin_referer('import-mt');
+				$this->import();
+				break;
+		}
+	}
+
+	function MT_Import() {
+		// Nothing.
+	}
+}
+
+$mt_import = new MT_Import();
+
+register_importer('mt', __('Movable Type and Typepad'), __('Imports <strong>posts and comments</strong> from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch'));
+?>

wp-admin/import/rss.php

@@ -0,0 +1,173 @@
+<?php
+
+class RSS_Import {
+
+	var $posts = array ();
+	var $file;
+
+	function header() {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import RSS').'</h2>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function unhtmlentities($string) { // From php.net for < 4.3 compat
+		$trans_tbl = get_html_translation_table(HTML_ENTITIES);
+		$trans_tbl = array_flip($trans_tbl);
+		return strtr($string, $trans_tbl);
+	}
+	
+	function greet() {
+		echo '<p>'.__('Howdy! This importer allows you to extract posts from any RSS 2.0 file into your blog. This is useful if you want to import your posts from a system that is not handled by a custom import tool. Pick an RSS file to upload and click Import.').'</p>';
+		wp_import_upload_form("admin.php?import=rss&amp;step=1");
+	}
+
+	function get_posts() {
+		global $wpdb;
+		
+		set_magic_quotes_runtime(0);
+		$datalines = file($this->file); // Read the file into an array
+		$importdata = implode('', $datalines); // squish it
+		$importdata = str_replace(array ("\r\n", "\r"), "\n", $importdata);
+
+		preg_match_all('|<item>(.*?)</item>|is', $importdata, $this->posts);
+		$this->posts = $this->posts[1];
+		$index = 0;
+		foreach ($this->posts as $post) {
+			preg_match('|<title>(.*?)</title>|is', $post, $post_title);
+			$post_title = str_replace(array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($post_title[1]) ));
+
+			preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date_gmt);
+
+			if ($post_date_gmt) {
+				$post_date_gmt = strtotime($post_date_gmt[1]);
+			} else {
+				// if we don't already have something from pubDate
+				preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date_gmt);
+				$post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]);
+				$post_date_gmt = str_replace('T', ' ', $post_date_gmt);
+				$post_date_gmt = strtotime($post_date_gmt);
+			}
+
+			$post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt);
+			$post_date = get_date_from_gmt( $post_date_gmt );
+
+			preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
+			$categories = $categories[1];
+
+			if (!$categories) {
+				preg_match_all('|<dc:subject>(.*?)</dc:subject>|is', $post, $categories);
+				$categories = $categories[1];
+			}
+
+			$cat_index = 0;
+			foreach ($categories as $category) {
+				$categories[$cat_index] = $wpdb->escape($this->unhtmlentities($category));
+				$cat_index++;
+			}
+
+			preg_match('|<guid.+?>(.*?)</guid>|is', $post, $guid);
+			if ($guid)
+				$guid = $wpdb->escape(trim($guid[1]));
+			else
+				$guid = '';
+
+			preg_match('|<content:encoded>(.*?)</content:encoded>|is', $post, $post_content);
+			$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $wpdb->escape(trim($post_content[1])));
+
+			if (!$post_content) {
+				// This is for feeds that put content in description
+				preg_match('|<description>(.*?)</description>|is', $post, $post_content);
+				$post_content = $wpdb->escape($this->unhtmlentities(trim($post_content[1])));
+			}
+
+			// Clean up content
+			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = str_replace('<br>', '<br />', $post_content);
+			$post_content = str_replace('<hr>', '<hr />', $post_content);
+
+			$post_author = 1;
+			$post_status = 'publish';
+			$this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
+			$index++;
+		}
+	}
+
+	function import_posts() {
+		echo '<ol>';
+
+		foreach ($this->posts as $post) {
+			echo "<li>".__('Importing post...');
+
+			extract($post);
+
+			if ($post_id = post_exists($post_title, $post_content, $post_date)) {
+				_e('Post already imported');
+			} else {
+				$post_id = wp_insert_post($post);
+				if (!$post_id) {
+					_e("Couldn't get post ID");
+					return;
+				}
+
+				if (0 != count($categories))
+					wp_create_categories($categories, $post_id);
+				_e('Done !');
+			}
+			echo '</li>';
+		}
+
+		echo '</ol>';
+
+	}
+
+	function import() {
+		$file = wp_import_handle_upload();
+		if ( isset($file['error']) ) {
+			echo $file['error'];
+			return;
+		}
+
+		$this->file = $file['file'];
+		$this->get_posts();
+		$this->import_posts();
+		wp_import_cleanup($file['id']);
+		
+		echo '<h3>';
+		printf(__('All done. <a href="%s">Have fun!</a>'), get_option('home'));
+		echo '</h3>';
+	}
+
+	function dispatch() {
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+
+		$this->header();
+		
+		switch ($step) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1 :
+				check_admin_referer('import-upload');
+				$this->import();
+				break;
+		}
+		
+		$this->footer();
+	}
+
+	function RSS_Import() {
+		// Nothing.	
+	}
+}
+
+$rss_import = new RSS_Import();
+
+register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
+?>

wp-admin/import/textpattern.php

@@ -0,0 +1,673 @@
+<?php
+/**
+	Add These Functions to make our lives easier
+**/
+if(!function_exists('get_catbynicename'))
+{
+	function get_catbynicename($category_nicename)
+	{
+	global $wpdb;
+
+	$cat_id -= 0; 	// force numeric
+	$name = $wpdb->get_var('SELECT cat_ID FROM '.$wpdb->categories.' WHERE category_nicename="'.$category_nicename.'"');
+
+	return $name;
+	}
+}
+
+if(!function_exists('get_comment_count'))
+{
+	function get_comment_count($post_ID)
+	{
+		global $wpdb;
+		return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+	}
+}
+
+if(!function_exists('link_exists'))
+{
+	function link_exists($linkname)
+	{
+		global $wpdb;
+		return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"');
+	}
+}
+
+/**
+	The Main Importer Class
+**/
+class Textpattern_Import {
+
+	function header() 
+	{
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import Textpattern').'</h2>';
+		echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'</p>';
+	}
+
+	function footer() 
+	{
+		echo '</div>';
+	}
+
+	function greet() {
+		echo '<div class="narrow">';
+		echo '<p>'.__('Howdy! This imports categories, users, posts, comments, and links from any Textpattern 4.0.2+ into this blog.').'</p>';
+		echo '<p>'.__('This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
+		echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
+		echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
+		wp_nonce_field('import-textpattern');
+		$this->db_form();
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
+		echo '</form>';
+		echo '</div>';
+	}
+
+	function get_txp_cats()
+	{
+		global $wpdb;
+		// General Housekeeping
+		$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
+		set_magic_quotes_runtime(0);
+		$prefix = get_option('tpre');
+
+		// Get Categories
+		return $txpdb->get_results('SELECT
+			id,
+			name,
+			title
+			FROM '.$prefix.'txp_category
+			WHERE type = "article"',
+			ARRAY_A);
+	}
+
+	function get_txp_users()
+	{
+		global $wpdb;
+		// General Housekeeping
+		$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
+		set_magic_quotes_runtime(0);
+		$prefix = get_option('tpre');
+
+		// Get Users
+
+		return $txpdb->get_results('SELECT
+			user_id,
+			name,
+			RealName,
+			email,
+			privs
+			FROM '.$prefix.'txp_users', ARRAY_A);
+	}
+
+	function get_txp_posts()
+	{
+		// General Housekeeping
+		$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
+		set_magic_quotes_runtime(0);
+		$prefix = get_option('tpre');
+
+		// Get Posts
+		return $txpdb->get_results('SELECT
+			ID,
+			Posted,
+			AuthorID,
+			LastMod,
+			Title,
+			Body,
+			Excerpt,
+			Category1,
+			Category2,
+			Status,
+			Keywords,
+			url_title,
+			comments_count
+			FROM '.$prefix.'textpattern
+			', ARRAY_A);
+	}
+
+	function get_txp_comments()
+	{
+		global $wpdb;
+		// General Housekeeping
+		$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
+		set_magic_quotes_runtime(0);
+		$prefix = get_option('tpre');
+
+		// Get Comments
+		return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A);
+	}
+
+		function get_txp_links()
+	{
+		//General Housekeeping
+		$txpdb = new wpdb(get_option('txpuser'), get_option('txppass'), get_option('txpname'), get_option('txphost'));
+		set_magic_quotes_runtime(0);
+		$prefix = get_option('tpre');
+
+		return $txpdb->get_results('SELECT
+			id,
+			date,
+			category,
+			url,
+			linkname,
+			description
+			FROM '.$prefix.'txp_link',
+			ARRAY_A);
+	}
+
+	function cat2wp($categories='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$txpcat2wpcat = array();
+		// Do the Magic
+		if(is_array($categories))
+		{
+			echo '<p>'.__('Importing Categories...').'<br /><br /></p>';
+			foreach ($categories as $category)
+			{
+				$count++;
+				extract($category);
+
+
+				// Make Nice Variables
+				$name = $wpdb->escape($name);
+				$title = $wpdb->escape($title);
+
+				if($cinfo = category_exists($name))
+				{
+					$ret_id = wp_insert_category(array('cat_ID' => $cinfo, 'category_nicename' => $name, 'cat_name' => $title));
+				}
+				else
+				{
+					$ret_id = wp_insert_category(array('category_nicename' => $name, 'cat_name' => $title));
+				}
+				$txpcat2wpcat[$id] = $ret_id;
+			}
+
+			// Store category translation for future use
+			add_option('txpcat2wpcat',$txpcat2wpcat);
+			echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> categories imported.'), $count).'<br /><br /></p>';
+			return true;
+		}
+		echo __('No Categories to Import!');
+		return false;
+	}
+
+	function users2wp($users='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$txpid2wpid = array();
+
+		// Midnight Mojo
+		if(is_array($users))
+		{
+			echo '<p>'.__('Importing Users...').'<br /><br /></p>';
+			foreach($users as $user)
+			{
+				$count++;
+				extract($user);
+
+				// Make Nice Variables
+				$name = $wpdb->escape($name);
+				$RealName = $wpdb->escape($RealName);
+
+				if($uinfo = get_userdatabylogin($name))
+				{
+
+					$ret_id = wp_insert_user(array(
+								'ID'			=> $uinfo->ID,
+								'user_login'	=> $name,
+								'user_nicename'	=> $RealName,
+								'user_email'	=> $email,
+								'user_url'		=> 'http://',
+								'display_name'	=> $name)
+								);
+				}
+				else
+				{
+					$ret_id = wp_insert_user(array(
+								'user_login'	=> $name,
+								'user_nicename'	=> $RealName,
+								'user_email'	=> $email,
+								'user_url'		=> 'http://',
+								'display_name'	=> $name)
+								);
+				}
+				$txpid2wpid[$user_id] = $ret_id;
+
+				// Set Textpattern-to-WordPress permissions translation
+				$transperms = array(1 => '10', 2 => '9', 3 => '5', 4 => '4', 5 => '3', 6 => '2', 7 => '0');
+
+				// Update Usermeta Data
+				$user = new WP_User($ret_id);
+				if('10' == $transperms[$privs]) { $user->set_role('administrator'); }
+				if('9'  == $transperms[$privs]) { $user->set_role('editor'); }
+				if('5'  == $transperms[$privs]) { $user->set_role('editor'); }
+				if('4'  == $transperms[$privs]) { $user->set_role('author'); }
+				if('3'  == $transperms[$privs]) { $user->set_role('contributor'); }
+				if('2'  == $transperms[$privs]) { $user->set_role('contributor'); }
+				if('0'  == $transperms[$privs]) { $user->set_role('subscriber'); }
+
+				update_usermeta( $ret_id, 'wp_user_level', $transperms[$privs] );
+				update_usermeta( $ret_id, 'rich_editing', 'false');
+			}// End foreach($users as $user)
+
+			// Store id translation array for future use
+			add_option('txpid2wpid',$txpid2wpid);
+
+
+			echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> users imported.'), $count).'<br /><br /></p>';
+			return true;
+		}// End if(is_array($users)
+
+		echo __('No Users to Import!');
+		return false;
+
+	}// End function user2wp()
+
+	function posts2wp($posts='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$txpposts2wpposts = array();
+		$cats = array();
+
+		// Do the Magic
+		if(is_array($posts))
+		{
+			echo '<p>'.__('Importing Posts...').'<br /><br /></p>';
+			foreach($posts as $post)
+			{
+				$count++;
+				extract($post);
+
+				// Set Textpattern-to-WordPress status translation
+				$stattrans = array(1 => 'draft', 2 => 'private', 3 => 'draft', 4 => 'publish', 5 => 'publish');
+
+				//Can we do this more efficiently?
+				$uinfo = ( get_userdatabylogin( $AuthorID ) ) ? get_userdatabylogin( $AuthorID ) : 1;
+				$authorid = ( is_object( $uinfo ) ) ? $uinfo->ID : $uinfo ;
+
+				$Title = $wpdb->escape($Title);
+				$Body = $wpdb->escape($Body);
+				$Excerpt = $wpdb->escape($Excerpt);
+				$post_status = $stattrans[$Status];
+
+				// Import Post data into WordPress
+
+				if($pinfo = post_exists($Title,$Body))
+				{
+					$ret_id = wp_insert_post(array(
+						'ID'				=> $pinfo,
+						'post_date'			=> $Posted,
+						'post_date_gmt'		=> $post_date_gmt,
+						'post_author'		=> $authorid,
+						'post_modified'		=> $LastMod,
+						'post_modified_gmt' => $post_modified_gmt,
+						'post_title'		=> $Title,
+						'post_content'		=> $Body,
+						'post_excerpt'		=> $Excerpt,
+						'post_status'		=> $post_status,
+						'post_name'			=> $url_title,
+						'comment_count'		=> $comments_count)
+						);
+				}
+				else
+				{
+					$ret_id = wp_insert_post(array(
+						'post_date'			=> $Posted,
+						'post_date_gmt'		=> $post_date_gmt,
+						'post_author'		=> $authorid,
+						'post_modified'		=> $LastMod,
+						'post_modified_gmt' => $post_modified_gmt,
+						'post_title'		=> $Title,
+						'post_content'		=> $Body,
+						'post_excerpt'		=> $Excerpt,
+						'post_status'		=> $post_status,
+						'post_name'			=> $url_title,
+						'comment_count'		=> $comments_count)
+						);
+				}
+				$txpposts2wpposts[$ID] = $ret_id;
+
+				// Make Post-to-Category associations
+				$cats = array();
+				if($cat1 = get_catbynicename($Category1)) { $cats[1] = $cat1; }
+				if($cat2 = get_catbynicename($Category2)) { $cats[2] = $cat2; }
+
+				if(!empty($cats)) { wp_set_post_categories($ret_id, $cats); }
+			}
+		}
+		// Store ID translation for later use
+		add_option('txpposts2wpposts',$txpposts2wpposts);
+
+		echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> posts imported.'), $count).'<br /><br /></p>';
+		return true;
+	}
+
+	function comments2wp($comments='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+		$txpcm2wpcm = array();
+		$postarr = get_option('txpposts2wpposts');
+
+		// Magic Mojo
+		if(is_array($comments))
+		{
+			echo '<p>'.__('Importing Comments...').'<br /><br /></p>';
+			foreach($comments as $comment)
+			{
+				$count++;
+				extract($comment);
+
+				// WordPressify Data
+				$comment_ID = ltrim($discussid, '0');
+				$comment_post_ID = $postarr[$parentid];
+				$comment_approved = (1 == $visible) ? 1 : 0;
+				$name = $wpdb->escape($name);
+				$email = $wpdb->escape($email);
+				$web = $wpdb->escape($web);
+				$message = $wpdb->escape($message);
+
+				if($cinfo = comment_exists($name, $posted))
+				{
+					// Update comments
+					$ret_id = wp_update_comment(array(
+						'comment_ID'			=> $cinfo,
+						'comment_post_ID'		=> $comment_post_ID,
+						'comment_author'		=> $name,
+						'comment_author_email'	=> $email,
+						'comment_author_url'	=> $web,
+						'comment_date'			=> $posted,
+						'comment_content'		=> $message,
+						'comment_approved'		=> $comment_approved)
+						);
+				}
+				else
+				{
+					// Insert comments
+					$ret_id = wp_insert_comment(array(
+						'comment_post_ID'		=> $comment_post_ID,
+						'comment_author'		=> $name,
+						'comment_author_email'	=> $email,
+						'comment_author_url'	=> $web,
+						'comment_author_IP'		=> $ip,
+						'comment_date'			=> $posted,
+						'comment_content'		=> $message,
+						'comment_approved'		=> $comment_approved)
+						);
+				}
+				$txpcm2wpcm[$comment_ID] = $ret_id;
+			}
+			// Store Comment ID translation for future use
+			add_option('txpcm2wpcm', $txpcm2wpcm);
+
+			// Associate newly formed categories with posts
+			get_comment_count($ret_id);
+
+
+			echo '<p>'.sprintf(__('Done! <strong>%1$s</strong> comments imported.'), $count).'<br /><br /></p>';
+			return true;
+		}
+		echo __('No Comments to Import!');
+		return false;
+	}
+
+	function links2wp($links='')
+	{
+		// General Housekeeping
+		global $wpdb;
+		$count = 0;
+
+		// Deal with the links
+		if(is_array($links))
+		{
+			echo '<p>'.__('Importing Links...').'<br /><br /></p>';
+			foreach($links as $link)
+			{
+				$count++;
+				extract($link);
+
+				// Make nice vars
+				$category = $wpdb->escape($category);
+				$linkname = $wpdb->escape($linkname);
+				$description = $wpdb->escape($description);
+
+				if($linfo = link_exists($linkname))
+				{
+					$ret_id = wp_insert_link(array(
+								'link_id'			=> $linfo,
+								'link_url'			=> $url,
+								'link_name'			=> $linkname,
+								'link_category'		=> $category,
+								'link_description'	=> $description,
+								'link_updated'		=> $date)
+								);
+				}
+				else
+				{
+					$ret_id = wp_insert_link(array(
+								'link_url'			=> $url,
+								'link_name'			=> $linkname,
+								'link_category'		=> $category,
+								'link_description'	=> $description,
+								'link_updated'		=> $date)
+								);
+				}
+				$txplinks2wplinks[$link_id] = $ret_id;
+			}
+			add_option('txplinks2wplinks',$txplinks2wplinks);
+			echo '<p>';
+			printf(__('Done! <strong>%s</strong> Links imported'), $count);
+			echo '<br /><br /></p>';
+			return true;
+		}
+		echo __('No Links to Import!');
+		return false;
+	}
+
+	function import_categories()
+	{
+		// Category Import
+		$cats = $this->get_txp_cats();
+		$this->cat2wp($cats);
+		add_option('txp_cats', $cats);
+
+
+
+		echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
+		echo '</form>';
+
+	}
+
+	function import_users()
+	{
+		// User Import
+		$users = $this->get_txp_users();
+		$this->users2wp($users);
+
+		echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
+		echo '</form>';
+	}
+
+	function import_posts()
+	{
+		// Post Import
+		$posts = $this->get_txp_posts();
+		$this->posts2wp($posts);
+
+		echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
+		echo '</form>';
+	}
+
+	function import_comments()
+	{
+		// Comment Import
+		$comments = $this->get_txp_comments();
+		$this->comments2wp($comments);
+
+		echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
+		echo '</form>';
+	}
+
+	function import_links()
+	{
+		//Link Import
+		$links = $this->get_txp_links();
+		$this->links2wp($links);
+		add_option('txp_links', $links);
+
+		echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
+		echo '</form>';
+	}
+
+	function cleanup_txpimport()
+	{
+		delete_option('tpre');
+		delete_option('txp_cats');
+		delete_option('txpid2wpid');
+		delete_option('txpcat2wpcat');
+		delete_option('txpposts2wpposts');
+		delete_option('txpcm2wpcm');
+		delete_option('txplinks2wplinks');
+		delete_option('txpuser');
+		delete_option('txppass');
+		delete_option('txpname');
+		delete_option('txphost');
+		$this->tips();
+	}
+
+	function tips()
+	{
+		echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from Textpattern, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
+		echo '<h3>'.__('Users').'</h3>';
+		echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in Textpattern, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and Textpattern uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+		echo '<h3>'.__('Preserving Authors').'</h3>';
+		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
+		echo '<h3>'.__('Textile').'</h3>';
+		echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<h3>'.__('WordPress Resources').'</h3>';
+		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
+		echo '<ul>';
+		echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
+		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
+		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
+		echo '</ul>';
+		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+	}
+
+	function db_form()
+	{
+		echo '<table class="editform">';
+		printf('<tr><th scope="row"><label for="dbuser">%s</label></th><td><input type="text" name="dbuser" id="dbuser" /></td></tr>', __('Textpattern Database User:'));
+		printf('<tr><th scope="row"><label for="dbpass">%s</label></th><td><input type="password" name="dbpass" id="dbpass" /></td></tr>', __('Textpattern Database Password:'));
+		printf('<tr><th scope="row"><label for="dbname">%s</label></th><td><input type="text" id="dbname" name="dbname" /></td></tr>', __('Textpattern Database Name:'));
+		printf('<tr><th scope="row"><label for="dbhost">%s</label></th><td><input type="text" id="dbhost" name="dbhost" value="localhost" /></td></tr>', __('Textpattern Database Host:'));
+		printf('<tr><th scope="row"><label for="dbprefix">%s</label></th><td><input type="text" name="dbprefix" id="dbprefix"  /></td></tr>', __('Textpattern Table prefix (if any):'));
+		echo '</table>';
+	}
+
+	function dispatch()
+	{
+
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+		$this->header();
+
+		if ( $step > 0 )
+		{
+			check_admin_referer('import-textpattern');
+
+			if($_POST['dbuser'])
+			{
+				if(get_option('txpuser'))
+					delete_option('txpuser');
+				add_option('txpuser', sanitize_user($_POST['dbuser'], true));
+			}
+			if($_POST['dbpass'])
+			{
+				if(get_option('txppass'))
+					delete_option('txppass');
+				add_option('txppass',  sanitize_user($_POST['dbpass'], true));
+			}
+
+			if($_POST['dbname'])
+			{
+				if(get_option('txpname'))
+					delete_option('txpname');
+				add_option('txpname',  sanitize_user($_POST['dbname'], true));
+			}
+			if($_POST['dbhost'])
+			{
+				if(get_option('txphost'))
+					delete_option('txphost');
+				add_option('txphost',  sanitize_user($_POST['dbhost'], true));
+			}
+			if($_POST['dbprefix'])
+			{
+				if(get_option('tpre'))
+					delete_option('tpre');
+				add_option('tpre',  sanitize_user($_POST['dbprefix']));
+			}
+
+
+		}
+
+		switch ($step)
+		{
+			default:
+			case 0 :
+				$this->greet();
+				break;
+			case 1 :
+				$this->import_categories();
+				break;
+			case 2 :
+				$this->import_users();
+				break;
+			case 3 :
+				$this->import_posts();
+				break;
+			case 4 :
+				$this->import_comments();
+				break;
+			case 5 :
+				$this->import_links();
+				break;
+			case 6 :
+				$this->cleanup_txpimport();
+				break;
+		}
+
+		$this->footer();
+	}
+
+	function Textpattern_Import()
+	{
+		// Nothing.
+	}
+}
+
+$txp_import = new Textpattern_Import();
+register_importer('textpattern', __('Textpattern'), __('Import categories, users, posts, comments, and links from a Textpattern blog'), array ($txp_import, 'dispatch'));
+?>

wp-admin/index.php

@@ -8,8 +8,57 @@ $today = current_time('mysql', 1);
 ?>
 
 <div class="wrap">
+
+<h2><?php _e('Dashboard'); ?></h2>
+
 <div id="zeitgeist">
 <h2><?php _e('Latest Activity'); ?></h2>
+
+<?php
+$rss = @fetch_rss('http://feeds.technorati.com/cosmos/rss/?url='. trailingslashit(get_option('home')) .'&partner=wordpress');
+if ( isset($rss->items) && 0 != count($rss->items) ) {
+?>
+<div id="incominglinks">
+<h3><?php _e('Incoming Links'); ?> <cite><a href="http://www.technorati.com/search/<?php echo trailingslashit(get_option('home')); ?>?partner=wordpress"><?php _e('More'); ?> &raquo;</a></cite></h3>
+<ul>
+<?php
+$rss->items = array_slice($rss->items, 0, 10);
+foreach ($rss->items as $item ) {
+?>
+	<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
+<?php } ?>
+</ul>
+</div>
+<?php } ?>
+
+<?php
+$comments = $wpdb->get_results("SELECT comment_author, comment_author_url, comment_ID, comment_post_ID FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 5");
+$numcomments = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'");
+
+if ( $comments || $numcomments ) :
+?>
+<div>
+<h3><?php _e('Comments'); ?> <a href="edit-comments.php" title="<?php _e('More comments...'); ?>">&raquo;</a></h3>
+
+<?php if ( $numcomments ) : ?>
+<p><strong><a href="moderation.php"><?php echo sprintf(__('Comments in moderation (%s)'), number_format($numcomments) ); ?> &raquo;</a></strong></p>
+<?php endif; ?>
+
+<ul>
+<?php 
+if ( $comments ) {
+foreach ($comments as $comment) {
+	echo '<li>' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . get_the_title($comment->comment_post_ID) . '</a>');
+	edit_comment_link(__("Edit"), ' <small>(', ')</small>'); 
+	echo '</li>';
+}
+}
+?>
+</ul>
+</div>
+<?php endif; ?>
+
+
 <?php
 if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
 ?>
@@ -30,7 +79,7 @@ foreach ($recentposts as $post) {
 <?php endif; ?>
 
 <?php
-if ( $scheduled = $wpdb->get_results("SELECT ID, post_title, post_date_gmt FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt > '$today'") ) :
+if ( $scheduled = $wpdb->get_results("SELECT ID, post_title, post_date_gmt FROM $wpdb->posts WHERE post_status = 'publish' AND post_date_gmt > '$today' ORDER BY post_date ASC") ) :
 ?> 
 <div>
 <h3><?php _e('Scheduled Entries:') ?></h3>
@@ -46,29 +95,6 @@ foreach ($scheduled as $post) {
 </div>
 <?php endif; ?>
 
-<?php
-if ( $comments = $wpdb->get_results("SELECT comment_author, comment_author_url, comment_ID, comment_post_ID FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 5") ) :
-?>
-<div>
-<h3><?php _e('Comments'); ?> <a href="edit-comments.php" title="<?php _e('More comments...'); ?>">&raquo;</a></h3>
-<ul>
-<?php 
-foreach ($comments as $comment) {
-	echo '<li>' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . get_the_title($comment->comment_post_ID) . '</a>');
-	edit_comment_link(__("Edit"), ' <small>(', ')</small>'); 
-	echo '</li>';
-}
-?>
-</ul>
-<?php 
-if ( $numcomments = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_approved = '0'") ) :
-?>
-<p><strong><a href="moderation.php"><?php echo sprintf(__('There are comments in moderation (%s)'), number_format($numcomments) ); ?> &raquo;</a></strong></p>
-<?php endif; ?>
-</div>
-
-<?php endif; ?>
-
 <div>
 <h3><?php _e('Blog Stats'); ?></h3>
 <?php
@@ -84,37 +110,31 @@ if (0 < $numcats) $numcats = number_format($numcats);
 <p><?php printf(__('There are currently %1$s <a href="%2$s" title="Posts">posts</a> and %3$s <a href="%4$s" title="Comments">comments</a>, contained within %5$s <a href="%6$s" title="categories">categories</a>.'), $numposts, 'edit.php',  $numcomms, 'edit-comments.php', $numcats, 'categories.php'); ?></p>
 </div>
 
-<?php
-$rss = @fetch_rss('http://feeds.technorati.com/cosmos/rss/?url='. trailingslashit(get_option('home')) .'&partner=wordpress');
-if ( isset($rss->items) && 0 != count($rss->items) ) {
-?>
-<div id="incominglinks">
-<h3><?php _e('Incoming Links'); ?> <cite><a href="http://www.technorati.com/cosmos/search.html?url=<?php echo trailingslashit(get_option('home')); ?>&amp;partner=wordpress"><?php _e('More'); ?> &raquo;</a></cite></h3>
+<?php do_action('activity_box_end'); ?>
+</div>
+
+<h3><?php _e('Welcome to WordPress'); ?></h3>
+
+<p><?php _e('Use these links to get started:'); ?></p>
+
 <ul>
-<?php
-$rss->items = array_slice($rss->items, 0, 10);
-foreach ($rss->items as $item ) {
-?>
-	<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wp_specialchars($item['title']); ?></a></li>
-<?php } ?>
+<li><a href="post.php"><?php _e('Write a post'); ?></a></li>
+<li><a href="profile.php"><?php _e('Update your profile or change your password'); ?></a></li>
+<li><a href="link-add.php"><?php _e('Add a link to your blogroll'); ?></a></li>
+<li><a href="themes.php"><?php _e('Change your site&#8217;s look or theme'); ?></a></li>
 </ul>
-</div>
-<?php } ?>
 
-</div>
-
-<h2><?php _e('Dashboard'); ?></h2>
-<p><?php _e('Below is the latest news from the official WordPress development blog, click on a title to read the full entry.'); ?></p>
+<p><?php _e("Below is the latest news from the official WordPress development blog, click on a title to read the full entry. If you need help with WordPress please see our <a href='http://codex.wordpress.org/'>great documentation</a> or if that doesn't help visit the <a href='http://wordpress.org/support/'>support forums</a>."); ?></p>
 <?php
 $rss = @fetch_rss('http://wordpress.org/development/feed/');
 if ( isset($rss->items) && 0 != count($rss->items) ) {
 ?>
-<h3>WordPress Development Blog</h3>
+<h3><?php _e('WordPress Development Blog'); ?></h3>
 <?php
 $rss->items = array_slice($rss->items, 0, 3);
 foreach ($rss->items as $item ) {
 ?>
-<h4><a href='<?php echo wp_filter_kses($item['link']); ?>'><?php echo wp_specialchars($item['title']); ?></a> &#8212; <?php echo human_time_diff( strtotime($item['pubdate'], time() ) ); ?> <?php _e('ago'); ?></h4>
+<h4><a href='<?php echo wp_filter_kses($item['link']); ?>'><?php echo wp_specialchars($item['title']); ?></a> &#8212; <?php printf(__('%s ago'), human_time_diff(strtotime($item['pubdate'], time() ) ) ); ?></h4>
 <p><?php echo $item['description']; ?></p>
 <?php
 	}
@@ -146,28 +166,7 @@ foreach ($rss->items as $item ) {
 <br clear="all" />
 </div>
 </div>
-<?php
-$drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author = $user_ID");
-if ($drafts) {
-?>
-<div class="wrap">
 
-    <p><strong><?php _e('Your Drafts:') ?></strong> 
-    <?php
-	$i = 0;
-	foreach ($drafts as $draft) {
-		if (0 != $i)
-			echo ', ';
-		$draft->post_title = stripslashes($draft->post_title);
-		if ($draft->post_title == '')
-			$draft->post_title = sprintf(__('Post #%s'), $draft->ID);
-		echo "<a href='post.php?action=edit&amp;post=$draft->ID' title='" . __('Edit this draft') . "'>$draft->post_title</a>";
-		++$i;
-		}
-	?> 
-    .</p> 
-</div>
-<?php } ?>
 <?php
 require('./admin-footer.php');
-?>
+?>

wp-admin/inline-uploading.php

@@ -0,0 +1,724 @@
+<?php
+
+require_once('admin.php');
+
+header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+
+if (!current_user_can('upload_files'))
+	die(__('You do not have permission to upload files.'));
+
+$wpvarstoreset = array('action', 'post', 'all', 'last', 'link', 'sort', 'start', 'imgtitle', 'descr', 'attachment');
+
+for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+	$wpvar = $wpvarstoreset[$i];
+	if (!isset($$wpvar)) {
+		if (empty($_POST["$wpvar"])) {
+			if (empty($_GET["$wpvar"])) {
+				$$wpvar = '';
+			} else {
+			$$wpvar = $_GET["$wpvar"];
+			}
+		} else {
+			$$wpvar = $_POST["$wpvar"];
+		}
+	}
+}
+
+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
+$post = (int) $post;
+$images_width = 1;
+
+switch($action) {
+case 'links':
+// Do not pass GO.
+break;
+
+case 'delete':
+
+check_admin_referer('inlineuploading');
+
+if ( !current_user_can('edit_post', (int) $attachment) )
+	die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&amp;all=$all&amp;action=upload\">".__('Go back').'</a>');
+
+wp_delete_attachment($attachment);
+
+wp_redirect(basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
+die;
+
+case 'save':
+
+check_admin_referer('inlineuploading');
+
+$overrides = array('action'=>'save');
+
+$file = wp_handle_upload($_FILES['image'], $overrides);
+
+if ( isset($file['error']) )
+	die($file['error'] . '<br /><a href="' . basename(__FILE__) . '?action=upload&post=' . $post . '">'.__('Back to Image Uploading').'</a>');
+
+$url = $file['url'];
+$type = $file['type'];
+$file = $file['file'];
+$filename = basename($file);
+
+// Construct the attachment array
+$attachment = array(
+	'post_title' => $imgtitle ? $imgtitle : $filename,
+	'post_content' => $descr,
+	'post_status' => 'attachment',
+	'post_parent' => $post,
+	'post_mime_type' => $type,
+	'guid' => $url
+	);
+
+// Save the data
+$id = wp_insert_attachment($attachment, $file, $post);
+
+if ( preg_match('!^image/!', $attachment['post_mime_type']) ) {
+	// Generate the attachment's postmeta.
+	$imagesize = getimagesize($file);
+	$imagedata['width'] = $imagesize['0'];
+	$imagedata['height'] = $imagesize['1'];
+	list($uwidth, $uheight) = get_udims($imagedata['width'], $imagedata['height']);
+	$imagedata['hwstring_small'] = "height='$uheight' width='$uwidth'";
+	$imagedata['file'] = $file;
+
+	add_post_meta($id, '_wp_attachment_metadata', $imagedata);
+
+	if ( $imagedata['width'] * $imagedata['height'] < 3 * 1024 * 1024 ) {
+		if ( $imagedata['width'] > 128 && $imagedata['width'] >= $imagedata['height'] * 4 / 3 )
+			$thumb = wp_create_thumbnail($file, 128);
+		elseif ( $imagedata['height'] > 96 )
+			$thumb = wp_create_thumbnail($file, 96);
+
+		if ( @file_exists($thumb) ) {
+			$newdata = $imagedata;
+			$newdata['thumb'] = basename($thumb);
+			update_post_meta($id, '_wp_attachment_metadata', $newdata, $imagedata);
+		} else {
+			$error = $thumb;
+		}
+	}
+} else {
+	add_post_meta($id, '_wp_attachment_metadata', array());
+}
+
+wp_redirect(basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
+die();
+
+case 'upload':
+
+$current_1 = ' class="current"';
+$back = $next = false;
+break;
+
+case 'view':
+
+// How many images do we show? How many do we query?
+$num = 5;
+$double = $num * 2;
+
+if ( $post && (empty($all) || $all == 'false') ) {
+	$and_post = "AND post_parent = '$post'";
+	$current_2 = ' class="current"';
+} else {
+	$current_3 = ' class="current"';
+}
+
+if (! current_user_can('edit_others_posts') )
+	$and_user = "AND post_author = " . $user_ID;
+
+if ( $last )
+	$start = $wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment' $and_user $and_post") - $num;
+else
+	$start = (int) $start;
+
+if ( $start < 0 )
+	$start = 0;
+
+if ( '' == $sort )
+	$sort = "post_date_gmt DESC";
+
+$attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
+
+if ( count($attachments) == 0 ) {
+	wp_redirect( basename(__FILE__) ."?post=$post&action=upload" );
+	die;
+} elseif ( count($attachments) > $num ) {
+	$next = $start + count($attachments) - $num;
+} else {
+	$next = false;
+}
+
+if ( $start > 0 ) {
+	$back = $start - $num;
+	if ( $back < 1 )
+		$back = '0';
+} else {
+	$back = false;
+}
+
+$uwidth_sum = 0;
+$html = '';
+$popups = '';
+$style = '';
+$script = '';
+if ( count($attachments) > 0 ) {
+	$attachments = array_slice( $attachments, 0, $num );
+	$__delete = __('Delete');
+	$__not_linked = __('Not Linked');
+	$__linked_to_page = __('Linked to Page');
+	$__linked_to_image = __('Linked to Image');
+	$__linked_to_file = __('Linked to File');
+	$__using_thumbnail = __('Using Thumbnail');
+	$__using_original = __('Using Original');
+	$__using_title = __('Using Title');
+	$__using_filename = __('Using Filename');
+	$__using_icon = __('Using Icon');
+	$__no_thumbnail = '<del>'.__('No Thumbnail').'</del>';
+	$__send_to_editor = __('Send to editor');
+	$__close = __('Close Options');
+	$__confirmdelete = __('Delete this file from the server?');
+	$__nothumb = __('There is no thumbnail associated with this photo.');
+	$script .= "notlinked = '$__not_linked';
+linkedtoimage = '$__linked_to_image';
+linkedtopage = '$__linked_to_page';
+linkedtofile = '$__linked_to_file';
+usingthumbnail = '$__using_thumbnail';
+usingoriginal = '$__using_original';
+usingtitle = '$__using_title';
+usingfilename = '$__using_filename';
+usingicon = '$__using_icon';
+var aa = new Array();
+var ab = new Array();
+var imga = new Array();
+var imgb = new Array();
+var srca = new Array();
+var srcb = new Array();
+var title = new Array();
+var filename = new Array();
+var icon = new Array();
+";
+	foreach ( $attachments as $key => $attachment ) {
+		$ID = $attachment['ID'];
+		$href = get_attachment_link($ID);
+		$meta = get_post_meta($ID, '_wp_attachment_metadata', true);
+		if (!is_array($meta)) {
+			$meta = get_post_meta($ID, 'imagedata', true); // Try 1.6 Alpha meta key
+			if (!is_array($meta)) {
+				$meta = array();
+			}
+			add_post_meta($ID, '_wp_attachment_metadata', $meta);
+		}
+		$attachment = array_merge($attachment, $meta);
+		$noscript = "<noscript>
+		<div class='caption'><a href=\"".basename(__FILE__)."?action=links&amp;attachment={$ID}&amp;post={$post}&amp;all={$all}&amp;start={$start}\">Choose Links</a></div>
+		</noscript>
+";
+		$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post", inlineuploading) . "\">$__delete</a>
+		<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
+";
+		$uwidth_sum += 128;
+		if ( preg_match('!^image/!', $attachment['post_mime_type'] ) ) {
+			$image = & $attachment;
+			if ( ($image['width'] > 128 || $image['height'] > 96) && !empty($image['thumb']) && file_exists(dirname($image['file']).'/'.$image['thumb']) ) {
+				$src = str_replace(basename($image['guid']), $image['thumb'], $image['guid']);
+				$script .= "srca[{$ID}] = '$src';
+srcb[{$ID}] = '{$image['guid']}';
+";
+				$thumb = 'true';
+				$thumbtext = $__using_thumbnail;
+			} else {
+				$src = $image['guid'];
+				$thumb = 'false';
+				$thumbtext = $__no_thumbnail;
+			}
+			list($image['uwidth'], $image['uheight']) = get_udims($image['width'], $image['height']);
+			$height_width = 'height="'.$image['uheight'].'" width="'.$image['uwidth'].'"';
+			$xpadding = (128 - $image['uwidth']) / 2;
+			$ypadding = (96 - $image['uheight']) / 2;
+			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
+			$title = attribute_escape($image['post_title']);
+			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
+imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\" $height_width />';
+";
+			$html .= "<div id='target{$ID}' class='attwrap left'>
+	<div id='div{$ID}' class='imagewrap' onclick=\"doPopup({$ID});\">
+		<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />
+	</div>
+	{$noscript}
+</div>
+";
+			$popups .= "<div id='popup{$ID}' class='popup'>
+	<a id=\"I{$ID}\" onclick=\"if($thumb)toggleImage({$ID});else alert('$__nothumb');return false;\" href=\"javascript:void()\">$thumbtext</a>
+	<a id=\"L{$ID}\" onclick=\"toggleLink({$ID});return false;\" href=\"javascript:void()\">$__not_linked</a>
+	{$send_delete_cancel}
+</div>
+";
+		} else {
+			$title = attribute_escape($attachment['post_title']);
+			$filename = basename($attachment['guid']);
+			$icon = get_attachment_icon($ID);
+			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
+			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+ab[{$ID}] = '<a id=\"p{$ID}\" href=\"{$filename}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
+title[{$ID}] = '{$title}';
+filename[{$ID}] = '{$filename}';
+icon[{$ID}] = '{$icon}';
+";
+			$html .= "<div id='target{$ID}' class='attwrap left'>
+	<div id='div{$ID}' class='otherwrap usingtext' onmousedown=\"selectLink({$ID})\" onclick=\"doPopup({$ID});return false;\">
+		<a id=\"p{$ID}\" href=\"{$attachment['guid']}\" onmousedown=\"selectLink({$ID});\" onclick=\"return false;\">{$title}</a>
+	</div>
+	{$noscript}
+</div>
+";
+			$popups .= "<div id='popup{$ID}' class='popup'>
+	<div class='filetype'>".__('File Type:').' '.str_replace('/',"/\n",$attachment['post_mime_type'])."</div>
+	<a id=\"L{$ID}\" onclick=\"toggleOtherLink({$ID});return false;\" href=\"javascript:void()\">$__linked_to_file</a>
+	{$toggle_icon}
+	{$send_delete_cancel}
+</div>
+";
+		}
+	}
+}
+
+$images_width = $uwidth_sum + ( count($images) * 6 ) + 35;
+
+break;
+
+default:
+die(__('This script was not meant to be called directly.'));
+}
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
+<title></title>
+<meta http-equiv="imagetoolbar" content="no" />
+<script type="text/javascript">
+// <![CDATA[
+/* Define any variables we'll need, such as alternate URLs. */
+<?php echo $script; ?>
+function htmldecode(st) {
+	o = document.getElementById('htmldecode');
+	if (! o) {
+		o = document.createElement("A");
+		o.id = "htmldecode"
+	}
+	o.innerHTML = st;
+	r = o.innerHTML;
+	return r;
+}
+function cancelUpload() {
+	o = document.getElementById('uploadForm');
+	o.method = 'GET';
+	o.action.value = 'view';
+	o.submit();
+}
+function doPopup(i) {
+	if ( popup )
+	popup.style.display = 'none';
+	target = document.getElementById('target'+i);
+	popup = document.getElementById('popup'+i);
+	popup.style.left = (target.offsetLeft) + 'px';
+	popup.style.top = (target.offsetTop) + 'px';
+	popup.style.display = 'block';
+}
+popup = false;
+function selectLink(n) {
+	o=document.getElementById('div'+n);
+	if ( typeof document.body.createTextRange == 'undefined' || typeof win.tinyMCE == 'undefined' || win.tinyMCE.configs.length < 1 )
+		return;
+	r = document.body.createTextRange();
+	if ( typeof r != 'undefined' ) {
+		r.moveToElementText(o);
+		r.select();
+	}
+}
+function toggleLink(n) {
+	ol=document.getElementById('L'+n);
+	if ( ol.innerHTML == htmldecode(notlinked) ) {
+		ol.innerHTML = linkedtoimage;
+	} else if ( ol.innerHTML == htmldecode(linkedtoimage) ) {
+		ol.innerHTML = linkedtopage;
+	} else {
+		ol.innerHTML = notlinked;
+	}
+	updateImage(n);
+}
+function toggleOtherLink(n) {
+	ol=document.getElementById('L'+n);
+	if ( ol.innerHTML == htmldecode(linkedtofile) ) {
+		ol.innerHTML = linkedtopage;
+	} else {
+		ol.innerHTML = linkedtofile;
+	}
+	updateOtherIcon(n);
+}
+function toggleImage(n) {
+	oi = document.getElementById('I'+n);
+	if ( oi.innerHTML == htmldecode(usingthumbnail) ) {
+		oi.innerHTML = usingoriginal;
+	} else {
+		oi.innerHTML = usingthumbnail;
+	}
+	updateImage(n);
+}
+function toggleOtherIcon(n) {
+	od = document.getElementById('div'+n);
+	oi = document.getElementById('I'+n);
+	if ( oi.innerHTML == htmldecode(usingtitle) ) {
+		oi.innerHTML = usingfilename;
+		od.className = 'otherwrap usingtext';
+	} else if ( oi.innerHTML == htmldecode(usingfilename) && icon[n] != '' ) {
+		oi.innerHTML = usingicon;
+		od.className = 'otherwrap usingicon';
+	} else {
+		oi.innerHTML = usingtitle;
+		od.className = 'otherwrap usingtext';
+	}
+	updateOtherIcon(n);
+}
+function updateImage(n) {
+	od=document.getElementById('div'+n);
+	ol=document.getElementById('L'+n);
+	oi=document.getElementById('I'+n);
+	if ( oi.innerHTML == htmldecode(usingthumbnail) ) {
+		img = imga[n];
+	} else {
+		img = imgb[n];
+	}
+	if ( ol.innerHTML == htmldecode(linkedtoimage) ) {
+		od.innerHTML = ab[n]+img+'</a>';
+	} else if ( ol.innerHTML == htmldecode(linkedtopage) ) {
+		od.innerHTML = aa[n]+img+'</a>';
+	} else {
+		od.innerHTML = img;
+	}
+}
+function updateOtherIcon(n) {
+	od=document.getElementById('div'+n);
+	ol=document.getElementById('L'+n);
+	oi=document.getElementById('I'+n);
+	if ( oi.innerHTML == htmldecode(usingfilename) ) {
+		txt = filename[n];
+	} else if ( oi.innerHTML == htmldecode(usingicon) ) {
+		txt = icon[n];
+	} else {
+		txt = title[n];
+	}
+	if ( ol.innerHTML == htmldecode(linkedtofile) ) {
+		od.innerHTML = ab[n]+txt+'</a>';
+	} else if ( ol.innerHTML == htmldecode(linkedtopage) ) {
+		od.innerHTML = aa[n]+txt+'</a>';
+	} else {
+		od.innerHTML = txt;
+	}
+}
+
+var win = window.opener ? window.opener : window.dialogArguments;
+if (!win) win = top;
+tinyMCE = win.tinyMCE;
+richedit = ( typeof tinyMCE == 'object' && tinyMCE.configs.length > 0 );
+function sendToEditor(n) {
+	o = document.getElementById('div'+n);
+	h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
+	h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes
+	h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
+	h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
+	h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
+	h = h.replace(new RegExp('<IMG', 'g'), '<img'); // Lowercase again
+	h = h.replace(new RegExp('(<img .+?")>', 'g'), '$1 />'); // XHTML
+	if ( richedit )
+		win.tinyMCE.execCommand('mceInsertContent', false, h);
+	else
+		win.edInsertContent(win.edCanvas, h);
+}
+// ]]>
+</script>
+<style type="text/css">
+<?php if ( $action == 'links' ) : ?>
+* html { overflow-x: hidden; }
+<?php else : ?>
+* html { overflow-y: hidden; }
+<?php endif; ?>
+body {
+	font: 13px "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana;
+	border: none;
+	margin: 0px;
+	height: 150px;
+	background: #dfe8f1;
+}
+form {
+	margin: 3px 2px 0px 6px;
+}
+#wrap {
+	clear: both;
+	padding: 0px;
+	width: 100%;
+}
+#images {
+	position: absolute;
+	clear: both;
+	margin: 0px;
+	padding: 15px 15px;
+	width: <?php echo $images_width; ?>px;
+}
+#images img {
+	background-color: rgb(209, 226, 239);
+}
+<?php echo $style; ?>
+.attwrap, .attwrap * {
+	margin: 0px;
+	padding: 0px;
+	border: 0px;
+}
+.imagewrap {
+	margin-right: 5px;
+	overflow: hidden;
+	width: 128px;
+}
+.otherwrap {
+	margin-right: 5px;
+	overflow: hidden;
+	background-color: #f9fcfe;
+}
+.otherwrap a {
+	display: block;
+}
+.otherwrap a, .otherwrap a:hover, .otherwrap a:active, .otherwrap a:visited {
+	color: blue;
+}
+.usingicon {
+	padding: 0px;
+	height: 96px;
+	text-align: center;
+	width: 128px;
+}
+.usingtext {
+	padding: 3px;
+	height: 90px;
+	text-align: left;
+	width: 122px;
+}
+.filetype {
+	font-size: 80%;
+	border-bottom: 3px double #89a
+}
+.imagewrap, .imagewrap img, .imagewrap a, .imagewrap a img, .imagewrap a:hover img, .imagewrap a:visited img, .imagewrap a:active img {
+	text-decoration: none;
+}
+#upload-menu {
+	background: #fff;
+	margin: 0px;
+	padding: 0;
+	list-style: none;
+	height: 2em;
+	border-bottom: 1px solid #448abd;
+	width: 100%;
+}
+#upload-menu li {
+	float: left;
+	margin: 0 0 0 .75em;
+}
+#upload-menu a {
+	display: block;
+	padding: 5px;
+	text-decoration: none;
+	color: #000;
+	border-top: 3px solid #fff;
+}
+#upload-menu .current a {
+	background: #dfe8f1;
+	border-right: 2px solid #448abd;
+}
+#upload-menu a:hover {
+	background: #dfe8f1;
+	color: #000;
+}
+.tip {
+	color: rgb(68, 138, 189);
+	padding: 2px 1em;
+}
+.inactive {
+	color: #fff;
+	padding: 1px 3px;
+}
+.left {
+	float: left;
+}
+.right {
+	float: right;
+}
+.center {
+	text-align: center;
+}
+#upload-menu li.spacer {
+	margin-left: 40px;
+}
+#title, #descr {
+	width: 99%;
+	margin-top: 1px;
+}
+th {
+	width: 4.5em;
+}
+#descr {
+	height: 36px;
+}
+#buttons {
+	margin-top: 2px;
+	text-align: right;
+}
+.popup {
+	margin: 4px 4px;
+	padding: 1px;
+	position: absolute;
+	width: 114px;
+	display: none;
+	background-color: rgb(240, 240, 238);
+	border-top: 2px solid #fff;
+	border-right: 2px solid #ddd;
+	border-bottom: 2px solid #ddd;
+	border-left: 2px solid #fff;
+	text-align: center;
+}
+.imagewrap .popup {
+	opacity: .90;
+	filter:alpha(opacity=90);
+}
+.otherwrap .popup {
+	padding-top: 20px;
+}
+.popup a, .popup a:visited, .popup a:active {
+	background-color: transparent;
+	display: block;
+	width: 100%;
+	text-decoration: none;
+	color: #246;
+}
+.popup a:hover {
+	background-color: #fff;
+	color: #000;
+}
+.caption {
+	text-align: center;
+}
+#submit {
+	margin: 1px;
+	width: 99%;
+}
+#submit input, #submit input:focus {
+	background: url( images/fade-butt.png );
+	border: 3px double #999;
+	border-left-color: #ccc;
+	border-top-color: #ccc;
+	color: #333;
+	padding: 0.25em;
+}
+#submit input:active {
+	background: #f4f4f4;
+	border: 3px double #ccc;
+	border-left-color: #999;
+	border-top-color: #999;
+}
+.zerosize {
+	width: 0px;
+	height: 0px;
+	overflow: hidden;
+	position: absolute;
+}
+#links {
+	margin: 3px 8px;
+	line-height: 2em;
+}
+#links textarea {
+	width: 95%;
+	height: 4.5em;
+}
+</style>
+</head>
+<body>
+<ul id="upload-menu">
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&amp;post=$post&amp;all=$all&amp;start=$start"; ?>"><?php _e('Upload'); ?></a></li>
+<?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=false"; ?>"><?php _e('Browse'); ?></a></li>
+<?php } ?>
+<?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=true"; ?>"><?php _e('Browse All'); ?></a></li>
+<?php } ?>
+<li> </li>
+<?php if ( $action == 'view' ) { ?>
+<?php if ( false !== $back ) : ?>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=0"; ?>" title="<?php _e('First'); ?>">|&laquo;</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$back"; ?>">&laquo; <?php _e('Back'); ?></a></li>
+<?php else : ?>
+<li class="inactive spacer">|&laquo;</li>
+<li class="inactive">&laquo; <?php _e('Back'); ?></li>
+<?php endif; ?>
+<?php if ( false !== $next ) : ?>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$next"; ?>"><?php _e('Next &raquo;'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;last=true"; ?>" title="<?php _e('Last'); ?>">&raquo;|</a></li>
+<?php else : ?>
+<li class="inactive"><?php _e('Next'); ?> &raquo;</li>
+<li class="inactive">&raquo;|</li>
+<?php endif; ?>
+<?php } // endif not upload?>
+</ul>
+<?php if ( $action == 'view' ) : ?>
+<div id="wrap">
+<!--<div class="tip"><?php _e('You can drag and drop these items into your post. Click on one for more options.'); ?></div>-->
+<div id="images">
+<?php echo $html; ?>
+<?php echo $popups; ?>
+</div>
+</div>
+<?php elseif ( $action == 'upload' ) : ?>
+<div class="tip"></div>
+<form enctype="multipart/form-data" id="uploadForm" method="post" action="<?php echo basename(__FILE__); ?>">
+<table style="width:99%;">
+<tr>
+<th scope="row" align="right"><label for="upload"><?php _e('File:'); ?></label></th>
+<td><input type="file" id="upload" name="image" /></td>
+</tr>
+<tr>
+<th scope="row" align="right"><label for="title"><?php _e('Title:'); ?></label></th>
+<td><input type="text" id="title" name="imgtitle" /></td>
+</tr>
+<tr>
+<th scope="row" align="right"><label for="descr"><?php _e('Description:'); ?></label></th>
+<td><input type="textarea" name="descr" id="descr" value="" /></td>
+</tr>
+<tr id="buttons">
+<th></th>
+<td>
+<input type="hidden" name="action" value="save" />
+<input type="hidden" name="post" value="<?php echo $post; ?>" />
+<input type="hidden" name="all" value="<?php echo $all; ?>" />
+<input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
+<div id="submit">
+<input type="submit" value="<?php _e('Upload'); ?>" />
+<?php if ( !empty($all) ) : ?>
+<input type="button" value="<?php _e('Cancel'); ?>" onclick="cancelUpload()" />
+<?php endif; ?>
+</div>
+</td>
+</tr>
+</table>
+</form>
+<?php elseif ( $action == 'links' ) : ?>
+<div id="links">
+<?php the_attachment_links($attachment); ?>
+</div>
+<?php endif; ?>
+</body>
+</html>

wp-admin/install.php

@@ -6,7 +6,8 @@ if (!file_exists('../wp-config.php'))
 require_once('../wp-config.php');
 require_once('./upgrade-functions.php');
 
-$guessurl = str_replace('/wp-admin/install.php?step=2', '', 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) );
+$schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
+$guessurl = str_replace('/wp-admin/install.php?step=2', '', $schema . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) );
 
 if (isset($_GET['step']))
 	$step = $_GET['step'];
@@ -73,12 +74,12 @@ header( 'Content-Type: text/html; charset=utf-8' );
 	</style>
 </head>
 <body>
-<h1 id="logo"><img alt="WordPress" src="http://static.wordpress.org/logo.png" /></h1>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
 <?php
 // Let's check to make sure WP isn't already installed.
 $wpdb->hide_errors();
 $installed = $wpdb->get_results("SELECT * FROM $wpdb->users");
-if ($installed) die(__('<h1>Already Installed</h1><p>You appear to have already installed WordPress. To reinstall please clear your old database tables first.</p>') . '</body></html>');
+if ($installed) die('<h1>'.__('Already Installed').'</h1><p>'.__('You appear to have already installed WordPress. To reinstall please clear your old database tables first.').'</p></body></html>');
 $wpdb->show_errors();
 
 switch($step) {
@@ -118,8 +119,8 @@ switch($step) {
 	case 2:
 
 // Fill in the data we gathered
-$weblog_title = $_POST['weblog_title'];
-$admin_email = $_POST['admin_email'];
+$weblog_title = stripslashes($_POST['weblog_title']);
+$admin_email = stripslashes($_POST['admin_email']);
 // check e-mail address
 if (empty($admin_email)) {
 	die (__("<strong>ERROR</strong>: please type your e-mail address"));
@@ -136,41 +137,51 @@ if (empty($admin_email)) {
 flush();
 
 // Set everything up
+wp_cache_flush();
 make_db_current_silent();
 populate_options();
+populate_roles();
 
-$wpdb->query("UPDATE $wpdb->options SET option_value = '$weblog_title' WHERE option_name = 'blogname'");
-$wpdb->query("UPDATE $wpdb->options SET option_value = '$admin_email' WHERE option_name = 'admin_email'");
+update_option('blogname', $weblog_title);
+update_option('admin_email', $admin_email);
 
 // Now drop in some default links
-$wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".addslashes(__('Blogroll'))."')");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blog.carthik.net/index.php', 'Carthik', 1, 'http://blog.carthik.net/feed/');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://zengun.org/weblog/', 'Michel', 1, 'http://zengun.org/weblog/feed/');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://boren.nu/', 'Ryan', 1, 'http://boren.nu/feed/');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://photomatt.net/', 'Matt', 1, 'http://xml.photomatt.net/feed/');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://zed1.com/journalized/', 'Mike', 1, 'http://zed1.com/journalized/feed/');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://www.alexking.org/', 'Alex', 1, 'http://www.alexking.org/blog/wp-rss2.php');");
-$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://dougal.gunters.org/', 'Dougal', 1, 'http://dougal.gunters.org/feed/');");
+$wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".$wpdb->escape(__('Blogroll'))."')");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://zengun.org/weblog/', 'Michel', 1, 'http://zengun.org/weblog/feed/', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://boren.nu/', 'Ryan', 1, 'http://boren.nu/feed/', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://photomatt.net/', 'Matt', 1, 'http://xml.photomatt.net/feed/', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://zed1.com/journalized/', 'Mike', 1, 'http://zed1.com/journalized/feed/', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://www.alexking.org/', 'Alex', 1, 'http://www.alexking.org/blog/wp-rss2.php', '');");
+$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://dougal.gunters.org/', 'Dougal', 1, 'http://dougal.gunters.org/feed/', '');");
 
 // Default category
-$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '".addslashes(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')");
+$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename, category_count, category_description) VALUES ('0', '".$wpdb->escape(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."', '1', '')");
 
 // First post
 $now = date('Y-m-d H:i:s');
 $now_gmt = gmdate('Y-m-d H:i:s');
-$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '".addslashes(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".addslashes(__('Hello world!'))."', '0', '".addslashes(__('hello-world'))."', '$now', '$now_gmt')");
+$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, comment_count, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(__('hello-world'))."', '$now', '$now_gmt', '1', '', '', '')");
 
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
 
 // Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '127.0.0.1', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')");
+
+// First Page
+$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
+$wp_rewrite->flush_rules();
 
 // Set up admin user
 $random_password = substr(md5(uniqid(microtime())), 0, 6);
-$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_nickname, user_email, user_level, user_idmode, user_registered) VALUES ( '1', 'admin', MD5('$random_password'), '".addslashes(__('Administrator'))."', '$admin_email', '10', 'nickname', NOW() )");
+$display_name_array = explode('@', $admin_email);
+$display_name = $display_name_array[0];
+$wpdb->query("INSERT INTO $wpdb->users (ID, user_login, user_pass, user_email, user_registered, display_name, user_nicename) VALUES ( '1', 'admin', MD5('$random_password'), '$admin_email', NOW(), '$display_name', 'admin')");
+$wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}user_level', '10');");
+$admin_caps = serialize(array('administrator' => true));
+$wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");
 
-$message_headers = 'From: ' . stripslashes($_POST['weblog_title']) . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
+$message_headers = 'From: "' . $weblog_title . '" <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:
 
 %1\$s
@@ -186,9 +197,9 @@ We hope you enjoy your new weblog. Thanks!
 http://wordpress.org/
 "), $guessurl, $random_password);
 
-@mail($admin_email, __('New WordPress Blog'), $message, $message_headers);
+@wp_mail($admin_email, __('New WordPress Blog'), $message, $message_headers);
 
-upgrade_all();
+wp_cache_flush();
 ?>
 
 <p><em><?php _e('Finished!'); ?></em></p>

wp-admin/link-add.php

@@ -5,38 +5,6 @@ $title = __('Add Link');
 $this_file = 'link-manager.php';
 $parent_file = 'link-manager.php';
 
-function category_dropdown($fieldname, $selected = 0) {
-	global $wpdb;
-	
-	$results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
-	echo "\n<select name='$fieldname' size='1'>\n";
-	foreach ($results as $row) {
-		echo "\n\t<option value='$row->cat_id'";
-		if ($row->cat_id == $selected)
-			echo " selected='selected'";
-		echo ">$row->cat_id : " . wp_specialchars($row->cat_name);
-		if ($row->auto_toggle == 'Y')
-			echo ' (auto toggle)';
-		echo "</option>";
-	}
-	echo "\n</select>\n";
-}
-
-function xfn_check($class, $value = '', $type = 'check') {
-	global $link_rel;
-	$rels = preg_split('/\s+/', $link_rel);
-
-	if ('' != $value && in_array($value, $rels) ) {
-		echo ' checked="checked"';
-	}
-
-	if ('' == $value) {
-		if ('family' == $class && !strstr($link_rel, 'child') && !strstr($link_rel, 'parent') && !strstr($link_rel, 'sibling') && !strstr($link_rel, 'spouse') && !strstr($link_rel, 'kin')) echo ' checked="checked"';
-		if ('friendship' == $class && !strstr($link_rel, 'friend') && !strstr($link_rel, 'acquaintance') && !strstr($link_rel, 'contact') ) echo ' checked="checked"';
-		if ('geographical' == $class && !strstr($link_rel, 'co-resident') && !strstr($link_rel, 'neighbor') ) echo ' checked="checked"';
-		if ('identity' == $class && in_array('me', $rels) ) echo ' checked="checked"';
-	}
-}
 
 $wpvarstoreset = array('action', 'cat_id', 'linkurl', 'name', 'image',
                        'description', 'visible', 'target', 'category', 'link_id',
@@ -56,212 +24,19 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
         }
     }
 }
-$link_url = stripslashes($_GET['linkurl']);
-$link_name = htmlentities(stripslashes(urldecode($_GET['name'])));
 
-
-$xfn = true;
+$xfn_js = true;
 require('admin-header.php');
 ?>
 
 <?php if ($_GET['added']) : ?>
-<div class="updated"><p><?php _e('Link added.'); ?></p></div>
+<div id="message" class="updated fade"><p><?php _e('Link added.'); ?></p></div>
 <?php endif; ?>
-<div class="wrap">
-<h2><?php _e('<strong>Add</strong> a link:') ?></h2>
-     <form name="addlink" method="post" action="link-manager.php">
-<fieldset class="options">
-	<legend><?php _e('Basics') ?></legend>
-        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
-         <tr>
-           <th width="33%" scope="row"><?php _e('URI:') ?></th>
-           <td width="67%"><input type="text" name="linkurl" value="<?php echo wp_specialchars($_GET['linkurl'], 1); ?>" style="width: 95%;" /></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Link Name:') ?></th>
-           <td><input type="text" name="name" value="<?php echo wp_specialchars( urldecode($_GET['name']), 1 ); ?>" style="width: 95%" /></td>
-         </tr>
-         <tr>
-         	<th scope="row"><?php _e('Short description:') ?></th>
-         	<td><input type="text" name="description" value="" style="width: 95%" /></td>
-         	</tr>
-        <tr>
-           <th scope="row"><?php _e('Category:') ?></th>
-           <td><?php category_dropdown('category'); ?></td>
-         </tr>
-</table>
-</fieldset>
-       <p class="submit">
-         <input type="submit" name="submit" value="<?php _e('Add Link &raquo;') ?>" /> 
-       </p>
-	<fieldset class="options">
-	<legend><?php _e('Link Relationship (XFN)') ?></legend>
-        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
-            <tr>
-                <th width="33%" scope="row"><?php _e('rel:') ?></th>
-            	<td width="67%"><input type="text" name="rel" id="rel" size="50" value="<?php echo $link_rel; ?>" /></td>
-           	</tr>
-            <tr>
-                <th scope="row"><?php _e('<a href="http://gmpg.org/xfn/">XFN</a> Creator:') ?></th>
-            	<td>
-					<table cellpadding="3" cellspacing="5">
-	          <tr>
-              <th scope="row"> <?php _e('identity') ?> </th>
-              <td>
-                <label for="me">
-                <input type="checkbox" name="identity" value="me" id="me" <?php xfn_check('identity', 'me'); ?> />
-          <?php _e('another web address of mine') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('friendship') ?> </th>
-              <td>
-			    <label for="contact">
-                <input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
-                <label for="acquaintance">
-                <input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
-                <label id="friend">
-                <input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
-                <label for="friendship">
-                <input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('physical') ?> </th>
-              <td>
-                <label for="met">
-                <input class="valinp" type="checkbox" name="physical" value="met" id="met" <?php xfn_check('physical', 'met'); ?> />
-          <?php _e('met') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('professional') ?> </th>
-              <td>
-                <label for="co-worker">
-                <input class="valinp" type="checkbox" name="professional" value="co-worker" id="co-worker" <?php xfn_check('professional', 'co-worker'); ?> />
-          <?php _e('co-worker') ?></label>
-                <label for="colleague">
-                <input class="valinp" type="checkbox" name="professional" value="colleague" id="colleague" <?php xfn_check('professional', 'colleague'); ?> />
-          <?php _e('colleague') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('geographical') ?> </th>
-              <td>
-                <label for="co-resident">
-                <input class="valinp" type="radio" name="geographical" value="co-resident" id="co-resident" <?php xfn_check('geographical', 'co-resident', 'radio'); ?> />
-          <?php _e('co-resident') ?></label>
-                <label for="neighbor">
-                <input class="valinp" type="radio" name="geographical" value="neighbor" id="neighbor" <?php xfn_check('geographical', 'neighbor', 'radio'); ?> />
-          <?php _e('neighbor') ?></label>
-                <label for="geographical">
-                <input class="valinp" type="radio" name="geographical" value="" id="geographical" <?php xfn_check('geographical', '', 'radio'); ?> />
-          <?php _e('none') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('family'); ?> </th>
-              <td>
-                <label for="child">
-                <input class="valinp" type="radio" name="family" value="child" id="child" <?php xfn_check('family', 'child', 'radio'); ?>  />
-          <?php _e('child') ?></label>
-                <label for="kin">
-                <input class="valinp" type="radio" name="family" value="kin" id="kin" <?php xfn_check('family', 'kin', 'radio'); ?>  />
-          <?php _e('kin') ?></label>
-                <label for="parent">
-                <input class="valinp" type="radio" name="family" value="parent" id="parent" <?php xfn_check('family', 'parent', 'radio'); ?> />
-          <?php _e('parent') ?></label>
-                <label for="sibling">
-                <input class="valinp" type="radio" name="family" value="sibling" id="sibling" <?php xfn_check('family', 'sibling', 'radio'); ?> />
-          <?php _e('sibling') ?></label>
-                <label for="spouse">
-                <input class="valinp" type="radio" name="family" value="spouse" id="spouse" <?php xfn_check('family', 'spouse', 'radio'); ?> />
-          <?php _e('spouse') ?></label>
-                <label for="family">
-                <input class="valinp" type="radio" name="family" value="" id="family" <?php xfn_check('family', '', 'radio'); ?> />
-          <?php _e('none') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('romantic') ?> </th>
-              <td>
-                <label for="muse">
-                <input class="valinp" type="checkbox" name="romantic" value="muse" id="muse" <?php xfn_check('romantic', 'muse'); ?> />
-         <?php _e('muse') ?></label>
-                <label for="crush">
-                <input class="valinp" type="checkbox" name="romantic" value="crush" id="crush" <?php xfn_check('romantic', 'crush'); ?> />
-         <?php _e('crush') ?></label>
-                <label for="date">
-                <input class="valinp" type="checkbox" name="romantic" value="date" id="date" <?php xfn_check('romantic', 'date'); ?> />
-         <?php _e('date') ?></label>
-                <label for="romantic">
-                <input class="valinp" type="checkbox" name="romantic" value="sweetheart" id="romantic" <?php xfn_check('romantic', 'sweetheart'); ?> />
-         <?php _e('sweetheart') ?></label>
-              </td>
-            </tr>
-        </table>
-		  </td>
-           	</tr>
-</table>
-</fieldset>
-       <p class="submit">
-         <input type="submit" name="submit" value="<?php _e('Add Link &raquo;') ?>" /> 
-       </p>
-<fieldset class="options">
-	<legend><?php _e('Advanced') ?></legend>
-        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
-         <tr>
-           <th width="33%" scope="row"><?php _e('Image URI:') ?></th>
-           <td width="67%"><input type="text" name="image" size="50" value="" style="width: 95%" /></td>
-         </tr>
-<tr>
-           <th scope="row"><?php _e('RSS URI:') ?> </th>
-           <td><input name="rss_uri" type="text" id="rss_uri" value="" size="50" style="width: 95%" /></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Notes:') ?></th>
-           <td><textarea name="notes" cols="50" rows="10" style="width: 95%"></textarea></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Rating:') ?></th>
-           <td><select name="rating" size="1">
-             <?php
-    for ($r = 0; $r < 10; $r++) {
-      echo('            <option value="'.$r.'">'.$r.'</option>');
-    }
-?>
-           </select>
-           &nbsp;<?php _e('(Leave at 0 for no rating.)') ?> </td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Target') ?></th>
-           <td><label>
-             <input type="radio" name="target" value="_blank" />
-             <code>_blank</code></label>
-<br />
-<label><input type="radio" name="target" value="_top" />
-<code>_top</code></label>
-<br />
-<label><input type="radio" name="target" value="" checked="checked" />
-<?php _e('none') ?></label>
-<?php _e('(Note that the <code>target</code> attribute is illegal in XHTML 1.1 and 1.0 Strict.)') ?></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Visible:') ?></th>
-           <td><label>
-             <input type="radio" name="visible" checked="checked" value="Y" />
-<?php _e('Yes') ?></label><br />
-<label><input type="radio" name="visible" value="N" /> <input type="hidden" name="action" value="Add" /> 
-<?php _e('No') ?></label></td>
-         </tr>
-</table>
-</fieldset>
 
-       <p class="submit">
-         <input type="submit" name="submit" value="<?php _e('Add Link &raquo;') ?>" /> 
-       </p>
-  </form>
-</div>
+<?php
+	$link = get_default_link_to_edit();
+	include('edit-link-form.php');
+?>
 
 <div class="wrap">
 <?php printf(__('<p>You can drag <a href="%s" title="Link add bookmarklet">Link This</a> to your toolbar and when you click it a window will pop up that will allow you to add whatever site you&#8217;re on to your links! Right now this only works on Mozilla or Netscape, but we&#8217;re working on it.</p>'), "javascript:void(linkmanpopup=window.open('" . get_settings('siteurl') . "/wp-admin/link-add.php?action=popup&amp;linkurl='+escape(location.href)+'&amp;name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>

wp-admin/link-categories.php

@@ -5,6 +5,7 @@ require_once('admin.php');
 $title = __('Link Categories');
 $this_file='link-categories.php';
 $parent_file = 'link-manager.php';
+$list_js = true;
 
 $wpvarstoreset = array('action', 'cat', 'auto_toggle');
 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@@ -25,7 +26,9 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 switch ($action) {
   case 'addcat':
   {
-      if ($user_level < 5)
+      check_admin_referer('add-link-category');
+
+      if ( !current_user_can('manage_links') )
           die (__("Cheatin' uh ?"));
 
       $cat_name = wp_specialchars($_POST['cat_name']);
@@ -60,9 +63,9 @@ switch ($action) {
       if ($sort_desc != 'Y') {
           $sort_desc = 'N';
       }
-      $text_before_link = addslashes($_POST['text_before_link']);
-      $text_after_link = addslashes($_POST['text_after_link']);
-      $text_after_all = addslashes($_POST['text_after_all']);
+      $text_before_link = $_POST['text_before_link'];
+      $text_after_link = $_POST['text_after_link'];
+      $text_after_all = $_POST['text_after_all'];
 
       $list_limit = $_POST['list_limit'];
       if ($list_limit == '')
@@ -74,24 +77,26 @@ switch ($action) {
              " '$show_rating', '$show_updated', '$sort_order', '$sort_desc', '$text_before_link', '$text_after_link', \n" .
              " '$text_after_all', $list_limit)");
 
-      header('Location: link-categories.php');
+      wp_redirect('link-categories.php');
     break;
   } // end addcat
   case 'Delete':
   {
-    $cat_id = (int) $_GET['cat_id'];
+   	$cat_id = (int) $_GET['cat_id'];
+    check_admin_referer('delete-link-category_' . $cat_id);
+
     $cat_name=get_linkcatname($cat_id);
 
     if ($cat_id=="1")
         die(sprintf(__("Can't delete the <strong>%s</strong> link category: this is the default one"), $cat_name));
 
-    if ($user_level < 5)
+    if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
     $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$cat_id'");
 
-    header('Location: link-categories.php');
+    wp_redirect('link-categories.php');
     break;
   } // end delete
   case 'Edit':
@@ -111,6 +116,7 @@ switch ($action) {
   <h2><?php printf(__('Edit &#8220%s&#8221; Category'), wp_specialchars($row->cat_name)); ?></h2>
 
   <form name="editcat" method="post">
+  <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
       <input type="hidden" name="action" value="editedcat" />
       <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
 <fieldset class="options">
@@ -118,7 +124,7 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Name:') ?></th>
-	<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+	<td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
 	<th scope="row"><?php _e('Show:') ?></th>
@@ -176,15 +182,15 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
-	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
+	<td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Between Link and Description:') ?></th>
-<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
+<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link,'double')?>" /></td>
 </tr>
 <tr>
 <th scope="row"><?php _e('After Link:') ?></th>
-<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
+<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all,'double')?>"/></td>
 </tr>
 </table>
 </fieldset>
@@ -198,14 +204,15 @@ switch ($action) {
   } // end Edit
   case "editedcat":
   {
-    if ($user_level < 5)
+    $cat_id = (int)$_POST["cat_id"];
+    check_admin_referer('update-link-category_' . $cat_id);
+
+    if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     $submit=$_POST["submit"];
     if (isset($submit)) {
 
-    $cat_id = (int)$_POST["cat_id"];
-
     $cat_name= wp_specialchars($_POST["cat_name"]);
     $auto_toggle = $_POST["auto_toggle"];
     if ($auto_toggle != 'Y') {
@@ -238,9 +245,9 @@ switch ($action) {
     if ($sort_desc != 'Y') {
         $sort_desc = 'N';
     }
-    $text_before_link = addslashes($_POST["text_before_link"]);
-    $text_after_link = addslashes($_POST["text_after_link"]);
-    $text_after_all = addslashes($_POST["text_after_all"]);
+    $text_before_link = $_POST["text_before_link"];
+    $text_after_link = $_POST["text_after_link"];
+    $text_after_all = $_POST["text_after_all"];
 
     $list_limit = $_POST["list_limit"];
     if ($list_limit == '')
@@ -264,20 +271,19 @@ switch ($action) {
     } // end if save
 
 
-    header("Location: link-categories.php");
+    wp_redirect("link-categories.php");
     break;
   } // end editcat
   default:
   {
     include_once ("admin-header.php");
-    if ($user_level < 5) {
+    if ( !current_user_can('manage_links') )
       die(__("You have do not have sufficient permissions to edit the link categories for this blog. :)"));
-    }
 ?>
 
 <div class="wrap">
             <h2><?php _e('Link Categories:') ?></h2>
-            <table width="100%" cellpadding="5" cellspacing="0" border="0">
+            <table id="the-list" width="100%" cellpadding="5" cellspacing="0" border="0">
               <tr>
  	        <th rowspan="2" valign="bottom"><?php _e('Name') ?></th>
                 <th rowspan="2" valign="bottom"><?php _e('ID') ?></th>
@@ -303,7 +309,7 @@ $results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle, show_images
          . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
          . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
 $i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
     if ($row->list_limit == -1) {
         $row->list_limit = __('none');
     }
@@ -335,7 +341,7 @@ foreach ($results as $row) {
     		break;
     }
 ?>
-              <tr valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
+              <tr id="link-category-<?php echo $row->cat_id; ?>" valign="middle" align="center" <?php echo $style ?> style="border-bottom: 1px dotted #9C9A9C;">
                 <td><?php echo wp_specialchars($row->cat_name)?></td>
 				<td ><?php echo $row->cat_id?></td>
                 <td><?php echo $row->auto_toggle == 'Y' ? __('Yes') : __('No') ?></td>
@@ -345,13 +351,19 @@ foreach ($results as $row) {
                 <td><?php echo $row->show_updated == 'Y' ? __('Yes') : __('No') ?></td>
                 <td><?php echo $row->sort_order ?></td>
                 <td><?php echo $row->sort_desc == 'Y' ? __('Yes') : __('No') ?></td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_before_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_link)?>&nbsp;</td>
-                <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_before_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_link)?>&nbsp;</td>
+                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                 <td><?php echo $row->list_limit ?></td>
                 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Delete" onclick="return confirm('<?php _e("You are about to delete this category.\\n  \'Cancel\' to stop, \'OK\' to delete.") ?>');" class="delete"><?php _e('Delete') ?></a></td>
-              </tr>
+                <td>
+				<?php if (1 == $row->cat_id ) { 
+					_e('Default');
+				} else { ?>
+					<a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a>
+				<?php } ?>
+              </td>
+	   </tr>
 <?php
         ++$i;
     }
@@ -359,10 +371,13 @@ foreach ($results as $row) {
             </table>
 <p><?php _e('These are the defaults for when you call a link category with no additional arguments. All of these settings may be overwritten.') ?></p>
 
+<div id="ajax-response"></div>
+
 </div>
 
 <div class="wrap">
-    <form name="addcat" method="post">
+    <form name="addcat" method="post" action="">
+    <?php wp_nonce_field('add-link-category'); ?>
       <input type="hidden" name="action" value="addcat" />
 	  <h2><?php _e('Add a Link Category:') ?></h2>
 <fieldset class="options">
@@ -443,7 +458,7 @@ foreach ($results as $row) {
 </div>
 <div class="wrap">
     <h3><?php _e('Note:') ?></h3>
-    <?php printf(__('<p>Deleting a link category does not delete links from that category.<br />It will just set them back to the default category <b>%s</b>.'), get_linkcatname(1)) ?></p>
+	<p><?php printf(__('Deleting a link category does not delete links from that category.<br />It will just set them back to the default category <strong>%s</strong>.'), get_linkcatname(1)) ?></p>
 </div>
 <?php
     break;

wp-admin/link-import.php

@@ -15,48 +15,48 @@ switch ($step) {
     case 0:
     {
         include_once('admin-header.php');
-        if ($user_level < 5)
+        if ( !current_user_can('manage_links') )
             die (__("Cheatin&#8217; uh?"));
 
         $opmltype = 'blogrolling'; // default.
 ?>
 
 <div class="wrap">
+<h2><?php _e('Import your blogroll from another system') ?> </h2>
+<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<?php wp_nonce_field('import-bookmarks') ?>
 
-    <h2><?php _e('Import your blogroll from another system') ?> </h2>
-	<!-- <form name="blogroll" action="link-import.php" method="get"> -->
-	<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?></p>
+<div style="width: 70%; margin: auto; height: 8em;">
+<input type="hidden" name="step" value="1" />
+<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
+<div style="width: 48%; float: left;">
+<h3><?php _e('Specify an OPML URL:'); ?></h3>
+<input type="text" name="opml_url" size="50" style="width: 90%;" value="http://" />
+</div>
 
-	<ol>
-    <li><?php _e('Go to <a href="http://www.blogrolling.com">Blogrolling.com</a> and sign in. Once you&#8217;ve done that, click on <strong>Get Code</strong>, and then look for the <strong><abbr title="Outline Processor Markup Language">OPML</abbr> code</strong>') ?>.</li>
-    <li><?php _e('Or go to <a href="http://blo.gs">Blo.gs</a> and sign in. Once you&#8217;ve done that in the \'Welcome Back\' box on the right, click on <strong>share</strong>, and then look for the <strong><abbr title="Outline Processor Markup Language">OPML</abbr> link</strong> (favorites.opml).') ?></li>
-    <li><?php _e('Select that text and copy it or copy the link/shortcut into the box below.') ?><br />
-       <input type="hidden" name="step" value="1" />
-       <?php _e('Your OPML URL:') ?> <input type="text" name="opml_url" size="65" />
-	</li>
-    <li>
-	   <?php _e('<strong>or</strong> you can upload an OPML file from your desktop aggregator:') ?><br />
-       <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
-       <label><?php _e('Upload this file:') ?> <input name="userfile" type="file" /></label>
-    </li>
+<div style="width: 48%; float: left;">
+<h3><?php _e('Or choose from your local disk:'); ?></h3>
+<input id="userfile" name="userfile" type="file" size="30" />
+</div>
 
-    <li><?php _e('Now select a category you want to put these links in.') ?><br />
-	<?php _e('Category:') ?> <select name="cat_id">
+
+</div>
+
+<p style="clear: both; margin-top: 1em;"><?php _e('Now select a category you want to put these links in.') ?><br />
+<?php _e('Category:') ?> <select name="cat_id">
 <?php
-	$categories = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
-	foreach ($categories as $category) {
+$categories = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
+foreach ($categories as $category) {
 ?>
-    <option value="<?php echo $category->cat_id; ?>"><?php echo $category->cat_id.': '.$category->cat_name; ?></option>
+<option value="<?php echo $category->cat_id; ?>"><?php echo $category->cat_id.': '.$category->cat_name; ?></option>
 <?php
-        } // end foreach
+} // end foreach
 ?>
-    </select>
+</select></p>
 
-	</li>
-
-    <li><input type="submit" name="submit" value="<?php _e('Import!') ?>" /></li>
-	</ol>
-    </form>
+<p class="submit"><input type="submit" name="submit" value="<?php _e('Import OPML File') ?> &raquo;" /></p>
+</form>
 
 </div>
 <?php
@@ -64,40 +64,39 @@ switch ($step) {
             } // end case 0
 
     case 1: {
+		check_admin_referer('import-bookmarks');
+
                 include_once('admin-header.php');
-                if ($user_level < 5)
+                if ( !current_user_can('manage_links') )
                     die (__("Cheatin' uh ?"));
 ?>
 <div class="wrap">
 
      <h2><?php _e('Importing...') ?></h2>
 <?php
-                $cat_id = $_POST['cat_id'];
-                if (($cat_id == '') || ($cat_id == 0)) {
-                    $cat_id  = 1;
-                }
+				$cat_id = abs( (int) $_POST['cat_id'] );
+				if ( $cat_id < 1 )
+					$cat_id  = 1;
 
                 $opml_url = $_POST['opml_url'];
-                if (isset($opml_url) && $opml_url != '') {
+                if (isset($opml_url) && $opml_url != '' && $opml_url != 'http://') {
 					$blogrolling = true;
                 }
                 else // try to get the upload file.
 				{
-					$uploaddir = get_settings('fileupload_realpath');
-					$uploadfile = $uploaddir.'/'.$_FILES['userfile']['name'];
+					$overrides = array('test_form' => false, 'test_type' => false);
+					$file = wp_handle_upload($_FILES['userfile'], $overrides);
 
-					if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
-					{
-						//echo "Upload successful.";
-						$blogrolling = false;
-						$opml_url = $uploadfile;
-					} else {
-						echo __("Upload error");
-					}
+					if ( isset($file['error']) )
+						die($file['error']);
+
+					$url = $file['url'];
+					$opml_url = $file['file'];
+					$blogrolling = false;
 				}
 
                 if (isset($opml_url) && $opml_url != '') {
-                    $opml = implode('', file($opml_url));
+                    $opml = wp_remote_fopen($opml_url);
                     include_once('link-parse-opml.php');
 
                     $link_count = count($names);
@@ -106,10 +105,11 @@ switch ($step) {
                             $titles[$i] = '';
                         if ('http' == substr($titles[$i], 0, 4))
                             $titles[$i] = '';
+                        // FIXME:  Use wp_insert_link().
                         $query = "INSERT INTO $wpdb->links (link_url, link_name, link_target, link_category, link_description, link_owner, link_rss)
-                                VALUES('{$urls[$i]}', '".addslashes($names[$i])."', '', $cat_id, '".addslashes($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";
+                                VALUES('{$urls[$i]}', '".$wpdb->escape($names[$i])."', '', $cat_id, '".$wpdb->escape($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";
                         $result = $wpdb->query($query);
-                        echo sprintf(__("<p>Inserted <strong>%s</strong></p>"), $names[$i]);
+						echo sprintf('<p>'.__('Inserted <strong>%s</strong>').'</p>', $names[$i]);
                     }
 ?>
      <p><?php printf(__('Inserted %1$d links into category %2$s. All done! Go <a href="%3$s">manage those links</a>.'), $link_count, $cat_id, 'link-manager.php') ?></p>
@@ -120,12 +120,15 @@ switch ($step) {
                     echo "<p>" . __("You need to supply your OPML url. Press back on your browser and try again") . "</p>\n";
                 } // end else
 
+				if ( ! $blogrolling )
+					@unlink($opml_url);
 ?>
 </div>
 <?php
                 break;
             } // end case 1
 } // end switch
+
+include('admin-footer.php');
+
 ?>
-</body>
-</html>

wp-admin/link-manager.php

@@ -6,39 +6,7 @@ require_once('admin.php');
 
 $title = __('Manage Links');
 $this_file = $parent_file = 'link-manager.php';
-
-function xfn_check($class, $value = '', $type = 'check') {
-	global $link_rel;
-	$rels = preg_split('/\s+/', $link_rel);
-
-	if ('' != $value && in_array($value, $rels) ) {
-		echo ' checked="checked"';
-	}
-
-	if ('' == $value) {
-		if ('family' == $class && !strstr($link_rel, 'child') && !strstr($link_rel, 'parent') && !strstr($link_rel, 'sibling') && !strstr($link_rel, 'spouse') && !strstr($link_rel, 'kin')) echo ' checked="checked"';
-		if ('friendship' == $class && !strstr($link_rel, 'friend') && !strstr($link_rel, 'acquaintance') && !strstr($link_rel, 'contact') ) echo ' checked="checked"';
-		if ('geographical' == $class && !strstr($link_rel, 'co-resident') && !strstr($link_rel, 'neighbor') ) echo ' checked="checked"';
-		if ('identity' == $class && in_array('me', $rels) ) echo ' checked="checked"';
-	}
-}
-
-function category_dropdown($fieldname, $selected = 0) {
-	global $wpdb;
-	
-	$results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle FROM $wpdb->linkcategories ORDER BY cat_id");
-	echo "\n<select name='$fieldname' size='1'>";
-	foreach ($results as $row) {
-		echo "\n\t<option value='$row->cat_id'";
-		if ($row->cat_id == $selected)
-			echo " selected='selected'";
-		echo ">$row->cat_id: ".wp_specialchars($row->cat_name);
-		if ('Y' == $row->auto_toggle)
-			echo ' (auto toggle)';
-		echo "</option>\n";
-	}
-	echo "\n</select>\n";
-}
+$list_js = true;
 
 $wpvarstoreset = array('action','cat_id', 'linkurl', 'name', 'image',
                        'description', 'visible', 'target', 'category', 'link_id',
@@ -71,45 +39,44 @@ if ('' != $_POST['linkcheck']) $linkcheck = $_POST[linkcheck];
 switch ($action) {
   case 'assign':
   {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
-    if ($user_level < 5)
+    if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     //for each link id (in $linkcheck[]): if the current user level >= the
     //userlevel of the owner of the link then we can proceed.
 
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
-    $results = $wpdb->get_results("SELECT link_id, link_owner, user_level FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)");
+    $results = $wpdb->get_results("SELECT link_id, link_owner FROM $wpdb->links LEFT JOIN $wpdb->users ON link_owner = ID WHERE link_id in ($all_links)");
     foreach ($results as $row) {
-      if (($user_level >= $row->user_level)) { // ok to proceed
-        $ids_to_change[] = $row->link_id;
-      }
+       $ids_to_change[] = $row->link_id;
     }
 
     // should now have an array of links we can change
     $all_links = join(',', $ids_to_change);
     $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
+    exit;
     break;
   }
   case 'visibility':
   {
-    check_admin_referer();
+  	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
-    if ($user_level < 5)
+    if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     //for each link id (in $linkcheck[]): toggle the visibility
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
@@ -133,131 +100,75 @@ switch ($action) {
         $q = $wpdb->query("update $wpdb->links SET link_visible='Y' WHERE link_id IN ($all_linkson)");
     }
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
+    exit;
     break;
   }
   case 'move':
   {
-    check_admin_referer();
+	check_admin_referer('bulk-bookmarks');
 
     // check the current user's level first.
-    if ($user_level < 5)
+    if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
     //for each link id (in $linkcheck[]) change category to selected value
     if (count($linkcheck) == 0) {
-        header('Location: ' . $this_file);
+        wp_redirect($this_file);
         exit;
     }
     $all_links = join(',', $linkcheck);
     // should now have an array of links we can change
     $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
 
-    header('Location: ' . $this_file);
+    wp_redirect($this_file);
+    exit();
     break;
   }
 
   case 'Add':
   {
-    check_admin_referer();
+  	check_admin_referer('add-bookmark');
 
-    $link_url = wp_specialchars($_POST['linkurl']);
-    $link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url; 
-    $link_name = wp_specialchars($_POST['name']);
-    $link_image = wp_specialchars($_POST['image']);
-    $link_target = $_POST['target'];
-    $link_category = $_POST['category'];
-    $link_description = $_POST['description'];
-    $link_visible = $_POST['visible'];
-    $link_rating = $_POST['rating'];
-    $link_rel = $_POST['rel'];
-    $link_notes = $_POST['notes'];
-	$link_rss_uri =  wp_specialchars($_POST['rss_uri']);
-    $auto_toggle = get_autotoggle($link_category);
-
-    if ($user_level < 5)
-      die (__("Cheatin' uh ?"));
-
-    // if we are in an auto toggle category and this one is visible then we
-    // need to make the others invisible before we add this new one.
-    if (($auto_toggle == 'Y') && ($link_visible == 'Y')) {
-      $wpdb->query("UPDATE $wpdb->links set link_visible = 'N' WHERE link_category = $link_category");
-    }
-    $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) " .
-      " VALUES('" . $link_url . "','"
-           . $link_name . "', '"
-           . $link_image . "', '$link_target', $link_category, '"
-           . $link_description . "', '$link_visible', $user_ID, $link_rating, '" . $link_rel . "', '" . $link_notes . "', '$link_rss_uri')");
-
-    header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+	add_link();
+	
+    wp_redirect(wp_get_referer() . '?added=true');
+    exit;
     break;
   } // end Add
 
   case 'editlink':
   {
-    if (isset($submit)) {
+	$link_id = (int) $_POST['link_id'];
+	check_admin_referer('update-bookmark_' . $link_id);
+ 	
+	if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
+		$cat_id = $links_show_cat_id;
 
-      if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
-        $cat_id = $links_show_cat_id;
+	if (!isset($cat_id) || ($cat_id == '')) {
+		if (!isset($links_show_cat_id) || ($links_show_cat_id == ''))
+			$cat_id = 'All';
+	}
+	$links_show_cat_id = $cat_id;
 
-      if (!isset($cat_id) || ($cat_id == '')) {
-        if (!isset($links_show_cat_id) || ($links_show_cat_id == ''))
-          $cat_id = 'All';
-      }
-      $links_show_cat_id = $cat_id;
-
-      check_admin_referer();
-
-      $link_id = (int) $_POST['link_id'];
-      $link_url = wp_specialchars($_POST['linkurl']);
-      $link_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $link_url) ? $link_url : 'http://' . $link_url; 
-      $link_name = wp_specialchars($_POST['name']);
-      $link_image = wp_specialchars($_POST['image']);
-      $link_target = wp_specialchars($_POST['target']);
-      $link_category = $_POST['category'];
-      $link_description = $_POST['description'];
-      $link_visible = $_POST['visible'];
-      $link_rating = $_POST['rating'];
-      $link_rel = $_POST['rel'];
-      $link_notes = $_POST['notes'];
-	  $link_rss_uri =  $_POST['rss_uri'];
-      $auto_toggle = get_autotoggle($link_category);
-
-      if ($user_level < 5)
-        die (__("Cheatin' uh ?"));
-
-      // if we are in an auto toggle category and this one is visible then we
-      // need to make the others invisible before we update this one.
-      if (($auto_toggle == 'Y') && ($link_visible == 'Y')) {
-        $wpdb->query("UPDATE $wpdb->links set link_visible = 'N' WHERE link_category = $link_category");
-      }
-
-      $wpdb->query("UPDATE $wpdb->links SET link_url='" . $link_url . "',
-	  link_name='" . $link_name . "',\n link_image='" . $link_image . "',
-	  link_target='$link_target',\n link_category=$link_category,
-	  link_visible='$link_visible',\n link_description='" . $link_description . "',
-	  link_rating=$link_rating,
-	  link_rel='" . $link_rel . "',
-	  link_notes='" . $link_notes . "',
-	  link_rss = '$link_rss_uri'
-	  WHERE link_id=$link_id");
-    } // end if save
+	edit_link($link_id);
+	
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Save
 
-  case 'Delete':
+  case 'delete':
   {
-    check_admin_referer();
+	$link_id = (int) $_GET['link_id'];
+	check_admin_referer('delete-bookmark_' . $link_id);
 
-    $link_id = (int) $_GET['link_id'];
-
-    if ($user_level < 5)
+    if ( !current_user_can('manage_links') )
       die (__("Cheatin' uh ?"));
 
-    $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = $link_id");
-
+	wp_delete_link($link_id);
+	
     if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
         $cat_id = $links_show_cat_id;
 
@@ -268,237 +179,23 @@ switch ($action) {
     $links_show_cat_id = $cat_id;
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     wp_redirect($this_file);
+    exit;
     break;
   } // end Delete
 
   case 'linkedit': {
-	$xfn = true;
-    include_once ('admin-header.php');
-    if ($user_level < 5)
-      die(__('You do not have sufficient permissions to edit the links for this blog.'));
-
-    $link_id = (int) $_GET['link_id'];
-    $row = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = $link_id");
-
-    if ($row) {
-      $link_url = wp_specialchars($row->link_url, 1);
-      $link_name = wp_specialchars($row->link_name, 1);
-      $link_image = $row->link_image;
-      $link_target = $row->link_target;
-      $link_category = $row->link_category;
-      $link_description = wp_specialchars($row->link_description);
-      $link_visible = $row->link_visible;
-      $link_rating = $row->link_rating;
-      $link_rel = $row->link_rel;
-      $link_notes = wp_specialchars($row->link_notes);
-	  $link_rss_uri = wp_specialchars($row->link_rss);
-    } else {
-		die( __('Link not found.') ); 
-	}
-
-?>
-
-<div class="wrap"> 
-  <form action="" method="post" name="editlink" id="editlink"> 
-  <h2><?php _e('Edit a link:') ?></h2>
-<fieldset class="options">
-    <legend><?php _e('Basics') ?></legend>
-        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
-         <tr>
-           <th width="33%" scope="row"><?php _e('URI:') ?></th>
-           <td width="67%"><input type="text" name="linkurl" value="<?php echo $link_url; ?>" style="width: 95%;" /></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Link Name:') ?></th>
-           <td><input type="text" name="name" value="<?php echo $link_name; ?>" style="width: 95%" /></td>
-         </tr>
-         <tr>
-            <th scope="row"><?php _e('Short description:') ?></th>
-         	<td><input type="text" name="description" value="<?php echo $link_description; ?>" style="width: 95%" /></td>
-         	</tr>
-        <tr>
-           <th scope="row"><?php _e('Category:') ?></th>
-           <td><?php category_dropdown('category', $link_category); ?></td>
-         </tr>
-</table>
-</fieldset>
-       <p class="submit">
-       <input type="submit" name="submit" value="<?php _e('Save Changes &raquo;') ?>" />
-       </p>
-	<fieldset class="options">
-        <legend><?php _e('Link Relationship (XFN)') ?></legend>
-        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
-            <tr>
-                <th width="33%" scope="row"><?php _e('rel:') ?></th>
-            	<td width="67%"><input type="text" name="rel" id="rel" size="50" value="<?php echo $link_rel; ?>" /></td>
-           	</tr>
-            <tr>
-                <th scope="row"><?php _e('<a href="http://gmpg.org/xfn/">XFN</a> Creator:') ?></th>
-            	<td>
-					<table cellpadding="3" cellspacing="5">
-	          <tr>
-              <th scope="row"> <?php _e('identity') ?> </th>
-              <td>
-                <label for="me">
-                <input type="checkbox" name="identity" value="me" id="me" <?php xfn_check('identity', 'me'); ?> />
-          <?php _e('another web address of mine') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('friendship') ?> </th>
-              <td>
-			    <label for="contact">
-                <input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
-                <label for="acquaintance">
-                <input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
-                <label id="friend">
-                <input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
-                <label for="friendship">
-                <input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('physical') ?> </th>
-              <td>
-                <label for="met">
-                <input class="valinp" type="checkbox" name="physical" value="met" id="met" <?php xfn_check('physical', 'met'); ?> />
-          <?php _e('met') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('professional') ?> </th>
-              <td>
-                <label for="co-worker">
-                <input class="valinp" type="checkbox" name="professional" value="co-worker" id="co-worker" <?php xfn_check('professional', 'co-worker'); ?> />
-          <?php _e('co-worker') ?></label>
-                <label for="colleague">
-                <input class="valinp" type="checkbox" name="professional" value="colleague" id="colleague" <?php xfn_check('professional', 'colleague'); ?> />
-          <?php _e('colleague') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('geographical') ?> </th>
-              <td>
-                <label for="co-resident">
-                <input class="valinp" type="radio" name="geographical" value="co-resident" id="co-resident" <?php xfn_check('geographical', 'co-resident', 'radio'); ?> />
-          <?php _e('co-resident') ?></label>
-                <label for="neighbor">
-                <input class="valinp" type="radio" name="geographical" value="neighbor" id="neighbor" <?php xfn_check('geographical', 'neighbor', 'radio'); ?> />
-          <?php _e('neighbor') ?></label>
-                <label for="geographical">
-                <input class="valinp" type="radio" name="geographical" value="" id="geographical" <?php xfn_check('geographical', '', 'radio'); ?> />
-          <?php _e('none') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('family') ?> </th>
-              <td>
-                <label for="child">
-                <input class="valinp" type="radio" name="family" value="child" id="child" <?php xfn_check('family', 'child', 'radio'); ?>  />
-          <?php _e('child') ?></label>
-                <label for="kin">
-                <input class="valinp" type="radio" name="family" value="kin" id="kin" <?php xfn_check('family', 'kin', 'radio'); ?>  />
-          <?php _e('kin') ?></label>
-                <label for="parent">
-                <input class="valinp" type="radio" name="family" value="parent" id="parent" <?php xfn_check('family', 'parent', 'radio'); ?> />
-          <?php _e('parent') ?></label>
-                <label for="sibling">
-                <input class="valinp" type="radio" name="family" value="sibling" id="sibling" <?php xfn_check('family', 'sibling', 'radio'); ?> />
-          <?php _e('sibling') ?></label>
-                <label for="spouse">
-                <input class="valinp" type="radio" name="family" value="spouse" id="spouse" <?php xfn_check('family', 'spouse', 'radio'); ?> />
-          <?php _e('spouse') ?></label>
-                <label for="family">
-                <input class="valinp" type="radio" name="family" value="" id="family" <?php xfn_check('family', '', 'radio'); ?> />
-          <?php _e('none') ?></label>
-              </td>
-            </tr>
-            <tr>
-              <th scope="row"> <?php _e('romantic') ?> </th>
-              <td>
-                <label for="muse">
-                <input class="valinp" type="checkbox" name="romantic" value="muse" id="muse" <?php xfn_check('romantic', 'muse'); ?> />
-         <?php _e('muse') ?></label>
-                <label for="crush">
-                <input class="valinp" type="checkbox" name="romantic" value="crush" id="crush" <?php xfn_check('romantic', 'crush'); ?> />
-         <?php _e('crush') ?></label>
-                <label for="date">
-                <input class="valinp" type="checkbox" name="romantic" value="date" id="date" <?php xfn_check('romantic', 'date'); ?> />
-         <?php _e('date') ?></label>
-                <label for="romantic">
-                <input class="valinp" type="checkbox" name="romantic" value="sweetheart" id="romantic" <?php xfn_check('romantic', 'sweetheart'); ?> />
-         <?php _e('sweetheart') ?></label>
-              </td>
-            </tr>
-        </table>
-		  </td>
-           	</tr>
-</table>
-</fieldset>
-       <p class="submit">
-       <input type="submit" name="submit" value="<?php _e('Save Changes &raquo;') ?>" />
-       </p>
-<fieldset class="options">
-        <legend><?php _e('Advanced') ?></legend>
-        <table class="editform" width="100%" cellspacing="2" cellpadding="5">
-         <tr>
-           <th width="33%" scope="row"><?php _e('Image URI:') ?></th>
-           <td width="67%"><input type="text" name="image" size="50" value="<?php echo $link_image; ?>" style="width: 95%" /></td>
-         </tr>
-<tr>
-           <th scope="row"><?php _e('RSS URI:') ?> </th>
-           <td><input name="rss_uri" type="text" id="rss_uri" value="<?php echo $link_rss_uri; ?>" size="50" style="width: 95%" /></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Notes:') ?></th>
-           <td><textarea name="notes" cols="50" rows="10" style="width: 95%"><?php echo $link_notes; ?></textarea></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Rating:') ?></th>
-           <td><select name="rating" size="1">
-<?php
-    for ($r = 0; $r < 10; $r++) {
-      echo('            <option value="'.$r.'" ');
-      if ($link_rating == $r)
-        echo 'selected="selected"';
-      echo('>'.$r.'</option>');
-    }
-?>
-           </select>
-         &nbsp;<?php _e('(Leave at 0 for no rating.)') ?> </td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Target') ?></th>
-           <td><label>
-          <input type="radio" name="target" value="_blank"   <?php echo(($link_target == '_blank') ? 'checked="checked"' : ''); ?> />
-          <code>_blank</code></label><br />
-<label>
-<input type="radio" name="target" value="_top" <?php echo(($link_target == '_top') ? 'checked="checked"' : ''); ?> />
-<code>_top</code></label><br />
-<label>
-<input type="radio" name="target" value=""     <?php echo(($link_target == '') ? 'checked="checked"' : ''); ?> />
-<?php _e('none') ?></label><br />
-<?php _e('(Note that the <code>target</code> attribute is illegal in XHTML 1.1 and 1.0 Strict.)') ?></td>
-         </tr>
-         <tr>
-           <th scope="row"><?php _e('Visible:') ?></th>
-           <td><label>
-             <input type="radio" name="visible" <?php if ($link_visible == 'Y') echo "checked='checked'"; ?> value="Y" />
-<?php _e('Yes') ?></label><br /><label>
-<input type="radio" name="visible" <?php if ($link_visible == 'N') echo "checked='checked'"; ?> value="N" />
-<?php _e('No') ?></label></td>
-         </tr>
-</table>
-</fieldset>
-<p class="submit"><input type="submit" name="submit" value="<?php _e('Save Changes &raquo;') ?>" />
-          <input type="hidden" name="action" value="editlink" />
-          <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-          <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
-          <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" /></p>
-  </form> 
-</div>
-<?php
-    break;
+	$xfn_js = true;
+	include_once ('admin-header.php');
+	if ( !current_user_can('manage_links') )
+		die(__('You do not have sufficient permissions to edit the links for this blog.'));
+	
+	$link_id = (int) $_GET['link_id'];
+	
+	if ( !$link = get_link_to_edit($link_id) )
+		die( __('Link not found.') );
+	
+	include('edit-link-form.php');
+	break;
   } // end linkedit
   case __("Show"):
   {
@@ -540,9 +237,8 @@ switch ($action) {
     setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
     setcookie('links_show_order_' . COOKIEHASH, $links_show_order, time()+600);
     include_once ("./admin-header.php");
-    if ($user_level < 5) {
+    if ( !current_user_can('manage_links') )
       die(__("You do not have sufficient permissions to edit the links for this blog."));
-    }
 
     switch ($order_by)
     {
@@ -600,7 +296,7 @@ function checkAll(form)
         echo " selected='selected'";
         echo ">".$row->cat_id.": ".wp_specialchars($row->cat_name);
         if ($row->auto_toggle == 'Y')
-            echo ' (auto toggle)';
+            echo ' '.__('(auto toggle)');
         echo "</option>\n";
     }
     echo "        </select>\n";
@@ -628,11 +324,12 @@ function checkAll(form)
 <form name="links" id="links" method="post" action="">
 <div class="wrap">
 
+    <?php wp_nonce_field('bulk-bookmarks') ?>
     <input type="hidden" name="link_id" value="" />
     <input type="hidden" name="action" value="" />
-    <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+    <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
     <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
-  <table width="100%" cellpadding="3" cellspacing="3">
+  <table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
     <tr>
       <th width="15%"><?php _e('Name') ?></th>
       <th><?php _e('URI') ?></th>
@@ -646,7 +343,7 @@ function checkAll(form)
 <?php
     $sql = "SELECT link_url, link_name, link_image, link_description, link_visible,
             link_category AS cat_id, cat_name AS category, $wpdb->users.user_login, link_id,
-            link_rating, link_rel, $wpdb->users.user_level
+            link_rating, link_rel
             FROM $wpdb->links
             LEFT JOIN $wpdb->linkcategories ON $wpdb->links.link_category = $wpdb->linkcategories.cat_id
             LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->links.link_owner ";
@@ -660,10 +357,10 @@ function checkAll(form)
     $links = $wpdb->get_results($sql);
     if ($links) {
         foreach ($links as $link) {
-      	    $link->link_name = wp_specialchars($link->link_name);
+      	    $link->link_name = attribute_escape($link->link_name);
       	    $link->link_category = wp_specialchars($link->link_category);
       	    $link->link_description = wp_specialchars($link->link_description);
-            $link->link_url = wp_specialchars($link->link_url);
+            $link->link_url = attribute_escape($link->link_url);
             $short_url = str_replace('http://', '', $link->link_url);
             $short_url = str_replace('www.', '', $short_url);
             if ('/' == substr($short_url, -1))
@@ -674,9 +371,9 @@ function checkAll(form)
             $image = ($link->link_image != null) ? __('Yes') : __('No');
             $visible = ($link->link_visible == 'Y') ? __('Yes') : __('No');
             ++$i;
-            $style = ($i % 2) ? ' class="alternate"' : '';
+            $style = ($i % 2) ? '' : ' class="alternate"';
 ?>
-    <tr valign="middle" <?php echo $style; ?>>
+    <tr id="link-<?php echo $link->link_id; ?>" valign="middle" <?php echo $style; ?>>
 		<td><strong><?php echo $link->link_name; ?></strong><br />
 <?php			
         echo sprintf(__('Description: %s'), $link->link_description) . "</td>";
@@ -689,23 +386,22 @@ function checkAll(form)
 LINKS;
             $show_buttons = 1; // default
 
-            if ($link->user_level > $user_level) {
-              $show_buttons = 0;
-            }
-
             if ($show_buttons) {
         echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
-        echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=Delete"' .  " onclick=\"return confirm('" . __("You are about to delete this link.\\n  \'Cancel\' to stop, \'OK\' to delete.") .  "');" . '" class="delete">' . __('Delete') . '</a></td>';
+ 		echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );">'.__('Delete').'</a></td>';
         echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
             } else {
               echo "<td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td>\n";
             }
-		echo "\n\t</tr>";
+
+		echo "\n    </tr>\n";
         }
     }
 ?>
 </table>
 
+<div id="ajax-response"></div>
+
 </div>
 
 <div class="wrap">
@@ -716,7 +412,7 @@ LINKS;
         <td>
           <?php _e('Assign ownership to:'); ?>
 <?php
-    $results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users WHERE user_level > 0 ORDER BY ID");
+    $results = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY ID");
     echo "          <select name=\"newowner\" size=\"1\">\n";
     foreach ($results as $row) {
       echo "            <option value=\"".$row->ID."\"";
@@ -731,7 +427,7 @@ LINKS;
           <input name="visibility" type="submit" id="visibility" value="<?php _e('Toggle Visibility') ?>" />
         </td>
         <td>
-          <?php _e('Move to category:'); category_dropdown('category'); ?> <input name="move" type="submit" id="move" value="<?php _e('Go') ?>" />
+          <?php _e('Move to category:'); link_category_dropdown('category'); ?> <input name="move" type="submit" id="move" value="<?php _e('Go') ?>" />
         </td>
         <td align="right">
           <a href="#" onclick="checkAll(document.getElementById('links')); return false; "><?php _e('Toggle Checkboxes') ?></a>

wp-admin/link-parse-opml.php

@@ -55,11 +55,11 @@ $xml_parser = xml_parser_create();
 xml_set_element_handler($xml_parser, "startElement", "endElement");
 
 if (!xml_parse($xml_parser, $opml, true)) {
-    echo(sprintf("XML error: %s at line %d",
+    echo(sprintf(__('XML error: %1$s at line %2$s'),
                    xml_error_string(xml_get_error_code($xml_parser)),
                    xml_get_current_line_number($xml_parser)));
 }
 
 // Free up memory used by the XML parser
 xml_parser_free($xml_parser);
-?>
+?>

wp-admin/list-manipulation.js

@@ -0,0 +1,96 @@
+var listItems;
+var reg_color = '#FFFFFF';
+var alt_color = '#F1F1F1';
+
+addLoadEvent(getListItems);
+
+function deleteSomething( what, id, message ) {
+	what.replace('-', ' ');
+	if (!message) message = 'Are you sure you want to delete this ' + what + '?';
+	if ( confirm(message) ) {
+		return ajaxDelete( what.replace(' ', '-'), id );
+	} else {
+		return false;
+	}
+}
+
+function getResponseElement() {
+	var p = document.getElementById('ajax-response-p');
+	if (!p) {
+		p = document.createElement('p');
+		p.id = 'ajax-response-p';
+		document.getElementById('ajax-response').appendChild(p);
+		return p;
+	}
+}
+
+function ajaxDelete(what, id) {
+	ajaxDel = new sack('list-manipulation.php');
+	if ( ajaxDel.failed ) return true;
+	ajaxDel.myResponseElement = getResponseElement();
+	ajaxDel.method = 'POST';
+	ajaxDel.onLoading = function() { ajaxDel.myResponseElement.innerHTML = 'Sending Data...'; };
+	ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; };
+	ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; };
+	ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); };
+	ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie));
+	return false;
+}
+
+function removeThisItem(id) {
+	var response = ajaxDel.response;
+	if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; }
+	response = parseInt(response, 10);
+	if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; }
+	else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened.  Try refreshing the page? Either that or what you tried to delete never existed in the first place."; }
+	else if ( 1 == response ) {
+		theItem = document.getElementById(id);
+		Fat.fade_element(id,null,700,'#FF3333');
+		setTimeout('theItem.parentNode.removeChild(theItem)', 705);
+		var pos = getListPos(id);
+		listItems.splice(pos,1);
+		recolorList(pos);
+		ajaxDel.myResponseElement.parentNode.removeChild(ajaxDel.myResponseElement);
+		
+	}
+}
+
+function getListPos(id) {
+	for (var i = 0; i < listItems.length; i++) {
+		if (id == listItems[i]) {
+			var pos = i;
+			break;
+		}
+	}
+	return pos;
+}	
+
+function getListItems() {
+	if (list) return;
+	listItems = new Array();
+	var extra = false;
+	var list = document.getElementById('the-list');
+	if (!list) { var list = document.getElementById('the-list-x'); extra = true; }
+	if (list) {
+		var items = list.getElementsByTagName('tr');
+		if (!items[0]) { items = list.getElementsByTagName('li'); }
+		for (var i=0; i<items.length; i++) { listItems.push(items[i].id); }
+		if (extra) { listItems.splice(0,1); }
+	}
+}
+
+function recolorList(pos,dur,from) {
+	if (!pos) pos = 0;
+
+	if (!from) {
+		reg_from = alt_color;
+		alt_from = reg_color;
+	} else {
+		reg_from = from;
+		alt_from = from;
+	}
+	for (var i = pos; i < listItems.length; i++) {
+		if (i % 2 == 1) Fat.fade_element(listItems[i],null,dur,reg_from,reg_color);
+		else Fat.fade_element(listItems[i],null,dur,alt_from,alt_color);
+	}
+}

wp-admin/list-manipulation.php

@@ -0,0 +1,81 @@
+<?php
+require_once('../wp-config.php');
+require_once('admin-functions.php');
+require_once('admin-db.php');
+header("Content-type: text/plain", true);
+
+if ( !is_user_logged_in() )
+	die('-1');
+if ( !check_ajax_referer() )
+	die('-1');
+
+function grab_results() {
+	global $ajax_results;
+	$ajax_results = func_get_arg(0);
+}
+
+function get_out_now() { exit; }
+add_action('shutdown', 'get_out_now', -1);
+
+switch ( $_POST['action'] ) :
+case 'delete-link' :
+	$id = (int) $_POST['id'];
+	if ( !current_user_can('manage_links') )
+		die ('-1');
+
+	if ( wp_delete_link($id) ) 
+		die('1');
+	else	die('0');
+	break;
+case 'delete-post' :
+case 'delete-page' :
+	$id = (int) $_POST['id'];
+	if ( !current_user_can('edit_post', $id) )	{
+		die('-1');
+	}
+
+	if ( wp_delete_post($id) ) {
+		die('1');
+	} else	die('0');
+	break;
+case 'delete-cat' :
+	if ( !current_user_can('manage_categories') )
+		die ('-1');
+
+	$id = (int) $_POST['id'];
+	$cat_name = get_catname($cat_ID);
+
+	if ( wp_delete_category($id) )
+		die('1');
+	else	die('0');
+	break;
+case 'delete-comment' :
+	$id = (int) $_POST['id'];
+
+	if ( !$comment = get_comment($id) )
+		die('0');
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
+		die('-1');
+
+	if ( wp_delete_comment($comment->comment_ID) ) {
+		die('1');
+	} else {
+		die('0');
+	}
+	break;
+case 'delete-link-category' :
+	$id = (int) $_POST['id'];
+	if ( 1 == $id )
+		die('0');
+	if ( !current_user_can('manage_links') )
+		die('-1');
+
+	if ( $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$id'") ) {
+		$wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$id'");
+		die('1');
+	} else {
+		die('0');
+	}
+	break;
+endswitch;		
+?>

wp-admin/menu-header.php

@@ -8,10 +8,10 @@ get_admin_page_parent();
 foreach ($menu as $item) {
 	$class = '';
 
-	// 0 = name, 1 = user_level, 2 = file
+	// 0 = name, 1 = capability, 2 = file
 	if (( strcmp($self, $item[2]) == 0 && empty($parent_file)) || ($parent_file && ($item[2] == $parent_file))) $class = ' class="current"';
     
-	if ($user_level >= $item[1]) {
+	if ( current_user_can($item[1]) ) {
 		if ( file_exists(ABSPATH . "wp-content/plugins/{$item[2]}") )
 			echo "\n\t<li><a href='" . get_settings('siteurl') . "/wp-admin/admin.php?page={$item[2]}'$class>{$item[0]}</a></li>";			
 		else
@@ -20,20 +20,17 @@ foreach ($menu as $item) {
 }
 
 ?>
-	<li class="last"><a href="<?php echo get_settings('siteurl')
-	 ?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php printf(__('Logout (%s)'), $user_nickname) ?></a></li>
 </ul>
 
 <?php
 // Sub-menu
 if ( isset($submenu["$parent_file"]) ) :
 ?>
-<ul id="adminmenu2">
+<ul id="submenu">
 <?php 
 foreach ($submenu["$parent_file"] as $item) : 
-	 if ($user_level < $item[1]) {
+	 if ( !current_user_can($item[1]) )
 		 continue;
-	 }
 
 if ( isset($submenu_file) ) {
 	if ( $submenu_file == $item[2] ) $class = ' class="current"';
@@ -55,4 +52,10 @@ endforeach;
 ?>
 
 </ul>
-<?php endif; ?>
+<?php
+
+endif; 
+
+do_action('admin_notices');
+
+?>

wp-admin/menu.php

@@ -4,49 +4,50 @@
 // Menu item name
 // The minimum level the user needs to access the item: between 0 and 10
 // The URL of the item's file
-$menu[0] = array(__('Dashboard'), 0, 'index.php');
-$menu[5] = array(__('Write'), 1, 'post.php');
-$menu[10] = array(__('Manage'), 1, 'edit.php');
-$menu[20] = array(__('Links'), 5, 'link-manager.php');
-$menu[25] = array(__('Presentation'), 8, 'themes.php');
-$menu[30] = array(__('Plugins'), 8, 'plugins.php');
-$menu[35] = array(__('Users'), 0, 'profile.php');
-$menu[40] = array(__('Options'), 6, 'options-general.php');
+$menu[0] = array(__('Dashboard'), 'read', 'index.php');
+$menu[5] = array(__('Write'), 'edit_posts', 'post.php');
+$menu[10] = array(__('Manage'), 'edit_posts', 'edit.php');
+$menu[20] = array(__('Links'), 'manage_links', 'link-manager.php');
+$menu[25] = array(__('Presentation'), 'switch_themes', 'themes.php');
+$menu[30] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
+if ( current_user_can('edit_users') )
+	$menu[35] = array(__('Users'), 'read', 'profile.php');
+else
+	$menu[35] = array(__('Profile'), 'read', 'profile.php');
+$menu[40] = array(__('Options'), 'manage_options', 'options-general.php');
+$menu[45] = array(__('Import'), 'import', 'import.php');
 
-if ( get_option('use_fileupload') )
-	$menu[45] = array(__('Upload'), get_settings('fileupload_minlevel'), 'upload.php');
+$submenu['post.php'][5] = array(__('Write Post'), 'edit_posts', 'post.php');
+$submenu['post.php'][10] = array(__('Write Page'), 'edit_pages', 'page-new.php');
 
-$submenu['post.php'][5] = array(__('Write Post'), 1, 'post.php');
-$submenu['post.php'][10] = array(__('Write Page'), 5, 'page-new.php');
-
-$submenu['edit.php'][5] = array(__('Posts'), 1, 'edit.php');
-$submenu['edit.php'][10] = array(__('Pages'), 5, 'edit-pages.php');
-$submenu['edit.php'][15] = array(__('Categories'), 1, 'categories.php');
-$submenu['edit.php'][20] = array(__('Comments'), 1, 'edit-comments.php');
+$submenu['edit.php'][5] = array(__('Posts'), 'edit_posts', 'edit.php');
+$submenu['edit.php'][10] = array(__('Pages'), 'edit_pages', 'edit-pages.php');
+$submenu['edit.php'][15] = array(__('Categories'), 'manage_categories', 'categories.php');
+$submenu['edit.php'][20] = array(__('Comments'), 'edit_posts', 'edit-comments.php');
 $awaiting_mod = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'");
-$submenu['edit.php'][25] = array(sprintf(__("Awaiting Moderation (%s)"), $awaiting_mod), 1, 'moderation.php');
-$submenu['edit.php'][30] = array(__('Files'), 8, 'templates.php');
+$submenu['edit.php'][25] = array(sprintf(__("Awaiting Moderation (%s)"), $awaiting_mod), 'edit_posts', 'moderation.php');
+$submenu['edit.php'][30] = array(__('Files'), 'edit_files', 'templates.php');
 
-$submenu['link-manager.php'][5] = array(__('Manage Links'), 5, 'link-manager.php');
-$submenu['link-manager.php'][10] = array(__('Add Link'), 5, 'link-add.php');
-$submenu['link-manager.php'][15] = array(__('Link Categories'), 5, 'link-categories.php');
-$submenu['link-manager.php'][20] = array(__('Import Links'), 5, 'link-import.php');
+$submenu['link-manager.php'][5] = array(__('Manage Links'), 'manage_links', 'link-manager.php');
+$submenu['link-manager.php'][10] = array(__('Add Link'), 'manage_links', 'link-add.php');
+$submenu['link-manager.php'][15] = array(__('Link Categories'), 'manage_links', 'link-categories.php');
+$submenu['link-manager.php'][20] = array(__('Import Links'), 'manage_links', 'link-import.php');
 
-$submenu['profile.php'][5] = array(__('Your Profile'), 0, 'profile.php');
-$submenu['profile.php'][10] = array(__('Authors & Users'), 5, 'users.php');
+$submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
+$submenu['profile.php'][10] = array(__('Authors & Users'), 'edit_users', 'users.php');
 
-$submenu['options-general.php'][5] = array(__('General'), 6, 'options-general.php');
-$submenu['options-general.php'][10] = array(__('Writing'), 6, 'options-writing.php');
-$submenu['options-general.php'][15] = array(__('Reading'), 6, 'options-reading.php');
-$submenu['options-general.php'][20] = array(__('Discussion'), 6, 'options-discussion.php');
-$submenu['options-general.php'][25] = array(__('Permalinks'), 6, 'options-permalink.php');
-$submenu['options-general.php'][30] = array(__('Miscellaneous'), 6, 'options-misc.php');
+$submenu['options-general.php'][10] = array(__('General'), 'manage_options', 'options-general.php');
+$submenu['options-general.php'][15] = array(__('Writing'), 'manage_options', 'options-writing.php');
+$submenu['options-general.php'][20] = array(__('Reading'), 'manage_options', 'options-reading.php');
+$submenu['options-general.php'][25] = array(__('Discussion'), 'manage_options', 'options-discussion.php');
+$submenu['options-general.php'][30] = array(__('Permalinks'), 'manage_options', 'options-permalink.php');
+$submenu['options-general.php'][35] = array(__('Miscellaneous'), 'manage_options', 'options-misc.php');
 
-$submenu['plugins.php'][5] = array(__('Plugins'), 8, 'plugins.php');
-$submenu['plugins.php'][10] = array(__('Plugin Editor'), 8, 'plugin-editor.php');
+$submenu['plugins.php'][5] = array(__('Plugins'), 'activate_plugins', 'plugins.php');
+$submenu['plugins.php'][10] = array(__('Plugin Editor'), 'edit_plugins', 'plugin-editor.php');
 
-$submenu['themes.php'][5] = array(__('Themes'), 8, 'themes.php');
-$submenu['themes.php'][10] = array(__('Theme Editor'), 8, 'theme-editor.php');
+$submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
+$submenu['themes.php'][10] = array(__('Theme Editor'), 'edit_themes', 'theme-editor.php');
 
 // Create list of page plugin hook names.
 foreach ($menu as $menu_page) {
@@ -54,7 +55,7 @@ foreach ($menu as $menu_page) {
 }
 
 do_action('admin_menu', '');
-ksort($menu); // make it all pretty
+uksort($menu, "strnatcasecmp"); // make it all pretty
 
 if (! user_can_access_admin_page()) {
 	die( __('You do not have sufficient permissions to access this page.') );

wp-admin/moderation.php

@@ -3,6 +3,7 @@ require_once('admin.php');
 
 $title = __('Moderate comments');
 $parent_file = 'edit.php';
+$list_js = true;
 
 $wpvarstoreset = array('action', 'item_ignored', 'item_deleted', 'item_approved', 'item_spam', 'feelinglucky');
 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@@ -31,9 +32,10 @@ switch($action) {
 
 case 'update':
 
-	if ($user_level < 3) {
-		die(__('<p>Your level is not high enough to moderate comments.</p>'));
-	}
+	check_admin_referer('moderate-comments');
+
+	if ( ! current_user_can('moderate_comments') )
+	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
 
 	$item_ignored = 0;
 	$item_deleted = 0;
@@ -68,7 +70,7 @@ case 'update':
 	}
 
 	$file = basename(__FILE__);
-	header("Location: $file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
+	wp_redirect("$file?ignored=$item_ignored&deleted=$item_deleted&approved=$item_approved&spam=$item_spam");
 	exit();
 
 break;
@@ -78,37 +80,37 @@ default:
 require_once('admin-header.php');
 
 if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored']) ) {
-	echo "<div class='updated'>\n<p>";
+	echo "<div id='moderated' class='updated fade'>\n<p>";
 	$approved = (int) $_GET['approved'];
 	$deleted  = (int) $_GET['deleted'];
 	$ignored  = (int) $_GET['ignored'];
 	$spam     = (int) $_GET['spam'];
 	if ($approved) {
 		if ('1' == $approved) {
-		 echo __("1 comment approved <br />") . "\n";
+			echo __("1 comment approved") . " <br/>\n";
 		} else {
 		 echo sprintf(__("%s comments approved <br />"), $approved) . "\n";
 		}
 	}
 	if ($deleted) {
 		if ('1' == $deleted) {
-		echo __("1 comment deleted <br />") . "\n";
+			echo __("1 comment deleted") . " <br/>\n";
 		} else {
-		echo sprintf(__("%s comments deleted <br />"), $deleted) . "\n";
+			echo sprintf(__("%s comments deleted"), $deleted) . " <br/>\n";
 		}
 	}
  	if ($spam) {
  		if ('1' == $spam) {
- 		echo __("1 comment marked as spam <br />") . "\n";
+			echo __("1 comment marked as spam") . " <br/>\n";
  		} else {
- 		echo sprintf(__("%s comments marked as spam <br />"), $spam) . "\n";
+ 			echo sprintf(__("%s comments marked as spam"), $spam) . " <br/>\n";
  		}
  	}
 	if ($ignored) {
 		if ('1' == $ignored) {
-		echo __("1 comment unchanged <br />") . "\n";
+			echo __("1 comment unchanged") . " <br/>\n";
 		} else {
-		echo sprintf(__("%s comments unchanged <br />"), $ignored) . "\n";
+			echo sprintf(__("%s comments unchanged"), $ignored) . " <br/>\n";
 		}
 	}
 	echo "</p></div>\n";
@@ -119,7 +121,7 @@ if ( isset($_GET['deleted']) || isset($_GET['approved']) || isset($_GET['ignored
 <div class="wrap">
 
 <?php
-if ($user_level > 3)
+if ( current_user_can('moderate_comments') )
 	$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0'");
 else
 	$comments = '';
@@ -130,8 +132,9 @@ if ($comments) {
 ?>
     <h2><?php _e('Moderation Queue') ?></h2>
     <form name="approval" action="moderation.php" method="post">
+    <?php wp_nonce_field('moderate-comments') ?>
     <input type="hidden" name="action" value="update" />
-    <ol id="comments" class="commentlist">
+    <ol id="the-list" class="commentlist">
 <?php
 $i = 0;
     foreach($comments as $comment) {
@@ -142,17 +145,17 @@ $i = 0;
 	else $class = '';
 	echo "\n\t<li id='comment-$comment->comment_ID' $class>"; 
 	?>
-			<p><strong><?php _e('Name:') ?></strong> <?php comment_author_link() ?> <?php if ($comment->comment_author_email) { ?>| <strong><?php _e('E-mail:') ?></strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_email) { ?> | <strong><?php _e('URI:') ?></strong> <?php comment_author_url_link() ?> <?php } ?>| <strong><?php _e('IP:') ?></strong> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
+	<p><strong><?php _e('Name:') ?></strong> <?php comment_author_link() ?> <?php if ($comment->comment_author_email) { ?>| <strong><?php _e('E-mail:') ?></strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <strong><?php _e('URI:') ?></strong> <?php comment_author_url_link() ?> <?php } ?>| <strong><?php _e('IP:') ?></strong> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a> | <strong><?php _e('Date:') ?></strong> <?php comment_date(); ?></p>
 <?php comment_text() ?>
 <p><?php
 echo '<a href="post.php?action=editcomment&amp;comment='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';?>
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
-echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment[<?php echo $comment->comment_ID; ?>]-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment-<?php echo $comment->comment_ID; ?>-nothing"><?php _e('Defer until later') ?></label>
 	</p>
 
 	</li>
@@ -161,6 +164,8 @@ echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID
 ?>
     </ol>
 
+<div id="ajax-response"></div>
+
     <p class="submit"><input type="submit" name="submit" value="<?php _e('Moderate Comments &raquo;') ?>" /></p>
 <script type="text/javascript">
 // <![CDATA[
@@ -205,7 +210,7 @@ document.write('<ul><li><a href="javascript:markAllForApprove()"><?php _e('Mark
 <?php
 } else {
     // nothing to approve
-    echo __("<p>Currently there are no comments for you to moderate.</p>") . "\n";
+	echo '<p>'.__("Currently there are no comments for you to moderate.") . "</p>\n";
 }
 ?>
 
@@ -217,4 +222,4 @@ break;
 }
 
 
-include('admin-footer.php') ?>
+include('admin-footer.php') ?>

wp-admin/options-discussion.php

@@ -19,82 +19,83 @@ if ($action == 'retrospam') {
 ?>
 
 <div class="wrap"> 
-	<h2><?php _e('Discussion Options') ?></h2> 
-	<form name="form1" method="post" action="options.php"> 
-		<input type="hidden" name="action" value="update" /> 
-		<input type="hidden" name="page_options" value="'default_pingback_flag','default_ping_status','default_comment_status','comments_notify','moderation_notify','comment_moderation','require_name_email','comment_whitelist','comment_max_links','moderation_keys','blacklist_keys','open_proxy_check'" /> 
+<h2><?php _e('Discussion Options') ?></h2> 
+<form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
 <fieldset class="options">
-        <legend><?php _e('Usual settings for an article: <em>(These settings may be overridden for individual articles.)</em>') ?></legend> 
-		<ul> 
-			<li> 
-				<label for="default_pingback_flag"> 
-				<input name="default_pingback_flag" type="checkbox" id="default_pingback_flag" value="1" <?php checked('1', get_settings('default_pingback_flag')); ?> /> 
-            <?php _e('Attempt to notify any Weblogs linked to from the article (slows down posting.)') ?></label> 
-			</li> 
-			<li> 
-				<label for="default_ping_status"> 
-				<input name="default_ping_status" type="checkbox" id="default_ping_status" value="open" <?php checked('open', get_settings('default_ping_status')); ?> /> 
-            <?php _e('Allow link notifications from other Weblogs (pingbacks and trackbacks.)') ?></label> 
-			</li> 
-			<li> 
-				<label for="default_comment_status"> 
-				<input name="default_comment_status" type="checkbox" id="default_comment_status" value="open" <?php checked('open', get_settings('default_comment_status')); ?> /> 
-            <?php _e('Allow people to post comments on the article') ?></label> 
-			</li> 
-		</ul> 
+<legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> 
+<ul> 
+<li> 
+<label for="default_pingback_flag"> 
+<input name="default_pingback_flag" type="checkbox" id="default_pingback_flag" value="1" <?php checked('1', get_settings('default_pingback_flag')); ?> /> 
+<?php _e('Attempt to notify any Weblogs linked to from the article (slows down posting.)') ?></label> 
+</li> 
+<li> 
+<label for="default_ping_status"> 
+<input name="default_ping_status" type="checkbox" id="default_ping_status" value="open" <?php checked('open', get_settings('default_ping_status')); ?> /> 
+<?php _e('Allow link notifications from other Weblogs (pingbacks and trackbacks.)') ?></label> 
+</li> 
+<li> 
+<label for="default_comment_status"> 
+<input name="default_comment_status" type="checkbox" id="default_comment_status" value="open" <?php checked('open', get_settings('default_comment_status')); ?> /> 
+<?php _e('Allow people to post comments on the article') ?></label> 
+</li> 
+</ul> 
 </fieldset>
 <fieldset class="options">
-        <legend><?php _e('E-mail me whenever:') ?></legend> 
-		<ul> 
-			<li> 
-				<label for="comments_notify"> 
-				<input name="comments_notify" type="checkbox" id="comments_notify" value="1" <?php checked('1', get_settings('comments_notify')); ?> /> 
-                <?php _e('Anyone posts a comment') ?> </label> 
-			</li> 
-			<li> 
-				<label for="moderation_notify"> 
-				<input name="moderation_notify" type="checkbox" id="moderation_notify" value="1" <?php checked('1', get_settings('moderation_notify')); ?> /> 
-				<?php _e('A comment is held for moderation') ?> </label> 
-			</li> 
-		</ul> 
+<legend><?php _e('E-mail me whenever:') ?></legend> 
+<ul> 
+<li> 
+<label for="comments_notify"> 
+<input name="comments_notify" type="checkbox" id="comments_notify" value="1" <?php checked('1', get_settings('comments_notify')); ?> /> 
+<?php _e('Anyone posts a comment') ?> </label> 
+</li> 
+<li> 
+<label for="moderation_notify"> 
+<input name="moderation_notify" type="checkbox" id="moderation_notify" value="1" <?php checked('1', get_settings('moderation_notify')); ?> /> 
+<?php _e('A comment is held for moderation') ?> </label> 
+</li> 
+</ul> 
 </fieldset>
 <fieldset class="options">
-        <legend><?php _e('Before a comment appears:') ?></legend> 
-		<ul>
-			<li>
-				<label for="comment_moderation"> 
-				<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked('1', get_settings('comment_moderation')); ?> /> 
-				<?php _e('An administrator must approve the comment (regardless of any matches below)') ?> </label> 
-			</li> 
-			<li><label for="require_name_email"><input type="checkbox" name="require_name_email" id="require_name_email" value="1" <?php checked('1', get_settings('require_name_email')); ?> /> <?php _e('Comment author must fill out name and e-mail') ?></label></li> 
-			<li><label for="comment_whitelist"><input type="checkbox" name="comment_whitelist" id="comment_whitelist" value="1" <?php checked('1', get_settings('comment_whitelist')); ?> /> <?php _e('Comment author must have a previously approved comment') ?></label></li> 
-		</ul> 
+<legend><?php _e('Before a comment appears:') ?></legend> 
+<ul>
+<li>
+<label for="comment_moderation"> 
+<input name="comment_moderation" type="checkbox" id="comment_moderation" value="1" <?php checked('1', get_settings('comment_moderation')); ?> /> 
+<?php _e('An administrator must approve the comment (regardless of any matches below)') ?> </label> 
+</li> 
+<li><label for="require_name_email"><input type="checkbox" name="require_name_email" id="require_name_email" value="1" <?php checked('1', get_settings('require_name_email')); ?> /> <?php _e('Comment author must fill out name and e-mail') ?></label></li> 
+<li><label for="comment_whitelist"><input type="checkbox" name="comment_whitelist" id="comment_whitelist" value="1" <?php checked('1', get_settings('comment_whitelist')); ?> /> <?php _e('Comment author must have a previously approved comment') ?></label></li> 
+</ul> 
 </fieldset>
 <fieldset class="options">
-    <legend><?php _e('Comment Moderation') ?></legend>
-    <p><?php printf(__('Hold a comment in the queue if it contains more than %s links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
+<legend><?php _e('Comment Moderation') ?></legend>
+<p><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
 
-    <p><?php _e('When a comment contains any of these words in its content, name, URI, e-mail, or IP, hold it in the moderation queue: (Separate multiple words with new lines.) <a href="http://codex.wordpress.org/Spam_Words">Common spam words</a>.') ?></p>
-		<p> 
-			<textarea name="moderation_keys" cols="60" rows="4" id="moderation_keys" style="width: 98%; font-size: 12px;" class="code"><?php form_option('moderation_keys'); ?></textarea> 
-		</p> 
-		<p>
-			<a id="retrospambutton" href="options-discussion.php?action=retrospam"><?php _e('Check past comments against moderation list'); ?></a>
- 		</p> 
+<p><?php _e('When a comment contains any of these words in its content, name, URI, e-mail, or IP, hold it in the moderation queue: (Separate multiple words with new lines.) <a href="http://codex.wordpress.org/Spam_Words">Common spam words</a>.') ?></p>
+<p> 
+<textarea name="moderation_keys" cols="60" rows="4" id="moderation_keys" style="width: 98%; font-size: 12px;" class="code"><?php form_option('moderation_keys'); ?></textarea> 
+</p> 
+<p>
+<a id="retrospambutton" href="options-discussion.php?action=retrospam"><?php _e('Check past comments against moderation list'); ?></a>
+</p> 
 </fieldset>
 <fieldset class="options">
-    <legend><?php _e('Comment Blacklist') ?></legend>
-    <p><?php _e('This is a list of words that you want completely blacklisted from your blog. Be very careful what you add here, because if a comment matches something here it will be completely nuked and there will be no notification. Remember that partial words can match, so if there is any chance something here might match it would be better to put it in the moderation box above.') ?></p>
-		<p> 
-			<textarea name="blacklist_keys" cols="60" rows="4" id="blacklist_keys" style="width: 98%; font-size: 12px;" class="code"><?php form_option('blacklist_keys'); ?></textarea> 
-		</p>
-		<p><label for="open_proxy_check"> 
-				<input name="open_proxy_check" type="checkbox" id="open_proxy_check" value="1" <?php checked('1', get_settings('open_proxy_check')); ?> /> 
-            <?php _e('Blacklist comments from open and insecure proxies.') ?></label></p>
+<legend><?php _e('Comment Blacklist') ?></legend>
+<p><?php _e('This is a list of words that you want completely blacklisted from your blog. Be very careful what you add here, because if a comment matches something here it will be completely nuked and there will be no notification. Remember that partial words can match, so if there is any chance something here might match it would be better to put it in the moderation box above.') ?></p>
+<p> 
+<textarea name="blacklist_keys" cols="60" rows="4" id="blacklist_keys" style="width: 98%; font-size: 12px;" class="code"><?php form_option('blacklist_keys'); ?></textarea> 
+</p>
+<p><label for="open_proxy_check"> 
+<input name="open_proxy_check" type="checkbox" id="open_proxy_check" value="1" <?php checked('1', get_settings('open_proxy_check')); ?> /> 
+<?php _e('Blacklist comments from open and insecure proxies.') ?></label></p>
 </fieldset>
-		<p class="submit"> 
-    	<input type="submit" name="Submit" value="<?php _e('Update Options') ?>" /> 
-		</p> 
-	</form> 
+<p class="submit">
+<input type="hidden" name="action" value="update" /> 
+<input type="hidden" name="page_options" value="default_pingback_flag,default_ping_status,default_comment_status,comments_notify,moderation_notify,comment_moderation,require_name_email,comment_whitelist,comment_max_links,moderation_keys,blacklist_keys,open_proxy_check" /> 
+<input type="submit" name="Submit" value="<?php _e('Update Options') ?>" /> 
+</p> 
+</form> 
 </div>
-<?php include('./admin-footer.php'); ?>
+<?php include('./admin-footer.php'); ?>

wp-admin/options-general.php

@@ -1,99 +1,111 @@
 <?php
-require_once('admin.php');
+require_once('./admin.php');
 
 $title = __('General Options');
 $parent_file = 'options-general.php';
 
-include('admin-header.php');
+include('./admin-header.php');
 ?>
  
-<div class="wrap"> 
-  <h2><?php _e('General Options') ?></h2> 
-  <form name="form1" method="post" action="options.php"> 
-    <input type="hidden" name="action" value="update" /> 
-	<input type="hidden" name="action" value="update" /> <input type="hidden" name="page_options" value="'blogname','blogdescription','siteurl','admin_email','users_can_register','gmt_offset','date_format','time_format','home','start_of_week','comment_registration'" /> 
-    <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-      <tr valign="top"> 
-        <th width="33%" scope="row"><?php _e('Weblog title:') ?></th> 
-        <td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" size="40" /></td> 
-      </tr> 
-      <tr valign="top"> 
-        <th scope="row"><?php _e('Tagline:') ?></th> 
-        <td><input name="blogdescription" type="text" id="blogdescription" style="width: 95%" value="<?php form_option('blogdescription'); ?>" size="45" />
-        <br />
+<div class="wrap">
+<h2><?php _e('General Options') ?></h2>
+<form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
+<table class="optiontable"> 
+<tr valign="top"> 
+<th scope="row"><?php _e('Weblog title:') ?></th> 
+<td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" size="40" /></td> 
+</tr> 
+<tr valign="top"> 
+<th scope="row"><?php _e('Tagline:') ?></th> 
+<td><input name="blogdescription" type="text" id="blogdescription" style="width: 95%" value="<?php form_option('blogdescription'); ?>" size="45" />
+<br />
 <?php _e('In a few words, explain what this weblog is about.') ?></td> 
-      </tr> 
-      <tr valign="top"> 
-        <th scope="row"><?php _e('WordPress address (URI):') ?></th> 
-        <td><input name="siteurl" type="text" id="siteurl" value="<?php form_option('siteurl'); ?>" size="40" class="code" /></td> 
-      </tr> 
-      <tr valign="top">
-      	<th scope="row"><?php _e('Blog address (URI):') ?></th>
-      	<td><input name="home" type="text" id="home" value="<?php form_option('home'); ?>" size="40" class="code" /><br /><?php _e('If you want your blog homepage to be different than the directory you installed WordPress in, enter that address here. '); ?></td>
-      	</tr>
-      <tr valign="top"> 
-        <th scope="row"><?php _e('E-mail address:') ?> </th> 
-        <td><input name="admin_email" type="text" id="admin_email" value="<?php form_option('admin_email'); ?>" size="40" class="code" />
-        <br />
+</tr> 
+<tr valign="top"> 
+<th scope="row"><?php _e('WordPress address (URI):') ?></th> 
+<td><input name="siteurl" type="text" id="siteurl" value="<?php form_option('siteurl'); ?>" size="40" class="code" /></td> 
+</tr> 
+<tr valign="top">
+<th scope="row"><?php _e('Blog address (URI):') ?></th>
+<td><input name="home" type="text" id="home" value="<?php form_option('home'); ?>" size="40" class="code" /><br /><?php _e('If you want your blog homepage <a href="http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">to be different than the directory</a> you installed WordPress in, enter that address here.'); ?></td>
+</tr>
+<tr valign="top"> 
+<th scope="row"><?php _e('E-mail address:') ?> </th> 
+<td><input name="admin_email" type="text" id="admin_email" value="<?php form_option('admin_email'); ?>" size="40" class="code" />
+<br />
 <?php _e('This address is used only for admin purposes.') ?></td> 
-      </tr>
-      <tr valign="top"> 
-        <th scope="row"><?php _e('Membership:') ?></th> 
-        <td> <label for="users_can_register"> 
-          <input name="users_can_register" type="checkbox" id="users_can_register" value="1" <?php checked('1', get_settings('users_can_register')); ?> /> 
-          <?php _e('Anyone can register') ?></label><br />
-		  <label for="comment_registration">
-			<input name="comment_registration" type="checkbox" id="comment_registration" value="1" <?php checked('1', get_settings('comment_registration')); ?> /> 
-				<?php _e('Users must be registered and logged in to comment') ?>
-			</label>
+</tr>
+<tr valign="top"> 
+<th scope="row"><?php _e('Membership:') ?></th> 
+<td> <label for="users_can_register"> 
+<input name="users_can_register" type="checkbox" id="users_can_register" value="1" <?php checked('1', get_settings('users_can_register')); ?> /> 
+<?php _e('Anyone can register') ?></label><br />
+<label for="comment_registration">
+<input name="comment_registration" type="checkbox" id="comment_registration" value="1" <?php checked('1', get_settings('comment_registration')); ?> /> 
+<?php _e('Users must be registered and logged in to comment') ?>
+</label>
 </td> 
-      </tr> 
-    </table> 
-    <fieldset class="options"> 
-    <legend><?php _e('Date and Time') ?></legend> 
-	    <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-      <tr> 
-          <th scope="row" width="33%"><?php _e('<abbr title="Coordinated Universal Time">UTC</abbr> time is:') ?> </th> 
-        <td><code><?php echo gmdate('Y-m-d g:i:s a'); ?></code></td> 
-      </tr>
-      <tr>
-        <th scope="row"><?php _e('Times in the weblog should differ by:') ?> </th>
-        <td><input name="gmt_offset" type="text" id="gmt_offset" size="2" value="<?php form_option('gmt_offset'); ?>" /> 
-        <?php _e('hours') ?> </td>
-      </tr>
-      <tr>
-      	<th scope="row">&nbsp;</th>
-      	<td><?php _e('The following use the same syntax as the <a href="http://php.net/date">PHP <code>date()</code> function</a>. Save option to update sample output.') ?> </td>
-      	</tr>
-      <tr>
-      	<th scope="row"><?php _e('Default date format:') ?></th>
-      	<td><input name="date_format" type="text" id="date_format" size="30" value="<?php form_option('date_format'); ?>" /><br />
+</tr> 
+<tr valign="top"> 
+<th scope="row"><?php _e('New User Default Role:') ?></th> 
+<td><label for="default_role"> 
+<select name="default_role" id="default_role"><?php 
+foreach($wp_roles->role_names as $role => $name) {
+	$selected = (get_settings('default_role') == $role) ? 'selected="selected"' : '';
+	echo "<option {$selected} value=\"{$role}\">{$name}</option>";
+}
+?></select></label>
+</td> 
+</tr> 
+</table> 
+<fieldset class="options"> 
+<legend><?php _e('Date and Time') ?></legend> 
+<table class="optiontable"> 
+<tr> 
+<th scope="row"><?php _e('<abbr title="Coordinated Universal Time">UTC</abbr> time is:') ?> </th> 
+<td><code><?php echo gmdate('Y-m-d g:i:s a'); ?></code></td> 
+</tr>
+<tr>
+<th scope="row"><?php _e('Times in the weblog should differ by:') ?> </th>
+<td><input name="gmt_offset" type="text" id="gmt_offset" size="2" value="<?php form_option('gmt_offset'); ?>" /> 
+<?php _e('hours') ?> </td>
+</tr>
+<tr>
+<th scope="row"><?php _e('Default date format:') ?></th>
+<td><input name="date_format" type="text" id="date_format" size="30" value="<?php form_option('date_format'); ?>" /><br />
 <?php _e('Output:') ?> <strong><?php echo mysql2date(get_settings('date_format'), current_time('mysql')); ?></strong></td>
-      	</tr>
-      <tr>
-        <th scope="row"><?php _e('Default time format:') ?></th>
-      	<td><input name="time_format" type="text" id="time_format" size="30" value="<?php form_option('time_format'); ?>" /><br />
+</tr>
+<tr>
+<th scope="row"><?php _e('Default time format:') ?></th>
+<td><input name="time_format" type="text" id="time_format" size="30" value="<?php form_option('time_format'); ?>" /><br />
 <?php _e('Output:') ?> <strong><?php echo gmdate(get_settings('time_format'), current_time('timestamp')); ?></strong></td>
-      	</tr> 
-      <tr>
-        <th scope="row"><?php _e('Weeks in the calendar should start on:') ?></th>
-        <td><select name="start_of_week" id="start_of_week">
-	<?php
+</tr> 
+<tr>
+<th scope="row">&nbsp;</th>
+<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Update options" to update sample output.') ?> </td>
+</tr>
+<tr>
+<th scope="row"><?php _e('Weeks in the calendar should start on:') ?></th>
+<td><select name="start_of_week" id="start_of_week">
+<?php
 for ($day_index = 0; $day_index <= 6; $day_index++) :
-	if ($day_index == get_settings('start_of_week')) $selected = " selected='selected'";
-	else $selected = '';
+if ($day_index == get_settings('start_of_week')) $selected = " selected='selected'";
+else $selected = '';
 echo "\n\t<option value='$day_index' $selected>$weekday[$day_index]</option>";
 endfor;
 ?>
 </select></td>
-       		</tr>
-
+</tr>
 </table>
+</fieldset> 
+
+<p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" />
+<input type="hidden" name="action" value="update" /> 
+<input type="hidden" name="page_options" value="blogname,blogdescription,siteurl,admin_email,users_can_register,gmt_offset,date_format,time_format,home,start_of_week,comment_registration,default_role" /> 
+</p>
+</form>
 
-    </fieldset> 
-    <p class="submit">
-      <input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" />
-    </p>
-  </form> 
 </div> 
-<?php include("admin-footer.php") ?>
+
+<?php include('./admin-footer.php') ?>

wp-admin/options-head.php

@@ -20,5 +20,5 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 <br clear="all" />
 
 <?php if (isset($_GET['updated'])) : ?>
-<div class="updated"><p><strong><?php _e('Options saved.') ?></strong></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
 <?php endif; ?>

wp-admin/options-misc.php

@@ -10,62 +10,41 @@ include('admin-header.php');
  
 <div class="wrap"> 
 <h2><?php _e('Miscellaneous Options') ?></h2> 
-<form name="miscoptions" method="post" action="options.php"> 
-	<input type="hidden" name="action" value="update" />
-	<input type="hidden" name="page_options" value="'hack_file','use_fileupload','fileupload_realpath','fileupload_url','fileupload_allowedtypes','fileupload_maxk','fileupload_maxk','fileupload_minlevel','use_geo_positions','use_linksupdate'" /> 
-	<fieldset class="options">
-	<legend>
-	<input name="use_fileupload" type="checkbox" id="use_fileupload" value="1" <?php checked('1', get_settings('use_fileupload')); ?> />
-	<label for="use_fileupload"><?php _e('Allow File Uploads') ?></label></legend>
-	<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-	<tr> 
-	<th width="33%" valign="top" scope="row"><?php _e('Destination directory:') ?> </th> 
-	<td>
-	<input name="fileupload_realpath" type="text" id="fileupload_realpath" value="<?php form_option('fileupload_realpath'); ?>" size="50" /><br />
-	<?php printf(__('Recommended: <code>%s</code>'), ABSPATH . 'wp-content') ?>
-	
-	</td> 
-	</tr> 
-	<tr>
-	<th valign="top" scope="row"><?php _e('URI of this directory:') ?> </th>
-	<td>          
-	<input name="fileupload_url" type="text" id="fileupload_url" value="<?php form_option('fileupload_url'); ?>" size="50" /><br />
-	<?php printf(__('Recommended: <code>%s</code>'), get_settings('siteurl') . '/wp-content') ?>
-	</td>
-	</tr>
-	<tr>
-	<th scope="row"><?php _e('Maximum size:') ?> </th>
-	<td><input name="fileupload_maxk" type="text" id="fileupload_maxk" value="<?php form_option('fileupload_maxk'); ?>" size="4" /> 
-	<?php _e('Kilobytes (KB)') ?></td>
-	</tr>
-	<tr>
-	<th valign="top" scope="row"><?php _e('Allowed file extensions:') ?></th>
-	<td><input name="fileupload_allowedtypes" type="text" id="fileupload_allowedtypes" value="<?php form_option('fileupload_allowedtypes'); ?>" size="40" />
-	<br />
-	<?php _e('Recommended: <code>jpg jpeg png gif</code>') ?></td>
-	</tr>
-	<tr>
-	<th scope="row"><?php _e('Minimum level to upload:') ?></th>
-	<td><select name="fileupload_minlevel" id="fileupload_minlevel">
-	<?php
-	for ($i = 1; $i < 11; $i++) {
-	if ($i == get_settings('fileupload_minlevel')) $selected = " selected='selected'";
-	else $selected = '';
-	echo "\n\t<option value='$i' $selected>$i</option>";
-	}
-	?>
-	</select></td>
-	</tr>
-	</table> 
-	</fieldset>
-	<p><input name="use_linksupdate" type="checkbox" id="use_linksupdate" value="1" <?php checked('1', get_settings('use_linksupdate')); ?> />
-	<label for="use_linksupdate"><?php _e('Track Links&#8217; Update Times') ?></label></p>
-	<p>
-	<label><input type="checkbox" name="hack_file" value="1" <?php checked('1', get_settings('hack_file')); ?> /> <?php _e('Use legacy <code>my-hacks.php</code> file support') ?></label>
-	</p>
-	<p class="submit">
-		<input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" />
-	</p>
+<form method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
+<fieldset class="options">
+<legend><?php _e('Uploading'); ?></legend>
+<table class="editform optiontable">
+<tr valign="top">
+<th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" />
+<br />
+<?php _e('Default is <code>wp-content/uploads</code>'); ?>
+</td>
+</tr>
+<tr>
+<td></td>
+<td>
+<label for="uploads_use_yearmonth_folders">
+<input name="uploads_use_yearmonth_folders" type="checkbox" id="uploads_use_yearmonth_folders" value="1" <?php checked('1', get_settings('uploads_use_yearmonth_folders')); ?> />
+<?php _e('Organize my uploads into month- and year-based folders'); ?>
+</label>
+</td>
+</tr>
+</table>
+</fieldset>
+
+<p><input name="use_linksupdate" type="checkbox" id="use_linksupdate" value="1" <?php checked('1', get_settings('use_linksupdate')); ?> />
+<label for="use_linksupdate"><?php _e('Track Links&#8217; Update Times') ?></label></p>
+<p>
+<label><input type="checkbox" name="hack_file" value="1" <?php checked('1', get_settings('hack_file')); ?> /> <?php _e('Use legacy <code>my-hacks.php</code> file support') ?></label>
+</p>
+
+<p class="submit">
+<input type="hidden" name="action" value="update" />
+<input type="hidden" name="page_options" value="hack_file,use_linksupdate,uploads_use_yearmonth_folders,upload_path" /> 
+<input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" />
+</p>
 </form> 
 </div>
 

wp-admin/options-permalink.php

@@ -4,11 +4,62 @@ require_once('admin.php');
 $title = __('Permalink Options');
 $parent_file = 'options-general.php';
 
+function add_js() {
+?>
+<script type="text/javascript">
+//<![CDATA[
+function GetElementsWithClassName(elementName, className) {
+var allElements = document.getElementsByTagName(elementName);
+var elemColl = new Array();
+for (i = 0; i < allElements.length; i++) {
+if (allElements[i].className == className) {
+elemColl[elemColl.length] = allElements[i];
+}
+}
+return elemColl;
+}
+
+function upit() {
+var inputColl = GetElementsWithClassName('input', 'tog');
+var structure = document.getElementById('permalink_structure');
+var inputs = '';
+for (i = 0; i < inputColl.length; i++) {
+if ( inputColl[i].checked && inputColl[i].value != '') {
+inputs += inputColl[i].value + ' ';
+}
+}
+inputs = inputs.substr(0,inputs.length - 1);
+if ( 'custom' != inputs )
+structure.value = inputs;
+}
+
+function blurry() {
+if (!document.getElementById) return;
+
+var structure = document.getElementById('permalink_structure');
+structure.onfocus = function () { document.getElementById('custom_selection').checked = 'checked'; }
+
+var aInputs = document.getElementsByTagName('input');
+
+for (var i = 0; i < aInputs.length; i++) {		
+aInputs[i].onclick = aInputs[i].onkeyup = upit;
+}
+}
+
+window.onload = blurry;
+//]]>
+</script>
+<?php
+}
+add_filter('admin_head', 'add_js');
+
 include('admin-header.php');
 
 $home_path = get_home_path();
 
-if ( isset($_POST) ) {
+if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
+	check_admin_referer('update-permalink');
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )
@@ -27,8 +78,6 @@ if ( isset($_POST) ) {
 $permalink_structure = get_settings('permalink_structure');
 $category_base = get_settings('category_base');
 
-generate_page_rewrite_rules();
-
 if ( (!file_exists($home_path.'.htaccess') && is_writable($home_path)) || is_writable($home_path.'.htaccess') )
 	$writable = true;
 else
@@ -39,11 +88,11 @@ if ($wp_rewrite->using_index_permalinks())
 else
 	$usingpi = false;
 
-save_mod_rewrite_rules();
+$wp_rewrite->flush_rules();
 ?>
 
 <?php if (isset($_POST['submit'])) : ?>
-<div class="updated"><p><?php
+<div id="message" class="updated fade"><p><?php
 if ($writable)
 	_e('Permalink structure updated.');
 else
@@ -52,60 +101,74 @@ else
 <?php endif; ?>
 
 <div class="wrap"> 
-  <h2><?php _e('Edit Permalink Structure') ?></h2> 
-  <p><?php _e('By default WordPress uses web URIs which have question marks and lots of numbers in them, however WordPress offers you the ability to create a custom URI structure for your permalinks and archives. This can improve the aesthetics, usability, and longevity of your links. A <a href="http://codex.wordpress.org/Using_Permalinks">number of tags are available</a>, and here are some examples to get you started.'); ?></p>
+  <h2><?php _e('Customize Permalink Structure') ?></h2> 
+  <p><?php _e('By default WordPress uses web URIs which have question marks and lots of numbers in them, however WordPress offers you the ability to create a custom URI structure for your permalinks and archives. This can improve the aesthetics, usability, and forward-compatibility of your links. A <a href="http://codex.wordpress.org/Using_Permalinks">number of tags are available</a>, and here are some examples to get you started.'); ?></p>
 
+<?php
+$prefix = '';
+
+if ( ! got_mod_rewrite() )
+	$prefix = '/index.php';
+
+$structures = array(
+	'',
+	$prefix . '/%year%/%monthnum%/%day%/%postname%/',
+	$prefix . '/archives/%post_id%'
+	);
+?>
+<form name="form" action="options-permalink.php" method="post"> 
+<?php wp_nonce_field('update-permalink') ?>
+<h3><?php _e('Common options:'); ?></h3>
+<p>
+	<label>
+<input name="selection" type="radio" value="" class="tog" <?php checked('', $permalink_structure); ?> /> 
+<?php _e('Default'); ?><br /> <span> &raquo; <code><?php echo get_settings('home'); ?>/?p=123</code></span>
+   </label>
+</p>
+<p>
+	<label>
+<input name="selection" type="radio" value="<?php echo $structures[1]; ?>" class="tog" <?php checked($structures[1], $permalink_structure); ?> /> 
+<?php _e('Date and name based'); ?><br /> <span> &raquo; <code><?php echo get_settings('home') . $prefix . '/' . date('Y') . '/' . date('m') . '/' . date('d') . '/sample-post/'; ?></code></span>
+   </label>
+</p>
+<p>
+	<label>
+<input name="selection" type="radio" value="<?php echo $structures[2]; ?>" class="tog" <?php checked($structures[2], $permalink_structure); ?> /> 
+<?php _e('Numeric'); ?><br /> <span> &raquo; <code><?php echo get_settings('home') . $prefix  ; ?>/archives/123</code></span>
+   </label>
+</p>
+<p>
+<label>
+<input name="selection" id="custom_selection" type="radio" value="custom" class="tog"
+<?php if ( !in_array($permalink_structure, $structures) ) { ?>
+checked="checked"
+<?php } ?>
+ /> 
+<?php _e('Custom, specify below'); ?>	
+</label>
+<br />
+</p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>
+
+<h3><?php _e('Optional'); ?></h3>
 <?php if ($is_apache) : ?>
-<dl>
-<dt><?php _e('Structure'); ?>: <code>/%year%/%monthnum%/%day%/%postname%/</code></dt>
-	<strong>
-	<dd><?php _e('Result'); ?>: <code><?php echo get_settings('home') . '/' . date('Y') . '/' . date('m') . '/' . date('d') . '/sample-post/'; ?></code></dd>
-	</strong>
-	<dt><?php _e('Structure'); ?>: <code>/archives/%post_id%</code></dt>
-	<strong>
-	<dd><?php _e('Result'); ?>: <code><?php echo get_settings('home'); ?>/archives/123</code></dd>
-	</strong>
-	<dt></dt>
-</dl>
-
-<p><?php _e('For the above to work you must have something called <code>mod_rewrite</code> installed on your server. (Ask your host.) If that isn&#8217;t available, you can prefix the structure with <code>/index.php/</code> . This is the recommend method if you are on any web server but Apache.'); ?></p>
-
+	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/taxonomy/tags</code> would make your category links like <code>http://example.org/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php else : ?>
-<dl>
-<dt><?php _e('Structure'); ?>: <code>/index.php/%year%/%monthnum%/%day%/%postname%/</code></dt>
-	<strong>
-	<dd><?php _e('Result'); ?>: <code><?php echo get_settings('home') . '/index.php/' . date('Y') . '/' . date('m') . '/' . date('d') . '/sample-post/'; ?></code></dd>
-	</strong>
-	<dt><?php _e('Structure'); ?>: <code>/index.php/archives/%post_id%</code></dt>
-	<strong>
-	<dd><?php _e('Result'); ?>: <code><?php echo get_settings('home'); ?>/index.php/archives/123</code></dd>
-	</strong>
-	<dt></dt>
-</dl>
-<?php endif; ?>
-
-  <form name="form" action="options-permalink.php" method="post"> 
-    <p><?php _e('Use the template tags above to create a virtual site structure:') ?></p>
-    <p> 
-      <?php _e('Structure'); ?>: <input name="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /> 
-    </p> 
-<?php if ($is_apache) : ?>
-	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/taxonomy/categorias</code> would make your category links like <code>http://example.org/taxonomy/categorias/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
-<?php else : ?>
-	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/categorias</code> would make your category links like <code>http://example.org/index.php/taxonomy/categorias/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
+	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php endif; ?>
 	<p> 
-  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo $category_base; ?>" size="30" /> 
+  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
      </p> 
     <p class="submit"> 
       <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 
     </p> 
   </form> 
 <?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
-  <p><?php _e('If your <code>.htaccess</code> was <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a> we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
+  <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
 <form action="options-permalink.php" method="post">
+<?php wp_nonce_field('update-permalink') ?>
    <p>
-<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
+<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?>
 </textarea>
     </p>
 </form>
@@ -113,4 +176,4 @@ else
 
 </div>
 
-<?php require('./admin-footer.php'); ?>
+<?php require('./admin-footer.php'); ?>

wp-admin/options-reading.php

@@ -9,55 +9,57 @@ include('admin-header.php');
 
 <div class="wrap"> 
 <h2><?php _e('Reading Options') ?></h2> 
-<form name="form1" method="post" action="options.php"> 
-	<input type="hidden" name="action" value="update" /> 
-	<input type="hidden" name="page_options" value="'posts_per_page','what_to_show','posts_per_rss','rss_use_excerpt','blog_charset','gzipcompression' " /> 
-	<fieldset class="options"> 
-	<legend><?php _e('Blog Pages') ?></legend> 
-	<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-		<tr valign="top"> 
-		<th width="33%" scope="row"><?php _e('Show at most:') ?></th> 
-		<td>
-		<input name="posts_per_page" type="text" id="posts_per_page" value="<?php form_option('posts_per_page'); ?>" size="3" /> 
-		<select name="what_to_show" id="what_to_show" > 
-			<option value="days" <?php selected('days', get_settings('what_to_show')); ?>><?php _e('days') ?></option> 
-			<option value="posts" <?php selected('posts', get_settings('what_to_show')); ?>><?php _e('posts') ?></option> 
-		</select>
-		</td> 
-		</tr> 
-	</table> 
-	</fieldset> 
+<form name="form1" method="post" action="options.php">
+<?php wp_nonce_field('update-options') ?>
 
-	<fieldset class="options"> 
-	<legend><?php _e('Syndication Feeds') ?></legend> 
-	<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-		<tr valign="top"> 
-		<th width="33%" scope="row"><?php _e('Show the most recent:') ?></th> 
-		<td><input name="posts_per_rss" type="text" id="posts_per_rss" value="<?php form_option('posts_per_rss'); ?>" size="3" /> <?php _e('posts') ?></td> 
-		</tr>
-		<tr valign="top">
-		<th scope="row"><?php _e('For each article, show:') ?> </th>
-		<td>
-		<label><input name="rss_use_excerpt"  type="radio" value="0" <?php checked(0, get_settings('rss_use_excerpt')); ?>  /> <?php _e('Full text') ?></label><br />
-		<label><input name="rss_use_excerpt" type="radio" value="1" <?php checked(1, get_settings('rss_use_excerpt')); ?> /> <?php _e('Summary') ?></label>
-		</td>
-		</tr> 
-	</table> 
-	</fieldset> 
-	<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-		<tr valign="top"> 
-		<th width="33%" scope="row"><?php _e('Encoding for pages and feeds:') ?></th> 
-		<td><input name="blog_charset" type="text" id="blog_charset" value="<?php form_option('blog_charset'); ?>" size="20" class="code" /><br />
-		<?php _e('The character encoding you write your blog in (UTF-8 is <a href="http://developer.apple.com/documentation/macos8/TextIntlSvcs/TextEncodingConversionManager/TEC1.5/TEC.b0.html">recommended</a>)') ?></td> 
-		</tr>
-	</table> 
-	<p>
-		<label><input type="checkbox" name="gzipcompression" value="1" <?php checked('1', get_settings('gzipcompression')); ?> /> 
-		 <?php _e('WordPress should compress articles (gzip) if browsers ask for them') ?></label>
-	</p>
-	<p class="submit"> 
-		<input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" /> 
-	</p> 
+<fieldset class="options"> 
+<legend><?php _e('Blog Pages') ?></legend> 
+<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
+<tr valign="top"> 
+<th width="33%" scope="row"><?php _e('Show at most:') ?></th> 
+<td>
+<input name="posts_per_page" type="text" id="posts_per_page" value="<?php form_option('posts_per_page'); ?>" size="3" /> 
+<select name="what_to_show" id="what_to_show" > 
+<option value="days" <?php selected('days', get_settings('what_to_show')); ?>><?php _e('days') ?></option> 
+<option value="posts" <?php selected('posts', get_settings('what_to_show')); ?>><?php _e('posts') ?></option> 
+</select>
+</td> 
+</tr> 
+</table> 
+</fieldset> 
+
+<fieldset class="options"> 
+<legend><?php _e('Syndication Feeds') ?></legend> 
+<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
+<tr valign="top"> 
+<th width="33%" scope="row"><?php _e('Show the most recent:') ?></th> 
+<td><input name="posts_per_rss" type="text" id="posts_per_rss" value="<?php form_option('posts_per_rss'); ?>" size="3" /> <?php _e('posts') ?></td> 
+</tr>
+<tr valign="top">
+<th scope="row"><?php _e('For each article, show:') ?> </th>
+<td>
+<label><input name="rss_use_excerpt"  type="radio" value="0" <?php checked(0, get_settings('rss_use_excerpt')); ?>  /> <?php _e('Full text') ?></label><br />
+<label><input name="rss_use_excerpt" type="radio" value="1" <?php checked(1, get_settings('rss_use_excerpt')); ?> /> <?php _e('Summary') ?></label>
+</td>
+</tr> 
+</table> 
+</fieldset> 
+<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
+<tr valign="top"> 
+<th width="33%" scope="row"><?php _e('Encoding for pages and feeds:') ?></th> 
+<td><input name="blog_charset" type="text" id="blog_charset" value="<?php form_option('blog_charset'); ?>" size="20" class="code" /><br />
+<?php _e('The character encoding you write your blog in (UTF-8 is <a href="http://developer.apple.com/documentation/macos8/TextIntlSvcs/TextEncodingConversionManager/TEC1.5/TEC.b0.html">recommended</a>)') ?></td> 
+</tr>
+</table> 
+<p>
+<label><input type="checkbox" name="gzipcompression" value="1" <?php checked('1', get_settings('gzipcompression')); ?> /> 
+<?php _e('WordPress should compress articles (gzip) if browsers ask for them') ?></label>
+</p>
+<p class="submit">
+<input type="hidden" name="action" value="update" /> 
+<input type="hidden" name="page_options" value="posts_per_page,what_to_show,posts_per_rss,rss_use_excerpt,blog_charset,gzipcompression" /> 
+<input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" /> 
+</p> 
 </form> 
 </div> 
 <?php include('./admin-footer.php'); ?>

wp-admin/options-writing.php

@@ -8,81 +8,67 @@ include('admin-header.php');
 ?>
 
 <div class="wrap"> 
-  <h2><?php _e('Writing Options') ?></h2> 
-  <form name="form1" method="post" action="options.php"> 
-    <input type="hidden" name="action" value="update" /> 
-    <input type="hidden" name="page_options" value="'default_post_edit_rows','use_smilies','use_balanceTags','advanced_edit','ping_sites','mailserver_url', 'mailserver_port','mailserver_login','mailserver_pass','default_category','default_email_category','new_users_can_blog'" /> 
-    <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
-      <tr valign="top">
-        <th scope="row"> <?php _e('When starting a post, show:') ?> </th>
-        <td><?php get_settings('advanced_edit') ?><label>
-          <input name="advanced_edit" type="radio" value="0" <?php checked('0', get_settings('advanced_edit')); ?> />
-<?php _e('Simple controls') ?></label>
-          <br />
-          <label for="advanced_edit">
-          <input name="advanced_edit" id="advanced_edit" type="radio" value="1" <?php checked('1', get_settings('advanced_edit')); ?> />
-<?php _e('Advanced controls') ?></label>
-		</td>
-      </tr>
-      <tr valign="top"> 
-        <th width="33%" scope="row"> <?php _e('Size of the writing box:') ?></th> 
-        <td><input name="default_post_edit_rows" type="text" id="default_post_edit_rows" value="<?php form_option('default_post_edit_rows'); ?>" size="2" style="width: 1.5em; " /> 
-         <?php _e('lines') ?></td> 
-      </tr> 
-      <tr valign="top">
-        <th scope="row"><?php _e('Formatting:') ?></th>
-        <td>          <label for="label">
-          <input name="use_smilies" type="checkbox" id="label" value="1" <?php checked('1', get_settings('use_smilies')); ?> />
-          <?php _e('Convert emoticons like <code>:-)</code> and <code>:-P</code> to graphics on display') ?></label> <br />          <label for="label2">
-  <input name="use_balanceTags" type="checkbox" id="label2" value="1" <?php checked('1', get_settings('use_balanceTags')); ?> />
-          <?php _e('WordPress should correct invalidly nested XHTML automatically') ?></label></td>
-      </tr>
-        	<tr valign="top">
-                <th scope="row"><?php _e('Default post category:') ?></th>
-        		<td><select name="default_category" id="default_category">
+<h2><?php _e('Writing Options') ?></h2> 
+<form method="post" action="options.php"> 
+<?php wp_nonce_field('update-options') ?>
+<table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
+<tr valign="top"> 
+<th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th> 
+<td><input name="default_post_edit_rows" type="text" id="default_post_edit_rows" value="<?php form_option('default_post_edit_rows'); ?>" size="2" style="width: 1.5em; " /> 
+<?php _e('lines') ?></td> 
+</tr> 
+<tr valign="top">
+<th scope="row"><?php _e('Formatting:') ?></th>
+<td>
+<label for="rich_editing">
+<input name="rich_editing" type="checkbox" id="rich_editing" value="true" <?php checked('true', get_settings('rich_editing')); ?> />
+<?php _e('Users should use the visual rich editor by default') ?></label><br />
+<label for="use_smilies">
+<input name="use_smilies" type="checkbox" id="use_smilies" value="1" <?php checked('1', get_settings('use_smilies')); ?> />
+<?php _e('Convert emoticons like <code>:-)</code> and <code>:-P</code> to graphics on display') ?></label><br />
+<label for="use_balanceTags"><input name="use_balanceTags" type="checkbox" id="use_balanceTags" value="1" <?php checked('1', get_settings('use_balanceTags')); ?> /> <?php _e('WordPress should correct invalidly nested XHTML automatically') ?></label>
+</td>
+</tr>
+<tr valign="top">
+<th scope="row"><?php _e('Default post category:') ?></th>
+<td><select name="default_category" id="default_category">
 <?php
 $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name");
 foreach ($categories as $category) :
 if ($category->cat_ID == get_settings('default_category')) $selected = " selected='selected'";
 else $selected = '';
-	echo "\n\t<option value='$category->cat_ID' $selected>$category->cat_name</option>";
+echo "\n\t<option value='$category->cat_ID' $selected>$category->cat_name</option>";
 endforeach;
 ?>
-       			</select></td>
-	</tr>
-	<tr>
-        <th scope="row"><?php _e('Newly registered members:') ?></th> 
-        <td> <label for="new_users_can_blog0"><input name="new_users_can_blog" id="new_users_can_blog0" type="radio" value="0" <?php checked('0', get_settings('new_users_can_blog')); ?> /> <?php _e('Cannot write articles') ?></label><br />
-<label for="new_users_can_blog1"><input name="new_users_can_blog" id="new_users_can_blog1" type="radio" value="1" <?php checked('1', get_settings('new_users_can_blog')); ?> /> <?php _e('May submit drafts for review') ?></label><br />
-<label for="new_users_can_blog2"><input name="new_users_can_blog" id="new_users_can_blog2" type="radio" value="2" <?php checked('2', get_settings('new_users_can_blog')); ?> /> <?php _e('May publish articles') ?></label><br /></td> 
-	</tr> 
+</select></td>
+</tr>
 </table>
 
 <fieldset class="options">
-	<legend><?php _e('Writing by e-mail') ?></legend>
-	<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?></p>
-	
-	<table width="100%" cellspacing="2" cellpadding="5" class="editform">
-		<tr valign="top">
-			<th scope="row"><?php _e('Mail server:') ?></th>
-			<td><input name="mailserver_url" type="text" id="mailserver_url" value="<?php form_option('mailserver_url'); ?>" size="40" />
-			<label for="mailserver_port"><?php _e('Port:') ?></label> 
-			<input name="mailserver_port" type="text" id="mailserver_port" value="<?php form_option('mailserver_port'); ?>" size="6" />
-			</td>
-		</tr>
-		<tr valign="top">
-			<th width="33%" scope="row"><?php _e('Login name:') ?></th>
-			<td><input name="mailserver_login" type="text" id="mailserver_login" value="<?php form_option('mailserver_login'); ?>" size="40" /></td>
-		</tr>
-		<tr valign="top">
-			<th scope="row"><?php _e('Password:') ?></th>
-			<td>
-				<input name="mailserver_pass" type="text" id="mailserver_pass" value="<?php form_option('mailserver_pass'); ?>" size="40" />
-			</td>
-		</tr>
-		<tr valign="top">
-			<th scope="row"><?php _e('Default post by mail category:') ?></th>
-			<td><select name="default_email_category" id="default_email_category">
+<legend><?php _e('Writing by e-mail') ?></legend>
+<p><?php printf(__('To post to WordPress by e-mail you must set up a secret e-mail account with POP3 access. Any mail received at this address will be posted, so it&#8217;s a good idea to keep this address very secret. Here are three random strings you could use: <code>%s</code>, <code>%s</code>, <code>%s</code>.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?></p>
+
+<table width="100%" cellspacing="2" cellpadding="5" class="editform">
+<tr valign="top">
+<th scope="row"><?php _e('Mail server:') ?></th>
+<td><input name="mailserver_url" type="text" id="mailserver_url" value="<?php form_option('mailserver_url'); ?>" size="40" />
+<label for="mailserver_port"><?php _e('Port:') ?></label> 
+<input name="mailserver_port" type="text" id="mailserver_port" value="<?php form_option('mailserver_port'); ?>" size="6" />
+</td>
+</tr>
+<tr valign="top">
+<th width="33%" scope="row"><?php _e('Login name:') ?></th>
+<td><input name="mailserver_login" type="text" id="mailserver_login" value="<?php form_option('mailserver_login'); ?>" size="40" /></td>
+</tr>
+<tr valign="top">
+<th scope="row"><?php _e('Password:') ?></th>
+<td>
+<input name="mailserver_pass" type="text" id="mailserver_pass" value="<?php form_option('mailserver_pass'); ?>" size="40" />
+</td>
+</tr>
+<tr valign="top">
+<th scope="row"><?php _e('Default post by mail category:') ?></th>
+<td><select name="default_email_category" id="default_email_category">
 <?php
 //Alreay have $categories from default_category
 foreach ($categories as $category) :
@@ -91,20 +77,22 @@ else $selected = '';
 echo "\n\t<option value='$category->cat_ID' $selected>$category->cat_name</option>";
 endforeach;
 ?>
-			</select></td>
-		</tr>
-	</table>
+</select></td>
+</tr>
+</table>
 </fieldset>
 
 <fieldset class="options">
-	<legend><?php _e('Update Services') ?></legend>
-          <p><?php _e('When you publish a new post, WordPress automatically notifies the following site update services. For more about this, see <a href="http://codex.wordpress.org/Update_Services">Update Services</a> on the Codex. Separate multiple service URIs with line breaks.') ?></p>
-	
-	<textarea name="ping_sites" id="ping_sites" style="width: 98%;" rows="3" cols="50"><?php form_option('ping_sites'); ?></textarea>
+<legend><?php _e('Update Services') ?></legend>
+<p><?php _e('When you publish a new post, WordPress automatically notifies the following site update services. For more about this, see <a href="http://codex.wordpress.org/Update_Services">Update Services</a> on the Codex. Separate multiple service URIs with line breaks.') ?></p>
+
+<textarea name="ping_sites" id="ping_sites" style="width: 98%;" rows="3" cols="50"><?php form_option('ping_sites'); ?></textarea>
 </fieldset>
 
-<p class="submit"> 
-	<input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" /> 
+<p class="submit">
+<input type="hidden" name="action" value="update" /> 
+<input type="hidden" name="page_options" value="default_post_edit_rows,use_smilies,rich_editing,ping_sites,mailserver_url,mailserver_port,mailserver_login,mailserver_pass,default_category,default_email_category,use_balanceTags" /> 
+<input type="submit" name="Submit" value="<?php _e('Update Options') ?> &raquo;" /> 
 </p>
 </form> 
 </div> 

wp-admin/options.php

@@ -21,57 +21,107 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }
 
-if ($user_level < 6)
+if ( !current_user_can('manage_options') )
 	die ( __('Cheatin&#8217; uh?') );
 
+function sanitize_option($option, $value) {
+
+	switch ($option) {
+		case 'admin_email':
+			$value = sanitize_email($value);
+			break;
+
+		case 'default_post_edit_rows':
+		case 'mailserver_port':
+		case 'comment_max_links':
+			$value = abs((int) $value);
+			break;
+
+		case 'posts_per_page':
+		case 'posts_per_rss':
+			$value = (int) $value;
+			if ( empty($value) ) $value = 1;
+			if ( $value < -1 ) $value = abs($value);
+			break;
+
+		case 'default_ping_status':
+		case 'default_comment_status':
+			// Options that if not there have 0 value but need to be something like "closed"
+			if ( $value == '0' || $value == '')
+				$value = 'closed';
+			break;
+
+		case 'blogdescription':
+		case 'blogname':
+			if (current_user_can('unfiltered_html') == false)
+				$value = wp_filter_post_kses( $value );
+			break;
+
+		case 'blog_charset':
+			$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+			break;
+
+		case 'date_format':
+		case 'time_format':
+		case 'mailserver_url':
+		case 'mailserver_login':
+		case 'mailserver_pass':
+		case 'ping_sites':
+		case 'upload_path':
+			$value = strip_tags($value);
+			$value = wp_filter_kses($value);
+			break;
+
+		case 'gmt_offset':
+			$value = preg_replace('/[^0-9:.-]/', '', $value);
+			break;
+
+		case 'siteurl':
+		case 'home':
+			$value = clean_url($value);
+			break;
+	}
+
+	return $value;	
+}
+
 switch($action) {
 
 case 'update':
 	$any_changed = 0;
-    
-	if (!$_POST['page_options']) {
-		foreach ($_POST as $key => $value) {
-			$option_names[] = "'$key'";
-		}
-		$option_names = implode(',', $option_names);
-	} else {
-		$option_names = stripslashes($_POST['page_options']);
-	}
+	
+	check_admin_referer('update-options');
 
-    $options = $wpdb->get_results("SELECT $wpdb->options.option_id, option_name, option_type, option_value, option_admin_level FROM $wpdb->options WHERE option_name IN ($option_names)");
+	if ( !$_POST['page_options'] ) {
+		foreach ( (array) $_POST as $key => $value) {
+			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+				$options[] = $key;
+		}
+	} else {
+		$options = explode(',', stripslashes($_POST['page_options']));
+	}
 
 	// Save for later.
 	$old_siteurl = get_settings('siteurl');
 	$old_home = get_settings('home');
 
-// HACK
-// Options that if not there have 0 value but need to be something like "closed"
-    $nonbools = array('default_ping_status', 'default_comment_status');
-    if ($options) {
-        foreach ($options as $option) {
-            // should we even bother checking?
-            if ($user_level >= $option->option_admin_level) {
-                $old_val = $option->option_value;
-                $new_val = trim($_POST[$option->option_name]);
-                if( in_array($option->option_name, $nonbools) && ( $new_val == '0' || $new_val == '') )
-					$new_val = 'closed';
-                if ($new_val !== $old_val) {
-                    $result = $wpdb->query("UPDATE $wpdb->options SET option_value = '$new_val' WHERE option_name = '$option->option_name'");
-					$any_changed++;
-				}
-            }
-        }
-        unset($cache_settings); // so they will be re-read
-        get_settings('siteurl'); // make it happen now
-    } // end if options
+	if ($options) {
+		foreach ($options as $option) {
+			$option = trim($option);
+			$value = trim(stripslashes($_POST[$option]));
+			$value = sanitize_option($option, $value);
+			
+			if (update_option($option, $value) ) {
+				$any_changed++;
+			}
+		}
+	}
     
-    if ($any_changed) {
+	if ($any_changed) {
 			// If siteurl or home changed, reset cookies.
 			if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
 				// If home changed, write rewrite rules to new location.
-				save_mod_rewrite_rules();
-				// Get currently logged in user and password.
-				get_currentuserinfo();
+				$wp_rewrite->flush_rules();
 				// Clear cookies for old paths.
 				wp_clearcookie();
 				// Set cookies for new paths.
@@ -81,35 +131,59 @@ case 'update':
 			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
     }
     
-		$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-		$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
-		$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
-		wp_redirect($goback);
+	$referred = remove_query_arg('updated' , wp_get_referer());
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
+	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
+	wp_redirect($goback);
     break;
 
 default:
 	include('admin-header.php'); ?>
 
 <div class="wrap">
-  <h2><?php _e('All options'); ?></h2>
-  <form name="form" action="options.php" method="post">
+  <h2><?php _e('All Options'); ?></h2>
+  <form name="form" action="options.php" method="post" id="all-options">
+  <?php wp_nonce_field('update-options') ?>
   <input type="hidden" name="action" value="update" />
   <table width="98%">
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
 
-foreach ($options as $option) :
-	$value = wp_specialchars($option->option_value);
+foreach ( (array) $options as $option) :
+	$disabled = '';
+	$option->option_name = attribute_escape($option->option_name);
+	if ( is_serialized($option->option_value) ) {
+		if ( is_serialized_string($option->option_value) ) {
+			// this is a serialized string, so we should display it
+			$value = maybe_unserialize($option->option_value);
+			$options_to_update[] = $option->option_name;
+			$class = 'all-options';
+		} else {
+			$value = 'SERIALIZED DATA';
+			$disabled = ' disabled="disabled"';
+			$class = 'all-options disabled';
+		}
+	} else {
+		$value = $option->option_value;
+		$options_to_update[] = $option->option_name;
+		$class = 'all-options';
+	}
 	echo "
 <tr>
 	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
-	<td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>
+<td>";
+
+	if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
+
+	echo "</td>
 	<td>$option->option_description</td>
 </tr>";
 endforeach;
 ?>
   </table>
-<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings &raquo;') ?>" /></p>
+<?php $options_to_update = implode(',', $options_to_update); ?>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 

wp-admin/page-new.php

@@ -2,29 +2,22 @@
 require_once('admin.php');
 $title = __('New Page');
 $parent_file = 'post.php';
+$editing = true;
 require_once('admin-header.php');
-
-get_currentuserinfo();
 ?>
 
 <?php if ( isset($_GET['saved']) ) : ?>
-<div class="updated"><p><strong><?php _e('Page saved.') ?> <a href="edit-pages.php"><?php _e('Manage pages'); ?> &raquo;</a></strong></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?></strong> <a href="edit-pages.php"><?php _e('Manage pages'); ?></a> | <a href="<?php echo get_page_link( $_GET['saved'] ); ?>"><?php _e('View page'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 
 <?php
-if ($user_level > 0) {
+if ( current_user_can('edit_pages') ) {
 	$action = 'post';
-	get_currentuserinfo();
-	//set defaults
-	$post_status = 'static';
-	$comment_status = get_settings('default_comment_status');
-	$ping_status = get_settings('default_ping_status');
-	$post_pingback = get_settings('default_pingback_flag');
-	$post_parent = 0;
-	$page_template = 'default';
+	$post = get_default_post_to_edit();
+	$post->post_status = 'static';
 
 	include('edit-page-form.php');
 }
 ?>
 
-<?php include('admin-footer.php'); ?> 
+<?php include('admin-footer.php'); ?>

wp-admin/plugin-editor.php

@@ -34,18 +34,19 @@ switch($action) {
 
 case 'update':
 
-	if ($user_level < 5) {
-		die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
-	}
+	check_admin_referer('edit-plugin_' . $file);
+
+	if ( !current_user_can('edit_plugins') )
+	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	if (is_writeable($real_file)) {
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: plugin-editor.php?file=$file&a=te");
+		wp_redirect("plugin-editor.php?file=$file&a=te");
 	} else {
-		header("Location: plugin-editor.php?file=$file");
+		wp_redirect("plugin-editor.php?file=$file");
 	}
 
 	exit();
@@ -55,9 +56,8 @@ break;
 default:
 	
 	require_once('admin-header.php');
-	if ($user_level <= 5) {
-		die(__('<p>You have do not have sufficient permissions to edit plugins for this blog.</p>'));
-	}
+	if ( !current_user_can('edit_plugins') )
+	die('<p>'.__('You have do not have sufficient permissions to edit plugins for this blog.').'</p>');
 
 	update_recently_edited("wp-content/plugins/$file");
 	
@@ -72,7 +72,7 @@ default:
 
 	?>
 <?php if (isset($_GET['a'])) : ?>
- <div class="updated"><p><?php _e('File edited successfully.') ?></p></div>
+ <div id="message" class="updated fade"><p><?php _e('File edited successfully.') ?></p></div>
 <?php endif; ?>
  <div class="wrap"> 
   <?php
@@ -97,6 +97,7 @@ if ($plugin_files) :
 </div>
 	<?php	if (!$error) { ?> 
   <form name="template" id="template" action="plugin-editor.php" method="post">
+  <?php wp_nonce_field('edit-plugin_' . $file) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 
@@ -108,14 +109,15 @@ if ($plugin_files) :
 ?>
 </p>
 <?php else : ?>
-<p><em><?php _e('If this file was writable you could edit it.'); ?></em></p>
+<p><em><?php _e('If this file were writable you could edit it.'); ?></em></p>
 <?php endif; ?>
    </form> 
   <?php
 	} else {
 		echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
 	}
-	?> 
+	?>
+<div class="clear"> &nbsp; </div>
 </div> 
 <?php
 break;

wp-admin/plugins.php

@@ -2,24 +2,26 @@
 require_once('admin.php');
 
 if ( isset($_GET['action']) ) {
-	check_admin_referer();
-
 	if ('activate' == $_GET['action']) {
+		check_admin_referer('activate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		if (!in_array($_GET['plugin'], $current)) {
 			$current[] = trim( $_GET['plugin'] );
+			sort($current);
+			update_option('active_plugins', $current);
+			include(ABSPATH . 'wp-content/plugins/' . trim( $_GET['plugin'] ));
+			do_action('activate_' . trim( $_GET['plugin'] ));
 		}
-		sort($current);
-		update_option('active_plugins', $current);
-		header('Location: plugins.php?activate=true');
-	}
-	
-	if ('deactivate' == $_GET['action']) {
+		wp_redirect('plugins.php?activate=true');
+	} else if ('deactivate' == $_GET['action']) {
+		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
 		$current = get_settings('active_plugins');
 		array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
 		update_option('active_plugins', $current);
-		header('Location: plugins.php?deactivate=true');
+		do_action('deactivate_' . trim( $_GET['plugin'] ));
+		wp_redirect('plugins.php?deactivate=true');
 	}
+	exit;
 }
 
 $title = __('Manage Plugins');
@@ -42,24 +44,27 @@ if ( !is_array($check_plugins) ) {
 foreach ($check_plugins as $check_plugin) {
 	if (!file_exists(ABSPATH . 'wp-content/plugins/' . $check_plugin)) {
 			$current = get_settings('active_plugins');
-			unset($current[$_GET['plugin']]);
-			update_option('active_plugins', $current);
+			$key = array_search($check_plugin, $current);
+			if ( false !== $key && NULL !== $key ) {
+				unset($current[$key]);
+				update_option('active_plugins', $current);
+			}
 	}
 }
 ?>
 
 <?php if (isset($_GET['activate'])) : ?>
-<div class="updated"><p><?php _e('Plugin <strong>activated</strong>.') ?></p>
+<div id="message" class="updated fade"><p><?php _e('Plugin <strong>activated</strong>.') ?></p>
 </div>
 <?php endif; ?>
 <?php if (isset($_GET['deactivate'])) : ?>
-<div class="updated"><p><?php _e('Plugin <strong>deactivated</strong>.') ?></p>
+<div id="message" class="updated fade"><p><?php _e('Plugin <strong>deactivated</strong>.') ?></p>
 </div>
 <?php endif; ?>
 
 <div class="wrap">
 <h2><?php _e('Plugin Management'); ?></h2>
-<p><?php _e('Plugins are files you usually download separately from WordPress that add functionality. To install a plugin you generally just need to put the plugin file into your <code>wp-content/plugins</code> directory. Once a plugin is installed, you may activate it or deactivate it here. If something goes wrong with a plugin and you can&#8217;t use WordPress, delete that plugin from the <code>wp-content/plugins</code> directory and it will be automatically deactivated.'); ?></p>
+<p><?php _e('Plugins extend and expand the functionality of WordPress. Once a plugin is installed, you may activate it or deactivate it here.'); ?></p>
 <?php
 
 if ( get_settings('active_plugins') )
@@ -68,38 +73,39 @@ if ( get_settings('active_plugins') )
 $plugins = get_plugins();
 
 if (empty($plugins)) {
-	_e("<p>Couldn't open plugins directory or there are no plugins available.</p>"); // TODO: make more helpful
+	echo '<p>';
+	_e("Couldn't open plugins directory or there are no plugins available."); // TODO: make more helpful
+	echo '</p>';
 } else {
 ?>
 <table width="100%" cellpadding="3" cellspacing="3">
 	<tr>
 		<th><?php _e('Plugin'); ?></th>
 		<th><?php _e('Version'); ?></th>
-		<th><?php _e('Author'); ?></th>
 		<th><?php _e('Description'); ?></th>
 		<th><?php _e('Action'); ?></th>
 	</tr>
 <?php
 	$style = '';
+
 	foreach($plugins as $plugin_file => $plugin_data) {
 		$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
 
 		if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
-			$action = "<a href='plugins.php?action=deactivate&amp;plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
 			$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
 			$style .= $style == 'alternate' ? ' active' : 'active';
 		} else {
-			$action = "<a href='plugins.php?action=activate&amp;plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
+			$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
 		}
 		$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
 		if ($style != '') $style = 'class="' . $style . '"';
 		echo "
 	<tr $style>
-		<td class=\"name\">{$plugin_data['Title']}</td>
-		<td class=\"vers\">{$plugin_data['Version']}</td>
-		<td class=\"auth\">{$plugin_data['Author']}</td>
-		<td class=\"desc\">{$plugin_data['Description']}</td>
-		<td class=\"togl\">$action</td>
+		<td class='name'>{$plugin_data['Title']}</td>
+		<td class='vers'>{$plugin_data['Version']}</td>
+		<td class='desc'>{$plugin_data['Description']} <cite>".sprintf(__('By %s'), $plugin_data['Author']).".</cite></td>
+		<td class='togl'>$action</td>
 	</tr>";
 	}
 ?>
@@ -109,6 +115,8 @@ if (empty($plugins)) {
 }
 ?>
 
+<p><?php _e('If something goes wrong with a plugin and you can&#8217;t use WordPress, delete or rename that file in the <code>wp-content/plugins</code> directory and it will be automatically deactivated.'); ?></p>
+
 <h2><?php _e('Get More Plugins'); ?></h2>
 <p><?php _e('You can find additional plugins for your site in the <a href="http://wordpress.org/extend/plugins/">WordPress plugin directory</a>. To install a plugin you generally just need to upload the plugin file into your <code>wp-content/plugins</code> directory. Once a plugin is uploaded, you may activate it here.'); ?></p>
 

wp-admin/post.php

@@ -22,133 +22,23 @@ if (isset($_POST['deletepost'])) {
 $action = "delete";
 }
 
-	// Fix submenu highlighting for pages.
-if (false !== strpos($_SERVER['HTTP_REFERER'], 'edit-pages.php')) $submenu_file = 'page-new.php';
+// Fix submenu highlighting for pages.
+if ( isset($_REQUEST['post']) && 'static' == get_post_status($_REQUEST['post']) )
+	$submenu_file = 'page-new.php';
 
 $editing = true;
 
 switch($action) {
 case 'post':
-	check_admin_referer();
-	if ( !user_can_create_draft($user_ID) )
-		die( __('You are not allowed to create posts or drafts on this blog.') );
-
-	$post_pingback = (int) $_POST['post_pingback'];
-	$content         = apply_filters('content_save_pre',  $_POST['content']);
-	$excerpt         = apply_filters('excerpt_save_pre',  $_POST['excerpt']);
-	$post_title      = apply_filters('title_save_pre',    $_POST['post_title']);
-	$post_categories = apply_filters('category_save_pre', $_POST['post_category']);
-	$post_status     = apply_filters('status_save_pre',   $_POST['post_status']);
-	$post_name       = apply_filters('name_save_pre',     $_POST['post_name']);
-	$post_parent = 0;
-	$menu_order  = 0;
+	check_admin_referer('add-post');
 	
+	$post_ID = write_post();
 
-	if ( isset($_POST['parent_id']) )
-		$post_parent = (int) $_POST['parent_id'];
-
-	if ( isset($_POST['menu_order']) )
-		$menu_order = (int) $_POST['menu_order'];
-
-	if (! empty($_POST['post_author_override'])) {
-		$post_author = (int) $_POST['post_author_override'];
-	} else if (! empty($_POST['post_author'])) {
-		$post_author = (int) $_POST['post_author'];
-	} else {
-		$post_author = (int) $_POST['user_ID'];
-	}
-	if ( !user_can_edit_user($user_ID, $post_author) )
-		die( __('You cannot post as this user.') );
-
-	if ( empty($post_status) )
-		$post_status = 'draft';
-	// Double-check
-	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
-		$post_status = 'draft';
-		
-	$comment_status = $_POST['comment_status'];
-	if ( empty($comment_status) ) {
-		if ( !isset($_POST['advanced_view']) )
-			$comment_status = get_option('default_comment_status');
-		else
-			$comment_status = 'closed';
-		}
-
-	$ping_status = $_POST['ping_status'];
-	if ( empty($ping_status) ) {
-		if ( !isset($_POST['advanced_view']) )
-			$ping_status = get_option('default_ping_status');			
-		else
-			$ping_status = 'closed';
-		}
-
-	$post_password = $_POST['post_password'];
-	
-	$trackback = $_POST['trackback_url'];
-	$trackback = preg_replace('|\s+|', "\n", $trackback);
-
-	if (user_can_set_post_date($user_ID) && (!empty($_POST['edit_date']))) {
-		$aa = $_POST['aa'];
-		$mm = $_POST['mm'];
-		$jj = $_POST['jj'];
-		$hh = $_POST['hh'];
-		$mn = $_POST['mn'];
-		$ss = $_POST['ss'];
-		$jj = ($jj > 31) ? 31 : $jj;
-		$hh = ($hh > 23) ? $hh - 24 : $hh;
-		$mn = ($mn > 59) ? $mn - 60 : $mn;
-		$ss = ($ss > 59) ? $ss - 60 : $ss;
-		$now = "$aa-$mm-$jj $hh:$mn:$ss";
-		$now_gmt = get_gmt_from_date("$aa-$mm-$jj $hh:$mn:$ss");
-	} else {
-		$now = current_time('mysql');
-		$now_gmt = current_time('mysql', 1);
-	}
-
-	// What to do based on which button they pressed
-	if ('' != $_POST['saveasdraft']) $post_status = 'draft';
-	if ('' != $_POST['saveasprivate']) $post_status = 'private';
-	if ('' != $_POST['publish']) $post_status = 'publish';
-	if ('' != $_POST['advanced']) $post_status = 'draft';
-	if ('' != $_POST['savepage']) $post_status = 'static';
-
-
-
-	$id_result = $wpdb->get_row("SHOW TABLE STATUS LIKE '$wpdb->posts'");
-	$post_ID = $id_result->Auto_increment;
-
-	if ( empty($post_name) ) {
-		if ( 'draft' != $post_status )
-			$post_name = sanitize_title($post_title, $post_ID);
-	} else {
-		$post_name = sanitize_title($post_name, $post_ID);
-	}
-
-	if ('publish' == $post_status) {
-		$post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'publish' AND ID != '$post_ID' LIMIT 1");
-		if ($post_name_check) {
-			$suffix = 2;
-			while ($post_name_check) {
-				$alt_post_name = $post_name . "-$suffix";
-				$post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'publish' AND ID != '$post_ID' LIMIT 1");
-				$suffix++;
-			}
-			$post_name = $alt_post_name;
-		}
-	}
-
-	$postquery ="INSERT INTO $wpdb->posts
-			(ID, post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, post_modified, post_modified_gmt, post_parent, menu_order)
-			VALUES
-			('$post_ID', '$post_author', '$now', '$now_gmt', '$content', '$post_title', '$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$trackback', '$now', '$now_gmt', '$post_parent', '$menu_order')
-			";
-
-	$result = $wpdb->query($postquery);
-
+	// Redirect.
 	if (!empty($_POST['mode'])) {
 	switch($_POST['mode']) {
 		case 'bookmarklet':
-			$location = 'bookmarklet.php?a=b';
+			$location = $_POST['referredby'];
 			break;
 		case 'sidebar':
 			$location = 'sidebar.php?a=b';
@@ -158,55 +48,16 @@ case 'post':
 			break;
 		}
 	} else {
-		$location = 'post.php?posted=true';
+		$location = "post.php?posted=$post_ID";
 	}
 
 	if ( 'static' == $_POST['post_status'] )
-		$location = "page-new.php?saved=true";
+		$location = "page-new.php?saved=$post_ID";
 
-	if ( '' != $_POST['advanced'] || isset($_POST['save']) )
+	if ( isset($_POST['save']) )
 		$location = "post.php?action=edit&post=$post_ID";
 
-	header("Location: $location"); // Send user on their way while we keep working
-
-	// Insert categories
-	// Check to make sure there is a category, if not just set it to some default
-	if (!$post_categories) $post_categories[] = get_option('default_category');
-	foreach ($post_categories as $post_category) {
-		// Double check it's not there already
-		$exists = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post_ID AND category_id = $post_category");
-
-		 if (!$exists) { 
-			$wpdb->query("
-			INSERT INTO $wpdb->post2cat
-			(post_id, category_id)
-			VALUES
-			($post_ID, $post_category)
-			");
-		}
-	}
-
-	add_meta($post_ID);
-
-	$wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post_ID) . "' WHERE ID = '$post_ID'");
-
-	do_action('save_post', $post_ID);
-
-	if ('publish' == $post_status) {
-		do_action('publish_post', $post_ID);
-		if ($post_pingback)
-			register_shutdown_function('pingback', $content, $post_ID);
-		register_shutdown_function('do_enclose', $content, $post_ID );
-		register_shutdown_function('do_trackbacks', $post_ID);
-	}
-
-	if ($post_status == 'static') {
-		generate_page_rewrite_rules();
-		add_post_meta($post_ID, '_wp_page_template',  $_POST['page_template'], true);
-	}
-
-	require_once('admin-header.php');
-
+	wp_redirect($location);
 	exit();
 	break;
 
@@ -215,260 +66,104 @@ case 'edit':
 
 	require_once('admin-header.php');
 
-	$post = $post_ID = $p = (int) $_GET['post'];
+	$post_ID = $p = (int) $_GET['post'];
 
-	if ( !user_can_edit_post($user_ID, $post_ID) )
+	if ( !current_user_can('edit_post', $post_ID) )
 		die ( __('You are not allowed to edit this post.') );
-		
-	$postdata = &get_post($post_ID);
-	$content = $postdata->post_content;
-	$content = format_to_edit($content);
-	$content = apply_filters('content_edit_pre', $content);
-	$excerpt = $postdata->post_excerpt;
-	$excerpt = format_to_edit($excerpt);
-	$excerpt = apply_filters('excerpt_edit_pre', $excerpt);
-	$edited_post_title = format_to_edit($postdata->post_title);
-	$edited_post_title = apply_filters('title_edit_pre', $edited_post_title);
-	$post_status = $postdata->post_status;
-	$comment_status = $postdata->comment_status;
-	$ping_status = $postdata->ping_status;
-	$post_password = $postdata->post_password;
-	$to_ping = $postdata->to_ping;
-	$pinged = $postdata->pinged;
-	$post_name = $postdata->post_name;
-	$post_parent = $postdata->post_parent;
-	$post_author = $postdata->post_author;
-	$menu_order = $postdata->menu_order;
 
-	if( 'private' == $postdata->post_status && $postdata->post_author != $user_ID )
-		die ( __('You are not allowed to view other users\' private posts.') );
-
-	if ($post_status == 'static') {
-		$page_template = get_post_meta($post_ID, '_wp_page_template', true);
+	$post = get_post_to_edit($post_ID);
+	
+	if ($post->post_status == 'static')
 		include('edit-page-form.php');
-	} else {
+	else
 		include('edit-form-advanced.php');
-	}
 
-	$post = &$postdata;
 	?>
 	<div id='preview' class='wrap'>
-	<h2><?php _e('Post Preview (updated when post is saved)'); ?></h2>
-	<h3 class="storytitle" id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="<?php printf(__("Permanent Link: %s"), get_the_title()); ?>"><?php the_title(); ?></a></h3>
-	<div class="meta"><?php _e("Filed under:"); ?> <?php the_category(','); ?> &#8212; <?php the_author() ?> @ <?php the_time() ?></div>
-
-	<div class="storycontent">
-	<?php 
-	$content = apply_filters('the_content', $post->post_content);
-	echo $content;
-	?>
-	</div>
+	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
+		<iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
 	</div>
 	<?php
 	break;
 
+case 'editattachment':
+	$post_id = (int) $_POST['post_ID'];
+
+	check_admin_referer('update-attachment_' . $post_id);
+
+	// Don't let these be changed
+	unset($_POST['guid']);
+	$_POST['post_status'] = 'attachment';
+
+	// Update the thumbnail filename
+	$oldmeta = $newmeta = get_post_meta($post_id, '_wp_attachment_metadata', true);
+	$newmeta['thumb'] = $_POST['thumb'];
+
+	if ( '' !== $oldmeta )
+		update_post_meta($post_id, '_wp_attachment_metadata', $newmeta, $oldmeta);
+	else
+		add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
+
 case 'editpost':
-	check_admin_referer();
-	// die(var_dump('<pre>', $_POST));
-	if (!isset($blog_ID)) {
-		$blog_ID = 1;
-	}
 	$post_ID = (int) $_POST['post_ID'];
-
-	if (!user_can_edit_post($user_ID, $post_ID, $blog_ID))
-		die( __('You are not allowed to edit this post.') );
-
-	$post_categories = $_POST['post_category'];
-	if (!$post_categories) $post_categories[] = 1;
-	$content = apply_filters('content_save_pre', $_POST['content']);
-	$excerpt = apply_filters('excerpt_save_pre', $_POST['excerpt']);
-	$post_title = $_POST['post_title'];
-	$prev_status = $_POST['prev_status'];
-	$post_status = $_POST['post_status'];
-	$menu_order = (int) $_POST['menu_order'];
-	if (! empty($_POST['post_author_override'])) {
-		$post_author = (int) $_POST['post_author_override'];
-	} else if (! empty($_POST['post_author'])) {
-		$post_author = (int) $_POST['post_author'];
-	} else {
-		$post_author = (int) $_POST['user_ID'];
-	}
-	if ( !user_can_edit_user($user_ID, $post_author) )
-		die( __('You cannot post as this user.') );
-
-	$comment_status = $_POST['comment_status'];
-	if (empty($comment_status)) $comment_status = 'closed';
-	//if (!$_POST['comment_status']) $comment_status = get_settings('default_comment_status');
-
-	$ping_status = $_POST['ping_status'];
-	if (empty($ping_status)) $ping_status = 'closed';
-	//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
-	$post_password = $_POST['post_password'];
-	$post_name = $_POST['post_name'];
-
-	$post_parent = 0;
-	if (isset($_POST['parent_id'])) {
-		$post_parent = (int) $_POST['parent_id'];
-	}
-
-	$trackback = $_POST['trackback_url'];
-	// Format trackbacks
-	$trackback = preg_replace('|\s+|', '\n', $trackback);
+	check_admin_referer('update-post_' . $post_ID);
 	
-	if (isset($_POST['publish'])) $post_status = 'publish';
-	// Double-check
-	if ( 'publish' == $post_status && (!user_can_create_post($user_ID)) )
-		$post_status = 'draft';
-
-	if ( empty($post_name) ) {
-		if ( 'draft' != $post_status )
-			$post_name = sanitize_title($post_title, $post_ID);
-	} else {
-		$post_name = sanitize_title($post_name, $post_ID);
-	}
-
-	if ('publish' == $post_status) {
-		$post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'publish' AND ID != '$post_ID' LIMIT 1");
-		if ($post_name_check) {
-			$suffix = 2;
-			while ($post_name_check) {
-				$alt_post_name = $post_name . "-$suffix";
-				$post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'publish' AND ID != '$post_ID' LIMIT 1");
-				$suffix++;
-			}
-			$post_name = $alt_post_name;
-		}
-	}
-
-	if (user_can_edit_post_date($user_ID, $post_ID) && (!empty($_POST['edit_date']))) {
-		$aa = $_POST['aa'];
-		$mm = $_POST['mm'];
-		$jj = $_POST['jj'];
-		$hh = $_POST['hh'];
-		$mn = $_POST['mn'];
-		$ss = $_POST['ss'];
-		$jj = ($jj > 31) ? 31 : $jj;
-		$hh = ($hh > 23) ? $hh - 24 : $hh;
-		$mn = ($mn > 59) ? $mn - 60 : $mn;
-		$ss = ($ss > 59) ? $ss - 60 : $ss;
-		$datemodif = ", post_date = '$aa-$mm-$jj $hh:$mn:$ss'";
-	$datemodif_gmt = ", post_date_gmt = '".get_gmt_from_date("$aa-$mm-$jj $hh:$mn:$ss")."'";
-	} else {
-		$datemodif = '';
-		$datemodif_gmt = '';
-	}
-
-	$now = current_time('mysql');
-	$now_gmt = current_time('mysql', 1);
-
-	$result = $wpdb->query("
-		UPDATE $wpdb->posts SET
-			post_content = '$content',
-			post_excerpt = '$excerpt',
-			post_title = '$post_title'"
-			.$datemodif_gmt
-			.$datemodif.",			
-			post_status = '$post_status',
-			comment_status = '$comment_status',
-			ping_status = '$ping_status',
-			post_author = '$post_author',
-			post_password = '$post_password',
-			post_name = '$post_name',
-			to_ping = '$trackback',
-			post_modified = '$now',
-			post_modified_gmt = '$now_gmt',
-			menu_order = '$menu_order',
-			post_parent = '$post_parent'
-		WHERE ID = $post_ID ");
+	$post_ID = edit_post();
 
+	$referredby = '';
+	if ( !empty($_POST['referredby']) )
+		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
+	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
+	
 	if ($_POST['save']) {
-		$location = $_SERVER['HTTP_REFERER'];
+		$location = wp_get_referer();
 	} elseif ($_POST['updatemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
+		$location = wp_get_referer() . '&message=2#postcustom';
 	} elseif ($_POST['deletemeta']) {
-		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
-	} elseif (isset($_POST['referredby']) && $_POST['referredby'] != $_SERVER['HTTP_REFERER']) {
+		$location = wp_get_referer() . '&message=3#postcustom';
+	} elseif (!empty($referredby) && $referredby != $referer) {
 		$location = $_POST['referredby'];
 		if ( $_POST['referredby'] == 'redo' )
 			$location = get_permalink( $post_ID );
+	} elseif ($action == 'editattachment') {
+		$location = 'attachments.php';
 	} else {
 		$location = 'post.php';
 	}
-	header ('Location: ' . $location); // Send user on their way while we keep working
 
-	// Meta Stuff
-	if ($_POST['meta']) :
-		foreach ($_POST['meta'] as $key => $value) :
-			update_meta($key, $value['key'], $value['value']);
-		endforeach;
-	endif;
-
-	if ($_POST['deletemeta']) :
-		foreach ($_POST['deletemeta'] as $key => $value) :
-			delete_meta($key);
-		endforeach;
-	endif;
-
-	add_meta($post_ID);
-
-	// Now it's category time!
-	// First the old categories
-	$old_categories = $wpdb->get_col("SELECT category_id FROM $wpdb->post2cat WHERE post_id = $post_ID");
-	
-	// Delete any?
-	foreach ($old_categories as $old_cat) {
-		if (!in_array($old_cat, $post_categories)) // If a category was there before but isn't now
-			$wpdb->query("DELETE FROM $wpdb->post2cat WHERE category_id = $old_cat AND post_id = $post_ID LIMIT 1");
-	}
-	
-	// Add any?
-	foreach ($post_categories as $new_cat) {
-		if (!in_array($new_cat, $old_categories))
-			$wpdb->query("INSERT INTO $wpdb->post2cat (post_id, category_id) VALUES ($post_ID, $new_cat)");
-	}
-
-	if ($prev_status != 'publish' && $post_status == 'publish')
-		do_action('private_to_published', $post_ID);
-
-	do_action('edit_post', $post_ID);
-
-	if ($post_status == 'publish') {
-		do_action('publish_post', $post_ID);
-		register_shutdown_function('do_trackbacks', $post_ID);
-		register_shutdown_function('do_enclose', $content, $post_ID );
-		if ( get_option('default_pingback_flag') )
-			register_shutdown_function('pingback', $content, $post_ID);
-	}
-
-	if ($post_status == 'static') {
-		generate_page_rewrite_rules();
-
-		if ( ! update_post_meta($post_ID, '_wp_page_template',  $_POST['page_template'])) {
-			add_post_meta($post_ID, '_wp_page_template',  $_POST['page_template'], true);
-		}
-	}
+	wp_redirect($location); // Send user on their way while we keep working
 
 	exit();
 	break;
 
 case 'delete':
-	check_admin_referer();
-
 	$post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
-	
-	if (!user_can_delete_post($user_ID, $post_id)) {
+
+	$post = & get_post($post_id);
+	if ( 'static' == $post->post_status )
+		check_admin_referer('delete-page_' . $post_id);
+	else
+		check_admin_referer('delete-post_' . $post_id);
+
+	if ( !current_user_can('edit_post', $post_id) )	
 		die( __('You are not allowed to delete this post.') );
+
+	if ( $post->post_status == 'attachment' ) {
+		if ( ! wp_delete_attachment($post_id) )
+			die( __('Error in deleting...') );
+	} else {
+		if ( !wp_delete_post($post_id) ) 
+			die( __('Error in deleting...') );
 	}
 
-	if (! wp_delete_post($post_id))
-		die( __('Error in deleting...') );
-
-	$sendback = $_SERVER['HTTP_REFERER'];
-	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
-	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
-	header ('Location: ' . $sendback);
-	generate_page_rewrite_rules();
-	do_action('delete_post', $post_id);
+	$sendback = wp_get_referer();
+	if ( 'static' == $post->post_status )
+		$sendback = get_option('siteurl') . '/wp-admin/edit-pages.php';
+	elseif ( strstr($sendback, 'post.php') )
+		$sendback = get_option('siteurl') .'/wp-admin/post.php';
+	elseif ( strstr($sendback, 'attachments.php') )
+		$sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+	wp_redirect($sendback);
 	break;
 
 case 'editcomment':
@@ -479,62 +174,60 @@ case 'editcomment':
 	get_currentuserinfo();
 
 	$comment = (int) $_GET['comment'];
-	$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));
 
-	if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
+	if ( ! $comment = get_comment($comment) )
+		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));
+
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
 		die( __('You are not allowed to edit comments on this post.') );
-	}
 
-	$content = $commentdata['comment_content'];
-	$content = format_to_edit($content);
-	$content = apply_filters('comment_edit_pre', $content);
-	
-	$comment_status = $commentdata['comment_approved'];
+	$comment = get_comment_to_edit($comment);
 
 	include('edit-form-comment.php');
 
 	break;
 
 case 'confirmdeletecomment':
-	check_admin_referer();
+
 	require_once('./admin-header.php');
 
 	$comment = (int) $_GET['comment'];
 	$p = (int) $_GET['p'];
-	$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
 
-	if (!user_can_delete_post_comments($user_ID, $commentdata['comment_post_ID'])) {
+	if ( ! $comment = get_comment_to_edit($comment) )
+		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
 		die( __('You are not allowed to delete comments on this post.') );
-	}
 
-	echo "<div class=\"wrap\">\n";
+	echo "<div class='wrap'>\n";
 	echo "<p>" . __('<strong>Caution:</strong> You are about to delete the following comment:') . "</p>\n";
-	echo "<table border=\"0\">\n";
-	echo "<tr><td>" . __('Author:') . "</td><td>" . $commentdata["comment_author"] . "</td></tr>\n";
-	echo "<tr><td>" . __('E-mail:') . "</td><td>" . $commentdata["comment_author_email"] . "</td></tr>\n";
-	echo "<tr><td>". __('URL:') . "</td><td>" . $commentdata["comment_author_url"] . "</td></tr>\n";
-	echo "<tr><td>". __('Comment:') . "</td><td>" . stripslashes($commentdata["comment_content"]) . "</td></tr>\n";
+	echo "<table border='0'>\n";
+	echo "<tr><td>" . __('Author:') . "</td><td>$comment->comment_author</td></tr>\n";
+	echo "<tr><td>" . __('E-mail:') . "</td><td>$comment->comment_author_email</td></tr>\n";
+	echo "<tr><td>". __('URL:') . "</td><td>$comment->comment_author_url</td></tr>\n";
+	echo "<tr><td>". __('Comment:') . "</td><td>$comment->comment_content</td></tr>\n";
 	echo "</table>\n";
 	echo "<p>" . __('Are you sure you want to do that?') . "</p>\n";
 
 	echo "<form action='".get_settings('siteurl')."/wp-admin/post.php' method='get'>\n";
-	echo "<input type=\"hidden\" name=\"action\" value=\"deletecomment\" />\n";
-	echo "<input type=\"hidden\" name=\"p\" value=\"$p\" />\n";
-	echo "<input type=\"hidden\" name=\"comment\" value=\"$comment\" />\n";
-	echo "<input type=\"hidden\" name=\"noredir\" value=\"1\" />\n";
-	echo "<input type=\"submit\" value=\"" . __('Yes') . "\" />";
+	echo "<input type='hidden' name='action' value='deletecomment' />\n";
+	echo "<input type='hidden' name='p' value='$p' />\n";
+	echo "<input type='hidden' name='comment' value='{$comment->comment_ID}' />\n";
+	echo "<input type='hidden' name='noredir' value='1' />\n";
+	wp_nonce_field('delete-comment_' .  $comment->comment_ID);
+	echo "<input type='submit' value='" . __('Yes') . "' />";
 	echo "&nbsp;&nbsp;";
-	echo "<input type=\"button\" value=\"" . __('No') . "\" onclick=\"self.location='". get_settings('siteurl') ."/wp-admin/edit.php?p=$p&amp;c=1#comments';\" />\n";
+	echo "<input type='button' value='" . __('No') . "' onclick=\"self.location='". get_settings('siteurl') ."/wp-admin/edit.php?p=$p&amp;c=1#comments';\" />\n";
 	echo "</form>\n";
 	echo "</div>\n";
 
 	break;
 
 case 'deletecomment':
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('delete-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -543,30 +236,28 @@ case 'deletecomment':
 	}
 
 	$postdata = get_post($p) or die(sprintf(__('Oops, no post with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
-	$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'post.php'));
 
-	if (!user_can_delete_post_comments($user_ID, $commentdata['comment_post_ID'])) {
+	if ( ! $comment = get_comment($comment) )
+			 die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'post.php'));
+
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
 		die( __('You are not allowed to edit comments on this post.') );
-	}
 
-	wp_set_comment_status($comment, "delete");
-	do_action('delete_comment', $comment);
+	wp_set_comment_status($comment->comment_ID, "delete");
+	do_action('delete_comment', $comment->comment_ID);
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'unapprovecomment':
-
-	require_once('./admin-header.php');
-
-	check_admin_referer();
-
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('unapprove-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
@@ -574,118 +265,86 @@ case 'unapprovecomment':
 		$noredir = false;
 	}
 
-	$commentdata = get_commentdata($comment) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+	if ( ! $comment = get_comment($comment) )
+		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
 
-	if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
 		die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') );
-	}
 
-	wp_set_comment_status($comment, "hold");
+	wp_set_comment_status($comment->comment_ID, "hold");
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'mailapprovecomment':
-	check_admin_referer();
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
 
-	$commentdata = get_commentdata($comment, 1, true) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+	if ( ! $comment = get_comment($comment) )
+			 die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
 
-	if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
 		die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') );
-	}
 
-	if ('1' != $commentdata['comment_approved']) {
-		wp_set_comment_status($comment, 'approve');
+	if ('1' != $comment->comment_approved) {
+		wp_set_comment_status($comment->comment_ID, 'approve');
 		if (true == get_option('comments_notify'))
-			wp_notify_postauthor($comment);
+			wp_notify_postauthor($comment->comment_ID);
 	}
 
-	header('Location: ' . get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
+	wp_redirect(get_option('siteurl') . '/wp-admin/moderation.php?approved=1');
 
 	break;
 
 case 'approvecomment':
-	check_admin_referer();
 	$comment = (int) $_GET['comment'];
+	check_admin_referer('approve-comment_' . $comment);
+
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
 		$noredir = true;
 	} else {
 		$noredir = false;
 	}
-	$commentdata = get_commentdata($comment) or die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
 
-	if (!user_can_edit_post_comments($user_ID, $commentdata['comment_post_ID'])) {
+	if ( ! $comment = get_comment($comment) )
+		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
+
+	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
 		die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') );
-	}
 
-	wp_set_comment_status($comment, "approve");
+	wp_set_comment_status($comment->comment_ID, "approve");
 	if (get_settings("comments_notify") == true) {
-		wp_notify_postauthor($comment);
+		wp_notify_postauthor($comment->comment_ID);
 	}
 
 
-	if (($_SERVER['HTTP_REFERER'] != "") && (false == $noredir)) {
-		header('Location: ' . $_SERVER['HTTP_REFERER']);
+	if ((wp_get_referer() != "") && (false == $noredir)) {
+		wp_redirect(wp_get_referer());
 	} else {
-		header('Location: '. get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
+		wp_redirect(get_settings('siteurl') .'/wp-admin/edit.php?p='.$p.'&c=1#comments');
 	}
 
 	break;
 
 case 'editedcomment':
-	check_admin_referer();
+
 	$comment_ID = (int) $_POST['comment_ID'];
-	$comment_post_ID = (int) $_POST['comment_post_ID'];
-	$newcomment_author = $_POST['newcomment_author'];
-	$newcomment_author_email = $_POST['newcomment_author_email'];
-	$newcomment_author_url = $_POST['newcomment_author_url'];
-	$comment_status = $_POST['comment_status'];
+	$comment_post_ID = (int)  $_POST['comment_post_ID'];
 
-	if (!user_can_edit_post_comments($user_ID, $comment_post_ID)) {
-		die( __('You are not allowed to edit comments on this post, so you cannot edit this comment.') );
-	}
+	check_admin_referer('update-comment_' . $comment_ID);
 
-	if (user_can_edit_post_date($user_ID, $post_ID) && (!empty($_POST['edit_date']))) {
-		$aa = $_POST['aa'];
-		$mm = $_POST['mm'];
-		$jj = $_POST['jj'];
-		$hh = $_POST['hh'];
-		$mn = $_POST['mn'];
-		$ss = $_POST['ss'];
-		$jj = ($jj > 31) ? 31 : $jj;
-		$hh = ($hh > 23) ? $hh - 24 : $hh;
-		$mn = ($mn > 59) ? $mn - 60 : $mn;
-		$ss = ($ss > 59) ? $ss - 60 : $ss;
-		$datemodif = ", comment_date = '$aa-$mm-$jj $hh:$mn:$ss'";
-	} else {
-		$datemodif = '';
-	}
-	$content = apply_filters('comment_save_pre', $_POST['content']);
+	edit_comment();
 
-	$result = $wpdb->query("
-		UPDATE $wpdb->comments SET
-			comment_content = '$content',
-			comment_author = '$newcomment_author',
-			comment_author_email = '$newcomment_author_email',
-			comment_approved = '$comment_status',
-			comment_author_url = '$newcomment_author_url'".$datemodif."
-		WHERE comment_ID = $comment_ID"
-		);
-
-	$referredby = $_POST['referredby'];
-	if (!empty($referredby)) {
-		header('Location: ' . $referredby);
-	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
-	}
-	do_action('edit_comment', $comment_ID);
+	$location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
+	$location = apply_filters('comment_edit_redirect', $location, $comment_ID);
+	wp_redirect($location);
+	exit();
 	break;
 
 default:
@@ -693,65 +352,54 @@ default:
 	require_once ('./admin-header.php');
 ?>
 <?php if ( isset($_GET['posted']) ) : ?>
-<div class="updated"><p><?php printf(__('Post saved. <a href="%s">View site &raquo;</a>'), get_bloginfo('home')); ?></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Post saved.'); ?></strong> <a href="<?php echo get_permalink( $_GET['posted'] ); ?>"><?php _e('View post'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 <?php
-	if (user_can_create_draft($user_ID)) {
+	if ( current_user_can('edit_posts') ) {
 		$action = 'post';
 		get_currentuserinfo();
-		$drafts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_status = 'draft' AND post_author = $user_ID");
-		if ($drafts) {
+		if ( $drafts = get_users_drafts( $user_ID ) ) {
 			?>
 			<div class="wrap">
 			<p><strong><?php _e('Your Drafts:') ?></strong>
 			<?php
-			$i = 0;
-			foreach ($drafts as $draft) {
-				if (0 != $i)
+			$num_drafts = count($drafts);
+			if ( $num_drafts > 15 ) $num_drafts = 15;
+			for ( $i = 0; $i < $num_drafts; $i++ ) {
+				$draft = $drafts[$i];
+				if ( 0 != $i )
 					echo ', ';
 				$draft->post_title = stripslashes($draft->post_title);
-				if ($draft->post_title == '')
+				if ( empty($draft->post_title) )
 					$draft->post_title = sprintf(__('Post # %s'), $draft->ID);
 				echo "<a href='post.php?action=edit&amp;post=$draft->ID' title='" . __('Edit this draft') . "'>$draft->post_title</a>";
-				++$i;
-				}
-			?>.</p>
+			}
+			?>
+			<?php if ( 15 < count($drafts) ) { ?>
+			, <a href="edit.php"><?php echo sprintf(__('and %s more'), (count($drafts) - 15) ); ?> &raquo;</a>
+			<?php } ?>
+			.</p>
 			</div>
 			<?php
 		}
-		//set defaults
-		$post_status = 'draft';
-		$comment_status = get_settings('default_comment_status');
-		$ping_status = get_settings('default_ping_status');
-		$post_pingback = get_settings('default_pingback_flag');
-		$default_post_cat = get_settings('default_category');
 
-		$content = wp_specialchars($content);
-		$content = apply_filters('default_content', $content);
-		$edited_post_title = apply_filters('default_title', $edited_post_title);
-		$excerpt = apply_filters('default_excerpt', $excerpt);
+		$post = get_default_post_to_edit();
 
-		if (get_settings('advanced_edit')) {
-			include('edit-form-advanced.php');
-		} else {
-			include('edit-form.php');
-		}
+		include('edit-form-advanced.php');
 ?>
-<div class="wrap">
-<?php _e('<h3>WordPress bookmarklet</h3>
-<p>You can drag the following link to your links bar or add it to your bookmarks and when you "Press it" it will open up a popup window with information and a link to the site you&#8217;re currently browsing so you can make a quick post about it. Try it out:</p>') ?>
+<div id="wp-bookmarklet" class="wrap">
+<?php echo '<h3>'.__('WordPress bookmarklet').'</h3>
+<p>'.__('Right click on the following link and choose "Add to favorites" to create a posting shortcut.').'</p>'; ?>
 <p>
 
 <?php
-$bookmarklet_height= (get_settings('use_trackback')) ? 480 : 440;
-
 if ($is_NS4 || $is_gecko) {
 ?>
-<a href="javascript:if(navigator.userAgent.indexOf('Safari') >= 0){Q=getSelection();}else{Q=document.selection?document.selection.createRange().text:document.getSelection();}void(window.open('<?php echo get_settings('siteurl') ?>/wp-admin/bookmarklet.php?text='+encodeURIComponent(Q)+'&amp;popupurl='+encodeURIComponent(location.href)+'&amp;popuptitle='+encodeURIComponent(document.title),'<?php _e('WordPress bookmarklet') ?>','scrollbars=yes,width=600,height=460,left=100,top=150,status=yes'));"><?php printf(__('Press It - %s'), wp_specialchars(get_settings('blogname'))); ?></a> 
+<a href="javascript:if(navigator.userAgent.indexOf('Safari') >= 0){Q=getSelection();}else{Q=document.selection?document.selection.createRange().text:document.getSelection();}location.href='<?php echo get_settings('siteurl') ?>/wp-admin/post.php?text='+encodeURIComponent(Q)+'&amp;popupurl='+encodeURIComponent(location.href)+'&amp;popuptitle='+encodeURIComponent(document.title);"><?php printf(__('Press It - %s'), wp_specialchars(get_settings('blogname'))); ?></a> 
 <?php
 } else if ($is_winIE) {
 ?>
-<a href="javascript:Q='';if(top.frames.length==0)Q=document.selection.createRange().text;void(btw=window.open('<?php echo get_settings('siteurl') ?>/wp-admin/bookmarklet.php?text='+encodeURIComponent(Q)+'<?php echo $bookmarklet_tbpb ?>&amp;popupurl='+encodeURIComponent(location.href)+'&amp;popuptitle='+encodeURIComponent(document.title),'bookmarklet','scrollbars=yes,width=600,height=<?php echo $bookmarklet_height ?>,left=100,top=150,status=yes'));btw.focus();"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a>
+<a href="javascript:Q='';if(top.frames.length==0)Q=document.selection.createRange().text;location.href='<?php echo get_settings('siteurl') ?>/wp-admin/post.php?text='+encodeURIComponent(Q)+'&amp;popupurl='+encodeURIComponent(location.href)+'&amp;popuptitle='+encodeURIComponent(document.title);"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a>
 <script type="text/javascript">
 <!--
 function oneclickbookmarklet(blah) {
@@ -766,11 +414,11 @@ window.open ("profile.php?action=IErightclick", "oneclickbookmarklet", "width=50
 <?php
 } else if ($is_opera) {
 ?>
-<a href="javascript:void(window.open('<?php echo get_settings('siteurl'); ?>/wp-admin/bookmarklet.php?popupurl='+escape(location.href)+'&popuptitle='+escape(document.title)+'<?php echo $bookmarklet_tbpb ?>','bookmarklet','scrollbars=yes,width=600,height=<?php echo $bookmarklet_height ?>,left=100,top=150,status=yes'));"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a> 
+<a href="javascript:location.href='<?php echo get_settings('siteurl'); ?>/wp-admin/post.php?popupurl='+escape(location.href)+'&popuptitle='+escape(document.title);"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a> 
 <?php
 } else if ($is_macIE) {
 ?>
-<a href="javascript:Q='';if(top.frames.length==0);void(btw=window.open('<?php echo get_settings('siteurl'); ?>/wp-admin/bookmarklet.php?text='+escape(document.getSelection())+'&popupurl='+escape(location.href)+'&popuptitle='+escape(document.title)+'<?php echo $bookmarklet_tbpb ?>','bookmarklet','scrollbars=yes,width=600,height=<?php echo $bookmarklet_height ?>,left=100,top=150,status=yes'));btw.focus();"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a> 
+<a href="javascript:Q='';location.href='<?php echo get_settings('siteurl'); ?>/wp-admin/bookmarklet.php?text='+escape(document.getSelection())+'&popupurl='+escape(location.href)+'&popuptitle='+escape(document.title);"><?php printf(__('Press it - %s'), get_settings('blogname')); ?></a> 
 <?php
 }
 ?>

wp-admin/profile-update.php

@@ -0,0 +1,33 @@
+<?php
+
+require_once('admin.php');
+
+check_admin_referer('update-profile_' . $user_ID);
+
+if ( !$_POST )
+	die( __('No post?') );
+
+$errors = edit_user($user_ID);
+
+if (count($errors) != 0) {
+	foreach ($errors as $id => $error) {
+		echo $error . '<br/>';
+	}
+	exit;
+}
+
+if ( !isset( $_POST['rich_editing'] ) )
+	$_POST['rich_editing'] = 'false';
+update_user_option( $current_user->id, 'rich_editing', $_POST['rich_editing'], true );
+
+do_action('personal_options_update');
+
+if ( 'profile' == $_POST['from'] )
+	$to = 'profile.php?updated=true';
+else
+	$to = 'profile.php?updated=true';
+
+wp_redirect( $to );
+exit;
+
+?>

wp-admin/profile.php

@@ -1,282 +1,145 @@
 <?php 
 require_once('admin.php');
 
-$title = 'Profile';
+$title = __('Profile');
+
 $parent_file = 'profile.php';
+include_once('admin-header.php');
+$profileuser = get_user_to_edit($user_ID);
 
-$wpvarstoreset = array('action', 'profile', 'user');
-for ($i=0; $i<count($wpvarstoreset); $i += 1) {
-	$wpvar = $wpvarstoreset[$i];
-	if (!isset($$wpvar)) {
-		if (empty($_POST["$wpvar"])) {
-			if (empty($_GET["$wpvar"])) {
-				$$wpvar = '';
-			} else {
-				$$wpvar = $_GET["$wpvar"];
-			}
-		} else {
-			$$wpvar = $_POST["$wpvar"];
-		}
-	}
-}
+$bookmarklet_height= 440;
+?>
 
-require_once('../wp-config.php');
-auth_redirect();
-switch($action) {
-
-case 'update':
-
-	get_currentuserinfo();
-
-	/* checking the nickname has been typed */
-	if (empty($_POST["newuser_nickname"])) {
-		die (__("<strong>ERROR</strong>: please enter your nickname (can be the same as your username)"));
-		return false;
-	}
-
-	/* if the ICQ UIN has been entered, check to see if it has only numbers */
-	if (!empty($_POST["newuser_icq"])) {
-		if ((ereg("^[0-9]+$",$_POST["newuser_icq"]))==false) {
-			die (__("<strong>ERROR</strong>: your ICQ UIN can only be a number, no letters allowed"));
-			return false;
-		}
-	}
-
-	/* checking e-mail address */
-	if (empty($_POST["newuser_email"])) {
-		die (__("<strong>ERROR</strong>: please type your e-mail address"));
-		return false;
-	} else if (!is_email($_POST["newuser_email"])) {
-		die (__("<strong>ERROR</strong>: the e-mail address isn't correct"));
-		return false;
-	}
-
-	$pass1 = $_POST["pass1"];
-	$pass2 = $_POST["pass2"];
-	do_action('check_passwords', array($user_login, &$pass1, &$pass2));
-
-	if ( '' == $pass1 ) {
-		if ( '' != $pass2 )
-			die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
-		$updatepassword = "";
-	} else {
-		if ('' == $pass2)
-			die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
-		if ( $pass1 != $pass2 )
-			die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
-		$newuser_pass = $wpdb->escape($pass1);
-		$updatepassword = "user_pass=MD5('$newuser_pass'), ";
-		wp_clearcookie();
-		wp_setcookie($user_login, $pass1);
-	}
-
-	$newuser_firstname = wp_specialchars($_POST['newuser_firstname']);
-	$newuser_lastname = wp_specialchars($_POST['newuser_lastname']);
-	$newuser_nickname = $_POST['newuser_nickname'];
-	$newuser_nicename = sanitize_title($newuser_nickname);
-	$newuser_icq = wp_specialchars($_POST['newuser_icq']);
-	$newuser_aim = wp_specialchars($_POST['newuser_aim']);
-	$newuser_msn = wp_specialchars($_POST['newuser_msn']);
-	$newuser_yim = wp_specialchars($_POST['newuser_yim']);
-	$newuser_email = wp_specialchars($_POST['newuser_email']);
-	$newuser_url = wp_specialchars($_POST['newuser_url']);
-	$newuser_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $newuser_url) ? $newuser_url : 'http://' . $newuser_url; 
-	$newuser_idmode = wp_specialchars($_POST['newuser_idmode']);
-	$user_description = $_POST['user_description'];
-
-	$result = $wpdb->query("UPDATE $wpdb->users SET user_firstname='$newuser_firstname', $updatepassword user_lastname='$newuser_lastname', user_nickname='$newuser_nickname', user_icq='$newuser_icq', user_email='$newuser_email', user_url='$newuser_url', user_aim='$newuser_aim', user_msn='$newuser_msn', user_yim='$newuser_yim', user_idmode='$newuser_idmode', user_description = '$user_description', user_nicename = '$newuser_nicename' WHERE ID = $user_ID");
-
-	wp_redirect('profile.php?updated=true');
-break;
-
-case 'IErightclick':
-
-	$bookmarklet_height= 550;
-
-	?>
-
-	<div class="menutop">&nbsp;IE one-click bookmarklet</div>
-
-	<table width="100%" cellpadding="20">
-	<tr><td>
-
-	<p>To have a one-click bookmarklet, just copy and paste this<br />into a new text file:</p>
-	<?php
-	$regedit = "REGEDIT4\r\n[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Post To &WP : ". get_settings('blogname') ."]\r\n@=\"javascript:doc=external.menuArguments.document;Q=doc.selection.createRange().text;void(btw=window.open('". get_settings('siteurl') ."/wp-admin/bookmarklet.php?text='+escape(Q)+'".$bookmarklet_tbpb."&popupurl='+escape(doc.location.href)+'&popuptitle='+escape(doc.title),'bookmarklet','scrollbars=no,width=480,height=".$bookmarklet_height.",left=100,top=150,status=yes'));btw.focus();\"\r\n\"contexts\"=hex:31\"";
-	?>
-	<pre style="margin: 20px; background-color: #cccccc; border: 1px dashed #333333; padding: 5px; font-size: 12px;"><?php echo $regedit; ?></pre>
-	<p>Save it as wordpress.reg, and double-click on this file in an Explorer<br />
-	window. Answer Yes to the question, and restart Internet Explorer.<br /><br />
-	That's it, you can now right-click in an IE window and select <br />
-	'Post to WP' to make the bookmarklet appear. :)</p>
-
-	<p align="center">
-	  <form>
-		<input class="search" type="button" value="1" name="Close this window" />
-	  </form>
-	</p>
-	</td></tr>
-	</table>
-	<?php
-
-break;
-
-
-default:
-	$parent_file = 'profile.php';
-	include_once('admin-header.php');
-	$profiledata=get_userdata($user_ID);
-
-	$bookmarklet_height= 440;
-
-if (isset($updated)) { ?>
-<div class="updated">
+<?php if ( isset($_GET['updated']) ) { ?>
+<div id="message" class="updated fade">
 <p><strong><?php _e('Profile updated.') ?></strong></p>
 </div>
 <?php } ?>
-<div class="wrap">
-<h2><?php _e('Profile'); ?></h2>
-<form name="profile" id="profile" action="profile.php" method="post">
-	<p>
-    <input type="hidden" name="action" value="update" />
-    <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
-  </p>
 
-  <table width="99%"  border="0" cellspacing="2" cellpadding="3" class="editform">
-    <tr>
-      <th width="33%" scope="row"><?php _e('Username:') ?></th>
-      <td width="67%"><?php echo $profiledata->user_login; ?></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Level:') ?></th>
-      <td><?php echo $profiledata->user_level; ?></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Posts:') ?></th>
-      <td>    <?php
-	$posts = get_usernumposts($user_ID);
-	echo $posts;
-	?></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('First name:') ?></th>
-      <td><input type="text" name="newuser_firstname" id="newuser_firstname" value="<?php echo $profiledata->user_firstname ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Last name:') ?></th>
-      <td><input type="text" name="newuser_lastname" id="newuser_lastname2" value="<?php echo $profiledata->user_lastname ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Nickname:') ?></th>
-      <td><input type="text" name="newuser_nickname" id="newuser_nickname2" value="<?php echo $profiledata->user_nickname ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('How to display name:') ?> </th>
-      <td><select name="newuser_idmode">
-        <option value="nickname"<?php
-	if ($profiledata->user_idmode == 'nickname')
-	echo ' selected="selected"'; ?>><?php echo $profiledata->user_nickname ?></option>
-        <option value="login"<?php
-	if ($profiledata->user_idmode=="login")
-	echo ' selected="selected"'; ?>><?php echo $profiledata->user_login ?></option>
-	<?php if ( !empty( $profiledata->user_firstname ) ) : ?>
-        <option value="firstname"<?php
-	if ($profiledata->user_idmode=="firstname")
-	echo ' selected="selected"'; ?>><?php echo $profiledata->user_firstname ?></option>
-	<?php endif; ?>
-	<?php if ( !empty( $profiledata->user_lastname ) ) : ?>
-        <option value="lastname"<?php
-	if ($profiledata->user_idmode=="lastname")
-	echo ' selected="selected"'; ?>><?php echo $profiledata->user_lastname ?></option>
-	<?php endif; ?>
-	<?php if ( !empty( $profiledata->user_firstname ) && !empty( $profiledata->user_lastname ) ) : ?>
-        <option value="namefl"<?php
-	if ($profiledata->user_idmode=="namefl")
-	echo ' selected="selected"'; ?>><?php echo $profiledata->user_firstname." ".$profiledata->user_lastname ?></option>
-	<?php endif; ?>
-	<?php if ( !empty( $profiledata->user_firstname ) && !empty( $profiledata->user_lastname ) ) : ?>
-        <option value="namelf"<?php
-	if ($profiledata->user_idmode=="namelf")
-	echo ' selected="selected"'; ?>><?php echo $profiledata->user_lastname." ".$profiledata->user_firstname ?></option>
-	<?php endif; ?>
-      </select>        </td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('E-mail:') ?></th>
-      <td><input type="text" name="newuser_email" id="newuser_email2" value="<?php echo $profiledata->user_email ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Website:') ?></th>
-      <td><input type="text" name="newuser_url" id="newuser_url2" value="<?php echo $profiledata->user_url ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('ICQ:') ?></th>
-      <td><input type="text" name="newuser_icq" id="newuser_icq2" value="<?php if ($profiledata->user_icq > 0) { echo $profiledata->user_icq; } ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('AIM:') ?></th>
-      <td><input type="text" name="newuser_aim" id="newuser_aim2" value="<?php echo $profiledata->user_aim ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('MSN IM:') ?> </th>
-      <td><input type="text" name="newuser_msn" id="newuser_msn2" value="<?php echo $profiledata->user_msn ?>" /></td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Yahoo IM:') ?> </th>
-      <td>        <input type="text" name="newuser_yim" id="newuser_yim2" value="<?php echo $profiledata->user_yim ?>" />      </td>
-    </tr>
-    <tr>
-      <th scope="row"><?php _e('Profile:') ?></th>
-      <td><textarea name="user_description" rows="5" id="textarea2" style="width: 99%; "><?php echo $profiledata->user_description ?></textarea></td>
-    </tr>
+<div class="wrap">
+<h2><?php _e('Your Profile and Personal Options'); ?></h2>
+<form name="profile" id="your-profile" action="profile-update.php" method="post">
+<?php wp_nonce_field('update-profile_' . $user_ID) ?>
+<p>
+<input type="hidden" name="from" value="profile" />
+<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
+</p>
+
+<fieldset>
+<legend><?php _e('Name'); ?></legend>
+<p><label><?php _e('Username: (no editing)'); ?><br />
+<input type="text" name="user_login" value="<?php echo $profileuser->user_login; ?>" disabled="disabled" />
+</label></p>
+
+<p><label><?php _e('First name:') ?><br />
+<input type="text" name="first_name" value="<?php echo $profileuser->first_name ?>" /></label></p>
+
+<p><label><?php _e('Last name:') ?><br />
+<input type="text" name="last_name"  value="<?php echo $profileuser->last_name ?>" /></label></p>
+
+<p><label><?php _e('Nickname:') ?><br />
+<input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
+
+<p><label><?php _e('Display name publicly as:') ?> <br />
+<select name="display_name">
+<option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
+<option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>
+<option value="<?php echo $profileuser->user_login ?>"><?php echo $profileuser->user_login ?></option>
+<?php if ( !empty( $profileuser->first_name ) ) : ?>
+<option value="<?php echo $profileuser->first_name ?>"><?php echo $profileuser->first_name ?></option>
+<?php endif; ?>
+<?php if ( !empty( $profileuser->last_name ) ) : ?>
+<option value="<?php echo $profileuser->last_name ?>"><?php echo $profileuser->last_name ?></option>
+<?php endif; ?>
+<?php if ( !empty( $profileuser->first_name ) && !empty( $profileuser->last_name ) ) : ?>
+<option value="<?php echo $profileuser->first_name." ".$profileuser->last_name ?>"><?php echo $profileuser->first_name." ".$profileuser->last_name ?></option>
+<option value="<?php echo $profileuser->last_name." ".$profileuser->first_name ?>"><?php echo $profileuser->last_name." ".$profileuser->first_name ?></option>
+<?php endif; ?>
+</select></label></p>
+</fieldset>
+
+<fieldset>
+<legend><?php _e('Contact Info'); ?></legend>
+
+<p><label><?php _e('E-mail: (required)') ?><br />
+<input type="text" name="email" value="<?php echo $profileuser->user_email ?>" /></label></p>
+
+<p><label><?php _e('Website:') ?><br />
+<input type="text" name="url" value="<?php echo $profileuser->user_url ?>" />
+</label></p>
+
+<p><label><?php _e('AIM:') ?><br />
+<input type="text" name="aim" value="<?php echo $profileuser->aim ?>" />
+</label></p>
+
+<p><label><?php _e('Yahoo IM:') ?><br />
+<input type="text" name="yim" value="<?php echo $profileuser->yim ?>" />
+</label></p>
+
+<p><label><?php _e('Jabber / Google Talk:') ?>
+<input type="text" name="jabber" value="<?php echo $profileuser->jabber ?>" /></label>
+</p>
+</fieldset>
+<br clear="all" />
+<fieldset>
+<legend><?php _e('About yourself'); ?></legend>
+<p class="desc"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></p>
+<p><textarea name="description" rows="5" cols="30"><?php echo $profileuser->description ?></textarea></p>
+</fieldset>
+
 <?php
 $show_password_fields = apply_filters('show_password_fields', true);
 if ( $show_password_fields ) :
 ?>
-    <tr>
-      <th scope="row"><?php _e('New <strong>Password</strong> (Leave blank to stay the same.)') ?></th>
-      <td><input type="password" name="pass1" size="16" value="" />
-      	<br />
-        <input type="password" name="pass2" size="16" value="" /></td>
-    </tr>
+<fieldset>
+<legend><?php _e('Update Your Password'); ?></legend>
+<p class="desc"><?php _e('If you would like to change your password type a new one twice below. Otherwise leave this blank.'); ?></p>
+<p><label><?php _e('New Password:'); ?><br />
+<input type="password" name="pass1" size="16" value="" />
+</label></p>
+<p><label><?php _e('Type it one more time:'); ?><br />
+<input type="password" name="pass2" size="16" value="" />
+</label></p>
+</fieldset>
 <?php endif; ?>
+
+<?php do_action('show_user_profile'); ?>
+
+<br clear="all" />
+
+<h3><?php _e('Personal Options'); ?></h3>
+
+<p><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="true" <?php checked('true', get_user_option('rich_editing')); ?> />
+<?php _e('Use the visual rich editor when writing') ?></label></p>
+
+<?php do_action('profile_personal_options'); ?>
+
+  <table width="99%"  border="0" cellspacing="2" cellpadding="3" class="editform">
+    <?php
+    if(count($profileuser->caps) > count($profileuser->roles)):
+    ?>
+    <tr>
+      <th scope="row"><?php _e('Additional Capabilities:') ?></th>
+      <td><?php 
+			$output = '';
+			foreach($profileuser->caps as $cap => $value) {
+				if(!$wp_roles->is_role($cap)) {
+					if($output != '') $output .= ', ';
+					$output .= $value ? $cap : "Denied: {$cap}";
+				}
+			}
+			echo $output;
+			?></td>
+    </tr>
+    <?php
+    endif;
+    ?>
   </table>
-  <p class="submit">
-    <input type="submit" value="<?php _e('Update Profile &raquo;') ?>" name="submit" />
-  </p>
+<p class="submit">
+<input type="submit" value="<?php _e('Update Profile &raquo;') ?>" name="submit" />
+</p>
 </form>
+
 </div>
 
-
-<?php if ($is_gecko && $profiledata->user_level != 0) { ?>
-<div class="wrap">
-    <script type="text/javascript">
-//<![CDATA[
-function addPanel()
-        {
-          if ((typeof window.sidebar == "object") && (typeof window.sidebar.addPanel == "function"))
-            window.sidebar.addPanel("WordPress Post: <?php echo get_settings('blogname'); ?>","<?php echo get_settings('siteurl'); ?>/wp-admin/sidebar.php","");
-          else
-            alert(<?php __("'No Sidebar found!  You must use Mozilla 0.9.4 or later!'") ?>);
-        }
-//]]>
-</script>
-    <strong><?php _e('SideBar') ?></strong><br />
-    <?php _e('Add the <a href="#" onclick="addPanel()">WordPress Sidebar</a>!') ?> 
-    <?php } elseif (($is_winIE) || ($is_macIE)) { ?>
-    <strong><?php _e('SideBar') ?></strong><br />
-    <?php __('Add this link to your favorites:') ?><br />
-<a href="javascript:Q='';if(top.frames.length==0)Q=document.selection.createRange().text;void(_search=open('<?php echo get_settings('siteurl');
-	 ?>/wp-admin/sidebar.php?text='+escape(Q)+'&popupurl='+escape(location.href)+'&popuptitle='+escape(document.title),'_search'))"><?php _e('WordPress Sidebar') ?></a>. 
-    
-</div>
-<?php } ?>
-</div>
-	<?php
-
-break;
-}
-
-/* </Profile | My Profile> */
-include('admin-footer.php');
- ?>
+<?php include('admin-footer.php'); ?>

wp-admin/setup-config.php

@@ -1,17 +1,18 @@
 <?php
 define('WP_INSTALLING', true);
 
-if (file_exists('../wp-config.php')) 
-	die("The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.");
-
 if (!file_exists('../wp-config-sample.php'))
     die('Sorry, I need a wp-config-sample.php file to work from. Please re-upload this file from your WordPress installation.');
+
 $configFile = file('../wp-config-sample.php');
 
 if (!is_writable('../')) die("Sorry, I can't write to the directory. You'll have to either change the permissions on your WordPress directory or create your wp-config.php manually.");
 
-$step = 0;
-if(isset($_GET['step'])) $step = $_GET['step'];
+
+if (isset($_GET['step']))
+	$step = $_GET['step'];
+else
+	$step = 0;
 header( 'Content-Type: text/html; charset=utf-8' );
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -20,45 +21,74 @@ header( 'Content-Type: text/html; charset=utf-8' );
 <title>WordPress &rsaquo; Setup Configuration File</title>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <style media="screen" type="text/css">
-    <!--
+	<!--
+	html {
+		background: #eee;
+	}
 	body {
+		background: #fff;
+		color: #000;
 		font-family: Georgia, "Times New Roman", Times, serif;
-		margin-left: 15%;
-		margin-right: 15%;
+		margin-left: 20%;
+		margin-right: 20%;
+		padding: .2em 2em;
+	}
+
+	h1 {
+		color: #006;
+		font-size: 18px;
+		font-weight: lighter;
+	}
+
+	h2 {
+		font-size: 16px;
+	}
+
+	p, li, dt {
+		line-height: 140%;
+		padding-bottom: 2px;
+	}
+
+	ul, ol {
+		padding: 5px 5px 5px 20px;
 	}
 	#logo {
-		margin: 0;
-		padding: 0;
-		background-image: url(http://wordpress.org/images/logo.png);
-		background-repeat: no-repeat;
-		height: 60px;
-		border-bottom: 4px solid #333;
+		margin-bottom: 2em;
 	}
-	#logo a {
-		display: block;
-		height: 60px;
+	.step a, .step input {
+		font-size: 2em;
 	}
-	#logo a span {
-		display: none;
+	td input {
+		font-size: 1.5em;
 	}
-	p, li {
-		line-height: 140%;
+	.step, th {
+		text-align: right;
 	}
-    -->
+	#footer {
+		text-align: center;
+		border-top: 1px solid #ccc;
+		padding-top: 1em;
+		font-style: italic;
+	}
+	-->
 	</style>
 </head>
-<body> 
-<h1 id="logo"><a href="http://wordpress.org"><span>WordPress</span></a></h1> 
+<body>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
 <?php
+// Check if wp-config.php has been created
+if (file_exists('../wp-config.php'))
+	die("<p>The file 'wp-config.php' already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try <a href='install.php'>installing now</a>.</p></body></html>");
 
 switch($step) {
 	case 0:
 ?> 
+
 <p>Welcome to WordPress. Before getting started, we need some information on the database. You will need to know the following items before proceeding.</p> 
 <ol> 
   <li>Database name</li> 
   <li>Database username</li> 
-  <li>Database password</li> 
+  <li>Database password</li>
   <li>Database host</li> 
   <li>Table prefix (if you want to run more than one WordPress in a single database) </li>
 </ol> 
@@ -70,46 +100,48 @@ switch($step) {
 	case 1:
 	?> 
 </p> 
-<form method="post" action="setup-config.php?step=2"> 
+<form method="post" action="setup-config.php?step=2">
   <p>Below you should enter your database connection details. If you're not sure about these, contact your host. </p>
   <table> 
     <tr> 
       <th scope="row">Database Name</th> 
-      <td><input name="dbname" type="text" size="45" value="wordpress" /></td> 
+      <td><input name="dbname" type="text" size="25" value="wordpress" /></td>
       <td>The name of the database you want to run WP in. </td> 
     </tr> 
     <tr> 
       <th scope="row">User Name</th> 
-      <td><input name="uname" type="text" size="45" value="username" /></td> 
+      <td><input name="uname" type="text" size="25" value="username" /></td>
       <td>Your MySQL username</td> 
     </tr> 
     <tr> 
       <th scope="row">Password</th> 
-      <td><input name="pwd" type="text" size="45" value="password" /></td> 
+      <td><input name="pwd" type="text" size="25" value="password" /></td>
       <td>...and MySQL password.</td> 
     </tr> 
     <tr> 
       <th scope="row">Database Host</th> 
-      <td><input name="dbhost" type="text" size="45" value="localhost" /></td> 
+      <td><input name="dbhost" type="text" size="25" value="localhost" /></td>
       <td>99% chance you won't need to change this value.</td> 
     </tr>
     <tr>
       <th scope="row">Table Prefix</th>
-      <td><input name="prefix" type="text" id="prefix" value="wp_" size="45" /></td>
+      <td><input name="prefix" type="text" id="prefix" value="wp_" size="25" /></td>
       <td>If you want to run multiple WordPress installations in a single database, change this.</td>
     </tr> 
-  </table> 
-  <input name="submit" type="submit" value="Submit" /> 
+  </table>
+  <h2 class="step">
+  <input name="submit" type="submit" value="Submit" />
+  </h2>
 </form> 
 <?php
 	break;
-	
+
 	case 2:
-	$dbname = $_POST['dbname'];
-    $uname = $_POST['uname'];
-    $passwrd = $_POST['pwd'];
-    $dbhost = $_POST['dbhost'];
-	$prefix = $_POST['prefix'];
+	$dbname  = trim($_POST['dbname']);
+    $uname   = trim($_POST['uname']);
+    $passwrd = trim($_POST['pwd']);
+    $dbhost  = trim($_POST['dbhost']);
+	$prefix  = trim($_POST['prefix']);
 	if (empty($prefix)) $prefix = 'wp_';
 
     // Test the db connection.
@@ -149,8 +181,8 @@ switch($step) {
 <p>All right sparky! You've made it through this part of the installation. WordPress can now communicate with your database. If you are ready, time now to <a href="install.php">run the install!</a></p> 
 <?php
 	break;
-
 }
-?> 
+?>
+<p id="footer"><a href="http://wordpress.org/">WordPress</a>, personal publishing platform.</p>
 </body>
 </html>

wp-admin/sidebar.php

@@ -3,9 +3,7 @@ $mode = 'sidebar';
 
 require_once('admin.php');
 
-get_currentuserinfo();
-
-if ($user_level == 0)
+if ( ! current_user_can('edit_posts') )
 	die ("Cheatin' uh ?");
 
 if ('b' == $_GET['a']) {
@@ -49,8 +47,8 @@ form {
 </style>
 </head>
 <body id="sidebar">
-<h1 id="wphead"><a href="http://wordpress.org" rel="external">WordPress</a></h1>
-<form name="post" action="post.php" method="POST">
+<h1 id="wphead"><a href="http://wordpress.org/" rel="external">WordPress</a></h1>
+<form name="post" action="post.php" method="post">
 <div><input type="hidden" name="action" value="post" />
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="mode" value="sidebar" />
@@ -68,8 +66,9 @@ Post:
 </p>
 <p>
     <input name="saveasdraft" type="submit" id="saveasdraft" tabindex="9" value="Save as Draft" /> 
+<?php if ( current_user_can('publish_posts') ) : ?>
     <input name="publish" type="submit" id="publish" tabindex="6" style="font-weight: bold;" value="Publish" /> 
-  
+<?php endif; ?>
 </p>
 </div>
 </form>

wp-admin/templates.php

@@ -36,18 +36,23 @@ switch($action) {
 
 case 'update':
 
-	if ($user_level < 5) {
-		die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
-	}
+	check_admin_referer('edit-file_' . $file);
+
+	if ( ! current_user_can('edit_files') )
+	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	if (is_writeable($real_file)) {
-		$f = fopen($real_file, 'w+');
-		fwrite($f, $newcontent);
-		fclose($f);
-		header("Location: templates.php?file=$file&a=te");
+		$f = @ fopen($real_file, 'w+');
+		if ( $f ) {
+			fwrite($f, $newcontent);
+			fclose($f);
+			wp_redirect("templates.php?file=$file&a=te");
+		} else {
+			wp_redirect("templates.php?file=$file&a=err");
+		}
 	} else {
-		header("Location: templates.php?file=$file");
+		wp_redirect("templates.php?file=$file&a=err");
 	}
 
 	exit();
@@ -57,26 +62,38 @@ break;
 default:
 
 	require_once('./admin-header.php');
-	if ( $user_level <= 5 )
-		die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
+	
+	if ( ! current_user_can('edit_files') )
+	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
 	if ( strstr( $file, 'wp-config.php' ) )
-		die( __('<p>The config file cannot be edited or viewed through the web interface. Sorry!</p>') );
+	die('<p>'.__('The config file cannot be edited or viewed through the web interface. Sorry!').'</p>');
 
 	update_recently_edited($file);
 
-	if (!is_file($real_file))
-		$error = 1;
-	
-	if (!$error) {
-		$f = fopen($real_file, 'r');
-		$content = fread($f, filesize($real_file));
-		$content = htmlspecialchars($content);
+	if ( !is_file($real_file) ) {
+		$error = true;
+	} else {
+		$f = @ fopen($real_file, 'r');
+		if ( $f ) {
+			if ( filesize($real_file ) > 0 ) {
+				$content = fread($f, filesize($real_file));
+				$content = htmlspecialchars($content);
+			} else {
+				$content = '';
+			}
+		} else {
+			$error = true;
+		}
 	}
 
 	?>
 <?php if (isset($_GET['a'])) : ?>
- <div class="updated"><p><?php _e('File edited successfully.') ?></p></div>
+	<?php if ( 'err' == $_GET['a'] ) : ?>
+ <div id="message" class="error"><p><?php _e('Could not save file.') ?></p></div>
+	<?php else: ?>
+ <div id="message" class="updated fade"><p><?php _e('File edited successfully.') ?></p></div>
+	<?php endif; ?>	
 <?php endif; ?>
  <div class="wrap"> 
 <?php
@@ -94,7 +111,7 @@ if ( $recents ) :
 <?php
 echo '<ol>';
 foreach ($recents as $recent) :
-	echo "<li><a href='templates.php?file=$recent'>" . get_file_description(basename($recent)) . "</a></li>";
+	echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";
 endforeach;
 echo '</ol>';
 endif;
@@ -114,6 +131,7 @@ endif;
 </div>
 <?php if (!$error) { ?>
   <form name="template" id="template" action="templates.php" method="post"> 
+  <?php wp_nonce_field('edit-file_' . $file) ?>
      <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 
@@ -125,7 +143,7 @@ endif;
 ?>
 </p>
 <?php else : ?>
-<p><em><?php _e('If this file was writable you could edit it.'); ?></em></p>
+<p><em><?php _e('If this file were writable you could edit it.'); ?></em></p>
 <?php endif; ?>
    </form> 
   <?php
@@ -133,6 +151,7 @@ endif;
 		echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
 	}
 	?>
+<div class="clear"> &nbsp; </div>
 </div>
 <div class="wrap">
 <h2><?php _e('Other Files') ?></h2>
@@ -151,4 +170,4 @@ break;
 }
 
 include("admin-footer.php");
-?>
+?>

wp-admin/theme-editor.php

@@ -41,13 +41,16 @@ if (empty($file)) {
 $file = validate_file_to_edit($file, $allowed_files);
 $real_file = get_real_file_to_edit($file);
 
+$file_show = basename( $file );
+
 switch($action) {
 
 case 'update':
 
-	if ($user_level < 5) {
-		die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
-	}
+	check_admin_referer('edit-theme_' . $file . $theme);
+
+	if ( !current_user_can('edit_themes') )
+	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	$theme = urlencode($theme);
@@ -55,11 +58,15 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
+		$location = "theme-editor.php?file=$file&theme=$theme&a=te";
 	} else {
-		header("Location: theme-editor.php?file=$file&theme=$theme");
+		$location = "theme-editor.php?file=$file&theme=$theme";
 	}
 
+	$location = wp_kses_no_null($location);
+	$strip = array('%0d', '%0a');
+	$location = str_replace($strip, '', $location);
+	header("Location: $location");
 	exit();
 
 break;
@@ -67,9 +74,8 @@ break;
 default:
 	
 	require_once('admin-header.php');
-	if ($user_level <= 5) {
-		die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>'));
-	}
+	if ( !current_user_can('edit_themes') )
+	die('<p>'.__('You have do not have sufficient permissions to edit themes for this blog.').'</p>');
 
 	update_recently_edited($file);
 	
@@ -84,7 +90,7 @@ default:
 
 	?>
 <?php if (isset($_GET['a'])) : ?>
- <div class="updated"><p><?php _e('File edited successfully.') ?></p></div>
+ <div id="message" class="updated fade"><p><?php _e('File edited successfully.') ?></p></div>
 <?php endif; ?>
  <div class="wrap">
   <form name="theme" action="theme-editor.php" method="post"> 
@@ -95,7 +101,7 @@ default:
 		$theme_name = $a_theme['Name'];
 		if ($theme_name == $theme) $selected = " selected='selected'";
 		else $selected = '';
-		$theme_name = wp_specialchars($theme_name, true);
+		$theme_name = attribute_escape($theme_name);
 		echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
 	}
 ?>
@@ -106,10 +112,10 @@ default:
 
  <div class="wrap"> 
   <?php
-	if (is_writeable($real_file)) {
-		echo '<h2>' . sprintf(__('Editing <code>%s</code>'), $file) . '</h2>';
+	if ( is_writeable($real_file) ) {
+		echo '<h2>' . sprintf(__('Editing <code>%s</code>'), $file_show) . '</h2>';
 	} else {
-		echo '<h2>' . sprintf(__('Browsing <code>%s</code>'), $file) . '</h2>';
+		echo '<h2>' . sprintf(__('Browsing <code>%s</code>'), $file_show) . '</h2>';
 	}
 	?>
 	<div id="templateside">
@@ -129,6 +135,7 @@ if ($allowed_files) :
 	if (!$error) {
 	?> 
   <form name="template" id="template" action="theme-editor.php" method="post">
+  <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" /> 
@@ -141,14 +148,15 @@ if ($allowed_files) :
 ?>
 </p>
 <?php else : ?>
-<p><em><?php _e('If this file was writable you could edit it.'); ?></em></p>
+<p><em><?php _e('If this file were writable you could edit it.'); ?></em></p>
 <?php endif; ?>
    </form> 
   <?php
 	} else {
 		echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
 	}
-	?> 
+	?>
+<div class="clear"> &nbsp; </div>
 </div> 
 <?php
 break;

wp-admin/themes.php

@@ -2,115 +2,94 @@
 require_once('admin.php');
 
 if ( isset($_GET['action']) ) {
-	check_admin_referer();
-
+	check_admin_referer('switch-theme_' . $_GET['template']);
+	
 	if ('activate' == $_GET['action']) {
-	  if (isset($_GET['template'])) {
-	    update_option('template', $_GET['template']);
-	  }
-
-	  if (isset($_GET['stylesheet'])) {
-	    update_option('stylesheet', $_GET['stylesheet']);
-	  }
-
+		if ( isset($_GET['template']) )
+			update_option('template', $_GET['template']);
+		
+		if ( isset($_GET['stylesheet']) )
+			update_option('stylesheet', $_GET['stylesheet']);
+		
 		do_action('switch_theme', get_current_theme());
-
-	  header('Location: themes.php?activated=true');
+		
+		wp_redirect('themes.php?activated=true');
+		exit;
 	}
- }
+}
 
 $title = __('Manage Themes');
 $parent_file = 'themes.php';
 require_once('admin-header.php');
 ?>
+
 <?php if ( ! validate_current_theme() ) : ?>
-<div class="updated"><p><?php _e('The active theme is broken.  Reverting to the default theme.'); ?></p></div>
-<?php elseif ( isset($activated) ) : ?>
-<div class="updated"><p><?php _e('New theme activated'); ?></p></div>
+<div id="message1" class="updated fade"><p><?php _e('The active theme is broken.  Reverting to the default theme.'); ?></p></div>
+<?php elseif ( isset($_GET['activated']) ) : ?>
+<div id="message2" class="updated fade"><p><?php printf(__('New theme activated. <a href="%s">View site &raquo;</a>'), get_bloginfo('home') . '/'); ?></p></div>
 <?php endif; ?>
 
 <?php
 $themes = get_themes();
-$current_theme = get_current_theme();
-$current_title = $themes[$current_theme]['Title'];
-$current_version = $themes[$current_theme]['Version'];
-$current_parent_theme = $themes[$current_theme]['Parent Theme'];
-$current_template_dir = $themes[$current_theme]['Template Dir'];
-$current_stylesheet_dir = $themes[$current_theme]['Stylesheet Dir'];
-$current_template = $themes[$current_theme]['Template'];
-$current_stylesheet = $themes[$current_theme]['Stylesheet'];
+$ct = current_theme_info();
 ?>
 
 <div class="wrap">
 <h2><?php _e('Current Theme'); ?></h2>
 <div id="currenttheme">
-<h3><?php printf(__('%1$s %2$s by %3$s'), $current_title, $current_version, $themes[$current_theme]['Author']) ; ?></h3>
-<p><?php echo $themes[$current_theme]['Description']; ?></p>
-<?php if ($current_parent_theme) { ?>
-	<p><?php printf(__('The active theme is <strong>%1$s</strong>.  The template files are located in <code>%2$s</code>.  The stylesheet files are located in <code>%3$s</code>.  <strong>%4$s</strong> uses templates from <strong>%5$s</strong>.  Changes made to the templates will affect both themes.'), $current_theme, $current_template_dir, $current_stylesheet_dir, $current_theme, $current_parent_theme); ?></p>
+<?php if ( $ct->screenshot ) : ?>
+<img src="<?php echo get_option('siteurl') . '/' . $ct->stylesheet_dir . '/' . $ct->screenshot; ?>" alt="<?php _e('Current theme preview'); ?>" />
+<?php endif; ?>
+<h3><?php printf(__('%1$s %2$s by %3$s'), $ct->title, $ct->version, $ct->author) ; ?></h3>
+<p><?php echo $ct->description; ?></p>
+<?php if ($ct->parent_theme) { ?>
+	<p><?php printf(__('The template files are located in <code>%2$s</code>.  The stylesheet files are located in <code>%3$s</code>.  <strong>%4$s</strong> uses templates from <strong>%5$s</strong>.  Changes made to the templates will affect both themes.'), $ct->title, $ct->template_dir, $ct->stylesheet_dir, $ct->title, $ct->parent_theme); ?></p>
 <?php } else { ?>
-	<p><?php printf(__('The active theme is <strong>%1$s</strong>.  The template files are located in <code>%2$s</code>.  The stylesheet files are located in <code>%3$s</code>.'), $current_theme, $current_template_dir, $current_stylesheet_dir); ?></p>
+	<p><?php printf(__('All of this theme&#8217;s files are located in <code>%2$s</code>.'), $ct->title, $ct->template_dir, $ct->stylesheet_dir); ?></p>
 <?php } ?>
 </div>
 
-<h2><?php _e('Themes Available'); ?></h2>
+<h2><?php _e('Available Themes'); ?></h2>
 <?php if ( 1 < count($themes) ) { ?>
-<table width="100%" cellpadding="3" cellspacing="3">
-	<tr>
-		<th><?php _e('Name'); ?></th>
-		<th><?php _e('Author'); ?></th>
-		<th><?php _e('Description'); ?></th>
-		<th></th>
-	</tr>
+
 <?php
-	$style = '';
+$style = '';
 
-	$theme_names = array_keys($themes);
-	natcasesort($theme_names);
+$theme_names = array_keys($themes);
+natcasesort($theme_names);
 
-	foreach ($theme_names as $theme_name) {
-		$template = $themes[$theme_name]['Template'];
-		$stylesheet = $themes[$theme_name]['Stylesheet'];
-		$title = $themes[$theme_name]['Title'];
-		$version = $themes[$theme_name]['Version'];
-		$description = $themes[$theme_name]['Description'];
-		$author = $themes[$theme_name]['Author'];
-
-		if ($template == $current_template && $stylesheet == $current_stylesheet) {
-			$action = '<strong>' . __('Active Theme') . '</strong>';
-			$current = true;
-		} else {
-			$action = "<a href='themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet' title='" . __('Select this theme') . "' class='edit'>" . __('Select') . '</a>';
-			$current = false;
-		}
-
-		$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
-		if ($current) $style .= $style == 'alternate' ? ' active' : 'active';
-		if ($style != '') $style = 'class="' . $style . '"';
-
-		echo "
-	  <tr $style>";
-if ( $current )
-	echo "<td><strong>$title $version</strong></td>";
-else
-	echo "<td>$title $version</td>";
-echo "
-	     <td class=\"auth\">$author</td>
-	     <td class=\"desc\">$description</td>
-	     <td class=\"togl\">$action</td>
-	  </tr>";
-	}
+foreach ($theme_names as $theme_name) {
+	if ( $theme_name == $ct->name )
+		continue;
+	$template = $themes[$theme_name]['Template'];
+	$stylesheet = $themes[$theme_name]['Stylesheet'];
+	$title = $themes[$theme_name]['Title'];
+	$version = $themes[$theme_name]['Version'];
+	$description = $themes[$theme_name]['Description'];
+	$author = $themes[$theme_name]['Author'];
+	$screenshot = $themes[$theme_name]['Screenshot'];
+	$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
+	$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme_' . $template);
 ?>
+<div class="available-theme">
+<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
 
-</table>
-<?php
-}
-?>
+<a href="<?php echo $activate_link; ?>" class="screenshot">
+<?php if ( $screenshot ) : ?>
+<img src="<?php echo get_option('siteurl') . '/' . $stylesheet_dir . '/' . $screenshot; ?>" alt="" />
+<?php endif; ?>
+</a>
+
+<p><?php echo $description; ?></p>
+</div>
+<?php } // end foreach theme_names ?>
+
+<?php } ?>
 
 <?php
 // List broken themes, if any.
 $broken_themes = get_broken_themes();
-if (count($broken_themes)) {
+if ( count($broken_themes) ) {
 ?>
 
 <h2><?php _e('Broken Themes'); ?></h2>
@@ -145,10 +124,8 @@ if (count($broken_themes)) {
 ?>
 
 <h2><?php _e('Get More Themes'); ?></h2>
-<p><?php _e('You can find additional themes for your site in the <a href="http://wordpress.org/extend/themes/">WordPress theme directory</a>. To install a theme you generally just need to upload the theme folder into your <code>wp-content/themes</code> directory. Once a theme is uploaded, you may activate it here.'); ?></p>
+<p><?php _e('You can find additional themes for your site in the <a href="http://wordpress.org/extend/themes/">WordPress theme directory</a>. To install a theme you generally just need to upload the theme folder into your <code>wp-content/themes</code> directory. Once a theme is uploaded, you should see it on this page.'); ?></p>
 
 </div>
 
-<?php
-include('admin-footer.php');
-?>
+<?php require('admin-footer.php'); ?>

wp-admin/update-links.php

@@ -3,7 +3,7 @@ require_once( dirname( dirname(__FILE__) ) . '/wp-config.php');
 require_once( ABSPATH . 'wp-includes/class-snoopy.php');
 
 if ( !get_option('use_linksupdate') )
-	die('Feature disabled.');
+	die(__('Feature disabled.'));
 
 $link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links");
 
@@ -23,7 +23,7 @@ $http_request .= "\r\n";
 $http_request .= $query_string;
 
 $response = '';
-if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
+if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) ) ) {
 	fwrite($fs, $http_request);
 	while ( !feof($fs) )
 		$response .= fgets($fs, 1160); // One TCP-IP packet
@@ -36,9 +36,9 @@ if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) )
 	$returns = explode("\n", $body);
     
 	foreach ($returns as $return) :
-		$time = addslashes( substr($return, 0, 19) );
-		$uri = addslashes( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
+		$time = $wpdb->escape( substr($return, 0, 19) );
+		$uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
 		$wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'");
 	endforeach;
 }
-?>
+?>

wp-admin/upgrade-functions.php

@@ -4,12 +4,38 @@ require_once(ABSPATH . '/wp-admin/admin-functions.php');
 require_once(ABSPATH . '/wp-admin/upgrade-schema.php');
 // Functions to be called in install and upgrade scripts
 function upgrade_all() {
+	global $wp_current_db_version, $wp_db_version, $wp_rewrite;
+	$wp_current_db_version = __get_option('db_version');
+
+	// We are up-to-date.  Nothing to do.
+	if ( $wp_db_version == $wp_current_db_version )
+		return;
+
+	// If the version is not set in the DB, try to guess the version.
+	if ( empty($wp_current_db_version) ) {
+		$wp_current_db_version = 0;
+
+		// If the template option exists, we have 1.5.
+		$template = __get_option('template');
+		if ( !empty($template) )
+			$wp_current_db_version = 2541;
+	}
+	
 	populate_options();
-	upgrade_100();
-	upgrade_101();
-	upgrade_110();
-	upgrade_130();
-	save_mod_rewrite_rules();
+
+	if ( $wp_current_db_version < 2541 ) {
+		upgrade_100();
+		upgrade_101();
+		upgrade_110();
+		upgrade_130();
+	}
+	
+	if ( $wp_current_db_version < 3308 )
+		upgrade_160();
+
+	$wp_rewrite->flush_rules();
+	
+	update_option('db_version', $wp_db_version);
 }
 
 function upgrade_100() {
@@ -81,16 +107,16 @@ function upgrade_101() {
 
 
 function upgrade_110() {
-  global $wpdb;
+	global $wpdb;
 	
     // Set user_nicename.
 	$users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users");
-	foreach ($users as $user) {
-		if ('' == $user->user_nicename) { 
-			$newname = sanitize_title($user->user_nickname);
-			$wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
-		}
-	}
+ 	foreach ($users as $user) {
+ 		if ('' == $user->user_nicename) { 
+ 			$newname = sanitize_title($user->user_nickname);
+ 			$wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
+ 		}
+ 	}
 
 	$users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users");
 	foreach ($users as $row) {
@@ -213,6 +239,93 @@ function upgrade_130() {
 	make_site_theme();
 }
 
+function upgrade_160() {
+	global $wpdb, $table_prefix, $wp_current_db_version;
+
+	populate_roles_160();
+
+	$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
+	foreach ( $users as $user ) :
+		if ( !empty( $user->user_firstname ) )
+			update_usermeta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) );
+		if ( !empty( $user->user_lastname ) )
+			update_usermeta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
+		if ( !empty( $user->user_nickname ) )
+			update_usermeta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
+		if ( !empty( $user->user_level ) )
+			update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level );
+		if ( !empty( $user->user_icq ) )
+			update_usermeta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
+		if ( !empty( $user->user_aim ) )
+			update_usermeta( $user->ID, 'aim', $wpdb->escape($user->user_aim) );
+		if ( !empty( $user->user_msn ) )
+			update_usermeta( $user->ID, 'msn', $wpdb->escape($user->user_msn) );
+		if ( !empty( $user->user_yim ) )
+			update_usermeta( $user->ID, 'yim', $wpdb->escape($user->user_icq) );
+		if ( !empty( $user->user_description ) )
+			update_usermeta( $user->ID, 'description', $wpdb->escape($user->user_description) );
+
+		if ( isset( $user->user_idmode ) ):
+			$idmode = $user->user_idmode;
+			if ($idmode == 'nickname') $id = $user->user_nickname;
+			if ($idmode == 'login') $id = $user->user_login;
+			if ($idmode == 'firstname') $id = $user->user_firstname;
+			if ($idmode == 'lastname') $id = $user->user_lastname;
+			if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
+			if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
+			if (!$idmode) $id = $user->user_nickname;
+			$id = $wpdb->escape( $id );
+			$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
+		endif;
+		
+		// FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set.
+		$caps = get_usermeta( $user->ID, $table_prefix . 'capabilities');
+		if ( empty($caps) || defined('RESET_CAPS') ) {
+			$level = get_usermeta($user->ID, $table_prefix . 'user_level');
+			$role = translate_level_to_role($level);
+			update_usermeta( $user->ID, $table_prefix . 'capabilities', array($role => true) );
+		}
+			
+	endforeach;
+	$old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' );
+	$wpdb->hide_errors();
+	foreach ( $old_user_fields as $old )
+		$wpdb->query("ALTER TABLE $wpdb->users DROP $old");
+	$wpdb->show_errors();
+	
+	if ( 0 == $wpdb->get_var("SELECT SUM(category_count) FROM $wpdb->categories") ) { // Create counts
+		$categories = $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories");
+		foreach ( $categories as $cat_id ) {
+			$count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->post2cat, $wpdb->posts WHERE $wpdb->posts.ID=$wpdb->post2cat.post_id AND post_status='publish' AND category_id = '$cat_id'");
+			$wpdb->query("UPDATE $wpdb->categories SET category_count = '$count' WHERE cat_ID = '$cat_id'");
+		}
+	}
+
+	// populate comment_count field of posts table
+	$comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" );
+	if( is_array( $comments ) ) {
+		foreach ($comments as $comment) {
+			$wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" );
+		}
+	}
+
+	// Some alpha versions used a post status of object instead of attachment and put
+	// the mime type in post_type instead of post_mime_type.
+	if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) {
+		$objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'");
+		foreach ($objects as $object) {
+			$wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment',
+			post_mime_type = '$object->post_type',
+			post_type = ''
+			WHERE ID = $object->ID");
+			
+			$meta = get_post_meta($object->ID, 'imagedata', true);
+			if ( ! empty($meta['file']) )
+				add_post_meta($object->ID, '_wp_attached_file', $meta['file']);
+		}
+	}
+}
+
 // The functions we use to actually do stuff
 
 // General
@@ -301,6 +414,12 @@ function __get_option($setting) {
 
 	$option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
 
+	if ( 'home' == $setting && '' == $option )
+		return __get_option('siteurl');
+
+	if ( 'siteurl' == $setting || 'home' == $setting || 'category_base' == $setting )
+		$option = preg_replace('|/+$|', '', $option);
+
 	@ $kellogs = unserialize($option);
 	if ($kellogs !== FALSE)
 		return $kellogs;
@@ -703,4 +822,26 @@ function make_site_theme() {
 	}
 	return $template;
 }
-?>
+
+function translate_level_to_role($level) {
+	switch ($level) {
+	case 10:
+	case 9:
+	case 8:
+		return 'administrator';
+	case 7:
+	case 6:
+	case 5:
+		return 'editor';
+	case 4:
+	case 3:
+	case 2:
+		return 'author';
+	case 1:
+		return 'contributor';
+	case 0:
+		return 'subscriber';
+	}
+}
+
+?>

wp-admin/upgrade-schema.php

@@ -6,7 +6,8 @@ $wp_queries="CREATE TABLE $wpdb->categories (
   cat_name varchar(55) NOT NULL default '',
   category_nicename varchar(200) NOT NULL default '',
   category_description longtext NOT NULL,
-  category_parent int(4) NOT NULL default '0',
+  category_parent bigint(20) NOT NULL default '0',
+  category_count bigint(20) NOT NULL default '0',
   PRIMARY KEY  (cat_ID),
   KEY category_nicename (category_nicename)
 );
@@ -24,8 +25,8 @@ CREATE TABLE $wpdb->comments (
   comment_approved enum('0','1','spam') NOT NULL default '1',
   comment_agent varchar(255) NOT NULL default '',
   comment_type varchar(20) NOT NULL default '',
-  comment_parent int(11) NOT NULL default '0',
-  user_id int(11) NOT NULL default '0',
+  comment_parent bigint(20) NOT NULL default '0',
+  user_id bigint(20) NOT NULL default '0',
   PRIMARY KEY  (comment_ID),
   KEY comment_approved (comment_approved),
   KEY comment_post_ID (comment_post_ID)
@@ -52,7 +53,7 @@ CREATE TABLE $wpdb->links (
   link_name varchar(255) NOT NULL default '',
   link_image varchar(255) NOT NULL default '',
   link_target varchar(25) NOT NULL default '',
-  link_category int(11) NOT NULL default '0',
+  link_category bigint(20) NOT NULL default '0',
   link_description varchar(255) NOT NULL default '',
   link_visible enum('Y','N') NOT NULL default 'Y',
   link_owner int(11) NOT NULL default '1',
@@ -91,21 +92,21 @@ CREATE TABLE $wpdb->postmeta (
   meta_id bigint(20) NOT NULL auto_increment,
   post_id bigint(20) NOT NULL default '0',
   meta_key varchar(255) default NULL,
-  meta_value text,
+  meta_value longtext,
   PRIMARY KEY  (meta_id),
   KEY post_id (post_id),
   KEY meta_key (meta_key)
 );
 CREATE TABLE $wpdb->posts (
   ID bigint(20) unsigned NOT NULL auto_increment,
-  post_author int(4) NOT NULL default '0',
+  post_author bigint(20) NOT NULL default '0',
   post_date datetime NOT NULL default '0000-00-00 00:00:00',
   post_date_gmt datetime NOT NULL default '0000-00-00 00:00:00',
   post_content longtext NOT NULL,
   post_title text NOT NULL,
   post_category int(4) NOT NULL default '0',
   post_excerpt text NOT NULL,
-  post_status enum('publish','draft','private','static','object') NOT NULL default 'publish',
+  post_status enum('publish','draft','private','static','object','attachment') NOT NULL default 'publish',
   comment_status enum('open','closed','registered_only') NOT NULL default 'open',
   ping_status enum('open','closed') NOT NULL default 'open',
   post_password varchar(20) NOT NULL default '',
@@ -115,43 +116,45 @@ CREATE TABLE $wpdb->posts (
   post_modified datetime NOT NULL default '0000-00-00 00:00:00',
   post_modified_gmt datetime NOT NULL default '0000-00-00 00:00:00',
   post_content_filtered text NOT NULL,
-  post_parent int(11) NOT NULL default '0',
+  post_parent bigint(20) NOT NULL default '0',
   guid varchar(255) NOT NULL default '',
   menu_order int(11) NOT NULL default '0',
+  post_type varchar(100) NOT NULL default '',
+  post_mime_type varchar(100) NOT NULL default '',
+  comment_count bigint(20) NOT NULL default '0',
   PRIMARY KEY  (ID),
-  KEY post_name (post_name)
+  KEY post_name (post_name),
+  KEY post_status (post_status)
 );
 CREATE TABLE $wpdb->users (
   ID bigint(20) unsigned NOT NULL auto_increment,
   user_login varchar(60) NOT NULL default '',
   user_pass varchar(64) NOT NULL default '',
-  user_firstname varchar(50) NOT NULL default '',
-  user_lastname varchar(50) NOT NULL default '',
-  user_nickname varchar(50) NOT NULL default '',
   user_nicename varchar(50) NOT NULL default '',
-  user_icq int(10) unsigned NOT NULL default '0',
   user_email varchar(100) NOT NULL default '',
   user_url varchar(100) NOT NULL default '',
-  user_ip varchar(15) NOT NULL default '',
-  user_domain varchar(200) NOT NULL default '',
-  user_browser varchar(200) NOT NULL default '',
   user_registered datetime NOT NULL default '0000-00-00 00:00:00',
-  user_level int(2) unsigned NOT NULL default '0',
-  user_aim varchar(50) NOT NULL default '',
-  user_msn varchar(100) NOT NULL default '',
-  user_yim varchar(50) NOT NULL default '',
-  user_idmode varchar(20) NOT NULL default '',
   user_activation_key varchar(60) NOT NULL default '',
   user_status int(11) NOT NULL default '0',
-  user_description longtext NOT NULL default '',
+  display_name varchar(250) NOT NULL default '',
   PRIMARY KEY  (ID),
-  UNIQUE KEY user_login (user_login)
+  KEY user_login_key (user_login)
+);
+CREATE TABLE $wpdb->usermeta (
+  umeta_id bigint(20) NOT NULL auto_increment,
+  user_id bigint(20) NOT NULL default '0',
+  meta_key varchar(255) default NULL,
+  meta_value longtext,
+  PRIMARY KEY  (umeta_id),
+  KEY user_id (user_id),
+  KEY meta_key (meta_key)
 );";
 
 function populate_options() {
-	global $wpdb;
+	global $wpdb, $wp_db_version;
 
-	$guessurl = preg_replace('|/wp-admin/.*|i', '', 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+	$schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
+	$guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
 	add_option('siteurl', $guessurl, __('WordPress web address'));
 	add_option('blogname', __('My Weblog'), __('Blog title'));
 	add_option('blogdescription', __('Just another WordPress weblog'), __('Short tagline'));
@@ -159,19 +162,13 @@ function populate_options() {
 	add_option('users_can_register', 0);
 	add_option('admin_email', 'you@example.com');
 	add_option('start_of_week', 1);
-	add_option('use_balanceTags', 1);
+	add_option('use_balanceTags', 0);
 	add_option('use_smilies', 1);
 	add_option('require_name_email', 1);
 	add_option('comments_notify', 1);
 	add_option('posts_per_rss', 10);
 	add_option('rss_excerpt_length', 50);
 	add_option('rss_use_excerpt', 0);
-	add_option('use_fileupload', 0);
-	add_option('fileupload_realpath', ABSPATH . 'wp-content');
-	add_option('fileupload_url', get_option('siteurl') . '/wp-content');
-	add_option('fileupload_allowedtypes', 'jpg jpeg gif png');
-	add_option('fileupload_maxk', 300);
-	add_option('fileupload_minlevel', 6);
 	add_option('mailserver_url', 'mail.example.com');
 	add_option('mailserver_login', 'login@example.com');
 	add_option('mailserver_pass', 'password');
@@ -180,7 +177,7 @@ function populate_options() {
 	add_option('default_comment_status', 'open');
 	add_option('default_ping_status', 'open');
 	add_option('default_pingback_flag', 1);
-	add_option('default_post_edit_rows', 9);
+	add_option('default_post_edit_rows', 10);
 	add_option('posts_per_page', 10);
 	add_option('what_to_show', 'posts');
 	add_option('date_format', __('F j, Y'));
@@ -197,11 +194,14 @@ function populate_options() {
 	add_option('blog_charset', 'UTF-8');
 	add_option('moderation_keys');
 	add_option('active_plugins');
-	add_option('home');
+	add_option('home', $guessurl);
+	// in case it is set, but blank, update "home"
+	if ( !__get_option('home') ) update_option('home', $guessurl);
 	add_option('category_base');
 	add_option('ping_sites', 'http://rpc.pingomatic.com/');
 	add_option('advanced_edit', 0);
 	add_option('comment_max_links', 2);
+	add_option('gmt_offset', date('Z') / 3600);
 	// 1.5
 	add_option('default_email_category', 1, __('Posts by email go to this category'));
 	add_option('recently_edited');
@@ -212,14 +212,30 @@ function populate_options() {
 	add_option('page_uris');
 	add_option('blacklist_keys');
 	add_option('comment_registration', 0);
-	add_option('open_proxy_check', 1);
+	add_option('open_proxy_check', 0);
 	add_option('rss_language', 'en');
 	add_option('html_type', 'text/html');
 	// 1.5.1
 	add_option('use_trackback', 0);
+	// 2.0
+	add_option('default_role', 'subscriber');
+	add_option('rich_editing', 'true');
+	add_option('db_version', $wp_db_version);
+	// 2.0.1
+	if ( ini_get('safe_mode') ) {
+		// Safe mode screws up mkdir(), so we must use a flat structure.
+		add_option('uploads_use_yearmonth_folders', 0);
+		add_option('upload_path', 'wp-content');
+	} else {
+		add_option('uploads_use_yearmonth_folders', 1);
+		add_option('upload_path', 'wp-content/uploads');
+	}
+	
+	// 2.0.3
+	add_option('secret', md5(uniqid(microtime())));
 
 	// Delete unused options
-	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url');
+	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
 	foreach ($unusedoptions as $option) :
 		delete_option($option);
 	endforeach;
@@ -231,4 +247,97 @@ function populate_options() {
 	endforeach;
 }
 
+function populate_roles() {
+	populate_roles_160();	
+}
+
+function populate_roles_160() {
+	global $wp_roles;
+
+	// Add roles
+	add_role('administrator', __('Administrator'));
+	add_role('editor', __('Editor'));
+	add_role('author', __('Author'));
+	add_role('contributor', __('Contributor'));
+	add_role('subscriber', __('Subscriber'));
+	
+	// Add caps for Administrator role
+	$role = get_role('administrator');
+	$role->add_cap('switch_themes');
+	$role->add_cap('edit_themes');
+	$role->add_cap('activate_plugins');
+	$role->add_cap('edit_plugins');
+	$role->add_cap('edit_users');
+	$role->add_cap('edit_files');
+	$role->add_cap('manage_options');
+	$role->add_cap('moderate_comments');
+	$role->add_cap('manage_categories');
+	$role->add_cap('manage_links');
+	$role->add_cap('upload_files');
+	$role->add_cap('import');
+	$role->add_cap('unfiltered_html');
+	$role->add_cap('edit_posts');
+	$role->add_cap('edit_others_posts');
+	$role->add_cap('edit_published_posts');
+	$role->add_cap('publish_posts');
+	$role->add_cap('edit_pages');
+	$role->add_cap('read');
+	$role->add_cap('level_10');
+	$role->add_cap('level_9');
+	$role->add_cap('level_8');
+	$role->add_cap('level_7');
+	$role->add_cap('level_6');
+	$role->add_cap('level_5');
+	$role->add_cap('level_4');
+	$role->add_cap('level_3');
+	$role->add_cap('level_2');
+	$role->add_cap('level_1');
+	$role->add_cap('level_0');
+	
+	// Add caps for Editor role
+	$role = get_role('editor');
+	$role->add_cap('moderate_comments');
+	$role->add_cap('manage_categories');
+	$role->add_cap('manage_links');
+	$role->add_cap('upload_files');
+	$role->add_cap('unfiltered_html');
+	$role->add_cap('edit_posts');
+	$role->add_cap('edit_others_posts');
+	$role->add_cap('edit_published_posts');
+	$role->add_cap('publish_posts');
+	$role->add_cap('edit_pages');
+	$role->add_cap('read');
+	$role->add_cap('level_7');
+	$role->add_cap('level_6');
+	$role->add_cap('level_5');
+	$role->add_cap('level_4');
+	$role->add_cap('level_3');
+	$role->add_cap('level_2');
+	$role->add_cap('level_1');
+	$role->add_cap('level_0');
+	
+	// Add caps for Author role
+	$role = get_role('author');
+	$role->add_cap('upload_files');
+	$role->add_cap('edit_posts');
+	$role->add_cap('edit_published_posts');
+	$role->add_cap('publish_posts');
+	$role->add_cap('read');
+	$role->add_cap('level_2');
+	$role->add_cap('level_1');
+	$role->add_cap('level_0');
+	
+	// Add caps for Contributor role
+	$role = get_role('contributor');
+	$role->add_cap('edit_posts');
+	$role->add_cap('read');
+	$role->add_cap('level_1');
+	$role->add_cap('level_0');
+	
+	// Add caps for Subscriber role
+	$role = get_role('subscriber');
+	$role->add_cap('read');
+	$role->add_cap('level_0');
+}
+
 ?>

wp-admin/upgrade.php

@@ -7,6 +7,7 @@ require_once(ABSPATH . '/wp-admin/upgrade-functions.php');
 
 $step = $_GET['step'];
 if (!$step) $step = 0;
+header( 'Content-Type: text/html; charset=utf-8' );
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
@@ -61,23 +62,34 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 	</style>
 </head>
 <body>
-<h1 id="logo"><img alt="WordPress" src="http://static.wordpress.org/logo.png" /></h1>
+<h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
 <?php
 switch($step) {
 
 	case 0:
+	$goback = clean_url(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
-	<h2 class="step"><a href="upgrade.php?step=1"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
+	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
 <?php
 	break;
 	
 	case 1:
-	make_db_current_silent();
-	upgrade_all();
+	$wp_current_db_version = __get_option('db_version');
+	if ( $wp_db_version != $wp_current_db_version ) {
+		wp_cache_flush();
+		make_db_current_silent();
+		upgrade_all();
+		wp_cache_flush();
+	}
+
+	if ( empty( $_GET['backto'] ) )
+		$backto = __get_option('home');
+	else
+		$backto = clean_url(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
-	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), '../'); ?></p>
+	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
 
 <!--
 <pre>

wp-admin/upload.php

@@ -1,230 +0,0 @@
-<?php
-require_once('admin.php');
-
-$title = 'Upload Image or File';
-
-require_once('admin-header.php');
-
-if ($user_level == 0) //Checks to see if user has logged in
-	die (__("Cheatin' uh ?"));
-
-if (!get_settings('use_fileupload')) //Checks if file upload is enabled in the config
-	die (__("The admin disabled this function"));
-
-if ( !get_settings('fileupload_minlevel') )
-	die (__("You are not allowed to upload files"));
-
-$allowed_types = explode(' ', trim(strtolower(get_settings('fileupload_allowedtypes'))));
-
-if ($_POST['submit']) {
-	$action = 'upload';
-} else {
-	$action = '';
-}
-
-if (!is_writable(get_settings('fileupload_realpath')))
-	$action = 'not-writable';
-?>
-
-<div class="wrap">
-
-<?php
-switch ($action) {
-case 'not-writable':
-?>
-<p><?php printf(__("It doesn't look like you can use the file upload feature at this time because the directory you have specified (<code>%s</code>) doesn't appear to be writable by WordPress. Check the permissions on the directory and for typos."), get_settings('fileupload_realpath')) ?></p>
-
-<?php
-break;
-case '':
-	foreach ($allowed_types as $type) {
-		$type_tags[] = "<code>$type</code>";
-	}
-	$i = implode(', ', $type_tags);
-?>
-<p><?php printf(__('You can upload files with the extension %1$s as long as they are no larger than %2$s <abbr title="Kilobytes">KB</abbr>. If you&#8217;re an admin you can configure these values under <a href="%3$s">options</a>.'), $i, get_settings('fileupload_maxk'), 'options-misc.php') ?></p>
-    <form action="upload.php" method="post" enctype="multipart/form-data">
-    <p>
-      <label for="img1"><?php _e('File:') ?></label>
-      <br />
-	<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo get_settings('fileupload_maxk') * 1024 ?>" />
-    <input type="file" name="img1" id="img1" size="35" class="uploadform" /></p>
-    <p>
-    <label for="imgdesc"><?php _e('Description:') ?></label><br />
-    <input type="text" name="imgdesc" id="imgdesc" size="30" class="uploadform" />
-    </p>
-	
-    <p><?php _e('Create a thumbnail?') ?></p>
-    <p>
-    <label for="thumbsize_no">
-    <input type="radio" name="thumbsize" value="none" checked="checked" id="thumbsize_no" />
-    <?php _e('No thanks') ?></label>
-    <br />
-        <label for="thumbsize_small">
-<input type="radio" name="thumbsize" value="small" id="thumbsize_small" />
-<?php _e('Small (200px largest side)') ?></label>
-        <br />
-        <label for="thumbsize_large">
-<input type="radio" name="thumbsize" value="large" id="thumbsize_large" />
-<?php _e('Large (400px largest side)') ?></label>
-        <br />
-        <label for="thumbsize_custom">
-        <input type="radio" name="thumbsize" value="custom" id="thumbsize_custom" />
-<?php _e('Custom size') ?></label>
-      : 
-      <input type="text" name="imgthumbsizecustom" size="4" />
-    <?php _e('px (largest side)') ?>    </p>
-	<p><input type="submit" name="submit" value="<?php _e('Upload File') ?>" /></p>
-    </form>
-</div><?php 
-break;
-case 'upload':
-
-	$imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
-
-	$img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
-	$img1_name = preg_replace('/[^a-z0-9_.]/i', '', $img1_name); 
-	$img1_size = $_POST['img1_size'] ? intval($_POST['img1_size']) : intval($_FILES['img1']['size']);
-
-	$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
-	$imgdesc = htmlentities2($_POST['imgdesc']);
-
-	$pi = pathinfo($img1_name);
-	$imgtype = strtolower($pi['extension']);
-
-	if (in_array($imgtype, $allowed_types) == false)
-		die(sprintf(__('File %1$s of type %2$s is not allowed.') , $img1_name, $imgtype));
-
-    if (strlen($imgalt)) {
-        $pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
-        $img1 = $_POST['img1'];
-    } else {
-        $pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
-        $img1 = $_FILES['img1']['tmp_name'];
-    }
-
-    // makes sure not to upload duplicates, rename duplicates
-    $i = 1;
-    $pathtofile2 = $pathtofile;
-    $tmppathtofile = $pathtofile2;
-    $img2_name = $img1_name;
-
-    while ( file_exists($pathtofile2) ) {
-        $pos = strpos( strtolower($tmppathtofile), '.' . trim($imgtype) );
-        $pathtofile_start = substr($tmppathtofile, 0, $pos);
-        $pathtofile2 = $pathtofile_start.'_'.zeroise($i++, 2).'.'.trim($imgtype);
-        $img2_name = explode('/', $pathtofile2);
-        $img2_name = $img2_name[count($img2_name)-1];
-    }
-
-    if (file_exists($pathtofile) && !strlen($imgalt)) {
-        $i = explode(' ', get_settings('fileupload_allowedtypes'));
-        $i = implode(', ',array_slice($i, 1, count($i)-2));
-        $moved = move_uploaded_file($img1, $pathtofile2);
-        // if move_uploaded_file() fails, try copy()
-        if (!$moved) {
-            $moved = copy($img1, $pathtofile2);
-        }
-        if (!$moved) {
-            die(sprintf(__("Couldn't upload your file to %s."), $pathtofile2));
-        } else {
-			chmod($pathtofile2, 0666);
-            @unlink($img1);
-        }
-
-	// 
-    
-    // duplicate-renaming function contributed by Gary Lawrence Murphy
-    ?>
-    <p><strong><?php __('Duplicate File?') ?></strong></p>
-    <p><b><em><?php printf(__("The filename '%s' already exists!"), $img1_name); ?></em></b></p>
-    <p> <?php printf(__("Filename '%1\$s' moved to '%2\$s'"), $img1, "$pathtofile2 - $img2_name") ?></p>
-    <p><?php _e('Confirm or rename:') ?></p>
-    <form action="upload.php" method="post" enctype="multipart/form-data">
-    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo  get_settings('fileupload_maxk') *1024 ?>" />
-    <input type="hidden" name="img1_type" value="<?php echo $img1_type;?>" />
-    <input type="hidden" name="img1_name" value="<?php echo $img2_name;?>" />
-    <input type="hidden" name="img1_size" value="<?php echo $img1_size;?>" />
-    <input type="hidden" name="img1" value="<?php echo $pathtofile2;?>" />
-    <input type="hidden" name="thumbsize" value="<?php echo $_REQUEST['thumbsize'];?>" />
-    <input type="hidden" name="imgthumbsizecustom" value="<?php echo $_REQUEST['imgthumbsizecustom'];?>" />
-    <?php _e('Alternate name:') ?><br /><input type="text" name="imgalt" size="30" class="uploadform" value="<?php echo $img2_name;?>" /><br />
-    <br />
-    <?php _e('Description:') ?><br /><input type="text" name="imgdesc" size="30" class="uploadform" value="<?php echo $imgdesc;?>" />
-    <br />
-    <input type="submit" name="submit" value="<?php _e('Rename') ?>" class="search" />
-    </form>
-</div>
-<?php 
-
-require('admin-footer.php');
-die();
-
-    }
-
-    if (!strlen($imgalt)) {
-        @$moved = move_uploaded_file($img1, $pathtofile); //Path to your images directory, chmod the dir to 777
-        // move_uploaded_file() can fail if open_basedir in PHP.INI doesn't
-        // include your tmp directory. Try copy instead?
-        if(!$moved) {
-            $moved = copy($img1, $pathtofile);
-        }
-        // Still couldn't get it. Give up.
-        if (!$moved) {
-            die(sprintf(__("Couldn't upload your file to %s."), $pathtofile));
-        } else {
-			chmod($pathtofile, 0666);
-            @unlink($img1);
-        }
-        
-    } else {
-        rename($img1, $pathtofile)
-        or die(sprintf(__("Couldn't upload your file to %s."), $pathtofile));
-    }
-    
-    if($_POST['thumbsize'] != 'none' ) {
-        if($_POST['thumbsize'] == 'small') {
-            $max_side = 200;
-        }
-        elseif($_POST['thumbsize'] == 'large') {
-            $max_side = 400;
-        }
-        elseif($_POST['thumbsize'] == 'custom') {
-            $max_side = intval($_POST['imgthumbsizecustom']);
-        }
-        
-        $result = wp_create_thumbnail($pathtofile, $max_side, NULL);
-        if($result != 1) {
-            print $result;
-        }
-    }
-
-if ( ereg('image/',$img1_type) )
-	$piece_of_code = "<img src='" . get_settings('fileupload_url') ."/$img1_name' alt='$imgdesc' />";
-else
-	$piece_of_code = "<a href='". get_settings('fileupload_url') . "/$img1_name' title='$imgdesc'>$imgdesc</a>";
-
-$piece_of_code = htmlspecialchars( $piece_of_code );
-?>
-
-<h3><?php _e('File uploaded!') ?></h3>
-<p><?php printf(__("Your file <code>%s</code> was uploaded successfully!"), $img1_name); ?></p>
-<p><?php _e('Here&#8217;s the code to display it:') ?></p>
-<p><code><?php echo $piece_of_code; ?></code>
-</p>
-<p><strong><?php _e('Image Details') ?></strong>: <br />
-<?php _e('Name:'); ?>
-<?php echo $img1_name; ?>
-<br />
-<?php _e('Size:') ?>
-<?php echo round($img1_size / 1024, 2); ?> <?php _e('<abbr title="Kilobyte">KB</abbr>') ?><br />
-<?php _e('Type:') ?>
-<?php echo $img1_type; ?>
-</p>
-</div>
-<p><a href="upload.php"><?php _e('Upload another') ?></a></p>
-<?php
-break;
-}
-include('admin-footer.php');
-?>

wp-admin/user-edit.php

@@ -21,59 +21,12 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }
 
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+	die(__('Invalid user ID.'));
+
 switch ($action) {
-case 'update':
-
-check_admin_referer();
-
-get_currentuserinfo();
-$edituser = get_userdata($user_id);
-if ($edituser->user_level >= $user_level) die( __('You do not have permission to edit this user.') );
-
-/* checking the nickname has been typed */
-if (empty($_POST["new_nickname"])) {
-	die (__("<strong>ERROR</strong>: please enter your nickname (can be the same as your username)"));
-	return false;
-}
-
-$new_user_login  = wp_specialchars($_POST['new_user_login']);
-$pass1 = $_POST['pass1'];
-$pass2 = $_POST['pass2'];
-do_action('check_passwords', array($new_user_login, &$pass1, &$pass2));
-
-if ( '' == $pass1 ) {
-	if ( '' != $pass2 )
-		die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
-	$updatepassword = '';
-} else {
-	if ( '' == $pass2)
-		die (__("<strong>ERROR</strong>: you typed your new password only once. Go back to type it twice."));
-	if ( $pass1 != $pass2 )
-		die (__("<strong>ERROR</strong>: you typed two different passwords. Go back to correct that."));
-	$new_pass = $pass1;
-	$updatepassword = "user_pass=MD5('$new_pass'), ";
-}
-
-$new_firstname   = wp_specialchars($_POST['new_firstname']);
-$new_lastname    = wp_specialchars($_POST['new_lastname']);
-$new_nickname    = $_POST['new_nickname'];
-$new_nicename    = sanitize_title($new_nickname, $user_id);
-$new_icq         = wp_specialchars($_POST['new_icq']);
-$new_aim         = wp_specialchars($_POST['new_aim']);
-$new_msn         = wp_specialchars($_POST['new_msn']);
-$new_yim         = wp_specialchars($_POST['new_yim']);
-$new_email       = wp_specialchars($_POST['new_email']);
-$new_url         = wp_specialchars($_POST['new_url']);
-$new_url         = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $new_url) ? $new_url : 'http://' . $new_url; 
-$new_idmode      = wp_specialchars($_POST['new_idmode']);
-$new_description = $_POST['new_description'];
-
-$result = $wpdb->query("UPDATE $wpdb->users SET user_login = '$new_user_login', user_firstname = '$new_firstname', $updatepassword user_lastname='$new_lastname', user_nickname='$new_nickname', user_icq='$new_icq', user_email='$new_email', user_url='$new_url', user_aim='$new_aim', user_msn='$new_msn', user_yim='$new_yim', user_idmode='$new_idmode', user_description = '$new_description', user_nicename = '$new_nicename' WHERE ID = $user_id");
-
-header("Location: user-edit.php?user_id=$user_id&updated=true");
-
-break;
-
 case 'switchposts':
 
 check_admin_referer();
@@ -82,130 +35,177 @@ check_admin_referer();
 
 break;
 
+case 'update':
+
+check_admin_referer('update-user_' . $user_id);
+
+$errors = array();
+
+if (!current_user_can('edit_users'))
+	die(__('You do not have permission to edit this user.'));
+else
+	$errors = edit_user($user_id);
+
+if(count($errors) == 0) {
+	wp_redirect("user-edit.php?user_id=$user_id&updated=true");
+	exit;
+}
+
 default:
 include ('admin-header.php');
 
-$edituser = get_userdata($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users')) 
+	die__('You do not have permission to edit this user.');
 
-if ($edituser->user_level >= $user_level) die( __('You do not have permission to edit this user.') );
 ?>
 
 <?php if ( isset($_GET['updated']) ) : ?>
-<div class="updated">
+<div id="message" class="updated fade">
 	<p><strong><?php _e('User updated.') ?></strong></p>
 </div>
 <?php endif; ?>
+<?php if ( count($errors) != 0 ) : ?>
+<div class="error">
+	<ul>
+	<?php
+	foreach($errors as $error) echo "<li>$error</li>";
+	?>
+	</ul>
+</div>
+<?php endif; ?>
 
 <div class="wrap">
 <h2><?php _e('Edit User'); ?></h2>
-<form name="edituser" id="edituser" action="user-edit.php" method="post">
-<table width="99%"  border="0" cellspacing="2" cellpadding="3">
-	<tr>
-		<th width="33%" scope="row"><?php _e('Username:') ?></th>
-		<td width="73%"><input type="text" name="new_user_login" id="new_user_login" value="<?php echo $edituser->user_login; ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Level:') ?></th>
-		<td><?php echo $edituser->user_level; ?></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Posts:') ?></th>
-		<td><?php echo get_usernumposts($edituser->ID); ?></td>
-	</tr>
-<?php if ( '0000-00-00 00:00:00' != $edituser->user_registered ) { ?>
-	<tr>
-		<th scope="row"><?php _e('Registered on:') ?></th>
-		<td><?php echo substr($edituser->user_registered, 0, 11); ?></td>
-	</tr>
-<?php } ?>
-	<tr>
-		<th scope="row"><?php _e('First name:') ?></th>
-		<td><input type="text" name="new_firstname" id="new_firstname" value="<?php echo $edituser->user_firstname ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Last name:') ?></th>
-		<td><input type="text" name="new_lastname" id="new_lastname2" value="<?php echo $edituser->user_lastname ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Profile:') ?></th>
-		<td><textarea name="new_description" rows="5" id="new_description" style="width: 99%; "><?php echo $edituser->user_description ?></textarea></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Nickname:') ?></th>
-		<td><input type="text" name="new_nickname" id="new_nickname" value="<?php echo $edituser->user_nickname ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('E-mail:') ?></th>
-		<td><input type="text" name="new_email" id="new_email" value="<?php echo $edituser->user_email ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Website:') ?></th>
-		<td><input type="text" name="new_url" id="new_url" value="<?php echo $edituser->user_url ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('ICQ:') ?></th>
-		<td><input type="text" name="new_icq" id="new_icq" value="<?php if ($edituser->user_icq > 0) { echo $edituser->user_icq; } ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('AIM:') ?></th>
-		<td><input type="text" name="new_aim" id="new_aim" value="<?php echo $edituser->user_aim ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('MSN IM:') ?>
-		</th>
-		<td><input type="text" name="new_msn" id="new_msn" value="<?php echo $edituser->user_msn ?>" /></td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Yahoo IM:') ?>
-		</th>
-		<td><input type="text" name="new_yim" id="new_yim" value="<?php echo $edituser->user_yim ?>" />
-		</td>
-	</tr>
-	<tr>
-		<th scope="row"><?php _e('Identity on blog:') ?>
-		</th>
-		<td><select name="new_idmode">
-				<option value="nickname"<?php
-	if ($edituser->user_idmode == 'nickname')
-	echo ' selected="selected"'; ?>><?php echo $edituser->user_nickname ?></option>
-				<option value="login"<?php
-	if ($edituser->user_idmode=="login")
-	echo ' selected="selected"'; ?>><?php echo $edituser->user_login ?></option>
-				<option value="firstname"<?php
-	if ($edituser->user_idmode=="firstname")
-	echo ' selected="selected"'; ?>><?php echo $edituser->user_firstname ?></option>
-				<option value="lastname"<?php
-	if ($edituser->user_idmode=="lastname")
-	echo ' selected="selected"'; ?>><?php echo $edituser->user_lastname ?></option>
-				<option value="namefl"<?php
-	if ($edituser->user_idmode=="namefl")
-	echo ' selected="selected"'; ?>><?php echo $edituser->user_firstname." ".$edituser->user_lastname ?></option>
-				<option value="namelf"<?php
-	if ($edituser->user_idmode=="namelf")
-	echo ' selected="selected"'; ?>><?php echo $edituser->user_lastname." ".$edituser->user_firstname ?></option>
-			</select>
-		</td>
-	</tr>
+
+<form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_id) ?>
+<p>
+<input type="hidden" name="from" value="profile" />
+<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
+</p>
+
+<fieldset>
+<legend><?php _e('Name'); ?></legend>
+<p><label><?php _e('Username: (no editing)'); ?><br />
+<input type="text" name="user_login" value="<?php echo $profileuser->user_login; ?>" disabled="disabled" />
+</label></p>
+
+<p><label><?php _e('Role:') ?><br />
+<?php
+// print_r($profileuser);
+echo '<select name="role">';
+foreach($wp_roles->role_names as $role => $name) {
+	$selected = ($profileuser->has_cap($role)) ? ' selected="selected"' : '';
+	echo "<option value=\"{$role}\"{$selected}>{$name}</option>";
+}
+echo '</select>';
+?></label></p>
+
+<p><label><?php _e('First name:') ?><br />
+<input type="text" name="first_name" value="<?php echo $profileuser->first_name ?>" /></label></p>
+
+<p><label><?php _e('Last name:') ?><br />
+<input type="text" name="last_name"  value="<?php echo $profileuser->last_name ?>" /></label></p>
+
+<p><label><?php _e('Nickname:') ?><br />
+<input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
+
+<p><label><?php _e('Display name publicly as:') ?> <br />
+<select name="display_name">
+<option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
+<option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>
+<option value="<?php echo $profileuser->user_login ?>"><?php echo $profileuser->user_login ?></option>
+<?php if ( !empty( $profileuser->first_name ) ) : ?>
+<option value="<?php echo $profileuser->first_name ?>"><?php echo $profileuser->first_name ?></option>
+<?php endif; ?>
+<?php if ( !empty( $profileuser->last_name ) ) : ?>
+<option value="<?php echo $profileuser->last_name ?>"><?php echo $profileuser->last_name ?></option>
+<?php endif; ?>
+<?php if ( !empty( $profileuser->first_name ) && !empty( $profileuser->last_name ) ) : ?>
+<option value="<?php echo $profileuser->first_name." ".$profileuser->last_name ?>"><?php echo $profileuser->first_name." ".$profileuser->last_name ?></option>
+<option value="<?php echo $profileuser->last_name." ".$profileuser->first_name ?>"><?php echo $profileuser->last_name." ".$profileuser->first_name ?></option>
+<?php endif; ?>
+</select></label></p>
+</fieldset>
+
+<fieldset>
+<legend><?php _e('Contact Info'); ?></legend>
+
+<p><label><?php _e('E-mail: (required)') ?><br />
+<input type="text" name="email" value="<?php echo $profileuser->user_email ?>" /></label></p>
+
+<p><label><?php _e('Website:') ?><br />
+<input type="text" name="url" value="<?php echo $profileuser->user_url ?>" />
+</label></p>
+
+<p><label><?php _e('AIM:') ?><br />
+<input type="text" name="aim" value="<?php echo $profileuser->aim ?>" />
+</label></p>
+
+<p><label><?php _e('Yahoo IM:') ?><br />
+<input type="text" name="yim" value="<?php echo $profileuser->yim ?>" />
+</label></p>
+
+<p><label><?php _e('Jabber / Google Talk:') ?>
+<input type="text" name="jabber" value="<?php echo $profileuser->jabber ?>" /></label>
+</p>
+</fieldset>
+<br clear="all" />
+<fieldset>
+<legend><?php _e('About the user'); ?></legend>
+<p class="desc"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></p>
+<p><textarea name="description" rows="5" cols="30"><?php echo $profileuser->description ?></textarea></p>
+</fieldset>
+
 <?php
 $show_password_fields = apply_filters('show_password_fields', true);
 if ( $show_password_fields ) :
 ?>
-	<tr>
-		<th scope="row"><?php _e('New <strong>Password</strong> (Leave blank to stay the same.)') ?></th>
-		<td><input type="password" name="pass1" size="16" value="" />
-			<br />
-			<input type="password" name="pass2" size="16" value="" /></td>
-	</tr>
+<fieldset>
+<legend><?php _e("Update User's Password"); ?></legend>
+<p class="desc"><?php _e("If you would like to change the user's password type a new one twice below. Otherwise leave this blank."); ?></p>
+<p><label><?php _e('New Password:'); ?><br />
+<input type="password" name="pass1" size="16" value="" />
+</label></p>
+<p><label><?php _e('Type it one more time:'); ?><br />
+<input type="password" name="pass2" size="16" value="" />
+</label></p>
+</fieldset>
 <?php endif; ?>
-</table>
-  <p class="submit">
+
+<?php do_action('edit_user_profile'); ?>
+
+<br clear="all" />
+  <table width="99%"  border="0" cellspacing="2" cellpadding="3" class="editform">
+    <?php
+    if(count($profileuser->caps) > count($profileuser->roles)):
+    ?>
+    <tr>
+      <th scope="row"><?php _e('Additional Capabilities:') ?></th>
+      <td><?php 
+			$output = '';
+			foreach($profileuser->caps as $cap => $value) {
+				if(!$wp_roles->is_role($cap)) {
+					if($output != '') $output .= ', ';
+					$output .= $value ? $cap : "Denied: {$cap}";
+				}
+			}
+			echo $output;
+			?></td>
+    </tr>
+    <?php
+    endif;
+    ?>
+  </table>
+<p class="submit">
 	<input type="hidden" name="action" value="update" />
 	<input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" />
     <input type="submit" value="<?php _e('Update User &raquo;') ?>" name="submit" />
-  </p>
+ </p>
 </form>
 </div>
-
 <?php
 break;
 }

wp-admin/users.php

@@ -1,191 +1,238 @@
 <?php
 require_once('admin.php');
+require_once( ABSPATH . WPINC . '/registration-functions.php');
 
 $title = __('Users');
 $parent_file = 'profile.php';
 	
-$wpvarstoreset = array('action');
-for ($i=0; $i<count($wpvarstoreset); $i += 1) {
-	$wpvar = $wpvarstoreset[$i];
-	if (!isset($$wpvar)) {
-		if (empty($_POST["$wpvar"])) {
-			if (empty($_GET["$wpvar"])) {
-				$$wpvar = '';
-			} else {
-				$$wpvar = $_GET["$wpvar"];
-			}
-		} else {
-			$$wpvar = $_POST["$wpvar"];
-		}
-	}
-}
+$action = $_REQUEST['action'];
+$update = '';
 
 switch ($action) {
-case 'adduser':
-	check_admin_referer();
-
-	$user_login     = wp_specialchars(trim($_POST['user_login']));
-	$pass1          = $_POST['pass1'];
-	$pass2          = $_POST['pass2'];
-	$user_email     = wp_specialchars(trim($_POST['email']));
-	$user_firstname = wp_specialchars(trim($_POST['firstname']));
-	$user_lastname  = wp_specialchars(trim($_POST['lastname']));
-	$user_uri       = wp_specialchars(trim($_POST['uri']));
-		
-	/* checking that username has been typed */
-	if ($user_login == '')
-		die (__('<strong>ERROR</strong>: Please enter a username.'));
-
-	/* checking the password has been typed twice */
-	do_action('check_passwords', array($user_login, &$pass1, &$pass2));
-	if ($pass1 == '' || $pass2 == '')
-		die (__('<strong>ERROR</strong>: Please enter your password twice.'));
-
-	/* checking the password has been typed twice the same */
-	if ($pass1 != $pass2)
-		die (__('<strong>ERROR</strong>: Please type the same password in the two password fields.'));
-
-	$user_nickname = $user_login;
-
-	/* checking that the username isn't already used by another user */
-	$loginthere = $wpdb->get_var("SELECT user_login FROM $wpdb->users WHERE user_login = '$user_login'");
-    if ($loginthere)
-		die (__('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
-
-	/* checking e-mail address */
-	if (empty($_POST["email"])) {
-		die (__("<strong>ERROR</strong>: please type an e-mail address"));
-		return false;
-	} else if (!is_email($_POST["email"])) {
-		die (__("<strong>ERROR</strong>: the email address isn't correct"));
-		return false;
-	}
-
-	$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users ORDER BY ID DESC LIMIT 1") + 1;
-
-	$user_nicename = sanitize_title($user_nickname, $user_ID);
-	$user_uri = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user_uri) ? $user_uri : 'http://' . $user_uri;
-	$now = gmdate('Y-m-d H:i:s');
-	$new_users_can_blog = get_settings('new_users_can_blog');
-
-	$result = $wpdb->query("INSERT INTO $wpdb->users 
-		(user_login, user_pass, user_nickname, user_email, user_ip, user_domain, user_browser, user_registered, user_level, user_idmode, user_firstname, user_lastname, user_nicename, user_url)
-	VALUES 
-		('$user_login', MD5('$pass1'), '$user_nickname', '$user_email', '$user_ip', '$user_domain', '$user_browser', '$now', '$new_users_can_blog', 'nickname', '$user_firstname', '$user_lastname', '$user_nicename', '$user_uri')");
-
-	do_action('user_register', $wpdb->insert_id);
-
-	if ($result == false)
-		die (__('<strong>ERROR</strong>: Couldn&#8217;t register you!'));
-
-	$stars = '';
-	for ($i = 0; $i < strlen($pass1); $i = $i + 1)
-		$stars .= '*';
-
-	$user_login = stripslashes($user_login);
-	$message  = sprintf(__('New user registration on your blog %s:'), get_settings('blogname')) . "\r\n\r\n";
-	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
-	$message .= sprintf(__('E-mail: %s'), $user_email) . "\r\n";
-
-	@wp_mail(get_settings('admin_email'), sprintf(__('[%s] New User Registration'), get_settings('blogname')), $message);
-	header('Location: users.php');
-break;
 
 case 'promote':
-	check_admin_referer();
+	check_admin_referer('bulk-users');
 
-	if (empty($_GET['prom'])) {
-		header('Location: users.php');
+	if (empty($_POST['users'])) {
+		wp_redirect('users.php');
+		exit();
 	}
 
-	$id = (int) $_GET['id'];
-	$prom = $_GET['prom'];
+	if ( !current_user_can('edit_users') )
+		die(__('You can&#8217;t edit users.'));
 
-	$user_data = get_userdata($id);
-	$usertopromote_level = $user_data->user_level;
+ 	$userids = $_POST['users'];
+	$update = 'promote';
+ 	foreach($userids as $id) {
+		// The new role of the current user must also have edit_users caps
+		if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) {
+			$update = 'err_admin_role';
+			continue;
+		}
 
-	if ($user_level <= $usertopromote_level) {
-		die(__('Can&#8217;t change the level of a user whose level is higher than yours.'));
+ 		$user = new WP_User($id);
+ 		$user->set_role($_POST['new_role']);
+ 	}
+		
+	wp_redirect('users.php?update=' . $update);
+	exit();
+
+break;
+
+case 'dodelete':
+
+	check_admin_referer('delete-users');
+
+	if ( empty($_POST['users']) ) {
+		wp_redirect('users.php');
+		exit();
 	}
 
-	if ('up' == $prom) {
-		$new_level = $usertopromote_level + 1;
-		$wpdb->query("UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level");
-	} elseif ('down' == $prom) {
-		$new_level = $usertopromote_level - 1;
-		$wpdb->query("UPDATE $wpdb->users SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level");
+	if ( !current_user_can('edit_users') )
+		die(__('You can&#8217;t delete users.'));
+
+	$userids = $_POST['users'];
+	
+	$update = 'del';
+ 	foreach ($userids as $id) {
+		if($id == $current_user->id) {
+			$update = 'err_admin_del';
+			continue;
+		}
+ 		switch($_POST['delete_option']) {
+		case 'delete':
+			wp_delete_user($id);
+			break;
+		case 'reassign':
+			wp_delete_user($id, $_POST['reassign_user']);
+			break;
+		}
 	}
 
-	header('Location: users.php');
-
+	wp_redirect('users.php?update=' . $update);
+	exit();
 break;
 
 case 'delete':
 
-	check_admin_referer();
+	check_admin_referer('bulk-users');
 
-	$id = (int) $_GET['id'];
-
-	if (!$id) {
-		header('Location: users.php');
+	if ( empty($_POST['users']) ) {
+		wp_redirect('users.php');
+		exit();
 	}
 
-	$user_data = get_userdata($id);
-	$usertodelete_level = $user_data->user_level;
+	if ( !current_user_can('edit_users') )
+		$error['edit_users'] = __('You can&#8217;t delete users.');
 
-	if ($user_level <= $usertodelete_level)
-		die(__('Can&#8217;t delete a user whose level is higher than yours.'));
+	$userids = $_POST['users'];
 
-	$post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_author = $id");
-	if ($post_ids) {
-		$post_ids = implode(',', $post_ids);
-		
-		// Delete comments, *backs
-		$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID IN ($post_ids)");
-		// Clean cats
-		$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id IN ($post_ids)");
-		// Clean post_meta
-		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id IN ($post_ids)");
-		// Clean links
-		$wpdb->query("DELETE FROM $wpdb->links WHERE link_owner = $id");
-		// Delete posts
-		$wpdb->query("DELETE FROM $wpdb->posts WHERE post_author = $id");
-	}
-
-	// FINALLY, delete user
-	$wpdb->query("DELETE FROM $wpdb->users WHERE ID = $id");
-	header('Location: users.php?deleted=true');
+	include ('admin-header.php');
+?>
+<form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
+<div class="wrap">
+<h2><?php _e('Delete Users'); ?></h2>
+<p><?php _e('You have specified these users for deletion:'); ?></p>
+<ul>
+<?php
+	$go_delete = false;
+ 	foreach ($userids as $id) {
+ 		$user = new WP_User($id);
+		if ($id == $current_user->id) {
+			echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
+		} else {
+			echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
+			$go_delete = true;
+		}
+ 	}
+ 	$all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login");
+ 	$user_dropdown = '<select name="reassign_user">';
+ 	foreach ($all_logins as $login) {
+		if ( $login->ID == $current_user->id || !in_array($login->ID, $userids) ) {
+ 			$user_dropdown .= "<option value=\"{$login->ID}\">{$login->user_login}</option>";
+ 		}
+ 	}
+ 	$user_dropdown .= '</select>';
+ 	?>
+ 	</ul>
+<?php if($go_delete) : ?>
+ 	<p><?php _e('What should be done with posts and links owned by this user?'); ?></p>
+	<ul style="list-style:none;">
+		<li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" />
+		<?php _e('Delete all posts and links.'); ?></label></li>
+		<li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />
+		<?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:')."</label> $user_dropdown"; ?></li>
+	</ul>
+	<input type="hidden" name="action" value="dodelete" />
+	<p class="submit"><input type="submit" name="submit" value="<?php _e('Confirm Deletion'); ?>" /></p>
+<?php else : ?>
+	<p><?php _e('There are no valid users selected for deletion.'); ?></p>
+<?php endif; ?>
+</div>
+</form>
+<?php
 
 break;
 
+case 'adduser':
+	check_admin_referer('add-user');
+	
+	$errors = add_user();
+	
+	if ( count($errors) == 0 ) {
+		wp_redirect('users.php?update=add');
+		exit();
+	}
+
 default:
 	
 	include ('admin-header.php');
+	
+	$userids = $wpdb->get_col("SELECT ID FROM $wpdb->users;");
+	
+	foreach($userids as $userid) {
+		$tmp_user = new WP_User($userid);
+		$roles = $tmp_user->roles;
+		$role = array_shift($roles);
+		$roleclasses[$role][$tmp_user->user_login] = $tmp_user;
+	}	
+	
 	?>
 
-<?php if (isset($_GET['deleted'])) : ?>
-<div class="updated"><p><?php _e('User deleted.') ?></p></div>
-<?php endif; ?>
+	<?php 
+	if (isset($_GET['update'])) : 
+		switch($_GET['update']) {
+		case 'del':
+		?>
+			<div id="message" class="updated fade"><p><?php _e('User deleted.'); ?></p></div>
+		<?php
+			break;
+		case 'add':
+		?>
+			<div id="message" class="updated fade"><p><?php _e('New user created.'); ?></p></div>
+		<?php
+			break;
+		case 'promote':
+		?>
+			<div id="message" class="updated fade"><p><?php _e('Changed roles.'); ?></p></div>
+		<?php
+			break;
+		case 'err_admin_role':
+		?>
+			<div id="message" class="error"><p><?php _e("The current user's role must have user editing capabilities."); ?></p></div>
+			<div id="message" class="updated fade"><p><?php _e('Other user roles have been changed.'); ?></p></div>
+		<?php
+			break;
+		case 'err_admin_del':
+		?>
+			<div id="message" class="error"><p><?php _e("You can't delete the current user."); ?></p></div>
+			<div id="message" class="updated fade"><p><?php _e('Other users have been deleted.'); ?></p></div>
+		<?php
+			break;
+		}
+	endif; 
+	if ( isset($errors) ) : ?>
+	<div class="error">
+		<ul>
+		<?php
+		foreach($errors as $error) echo "<li>$error</li>";
+		?>
+		</ul>
+	</div>
+	<?php 
+	endif;
+	?>
+	
+<form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
 <div class="wrap">
-  <h2><?php _e('Authors') ?></h2>
+	<h2><?php _e('User List by Role'); ?></h2>
   <table cellpadding="3" cellspacing="3" width="100%">
+	<?php
+	foreach($roleclasses as $role => $roleclass) {
+		uksort($roleclass, "strnatcasecmp");
+		?>
+
+	<tr>
+	<th colspan="8" align="left">
+  <h3><?php echo $wp_roles->role_names[$role]; ?></h3>
+  </th></tr>
+
 	<tr>
 	<th><?php _e('ID') ?></th>
-	<th><?php _e('Nickname') ?></th>
+	<th><?php _e('Username') ?></th>
 	<th><?php _e('Name') ?></th>
 	<th><?php _e('E-mail') ?></th>
 	<th><?php _e('Website') ?></th>
-	<th><?php _e('Level') ?></th>
 	<th><?php _e('Posts') ?></th>
 	<th>&nbsp;</th>
 	</tr>
 	<?php
-	$users = $wpdb->get_results("SELECT ID FROM $wpdb->users WHERE user_level > 0 ORDER BY ID");
 	$style = '';
-	foreach ($users as $user) {
-		$user_data = get_userdata($user->ID);
-		$email = $user_data->user_email;
-		$url = $user_data->user_url;
+	foreach ($roleclass as $user_object) {
+		$email = $user_object->user_email;
+		$url = $user_object->user_url;
 		$short_url = str_replace('http://', '', $url);
 		$short_url = str_replace('www.', '', $short_url);
 		if ('/' == substr($short_url, -1))
@@ -193,118 +240,74 @@ default:
 		if (strlen($short_url) > 35)
 		$short_url =  substr($short_url, 0, 32).'...';
 		$style = ('class="alternate"' == $style) ? '' : 'class="alternate"';
-		$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = $user->ID and post_status = 'publish'");
-		if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_data->ID' title='" . __('View posts') . "'>$numposts</a>";
+		$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$user_object->ID' and post_status = 'publish'");
+		if (0 < $numposts) $numposts = "<a href='edit.php?author=$user_object->ID' title='" . __('View posts') . "'>$numposts</a>";
 		echo "
 <tr $style>
-	<td align='center'>$user_data->ID</td>
-	<td><strong>$user_data->user_nickname</strong></td>
-	<td>$user_data->user_firstname $user_data->user_lastname</td>
+	<td><input type='checkbox' name='users[]' id='user_{$user_object->ID}' value='{$user_object->ID}' /> <label for='user_{$user_object->ID}'>{$user_object->ID}</label></td>
+	<td><label for='user_{$user_object->ID}'><strong>$user_object->user_login</strong></label></td>
+	<td><label for='user_{$user_object->ID}'>$user_object->first_name $user_object->last_name</label></td>
 	<td><a href='mailto:$email' title='" . sprintf(__('e-mail: %s'), $email) . "'>$email</a></td>
-	<td><a href='$url' title='website: $url'>$short_url</a></td>
-	<td align='center'>";
-	if (($user_level >= 2) and ($user_level > $user_data->user_level) and ($user_data->user_level > 0))
-		echo " <a href=\"users.php?action=promote&amp;id=".$user_data->ID."&amp;prom=down\">-</a> ";
-	echo $user_data->user_level;
-	if (($user_level >= 2) and ($user_level > ($user_data->user_level + 1)))
-		echo " <a href=\"users.php?action=promote&amp;id=".$user_data->ID."&amp;prom=up\">+</a> ";
-	echo "</td><td align='right'>$numposts</td>";
+	<td><a href='$url' title='website: $url'>$short_url</a></td>";
+	echo "<td align='right'>$numposts</td>";
 	echo '<td>';
-	if (($user_level >= 2) and ($user_level > $user_data->user_level))
-		echo "<a href='user-edit.php?user_id=$user_data->ID' class='edit'>".__('Edit')."</a>";
+	if (current_user_can('edit_users'))
+		echo "<a href='user-edit.php?user_id=$user_object->ID' class='edit'>".__('Edit')."</a>";
 	echo '</td>';
 	echo '</tr>';
 	}
 	
 	?>
 	
+
+<?php
+	}
+?>
   </table>
-</div>
 
+
+	<h2><?php _e('Update Users'); ?></h2>
 <?php
-$users = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE user_level = 0 ORDER BY ID");
-if ($users) {
-?>
-<div class="wrap">
-	<h2><?php _e('Registered Users') ?></h2>
-	<table cellpadding="3" cellspacing="3" width="100%">
-	<tr>
-		<th><?php _e('ID') ?></th>
-		<th><?php _e('Nickname') ?></th>
-		<th><?php _e('Name') ?></th>
-		<th><?php _e('E-mail') ?></th>
-		<th><?php _e('Website') ?></th>
-		<th></th>
-		<th></th>
-		<th></th>
-	</tr>
-<?php
-$style = '';
-foreach ($users as $user) {
-	$user_data = get_userdata($user->ID);
-	$email = $user_data->user_email;
-	$url = $user_data->user_url;
-	$short_url = str_replace('http://', '', $url);
-	$short_url = str_replace('www.', '', $short_url);
-	if ('/' == substr($short_url, -1))
-		$short_url = substr($short_url, 0, -1);
-	if (strlen($short_url) > 35)
-	$short_url =  substr($short_url, 0, 32).'...';
-	$style = ('class="alternate"' == $style) ? '' : 'class="alternate"';
-echo "\n<tr $style>
-<td align='center'>$user_data->ID</td>
-<td><strong>$user_data->user_nickname</strong></td>
-<td>$user_data->user_firstname $user_data->user_lastname</td>
-<td><a href='mailto:$email' title='" . sprintf(__('e-mail: %s'), $email) . "'>$email</a></td>
-<td><a href='$url' title='website: $url'>$short_url</a></td>
-<td align='center'>";
-
-	if ($user_level >= 6)
-		echo "<a href='users.php?action=promote&amp;id=$user_data->ID&amp;prom=up' class='edit'>". __('Promote') . '</a>';	
-	echo "</td>\n";
-	echo '<td>';
-	if (($user_level >= 6) and ($user_level > $user_data->user_level))
-		echo "<a href='user-edit.php?user_id=$user_data->ID' class='edit'>".__('Edit')."</a>";
-	echo '</td><td>';
-	if ($user_level >= 6)
-		echo "<a href='users.php?action=delete&amp;id=$user_data->ID' class='delete' onclick='return confirm(\"" . __('You are about to delete this user \n  OK to delete, Cancel to stop.') . "\")'>" . __('Delete'). '</a>';
-	echo '</td></tr>';
-
+$role_select = '<select name="new_role">';
+foreach($wp_roles->role_names as $role => $name) {
+	$role_select .= "<option value=\"{$role}\">{$name}</option>";
 }
-
-?>
-	
-	</table>
-	  <p><?php _e('Deleting a user also deletes all posts made by that user.') ?></p>
+$role_select .= '</select>';
+?>  
+  <ul style="list-style:none;">
+  	<li><input type="radio" name="action" id="action0" value="delete" /> <label for="action0"><?php _e('Delete checked users.'); ?></label></li>
+  	<li><input type="radio" name="action" id="action1" value="promote" /> <?php echo '<label for="action1">'.__('Set the Role of checked users to:')."</label> $role_select"; ?></li>
+  </ul>
+	<p class="submit"><input type="submit" value="<?php _e('Update &raquo;'); ?>" /></p>
 </div>
+</form>
 
-	<?php 
-	} ?>
 <div class="wrap">
 <h2><?php _e('Add New User') ?></h2>
-<?php printf(__('<p>Users can <a href="%s/wp-register.php">register themselves</a> or you can manually create users here.</p>'), get_settings('siteurl')); ?>
+<?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
 <form action="" method="post" name="adduser" id="adduser">
+  <?php wp_nonce_field('add-user') ?>
   <table class="editform" width="100%" cellspacing="2" cellpadding="5">
     <tr>
       <th scope="row" width="33%"><?php _e('Nickname') ?>
       <input name="action" type="hidden" id="action" value="adduser" /></th>
-      <td width="66%"><input name="user_login" type="text" id="user_login" /></td>
+      <td width="66%"><input name="user_login" type="text" id="user_login" value="<?php echo $new_user_login; ?>" /></td>
     </tr>
     <tr>
       <th scope="row"><?php _e('First Name') ?> </th>
-      <td><input name="firstname" type="text" id="firstname" /></td>
+      <td><input name="first_name" type="text" id="first_name" value="<?php echo $new_user_firstname; ?>" /></td>
     </tr>
     <tr>
       <th scope="row"><?php _e('Last Name') ?> </th>
-      <td><input name="lastname" type="text" id="lastname" /></td>
+      <td><input name="last_name" type="text" id="last_name" value="<?php echo $new_user_lastname; ?>" /></td>
     </tr>
     <tr>
       <th scope="row"><?php _e('E-mail') ?></th>
-      <td><input name="email" type="text" id="email" /></td>
+      <td><input name="email" type="text" id="email" value="<?php echo $new_user_email; ?>" /></td>
     </tr>
     <tr>
       <th scope="row"><?php _e('Website') ?></th>
-      <td><input name="uri" type="text" id="uri" /></td>
+      <td><input name="url" type="text" id="url" value="<?php echo $new_user_uri; ?>" /></td>
     </tr>
 <?php
 $show_password_fields = apply_filters('show_password_fields', true);

wp-admin/wp-admin.css

@@ -2,6 +2,13 @@
 	height: 100%; /* kill peekaboo bug in IE */
 }
 
+/* This is the Holly Hack \*/
+* html .wrap { height: 1% }
+/* For Win IE's eyes only */
+
+body {
+	border: none;
+}
 a {
 	border-bottom: 1px solid #69c;
 	color: #00019b;
@@ -50,36 +57,34 @@ a:visited {
 }
 
 a:hover {
-	border-bottom: 1px solid #3a75ae;
+/*	border-bottom: 1px solid #3a75ae;*/
 	color: #069;
 }
 
 body	{
-	background: #f2f2f2;
+	background: #f9fcfe;
 	color: #000;
 	margin: 0;
 	padding: 0;
 }
 
 body, td {
-	font: 10pt Georgia, "Times New Roman", Times, serif;
+	font: 13px "Lucida Grande", "Lucida Sans Unicode", Tahoma, Verdana;
 }
 
 fieldset {
-	border: 1px solid #ddd;
-	-moz-border-radius: 5px;
+	border: none;
 	padding: 3px;
 }
 
 fieldset label.selectit {
-	background: #f0f0f0;
 	display: block;
 	font-size: 11px;
 	padding: 0 2px;
 }
 
 fieldset label.selectit:hover {
-	background: #dadada;
+	background: #e9e9e9;
 }
 
 fieldset legend {
@@ -105,12 +110,25 @@ form, label input {
 }
 
 h2 {
-	border-bottom: 2px solid #69c;
+	border-bottom: .5em solid #f0f8ff;
 	color: #333;
-	font: normal 22px/18px serif;
+	font: normal 30px/5px serif;
 	margin: 5px 10px;
 }
 
+h2 small.quickjump {
+	display: block;
+	text-align: right;
+}
+
+h2 small.quickjump a {
+	text-decoration: none;
+	border-bottom: 0;
+	font-size: 15px;
+	background: #f0f8ff;
+	padding: 5px 10px;
+}
+
 img, #footer a {
 	border: 0;
 }
@@ -136,11 +154,37 @@ textarea, input, select {
 	background: #f4f4f4;
 	border: 1px solid #b2b2b2;
 	color: #000;
-	font-family: Georgia, "Times New Roman", Times, serif;
+	font:  13px Verdana, Arial, Helvetica, sans-serif;
 	margin: 1px;
 	padding: 3px;
 }
 
+#uploading {
+	border-style: none;
+	padding: 0px;
+	margin-bottom: 16px;
+	height: 15em;
+	width: 100%;
+/*	overflow-y: hidden;*/
+}
+
+form#upload th {
+	text-align: right;
+}
+
+form#upload #post_content, form#upload #post_title {
+	width: 250px;
+}
+
+form#upload #post_content {
+	height: 50px;
+}
+
+.attpreview {
+	width: 1px; /* hug */
+	text-align: center;
+}
+
 .alignleft {
 	float: left
 }
@@ -150,13 +194,41 @@ textarea, input, select {
 }
 
 .alternate {
-	background: #eee;
+	background: #f1f1f1;
 }
 
 .anchors {
 	margin: 10px 20px 10px 20px;
 }
 
+.available-theme {
+	width: 30%;
+	margin: 0 1em;
+	float: left;
+	text-align: center;
+	height: 28em;
+	overflow: hidden;
+}
+
+.available-theme a.screenshot {
+	width: 250px;
+	height: 200px;
+	display: block;
+	margin: auto;
+	background: #f1f1f1;
+	border: 1px solid #ccc;
+	margin-bottom: 10px;
+	overflow: hidden;
+}
+
+.available-theme a.screenshot:hover {
+/*	border: 1px solid #666;*/
+}
+
+.available-theme img {
+	width: 100%;
+}
+
 .checkbox {
 	background: #fff;
 	border: none;
@@ -173,8 +245,9 @@ textarea, input, select {
 	padding: .3em 1em;
 }
 
-.ed_button {
-	padding: 1px;
+.clear {
+	clear: both;
+	height: 2px;
 }
 
 .hidden {
@@ -205,7 +278,7 @@ textarea, input, select {
 }
 
 .submit input, .submit input:focus, .button {
-	background: url(../wp-images/fade-butt.png);
+	background: url( images/fade-butt.png );
 	border: 3px double #999;
 	border-left-color: #ccc;
 	border-top-color: #ccc;
@@ -220,7 +293,20 @@ textarea, input, select {
 	border-top-color: #999;
 }
 
-.submit, #quicktags, .editform th, #postcustomsubmit {
+.submit, .editform th, #postcustomsubmit {
+	text-align: right;
+}
+
+.optiontable {
+	width: 100%;
+}
+
+.optiontable td, .optiontable th {
+	padding: .5em;
+}
+
+.optiontable th {
+	width: 33%;
 	text-align: right;
 }
 
@@ -241,8 +327,15 @@ textarea, input, select {
 }
 
 .updated {
-	background: #f0f8ff;
-	border: 1px solid #69c;
+	background: #CFEBF7 url(images/notice.gif) no-repeat 1em ;
+	border: 1px solid #2580B2;
+	margin: 1em 5% 10px;
+	padding: 0 1em 0 3em;
+}
+
+.error {
+	background: #FFEFF7;
+	border: 1px solid #c69;
 	margin: 1em 5% 10px;
 	padding: 0 1em 0 1em;
 }
@@ -256,24 +349,36 @@ textarea, input, select {
 }
 
 .wrap h2 {
-	margin: 6px 0;
+	margin: .8em 0 .5em;
+	clear: both;
+}
+
+table .vers, table .name {
+	text-align: center;
+}
+
+textarea.all-options, input.all-options {
+	width: 250px;
+}
+
+input.disabled, textarea.disabled {
+	background: #ccc;
 }
 
 #adminmenu {
-	background: #fff;
-	border-bottom: 2px solid #707070;
+	background: #6da6d1;
+	border-top: 3px solid #448abd;
 	margin: 0;
-	padding: .2em;
+	padding: .2em .2em .2em 2em;
 }
 
-#adminmenu .current, #adminmenu2 .current, #ed_strong {
+#adminmenu .current, #submenu .current {
 	font-weight: bold;
 }
 
 #adminmenu a {
-	border: 1px solid #fff;
-	color: #333;
-	font-size: 16px;
+	color: #000;
+	font-size: 14px;
 	font-weight: normal;
 	margin: 0;
 	padding: 3px 5px;
@@ -281,68 +386,87 @@ textarea, input, select {
 }
 
 #adminmenu a:hover, .current {
-	background: #ccc;
-	border: 1px solid #9d9d9d;
-	color: #171717;
+	background: #ddeaf4;
+	color: #333;
 }
 
-#adminmenu li, #adminmenu2 li {
+#adminmenu li, #submenu li {
 	display: inline;
 	line-height: 200%;
 	list-style: none;
 	text-align: center;
 }
 
-#adminmenu2 {
-	background: #a3a3a3;
+#submenu {
+	background: #0d324f;
 	border-bottom: none;
 	margin: 0;
-	padding: 3px 2em 0;
+	padding: 3px 2em 0 3em;
 }
 
-#adminmenu2 .current {
-	background: #f2f2f2;
-	border-top: 1px solid #9a9a9a;
-	border-right: 2px solid #4f4f4f;
+#submenu .current {
+	background: #f9fcfe;
+	border-top: 1px solid #045290;
+	border-right: 2px solid #045290;
 	color: #000;
 }
 
-#adminmenu2 a {
+#submenu a {
 	border: none;
 	color: #fff;
 	font-size: 12px;
 	padding: .3em .4em .33em;
 }
 
-#adminmenu2 a:hover {
-	background: #f0f0f0;
+#submenu a:hover {
+	background: #ddeaf4;
 	color: #393939;
 }
 
-#adminmenu2 li {
+#submenu li {
 	line-height: 170%;
 }
 
-#categorydiv {
-	line-height: 130%;
-	margin-right: 15px;
-	position: absolute;
-	right: 5%;
-	width: 9em;
-}
-
-#categorydiv div {
-	height: 27em;
-	overflow: auto;
-}
 
 #categorydiv input, #poststatusdiv input, #commentstatusdiv input, #pingstatusdiv input {
 	border: none;
 }
 
-#content, #excerpt {
-	margin-left: 1%;
-	width: 97%;
+#titlediv, #guiddiv {
+	margin: 0 8px 0 0;
+	padding: 0px;
+}
+
+#postdiv {
+	margin: 0 8px 0 0;
+	padding: 0px;
+}
+
+#postdivrich {
+	margin: 0px;
+	padding: 0px;
+}
+
+#content {
+	margin: 0 0 0 0;
+	width: 100%;
+}
+
+#titlediv input, #guiddiv input {
+	margin: 0px;
+	width: 100%;
+}
+
+#quicktags {
+	margin-left: -1px;
+}
+
+#currenttheme img {
+	float: left;
+	border: 1px solid #666;
+	margin-right: 1em;
+	margin-bottom: 1.5em;
+	width: 300px;
 }
 
 #deletepost:hover {
@@ -350,26 +474,59 @@ textarea, input, select {
 	color: #fff;
 }
 
-#ed_del {
+#quicktags #ed_strong {
+	font-weight: bold;
+}
+
+#quicktags #ed_link {
+	color: blue;
+	text-decoration: underline;
+}
+
+#quicktags #ed_del {
 	text-decoration: line-through;
 }
 
-#ed_em {
+#quicktags #ed_em {
 	font-style: italic;
 }
 
-#excerpt {
-	height: 1.8em;
-	width: 98%;
+#quicktags #ed_code {
+	font-family: "Courier New", Courier, mono;
+}
+
+#title {
+	font-size: 1.5em;
+}
+
+#postexcerpt div, #attachmentlinks div {
+	margin-right: 8px;
+}
+
+#attachmentlinks textarea {
+	width: 100%;
+	height: 2.5em;
+	margin-bottom: 6px;
+}
+
+* html #postexcerpt .dbx-toggle-open, * html #postexcerpt .dbx-toggle-open {
+	padding-right: 8px;
+}
+
+#excerpt, .attachmentlinks {
+	margin: 0px;
+	height: 4em;
+	width: 100%;
 }
 
 #footer {
+	clear: both;
 	text-align: center;
 }
 
 #login {
 	background: #fff;
-	border: 2px solid #a2a2a2;
+	border: 1px solid #a2a2a2;
 	margin: 5em auto;
 	padding: 1.5em;
 	width: 25em;
@@ -386,13 +543,15 @@ textarea, input, select {
 }
 
 #login h1 {
-	background: url(../wp-images/wp-small.png) no-repeat;
+	background: url(images/wordpress-logo.png) no-repeat top left;
 	margin-top: 0;
 }
 
 #login h1 a {
 	display: block;
 	text-indent: -1000px;
+	height: 66px;
+	border-bottom: none;
 }
 
 #login input {
@@ -411,25 +570,23 @@ textarea, input, select {
 	text-align: center;
 }
 
-#metainfo, #postdiv, #postexcerpt {
-	clear: both;
+#login #log, #pwd {
+	font-size: 1.7em;
+	width: 80%;
 }
 
-#postcustom {
-	border: 1px solid #aaa;
-	padding: .5em;
-	width: 97%;
+#login #submit {
+	font-size: 1.7em;
 }
 
 #postcustom .updatemeta, #postcustom .deletemeta {
 	margin: auto;
-	width: 5em;
 }
 
 #postcustom table {
 	border: 1px solid #ccc;
-	margin: .5em;
-	width: 98%;
+	margin: 0px;
+	width: 100%;
 }
 
 #postcustom table input, #postcustom table textarea {
@@ -437,50 +594,28 @@ textarea, input, select {
 }
 
 #poststuff {
-	margin-right: 11em;
-}
-
-#profile {
-	margin: 10px;
-}
-
-#profile .left {
-	border-right: 1px dashed #ccc;
-	float: left;
-	margin-right: 5px;
-	padding-right: 5px;
-}
-
-#profile label {
-	float: left;
-	padding-right: 3px;
-	text-align: right;
-	width: 85px;
-}
-
-#profile p {
-	margin: 0 0 4px 0;
-}
-
-#quicktags {
-	margin-right: 1%;
+	margin-right: 16em;
 }
 
 #save {
-	width: 14em;
-}
-
-#simple #titlediv {
-	height: 4em;
+	width: 15em;
 }
 
 #template div {
 	margin-right: 190px;
 }
 
+* html #template div {
+	margin-right: 0px;
+}
+
+#template, #template div, #editcat, #addcat {
+	zoom: 1;
+}
+
 #template textarea {
 	font: small 'Courier New', Courier, monospace;
-	width: 99%;
+	width: 97%;
 }
 
 #templateside {
@@ -498,15 +633,26 @@ textarea, input, select {
 	padding: 0;
 }
 
-#titlediv, #commentstatusdiv, #postpassworddiv, #namediv, #uridiv, #emaildiv, #pageparent {
-	float: left;
-	height: 6em;
-	margin-right: 5px;
+#user_info {
+	position: absolute;
+	right: 1em;
+	top: 0;
+	color: #fff;
+	font-size: .9em;
+}
+
+#user_info a {
+	color: #fff;
 }
 
 #wphead {
-	background: url(../wp-images/header-shadow.png) #f2f2f2 repeat-x bottom;
-	padding: 1px 5px 11px;
+	background: #14568a;
+	padding: .8em 19em .8em 2em;
+	color: #c3def1;
+}
+
+#wphead a {
+	color: #fff;
 }
 
 #wphead h1 {
@@ -514,6 +660,7 @@ textarea, input, select {
 	font-weight: normal;
 	letter-spacing: -.05em;
 	margin: 0;
+	font-family: Georgia, "Times New Roman", Times, serif
 }
 
 #wphead h1 span {
@@ -530,13 +677,17 @@ textarea, input, select {
 	margin-left: 1em;
 	margin-top: .5em;
 	padding: 1em;
-	width: 27%;
+	width: 40%;
 }
 
 #zeitgeist h2, fieldset legend a {
 	border-bottom: none;
 }
 
+#zeitgeist h2 {
+	margin-top: .4em;
+}
+
 #zeitgeist h3 {
 	border-bottom: 1px solid #ccc;
 	font-size: 16px;
@@ -557,10 +708,308 @@ textarea, input, select {
 	padding: 0 0 0 .6em;
 }
 
+.active td {
+	background: #BEB;
+}
+.active .name {
+	background: #9C9;
+}
+.alternate.active td {
+	background: #ADA;
+}
+.alternate.active .name {
+	background: #8B8;
+}
 
-/* emeyer additions */
+/* A handy div class for hiding controls.
+   Some browsers will disable them when you
+   set display:none; */
+.zerosize {
+	height: 0px;
+	width: 0px;
+	margin: 0px;
+	border: 0px;
+	padding: 0px;
+	overflow: hidden;
+	position: absolute;
+}
 
-.active td {background: #BEB;}
-.active .name {background: #9C9;}
-.alternate.active td {background: #ADA;}
-.alternate.active .name {background: #8B8;}
+/* Box stuff */
+.dbx-clone {
+	position:absolute;
+	visibility:hidden;
+}
+.dbx-clone, .dbx-clone .dbx-handle-cursor {
+	cursor:move !important;
+}
+.dbx-dummy {
+	display:block;
+	width:0;
+	height:0;
+	overflow:hidden;
+}
+.dbx-group, .dbx-box, .dbx-handle {
+	position:relative;
+	display:block;
+}
+
+#grabit {
+	width: 188px;
+}
+
+* html #themeselect {
+	padding: 0px 3px;
+	height: 22px;
+}
+
+/****************************************************************
+  avoid padding, margins or borders on dbx-box, 
+  to reduce visual discrepancies between it and the clone.  
+  overall, dbx-box is best left as visually unstyled as possible 
+*****************************************************************/
+.dbx-box {
+	margin:0;
+	padding:0;
+	border:none;
+}
+
+/* Can change this */
+#moremeta fieldset, #advancedstuff fieldset {
+	margin-bottom: 1em;
+}
+#moremeta fieldset div {
+	margin: 2px 0 0 0px;
+	padding: 7px;
+}
+#moremeta {
+	line-height: 130%;
+	margin-right: 15px;
+	position: absolute;
+	right: 5%;
+	width: 14.5em;
+}
+#moremeta select {
+	width: 96%;
+}
+
+#slugdiv input, #passworddiv input, #authordiv select, #thumbdiv input, #parentdiv input {
+	margin-top: .5em;
+	width: 90%;
+}
+
+#moremeta h3, #advancedstuff h3 {
+	padding: 3px;
+	font-weight: normal;
+	font-size: 13px;
+}
+
+#advancedstuff div {
+	margin-top: .5em;
+}
+
+#categorydiv div div {
+	height: 12em;
+	overflow: auto;
+}
+
+#ajaxcat input {
+	border: 1px solid #ccc;
+}
+
+#your-profile fieldset {
+	border: 1px solid #ccc;
+	float: left;
+	width: 40%;
+	padding: .5em 2em;
+	margin: 1em; 
+}
+
+#your-profile fieldset input  {
+	width: 100%;
+	font-size: 20px;
+	padding: 2px;
+}
+
+#your-profile fieldset textarea {
+	width: 100%;
+	padding: 2px;
+}
+
+#your-profile legend {
+	font-family: Georgia, "Times New Roman", Times, serif;
+	font-size: 22px;
+}
+
+/* default box styles */
+
+/* toggle state of inner content area */
+.dbx-box-open .dbx-content {
+	display: block;
+}
+.dbx-box-closed .dbx-content {
+	display: none;
+}
+
+#moremeta .dbx-content {
+	background: url(images/box-butt.gif) no-repeat bottom right;
+	padding-bottom: 15px;
+	padding-right: 2px;
+}
+
+#moremeta fieldset.dbx-box-closed {
+	background: url(images/box-butt.gif) no-repeat bottom;
+	padding-bottom: 9px;
+}
+
+/* handles */
+
+.dbx-handle  {
+	background: #2685af;
+	padding: 6px 1em 2px;
+	font-size: 12px;
+	margin: 0;
+	color: #E3EFF5;
+}
+
+#moremeta .dbx-handle {
+	padding: 6px 1em 2px;
+	font-size: 12px;
+	background: #2685af url(images/box-head.gif) no-repeat right;
+}
+
+#moremeta .dbx-box {
+	background: url(images/box-bg.gif) repeat-y right;
+}
+
+#advancedstuff h3.dbx-handle {
+	margin-left: 7px;
+	margin-bottom: -7px;
+	padding: 6px 1em 0 3px;
+	background: #2685af url(images/box-head-right.gif) no-repeat top right;
+}
+
+#advancedstuff div.dbx-h-andle-wrapper {
+	margin: 0 0 0 -7px;
+	background: #fff url(images/box-head-left.gif) no-repeat top left;
+}
+
+#advancedstuff div.dbx-content {
+	margin-left: 8px;
+	background: url(images/box-bg-right.gif) repeat-y right;
+	padding: 10px 10px 15px 0px;
+}
+
+#postexcerpt div.dbx-content {
+	margin-right: 0;
+	padding-right: 17px;
+}
+
+#advancedstuff div.dbx-c-ontent-wrapper {
+	margin-left: -7px;
+	margin-right: 0;
+	background: url(images/box-bg-left.gif) repeat-y left;
+}
+
+#advancedstuff fieldset.dbx-box {
+	padding-bottom: 9px;
+	margin-left: 6px;
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+#advancedstuff div.dbx-b-ox-wrapper {
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box-closed div.dbx-c-ontent-wrapper {
+	padding-bottom: 2px;
+	background: url(images/box-butt-left.gif) no-repeat bottom left;
+}
+
+#advancedstuff .dbx-box {
+	background: url(images/box-butt-right.gif) no-repeat bottom right;
+}
+
+
+/* handle cursors */
+.dbx-handle-cursor {
+	cursor: move;
+}
+	
+/* toggle images */
+a.dbx-toggle, a.dbx-toggle:visited {
+	display:block;
+	overflow: hidden;
+	background-image: url( images/toggle.gif );
+	position: absolute;
+	top: 0px;
+	right: 0px;
+	background-repeat: no-repeat;
+	border: 0px;
+	margin: 0px;
+	padding: 0px;
+}
+
+#moremeta a.dbx-toggle, #moremeta a.dbx-toggle-open:visited {
+	height: 25px;
+	width: 27px;
+	background-position: 0 0px;
+}
+
+#moremeta a.dbx-toggle-open, #moremeta a.dbx-toggle-open:visited {
+	height: 25px;
+	width: 27px;
+	background-position: 0 -25px;
+}
+
+#advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
+	height: 22px;
+	width: 22px;
+	top: 3px;
+	right: 5px;
+	background-position: 0 -3px;
+}
+
+#advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
+	height: 22px;
+	width: 22px;
+	top: 3px;
+	right: 5px;
+	background-position: 0 -28px;
+}
+
+#categorychecklist {
+	margin-right: 6px;
+}
+
+/* additional clone styles */
+.dbx-clone {
+	opacity: 0.8;
+	-moz-opacity: 0.8;
+	-khtml-opacity: 0.8;
+	filter: alpha(opacity=80);
+}
+
+#newcat { width: 120px; margin-right: 5px; }
+input#catadd { 	background: #a4a4a4;
+	border-bottom: 1px solid #898989;
+	border-left: 1px solid #bcbcbc;
+	border-right: 1px solid #898989;
+	border-top: 1px solid #bcbcbc;
+	color: #fff;
+	font-size: 10px;
+	padding: 0;
+	margin: 0;
+	font-weight: bold;
+	height: 20px;
+	margin-bottom: 2px;
+	text-align: center;
+	width: 37px; }
+#howto {
+	font-size: 11px;
+	margin: 0 5px;
+	display: block;
+}
+#jaxcat {
+	margin: 0;
+	padding: 0;
+}

wp-admin/xfn.js

@@ -0,0 +1,46 @@
+function GetElementsWithClassName(elementName, className) {
+	var allElements = document.getElementsByTagName(elementName);
+	var elemColl = new Array();
+	for (i = 0; i < allElements.length; i++) {
+		if (allElements[i].className == className) {
+			elemColl[elemColl.length] = allElements[i];
+		}
+	}
+	return elemColl;
+}
+
+function meChecked() {
+  var undefined;
+  var eMe = document.getElementById('me');
+  if (eMe == undefined) return false;
+  else return eMe.checked;
+}
+
+function upit() {
+	var isMe = meChecked(); //document.getElementById('me').checked;
+	var inputColl = GetElementsWithClassName('input', 'valinp');
+	var results = document.getElementById('link_rel');
+	var linkText, linkUrl, inputs = '';
+	for (i = 0; i < inputColl.length; i++) {
+		 inputColl[i].disabled = isMe;
+		 inputColl[i].parentNode.className = isMe ? 'disabled' : '';
+		 if (!isMe && inputColl[i].checked && inputColl[i].value != '') {
+			inputs += inputColl[i].value + ' ';
+				}
+		 }
+	inputs = inputs.substr(0,inputs.length - 1);
+	if (isMe) inputs='me';
+	results.value = inputs;
+	}
+
+function blurry() {
+	if (!document.getElementById) return;
+
+	var aInputs = document.getElementsByTagName('input');
+
+	for (var i = 0; i < aInputs.length; i++) {		
+		 aInputs[i].onclick = aInputs[i].onkeyup = upit;
+	}
+}
+
+addLoadEvent(blurry);

wp-atom.php

@@ -1,10 +1,8 @@
 <?php
 
-if (empty($feed)) {
-    $blog = 1;
-		$feed = 'atom';
-    $doing_rss = 1;
-    require('wp-blog-header.php');
+if (empty($wp)) {
+	require_once('wp-config.php');
+	wp('feed=atom');
 }
 
 header('Content-type: application/atom+xml; charset=' . get_settings('blog_charset'), true);
@@ -16,6 +14,7 @@ $more = 1;
   xmlns="http://purl.org/atom/ns#"
   xmlns:dc="http://purl.org/dc/elements/1.1/"
   xml:lang="<?php echo get_option('rss_language'); ?>"
+  <?php do_action('atom_ns'); ?>
   >
 	<title><?php bloginfo_rss('name') ?></title>
 	<link rel="alternate" type="text/html" href="<?php bloginfo_rss('home') ?>" />
@@ -23,7 +22,7 @@ $more = 1;
 	<modified><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_lastpostmodified('GMT'), false); ?></modified>
 	<copyright>Copyright <?php echo mysql2date('Y', get_lastpostdate('blog'), 0); ?></copyright>
 	<generator url="http://wordpress.org/" version="<?php bloginfo_rss('version'); ?>">WordPress</generator>
-	
+	<?php do_action('atom_head'); ?>
 	<?php $items_count = 0; if ($posts) { foreach ($posts as $post) { start_wp(); ?>
 	<entry>
 	  	<author>
@@ -40,6 +39,7 @@ $more = 1;
 		<content type="<?php bloginfo('html_type'); ?>" mode="escaped" xml:base="<?php permalink_single_rss() ?>"><![CDATA[<?php the_content('', 0, '') ?>]]></content>
 <?php endif; ?>
 <?php rss_enclosure(); ?>
+<?php do_action('atom_entry'); ?>
 	</entry>
 	<?php $items_count++; if (($items_count == get_settings('posts_per_rss')) && empty($m)) { break; } } } ?>
 </feed>

wp-blog-header.php

@@ -11,253 +11,11 @@ $wp_did_header = true;
 
 require_once( dirname(__FILE__) . '/wp-config.php');
 
-$query_vars = array();
+wp();
+gzip_compression();
 
-// Process PATH_INFO and 404.
-if ((isset($_GET['error']) && $_GET['error'] == '404') ||
-		((! empty($_SERVER['PATH_INFO'])) &&
-		('/' != $_SERVER['PATH_INFO']) &&
-		 (false === strpos($_SERVER['PATH_INFO'], '.php'))
-		)) {
-
-	// If we match a rewrite rule, this will be cleared.
-	$error = '404';
-
-	// Fetch the rewrite rules.
-	$rewrite = $wp_rewrite->wp_rewrite_rules();
-
-	if (! empty($rewrite)) {
-		$pathinfo = $_SERVER['PATH_INFO'];
-		$req_uri = $_SERVER['REQUEST_URI'];      
-		$home_path = parse_url(get_settings('home'));
-		$home_path = $home_path['path'];
-
-		// Trim path info from the end and the leading home path from the
-		// front.  For path info requests, this leaves us with the requesting
-		// filename, if any.  For 404 requests, this leaves us with the
-		// requested permalink.	
-		$req_uri = str_replace($pathinfo, '', $req_uri);
-		$req_uri = str_replace($home_path, '', $req_uri);
-		$req_uri = trim($req_uri, '/');
-		$pathinfo = trim($pathinfo, '/');
-
-		// The requested permalink is in $pathinfo for path info requests and
-		//  $req_uri for other requests.
-		if (! empty($pathinfo)) {
-			$request = $pathinfo;
-		} else {
-			$request = $req_uri;
-		}
-
-		// Look for matches.
-		$request_match = $request;
-		foreach ($rewrite as $match => $query) {
-			// If the requesting file is the anchor of the match, prepend it
-			// to the path info.
-	    if ((! empty($req_uri)) && (strpos($match, $req_uri) === 0)) {
-	      $request_match = $req_uri . '/' . $request;
-	    }
-
-			if (preg_match("!^$match!", $request_match, $matches)) {
-				// Got a match.
-				// Trim the query of everything up to the '?'.
-				$query = preg_replace("!^.+\?!", '', $query);
-
-				// Substitute the substring matches into the query.
-				eval("\$query = \"$query\";");
-
-				// Parse the query.
-				parse_str($query, $query_vars);
-
-				// If we're processing a 404 request, clear the error var
-				// since we found something.
-				if (isset($_GET['error'])) {
-					unset($_GET['error']);
-				}
-
-				if (isset($error)) {
-					unset($error);
-				}
-
-				break;
-			}
-		}
-	}
- }
-
-$wpvarstoreset = array('m','p','posts','w', 'cat','withcomments','s','search','exact', 'sentence', 'debug', 'calendar','page','paged','more','tb', 'pb','author','order','orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup');
-
-$wpvarstoreset = apply_filters('query_vars', $wpvarstoreset);
-
-for ($i=0; $i<count($wpvarstoreset); $i += 1) {
-	$wpvar = $wpvarstoreset[$i];
-	if (!isset($$wpvar)) {
-		if (empty($_POST[$wpvar])) {
-			if (empty($_GET[$wpvar]) && empty($query_vars[$wpvar])) {
-				$$wpvar = '';
-			} elseif (!empty($_GET[$wpvar])) {
-				$$wpvar = $_GET[$wpvar];
-			} else {
-				$$wpvar = $query_vars[$wpvar];
-			}
-		} else {
-			$$wpvar = $_POST[$wpvar];
-		}
-	}
-}
-
-// Sending HTTP headers
-
-if ( !empty($error) && '404' == $error ) {
-	if ( preg_match('/cgi/', php_sapi_name()) )
-		@header('Status: 404 Not Found');
-	else
-		@header('HTTP/1.x 404 Not Found');
- } else if ( empty($feed) ) {
-	@header('X-Pingback: '. get_bloginfo('pingback_url'));
-	@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
-} else {
-	// We're showing a feed, so WP is indeed the only thing that last changed
-	if ( $withcomments )
-		$wp_last_modified = mysql2date('D, d M Y H:i:s', get_lastcommentmodified('GMT'), 0).' GMT';
-	else 
-		$wp_last_modified = mysql2date('D, d M Y H:i:s', get_lastpostmodified('GMT'), 0).' GMT';
-	$wp_etag = '"' . md5($wp_last_modified) . '"';
-	@header("Last-Modified: $wp_last_modified");
-	@header("ETag: $wp_etag");
-	@header('X-Pingback: ' . get_bloginfo('pingback_url'));
-
-	// Support for Conditional GET
-	if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) $client_etag = stripslashes($_SERVER['HTTP_IF_NONE_MATCH']);
-	else $client_etag = false;
-
-	$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE']);
-	// If string is empty, return 0. If not, attempt to parse into a timestamp
-	$client_modified_timestamp = $client_last_modified ? strtotime($client_last_modified) : 0;
-
-	// Make a timestamp for our most recent modification...	
-	$wp_modified_timestamp = strtotime($wp_last_modified);
-
-	if ( ($client_last_modified && $client_etag) ?
-		(($client_modified_timestamp >= $wp_modified_timestamp) && ($client_etag == $wp_etag)) :
-		(($client_modified_timestamp >= $wp_modified_timestamp) || ($client_etag == $wp_etag)) ) {
-		if ( preg_match('/cgi/',php_sapi_name()) ) {
-			header('Status: 304 Not Modified');
-			echo "\r\n\r\n";
-			exit;
-		} else {
-			if ( version_compare(phpversion(), '4.3.0', '>=') )
-				header('Not Modified', TRUE, 304);
-			else
-				header('HTTP/1.x 304 Not Modified');
-			exit;
-		}
-	}
-}
-
-$use_gzipcompression = get_settings('gzipcompression');
-
-$more_wpvars = array('posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging');
-
-// Construct the query string.
-$query_string = '';
-foreach (array_merge($wpvarstoreset, $more_wpvars) as $wpvar) {
-	if ($$wpvar != '') {
-		$query_string .= (strlen($query_string) < 1) ? '' : '&';
-		$query_string .= $wpvar . '=' . rawurlencode($$wpvar);
-	}
-}
-
-$query_string = apply_filters('query_string', $query_string);
-
-update_category_cache();
-get_currentuserinfo();
-
-// Call query posts to do the work.
-$posts = & query_posts($query_string);
-
-// Extract updated query vars back into global namespace.
-extract($wp_query->query_vars);
-
-if ( is_single() || is_page() ) {
-	$more = 1;
-	$single = 1;
-}
-
-// Issue a 404 if a permalink request doesn't match any posts.  Don't issue a
-// 404 if one was already issued, if the request was a search, or if the
-// request was a regular query string request rather than a permalink request.
-if ( (0 == count($posts)) && !is_404() && !is_search()
-		&& ( isset($rewrite) || (!empty($_SERVER['QUERY_STRING']) &&
-		(false === strpos($_SERVER['REQUEST_URI'], '?'))) ) ) {
-	$wp_query->is_404 = true;
-	if ( preg_match('/cgi/', php_sapi_name()) )
-		@header('Status: 404 Not Found');
-	else
-		@header('HTTP/1.x 404 Not Found');
-}
-
-if ($pagenow != 'post.php' && $pagenow != 'edit.php') {
-	if ( get_settings('gzipcompression') ) 
-		gzip_compression();
-}
-
-// Template redirection
-if ( defined('WP_USE_THEMES') && constant('WP_USE_THEMES') ) {
-	do_action('template_redirect');
-	if ( is_feed() && empty($doing_rss) ) {
-		include(ABSPATH . '/wp-feed.php');
-		exit;
-	} else if ( is_trackback() && empty($doing_trackback) ) {
-		include(ABSPATH . '/wp-trackback.php');
-		exit;
-	} else if ( is_404() && get_404_template() ) {
-		include(get_404_template());
-		exit;
-	} else if ( is_search() && get_search_template() ) {
-		include(get_search_template());
-		exit;
-	} else if ( is_home() && get_home_template() ) {
-		include(get_home_template());
-		exit;
-	} else if ( is_single() && get_single_template() ) {
-		include(get_single_template());
-		exit;
-	} else if ( is_page() && get_page_template() ) {
-		include(get_page_template());
-		exit;
-	} else if ( is_category() && get_category_template()) {
-		include(get_category_template());
-		exit;		
-	} else if ( is_author() && get_author_template() ) {
-		include(get_author_template());
-		exit;
-	} else if ( is_date() && get_date_template() ) {
-		include(get_date_template());
-		exit;
-	} else if ( is_archive() && get_archive_template() ) {
-		include(get_archive_template());
-		exit;
-	} else if ( is_comments_popup() && get_comments_popup_template() ) {
-		include(get_comments_popup_template());
-		exit;
-	} else if ( is_paged() && get_paged_template() ) {
-		include(get_paged_template());
-		exit;
-	} else if ( file_exists(TEMPLATEPATH . "/index.php") ) {
-		include(TEMPLATEPATH . "/index.php");
-		exit;
-	}
-} else {
-	// Process feeds and trackbacks even if not using themes.
-	if ( is_feed() && empty($doing_rss) ) {
-		include(ABSPATH . '/wp-feed.php');
-		exit;
-	} else if ( is_trackback() && empty($doing_trackback) ) {
-		include(ABSPATH . '/wp-trackback.php');
-		exit;
-	}
-}
+require_once(ABSPATH . WPINC . '/template-loader.php');
 
 endif;
-?>
+
+?>

wp-comments-post.php

@@ -1,6 +1,8 @@
 <?php
 require( dirname(__FILE__) . '/wp-config.php' );
 
+nocache_headers();
+
 $comment_post_ID = (int) $_POST['comment_post_ID'];
 
 $status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
@@ -22,19 +24,25 @@ $comment_author_url   = trim($_POST['url']);
 $comment_content      = trim($_POST['comment']);
 
 // If the user is logged in
-get_currentuserinfo();
-if ( $user_ID ) :
-	$comment_author       = addslashes($user_identity);
-	$comment_author_email = addslashes($user_email);
-	$comment_author_url   = addslashes($user_url);
-else :
+$user = wp_get_current_user();
+if ( $user->ID ) {
+	$comment_author       = $wpdb->escape($user->display_name);
+	$comment_author_email = $wpdb->escape($user->user_email);
+	$comment_author_url   = $wpdb->escape($user->user_url);
+	if ( current_user_can('unfiltered_html') ) {
+		if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
+			kses_remove_filters(); // start with a clean slate
+			kses_init_filters(); // set up the filters
+		}
+	}
+} else {
 	if ( get_option('comment_registration') )
 		die( __('Sorry, you must be logged in to post a comment.') );
-endif;
+}
 
 $comment_type = '';
 
-if ( get_settings('require_name_email') && !$user_ID ) {
+if ( get_settings('require_name_email') && !$user->ID ) {
 	if ( 6 > strlen($comment_author_email) || '' == $comment_author )
 		die( __('Error: please fill the required fields (name, email).') );
 	elseif ( !is_email($comment_author_email))
@@ -46,18 +54,18 @@ if ( '' == $comment_content )
 
 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'user_ID');
 
-wp_new_comment($commentdata);
+$comment_id = wp_new_comment( $commentdata );
 
-setcookie('comment_author_' . COOKIEHASH, stripslashes($comment_author), time() + 30000000, COOKIEPATH);
-setcookie('comment_author_email_' . COOKIEHASH, stripslashes($comment_author_email), time() + 30000000, COOKIEPATH);
-setcookie('comment_author_url_' . COOKIEHASH, stripslashes($comment_author_url), time() + 30000000, COOKIEPATH);
+if ( !$user->ID ) :
+	$comment = get_comment($comment_id);
+	setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
+endif;
 
-header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
-header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
-header('Cache-Control: no-cache, must-revalidate, max-age=0');
-header('Pragma: no-cache');
-
-$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
+$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
+$location = apply_filters('comment_post_redirect', $location, $comment);
 
 wp_redirect($location);
-?>
+
+?>

wp-commentsrss2.php

@@ -1,9 +1,8 @@
 <?php 
-if ( empty($feed) ) {
-	$feed = 'rss2';
-	$withcomments = 1;
-	$doing_rss = 1;
-	require('wp-blog-header.php');
+
+if (empty($wp)) {
+	require_once('wp-config.php');
+	wp('feed=rss2&withcomments=1');
 }
 
 header('Content-type: text/xml;charset=' . get_settings('blog_charset'), true);
@@ -21,7 +20,7 @@ if (have_posts()) :
 	if ($i < 1) {
 		$i++;
 ?>
-	<title><?php if (is_single() || is_page()) { echo "Comments on: "; the_title_rss(); } else { bloginfo_rss("name"); echo " Comments"; } ?></title>
+	<title><?php if (is_single() || is_page() ) { printf(__('Comments on: %s'), get_the_title_rss()); } else { printf(__('Comments for %s'), get_bloginfo_rss("name")); } ?></title>
 	<link><?php (is_single()) ? permalink_single_rss() : bloginfo_rss("url") ?></link>
 	<description><?php bloginfo_rss("description") ?></description>
 	<pubDate><?php echo gmdate('r'); ?></pubDate>
@@ -33,35 +32,40 @@ if (have_posts()) :
 			comment_author_url, comment_date, comment_date_gmt, comment_content, comment_post_ID, 
 			$wpdb->posts.ID, $wpdb->posts.post_password FROM $wpdb->comments 
 			LEFT JOIN $wpdb->posts ON comment_post_id = id WHERE comment_post_ID = '$id' 
-			AND $wpdb->comments.comment_approved = '1' AND ($wpdb->posts.post_status = 'publish' OR $wpdb->posts.post_status = 'static') 
-			AND post_date < '".date("Y-m-d H:i:59")."' 
-			ORDER BY comment_date DESC LIMIT " . get_settings('posts_per_rss') );
+			AND $wpdb->comments.comment_approved = '1' AND $wpdb->posts.post_status IN ('publish', 'static', 'object') 
+			AND post_date_gmt < '" . gmdate("Y-m-d H:i:59") . "' 
+			ORDER BY comment_date_gmt DESC LIMIT " . get_settings('posts_per_rss') );
 		} else { // if no post id passed in, we'll just ue the last 10 comments.
 			$comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_author_email, 
 			comment_author_url, comment_date, comment_date_gmt, comment_content, comment_post_ID, 
 			$wpdb->posts.ID, $wpdb->posts.post_password FROM $wpdb->comments 
-			LEFT JOIN $wpdb->posts ON comment_post_id = id WHERE ($wpdb->posts.post_status = 'publish' OR $wpdb->posts.post_status = 'static') 
-			AND $wpdb->comments.comment_approved = '1' AND post_date < '".date("Y-m-d H:i:s")."'  
-			ORDER BY comment_date DESC LIMIT " . get_settings('posts_per_rss') );
+			LEFT JOIN $wpdb->posts ON comment_post_id = id WHERE $wpdb->posts.post_status IN ('publish', 'static', 'object') 
+			AND $wpdb->comments.comment_approved = '1' AND post_date_gmt < '" . gmdate("Y-m-d H:i:s") . "'  
+			ORDER BY comment_date_gmt DESC LIMIT " . get_settings('posts_per_rss') );
 		}
 	// this line is WordPress' motor, do not delete it.
 		if ($comments) {
 			foreach ($comments as $comment) {
+				// Some plugins may need to know the metadata
+				// associated with this comment's post:
+				get_post_custom($comment->comment_post_ID);
 ?>
 	<item>
- 		<title><?php if ( (! is_single()) || (! is_page()) ) {
- 			$title = get_the_title($comment->comment_post_ID);
- 			$title = apply_filters('the_title', $title);
- 			$title = apply_filters('the_title_rss', $title);
- 			echo "Comment on $title";
- 		} ?> by: <?php comment_author_rss() ?></title>
+		<title><?php if ( ! (is_single() || is_page()) ) {
+			$title = get_the_title($comment->comment_post_ID);
+			$title = apply_filters('the_title', $title);
+			$title = apply_filters('the_title_rss', $title);
+			printf(__('Comment on %1$s by %2$s'), $title, get_comment_author_rss());
+		} else {	
+			printf(__('by: %s'), get_comment_author_rss());			
+		} ?></title>
 		<link><?php comment_link() ?></link>
 		<pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate>
 		<guid><?php comment_link() ?></guid>
 			<?php 
 			if (!empty($comment->post_password) && $_COOKIE['wp-postpass'] != $comment->post_password) {
 			?>
-		<description>Protected Comments: Please enter your password to view comments.</description>
+		<description><?php _e('Protected Comments: Please enter your password to view comments.'); ?></description>
 		<content:encoded><![CDATA[<?php echo get_the_password_form() ?>]]></content:encoded>
 			<?php
 			} else {

wp-config-sample.php

@@ -1,12 +1,12 @@
 <?php
 // ** MySQL settings ** //
-define('DB_NAME', 'wordpress');     // The name of the database
+define('DB_NAME', 'wordpress');    // The name of the database
 define('DB_USER', 'username');     // Your MySQL username
 define('DB_PASSWORD', 'password'); // ...and password
-define('DB_HOST', 'localhost');     // 99% chance you won't need to change this value
+define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
 
-// Change the prefix if you want to have multiple blogs in a single database.
-$table_prefix  = 'wp_';   // example: 'wp_' or 'b2' or 'mylogin_'
+// You can have multiple installations in one database if you give each a unique prefix
+$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!
 
 // Change this to localize WordPress.  A corresponding MO file for the
 // chosen language must be installed to wp-includes/languages.
@@ -14,7 +14,7 @@ $table_prefix  = 'wp_';   // example: 'wp_' or 'b2' or 'mylogin_'
 // to enable German language support.
 define ('WPLANG', '');
 
-/* Stop editing */
+/* That's all, stop editing! Happy blogging. */
 
 define('ABSPATH', dirname(__FILE__).'/');
 require_once(ABSPATH.'wp-settings.php');

wp-content/index.php

@@ -0,0 +1,3 @@
+<?php
+// Silence is golden.
+?>

wp-content/plugins/hello.php

@@ -2,9 +2,9 @@
 /*
 Plugin Name: Hello Dolly
 Plugin URI: http://wordpress.org/#
-Description: This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong. Hello, Dolly. This is, by the way, the world's first official WordPress plugin. When enabled you will randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of your admin screen on every page.
+Description: This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of your admin screen on every page.
 Author: Matt Mullenweg
-Version: 1.0
+Version: 1.5
 Author URI: http://photomatt.net/
 */ 
 
@@ -58,11 +58,11 @@ function dolly_css() {
 	<style type='text/css'>
 	#dolly {
 		position: absolute;
-		top: 5px;
+		top: 2.3em;
 margin: 0; padding: 0;
-		right: 3em;
-		font-size: 20px;
-		color: #666;
+		right: 1em;
+		font-size: 16px;
+		color: #f1f1f1;
 	}
 	</style>
 	";

wp-content/plugins/textile1.php

@@ -1,390 +0,0 @@
-<?php
-/*
-Plugin Name: Textile 1
-Version: 1.0
-Plugin URI: http://www.huddledmasses.org/
-Description: This is a simple wrapper for <a href="http://textism.com/?wp">Dean Allen's</a> Humane Web Text Generator, also known as <a href="http://www.textism.com/tools/textile/">Textile</a>. If you use this plugin you should disable Textile 2 and Markdown, as they don't play well together.
-Author: Dean Allen
-Author URI: http://www.textism.com/?wp
-*/
-
-/*
-
-This is Textile
-A Humane Web Text Generator
-
-Version 1.0
-21 Feb, 2003
-
-Copyright (c) 2003, Dean Allen, www.textism.com
-All rights reserved.
-
-_______
-LICENSE
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice,
-  this list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name Textile nor the names of its contributors may be used to
-  endorse or promote products derived from this software without specific
-  prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
-*/
-
-
-	function textile($text) {
-	$text = stripslashes($text);
-
-	$text = preg_replace("/&(?![#a-zA-Z0-9]+;)/","x%x%",$text);
-
-	if (function_exists('mb_encode_numericentity')) {
-		$text = encode_high($text);
-	} else {
-		$text = htmlentities($text,ENT_NOQUOTES,"utf-8");
-	}
-
-	$text = str_replace(array("&gt;", "&lt;", "&amp;"), array(">", "<", "&"), $text);
-
-	$text = str_replace("\r\n", "\n", $text);
-
-	$text = str_replace("\t", "", $text);
-
-	$text = preg_split("/\n/",$text);
-	foreach($text as $line){
-		$line = rtrim($line);
-		$lineout[] = $line;
-	}
-
-	$text = implode("\n",$lineout);
-
-	$text = preg_replace('/(^|\s)==(.*)==(\s|$)?/msU','$1<notextile>$2</notextile>$3',$text);
-
-	$text = preg_replace('/!([^\s\(=]+)\s?(?:\(([^\)]+)\))?!(\s)?/mU','<img src="$1" alt="$2" border="0" />$3',$text);
-
-	$text = preg_replace('/(<img.+ \/>):(\S+)(\s)/U','<a href="$2">$1</a>$3',$text);
-
-	$text = preg_replace(
-		'/
-		([\s[{(]|[[:punct:]])?		# 1 optional space or brackets before
-		"							#   starting "
-		([^"\(]+)					# 2 text of link
-		\s?							#   opt space
-		(?:\(([^\(]*)\))?			# 3 opt title attribute in parenths
-		":							#   dividing ":
-		(\S+\b)						# 4 suppose this is the url
-		(\/)?						# 5 opt trailing slash
-		([^[:alnum:]\/;]*)			# 6 opt punctuation after the url
-		(\s|$)						# 7 either white space or end of string
-		/x',
-		'$1<a href="$4$5" title="$3">$2</a>$6$7',$text);
-
-	$qtags = array(
-		'\*\*'=>'b',
-		'\*'=>'strong',
-		'\?\?'=>'cite',
-		'-'=>'del',
-		'\+'=>'ins',
-		'~'=>'sub',
-		'@'=>'code');
-
-	foreach($qtags as $f=>$r){
-		$text = preg_replace(
-			'/(^|\s|>)'.$f.'\b(.+)\b([[:punct:]]*)'.$f.'([[:punct:]]{0,2})(\s|$)?/mU',
-			'$1<'.$r.'>$2$3</'.$r.'>$4$5',
-			$text);
-	}
-
-	$text = preg_replace('/(^|\s)__(.*)__([[:punct:]]{0,2})(\s|$)?/mU','$1<i>$2</i>$3$4',$text);
-	$text = preg_replace('/(^|\s)_(.*)_([[:punct:]]{0,2})(\s|$)?/mU','$1<em>$2</em>$3$4',$text);
-
-	$text = preg_replace('/\^(.*)\^/mU','<sup>$1</sup>',$text);
-
-	$text = preg_replace('/"$/',"\" ", $text);
-	$glyph_search = array(
-		'/([^\s[{(>])?\'(?(1)|(?=\s|s\b))/',					# single closing
-		'/\'/',													# single opening
-		'/([^\s[{(])?"(?(1)|(?=\s))/',							# double closing
-		'/"/',													# double opening
-		'/\b( )?\.{3}/',										# ellipsis
-		'/\b([A-Z][A-Z0-9]{2,})\b(?:[(]([^)]*)[)])/',			# 3+ uppercase acronym
-		'/(^|[^"][>\s])([A-Z][A-Z0-9 ]{2,})([^<a-z0-9]|$)/',	# 3+ uppercase caps
-		'/\s?--\s?/',											# em dash
-		'/\s-\s/',												# en dash
-		'/(\d+) ?x ?(\d+)/',									# dimension sign
-		'/\b ?[([]TM[])]/i',									# trademark
-		'/\b ?[([]R[])]/i',										# registered
-		'/\b ?[([]C[])]/i');									# copyright
-
-	$glyph_replace = array(
-		'$1&#8217;$2',							# single closing
-		'&#8216;',								# single opening
-		'$1&#8221;',							# double closing
-		'&#8220;',								# double opening
-		'$1&#8230;',							# ellipsis
-		'<acronym title="$2">$1</acronym>',		# 3+ uppercase acronym
-		'$1<span class="caps">$2</span>$3',		# 3+ uppercase caps
-		'&#8212;',								# em dash
-		' &#8211; ',							# en dash
-		'$1&#215;$2',							# dimension sign
-		'&#8482;',								# trademark
-		'&#174;',								# registered
-		'&#169;');								# copyright
-
-	$codepre = false;
-
-	if(!preg_match("/<.*>/",$text)){
-		$text = preg_replace($glyph_search,$glyph_replace,$text);
-	} else {
-
-		$text = preg_split("/(<.*>)/U",$text,-1,PREG_SPLIT_DELIM_CAPTURE);
-			foreach($text as $line){
-
-					# matches are off if we're between <code>, <pre> etc.
-				if(preg_match('/<(code|pre|kbd|notextile)>/i',$line)){$codepre = true; }
-				if(preg_match('/<\/(code|pre|kbd|notextile)>/i',$line)){$codepre = false; }
-
-				if(!preg_match("/<.*>/",$line) && $codepre == false){
-					$line = preg_replace($glyph_search,$glyph_replace,$line);
-				}
-
-				# convert htmlspecial if between <code>
-				if ($codepre == true){
-					$line = htmlspecialchars($line,ENT_NOQUOTES,"UTF-8");
-					$line = str_replace("&lt;pre&gt;","<pre>",$line);
-					$line = str_replace("&lt;code&gt;","<code>",$line);
-					$line = str_replace("&lt;notextile&gt;","<notextile>",$line);
-					$line = str_replace("&lt;kbd&gt;","<kbd>",$line);
-				}
-
-				# each line gets pushed to a new array
-			$glyph_out[] = $line;
-		}
-			# $text is now the new array, cast to a string
-		$text = implode('',$glyph_out);
-	}
-
-	$text = preg_replace("/(\S)(_*)([[:punct:]]*) *\n([^#*\s])/", "$1$2$3<br />$4", $text);
-
-	$text = str_replace("l><br />", "l>\n", $text);
-
-	$text = preg_split("/\n/",$text);
-
-	array_push($text," ");
-
-			$list = '';
-			$pre = false;
-
-			$block_find = array(
-				'/^\s?\*\s(.*)/',						# bulleted list *
-				'/^\s?#\s(.*)/',						# numeric list #
-				'/^bq\. (.*)/',							# blockquote bq.
-				'/^h(\d)\(([[:alnum:]]+)\)\.\s(.*)/',	# header hn(class).  w/ css class
-				'/^h(\d)\. (.*)/',						# plain header hn.
-				'/^p\(([[:alnum:]]+)\)\.\s(.*)/',		# para p(class).  w/ css class
-				'/^p\. (.*)/i',	 						# plain paragraph
-				'/^([^\t ]+.*)/i'						# remaining plain paragraph
-				);
-
-			$block_replace = array(
-				"\t\t<li>$1</li>",
-				"\t\t\t<li>$1</li>",
-				"\t<blockquote>$1</blockquote>",
-				"\t<h$1 class=\"$2\">$3</h$1>$4",
-				"\t<h$1>$2</h$1>$3",
-				"\t<p class=\"$1\">$2</p>$3",
-				"\t<p>$1</p>",
-				"\t<p>$1</p>$2"
-				);
-
-	foreach($text as $line){
-
-			if(preg_match('/<pre>/i',$line)){$pre = true; }
-
-			if ($pre == false){
-				$line = preg_replace($block_find,$block_replace,$line);
-			}
-
-			if ($pre == true){
-				$line = str_replace("<br />","\n",$line);
-			}
-				if(preg_match('/<\/pre>/i',$line)){$pre = false; }
-
-			if ($list == '' && preg_match('/^\t\t<li>/',$line)){
-					$list = "ul";
-				$line = preg_replace('/^(\t\t<li>.*)/',"\t<ul>\n$1",$line);
-
-			} else if ($list == '' && preg_match('/^\t\t\t<li>/',$line)){
-					$list = "ol";
-				$line = preg_replace('/^\t(\t\t<li>.*)/',"\t<ol>\n$1",$line);
-
-			# at the end of a ul
-			} else if ($list == 'ul' && !preg_match('/^\t\t<li>/',$line)){
-					$list = '';
-				$line = preg_replace('/^(.*)$/',"\t</ul>\n$1",$line);
-
-			# at the end of a ol
-			} else if ($list == 'ol' && !preg_match('/^\t\t\t<li>/',$line)){
-					$list = '';
-				$line = preg_replace('/^(.*)$/',"\t</ol>\n$1",$line);
-			}
-
-			$block_out[] = $line;
-	}
-	$text = implode("\n",$block_out);
-	$text = preg_replace('/<\/?notextile>/', "",$text);
-	$text = str_replace("x%x%","&#38;",$text);
-	$text = str_replace("<br />","<br />\n",$text);
-	return $text;
-}
-
-function callback_url($text,$title='',$url) {
-		$out = 'a href="'.$url.'"';
-		$out.=($title!='')?' title="'.$title.'"':'';
-		$out.='>$text</a>';
-		return $out;
-	}
-
-
-
-function textile_popup_help($name,$helpvar,$windowW,$windowH) {
-	$out = $name;
-	$out .= ' <a target="_blank" href="http://www.textpattern.com/help/?item='.$helpvar.'"';
-	$out .= ' onclick="window.open(this.href, \'popupwindow\', \'width='.$windowW.',height='.$windowH.',scrollbars,resizable\'); return false;" style="color:blue;background-color:#ddd">?</a><br />';
-	print $out;
-}
-
-
-function encode_high($text) {
-	$cmap = cmap();
-	return mb_encode_numericentity($text, $cmap, "UTF-8");
-}
-
-
-function decode_high($text) {
-	$cmap = cmap();
-	return mb_decode_numericentity($text, $cmap, "UTF-8");
-}
-
-
-function cmap() {
-
-	$f = 0xffff;
-
-	$cmap = array(
-	 160,  255,  0, $f,
-	 402,  402,  0, $f,
-	 913,  929,  0, $f,
-	 931,  937,  0, $f,
-	 945,  969,  0, $f,
-	 977,  978,  0, $f,
-	 982,  982,  0, $f,
-	 8226, 8226, 0, $f,
-	 8230, 8230, 0, $f,
-	 8242, 8243, 0, $f,
-	 8254, 8254, 0, $f,
-	 8260, 8260, 0, $f,
-	 8465, 8465, 0, $f,
-	 8472, 8472, 0, $f,
-	 8476, 8476, 0, $f,
-	 8482, 8482, 0, $f,
-	 8501, 8501, 0, $f,
-	 8592, 8596, 0, $f,
-	 8629, 8629, 0, $f,
-	 8656, 8660, 0, $f,
-	 8704, 8704, 0, $f,
-	 8706, 8707, 0, $f,
-	 8709, 8709, 0, $f,
-	 8711, 8713, 0, $f,
-	 8715, 8715, 0, $f,
-	 8719, 8719, 0, $f,
-	 8721, 8722, 0, $f,
-	 8727, 8727, 0, $f,
-	 8730, 8730, 0, $f,
-	 8733, 8734, 0, $f,
-	 8736, 8736, 0, $f,
-	 8743, 8747, 0, $f,
-	 8756, 8756, 0, $f,
-	 8764, 8764, 0, $f,
-	 8773, 8773, 0, $f,
-	 8776, 8776, 0, $f,
-	 8800, 8801, 0, $f,
-	 8804, 8805, 0, $f,
-	 8834, 8836, 0, $f,
-	 8838, 8839, 0, $f,
-	 8853, 8853, 0, $f,
-	 8855, 8855, 0, $f,
-	 8869, 8869, 0, $f,
-	 8901, 8901, 0, $f,
-	 8968, 8971, 0, $f,
-	 9001, 9002, 0, $f,
-	 9674, 9674, 0, $f,
-	 9824, 9824, 0, $f,
-	 9827, 9827, 0, $f,
-	 9829, 9830, 0, $f,
-	 338,  339,  0, $f,
-	 352,  353,  0, $f,
-	 376,  376,  0, $f,
-	 710,  710,  0, $f,
-	 732,  732,  0, $f,
-	 8194, 8195, 0, $f,
-	 8201, 8201, 0, $f,
-	 8204, 8207, 0, $f,
-	 8211, 8212, 0, $f,
-	 8216, 8218, 0, $f,
-	 8218, 8218, 0, $f,
-	 8220, 8222, 0, $f,
-	 8224, 8225, 0, $f,
-	 8240, 8240, 0, $f,
-	 8249, 8250, 0, $f,
-	 8364, 8364, 0, $f
-	 );
-
-	return $cmap;
-}
-
-
-function linkit($text,$title,$url){
-    $url = preg_replace("/&(?!amp;)/","&amp;",$url);
-    $out = '<a href="'.$url;
-    if ($title!='') {
-		$title = trim($title);
-        $out .= ' title="'.$title;
-    }
-    $out .= '>'.$text.'</a>';
-
-    return $out;
-}
-
-// And now for the filters
-remove_filter('the_content', 'wpautop');
-remove_filter('the_excerpt', 'wpautop');
-remove_filter('comment_text', 'wpautop');
-
-remove_filter('the_content', 'wptexturize');
-remove_filter('the_excerpt', 'wptexturize');
-remove_filter('comment_text', 'wptexturize');
-
-add_filter('the_content', 'textile', 6);
-add_filter('the_excerpt', 'textile', 6);
-add_filter('comment_text', 'textile', 6);
-
-?>

wp-content/themes/classic/comments-popup.php

@@ -29,11 +29,10 @@ foreach ($posts as $post) { start_wp();
 
 <?php
 // this line is WordPress' motor, do not delete it.
-$comment_author = (isset($_COOKIE['comment_author_' . COOKIEHASH])) ? trim($_COOKIE['comment_author_'. COOKIEHASH]) : '';
-$comment_author_email = (isset($_COOKIE['comment_author_email_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_email_'. COOKIEHASH]) : '';
-$comment_author_url = (isset($_COOKIE['comment_author_url_'. COOKIEHASH])) ? trim($_COOKIE['comment_author_url_'. COOKIEHASH]) : '';
-$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved = '1' ORDER BY comment_date");
-$commentstatus = $wpdb->get_row("SELECT comment_status, post_password FROM $wpdb->posts WHERE ID = $id");
+$commenter = wp_get_current_commenter();
+extract($commenter);
+$comments = get_approved_comments($id);
+$commentstatus = get_post($id);
 if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $commentstatus->post_password) {  // and it doesn't match the cookie
 	echo(get_the_password_form());
 } else { ?>
@@ -61,7 +60,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author"><?php _e("Name"); ?></label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>
 
 	<p>