Tagging 2.0.9

git-svn-id: http://svn.automattic.com/wordpress/tags/2.0.9@4898 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bump
2007-02-20 19:57:45 +00:00 · 2007-02-20 19:44:39 +00:00 · 2007-02-17 20:20:59 +00:00 · 2007-02-16 00:37:16 +00:00 · 2007-02-13 21:47:54 +00:00 · 2007-02-13 18:36:27 +00:00
81 changed files with 1147 additions and 461 deletions
--- a/readme.html
+++ b/readme.html
@@ -80,7 +80,7 @@
 	<dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
 	<dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible. </dd>
 	<dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
-	<dd>Finally, there is an online chat channel that is used for discussion amoung people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpresss) </dd>
+	<dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress) </dd>
 </dl>

 <h1 id="requirements">System Recommendations</h1>
--- a/wp-admin/admin-db.php
+++ b/wp-admin/admin-db.php
@@ -34,7 +34,7 @@ function get_editable_authors( $user_id ) {
 		return false;
 	} else {
 		$editable = join(',', $editable);
-		$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable)" );
+		$authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
 	}

 	return apply_filters('get_editable_authors', $authors);
@@ -266,23 +266,55 @@ function wp_insert_link($linkdata) {
 	extract($linkdata);

 	$update = false;
+
 	if ( !empty($link_id) )
 		$update = true;

+	if( trim( $link_name ) == '' )
+		return 0;
+	$link_name = apply_filters('pre_link_name', $link_name);
+
+	if( trim( $link_url ) == '' )
+		return 0;
+	$link_url = apply_filters('pre_link_url', $link_url);
+
 	if ( empty($link_rating) )
 		$link_rating = 0;	
+	else
+		$link_rating = (int) $link_rating;
+
+	if ( empty($link_image) )
+		$link_image = '';
+	$link_image = apply_filters('pre_link_image', $link_image);

 	if ( empty($link_target) )
 		$link_target = '';	
+	$link_target = apply_filters('pre_link_target', $link_target);

 	if ( empty($link_visible) )
 		$link_visible = 'Y';
-		
+	$link_visibile = preg_replace('/[^YNyn]/', '', $link_visible);
+
 	if ( empty($link_owner) )
 		$link_owner = $current_user->id;
+	else
+		$link_owner = (int) $link_owner;

 	if ( empty($link_notes) )
 		$link_notes = '';
+	$link_notes = apply_filters('pre_link_notes', $link_notes);
+
+	if ( empty($link_description) )
+		$link_description = '';
+	$link_description = apply_filters('pre_link_description', $link_description);
+
+	if ( empty($link_rss) )
+		$link_rss = '';
+	$link_rss = apply_filters('pre_link_rss', $link_rss);
+
+	if ( empty($link_rel) )
+		$link_rel = '';
+	$link_rel = apply_filters('pre_link_rel', $link_rel);

 	if ( $update ) {
 		$wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
--- a/wp-admin/admin-footer.php
+++ b/wp-admin/admin-footer.php
@@ -2,7 +2,7 @@
 <div id="footer"><p><a href="http://wordpress.org/" id="wordpress-logo"><img src="images/wordpress-logo.png" alt="WordPress" /></a></p>
 <p>
 <a href="http://codex.wordpress.org/"><?php _e('Documentation'); ?></a> &#8212; <a href="http://wordpress.org/support/"><?php _e('Support Forums'); ?></a> <br />
-<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), number_format(timer_stop(), 2)); ?>
+<?php bloginfo('version'); ?> &#8212; <?php printf(__('%s seconds'), timer_stop(0, 2)); ?>
 </p>

 </div>
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -265,6 +265,8 @@ function get_post_to_edit($id) {
 	$post->post_title = format_to_edit($post->post_title);
 	$post->post_title = apply_filters('title_edit_pre', $post->post_title);

+    $post->post_password = format_to_edit($post->post_password); 
+
 	if ($post->post_status == 'static')
 		$post->page_template = get_post_meta($id, '_wp_page_template', true);

@@ -287,7 +289,7 @@ function get_default_post_to_edit() {
 	else if ( !empty($post_title) ) {
 		$text       = wp_specialchars(stripslashes(urldecode($_REQUEST['text'])));
 		$text       = funky_javascript_fix($text);
-		$popupurl   = wp_specialchars($_REQUEST['popupurl']);
+		$popupurl   = attribute_escape(stripslashes($_REQUEST['popupurl']));
        $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
    }

@@ -333,6 +335,23 @@ function get_category_to_edit($id) {
 	return $category;
 }

+function get_user_to_edit($user_id) {
+	$user = new WP_User($user_id);
+	$user->user_login   = attribute_escape($user->user_login);
+	$user->user_email   = attribute_escape($user->user_email);
+	$user->user_url     = attribute_escape($user->user_url);
+	$user->first_name   = attribute_escape($user->first_name);
+	$user->last_name    = attribute_escape($user->last_name);
+	$user->display_name = attribute_escape($user->display_name);
+	$user->nickname     = attribute_escape($user->nickname);
+	$user->aim          = attribute_escape($user->aim);
+	$user->yim          = attribute_escape($user->yim);
+	$user->jabber       = attribute_escape($user->jabber);
+	$user->description  =  wp_specialchars($user->description);
+
+	return $user;
+}
+
 // Creates a new user from the "Users" form using $_POST information.

 function add_user() {
@@ -381,7 +400,7 @@ function edit_user($user_id = 0) {
 	if (isset ($_POST['display_name']))
 		$user->display_name = wp_specialchars(trim($_POST['display_name']));
 	if (isset ($_POST['description']))
-		$user->description = wp_specialchars(trim($_POST['description']));
+		$user->description = trim($_POST['description']);
 	if (isset ($_POST['jabber']))
 		$user->jabber = wp_specialchars(trim($_POST['jabber']));
 	if (isset ($_POST['aim']))
@@ -447,24 +466,27 @@ function edit_user($user_id = 0) {

 function get_link_to_edit($link_id) {
 	$link = get_link($link_id);
-	
-	$link->link_url = wp_specialchars($link->link_url, 1);
-	$link->link_name = wp_specialchars($link->link_name, 1);
-	$link->link_description = wp_specialchars($link->link_description);
-	$link->link_notes = wp_specialchars($link->link_notes);
-	$link->link_rss = wp_specialchars($link->link_rss);
-	
+
+	$link->link_url         = attribute_escape($link->link_url);
+	$link->link_name        = attribute_escape($link->link_name);
+	$link->link_image       = attribute_escape($link->link_image);
+	$link->link_description = attribute_escape($link->link_description);
+	$link->link_rss         = attribute_escape($link->link_rss);
+	$link->link_rel         = attribute_escape($link->link_rel);
+	$link->link_notes       =  wp_specialchars($link->link_notes);
+	$link->post_category    = $link->link_category;
+
 	return $link;
 }

 function get_default_link_to_edit() {
 	if ( isset($_GET['linkurl']) )
-		$link->link_url = wp_specialchars($_GET['linkurl'], 1);
+		$link->link_url = attribute_escape($_GET['linkurl']);
 	else
 		$link->link_url = '';
 	
 	if ( isset($_GET['name']) )
-		$link->link_name = wp_specialchars($_GET['name'], 1);
+		$link->link_name = attribute_escape($_GET['name']);
 	else
 		$link->link_name = '';
 		
@@ -826,6 +848,20 @@ function list_meta($meta) {
 			$style = '';
 		if ('_' == $entry['meta_key'] { 0 })
 			$style .= ' hidden';
+
+		if ( is_serialized($entry['meta_value']) ) {
+			if ( is_serialized_string($entry['meta_value']) ) {
+				// this is a serialized string, so we should display it
+				$entry['meta_value'] = maybe_unserialize($entry['meta_value']);
+			} else {
+				// this is a serialized array/object so we should NOT display it
+				--$count;
+				continue;
+			}
+		}
+
+		$entry['meta_key'] = attribute_escape( $entry['meta_key']);
+		$entry['meta_value'] = attribute_escape( $entry['meta_value']);
 		echo "
 			<tr class='$style'>
 				<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>
@@ -876,6 +912,7 @@ function meta_form() {
 <?php

 	foreach ($keys as $key) {
+		$key = attribute_escape($key);
 		echo "\n\t<option value='$key'>$key</option>";
 	}
 ?>
@@ -897,7 +934,8 @@ function add_meta($post_ID) {

 	$metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect'])));
 	$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
-	$metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue'])));
+	$metavalue = maybe_serialize(stripslashes((trim($_POST['metavalue']))));
+	$metavalue = $wpdb->escape($metavalue);

 	if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) {
 		// We have a key/value pair. If both the select and the 
@@ -925,7 +963,9 @@ function delete_meta($mid) {

 function update_meta($mid, $mkey, $mvalue) {
 	global $wpdb;
-
+	$mvalue = maybe_serialize(stripslashes($mvalue));
+	$mvalue = $wpdb->escape($mvalue);
+	$mid = (int) $mid;
 	return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
 }

@@ -1081,15 +1121,13 @@ function save_mod_rewrite_rules() {
 }

 function the_quicktags() {
-	// Browser detection sucks, but until Safari supports the JS needed for this to work people just assume it's a bug in WP
-	if (!strstr($_SERVER['HTTP_USER_AGENT'], 'Safari'))
 		echo '
 		<div id="quicktags">
 			<script src="../wp-includes/js/quicktags.js" type="text/javascript"></script>
 			<script type="text/javascript">if ( typeof tinyMCE == "undefined" || tinyMCE.configs.length < 1 ) edToolbar();</script>
 		</div>
 ';
-	else echo '
+	echo '
 <script type="text/javascript">
 function edInsertContent(myField, myValue) {
 	//IE support
@@ -1547,25 +1585,23 @@ function get_plugins() {
 		}
 	}

-	if (!$plugins_dir || !$plugin_files) {
+	if ( !$plugins_dir || !$plugin_files )
 		return $wp_plugins;
-	}

-	sort($plugin_files);
-
-	foreach ($plugin_files as $plugin_file) {
+	foreach ( $plugin_files as $plugin_file ) {
 		if ( !is_readable("$plugin_root/$plugin_file"))
 			continue;

 		$plugin_data = get_plugin_data("$plugin_root/$plugin_file");

-		if (empty ($plugin_data['Name'])) {
+		if ( empty ($plugin_data['Name']) )
 			continue;
-		}

 		$wp_plugins[plugin_basename($plugin_file)] = $plugin_data;
 	}

+	uasort($wp_plugins, create_function('$a, $b', 'return strnatcasecmp($a["Name"], $b["Name"]);'));
+
 	return $wp_plugins;
 }

--- a/wp-admin/bookmarklet.php
+++ b/wp-admin/bookmarklet.php
@@ -37,7 +37,7 @@ else
 	
  
 $content  = wp_specialchars($_REQUEST['content']);
-$popupurl = wp_specialchars($_REQUEST['popupurl']);
+$popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));
    if ( !empty($content) ) {
        $post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
    } else {
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -33,6 +33,7 @@ case 'addcat':
 	wp_insert_category($_POST);

 	wp_redirect('categories.php?message=1#addcat');
+	exit;
 break;

 case 'delete':
@@ -51,7 +52,7 @@ case 'delete':
 	wp_delete_category($cat_ID);

 	wp_redirect('categories.php?message=2');
-
+	exit;
 break;

 case 'edit':
@@ -68,12 +69,12 @@ case 'edit':
 	  <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 		<tr>
 		  <th width="33%" scope="row"><?php _e('Category name:') ?></th>
-		  <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
+		  <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($category->cat_name); ?>" size="40" /> <input type="hidden" name="action" value="editedcat" />
 <input type="hidden" name="cat_ID" value="<?php echo $category->cat_ID ?>" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category slug:') ?></th>
-			<td><input name="category_nicename" type="text" value="<?php echo wp_specialchars($category->category_nicename); ?>" size="40" /></td>
+			<td><input name="category_nicename" type="text" value="<?php echo attribute_escape($category->category_nicename); ?>" size="40" /></td>
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Category parent:') ?></th>
@@ -85,7 +86,7 @@ case 'edit':
 		</tr>
 		<tr>
 			<th scope="row"><?php _e('Description:') ?></th>
-			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description, 1); ?></textarea></td>
+			<td><textarea name="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->category_description); ?></textarea></td>
 		</tr>
 		</table>
 	  <p class="submit"><input type="submit" name="submit" value="<?php _e('Edit category') ?> &raquo;" /></p>
@@ -106,6 +107,7 @@ case 'editedcat':
 	wp_update_category($_POST);

 	wp_redirect('categories.php?message=3');
+	exit;
 break;

 default:
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -7,7 +7,7 @@ $list_js = true;

 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>

 <script type="text/javascript">
@@ -30,7 +30,7 @@ function checkAll(form)
 <form name="searchform" action="" method="get"> 
  <fieldset> 
  <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
  <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
  <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
  <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -39,7 +39,7 @@ if ('' != $post->pinged) {
 	$pings = '<p>'. __('Already pinged:') . '</p><ul>';
 	$already_pinged = explode("\n", trim($post->pinged));
 	foreach ($already_pinged as $pinged_url) {
-		$pings .= "\n\t<li>$pinged_url</li>";
+		$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
 	}
 	$pings .= '</ul>';
 }
@@ -97,7 +97,7 @@ addLoadEvent(focusit);
 <div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
 </fieldset>

-<fieldset class="dbx-box">
+<fieldset id="poststatusdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
 <div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
 <label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
@@ -107,7 +107,7 @@ addLoadEvent(focusit);
 </fieldset>

 <?php if ( current_user_can('edit_posts') ) : ?>
-<fieldset class="dbx-box">
+<fieldset id="posttimestampdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
 </fieldset>
@@ -210,11 +210,11 @@ if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <input name="referredby" type="hidden" id="referredby" value="<?php 
 if ( !empty($_REQUEST['popupurl']) )
-	echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid(wp_get_referer()) == $post_ID )
+	echo attribute_escape(stripslashes($_REQUEST['popupurl']));
+else if ( url_to_postid(stripslashes(wp_get_referer())) == $post_ID )
 	echo 'redo';
 else
-	echo wp_specialchars(wp_get_referer());
+	echo attribute_escape(stripslashes(wp_get_referer()));
 ?>" /></p>

 <?php do_action('edit_form_advanced'); ?>
@@ -225,29 +225,29 @@ if (current_user_can('upload_files')) {
 	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
-		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>

 <div id="advancedstuff" class="dbx-group" >

-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
 </div>
 </fieldset>
 </div>

-<div class="dbx-box-wrapper">
-<fieldset class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-b-ox-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
 if ( ! empty($pings) )
@@ -258,12 +258,12 @@ if ( ! empty($pings) )
 </fieldset>
 </div>

-<div class="dbx-box-wrapper">
+<div class="dbx-b-ox-wrapper">
 <fieldset id="postcustom" class="dbx-box">
-<div class="dbx-handle-wrapper">
+<div class="dbx-h-andle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
 </div>
-<div class="dbx-content-wrapper">
+<div class="dbx-c-ontent-wrapper">
 <div id="postcustomstuff" class="dbx-content">
 <?php 
 if($metadata = has_meta($post_ID)) {
@@ -276,6 +276,7 @@ if($metadata = has_meta($post_ID)) {
 	meta_form();
 ?>
 </div>
+</div>
 </fieldset>
 </div>

--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -230,7 +230,7 @@ function xfn_check($class, $value = '', $type = 'check') {
 <?php if ( $editing ) : ?>
          <input type="hidden" name="action" value="editlink" />
          <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-          <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+          <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
          <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
       	<input type="hidden" name="action" value="Add" />
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -14,11 +14,10 @@ if (0 == $post_ID) {
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }

-$sendto = wp_get_referer();
+$sendto = attribute_escape(wp_get_referer());

 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
 	$sendto = 'redo';
-$sendto = wp_specialchars( $sendto );

 ?>

@@ -193,7 +192,7 @@ if (current_user_can('upload_files')) {
 	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
-		echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+		echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>

@@ -224,8 +223,8 @@ if($metadata = has_meta($post_ID)) {
 	$delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
 	<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
+</div>
+
 </form>

 </div>
-
-</div>
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -13,7 +13,7 @@ require_once('admin-header.php');
 <form name="searchform" action="" method="get"> 
  <fieldset> 
  <legend><?php _e('Search Pages&hellip;') ?></legend>
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" /> 
  <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
  </fieldset>
 </form>
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -79,7 +79,7 @@ if ( is_month() ) {
 <form name="searchform" action="" method="get" style="float: left; width: 16em; margin-right: 3em;"> 
  <fieldset> 
  <legend><?php _e('Search Posts&hellip;') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($s)) echo wp_specialchars($s, 1); ?>" size="17" /> 
+  <input type="text" name="s" value="<?php if (isset($s)) echo attribute_escape($s); ?>" size="17" /> 
  <input type="submit" name="submit" value="<?php _e('Search') ?>"  /> 
  </fieldset>
 </form>
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -7,14 +7,15 @@ class Blogger_Import {

 	// Shows the welcome screen and the magic iframe.
 	function greet() {
-		$title = __('Import Blogger');
-		$welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
+		$title = __('Import Old Blogger');
+		$welcome = __('Howdy! This importer allows you to import posts and comments from your Old Blogger account into your WordPress blog.');
 		$noiframes = __('This feature requires iframe support.');
 		$warning = __('This will delete everything saved by the Blogger importer except your posts and comments. Are you sure you want to do this?');
 		$reset = __('Reset this importer');
 		$incompat = __('Your web server is not properly configured to use this importer. Please enable the CURL extension for PHP and then reload this page.');

 		echo "<div class='wrap'><h2>$title</h2><p>$welcome</p>";
+		echo "<p>" . __('Please note that this importer <em>does not work with Blogger (using your Google account)</em>.') . "</p>";
 		if ( function_exists('curl_init') )
 			echo "<iframe src='admin.php?import=blogger&amp;noheader=true' height='350px' width = '99%'>$noiframes</iframe><p><a href='admin.php?import=blogger&amp;restart=true&amp;noheader=true' onclick='return confirm(\"$warning\")'>$reset</a></p>";
 		else
@@ -135,13 +136,13 @@ class Blogger_Import {
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
 		if ($header) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
 		$response = curl_exec ($ch);
-	
+
 		if ($parse) {
 			$response = $this->parse_response($response);
 			$response['url'] = $url;
 			return $response;
 		}
-	
+
 		return $response;
 	}

@@ -210,7 +211,7 @@ class Blogger_Import {
 		$this->import['blogs'][$_GET['blog']]['nextstep'] = $step;
 		update_option('import-blogger', $this->import);
 	}
-	
+
 	// Redirects to next step
 	function do_next_step() {
 		wp_redirect("admin.php?import=blogger&noheader=true&blog={$_GET['blog']}");
@@ -224,13 +225,13 @@ class Blogger_Import {
 			if ( ! ( $_POST['user'] && $_POST['pass'] ) ) {
 				$this->login_form(__('The script will log into your Blogger account, change some settings so it can read your blog, and restore the original settings when it\'s done. Here\'s what you do:').'</p><ol><li>'.__('Back up your Blogger template.').'</li><li>'.__('Back up any other Blogger settings you might need later.').'</li><li>'.__('Log out of Blogger').'</li><li>'.__('Log in <em>here</em> with your Blogger username and password.').'</li><li>'.__('On the next screen, click one of your Blogger blogs.').'</li><li>'.__('Do not close this window or navigate away until the process is complete.').'</li></ol>');
 			}
-		
-			// Try logging in. If we get an array of cookies back, we at least connected.		
+
+			// Try logging in. If we get an array of cookies back, we at least connected.
 			$this->import['cookies'] = $this->login_blogger($_POST['user'], $_POST['pass']);
 			if ( !is_array( $this->import['cookies'] ) ) {
 				$this->login_form(__('Login failed. Please enter your credentials again.'));
 			}
-			
+
 			// Save the password so we can log the browser in when it's time to publish.
 			$this->import['pass'] = $_POST['pass'];
 			$this->import['user'] = $_POST['user'];
@@ -341,7 +342,7 @@ class Blogger_Import {
 				$form = "<div style='height:0px;width:0px;overflow:hidden;'>";
 				$form.= $body;
 				$form.= "</div><script type='text/javascript'>forms=document.getElementsByTagName('form');for(i=0;i<forms.length;i++){if(forms[i].action.search('{$blog_opt}')){forms[i].submit();break;}}</script>";
-				$output.= '<p>'.sprintf('<strong>%s</strong> in progress, please wait...', $blog_opt)."</p>\n";
+				$output.= '<p>'.sprintf(__('<strong>%s</strong> in progress, please wait...'), $blog_opt)."</p>\n";
 			} else {
 				$output.= "<p>$blog_opt</p>\n";
 			}
@@ -395,7 +396,7 @@ class Blogger_Import {
 				update_option('import-blogger', $import);
 				$archive = $this->get_blogger($url);
 				if ( $archive['code'] > 200 )
-					continue;	
+					continue;
 				$posts = explode('<wordpresspost>', $archive['body']);
 				for ($i = 1; $i < count($posts); $i = $i + 1) {
 					$postparts = explode('<wordpresscomment>', $posts[$i]);
@@ -409,7 +410,7 @@ class Blogger_Import {
 					$post_title = ( $postinfo[4] != '' ) ? $postinfo[4] : $postinfo[3];
 					$post_author_name = $wpdb->escape(trim($postinfo[1]));
 					$post_author_email = $postinfo[5] ? $postinfo[5] : 'user@wordpress.org';
-	
+
 					if ( $this->lump_authors ) {
 						// Ignore Blogger authors. Use the current user_ID for all posts imported.
 						$post_author = $GLOBALS['user_ID'];
@@ -420,7 +421,7 @@ class Blogger_Import {
 							$user_email = $wpdb->escape($post_author_email);
 							$user_password = substr(md5(uniqid(microtime())), 0, 6);
 							$result = wp_create_user( $user_login, $user_password, $user_email );
-							$status.= sprintf('Registered user <strong>%s</strong>.', $user_login);
+							$status.= sprintf(__('Registered user <strong>%s</strong>.'), $user_login);
 							$this->import['blogs'][$_GET['blog']]['newusers'][] = $user_login;
 						}
 						$userdata = get_userdatabylogin( $post_author_name );
@@ -435,21 +436,21 @@ class Blogger_Import {
 					$posthour = zeroise($post_date_His[0], 2);
 					$postminute = zeroise($post_date_His[1], 2);
 					$postsecond = zeroise($post_date_His[2], 2);
-	
+
 					if (($post_date[2] == 'PM') && ($posthour != '12'))
 						$posthour = $posthour + 12;
 					else if (($post_date[2] == 'AM') && ($posthour == '12'))
 						$posthour = '00';
-	
+
 					$post_date = "$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
-	
+
 					$post_content = addslashes($post_content);
 					$post_content = str_replace(array('<br>','<BR>','<br/>','<BR/>','<br />','<BR />'), "\n", $post_content); // the XHTML touch... ;)
-	
+
 					$post_title = addslashes($post_title);
-			
+
 					$post_status = 'publish';
-	
+
 					if ( $ID = post_exists($post_title, '', $post_date) ) {
 						$post_array[$i]['ID'] = $ID;
 						$skippedpostcount++;
@@ -509,7 +510,7 @@ class Blogger_Import {
 					}
 				}
 				$status = sprintf(__('%s post(s) parsed, %s skipped...'), $postcount,  $skippedpostcount).' '.
-					sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcoun, $skippedcommentcount).' '.
+					sprintf(__('%s comment(s) parsed, %s skipped...'), $commentcount, $skippedcommentcount).' '.
 					' <strong>'.__('Done').'</strong>';
 				$import = $this->import;
 				$import['blogs'][$_GET['blog']]['archives']["$url"] = $status;
@@ -546,7 +547,7 @@ class Blogger_Import {
 						$response = $this->get_blogger("http://www.blogger.com/blog-publishing.g?blogID={$_GET['blog']}&publishMode={$optary['backup']['publishMode']}", $headers);
 						sleep(2);
 						if ( $response['code'] >= 400 )
-							die('<h1>Error restoring publishMode.</h1><p>Please tell the devs.</p>' . addslashes(print_r($response, 1)) );
+							die('<h1>'.__('Error restoring publishMode').'</h1><p>'.__('Please tell the devs.').'</p>' . addslashes(print_r($response, 1)) );
 					}
 				}
 				if ( $optary['backup'] != $optary['modify'] ) {
@@ -597,11 +598,11 @@ class Blogger_Import {
 		if ( $_GET['restart'] == 'true' ) {
 			$this->restart();
 		}
-		
+
 		if ( isset($_GET['noheader']) ) {
 			header('Content-Type: text/html; charset=utf-8');

-			$this->import = get_settings('import-blogger');
+			$this->import = get_option('import-blogger');

 			if ( false === $this->import ) {
 				$step = 0;
@@ -649,7 +650,7 @@ class Blogger_Import {
 					break;
 			}
 			die;
-			
+
 		} else {
 			$this->greet();
 		}
@@ -662,6 +663,6 @@ class Blogger_Import {

 $blogger_import = new Blogger_Import();

-register_importer('blogger', 'Blogger', __('Import posts and comments from a Blogger account'), array ($blogger_import, 'start'));
+register_importer('blogger', __('Old Blogger'), __('Import <strong>posts and comments</strong> from your Old Blogger account'), array ($blogger_import, 'start'));

 ?>
--- a/wp-admin/import/dotclear.php
+++ b/wp-admin/import/dotclear.php
@@ -626,15 +626,15 @@ class Dotclear_Import {
 		echo '<h3>'.__('Preserving Authors').'</h3>';
 		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
 		echo '<h3>'.__('Textile').'</h3>';
-		echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<p>'.__('Also, since you\'re coming from Dotclear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
 		echo '<h3>'.__('WordPress Resources').'</h3>';
 		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
 		echo '<ul>';
 		echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
 		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
 		echo '</ul>';
-		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
+		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
 	}
 	
 	function db_form()
@@ -737,5 +737,5 @@ class Dotclear_Import {
 }

 $dc_import = new Dotclear_Import();
-register_importer('dotclear', 'Dotclear', __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
+register_importer('dotclear', __('Dotclear'), __('Import posts from a Dotclear Blog'), array ($dc_import, 'dispatch'));
 ?>
--- a/wp-admin/import/greymatter.php
+++ b/wp-admin/import/greymatter.php
@@ -0,0 +1,313 @@
+<?php
+
+class GM_Import {
+
+	var $gmnames = array ();
+
+	function header() {
+		echo '<div class="wrap">';
+		echo '<h2>'.__('Import Greymatter').'</h2>';
+	}
+
+	function footer() {
+		echo '</div>';
+	}
+
+	function greet() {
+		$this->header();
+?>
+<p><?php _e('This is a basic GreyMatter to WordPress import script.') ?></p>
+<p><?php _e('What it does:') ?></p>
+<ul>
+<li><?php _e('Parses gm-authors.cgi to import (new) authors. Everyone is imported at level 1.') ?></li>
+<li><?php _e('Parses the entries cgi files to import posts, comments, and karma on posts (although karma is not used on WordPress yet).<br />If authors are found not to be in gm-authors.cgi, imports them at level 0.') ?></li>
+<li><?php _e("Detects duplicate entries or comments. If you don't import everything the first time, or this import should fail in the middle, duplicate entries will not be made when you try again.") ?></li>
+</ul>
+<p><?php _e('What it does not:') ?></p>
+<ul>
+<li><?php _e('Parse gm-counter.cgi, gm-banlist.cgi, gm-cplog.cgi (you can make a CP log hack if you really feel like it, but I question the need of a CP log).') ?></li>
+<li><?php _e('Import gm-templates.') ?></li>
+<li><?php _e("Doesn't keep entries on top.")?></li>
+</ul>
+<p>&nbsp;</p>
+
+<form name="stepOne" method="get">
+<input type="hidden" name="import" value="greymatter" />
+<input type="hidden" name="step" value="1" />
+<h3><?php _e('Second step: GreyMatter details:') ?></h3>
+<p><table cellpadding="0">
+<tr>
+<td><?php _e('Path to GM files:') ?></td>
+<td><input type="text" style="width:300px" name="gmpath" value="/home/my/site/cgi-bin/greymatter/" /></td>
+</tr>
+<tr>
+<td><?php _e('Path to GM entries:') ?></td>
+<td><input type="text" style="width:300px" name="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
+</tr>
+<tr>
+<td colspan="2"><br /><?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+</tr>
+<tr>
+<td><?php _e("Last entry's number:") ?></td>
+<td><input type="text" name="lastentry" value="00000001" /></td>
+</tr>
+</table>
+</p>
+<p><?php _e("When you're ready, click OK to start importing: ") ?><input type="submit" name="submit" value="<?php _e('OK') ?>" class="search" /></p>
+</form>
+<p>&nbsp</p>
+<?php
+		$this->footer();
+	}
+
+
+
+	function gm2autobr($string) { // transforms GM's |*| into b2's <br />\n
+		$string = str_replace("|*|","<br />\n",$string);
+		return($string);
+	}
+	
+	function import() {
+		global $wpdb;
+	
+		$wpvarstoreset = array('gmpath', 'archivespath', 'lastentry');
+		for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+			$wpvar = $wpvarstoreset[$i];
+			if (!isset($$wpvar)) {
+				if (empty($_POST["$wpvar"])) {
+					if (empty($_GET["$wpvar"])) {
+						$$wpvar = '';
+					} else {
+						$$wpvar = $_GET["$wpvar"];
+					}
+				} else {
+					$$wpvar = $_POST["$wpvar"];
+				}
+			}
+		}
+
+		if (!chdir($archivespath))
+			die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));
+
+		if (!chdir($gmpath))
+			die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath));
+			
+		$this->header();
+?>
+<p><?php _e('The importer is running...') ?></p>
+<ul>
+<li><?php _e('importing users...') ?><ul><?php
+
+	chdir($gmpath);
+	$userbase = file("gm-authors.cgi");
+
+	foreach($userbase as $user) {
+		$userdata=explode("|", $user);
+
+		$user_ip="127.0.0.1";
+		$user_domain="localhost";
+		$user_browser="server";
+
+		$s=$userdata[4];
+		$user_joindate=substr($s,6,4)."-".substr($s,0,2)."-".substr($s,3,2)." 00:00:00";
+
+		$user_login=$wpdb->escape($userdata[0]);
+		$pass1=$wpdb->escape($userdata[1]);
+		$user_nickname=$wpdb->escape($userdata[0]);
+		$user_email=$wpdb->escape($userdata[2]);
+		$user_url=$wpdb->escape($userdata[3]);
+		$user_joindate=$wpdb->escape($user_joindate);
+
+		$user_id = username_exists($user_login);
+		if ($user_id) {
+			printf('<li>'.__('user %s').'<strong>'.__('Already exists').'</strong></li>', "<em>$user_login</em>");
+			$this->gmnames[$userdata[0]] = $user_id;
+			continue;
+		}
+
+		$user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
+		$user_id = wp_insert_user($user_info);
+		$this->gmnames[$userdata[0]] = $user_id;
+		
+		printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
+	}
+
+?></ul><strong><?php _e('Done') ?></strong></li>
+<li><?php _e('importing posts, comments, and karma...') ?><br /><ul><?php
+
+	chdir($archivespath);
+	
+	for($i = 0; $i <= $lastentry; $i = $i + 1) {
+		
+		$entryfile = "";
+		
+		if ($i<10000000) {
+			$entryfile .= "0";
+			if ($i<1000000) {
+				$entryfile .= "0";
+				if ($i<100000) {
+					$entryfile .= "0";
+					if ($i<10000) {
+						$entryfile .= "0";
+						if ($i<1000) {
+							$entryfile .= "0";
+							if ($i<100) {
+								$entryfile .= "0";
+								if ($i<10) {
+									$entryfile .= "0";
+		}}}}}}}
+
+		$entryfile .= "$i";
+
+		if (is_file($entryfile.".cgi")) {
+
+			$entry=file($entryfile.".cgi");
+			$postinfo=explode("|",$entry[0]);
+			$postmaincontent=$this->gm2autobr($entry[2]);
+			$postmorecontent=$this->gm2autobr($entry[3]);
+
+			$post_author=trim($wpdb->escape($postinfo[1]));
+
+			$post_title=$this->gm2autobr($postinfo[2]);
+			printf('<li>'.__('entry # %s : %s : by %s'), $entryfile, $post_title, $postinfo[1]);
+			$post_title=$wpdb->escape($post_title);
+
+			$postyear=$postinfo[6];
+			$postmonth=zeroise($postinfo[4],2);
+			$postday=zeroise($postinfo[5],2);
+			$posthour=zeroise($postinfo[7],2);
+			$postminute=zeroise($postinfo[8],2);
+			$postsecond=zeroise($postinfo[9],2);
+
+			if (($postinfo[10]=="PM") && ($posthour!="12"))
+				$posthour=$posthour+12;
+
+			$post_date="$postyear-$postmonth-$postday $posthour:$postminute:$postsecond";
+
+			$post_content=$postmaincontent;
+			if (strlen($postmorecontent)>3)
+				$post_content .= "<!--more--><br /><br />".$postmorecontent;
+			$post_content=$wpdb->escape($post_content);
+
+			$post_karma=$postinfo[12];
+
+			$post_status = 'publish'; //in greymatter, there are no drafts
+			$comment_status = 'open';
+			$ping_status = 'closed';
+			
+			if ($post_ID = post_exists($post_title, '', $post_date)) {
+				echo ' ';
+				_e('(already exists)');
+			} else {
+				//just so that if a post already exists, new users are not created by checkauthor
+				// we'll check the author is registered, or if it's a deleted author
+				$user_id = username_exists($post_author);
+				if (!$user_id) {	// if deleted from GM, we register the author as a level 0 user
+					$user_ip="127.0.0.1";
+					$user_domain="localhost";
+					$user_browser="server";
+					$user_joindate="1979-06-06 00:41:00";
+					$user_login=$wpdb->escape($post_author);
+					$pass1=$wpdb->escape("password");
+					$user_nickname=$wpdb->escape($post_author);
+					$user_email=$wpdb->escape("user@deleted.com");
+					$user_url=$wpdb->escape("");
+					$user_joindate=$wpdb->escape($user_joindate);
+					
+					$user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
+					$user_id = wp_insert_user($user_info);
+					$this->gmnames[$postinfo[1]] = $user_id;
+					
+					echo ': ';
+					printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
+				}
+			
+				if (array_key_exists($postinfo[1], $this->gmnames)) {
+					$post_author = $this->gmnames[$postinfo[1]];
+				} else {
+					$post_author = $user_id;
+				}
+			
+				$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
+				$post_ID = wp_insert_post($postdata);
+			}
+
+			$c=count($entry);
+			if ($c>4) {
+				$numAddedComments = 0;
+				$numComments = 0;
+				for ($j=4;$j<$c;$j++) {
+					$entry[$j]=$this->gm2autobr($entry[$j]);
+					$commentinfo=explode("|",$entry[$j]);
+					$comment_post_ID=$post_ID;
+					$comment_author=$wpdb->escape($commentinfo[0]);
+					$comment_author_email=$wpdb->escape($commentinfo[2]);
+					$comment_author_url=$wpdb->escape($commentinfo[3]);
+					$comment_author_IP=$wpdb->escape($commentinfo[1]);
+
+					$commentyear=$commentinfo[7];
+					$commentmonth=zeroise($commentinfo[5],2);
+					$commentday=zeroise($commentinfo[6],2);
+					$commenthour=zeroise($commentinfo[8],2);
+					$commentminute=zeroise($commentinfo[9],2);
+					$commentsecond=zeroise($commentinfo[10],2);
+					if (($commentinfo[11]=="PM") && ($commenthour!="12"))
+						$commenthour=$commenthour+12;
+					$comment_date="$commentyear-$commentmonth-$commentday $commenthour:$commentminute:$commentsecond";
+
+					$comment_content=$wpdb->escape($commentinfo[12]);
+
+					if (!comment_exists($comment_author, $comment_date)) {
+						$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_content', 'comment_approved');
+						$commentdata = wp_filter_comment($commentdata);
+						wp_insert_comment($commentdata);
+						$numAddedComments++;
+					}
+					$numComments++;
+				}
+				if ($numAddedComments > 0) {
+					echo ': ';
+					printf(__('imported %d comment(s)'), $numAddedComments);
+				}
+				$preExisting = $numComments - numAddedComments;
+				if ($preExisting > 0) {
+					echo ' ';
+					printf(__('ignored %d pre-existing comments'), $preExisting);
+				}
+			}
+			echo '... <strong>'.__('Done').'</strong></li>';
+		}
+	}
+	?>
+</ul><strong><?php _e('Done') ?></strong></li></ul>
+<p>&nbsp;</p>
+<p><?php _e('Completed Greymatter import!') ?></p>
+<?php
+	$this->footer();
+	}
+
+	function dispatch() {
+		if (empty ($_GET['step']))
+			$step = 0;
+		else
+			$step = (int) $_GET['step'];
+
+		switch ($step) {
+			case 0 :
+				$this->greet();
+				break;
+			case 1:
+				$this->import();
+				break;
+		}
+	}
+
+	function GM_Import() {
+		// Nothing.	
+	}
+}
+
+$gm_import = new GM_Import();
+
+register_importer('greymatter', __('Greymatter'), __('Import posts and comments from your Greymatter blog'), array ($gm_import, 'dispatch'));
+?>
--- a/wp-admin/import/livejournal.php
+++ b/wp-admin/import/livejournal.php
@@ -167,5 +167,5 @@ class LJ_Import {

 $livejournal_import = new LJ_Import();

-register_importer('livejournal', 'LiveJournal', __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
+register_importer('livejournal', __('LiveJournal'), __('Import posts from LiveJournal'), array ($livejournal_import, 'dispatch'));
 ?>
--- a/wp-admin/import/mt.php
+++ b/wp-admin/import/mt.php
@@ -11,7 +11,7 @@ class MT_Import {

 	function header() {
 		echo '<div class="wrap">';
-		echo '<h2>'.__('Import Movable Type').'</h2>';
+		echo '<h2>'.__('Import Movable Type and Typepad').'</h2>';
 	}

 	function footer() {
@@ -32,7 +32,7 @@ class MT_Import {
 		global $wpdb, $testing;
 		$users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
 ?><select name="userselect[<?php echo $n; ?>]">
-	<option value="#NONE#">- Select -</option>
+	<option value="#NONE#"><?php _e('- Select -') ?></option>
 	<?php


@@ -134,6 +134,8 @@ class MT_Import {

 	function mt_authors_form() {
 ?>
+<div class="wrap">
+<h2><?php _e('Assign Authors'); ?></h2>
 <p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
 <p><?php _e('Below, you can see the names of the authors of the MovableType posts in <i>italics</i>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
 <p><?php _e('If a new user is created by WordPress, the password will be set, by default, to "changeme". Quite suggestive, eh? ;)'); ?></p>
@@ -146,22 +148,24 @@ class MT_Import {
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
-			echo '<li><i>'.$author.'</i><br />'.'<input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30">';
+			echo '<li>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
 			$this->users_form($j);
 			echo '</li>';
 		}

-		echo '<input type="submit" value="Submit">'.'<br/>';
+		echo '<input type="submit" value="'.__('Submit').'">'.'<br/>';
 		echo '</form>';
-		echo '</ol>';
+		echo '</ol></div>';

-		flush();
 	}

 	function select_authors() {
 		$file = wp_import_handle_upload();
 		if ( isset($file['error']) ) {
-			echo $file['error'];
+			$this->header();
+			echo '<p>'.__('Sorry, there has been an error').'.</p>';
+			echo '<p><strong>' . $file['error'] . '</strong></p>';
+			$this->footer();
 			return;
 		}
 		$this->file = $file['file'];
@@ -174,7 +178,7 @@ class MT_Import {
 	function process_posts() {
 		global $wpdb;
 		$i = -1;
-		echo "<ol>";
+		echo "<div class='wrap'><ol>";
 		foreach ($this->posts as $post) {
 			if ('' != trim($post)) {
 				++ $i;
@@ -330,7 +334,7 @@ class MT_Import {
 					}
 				}
 				if ( $num_comments )
-					printf(__('(%s comments)'), $num_comments);
+					printf(' '.__('(%s comments)'), $num_comments);

 				// Finally the pings
 				// fix the double newline on the first one
@@ -378,22 +382,22 @@ class MT_Import {
 					}
 				}
 				if ( $num_pings )
-					printf(__('(%s pings)'), $num_pings);
-				
+					printf(' '.__('(%s pings)'), $num_pings);
+
 				echo "</li>";
 			}
-			flush();
 		}

 		echo '</ol>';

 		wp_import_cleanup($this->id);

-		echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3>';
+		echo '<h3>'.sprintf(__('All done. <a href="%s">Have fun!</a>'), get_option('home')).'</h3></div>';
 	}

 	function import() {
 		$this->id = (int) $_GET['id'];
+		
 		$this->file = get_attached_file($this->id);
 		$this->get_authors_from_post();
 		$this->get_entries();
@@ -420,11 +424,11 @@ class MT_Import {
 	}

 	function MT_Import() {
-		// Nothing.	
+		// Nothing.
 	}
 }

 $mt_import = new MT_Import();

-register_importer('mt', 'Movable Type', __('Import posts and comments from your Movable Type blog'), array ($mt_import, 'dispatch'));
+register_importer('mt', __('Movable Type and Typepad'), __('Imports <strong>posts and comments</strong> from your Movable Type or Typepad blog'), array ($mt_import, 'dispatch'));
 ?>
--- a/wp-admin/import/rss.php
+++ b/wp-admin/import/rss.php
@@ -38,21 +38,22 @@ class RSS_Import {
 		$index = 0;
 		foreach ($this->posts as $post) {
 			preg_match('|<title>(.*?)</title>|is', $post, $post_title);
-			$post_title = $wpdb->escape(trim($post_title[1]));
+			$post_title = str_replace(array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($post_title[1]) ));

-			preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date);
+			preg_match('|<pubdate>(.*?)</pubdate>|is', $post, $post_date_gmt);

-			if ($post_date) {
-				$post_date = strtotime($post_date[1]);
+			if ($post_date_gmt) {
+				$post_date_gmt = strtotime($post_date_gmt[1]);
 			} else {
 				// if we don't already have something from pubDate
-				preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date);
-				$post_date = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date[1]);
-				$post_date = str_replace('T', ' ', $post_date);
-				$post_date = strtotime($post_date);
+				preg_match('|<dc:date>(.*?)</dc:date>|is', $post, $post_date_gmt);
+				$post_date_gmt = preg_replace('|([-+])([0-9]+):([0-9]+)$|', '\1\2\3', $post_date_gmt[1]);
+				$post_date_gmt = str_replace('T', ' ', $post_date_gmt);
+				$post_date_gmt = strtotime($post_date_gmt);
 			}

-			$post_date = gmdate('Y-m-d H:i:s', $post_date);
+			$post_date_gmt = gmdate('Y-m-d H:i:s', $post_date_gmt);
+			$post_date = get_date_from_gmt( $post_date_gmt );

 			preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
 			$categories = $categories[1];
@@ -90,7 +91,7 @@ class RSS_Import {

 			$post_author = 1;
 			$post_status = 'publish';
-			$this->posts[$index] = compact('post_author', 'post_date', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
+			$this->posts[$index] = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_status', 'guid', 'categories');
 			$index++;
 		}
 	}
@@ -167,5 +168,5 @@ class RSS_Import {

 $rss_import = new RSS_Import();

-register_importer('rss', 'RSS', __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
+register_importer('rss', __('RSS'), __('Import posts from an RSS feed'), array ($rss_import, 'dispatch'));
 ?>
--- a/wp-admin/import/textpattern.php
+++ b/wp-admin/import/textpattern.php
@@ -555,12 +555,12 @@ class Textpattern_Import {
 		echo '<h3>'.__('Preserving Authors').'</h3>';
 		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
 		echo '<h3>'.__('Textile').'</h3>';
-		echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/2004/04/19/wordpress-plugin-textile-20/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<p>'.__('Also, since you\'re coming from Textpattern, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
 		echo '<h3>'.__('WordPress Resources').'</h3>';
 		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
 		echo '<ul>';
 		echo '<li>'.__('<a href="http://www.wordpress.org">The official WordPress site</a>').'</li>';
-		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums').'</li>';
+		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
 		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
 		echo '</ul>';
 		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '/wp-login.php').'</p>';
@@ -659,5 +659,5 @@ class Textpattern_Import {
 }

 $txp_import = new Textpattern_Import();
-register_importer('textpattern', 'Textpattern', __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
+register_importer('textpattern', __('Textpattern'), __('Import posts from a Textpattern Blog'), array ($txp_import, 'dispatch'));
 ?>
--- a/wp-admin/index.php
+++ b/wp-admin/index.php
@@ -25,7 +25,7 @@ if ( isset($rss->items) && 0 != count($rss->items) ) {
 $rss->items = array_slice($rss->items, 0, 10);
 foreach ($rss->items as $item ) {
 ?>
-	<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wp_specialchars($item['title']); ?></a></li>
+	<li><a href="<?php echo wp_filter_kses($item['link']); ?>"><?php echo wptexturize(wp_specialchars($item['title'])); ?></a></li>
 <?php } ?>
 </ul>
 </div>
--- a/wp-admin/inline-uploading.php
+++ b/wp-admin/inline-uploading.php
@@ -24,6 +24,8 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }

+$all = ( 'true' == $all ) ? 'true' : 'false';
+$start = (int) $start;
 $post = (int) $post;
 $images_width = 1;

@@ -238,7 +240,7 @@ srcb[{$ID}] = '{$image['guid']}';
 			$xpadding = (128 - $image['uwidth']) / 2;
 			$ypadding = (96 - $image['uheight']) / 2;
 			$style .= "#target{$ID} img { padding: {$ypadding}px {$xpadding}px; }\n";
-			$title = wp_specialchars($image['post_title'], ENT_QUOTES);
+			$title = attribute_escape($image['post_title']);
 			$script .= "aa[{$ID}] = '<a id=\"p{$ID}\" rel=\"attachment\" class=\"imagelink\" href=\"$href\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 ab[{$ID}] = '<a class=\"imagelink\" href=\"{$image['guid']}\" onclick=\"doPopup({$ID});return false;\" title=\"{$title}\">';
 imga[{$ID}] = '<img id=\"image{$ID}\" src=\"$src\" alt=\"{$title}\" $height_width />';
@@ -258,7 +260,7 @@ imgb[{$ID}] = '<img id=\"image{$ID}\" src=\"{$image['guid']}\" alt=\"{$title}\"
 </div>
 ";
 		} else {
-			$title = wp_specialchars($attachment['post_title'], ENT_QUOTES);
+			$title = attribute_escape($attachment['post_title']);
 			$filename = basename($attachment['guid']);
 			$icon = get_attachment_icon($ID);
 			$toggle_icon = "<a id=\"I{$ID}\" onclick=\"toggleOtherIcon({$ID});return false;\" href=\"javascript:void()\">$__using_title</a>";
@@ -429,7 +431,7 @@ richedit = ( typeof tinyMCE == 'object' && tinyMCE.configs.length > 0 );
 function sendToEditor(n) {
 	o = document.getElementById('div'+n);
 	h = o.innerHTML.replace(new RegExp('^\\s*(.*?)\\s*$', ''), '$1'); // Trim
-	h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)( |/|>)', 'g'), ' $1="$2"$3'); // Enclose attribs in quotes
+	h = h.replace(new RegExp(' (class|title|width|height|id|onclick|onmousedown)=([^\'"][^ ]*)(?=( |/|>))', 'g'), ' $1="$2"'); // Enclose attribs in quotes
 	h = h.replace(new RegExp(' (width|height)=".*?"', 'g'), ''); // Drop size constraints
 	h = h.replace(new RegExp(' on(click|mousedown)="[^"]*"', 'g'), ''); // Drop menu events
 	h = h.replace(new RegExp('<(/?)A', 'g'), '<$1a'); // Lowercase tagnames
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -166,10 +166,9 @@ $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, p
 $wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );

 // Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')");

 // First Page
-
 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, to_ping, pinged, post_content_filtered) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static', '', '', '')");
 $wp_rewrite->flush_rules();

@@ -182,7 +181,7 @@ $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES
 $admin_caps = serialize(array('administrator' => true));
 $wpdb->query("INSERT INTO $wpdb->usermeta (user_id, meta_key, meta_value) VALUES ({$wpdb->insert_id}, '{$table_prefix}capabilities', '{$admin_caps}');");

-$message_headers = 'From: ' . $weblog_title . ' <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
+$message_headers = 'From: "' . $weblog_title . '" <wordpress@' . $_SERVER['SERVER_NAME'] . '>';
 $message = sprintf(__("Your new WordPress blog has been successfully set up at:

 %1\$s
--- a/wp-admin/link-categories.php
+++ b/wp-admin/link-categories.php
@@ -124,7 +124,7 @@ switch ($action) {
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">
 <tr>
 	<th width="33%" scope="row"><?php _e('Name:') ?></th>
-	<td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+	<td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
 </tr>
 <tr>
 	<th scope="row"><?php _e('Show:') ?></th>
@@ -309,7 +309,7 @@ $results = $wpdb->get_results("SELECT cat_id, cat_name, auto_toggle, show_images
         . " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
         . " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
 $i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
    if ($row->list_limit == -1) {
        $row->list_limit = __('none');
    }
@@ -356,8 +356,14 @@ foreach ($results as $row) {
                <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
                <td><?php echo $row->list_limit ?></td>
                <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
-                <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
-              </tr>
+                <td>
+				<?php if (1 == $row->cat_id ) { 
+					_e('Default');
+				} else { ?>
+					<a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a>
+				<?php } ?>
+              </td>
+	   </tr>
 <?php
        ++$i;
    }
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@@ -26,7 +26,7 @@ switch ($step) {
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
 <?php wp_nonce_field('import-bookmarks') ?>

-<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
+<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?></p>
 <div style="width: 70%; margin: auto; height: 8em;">
 <input type="hidden" name="step" value="1" />
 <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
--- a/wp-admin/link-manager.php
+++ b/wp-admin/link-manager.php
@@ -63,6 +63,7 @@ switch ($action) {
    $q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");

    wp_redirect($this_file);
+    exit;
    break;
  }
  case 'visibility':
@@ -100,6 +101,7 @@ switch ($action) {
    }

    wp_redirect($this_file);
+    exit;
    break;
  }
  case 'move':
@@ -120,6 +122,7 @@ switch ($action) {
    $q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");

    wp_redirect($this_file);
+    exit();
    break;
  }

@@ -130,6 +133,7 @@ switch ($action) {
 	add_link();
 	
    wp_redirect(wp_get_referer() . '?added=true');
+    exit;
    break;
  } // end Add

@@ -151,6 +155,7 @@ switch ($action) {
 	
    setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
    wp_redirect($this_file);
+    exit;
    break;
  } // end Save

@@ -174,6 +179,7 @@ switch ($action) {
    $links_show_cat_id = $cat_id;
    setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
    wp_redirect($this_file);
+    exit;
    break;
  } // end Delete

@@ -321,7 +327,7 @@ function checkAll(form)
    <?php wp_nonce_field('bulk-bookmarks') ?>
    <input type="hidden" name="link_id" value="" />
    <input type="hidden" name="action" value="" />
-    <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+    <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
    <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
  <table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
    <tr>
@@ -351,10 +357,10 @@ function checkAll(form)
    $links = $wpdb->get_results($sql);
    if ($links) {
        foreach ($links as $link) {
-      	    $link->link_name = wp_specialchars($link->link_name);
+      	    $link->link_name = attribute_escape($link->link_name);
      	    $link->link_category = wp_specialchars($link->link_category);
      	    $link->link_description = wp_specialchars($link->link_description);
-            $link->link_url = wp_specialchars($link->link_url);
+            $link->link_url = attribute_escape($link->link_url);
            $short_url = str_replace('http://', '', $link->link_url);
            $short_url = str_replace('www.', '', $short_url);
            if ('/' == substr($short_url, -1))
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -55,7 +55,7 @@ foreach ($menu as $menu_page) {
 }

 do_action('admin_menu', '');
-ksort($menu); // make it all pretty
+uksort($menu, "strnatcasecmp"); // make it all pretty

 if (! user_can_access_admin_page()) {
 	die( __('You do not have sufficient permissions to access this page.') );
--- a/wp-admin/moderation.php
+++ b/wp-admin/moderation.php
@@ -152,10 +152,10 @@ echo '<a href="post.php?action=editcomment&amp;comment='.$comment->comment_ID.'"
 <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a> | 
 <?php 
 echo " <a href=\"" . wp_nonce_url("post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete just this comment') . "</a> | "; ?>  <?php _e('Bulk action:') ?>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-approve"><?php _e('Approve') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-spam"><?php _e('Spam') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-delete"><?php _e('Delete') ?></label>
-	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment[<?php echo $comment->comment_ID; ?>]-nothing"><?php _e('Defer until later') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-approve" value="approve" /> <label for="comment-<?php echo $comment->comment_ID; ?>-approve"><?php _e('Approve') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-spam" value="spam" /> <label for="comment-<?php echo $comment->comment_ID; ?>-spam"><?php _e('Spam') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-delete" value="delete" /> <label for="comment-<?php echo $comment->comment_ID; ?>-delete"><?php _e('Delete') ?></label>
+	<input type="radio" name="comment[<?php echo $comment->comment_ID; ?>]" id="comment-<?php echo $comment->comment_ID; ?>-nothing" value="later" checked="checked" /> <label for="comment-<?php echo $comment->comment_ID; ?>-nothing"><?php _e('Defer until later') ?></label>
 	</p>

 	</li>
--- a/wp-admin/options-discussion.php
+++ b/wp-admin/options-discussion.php
@@ -71,7 +71,7 @@ if ($action == 'retrospam') {
 </fieldset>
 <fieldset class="options">
 <legend><?php _e('Comment Moderation') ?></legend>
-<p><?php printf(__('Hold a comment in the queue if it contains more than %s links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>
+<p><?php printf(__('Hold a comment in the queue if it contains %s or more links. (A common characteristic of comment spam is a large number of hyperlinks.)'), '<input name="comment_max_links" type="text" id="comment_max_links" size="3" value="' . get_settings('comment_max_links'). '" />' ) ?></p>

 <p><?php _e('When a comment contains any of these words in its content, name, URI, e-mail, or IP, hold it in the moderation queue: (Separate multiple words with new lines.) <a href="http://codex.wordpress.org/Spam_Words">Common spam words</a>.') ?></p>
 <p> 
--- a/wp-admin/options-general.php
+++ b/wp-admin/options-general.php
@@ -83,7 +83,7 @@ foreach($wp_roles->role_names as $role => $name) {
 </tr> 
 <tr>
 <th scope="row">&nbsp;</th>
-<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Save option to update sample output.') ?> </td>
+<td><?php _e('<a href="http://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date formatting</a>. Click "Update options" to update sample output.') ?> </td>
 </tr>
 <tr>
 <th scope="row"><?php _e('Weeks in the calendar should start on:') ?></th>
--- a/wp-admin/options-misc.php
+++ b/wp-admin/options-misc.php
@@ -17,7 +17,7 @@ include('admin-header.php');
 <table class="editform optiontable">
 <tr valign="top">
 <th scope="row"><?php _e('Store uploads in this folder'); ?>:</th>
-<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo str_replace(ABSPATH, '', get_settings('upload_path')); ?>" size="40" />
+<td><input name="upload_path" type="text" id="upload_path" class="code" value="<?php echo attribute_escape(str_replace(ABSPATH, '', get_settings('upload_path'))); ?>" size="40" />
 <br />
 <?php _e('Default is <code>wp-content/uploads</code>'); ?>
 </td>
--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -148,7 +148,7 @@ checked="checked"
 </label>
 <br />
 </p>
-<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo $permalink_structure; ?>" size="50" /></p>
+<p id="customstructure"><?php _e('Custom structure'); ?>: <input name="permalink_structure" id="permalink_structure" type="text" class="code" style="width: 60%;" value="<?php echo attribute_escape($permalink_structure); ?>" size="50" /></p>

 <h3><?php _e('Optional'); ?></h3>
 <?php if ($is_apache) : ?>
@@ -157,7 +157,7 @@ checked="checked"
 	<p><?php _e('If you like, you may enter a custom prefix for your category URIs here. For example, <code>/index.php/taxonomy/tags</code> would make your category links like <code>http://example.org/index.php/taxonomy/tags/uncategorized/</code>. If you leave this blank the default will be used.') ?></p>
 <?php endif; ?>
 	<p> 
-  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo $category_base; ?>" size="30" /> 
+  <?php _e('Category base'); ?>: <input name="category_base" type="text" class="code"  value="<?php echo attribute_escape($category_base); ?>" size="30" /> 
     </p> 
    <p class="submit"> 
      <input type="submit" name="submit" value="<?php _e('Update Permalink Structure &raquo;') ?>" /> 
@@ -168,7 +168,7 @@ checked="checked"
 <form action="options-permalink.php" method="post">
 <?php wp_nonce_field('update-permalink') ?>
   <p>
-<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
+<textarea rows="5" style="width: 98%;" name="rules"><?php echo wp_specialchars($wp_rewrite->mod_rewrite_rules()); ?>
 </textarea>
    </p>
 </form>
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -24,6 +24,67 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 if ( !current_user_can('manage_options') )
 	die ( __('Cheatin&#8217; uh?') );

+function sanitize_option($option, $value) {
+
+	switch ($option) {
+		case 'admin_email':
+			$value = sanitize_email($value);
+			break;
+
+		case 'default_post_edit_rows':
+		case 'mailserver_port':
+		case 'comment_max_links':
+			$value = abs((int) $value);
+			break;
+
+		case 'posts_per_page':
+		case 'posts_per_rss':
+			$value = (int) $value;
+			if ( empty($value) ) $value = 1;
+			if ( $value < -1 ) $value = abs($value);
+			break;
+
+		case 'default_ping_status':
+		case 'default_comment_status':
+			// Options that if not there have 0 value but need to be something like "closed"
+			if ( $value == '0' || $value == '')
+				$value = 'closed';
+			break;
+
+		case 'blogdescription':
+		case 'blogname':
+			if (current_user_can('unfiltered_html') == false)
+				$value = wp_filter_post_kses( $value );
+			break;
+
+		case 'blog_charset':
+			$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+			break;
+
+		case 'date_format':
+		case 'time_format':
+		case 'mailserver_url':
+		case 'mailserver_login':
+		case 'mailserver_pass':
+		case 'ping_sites':
+		case 'upload_path':
+			$value = strip_tags($value);
+			$value = wp_filter_kses($value);
+			break;
+
+		case 'gmt_offset':
+			$value = preg_replace('/[^0-9:.-]/', '', $value);
+			break;
+
+		case 'siteurl':
+		case 'home':
+			$value = clean_url($value);
+			break;
+	}
+
+	return $value;	
+}
+
 switch($action) {

 case 'update':
@@ -31,9 +92,10 @@ case 'update':
 	
 	check_admin_referer('update-options');

-	if (!$_POST['page_options']) {
-		foreach ($_POST as $key => $value) {
-			$options[] = $key;
+	if ( !$_POST['page_options'] ) {
+		foreach ( (array) $_POST as $key => $value) {
+			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+				$options[] = $key;
 		}
 	} else {
 		$options = explode(',', stripslashes($_POST['page_options']));
@@ -43,19 +105,11 @@ case 'update':
 	$old_siteurl = get_settings('siteurl');
 	$old_home = get_settings('home');

-	// HACK
-	// Options that if not there have 0 value but need to be something like "closed"
-	$nonbools = array('default_ping_status', 'default_comment_status');
 	if ($options) {
 		foreach ($options as $option) {
 			$option = trim($option);
 			$value = trim(stripslashes($_POST[$option]));
-				if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
-				$value = 'closed';
-			
-			if( $option == 'blogdescription' || $option == 'blogname' )
-				if (current_user_can('unfiltered_html') == false)
-					$value = wp_filter_post_kses( $value );
+			$value = sanitize_option($option, $value);
 			
 			if (update_option($option, $value) ) {
 				$any_changed++;
@@ -87,26 +141,48 @@ default:
 	include('admin-header.php'); ?>

 <div class="wrap">
-  <h2><?php _e('All options'); ?></h2>
-  <form name="form" action="options.php" method="post">
+  <h2><?php _e('All Options'); ?></h2>
+  <form name="form" action="options.php" method="post" id="all-options">
  <?php wp_nonce_field('update-options') ?>
  <input type="hidden" name="action" value="update" />
  <table width="98%">
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");

-foreach ($options as $option) :
-	$value = wp_specialchars($option->option_value);
+foreach ( (array) $options as $option) :
+	$disabled = '';
+	if ( is_serialized($option->option_value) ) {
+		if ( is_serialized_string($option->option_value) ) {
+			// this is a serialized string, so we should display it
+			$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
+			$options_to_update[] = $option->option_name;
+			$class = 'all-options';
+		} else {
+			$value = 'SERIALIZED DATA';
+			$disabled = ' disabled="disabled"';
+			$class = 'all-options disabled';
+		}
+	} else {
+		$value = wp_specialchars($option->option_value, 'single');
+		$options_to_update[] = $option->option_name;
+		$class = 'all-options';
+	}
 	echo "
 <tr>
 	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
-	<td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>
+<td>";
+
+	if (stristr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
+	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
+	
+	echo "</td>
 	<td>$option->option_description</td>
 </tr>";
 endforeach;
 ?>
  </table>
-<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings &raquo;') ?>" /></p>
+<?php $options_to_update = implode(',', $options_to_update); ?>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
  </form>
 </div>

--- a/wp-admin/page-new.php
+++ b/wp-admin/page-new.php
@@ -7,7 +7,7 @@ require_once('admin-header.php');
 ?>

 <?php if ( isset($_GET['saved']) ) : ?>
-<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?> <a href="edit-pages.php"><?php _e('Manage pages'); ?> &raquo;</a></strong></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Page saved.') ?></strong> <a href="edit-pages.php"><?php _e('Manage pages'); ?></a> | <a href="<?php echo get_page_link( $_GET['saved'] ); ?>"><?php _e('View page'); ?> &raquo;</a></p></div>
 <?php endif; ?>

 <?php
@@ -20,4 +20,4 @@ if ( current_user_can('edit_pages') ) {
 }
 ?>

-<?php include('admin-footer.php'); ?> 
+<?php include('admin-footer.php'); ?>
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -88,12 +88,6 @@ if (empty($plugins)) {
 <?php
 	$style = '';

-	function sort_plugins($plug1, $plug2) {
-		return strnatcasecmp($plug1['Name'], $plug2['Name']);
-	}
-	
-	uksort($plugins, 'sort_plugins');
-
 	foreach($plugins as $plugin_file => $plugin_data) {
 		$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';

--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -48,11 +48,11 @@ case 'post':
 			break;
 		}
 	} else {
-		$location = 'post.php?posted=true';
+		$location = "post.php?posted=$post_ID";
 	}

 	if ( 'static' == $_POST['post_status'] )
-		$location = "page-new.php?saved=true";
+		$location = "page-new.php?saved=$post_ID";

 	if ( isset($_POST['save']) )
 		$location = "post.php?action=edit&post=$post_ID";
@@ -81,7 +81,7 @@ case 'edit':
 	?>
 	<div id='preview' class='wrap'>
 	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
-		<iframe src="<?php echo add_query_arg('preview', 'true', get_permalink($post->ID)); ?>" width="100%" height="600" ></iframe>
+		<iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
 	</div>
 	<?php
 	break;
@@ -138,10 +138,13 @@ case 'editpost':

 case 'delete':
 	$post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
-	check_admin_referer('delete-post_' . $post_id);

 	$post = & get_post($post_id);
-	
+	if ( 'static' == $post->post_status )
+		check_admin_referer('delete-page_' . $post_id);
+	else
+		check_admin_referer('delete-post_' . $post_id);
+
 	if ( !current_user_can('edit_post', $post_id) )	
 		die( __('You are not allowed to delete this post.') );

@@ -154,9 +157,12 @@ case 'delete':
 	}

 	$sendback = wp_get_referer();
-	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
-	elseif (strstr($sendback, 'attachments.php')) $sendback = get_settings('siteurl') .'/wp-admin/attachments.php';
-	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
+	if ( 'static' == $post->post_status )
+		$sendback = get_option('siteurl') . '/wp-admin/edit-pages.php';
+	elseif ( strstr($sendback, 'post.php') )
+		$sendback = get_option('siteurl') .'/wp-admin/post.php';
+	elseif ( strstr($sendback, 'attachments.php') )
+		$sendback = get_option('siteurl') .'/wp-admin/attachments.php';
 	wp_redirect($sendback);
 	break;

@@ -335,13 +341,10 @@ case 'editedcomment':

 	edit_comment();

-	$referredby = $_POST['referredby'];
-	if (!empty($referredby)) {
-		wp_redirect($referredby);
-	} else {
-		wp_redirect("edit.php?p=$comment_post_ID&c=1#comments");
-	}
-
+	$location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;
+	$location = apply_filters('comment_edit_redirect', $location, $comment_ID);
+	wp_redirect($location);
+	exit();
 	break;

 default:
@@ -349,7 +352,7 @@ default:
 	require_once ('./admin-header.php');
 ?>
 <?php if ( isset($_GET['posted']) ) : ?>
-<div id="message" class="updated fade"><p><?php printf(__('Post saved. <a href="%s">View site &raquo;</a>'), get_bloginfo('home') . '/'); ?></p></div>
+<div id="message" class="updated fade"><p><strong><?php _e('Post saved.'); ?></strong> <a href="<?php echo get_permalink( $_GET['posted'] ); ?>"><?php _e('View post'); ?> &raquo;</a></p></div>
 <?php endif; ?>
 <?php
 	if ( current_user_can('edit_posts') ) {
@@ -384,7 +387,7 @@ default:

 		include('edit-form-advanced.php');
 ?>
-<div class="wrap">
+<div id="wp-bookmarklet" class="wrap">
 <?php echo '<h3>'.__('WordPress bookmarklet').'</h3>
 <p>'.__('Right click on the following link and choose "Add to favorites" to create a posting shortcut.').'</p>'; ?>
 <p>
--- a/wp-admin/profile.php
+++ b/wp-admin/profile.php
@@ -5,7 +5,7 @@ $title = __('Profile');

 $parent_file = 'profile.php';
 include_once('admin-header.php');
-$profileuser = new WP_User($user_ID);
+$profileuser = get_user_to_edit($user_ID);

 $bookmarklet_height= 440;
 ?>
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -71,14 +71,17 @@ default:

 	update_recently_edited($file);

-	if (!is_file($real_file))
+	if ( !is_file($real_file) ) {
 		$error = true;
-	
-	if (!$error) {
+	} else {
 		$f = @ fopen($real_file, 'r');
 		if ( $f ) {
-			$content = fread($f, filesize($real_file));
-			$content = htmlspecialchars($content);
+			if ( filesize($real_file ) > 0 ) {
+				$content = fread($f, filesize($real_file));
+				$content = htmlspecialchars($content);
+			} else {
+				$content = '';
+			}
 		} else {
 			$error = true;
 		}
@@ -108,7 +111,7 @@ if ( $recents ) :
 <?php
 echo '<ol>';
 foreach ($recents as $recent) :
-	echo "<li><a href='templates.php?file=$recent'>" . get_file_description(basename($recent)) . "</a></li>";
+	echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";
 endforeach;
 echo '</ol>';
 endif;
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -58,11 +58,15 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
-		wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
+		$location = "theme-editor.php?file=$file&theme=$theme&a=te";
 	} else {
-		wp_redirect("theme-editor.php?file=$file&theme=$theme");
+		$location = "theme-editor.php?file=$file&theme=$theme";
 	}

+	$location = wp_kses_no_null($location);
+	$strip = array('%0d', '%0a');
+	$location = str_replace($strip, '', $location);
+	header("Location: $location");
 	exit();

 break;
@@ -97,7 +101,7 @@ default:
 		$theme_name = $a_theme['Name'];
 		if ($theme_name == $theme) $selected = " selected='selected'";
 		else $selected = '';
-		$theme_name = wp_specialchars($theme_name, true);
+		$theme_name = attribute_escape($theme_name);
 		echo "\n\t<option value=\"$theme_name\" $selected>$theme_name</option>";
 	}
 ?>
--- a/wp-admin/upgrade-schema.php
+++ b/wp-admin/upgrade-schema.php
@@ -123,7 +123,8 @@ CREATE TABLE $wpdb->posts (
  post_mime_type varchar(100) NOT NULL default '',
  comment_count bigint(20) NOT NULL default '0',
  PRIMARY KEY  (ID),
-  KEY post_name (post_name)
+  KEY post_name (post_name),
+  KEY post_status (post_status)
 );
 CREATE TABLE $wpdb->users (
  ID bigint(20) unsigned NOT NULL auto_increment,
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
 switch($step) {

 	case 0:
-	$goback = wp_specialchars(wp_get_referer());
+	$goback = attribute_escape(stripslashes(wp_get_referer()));
 ?> 
 <p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
 	<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@@ -86,7 +86,7 @@ switch($step) {
 	if ( empty( $_GET['backto'] ) )
 		$backto = __get_option('home');
 	else
-		$backto = wp_specialchars( $_GET['backto'] , 1 );
+		$backto = attribute_escape(stripslashes($_GET['backto']));
 ?> 
 <h2><?php _e('Step 1'); ?></h2> 
 	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -21,6 +21,11 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 	}
 }

+$user_id = (int) $user_id;
+
+if ( !$user_id )
+	die(__('Invalid user ID.'));
+
 switch ($action) {
 case 'switchposts':

@@ -37,7 +42,7 @@ check_admin_referer('update-user_' . $user_id);
 $errors = array();

 if (!current_user_can('edit_users'))
-	$errors['head'] = __('You do not have permission to edit this user.');
+	die(__('You do not have permission to edit this user.'));
 else
 	$errors = edit_user($user_id);

@@ -49,9 +54,11 @@ if(count($errors) == 0) {
 default:
 include ('admin-header.php');

-$profileuser = new WP_User($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users')) 
+	die__('You do not have permission to edit this user.');

-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
 ?>

 <?php if ( isset($_GET['updated']) ) : ?>
@@ -105,7 +112,7 @@ echo '</select>';
 <p><label><?php _e('Nickname:') ?><br />
 <input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>

-</p><label><?php _e('Display name publicly as:') ?> <br />
+<p><label><?php _e('Display name publicly as:') ?> <br />
 <select name="display_name">
 <option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
 <option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -15,6 +15,7 @@ case 'promote':

 	if (empty($_POST['users'])) {
 		wp_redirect('users.php');
+		exit();
 	}

 	if ( !current_user_can('edit_users') )
@@ -34,6 +35,7 @@ case 'promote':
 	}
 		
 	wp_redirect('users.php?update=' . $update);
+	exit();

 break;

@@ -43,6 +45,7 @@ case 'dodelete':

 	if ( empty($_POST['users']) ) {
 		wp_redirect('users.php');
+		exit();
 	}

 	if ( !current_user_can('edit_users') )
@@ -67,15 +70,17 @@ case 'dodelete':
 	}

 	wp_redirect('users.php?update=' . $update);
-
+	exit();
 break;

 case 'delete':

 	check_admin_referer('bulk-users');

-	if ( empty($_POST['users']) )
+	if ( empty($_POST['users']) ) {
 		wp_redirect('users.php');
+		exit();
+	}

 	if ( !current_user_can('edit_users') )
 		$error['edit_users'] = __('You can&#8217;t delete users.');
@@ -135,9 +140,9 @@ case 'adduser':
 	
 	$errors = add_user();
 	
-	if(count($errors) == 0) {
+	if ( count($errors) == 0 ) {
 		wp_redirect('users.php?update=add');
-		die();
+		exit();
 	}

 default:
@@ -206,7 +211,7 @@ default:
  <table cellpadding="3" cellspacing="3" width="100%">
 	<?php
 	foreach($roleclasses as $role => $roleclass) {
-		ksort($roleclass);
+		uksort($roleclass, "strnatcasecmp");
 		?>

 	<tr>
--- a/wp-admin/wp-admin.css
+++ b/wp-admin/wp-admin.css
@@ -357,6 +357,14 @@ table .vers, table .name {
 	text-align: center;
 }

+textarea.all-options, input.all-options {
+	width: 250px;
+}
+
+input.disabled, textarea.disabled {
+	background: #ccc;
+}
+
 #adminmenu {
 	background: #6da6d1;
 	border-top: 3px solid #448abd;
@@ -880,7 +888,7 @@ table .vers, table .name {
 	background: #2685af url(images/box-head-right.gif) no-repeat top right;
 }

-#advancedstuff div.dbx-handle-wrapper {
+#advancedstuff div.dbx-h-andle-wrapper {
 	margin: 0 0 0 -7px;
 	background: #fff url(images/box-head-left.gif) no-repeat top left;
 }
@@ -896,7 +904,7 @@ table .vers, table .name {
 	padding-right: 17px;
 }

-#advancedstuff div.dbx-content-wrapper {
+#advancedstuff div.dbx-c-ontent-wrapper {
 	margin-left: -7px;
 	margin-right: 0;
 	background: url(images/box-bg-left.gif) repeat-y left;
@@ -908,11 +916,11 @@ table .vers, table .name {
 	background: url(images/box-butt-right.gif) no-repeat bottom right;
 }

-#advancedstuff div.dbx-box-wrapper {
+#advancedstuff div.dbx-b-ox-wrapper {
 	background: url(images/box-butt-left.gif) no-repeat bottom left;
 }

-#advancedstuff .dbx-box-closed div.dbx-content-wrapper {
+#advancedstuff .dbx-box-closed div.dbx-c-ontent-wrapper {
 	padding-bottom: 2px;
 	background: url(images/box-butt-left.gif) no-repeat bottom left;
 }
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -57,8 +57,9 @@ if ( !$user->ID ) :
 	setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
 endif;

-$location = ( empty( $_POST['redirect_to'] ) ) ? get_permalink( $comment_post_ID ) : $_POST['redirect_to']; 
+$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . '#comment-' . $comment_id;
+$location = apply_filters('comment_post_redirect', $location, $comment);

-wp_redirect( $location );
+wp_redirect($location);

 ?>
--- a/wp-content/plugins/wp-db-backup.php
+++ b/wp-content/plugins/wp-db-backup.php
@@ -4,7 +4,7 @@ Plugin Name: WordPress Database Backup
 Plugin URI: http://www.skippy.net/blog/plugins/
 Description: On-demand backup of your WordPress database.
 Author: Scott Merrill
-Version: 1.7
+Version: 1.8
 Author URI: http://www.skippy.net/

 Much of this was modified from Mark Ghosh's One Click Backup, which
@@ -69,7 +69,8 @@ class wpdbBackup {
 			$via = isset($_GET['via']) ? $_GET['via'] : 'http';
 			
 			$this->backup_file = $_GET['backup'];
-			
+			$this->validate_file($this->backup_file);
+
 			switch($via) {
 			case 'smtp':
 			case 'email':
@@ -95,6 +96,7 @@ class wpdbBackup {
 		}
 		if (isset($_GET['fragment'] )) {
 			list($table, $segment, $filename) = explode(':', $_GET['fragment']);
+			$this->validate_file($filename);
 			$this->backup_fragment($table, $segment, $filename);
 		}

@@ -881,6 +883,18 @@ class wpdbBackup {
 		
 		return;
 	} // wp_cron_db_backup
+
+	function validate_file($file) {
+		if (false !== strpos($file, '..'))
+			die(__("Cheatin' uh ?"));
+
+		if (false !== strpos($file, './'))
+			die(__("Cheatin' uh ?"));
+
+		if (':' == substr($file, 1, 1))
+			die(__("Cheatin' uh ?"));
+	}
+
 }

 function wpdbBackup_init() {
--- a/wp-content/themes/classic/comments-popup.php
+++ b/wp-content/themes/classic/comments-popup.php
@@ -60,7 +60,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author"><?php _e("Name"); ?></label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>

 	<p>
--- a/wp-content/themes/classic/sidebar.php
+++ b/wp-content/themes/classic/sidebar.php
@@ -12,7 +12,7 @@
 </li>
 <li id="search">
   <label for="s"><?php _e('Search:'); ?></label>	
-   <form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">
+   <form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
 	<div>
 		<input type="text" name="s" id="s" size="15" /><br />
 		<input type="submit" value="<?php _e('Search'); ?>" />
--- a/wp-content/themes/default/comments-popup.php
+++ b/wp-content/themes/default/comments-popup.php
@@ -60,7 +60,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author">Name</label>
 	<input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($_SERVER["REQUEST_URI"]); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($_SERVER["REQUEST_URI"]); ?>" />
 	</p>

 	<p>
--- a/wp-content/themes/default/searchform.php
+++ b/wp-content/themes/default/searchform.php
@@ -1,5 +1,5 @@
 <form method="get" id="searchform" action="<?php bloginfo('home'); ?>/">
-<div><input type="text" value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />
+<div><input type="text" value="<?php echo attribute_escape($s); ?>" name="s" id="s" />
 <input type="submit" id="searchsubmit" value="Search" />
 </div>
 </form>
--- a/wp-includes/cache.php
+++ b/wp-includes/cache.php
@@ -8,6 +8,8 @@ function wp_cache_add($key, $data, $flag = '', $expire = 0) {
 function wp_cache_close() {
 	global $wp_object_cache;

+	if ( ! isset($wp_object_cache) )
+		return;
 	return $wp_object_cache->save();
 }

@@ -30,9 +32,7 @@ function wp_cache_get($id, $flag = '') {
 }

 function wp_cache_init() {
-	global $wp_object_cache;
-
-	$wp_object_cache = new WP_Object_Cache();
+	$GLOBALS['wp_object_cache'] =& new WP_Object_Cache();
 }

 function wp_cache_replace($key, $data, $flag = '', $expire = 0) {
@@ -404,8 +404,14 @@ class WP_Object_Cache {
 	}

 	function WP_Object_Cache() {
+		return $this->__construct();
+	}
+	
+	function __construct() {
 		global $blog_id;

+		register_shutdown_function(array(&$this, "__destruct"));
+
 		if (defined('DISABLE_CACHE'))
 			return;

@@ -440,5 +446,10 @@ class WP_Object_Cache {

 		$this->blog_id = $this->hash($blog_id);
 	}
+
+	function __destruct() {
+		$this->save();
+		return true;	
+	}
 }
 ?>
--- a/wp-includes/class-snoopy.php
+++ b/wp-includes/class-snoopy.php
@@ -1239,7 +1239,7 @@ class Snoopy

 						$fp = fopen($file_name, "r");
 						while (!feof($fp)) {
-							$file_content = fread($fp, filesize($file_name));
+							$file_content .= fread($fp, filesize($file_name));
 						}
 						fclose($fp);
 						$base_name = basename($file_name);
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -109,7 +109,7 @@ class WP_Query {
 			// If year, month, day, hour, minute, and second are set, a single 
 			// post is being queried.        
 			$this->is_single = true;
-		} elseif ('' != $qv['static'] || '' != $qv['pagename'] || '' != $qv['page_id']) {
+		} elseif ('' != $qv['static'] || '' != $qv['pagename'] || (int) $qv['page_id']) {
 			$this->is_page = true;
 			$this->is_single = false;
 		} elseif (!empty($qv['s'])) {
@@ -246,8 +246,12 @@ class WP_Query {
 	}

 	function set_404() {
+		$is_feed = $this->is_feed;
+
 		$this->init_query_flags();
-		$this->is_404 = true;	
+		$this->is_404 = true;
+
+		$this->is_feed = $is_feed;
 	}
 	
 	function get($query_var) {
@@ -594,13 +598,13 @@ class WP_Query {
 		}

 		if ( $this->is_attachment ) {
-			$where .= ' AND (post_status = "attachment")';
+			$where .= " AND (post_status = 'attachment')";
 		} elseif ($this->is_page) {
-			$where .= ' AND (post_status = "static")';
+			$where .= " AND (post_status = 'static')";
 		} elseif ($this->is_single) {
-			$where .= ' AND (post_status != "static")';
+			$where .= " AND (post_status != 'static')";
 		} else {
-			$where .= ' AND (post_status = "publish"';
+			$where .= " AND (post_status = 'publish'";

 			if (isset($user_ID) && ('' != intval($user_ID)))
 				$where .= " OR post_author = $user_ID AND post_status != 'draft' AND post_status != 'static')";
@@ -609,7 +613,7 @@ class WP_Query {
 		}

 		if (! $this->is_attachment )
-			$where .= ' AND post_status != "attachment"';
+			$where .= " AND post_status != 'attachment'";

 		// Apply filters on where and join prior to paging so that any
 		// manipulations to them are reflected in the paging by day queries.
@@ -805,7 +809,7 @@ class retrospam_mgr {
 		$list = array_unique( $list );
 		$this->spam_words = $list;

-		$this->comment_list = $wpdb->get_results("SELECT comment_ID AS ID, comment_content AS text, comment_approved AS approved, comment_author_url AS url, comment_author_ip AS ip, comment_author_email AS email FROM $wpdb->comments ORDER BY comment_ID ASC");
+		$this->comment_list = (array) $wpdb->get_results("SELECT comment_ID AS ID, comment_content AS text, comment_approved AS approved, comment_author_url AS url, comment_author_ip AS ip, comment_author_email AS email FROM $wpdb->comments ORDER BY comment_ID ASC");
 	}	// End of class constructor

 	function move_spam( $id_list ) {
@@ -818,9 +822,9 @@ class retrospam_mgr {
 				$cnt++;
 			}
 		}
-		echo "<div class='updated'><p>$cnt comment";
-		if ($cnt != 1 ) echo "s";
-		echo " moved to the moderation queue.</p></div>\n";
+		echo "<div class='updated'><p> ";
+		printf(__('%d comment(s) moved to the moderation queue.'), $cnt);
+		echo "</p></div>\n";
 	}	// End function move_spam

 	function find_spam() {
@@ -849,7 +853,7 @@ class retrospam_mgr {
 		$numfound = count($counters[found]);
 		$numqueue = $counters[in_queue];

-		$body = '<p>' . sprintf(__('Suspected spam comments: <strong>%s</strong>'), $numfound) . '</p>';
+		$body = '<p>' . sprintf(__('Suspected spam comments: %s'), "<strong>$numfound</strong>") . '</p>';

 		if ( count($counters[found]) > 0 ) {
 			$id_list = implode( ',', $counters[found] );
@@ -1032,6 +1036,7 @@ class WP_Rewrite {
 				$front = $front . 'date/';
 				break;
 			}
+			$tok_index++;
 		}

 		$this->date_structure = $front . $date_endian;
@@ -1314,6 +1319,14 @@ class WP_Rewrite {
 		if (empty($this->permalink_structure)) {
 			return $rewrite;
 		}
+		//Default Feed rules - These are require to allow for the direct access files to work with permalink structure starting with %category%
+		$default_feeds = array(	'wp-atom.php$'	=>	$this->index .'?feed=atom',
+								'wp-rdf.php$'	=>	$this->index .'?feed=rdf',
+								'wp-rss.php$'	=>	$this->index .'?feed=rss',
+								'wp-rss2.php$'	=>	$this->index .'?feed=rss2',
+								'wp-feed.php$'	=>	$this->index .'?feed=feed',
+								'wp-commentsrss2.php$'	=>	$this->index . '?feed=rss2&withcomments=1');
+

 		// Post
 		$post_rewrite = $this->generate_rewrite_rules($this->permalink_structure);
@@ -1349,7 +1362,7 @@ class WP_Rewrite {
 		$page_rewrite = apply_filters('page_rewrite_rules', $page_rewrite);

 		// Put them together.
-		$this->rules = array_merge($page_rewrite, $root_rewrite, $comments_rewrite, $search_rewrite, $category_rewrite, $author_rewrite, $date_rewrite, $post_rewrite);
+		$this->rules = array_merge($default_feeds, $page_rewrite, $root_rewrite, $comments_rewrite, $search_rewrite, $category_rewrite, $author_rewrite, $date_rewrite, $post_rewrite);

 		do_action('generate_rewrite_rules', array(&$this));
 		$this->rules = apply_filters('rewrite_rules_array', $this->rules);
@@ -1499,7 +1512,7 @@ class WP {

 			$pathinfo = $_SERVER['PATH_INFO'];
 			$pathinfo_array = explode('?', $pathinfo);
-			$pathinfo = $pathinfo_array[0];
+			$pathinfo = str_replace("%", "%25", $pathinfo_array[0]);
 			$req_uri = $_SERVER['REQUEST_URI'];
 			$req_uri_array = explode('?', $req_uri);
 			$req_uri = $req_uri_array[0];
@@ -1616,6 +1629,8 @@ class WP {
 			nocache_headers();
 		if ( !empty($this->query_vars['error']) && '404' == $this->query_vars['error'] ) {
 			status_header( 404 );
+			if ( !is_user_logged_in() )
+				nocache_headers();
 			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 		} else if ( empty($this->query_vars['feed']) ) {
 			@header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
@@ -1630,7 +1645,8 @@ class WP {
 			@header("ETag: $wp_etag");

 			// Support for Conditional GET
-			if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) $client_etag = stripslashes($_SERVER['HTTP_IF_NONE_MATCH']);
+			if (isset($_SERVER['HTTP_IF_NONE_MATCH']))
+				$client_etag = stripslashes(stripslashes($_SERVER['HTTP_IF_NONE_MATCH']));
 			else $client_etag = false;

 			$client_last_modified = trim( $_SERVER['HTTP_IF_MODIFIED_SINCE']);
@@ -1655,6 +1671,8 @@ class WP {
 		foreach ($this->public_query_vars as $wpvar) {
 			if (isset($this->query_vars[$wpvar]) && '' != $this->query_vars[$wpvar]) {
 				$this->query_string .= (strlen($this->query_string) < 1) ? '' : '&';
+				if ( !is_scalar($this->query_vars[$wpvar]) ) // Discard non-scalars.
+					continue;
 				$this->query_string .= $wpvar . '=' . rawurlencode($this->query_vars[$wpvar]);
 			}
 		}
@@ -1705,6 +1723,7 @@ class WP {
 		if ( (0 == count($wp_query->posts)) && !is_404() && !is_search() && ( $this->did_permalink || (!empty($_SERVER['QUERY_STRING']) && (false === strpos($_SERVER['REQUEST_URI'], '?'))) ) ) {
 			$wp_query->set_404();
 			status_header( 404 );
+			nocache_headers();
 		}	elseif( is_404() != true ) {
 			status_header( 200 );
 		}
--- a/wp-includes/comment-functions.php
+++ b/wp-includes/comment-functions.php
@@ -109,8 +109,6 @@ function wp_allow_comment($commentdata) {
 	global $wpdb;
 	extract($commentdata);

-	$comment_user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($comment_author_IP) );
-
 	// Simple duplicate check
 	$dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
 	if ( $comment_author_email )
@@ -215,15 +213,6 @@ function wp_delete_comment($comment_id) {
 	return true;
 }

-function clean_url( $url ) {
-	if ('' == $url) return $url;
-	$url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $url);
-	$url = str_replace(';//', '://', $url);
-	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
-	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
-	return $url;
-}
-
 function get_comments_number( $post_id = 0 ) {
 	global $wpdb, $comment_count_cache, $id;
 	$post_id = (int) $post_id;
@@ -315,7 +304,7 @@ function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Com
 		if (!empty($CSSclass)) {
 			echo ' class="'.$CSSclass.'"';
 		}
-		$title = wp_specialchars(apply_filters('the_title', get_the_title()), true);
+		$title = attribute_escape(apply_filters('the_title', get_the_title()));
 		echo ' title="' . sprintf( __('Comment on %s'), $title ) .'">';
 		comments_number($zero, $one, $more, $number);
 		echo '</a>';
@@ -833,7 +822,7 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $

 	if (1 == get_settings('comment_moderation')) return false; // If moderation is set to manual

-	if ( (count(explode('http:', $comment)) - 1) >= get_settings('comment_max_links') )
+	if ( preg_match_all("|(href\t*?=\t*?['\"]?)?(https?:)?//|i", $comment, $out) >= get_option('comment_max_links') )
 		return false; // Check # of external links

 	$mod_keys = trim( get_settings('moderation_keys') );
@@ -897,21 +886,21 @@ function sanitize_comment_cookies() {
 	if ( isset($_COOKIE['comment_author_'.COOKIEHASH]) ) {
 		$comment_author = apply_filters('pre_comment_author_name', $_COOKIE['comment_author_'.COOKIEHASH]);
 		$comment_author = stripslashes($comment_author);
-		$comment_author = wp_specialchars($comment_author, true);
+		$comment_author = attribute_escape($comment_author);
 		$_COOKIE['comment_author_'.COOKIEHASH] = $comment_author;
 	}

 	if ( isset($_COOKIE['comment_author_email_'.COOKIEHASH]) ) {
 		$comment_author_email = apply_filters('pre_comment_author_email', $_COOKIE['comment_author_email_'.COOKIEHASH]);
 		$comment_author_email = stripslashes($comment_author_email);
-		$comment_author_email = wp_specialchars($comment_author_email, true);	
+		$comment_author_email = attribute_escape($comment_author_email);	
 		$_COOKIE['comment_author_email_'.COOKIEHASH] = $comment_author_email;
 	}

 	if ( isset($_COOKIE['comment_author_url_'.COOKIEHASH]) ) {
 		$comment_author_url = apply_filters('pre_comment_author_url', $_COOKIE['comment_author_url_'.COOKIEHASH]);
 		$comment_author_url = stripslashes($comment_author_url);
-		$comment_author_url = wp_specialchars($comment_author_url, true);
+		$comment_author_url = attribute_escape($comment_author_url);
 		$_COOKIE['comment_author_url_'.COOKIEHASH] = $comment_author_url;
 	}
 }
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -57,6 +57,31 @@ add_filter('pre_category_name', 'wp_filter_kses');
 add_filter('pre_category_name', 'wp_specialchars', 30);
 add_filter('pre_category_description', 'wp_filter_kses');

+//Links
+add_filter('pre_link_name', 'strip_tags');
+add_filter('pre_link_name', 'trim');
+add_filter('pre_link_name', 'wp_filter_kses');
+add_filter('pre_link_name', 'wp_specialchars', 30);
+add_filter('pre_link_description', 'wp_filter_kses');
+add_filter('pre_link_notes', 'wp_filter_kses');
+add_filter('pre_link_url', 'strip_tags');
+add_filter('pre_link_url', 'trim');
+add_filter('pre_link_url', 'clean_url');
+add_filter('pre_link_image', 'strip_tags');
+add_filter('pre_link_image', 'trim');
+add_filter('pre_link_image', 'clean_url');
+add_filter('pre_link_rss', 'strip_tags');
+add_filter('pre_link_rss', 'trim');
+add_filter('pre_link_rss', 'clean_url');
+add_filter('pre_link_target', 'strip_tags');
+add_filter('pre_link_target', 'trim');
+add_filter('pre_link_target', 'wp_filter_kses');
+add_filter('pre_link_target', 'wp_specialchars', 30);
+add_filter('pre_link_rel', 'strip_tags');
+add_filter('pre_link_rel', 'trim');
+add_filter('pre_link_rel', 'wp_filter_kses');
+add_filter('pre_link_rel', 'wp_specialchars', 30);
+
 // Users
 add_filter('pre_user_display_name', 'strip_tags');
 add_filter('pre_user_display_name', 'trim');
@@ -115,6 +140,9 @@ add_filter('comment_text_rss', 'ent2ncr', 8);
 add_filter('bloginfo_rss', 'ent2ncr', 8);
 add_filter('the_author', 'ent2ncr', 8);

+// Misc filters
+add_filter('option_blog_charset', 'wp_specialchars');
+
 // Actions
 add_action('publish_post', 'generic_ping');
 add_action('wp_head', 'rsd_link');
--- a/wp-includes/feed-functions.php
+++ b/wp-includes/feed-functions.php
@@ -134,9 +134,9 @@ function the_category_rss($type = 'rss') {
    foreach ($categories as $category) {
        $category->cat_name = convert_chars($category->cat_name);
        if ('rdf' == $type) {
-            $the_list .= "\n\t<dc:subject>$category->cat_name</dc:subject>";
+            $the_list .= "\n\t\t<dc:subject>$category->cat_name</dc:subject>\n";
        } else {
-            $the_list .= "\n\t<category>$category->cat_name</category>";
+            $the_list .= "\n\t\t<category>$category->cat_name</category>\n";
        }
    }
    echo apply_filters('the_category_rss', $the_list, $type);
--- a/wp-includes/functions-formatting.php
+++ b/wp-includes/functions-formatting.php
@@ -1,6 +1,7 @@
 <?php

 function wptexturize($text) {
+	global $wp_cockneyreplace;
 	$output = '';
 	// Capture tags and everything inside them
 	$textarr = preg_split("/(<.*>)/Us", $text, -1, PREG_SPLIT_DELIM_CAPTURE);
@@ -16,9 +17,15 @@ function wptexturize($text) {
 			$curl = str_replace('...', '&#8230;', $curl);
 			$curl = str_replace('``', '&#8220;', $curl);

-			// This is a hack, look at this more later. It works pretty well though.
-			$cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
-			$cockneyreplace = array("&#8217;tain&#8217;t","&#8217;twere","&#8217;twas","&#8217;tis","&#8217;twill","&#8217;til","&#8217;bout","&#8217;nuff","&#8217;round","&#8217;cause");
+			// if a plugin has provided an autocorrect array, use it
+			if ( isset($wp_cockneyreplace) ) {
+				$cockney = array_keys($wp_cockneyreplace);
+				$cockney_replace = array_values($wp_cockneyreplace);
+			} else {
+				$cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
+				$cockneyreplace = array("&#8217;tain&#8217;t","&#8217;twere","&#8217;twas","&#8217;tis","&#8217;twill","&#8217;til","&#8217;bout","&#8217;nuff","&#8217;round","&#8217;cause");
+			}
+
 			$curl = str_replace($cockney, $cockneyreplace, $curl);

 			$curl = preg_replace("/'s/", '&#8217;s', $curl);
@@ -72,7 +79,7 @@ function wpautop($pee, $br = 1) {
 	$pee = preg_replace('!(</?(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*</p>!', "$1", $pee); 
 	if ($br) $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
 	$pee = preg_replace('!(</?(?:table|thead|tfoot|caption|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|blockquote|address|math|p|h[1-6])[^>]*>)\s*<br />!', "$1", $pee);
-	$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)>)!', '$1', $pee);
+	$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
 	$pee = preg_replace('!(<pre.*?>)(.*?)</pre>!ise', " stripslashes('$1') .  stripslashes(clean_pre('$2'))  . '</pre>' ", $pee);
 	
 	return $pee; 
@@ -245,8 +252,10 @@ function remove_accents($string) {
 		chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
 		chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
 		// Euro Sign
-		chr(226).chr(130).chr(172) => 'E');
-		
+		chr(226).chr(130).chr(172) => 'E',
+		// GBP (Pound) Sign
+		chr(194).chr(163) => '');
+
 		$string = strtr($string, $chars);
 	} else {
 		// Assume ISO-8859-1 if not UTF-8
@@ -390,26 +399,27 @@ function funky_javascript_fix($text) {

 /*
 balanceTags
- 
+
 Balances Tags of string using a modified stack.
- 
+
 @param text      Text to be balanced
+ @param force     Forces balancing, ignoring the value of the option
 @return          Returns balanced text
 @author          Leonard Lin (leonard@acm.org)
 @version         v1.1
 @date            November 4, 2001
 @license         GPL v2.0
- @notes           
- @changelog       
+ @notes
+ @changelog
 ---  Modified by Scott Reilly (coffee2code) 02 Aug 2004
-             1.2  ***TODO*** Make better - change loop condition to $text
-             1.1  Fixed handling of append/stack pop order of end text
-                  Added Cleaning Hooks
-             1.0  First Version
+	1.2  ***TODO*** Make better - change loop condition to $text
+	1.1  Fixed handling of append/stack pop order of end text
+	     Added Cleaning Hooks
+	1.0  First Version
 */
-function balanceTags($text, $is_comment = 0) {
-	
-	if ( get_option('use_balanceTags') == 0)
+function balanceTags($text, $force = false) {
+
+	if ( !$force && get_option('use_balanceTags') == 0 )
 		return $text;

 	$tagstack = array(); $stacksize = 0; $tagqueue = ''; $newtext = '';
@@ -431,7 +441,7 @@ function balanceTags($text, $is_comment = 0) {
 		if ($regex[1][0] == "/") { // End Tag
 			$tag = strtolower(substr($regex[1],1));
 			// if too many closing tags
-			if($stacksize <= 0) { 
+			if($stacksize <= 0) {
 				$tag = '';
 				//or close to be safe $tag = '/' . $tag;
 			}
@@ -488,7 +498,7 @@ function balanceTags($text, $is_comment = 0) {
 		}
 		$newtext .= substr($text,0,$i) . $tag;
 		$text = substr($text,$i+$l);
-	}  
+	}

 	// Clear Tag Queue
 	$newtext .= $tagqueue;
@@ -509,7 +519,7 @@ function balanceTags($text, $is_comment = 0) {
 }

 function force_balance_tags($text) {
-	return balanceTags($text, 0, true);
+	return balanceTags($text, true);
 }

 function format_to_edit($content, $richedit = false) {
@@ -582,16 +592,24 @@ function antispambot($emailaddy, $mailto=0) {

 function make_clickable($ret) {
 	$ret = ' ' . $ret;
-	$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret);
-	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret);
-	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
-	$ret = substr($ret, 1);
+	// in testing, using arrays here was found to be faster
+	$ret = preg_replace(
+		array(
+			'#([\s>])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
+			'#([\s>])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is',
+			'#([\s>])([a-z0-9\-_.]+)@([^,< \n\r]+)#i'),
+		array(
+			'$1<a href="$2" rel="nofollow">$2</a>',
+			'$1<a href="http://$2" rel="nofollow">$2</a>',
+			'$1<a href="mailto:$2@$3">$2@$3</a>'),$ret);
+	// this one is not in an array because we need it to run last, for cleanup of accidental links within links
+	$ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
 	$ret = trim($ret);
 	return $ret;
 }

 function wp_rel_nofollow( $text ) {
-	$text = preg_replace('|<a (.+?)>|i', '<a $1 rel="nofollow">', $text);
+	$text = preg_replace('|<a (.+?)>|ie', "'<a ' . str_replace(' rel=\"nofollow\"','',stripslashes('$1')) . ' rel=\"nofollow\">'", $text);
 	return $text;
 }

@@ -1027,10 +1045,33 @@ function wp_richedit_pre($text) {
 	return apply_filters('richedit_pre', $output);
 }

+function clean_url( $url, $protocols = null ) {
+	if ('' == $url) return $url;
+	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
+	$strip = array('%0d', '%0a');
+	$url = str_replace($strip, '', $url);
+	$url = str_replace(';//', '://', $url);
+	$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
+	$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
+	if ( !is_array($protocols) )
+		$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'); 
+	if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
+		return '';
+	return $url;
+}
+
 // Escape single quotes, specialchar double quotes, and fix line endings.
 function js_escape($text) {
-	$text = wp_specialchars($text, 'double');
-	$text = str_replace('&#039;', "'", $text);
-	return preg_replace("/\r?\n/", "\\n", addslashes($text));
+	$safe_text = wp_specialchars($text, 'double');
+	$safe_text = str_replace('&#039;', "'", $safe_text);
+	$safe_text = preg_replace("/\r?\n/", "\\n", addslashes($safe_text));
+	return apply_filters('js_escape', $safe_text, $text);
 }
+
+// Escaping for HTML attributes
+function attribute_escape($text) {
+	$safe_text = wp_specialchars($text, true);
+	return apply_filters('attribute_escape', $safe_text, $text);
+}
+
 ?>
--- a/wp-includes/functions-post.php
+++ b/wp-includes/functions-post.php
@@ -24,6 +24,7 @@ function wp_insert_post($postarr = array()) {

 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);
+	$post_content_filtered = apply_filters('content_filtered_save_pre',   $post_content_filtered);
 	$post_excerpt    = apply_filters('excerpt_save_pre',   $post_excerpt);
 	$post_title      = apply_filters('title_save_pre',     $post_title);
 	$post_category   = apply_filters('category_save_pre',  $post_category);
@@ -221,6 +222,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {

 	// Get the basics.
 	$post_content    = apply_filters('content_save_pre',   $post_content);
+	$post_content_filtered = apply_filters('content_filtered_save_pre',   $post_content_filtered);
 	$post_excerpt    = apply_filters('excerpt_save_pre',   $post_excerpt);
 	$post_title      = apply_filters('title_save_pre',     $post_title);
 	$post_category   = apply_filters('category_save_pre',  $post_category);
@@ -302,6 +304,7 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 			post_date = '$post_date',
 			post_date_gmt = '$post_date_gmt',
 			post_content = '$post_content',
+			post_content_filtered = '$post_content_filtered',
 			post_title = '$post_title',
 			post_excerpt = '$post_excerpt',
 			post_status = '$post_status',
@@ -321,9 +324,9 @@ function wp_insert_attachment($object, $file = false, $post_parent = 0) {
 	} else {
 		$wpdb->query(
 			"INSERT INTO $wpdb->posts
-			(post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
+			(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
 			VALUES
-			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
+			('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
 			$post_ID = $wpdb->insert_id;			
 	}
 	
@@ -549,6 +552,8 @@ function wp_delete_post($postid = 0) {
 	if ( 'static' == $post->post_status )
 		$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'static'");

+	$wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'attachment'");
+
 	$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
 	
 	$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
@@ -683,6 +688,7 @@ function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_age

 function wp_proxy_check($ipnum) {
 	if ( get_option('open_proxy_check') && isset($ipnum) ) {
+		$ipnum = preg_replace( '/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*/', '$1', $ipnum );
 		$rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
 		$lookup = $rev_ip . '.sbl-xbl.spamhaus.org.';
 		if ( $lookup != gethostbyname( $lookup ) )
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -262,10 +262,38 @@ function url_to_postid($url) {


 function maybe_unserialize($original) {
-	if ( false !== $gm = @ unserialize($original) )
-		return $gm;
-	else
-		return $original;
+	if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
+		if ( false !== $gm = @ unserialize($original) )
+			return $gm;
+	return $original;
+}
+
+function maybe_serialize($data) {
+	if ( is_string($data) )
+		$data = trim($data);
+	elseif ( is_array($data) || is_object($data) )
+		return serialize($data);
+	if ( is_serialized($data) )
+		return serialize($data);
+	return $data;
+}
+
+function is_serialized($data) {
+	if ( !is_string($data) ) // if it isn't a string, it isn't serialized
+		return false;
+	$data = trim($data);
+	if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
+		return true;
+	return false;
+}
+
+function is_serialized_string($data) {
+	if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
+		return false;
+	$data = trim($data);
+	if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
+		return true;
+	return false;
 }

 /* Options functions */
@@ -321,7 +349,7 @@ function get_user_option( $option, $user = 0 ) {
 }

 function form_option($option) {
-	echo htmlspecialchars( get_option($option), ENT_QUOTES );
+	echo attribute_escape( get_option($option));
 }

 function get_alloptions() {
@@ -365,8 +393,7 @@ function update_option($option_name, $newvalue) {
 	}

 	$_newvalue = $newvalue;
-	if ( is_array($newvalue) || is_object($newvalue) )
-		$newvalue = serialize($newvalue);
+	$newvalue = maybe_serialize($newvalue);

 	wp_cache_set($option_name, $newvalue, 'options');

@@ -395,8 +422,7 @@ function add_option($name, $value = '', $description = '', $autoload = 'yes') {
 	if ( false !== get_option($name) )
 		return;

-	if ( is_array($value) || is_object($value) )
-		$value = serialize($value);
+	$value = maybe_serialize($value);

 	wp_cache_set($name, $value, 'options');

@@ -421,52 +447,50 @@ function delete_option($name) {
 function add_post_meta($post_id, $key, $value, $unique = false) {
 	global $wpdb, $post_meta_cache;

+	$post_id = (int) $post_id;
+
 	if ( $unique ) {
-		if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key
-= '$key' AND post_id = '$post_id'") ) {
+		if ( $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
 			return false;
 		}
 	}

-	$original = $value;
-	if ( is_array($value) || is_object($value) )
-		$value = $wpdb->escape(serialize($value));
+	$post_meta_cache[$post_id][$key][] = $value;
+
+	$value = maybe_serialize($value);
+	$value = $wpdb->escape($value);

 	$wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");

-	$post_meta_cache['$post_id'][$key][] = $original;
-
 	return true;
 }

 function delete_post_meta($post_id, $key, $value = '') {
 	global $wpdb, $post_meta_cache;

+	$post_id = (int) $post_id;
+
 	if ( empty($value) ) {
-		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE
-post_id = '$post_id' AND meta_key = '$key'");
+		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
 	} else {
-		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE
-post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
+		$meta_id = $wpdb->get_var("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
 	}

 	if ( !$meta_id )
 		return false;

 	if ( empty($value) ) {
-		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id'
-AND meta_key = '$key'");
-		unset($post_meta_cache['$post_id'][$key]);
+		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key'");
+		unset($post_meta_cache[$post_id][$key]);
 	} else {
-		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id'
-AND meta_key = '$key' AND meta_value = '$value'");
-		$cache_key = $post_meta_cache['$post_id'][$key];
+		$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$post_id' AND meta_key = '$key' AND meta_value = '$value'");
+		$cache_key = $post_meta_cache[$post_id][$key];
 		if ($cache_key) foreach ( $cache_key as $index => $data )
 			if ( $data == $value )
-				unset($post_meta_cache['$post_id'][$key][$index]);
+				unset($post_meta_cache[$post_id][$key][$index]);
 	}

-	unset($post_meta_cache['$post_id'][$key]);
+	unset($post_meta_cache[$post_id][$key]);

 	return true;
 }
@@ -474,6 +498,8 @@ AND meta_key = '$key' AND meta_value = '$value'");
 function get_post_meta($post_id, $key, $single = false) {
 	global $wpdb, $post_meta_cache;

+	$post_id = (int) $post_id;
+
 	if ( isset($post_meta_cache[$post_id][$key]) ) {
 		if ( $single ) {
 			return maybe_unserialize( $post_meta_cache[$post_id][$key][0] );
@@ -507,34 +533,33 @@ function get_post_meta($post_id, $key, $single = false) {
 function update_post_meta($post_id, $key, $value, $prev_value = '') {
 	global $wpdb, $post_meta_cache;

+	$post_id = (int) $post_id;
+
 	$original_value = $value;
-	if ( is_array($value) || is_object($value) )
-		$value = $wpdb->escape(serialize($value));
+	$value = maybe_serialize($value);
+	$value = $wpdb->escape($value);

 	$original_prev = $prev_value;
-	if ( is_array($prev_value) || is_object($prev_value) )
-		$prev_value = $wpdb->escape(serialize($prev_value));
+	$prev_value = maybe_serialize($prev_value);
+	$prev_value = $wpdb->escape($prev_value);

-	if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key
-= '$key' AND post_id = '$post_id'") ) {
+	if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
 		return false;
 	}

 	if ( empty($prev_value) ) {
-		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE
-meta_key = '$key' AND post_id = '$post_id'");
-		$cache_key = $post_meta_cache['$post_id'][$key];
+		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id'");
+		$cache_key = $post_meta_cache[$post_id][$key];
 		if ( !empty($cache_key) )
 			foreach ($cache_key as $index => $data)
-				$post_meta_cache['$post_id'][$key][$index] = $original_value;
+				$post_meta_cache[$post_id][$key][$index] = $original_value;
 	} else {
-		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE
-meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
-		$cache_key = $post_meta_cache['$post_id'][$key];
+		$wpdb->query("UPDATE $wpdb->postmeta SET meta_value = '$value' WHERE meta_key = '$key' AND post_id = '$post_id' AND meta_value = '$prev_value'");
+		$cache_key = $post_meta_cache[$post_id][$key];
 		if ( !empty($cache_key) )
 			foreach ($cache_key as $index => $data)
 				if ( $data == $original_prev )
-					$post_meta_cache['$post_id'][$key][$index] = $original_value;
+					$post_meta_cache[$post_id][$key][$index] = $original_value;
 	}

 	return true;
@@ -844,9 +869,10 @@ function timer_stop($display = 0, $precision = 3) { //if called like timer_stop(
 	$mtime = $mtime[1] + $mtime[0];
 	$timeend = $mtime;
 	$timetotal = $timeend-$timestart;
+	$r = number_format($timetotal, $precision);
 	if ( $display )
-		echo number_format($timetotal,$precision);
-	return $timetotal;
+		echo $r;
+	return $r;
 }

 function weblog_ping($server = '', $path = '') {
@@ -1193,7 +1219,7 @@ function merge_filters($tag) {
 	}

 	if ( isset($wp_filter[$tag]) )
-		ksort( $wp_filter[$tag] );
+		uksort( $wp_filter[$tag], "strnatcasecmp" );
 }

 function apply_filters($tag, $string) {
@@ -1443,7 +1469,7 @@ function update_post_caches(&$posts) {
 		// Change from flat structure to hierarchical:
 		$post_meta_cache = array();
 		foreach ($meta_list as $metarow) {
-			$mpid = $metarow['post_id'];
+			$mpid = (int) $metarow['post_id'];
 			$mkey = $metarow['meta_key'];
 			$mval = $metarow['meta_value'];

@@ -2085,6 +2111,11 @@ function add_query_arg() {
 			$uri = @func_get_arg(2);
 	}

+	if ( $frag = strstr($uri, '#') )
+		$uri = substr($uri, 0, -strlen($frag));
+	else
+		$frag = '';
+
 	if ( preg_match('|^https?://|i', $uri, $matches) ) {
 		$protocol = $matches[0];
 		$uri = substr($uri, strlen($protocol));
@@ -2124,7 +2155,7 @@ function add_query_arg() {
 			$ret .= "$k=$v";
 		}
 	}
-	$ret = $protocol . $base . $ret;
+	$ret = $protocol . $base . $ret . $frag;
 	return trim($ret, '?');
 }

@@ -2132,13 +2163,14 @@ function remove_query_arg($key, $query) {
 	return add_query_arg($key, '', $query);
 }

-function load_template($file) {
+function load_template($_template_file) {
 	global $posts, $post, $wp_did_header, $wp_did_template_redirect, $wp_query,
 		$wp_rewrite, $wpdb;

-	extract($wp_query->query_vars);
+	if ( is_array($wp_query->query_vars) )
+		extract($wp_query->query_vars, EXTR_SKIP);

-	require_once($file);
+	require_once($_template_file);
 }

 function add_magic_quotes($array) {
@@ -2155,10 +2187,21 @@ function add_magic_quotes($array) {
 }

 function wp_remote_fopen( $uri ) {
+	$timeout = 10;
+	$parsed_url = @parse_url($uri);
+
+	if ( !$parsed_url || !is_array($parsed_url) )
+		return false;
+
+	if ( !isset($parsed_url['scheme']) || !in_array($parsed_url['scheme'], array('http','https')) )
+		$uri = 'http://' . $uri;
+
 	if ( ini_get('allow_url_fopen') ) {
-		$fp = fopen( $uri, 'r' );
+		$fp = @fopen( $uri, 'r' );
 		if ( !$fp )
 			return false;
+
+		//stream_set_timeout($fp, $timeout); // Requires php 4.3
 		$linea = '';
 		while( $remote_read = fread($fp, 4096) )
 			$linea .= $remote_read;
@@ -2169,6 +2212,7 @@ function wp_remote_fopen( $uri ) {
 		curl_setopt ($handle, CURLOPT_URL, $uri);
 		curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1);
 		curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt ($handle, CURLOPT_TIMEOUT, $timeout);
 		$buffer = curl_exec($handle);
 		curl_close($handle);
 		return $buffer;
@@ -2197,8 +2241,10 @@ function status_header( $header ) {
 	elseif ( 410 == $header )
 		$text = 'Gone';

-	@header("HTTP/1.1 $header $text");
-	@header("Status: $header $text");
+	if ( version_compare(phpversion(), '4.3.0', '>=') )
+		@header("HTTP/1.1 $header $text", true, $header);
+	else
+		@header("HTTP/1.1 $header $text");
 }

 function nocache_headers() {
@@ -2213,7 +2259,7 @@ function get_usermeta( $user_id, $meta_key = '') {
 	$user_id = (int) $user_id;

 	if ( !empty($meta_key) ) {
-		$meta_key = preg_replace('|a-z0-9_|i', '', $meta_key);
+		$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
 		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
 	} else {
 		$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
@@ -2246,9 +2292,11 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 		return false;
 	$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);

-	if ( is_array($meta_value) || is_object($meta_value) )
-		$meta_value = serialize($meta_value);
-	$meta_value = trim( $meta_value );
+	// FIXME: usermeta data is assumed to be already escaped
+	if ( is_string($meta_value) )
+		$meta_value = stripslashes($meta_value);
+	$meta_value = maybe_serialize($meta_value);
+	$meta_value = $wpdb->escape($meta_value);
 	
 	if (empty($meta_value)) {
 		delete_usermeta($user_id, $meta_key);
@@ -2327,16 +2375,16 @@ function wp_nonce_field($action = -1) {
 }

 function wp_referer_field() {
-	$ref = wp_specialchars($_SERVER['REQUEST_URI']);
+	$ref = attribute_escape(stripslashes($_SERVER['REQUEST_URI']));
 	echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
 	if ( wp_get_original_referer() ) {
-		$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+		$original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
 		echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
 	}
 }

 function wp_original_referer_field() {
-	echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+	echo '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
 }

 function wp_get_referer() {
@@ -2413,7 +2461,7 @@ function wp_explain_nonce($action) {
 		}
 	}

-	return __('Are you sure you want to do this');
+	return __('Are you sure you want to do this?');
 }

 function wp_nonce_ays($action) {
@@ -2421,7 +2469,7 @@ function wp_nonce_ays($action) {

 	$adminurl = get_settings('siteurl') . '/wp-admin';
 	if ( wp_get_referer() )
-		$adminurl = wp_get_referer();
+		$adminurl = attribute_escape(stripslashes(wp_get_referer()));

 	$title = __('WordPress Confirmation');
 	// Remove extra layer of slashes.
@@ -2433,12 +2481,12 @@ function wp_nonce_ays($action) {
 		foreach ( (array) $q as $a ) {
 			$v = substr(strstr($a, '='), 1);
 			$k = substr($a, 0, -(strlen($v)+1));
-			$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+			$html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode($k)) . "' value='" . attribute_escape( urldecode($v)) . "' />\n";
 		}
 		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
-		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+		$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
 	} else {
-		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+		$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
 	}
 	$html .= "</body>\n</html>";
 	wp_die($html, $title);
@@ -2503,4 +2551,4 @@ function wp_die($message, $title = '') {
 	die();
 }

-?>
+?>
--- a/wp-includes/gettext.php
+++ b/wp-includes/gettext.php
@@ -63,10 +63,12 @@ class gettext_reader {
  function readint() {
      if ($this->BYTEORDER == 0) {
        // low endian
-        return array_shift(unpack('V', $this->STREAM->read(4)));
+        $low_end = unpack('V', $this->STREAM->read(4));
+        return array_shift($low_end);
      } else {
        // big endian
-        return array_shift(unpack('N', $this->STREAM->read(4)));
+        $big_end = unpack('N', $this->STREAM->read(4));
+        return array_shift($big_end);
      }
    }

--- a/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js
+++ b/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js
--- a/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin_src.js
+++ b/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin_src.js
--- a/wp-includes/js/tinymce/plugins/inlinepopups/readme.txt
+++ b/wp-includes/js/tinymce/plugins/inlinepopups/readme.txt
--- a/wp-includes/js/tinymce/tiny_mce_gzip.php
+++ b/wp-includes/js/tinymce/tiny_mce_gzip.php
@@ -59,7 +59,7 @@
 	gzip_compression();

 	// Output rest of headers
-	header("Content-type: text/javascript; charset: UTF-8");
+	header("Content-Type: text/javascript; charset=".get_bloginfo('charset'));
 	header("Vary: Accept-Encoding"); // Handle proxies
 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + $expiresOffset) . " GMT");

--- a/wp-includes/js/tinymce/wp-mce-help.php
+++ b/wp-includes/js/tinymce/wp-mce-help.php
@@ -1,6 +1,7 @@
 <?php

 require_once('../../../wp-config.php');
+header('Content-Type: text/html; charset='.get_bloginfo('charset'));

 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -524,21 +524,34 @@ function wp_filter_post_kses($data) {
 }

 function kses_init_filters() {
-		add_filter('pre_comment_author', 'wp_filter_kses');
-		add_filter('pre_comment_content', 'wp_filter_kses');
-		add_filter('content_save_pre', 'wp_filter_post_kses');
-		add_filter('title_save_pre', 'wp_filter_kses');
+	// Normal filtering.
+	add_filter('pre_comment_content', 'wp_filter_kses');
+	add_filter('title_save_pre', 'wp_filter_kses');
+
+	// Post filtering
+	add_filter('content_save_pre', 'wp_filter_post_kses');
+	add_filter('excerpt_save_pre', 'wp_filter_post_kses');
+	add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
+}
+
+function kses_remove_filters() {
+	// Normal filtering.
+	remove_filter('pre_comment_content', 'wp_filter_kses');
+	remove_filter('title_save_pre', 'wp_filter_kses');
+
+	// Post filtering
+	remove_filter('content_save_pre', 'wp_filter_post_kses');
+	remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
+	remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
 }

 function kses_init() {
-	remove_filter('pre_comment_author', 'wp_filter_kses');
-	remove_filter('pre_comment_content', 'wp_filter_kses');
-	remove_filter('content_save_pre', 'wp_filter_post_kses');
-	remove_filter('title_save_pre', 'wp_filter_kses');
+	kses_remove_filters();

 	if (current_user_can('unfiltered_html') == false)
 		kses_init_filters();
 }
+
 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
 ?>
--- a/wp-includes/links.php
+++ b/wp-includes/links.php
@@ -212,15 +212,15 @@ function get_links($category = -1,

 		$the_link = '#';
 		if (!empty($row->link_url))
-			$the_link = wp_specialchars($row->link_url);
+			$the_link = attribute_escape($row->link_url);

 		$rel = $row->link_rel;
 		if ($rel != '') {
 			$rel = ' rel="' . $rel . '"';
 		}

-		$desc = wp_specialchars($row->link_description, ENT_QUOTES);
-		$name = wp_specialchars($row->link_name, ENT_QUOTES);
+		$desc = attribute_escape($row->link_description);
+		$name = attribute_escape($row->link_name);
 		$title = $desc;

 		if ($show_updated) {
--- a/wp-includes/pluggable-functions.php
+++ b/wp-includes/pluggable-functions.php
@@ -78,9 +78,7 @@ function get_userdata( $user_id ) {

 	if ($metavalues) {
 		foreach ( $metavalues as $meta ) {
-			@ $value = unserialize($meta->meta_value);
-			if ($value === FALSE)
-				$value = $meta->meta_value;
+			$value = maybe_unserialize($meta->meta_value);
 			$user->{$meta->meta_key} = $value;

 			// We need to set user_level from meta, not row
@@ -131,9 +129,7 @@ function get_userdatabylogin($user_login) {

 	if ($metavalues) {
 		foreach ( $metavalues as $meta ) {
-			@ $value = unserialize($meta->meta_value);
-			if ($value === FALSE)
-				$value = $meta->meta_value;
+			$value = maybe_unserialize($meta->meta_value);
 			$user->{$meta->meta_key} = $value;

 			// We need to set user_level from meta, not row
@@ -258,7 +254,7 @@ endif;
 // Cookie safe redirect.  Works around IIS Set-Cookie bug.
 // http://support.microsoft.com/kb/q176113/
 if ( !function_exists('wp_redirect') ) :
-function wp_redirect($location) {
+function wp_redirect($location, $status = 302) {
 	global $is_IIS;

 	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:%]|i', '', $location);
@@ -266,10 +262,13 @@ function wp_redirect($location) {
 	$strip = array('%0d', '%0a');
 	$location = str_replace($strip, '', $location);

-	if ($is_IIS)
+	if ( $is_IIS ) {
 		header("Refresh: 0;url=$location");
-	else
+	} else {
+		if ( php_sapi_name() != 'cgi-fcgi' )
+			status_header($status); // This causes problems on IIS and some FastCGI setups
 		header("Location: $location");
+	}
 }
 endif;

@@ -335,7 +334,7 @@ function wp_notify_postauthor($comment_id, $comment_type='') {

 	if ('' == $user->user_email) return false; // If there's no email to send the comment to

-	$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
+	$comment_author_domain = @gethostbyaddr($comment->comment_author_IP);

 	$blogname = get_settings('blogname');
 	
@@ -412,7 +411,7 @@ function wp_notify_moderator($comment_id) {
 	$comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
 	$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");

-	$comment_author_domain = gethostbyaddr($comment->comment_author_IP);
+	$comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
 	$comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");

 	$notify_message  = sprintf( __('A new comment on the post #%1$s "%2$s" is waiting for your approval'), $post->ID, $post->post_title ) . "\r\n";
@@ -511,4 +510,4 @@ function wp_hash($data) {
 }
 endif;

-?>
+?>
--- a/wp-includes/rss-functions.php
+++ b/wp-includes/rss-functions.php
@@ -816,9 +816,8 @@ function parse_w3cdtf ( $date_str ) {
 		return -1;
 	}
 	}
-function wp_rss ($url, $num) {
+function wp_rss ($url, $num_items) {
 	//ini_set("display_errors", false); uncomment to suppress php errors thrown if the feed is not returned.
-	$num_items = $num;
 	$rss = fetch_rss($url);
 		if ( $rss ) {
 			echo "<ul>";
@@ -837,7 +836,7 @@ function wp_rss ($url, $num) {
 	}
 }

-function get_rss ($uri, $num = 5) { // Like get posts, but for RSS
+function get_rss ($url, $num_items = 5) { // Like get posts, but for RSS
 	$rss = fetch_rss($url);
 	if ( $rss ) {
 		$rss->items = array_slice($rss->items, 0, $num_items);
@@ -848,7 +847,6 @@ function get_rss ($uri, $num = 5) { // Like get posts, but for RSS
 			echo "</a><br />\n";
 			echo "</li>\n";
 		}
-		return $posts;
 	} else {
 		return false;
 	}
--- a/wp-includes/template-functions-author.php
+++ b/wp-includes/template-functions-author.php
@@ -1,14 +1,15 @@
 <?php

-function get_the_author($idmode = '') {
+function get_the_author($deprecated = '') {
 	global $authordata;
 	return apply_filters('the_author', $authordata->display_name);
 }

-function the_author($idmode = '', $echo = true) {
-	if ( $echo )
-		echo get_the_author($idmode);
-	return get_the_author($idmode);
+// Using echo = false is deprecated.  Use get_the_author instead.
+function the_author($deprecated = '', $deprecated_echo = true) {
+	if ( $deprecated_echo )
+		echo get_the_author();
+	return get_the_author();
 }

 function get_the_author_description() {
@@ -127,10 +128,10 @@ function the_author_posts() {
 }

 /* the_author_posts_link() requires no get_, use get_author_link() */
-function the_author_posts_link($idmode='') {
+function the_author_posts_link($deprecated = '') {
 	global $authordata;

-	echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars(the_author($idmode, false))) . '">' . the_author($idmode, false) . '</a>';
+	echo '<a href="' . get_author_link(0, $authordata->ID, $authordata->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape(get_the_author())) . '">' . get_the_author() . '</a>';
 }

 function get_author_link($echo = false, $author_id, $author_nicename = '') {
@@ -182,7 +183,7 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
 	$query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
 	$authors = $wpdb->get_results($query);

-	foreach ( $authors as $author ) {
+	foreach ( (array) $authors as $author ) {
 		$author = get_userdata( $author->ID );
 		$posts = get_usernumposts($author->ID);
 		$name = $author->nickname;
@@ -196,7 +197,7 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
 			if ( !$hide_empty )
 				$link = $name;
 		} else {
-			$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), wp_specialchars($author->display_name)) . '">' . $name . '</a>';
+			$link = '<a href="' . get_author_link(0, $author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), attribute_escape($author->display_name)) . '">' . $name . '</a>';

 			if ( (! empty($feed_image)) || (! empty($feed)) ) {
 				$link .= ' ';
@@ -234,4 +235,4 @@ function list_authors($optioncount = false, $exclude_admin = true, $show_fullnam
 	}
 }

-?>
+?>
--- a/wp-includes/template-functions-category.php
+++ b/wp-includes/template-functions-category.php
@@ -318,14 +318,14 @@ function list_cats($optionall = 1, $all = 'All', $sort_column = 'ID', $sort_orde
 	$num_found=0;
 	$thelist = "";

-	foreach ( $categories as $category ) {
+	foreach ( (array) $categories as $category ) {
 		if ( ( intval($hide_empty) == 0 || $category->category_count) && (!$hierarchical || $category->category_parent == $child_of) ) {
 			$num_found++;
 			$link = '<a href="'.get_category_link($category->cat_ID).'" ';
 			if ( $use_desc_for_title == 0 || empty($category->category_description) )
-				$link .= 'title="'. sprintf(__("View all posts filed under %s"), wp_specialchars($category->cat_name)) . '"';
+				$link .= 'title="'. sprintf(__("View all posts filed under %s"), attribute_escape($category->cat_name)) . '"';
 			else
-				$link .= 'title="' . wp_specialchars(apply_filters('category_description',$category->category_description,$category)) . '"';
+				$link .= 'title="' . attribute_escape(apply_filters('category_description',$category->category_description,$category)) . '"';
 			$link .= '>';
 			$link .= apply_filters('list_cats', $category->cat_name, $category).'</a>';

--- a/wp-includes/template-functions-general.php
+++ b/wp-includes/template-functions-general.php
@@ -63,6 +63,8 @@ function bloginfo($show='') {
 		!strstr($show, 'home')) {
 		$info = apply_filters('bloginfo', $info, $show);
 		$info = convert_chars($info);
+	} else {
+		$info = apply_filters('bloginfo_url', $info, $show);
 	}

 	echo $info;
@@ -261,7 +263,7 @@ function single_month_title($prefix = '', $display = true ) {
 /* link navigation hack by Orien http://icecode.com/ */
 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') {
 	$text = wptexturize($text);
-	$title_text = wp_specialchars($text, 1);
+	$title_text = attribute_escape($text);

 	if ('link' == $format)
 		return "\t<link rel='archives' title='$title_text' href='$url' />\n";
@@ -334,10 +336,10 @@ function get_archives($type='', $limit='', $format='html', $before = '', $after
 			foreach ( $arcresults as $arcresult ) {
 				$url	= get_month_link($arcresult->year,	$arcresult->month);
 				if ( $show_post_count ) {
-					$text = sprintf('%s %d', $month[zeroise($arcresult->month,2)], $arcresult->year);
+					$text = sprintf(__('%1$s %2$d'), $month[zeroise($arcresult->month,2)], $arcresult->year);
 					$after = '&nbsp;('.$arcresult->posts.')' . $afterafter;
 				} else {
-					$text = sprintf('%s %d', $month[zeroise($arcresult->month,2)], $arcresult->year);
+					$text = sprintf(__('%1$s %2$d'), $month[zeroise($arcresult->month,2)], $arcresult->year);
 				}
 				echo get_archives_link($url, $text, $format, $before, $after);
 			}
@@ -347,7 +349,7 @@ function get_archives($type='', $limit='', $format='html', $before = '', $after
 		if ( $arcresults ) {
 			foreach ( $arcresults as $arcresult ) {
 				$url	= get_day_link($arcresult->year, $arcresult->month, $arcresult->dayofmonth);
-				$date = sprintf("%d-%02d-%02d 00:00:00", $arcresult->year, $arcresult->month, $arcresult->dayofmonth);
+				$date = sprintf('%1$d-%2$02d-%3$02d 00:00:00', $arcresult->year, $arcresult->month, $arcresult->dayofmonth);
 				$text = mysql2date($archive_day_date_format, $date);
 				echo get_archives_link($url, $text, $format, $before, $after);
 			}
@@ -364,7 +366,7 @@ function get_archives($type='', $limit='', $format='html', $before = '', $after
 						$arc_week = get_weekstartend($arcresult->yyyymmdd, get_settings('start_of_week'));
 						$arc_week_start = date_i18n($archive_week_start_date_format, $arc_week['start']);
 						$arc_week_end = date_i18n($archive_week_end_date_format, $arc_week['end']);
-						$url  = sprintf('%s/%s%sm%s%s%sw%s%d', get_settings('home'), '', '?', '=', $arc_year, '&amp;', '=', $arcresult->week);
+						$url  = sprintf('%1$s/%2$s%3$sm%4$s%5$s%6$sw%7$s%8$d', get_settings('home'), '', '?', '=', $arc_year, '&amp;', '=', $arcresult->week);
 						$text = $arc_week_start . $archive_week_separator . $arc_week_end;
 						echo get_archives_link($url, $text, $format, $before, $after);
 					}
@@ -433,8 +435,8 @@ function get_calendar($daylength = 1) {
 		else
 				$thismonth = ''.zeroise(intval(substr($m, 4, 2)), 2);
 	} else {
-		$thisyear = gmdate('Y', current_time('timestamp') + get_settings('gmt_offset') * 3600);
-		$thismonth = gmdate('m', current_time('timestamp') + get_settings('gmt_offset') * 3600);
+		$thisyear = gmdate('Y', current_time('timestamp'));
+		$thismonth = gmdate('m', current_time('timestamp'));
 	}

 	$unixmonth = mktime(0, 0 , 0, $thismonth, 1, $thisyear);
--- a/wp-includes/template-functions-post.php
+++ b/wp-includes/template-functions-post.php
@@ -77,6 +77,9 @@ function get_the_content($more_link_text = '(more...)', $stripteaser = 0, $more_
 	else
 		$file = $pagenow; //$_SERVER['PHP_SELF'];

+	if ( $page > count($pages) ) // if the requested page doesn't exist
+		$page = count($pages); // give them the highest numbered page that DOES exist
+
 	$content = $pages[$page-1];
 	$content = explode('<!--more-->', $content, 2);
 	if ( (preg_match('/<!--noteaser-->/', $post->post_content) && ((!$multipage) || ($page==1))) )
@@ -155,7 +158,7 @@ function link_pages($before='<br />', $after='<br />', $next_or_number='number',
 					if ( '' == get_settings('permalink_structure') )
 						echo '<a href="' . get_permalink() . '&amp;page=' . $i . '">';
 					else
-						echo '<a href="' . trailingslashit( get_permalink() ) . $i . '/">';
+						echo '<a href="' . trailingslashit(get_permalink()) . $i . '/">';
 				}
 				echo $j;
 				if ( ($i != $page) || ((!$more) && ($page==1)) )
@@ -170,14 +173,14 @@ function link_pages($before='<br />', $after='<br />', $next_or_number='number',
 					if ( '' == get_settings('permalink_structure') )
 						echo '<a href="' . get_permalink() . '&amp;page=' . $i . '">'.$previouspagelink.'</a>';
 					else
-						echo '<a href="' . get_permalink() . $i . '/">'.$previouspagelink.'</a>';
+						echo '<a href="' . get_permalink() . $i . '/">' . $previouspagelink . '</a>';
 				}
 				$i = $page + 1;
 				if ( $i <= $numpages && $more ) {
 					if ( '' == get_settings('permalink_structure') )
-						echo '<a href="'.get_permalink() . '&amp;page=' . $i . '">'.$nextpagelink.'</a>';
+						echo '<a href="' . get_permalink() . '&amp;page=' . $i . '">' . $nextpagelink . '</a>';
 					else
-						echo '<a href="'.get_permalink().$i.'/">'.$nextpagelink.'</a>';
+						echo '<a href="' . trailingslashit(get_permalink()) . $i . '/">' . $nextpagelink . '</a>';
 				}
 				echo $after;
 			}
@@ -197,6 +200,8 @@ function get_post_custom( $post_id = 0 ) {
 	if ( ! $post_id )
 		$post_id = $id;

+	$post_id = (int) $post_id;
+
 	if ( isset($post_meta_cache[$post_id]) )
 		return $post_meta_cache[$post_id];

@@ -204,7 +209,7 @@ function get_post_custom( $post_id = 0 ) {
 		// Change from flat structure to hierarchical:
 		$post_meta_cache = array();
 		foreach ( $meta_list as $metarow ) {
-			$mpid = $metarow['post_id'];
+			$mpid = (int) $metarow['post_id'];
 			$mkey = $metarow['meta_key'];
 			$mval = $metarow['meta_value'];

@@ -253,11 +258,14 @@ function post_custom( $key = '' ) {

 // this will probably change at some point...
 function the_meta() {
-	global $id, $post_meta_cache;
+	global $id;

 	if ( $keys = get_post_custom_keys() ) {
 		echo "<ul class='post-meta'>\n";
 		foreach ( $keys as $key ) {
+			$keyt = trim($key);
+			if ( '_' == $keyt{0} )
+				continue;
 			$values = array_map('trim', get_post_custom_values($key));
 			$value = implode($values,', ');
 			echo "<li><span class='post-meta-key'>$key:</span> $value</li>\n";
@@ -410,13 +418,13 @@ function _page_level_out($parent, $page_tree, $args, $depth = 0, $echo = true) {

 	foreach ( $page_tree[$parent]['children'] as $page_id ) {
 		$cur_page = $page_tree[$page_id];
-		$title = $cur_page['title'];
+		$title = attribute_escape($cur_page['title']);

 		$css_class = 'page_item';
 		if ( $page_id == $queried_obj->ID )
 			$css_class .= ' current_page_item';

-		$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page_id) . '" title="' . wp_specialchars($title) . '">' . $title . '</a>';
+		$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page_id) . '" title="' . $title . '">' . $title . '</a>';

 		if ( isset($cur_page['ts']) ) {
 			$format = get_settings('date_format');
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -2,7 +2,7 @@

 // This just holds the version number, in a separate file so we can bump it without cluttering the SVN

-$wp_version = '2.0.4';
-$wp_db_version = 3440;
+$wp_version = '2.0.9';
+$wp_db_version = 3441;

 ?>
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -40,6 +40,12 @@ class wpdb {
 	//	DB Constructor - connects to the server and selects a database

 	function wpdb($dbuser, $dbpassword, $dbname, $dbhost) {
+		return $this->__construct($dbuser, $dbpassword, $dbname, $dbhost);
+	}
+	
+	function __construct($dbuser, $dbpassword, $dbname, $dbhost) {
+		register_shutdown_function(array(&$this, "__destruct"));
+
 		$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword);
 		if (!$this->dbh) {
 			$this->bail("
@@ -57,6 +63,10 @@ class wpdb {
 		$this->select($dbname);
 	}

+	function __destruct() {
+		return true;		
+	}
+
 	// ==================================================================
 	//	Select a DB (if another one needs to be selected)

@@ -122,7 +132,7 @@ class wpdb {
 	//	Kill cached query results

 	function flush() {
-		$this->last_result = null;
+		$this->last_result = array();
 		$this->col_info = null;
 		$this->last_query = null;
 	}
@@ -131,6 +141,11 @@ class wpdb {
 	//	Basic Query	- see docs for more detail

 	function query($query) {
+		// filter the query, if filters are available
+		// NOTE: some queries are made before the plugins have been loaded, and thus cannot be filtered with this method
+		if ( function_exists('apply_filters') )
+			$query = apply_filters('query', $query);
+
 		// initialise return
 		$return_val = 0;
 		$this->flush();
--- a/wp-links-opml.php
+++ b/wp-links-opml.php
@@ -44,12 +44,12 @@ FROM $wpdb->links
 <?php
             } // end if not first time
 ?>
-        <outline type="category" title="<?php echo wp_specialchars($result->cat_name); ?>">
+        <outline type="category" title="<?php echo attribute_escape($result->cat_name); ?>">
 <?php
             $prev_cat_id = $result->link_category;
        } // end if new category
 ?>
-            <outline text="<?php echo wp_specialchars($result->link_name); ?>" type="link" xmlUrl="<?php echo wp_specialchars($result->link_rss); ?>" htmlUrl="<?php echo wp_specialchars($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />
+            <outline text="<?php echo attribute_escape($result->link_name); ?>" type="link" xmlUrl="<?php echo attribute_escape($result->link_rss); ?>" htmlUrl="<?php echo attribute_escape($result->link_url); ?>" updated="<?php if ('0000-00-00 00:00:00' != $result->link_updated) echo $result->link_updated; ?>" />
 <?php
        } // end foreach
 ?>
--- a/wp-login.php
+++ b/wp-login.php
@@ -127,7 +127,7 @@ break;
 case 'resetpass' :

 	// Generate something random for a password... md5'ing current time with a rand salt
-	$key = preg_replace('/a-z0-9/i', '', $_GET['key']);
+	$key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']);
 	if ( empty($key) )
 		die( __('Sorry, that key does not appear to be valid.') );
 	$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
@@ -231,14 +231,14 @@ if ( $error )
 ?>

 <form name="loginform" id="loginform" action="wp-login.php" method="post">
-<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="1" /></label></p>
 <p><label><?php _e('Password:') ?><br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p>
 <p>
  <label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" /> 
  <?php _e('Remember me'); ?></label></p>
 <p class="submit">
 	<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> &raquo;" tabindex="4" />
-	<input type="hidden" name="redirect_to" value="<?php echo wp_specialchars($redirect_to); ?>" />
+	<input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
 </p>
 </form>
 <ul>
--- a/wp-register.php
+++ b/wp-register.php
@@ -113,8 +113,8 @@ default:
 <?php endif; ?>
 <form method="post" action="wp-register.php" id="registerform">
 	<p><input type="hidden" name="action" value="register" />
-	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
-	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
+	<label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo attribute_escape($user_login); ?>" /><br /></p>
+	<p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo attribute_escape($user_email); ?>" /></p>
 	<p><?php _e('A password will be emailed to you.') ?></p>
 	<p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>
 </form>
--- a/wp-rss2.php
+++ b/wp-rss2.php
@@ -47,7 +47,7 @@ $more = 1;
 		<content:encoded><![CDATA[<?php the_excerpt_rss() ?>]]></content:encoded>
 	<?php endif; ?>
 <?php endif; ?>
-		<wfw:commentRSS><?php echo comments_rss(); ?></wfw:commentRSS>
+		<wfw:commentRss><?php echo comments_rss(); ?></wfw:commentRss>
 <?php rss_enclosure(); ?>
 	<?php do_action('rss2_item'); ?>
 	</item>
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -12,8 +12,10 @@ function unregister_GLOBALS() {
 	
 	$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
 	foreach ( $input as $k => $v ) 
-		if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) )
+		if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {
+			$GLOBALS[$k] = NULL;
 			unset($GLOBALS[$k]);
+		}
 }

 unregister_GLOBALS(); 
@@ -199,9 +201,10 @@ $_SERVER = add_magic_quotes($_SERVER);

 do_action('sanitize_comment_cookies');

-$wp_query   = new WP_Query();
-$wp_rewrite = new WP_Rewrite();
-$wp         = new WP();
+$wp_the_query =& new WP_Query();
+$wp_query     =& $wp_the_query;
+$wp_rewrite   =& new WP_Rewrite();
+$wp           =& new WP();

 define('TEMPLATEPATH', get_template_directory());

@@ -224,4 +227,4 @@ register_shutdown_function('shutdown_action_hook');
 // Everything is loaded and initialized.
 do_action('init');

-?>
+?>
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -30,11 +30,13 @@ if ( !$_GET['tb_id'] ) {
 	$tb_id = intval( $tb_id[ count($tb_id) - 1 ] );
 }

-$tb_url    = $_POST['url'];
-$title     = $_POST['title'];
-$excerpt   = $_POST['excerpt'];
-$blog_name = $_POST['blog_name'];
-$charset   = $_POST['charset'];
+$tb_url  = $_POST['url'];
+$charset = $_POST['charset'];
+
+// These three are stripslashed here so that they can be properly escaped after mb_convert_encoding()
+$title     = stripslashes($_POST['title']);
+$excerpt   = stripslashes($_POST['excerpt']);
+$blog_name = stripslashes($_POST['blog_name']);

 if ($charset)
 	$charset = strtoupper( trim($charset) );
@@ -42,11 +44,16 @@ else
 	$charset = 'ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS';

 if ( function_exists('mb_convert_encoding') ) { // For international trackbacks
-	$title     = mb_convert_encoding($title, get_settings('blog_charset'), $charset);
-	$excerpt   = mb_convert_encoding($excerpt, get_settings('blog_charset'), $charset);
-	$blog_name = mb_convert_encoding($blog_name, get_settings('blog_charset'), $charset);
+	$title     = mb_convert_encoding($title, get_option('blog_charset'), $charset);
+	$excerpt   = mb_convert_encoding($excerpt, get_option('blog_charset'), $charset);
+	$blog_name = mb_convert_encoding($blog_name, get_option('blog_charset'), $charset);
 }

+// Now that mb_convert_encoding() has been given a swing, we need to escape these three
+$title     = $wpdb->escape($title);
+$excerpt   = $wpdb->escape($excerpt);
+$blog_name = $wpdb->escape($blog_name);
+
 if ( is_single() || is_page() ) 
    $tb_id = $posts[0]->ID;

--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -58,31 +58,8 @@ function starify($string) {
 	return str_repeat('*', $i);
 }

-logIO("I", $HTTP_RAW_POST_DATA);
-
-
-function mkdir_p($target) {
-	// from php.net/mkdir user contributed notes 
-	if (file_exists($target)) {
-	  if (!is_dir($target)) {
-	    return false;
-	  } else {
-	    return true;
-	  }
-	}
-
-	// Attempting to create the directory may clutter up our display.
-	if (@mkdir($target)) {
-	  return true;
-	}
-
-	// If the above failed, attempt to create the parent node, then try again.
-	if (mkdir_p(dirname($target))) {
-	  return mkdir_p($target);
-	}
-
-	return false;
-}
+if ( isset($HTTP_RAW_POST_DATA) )
+  logIO("I", $HTTP_RAW_POST_DATA);


 class wp_xmlrpc_server extends IXR_Server {
@@ -157,7 +134,7 @@ class wp_xmlrpc_server extends IXR_Server {
 	function escape(&$array) {
 		global $wpdb;

-		foreach ($array as $k => $v) {
+		foreach ( (array) $array as $k => $v ) {
 			if (is_array($v)) {
 				$this->escape($array[$k]);
 			} else if (is_object($v)) {