no follow callback

git-svn-id: http://svn.automattic.com/wordpress/branches/2.2@6106 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo" style="text-align: center">
 	<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-	<br /> Version 2.1
+	<br /> Version 2.2
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
@@ -29,7 +29,7 @@
 
 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.1:</h2>
+<h2>Upgrading from any previous WordPress to 2.2:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified.</li>
 	<li>Upload the new files.</li>
@@ -51,22 +51,22 @@
 	<dt><a href="http://wordpress.org/support/">WordPress Support Forums</a></dt>
 		<dd>If you've looked everywhere and still can't find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.</dd>
 	<dt><a href="http://codex.wordpress.org/IRC">WordPress IRC Channel</a></dt>
-		<dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (irc.freenode.net #wordpress)</dd>
+		<dd>Finally, there is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (<a href="irc://irc.freenode.net/wordpress">irc.freenode.net #wordpress</a>)</dd>
 </dl>
 
 <h1>System Recommendations</h1>
 <ul>
-	<li>PHP version <strong>4.1</strong> or higher.</li>
+	<li>PHP version <strong>4.2</strong> or higher.</li>
 	<li>MySQL version <strong>4.0</strong> or higher.</li>
 	<li>... and a link to <a href="http://wordpress.org/">http://wordpress.org</a> on your site.</li>
 </ul>
 <p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&eacute;log</a>, which came from Michel V. The work has been continued by the <a href="http://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="http://wordpress.org/donate/">donating</a>.</p>
 
 <h1>Upgrading from another system</h1>
-<p>WordPress can <a href="http://codex.wordpress.org/Importing_from_other_blogging_software">import from a number of systems</a>. First you need to get WordPress installed and working as described above.</p>
+<p>WordPress can <a href="http://codex.wordpress.org/Importing_Content">import from a number of systems</a>. First you need to get WordPress installed and working as described above.</p>
 
-<h1>XML-RPC Interface</h1>
-<p>You can now post to your WordPress blog with tools like <a href="http://ecto.kung-foo.tv/">Ecto</a>, <a href="http://blogbuddy.sourceforge.net">BlogBuddy</a>, <a href="http://bloggar.com/">Bloggar</a>, <a href="http://www.ubique.ch/wapblogger/">WapBlogger</a> (post from your Wap cellphone!), <a href="http://radio.userland.com">Radio Userland</a> (which means you can use Radio's email-to-blog feature), <a href="http://www.zempt.com/">Zempt</a>, <a href="http://www.newzcrawler.com/">NewzCrawler</a>, and other tools that support the Blogging APIs! :) You can read more about <a href="http://codex.wordpress.org/XML-RPC_Support">XML-RPC support on the Codex</a>.</p>
+<h1>XML-RPC and Atom Interface</h1>
+<p>You can now post to your WordPress blog with tools like <a href="http://windowslivewriter.spaces.live.com/">Windows Live Writer</a>, <a href="http://ecto.kung-foo.tv/">Ecto</a>, <a href="http://bloggar.com/">Bloggar</a>, <a href="http://radio.userland.com">Radio Userland</a> (which means you can use Radio's email-to-blog feature), <a href="http://www.newzcrawler.com/">NewzCrawler</a>, and other tools that support the Blogging APIs! :) You can read more about <a href="http://codex.wordpress.org/XML-RPC_Support">XML-RPC support on the Codex</a>.</p>
 
 <h1>Post via Email</h1>
 <p>You can post from an email client! To set this up go to your &quot;Writing&quot; options screen and fill in the connection details for your secret POP3 account. Then you need to set up <code>wp-mail.php</code> to execute periodically to check the mailbox for new posts. You can do it with Cron-jobs, or if your host doesn't support it you can look into the various website-monitoring services, and make them check your <code>wp-mail.php</code> URL.</p>

wp-admin/admin-ajax.php

@@ -151,6 +151,31 @@ case 'add-cat' : // From Manage->Categories
 	) );
 	$x->send();
 	break;
+case 'add-comment' :
+	if ( !current_user_can( 'edit_post', $id ) )
+		die('-1');
+	$search = isset($_POST['s']) ? $_POST['s'] : false;
+	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 : 25;
+
+	list($comments, $total) = _wp_get_comment_list( $search, $start, 1 );
+
+	if ( !$comments )
+		die('1');
+	$x = new WP_Ajax_Response();
+	foreach ( (array) $comments as $comment ) {
+		get_comment( $comment );
+		ob_start();
+			_wp_comment_list_item( $comment->comment_ID );
+			$comment_list_item = ob_get_contents();
+		ob_end_clean();
+		$x->add( array(
+			'what' => 'comment',
+			'id' => $comment->comment_ID,
+			'data' => $comment_list_item
+		) );
+	}
+	$x->send();
+	break;
 case 'add-meta' :
 	if ( !current_user_can( 'edit_post', $id ) )
 		die('-1');
@@ -226,8 +251,8 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 	$_POST['post_status'] = 'draft';
 	$_POST['post_category'] = explode(",", $_POST['catslist']);
 	if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
-		unset($_POST['post_category']);	
-	
+		unset($_POST['post_category']);
+
 	if($_POST['post_ID'] < 0) {
 		$_POST['temp_ID'] = $_POST['post_ID'];
 		$id = wp_write_post();
@@ -261,7 +286,7 @@ case 'autosave-generate-nonces' :
 			die(wp_create_nonce('update-page_' . $ID));
 		}
 	}
-	die($_POST['post_type']);
+	die('0');
 break;
 default :
 	do_action( 'wp_ajax_' . $_POST['action'] );

wp-admin/admin-db.php

@@ -82,7 +82,7 @@ function get_nonauthor_user_ids() {
 function wp_insert_category($catarr) {
 	global $wpdb;
 
-	extract($catarr);
+	extract($catarr, EXTR_SKIP);
 
 	if( trim( $cat_name ) == '' )
 		return 0;
@@ -148,6 +148,11 @@ function wp_insert_category($catarr) {
 
 	clean_category_cache($cat_ID);
 
+	if ($update)
+		do_action('edited_category', $cat_ID);
+	else
+		do_action('created_category', $cat_ID);
+	
 	return $cat_ID;
 }
 
@@ -292,7 +297,7 @@ function wp_revoke_user($id) {
 function wp_insert_link($linkdata) {
 	global $wpdb, $current_user;
 
-	extract($linkdata);
+	extract($linkdata, EXTR_SKIP);
 
 	$update = false;
 
@@ -414,7 +419,11 @@ function wp_delete_link($link_id) {
 	}
 
 	$wpdb->query("DELETE FROM $wpdb->link2cat WHERE link_id = '$link_id'");
-	return $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+	$wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+	
+	do_action('deleted_link', $link_id);
+
+	return true;
 }
 
 function wp_get_link_cats($link_ID = 0) {

wp-admin/admin-functions.php

@@ -22,6 +22,7 @@ function wp_write_post() {
 
 
 	// Check for autosave collisions
+	$temp_id = false;
 	if ( isset($_POST['temp_ID']) ) {
 		$temp_id = (int) $_POST['temp_ID'];
 		if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
@@ -33,7 +34,6 @@ function wp_write_post() {
 		if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write
 			$_POST['post_ID'] = $draft_ids[$temp_id];
 			unset($_POST['temp_ID']);
-			relocate_children( $temp_id, $_POST['post_ID'] );
 			update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
 			return edit_post();
 		}
@@ -105,6 +105,8 @@ function wp_write_post() {
 		$_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
 		$_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
 	}
+	
+	unset($_POST['no_filter']);
 
 	// Create the post.
 	$post_ID = wp_insert_post( $_POST );
@@ -112,9 +114,15 @@ function wp_write_post() {
 	add_meta( $post_ID );
 
 	// Reunite any orphaned attachments with their parent
+	if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
+		$draft_ids = array();
+	if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
+		relocate_children( $draft_temp_id, $post_ID );
+	if ( $temp_id && $temp_id != $draft_temp_id )
+		relocate_children( $temp_id, $post_ID );
+
 	// Update autosave collision detection
 	if ( $temp_id ) {
-		relocate_children( $temp_id, $post_ID );
 		$draft_ids[$temp_id] = $post_ID;
 		update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
 	}
@@ -277,9 +285,17 @@ function edit_post() {
 			delete_meta( $key );
 	}
 
+	unset($_POST['no_filter']);
+	
 	add_meta( $post_ID );
 
-	wp_update_post( $_POST);
+	wp_update_post( $_POST );
+
+	// Reunite any orphaned attachments with their parent
+	if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
+		$draft_ids = array();
+	if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
+		relocate_children( $draft_temp_id, $post_ID );
 
 	// Now that we have an ID we can fix any attachment anchor hrefs
 	fix_attachment_links( $post_ID );
@@ -335,6 +351,8 @@ function get_post_to_edit( $id ) {
 	$post->post_title = apply_filters( 'title_edit_pre', $post->post_title );
 
 	$post->post_password = format_to_edit( $post->post_password );
+	
+	$post->menu_order = (int) $post->menu_order;
 
 	if ( $post->post_type == 'page' )
 		$post->page_template = get_post_meta( $id, '_wp_page_template', true );
@@ -384,12 +402,16 @@ function get_default_post_to_edit() {
 
 function get_comment_to_edit( $id ) {
 	$comment = get_comment( $id );
+	
+	$comment->comment_ID = (int) $comment->comment_ID;
+	$comment->comment_post_ID = (int) $comment->comment_post_ID;
 
-	$comment->comment_content = format_to_edit( $comment->comment_content, user_can_richedit() );
+	$comment->comment_content = format_to_edit( $comment->comment_content );
 	$comment->comment_content = apply_filters( 'comment_edit_pre', $comment->comment_content);
 
 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
+	$comment->comment_author_url = clean_url($comment->comment_author_url);
 	$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
 
 	return $comment;
@@ -397,6 +419,9 @@ function get_comment_to_edit( $id ) {
 
 function get_category_to_edit( $id ) {
 	$category = get_category( $id );
+	
+	$category->term_id = (int) $category->term_id;
+	$category->parent = (int) $category->parent;
 
 	return $category;
 }
@@ -669,7 +694,7 @@ function get_nested_categories( $default = 0, $parent = 0 ) {
 		if ( count( $checked_categories ) == 0 ) {
 			// No selected categories, strange
 			$checked_categories[] = $default;
-		}	
+		}
 	} else {
 		$checked_categories[] = $default;
 	}
@@ -693,7 +718,7 @@ function get_nested_categories( $default = 0, $parent = 0 ) {
 
 function write_nested_categories( $categories ) {
 	foreach ( $categories as $category ) {
-		echo '<li id="category-', $category['cat_ID'], '"><label for="in-category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'], '" type="checkbox" name="post_category[]" id="in-category-', $category['cat_ID'], '"', ($category['checked'] ? ' checked="checked"' : "" ), '/> ', wp_specialchars( $category['cat_name'] ), "</label></li>";
+		echo '<li id="category-', $category['cat_ID'], '"><label for="in-category-', $category['cat_ID'], '" class="selectit"><input value="', $category['cat_ID'], '" type="checkbox" name="post_category[]" id="in-category-', $category['cat_ID'], '"', ($category['checked'] ? ' checked="checked"' : "" ), '/> ', wp_specialchars( apply_filters('the_category', $category['cat_name'] )), "</label></li>";
 
 		if ( $category['children'] ) {
 			echo "<ul>\n";
@@ -725,7 +750,7 @@ function get_nested_link_categories( $default = 0, $parent = 0 ) {
 		if ( count( $checked_categories ) == 0 ) {
 			// No selected categories, strange
 			$checked_categories[] = $default;
-		}	
+		}
 	} else {
 		$checked_categories[] = $default;
 	}
@@ -756,17 +781,20 @@ function cat_rows( $parent = 0, $level = 0, $categories = 0 ) {
 	if (!$categories )
 		$categories = get_categories( 'hide_empty=0' );
 
+	$children = _get_category_hierarchy();
+
 	if ( $categories ) {
 		ob_start();
 		foreach ( $categories as $category ) {
 			if ( $category->category_parent == $parent) {
 				echo "\t" . _cat_row( $category, $level );
-				cat_rows( $category->cat_ID, $level +1, $categories );
+				if ( isset($children[$category->cat_ID]) )
+					cat_rows( $category->cat_ID, $level +1, $categories );
 			}
 		}
 		$output = ob_get_contents();
 		ob_end_clean();
-		
+
 		$output = apply_filters('cat_rows', $output);
 
 		echo $output;
@@ -785,7 +813,7 @@ function _cat_row( $category, $level, $name_override = false ) {
 		$default_link_cat_id = (int) get_option( 'default_link_category' );
 
 		if ( ($category->cat_ID != $default_cat_id ) && ($category->cat_ID != $default_link_cat_id ) )
-			$edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll of its posts will go into the default category of '%s'\nAll of its bookmarks will go into the default category of '%s'.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
+			$edit .= "<td><a href='" . wp_nonce_url( "categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . js_escape(sprintf( __("You are about to delete the category '%s'.\nAll posts that were only assigned to this category will be assigned to the '%s' category.\nAll links that were only assigned to this category will be assigned to the '%s' category.\n'OK' to delete, 'Cancel' to stop." ), $category->cat_name, get_catname( $default_cat_id ), get_catname( $default_link_cat_id ) )) . "' );\" class='delete'>".__( 'Delete' )."</a>";
 		else
 			$edit .= "<td style='text-align:center'>".__( "Default" );
 	} else
@@ -874,6 +902,68 @@ function user_row( $user_object, $style = '' ) {
 	return $r;
 }
 
+function _wp_get_comment_list( $s = false, $start, $num ) {
+	global $wpdb;
+
+	$start = abs( (int) $start );
+	$num = (int) $num;
+
+	if ( $s ) {
+		$s = $wpdb->escape($s);
+		$comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
+			(comment_author LIKE '%$s%' OR
+			comment_author_email LIKE '%$s%' OR
+			comment_author_url LIKE ('%$s%') OR
+			comment_author_IP LIKE ('%$s%') OR
+			comment_content LIKE ('%$s%') ) AND
+			comment_approved != 'spam'
+			ORDER BY comment_date DESC LIMIT $start, $num");
+	} else {
+		$comments = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1' ORDER BY comment_date DESC LIMIT $start, $num" );
+	}
+
+	$total = $wpdb->get_var( "SELECT FOUND_ROWS()" );
+
+	return array($comments, $total);
+}
+
+function _wp_comment_list_item( $id, $alt = 0 ) {
+	global $authordata, $comment, $wpdb;
+	$id = (int) $id;
+	$comment =& get_comment( $id );
+	$class = '';
+	$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
+	$comment_status = wp_get_comment_status($comment->comment_ID);
+	if ( 'unapproved' == $comment_status )
+		$class .= ' unapproved';
+	if ( $alt % 2 )
+		$class .= ' alternate';
+	echo "<li id='comment-$comment->comment_ID' class='$class'>";
+?>
+<p><strong><?php comment_author(); ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
+
+<?php comment_text() ?>
+
+<p><?php comment_date(__('M j, g:i A'));  ?> &#8212; [
+<?php
+if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
+	echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
+	echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
+	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
+		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
+		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
+	}
+	echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
+}
+$post = get_post($comment->comment_post_ID);
+$post_title = wp_specialchars( $post->post_title, 'double' );
+$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
+?>
+ ] &#8212; <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php echo $post_title; ?></a></p>
+		</li>
+<?php
+}
+
 function wp_dropdown_cats( $currentcat = 0, $currentparent = 0, $parent = 0, $level = 0, $categories = 0 ) {
 	global $wpdb;
 	if (!$categories )
@@ -949,6 +1039,7 @@ function list_meta( $meta ) {
 		$key_js = js_escape( $entry['meta_key'] );
 		$entry['meta_key']   = attribute_escape($entry['meta_key']);
 		$entry['meta_value'] = attribute_escape($entry['meta_value']);
+		$entry['meta_id'] = (int) $entry['meta_id'];
 		$r .= "\n\t<tr id='meta-{$entry['meta_id']}' class='$style'>";
 		$r .= "\n\t\t<td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td>";
 		$r .= "\n\t\t<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>";
@@ -1001,7 +1092,7 @@ function meta_form() {
 <?php
 
 	foreach ( $keys as $key ) {
-		$key = attribute_escape( $key);
+		$key = attribute_escape( $key );
 		echo "\n\t<option value='$key'>$key</option>";
 	}
 ?>
@@ -1022,6 +1113,8 @@ function add_meta( $post_ID ) {
 	global $wpdb;
 	$post_ID = (int) $post_ID;
 
+	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
 	$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
 	$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
 	$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
@@ -1037,6 +1130,9 @@ function add_meta( $post_ID ) {
 		if ( $metakeyinput)
 			$metakey = $metakeyinput; // default
 
+		if ( in_array($metakey, $protected) )
+			return false;
+
 		$result = $wpdb->query( "
 						INSERT INTO $wpdb->postmeta 
 						(post_id,meta_key,meta_value ) 
@@ -1056,6 +1152,12 @@ function delete_meta( $mid ) {
 
 function update_meta( $mid, $mkey, $mvalue ) {
 	global $wpdb;
+
+	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
+
+	if ( in_array($mkey, $protected) )
+		return false;
+
 	$mvalue = maybe_serialize( stripslashes( $mvalue ));
 	$mvalue = $wpdb->escape( $mvalue );
 	$mid = (int) $mid;
@@ -1131,7 +1233,7 @@ function insert_with_markers( $filename, $marker, $insertion ) {
 		if ( $markerdata ) {
 			$state = true;
 			foreach ( $markerdata as $n => $markerline ) {
-				if ( strstr( $markerline, "# BEGIN {$marker}" ))
+				if (strpos($markerline, '# BEGIN ' . $marker) !== false)
 					$state = false;
 				if ( $state ) {
 					if ( $n + 1 < count( $markerdata ) )
@@ -1139,7 +1241,7 @@ function insert_with_markers( $filename, $marker, $insertion ) {
 					else
 						fwrite( $f, "{$markerline}" );
 				}
-				if ( strstr( $markerline, "# END {$marker}" ) ) {
+				if (strpos($markerline, '# END ' . $marker) !== false) {
 					fwrite( $f, "# BEGIN {$marker}\n" );
 					if ( is_array( $insertion ))
 						foreach ( $insertion as $insertline )
@@ -1177,11 +1279,11 @@ function extract_from_markers( $filename, $marker ) {
 	{
 		$state = false;
 		foreach ( $markerdata as $markerline ) {
-			if ( strstr( $markerline, "# END {$marker}" ))
+			if (strpos($markerline, '# END ' . $marker) !== false)
 				$state = false;
 			if ( $state )
 				$result[] = $markerline;
-			if ( strstr( $markerline, "# BEGIN {$marker}" ))
+			if (strpos($markerline, '# BEGIN ' . $marker) !== false)
 				$state = true;
 		}
 	}
@@ -1304,7 +1406,7 @@ function user_can_access_admin_page() {
 
 	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
 		return false;
-	
+
 	if ( empty( $parent) ) {
 		if ( isset( $_wp_menu_nopriv[$pagenow] ) )
 			return false;
@@ -1316,7 +1418,7 @@ function user_can_access_admin_page() {
 			if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
 				return false;
 			if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$key][$plugin_page] ) )
-			return false;	
+			return false;
 		}
 		return true;
 	}
@@ -1438,14 +1540,14 @@ function get_admin_page_parent() {
 			if ( isset( $_wp_real_parent_file[$parent_file] ) )
 					$parent_file = $_wp_real_parent_file[$parent_file];
 			return $parent_file;
-		}			
+		}
 	}
 
 	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) ) {
 		$parent_file = $pagenow;
 		if ( isset( $_wp_real_parent_file[$parent_file] ) )
 			$parent_file = $_wp_real_parent_file[$parent_file];
-		return $parent_file;		
+		return $parent_file;
 	}
 
 	foreach (array_keys( $submenu ) as $parent) {
@@ -1659,7 +1761,7 @@ function get_plugin_data( $plugin_file ) {
 		$author = '<a href="' . trim( $author_uri[1] ) . '" title="'.__( 'Visit author homepage' ).'">' . trim( $author_name[1] ) . '</a>';
 	}
 
-	return array ('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version, 'Template' => $template[1] );
+	return array('Name' => $name, 'Title' => $plugin, 'Description' => $description, 'Author' => $author, 'Version' => $version);
 }
 
 function get_plugins() {
@@ -1676,20 +1778,20 @@ function get_plugins() {
 	$plugins_dir = @ dir( $plugin_root);
 	if ( $plugins_dir ) {
 		while (($file = $plugins_dir->read() ) !== false ) {
-			if ( preg_match( '|^\.+$|', $file ))
+			if ( substr($file, 0, 1) == '.' )
 				continue;
 			if ( is_dir( $plugin_root.'/'.$file ) ) {
 				$plugins_subdir = @ dir( $plugin_root.'/'.$file );
 				if ( $plugins_subdir ) {
 					while (($subfile = $plugins_subdir->read() ) !== false ) {
-						if ( preg_match( '|^\.+$|', $subfile ))
+						if ( substr($subfile, 0, 1) == '.' )
 							continue;
-						if ( preg_match( '|\.php$|', $subfile ))
+						if ( substr($subfile, -4) == '.php' )
 							$plugin_files[] = "$file/$subfile";
 					}
 				}
 			} else {
-				if ( preg_match( '|\.php$|', $file ))
+				if ( substr($file, -4) == '.php' )
 					$plugin_files[] = $file;
 			}
 		}
@@ -1754,7 +1856,8 @@ function browse_happy() {
 		<p id="bh" style="text-align: center;"><a href="http://browsehappy.com/" title="'.$getit.'"><img src="images/browse-happy.gif" alt="Browse Happy" /></a></p>
 		';
 }
-if ( strstr( $_SERVER['HTTP_USER_AGENT'], 'MSIE' ))
+
+if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)
 	add_action( 'admin_footer', 'browse_happy' );
 
 function documentation_link( $for ) {
@@ -1769,7 +1872,7 @@ function register_importer( $id, $name, $description, $callback ) {
 
 function get_importers() {
 	global $wp_importers;
-
+	uasort($wp_importers, create_function('$a, $b', 'return strcmp($a[0], $b[0]);'));
 	return $wp_importers;
 }
 
@@ -1893,7 +1996,7 @@ function wp_handle_upload( &$file, $overrides = false ) {
 
 	// Compute the URL
 	$url = $uploads['url'] . "/$filename";
-	
+
 	$return = apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $type ) );
 
 	return $return;
@@ -1915,15 +2018,16 @@ function wp_import_cleanup( $id ) {
 function wp_import_upload_form( $action ) {
 	$size = strtolower( ini_get( 'upload_max_filesize' ) );
 	$bytes = 0;
-	if ( strstr( $size, 'k' ) )
+	if (strpos($size, 'k') !== false)
 		$bytes = $size * 1024;
-	if ( strstr( $size, 'm' ) )
+	if (strpos($size, 'm') !== false)
 		$bytes = $size * 1024 * 1024;
-	if ( strstr( $size, 'g' ) )
+	if (strpos($size, 'g') !== false)
 		$bytes = $size * 1024 * 1024 * 1024;
 ?>
 <form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
 <p>
+<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
 <input type="file" id="upload" name="import" size="25" />
 <input type="hidden" name="action" value="save" />
@@ -2052,7 +2156,7 @@ function update_home_siteurl( $old_value, $value ) {
 	// Clear cookies for old paths.
 	wp_clearcookie();
 	// Set cookies for new paths.
-	wp_setcookie( $user_login, $user_pass_md5, true, get_option( 'home' ), get_option( 'siteurl' ));	
+	wp_setcookie( $user_login, $user_pass_md5, true, get_option( 'home' ), get_option( 'siteurl' ));
 }
 
 add_action( 'update_option_home', 'update_home_siteurl', 10, 2 );
@@ -2074,7 +2178,9 @@ function wp_crop_image( $src_file, $src_x, $src_y, $src_w, $src_h, $dst_w, $dst_
 		$src_h -= $src_y;
 	}
 
-	imageantialias( $dst, true );
+	if (function_exists('imageantialias'))
+		imageantialias( $dst, true );
+	
 	imagecopyresampled( $dst, $src, 0, 0, $src_x, $src_y, $dst_w, $dst_h, $src_w, $src_h );
 
 	if ( !$dst_file )
@@ -2194,7 +2300,7 @@ function wp_create_thumbnail( $file, $max_side, $effect = '' ) {
 
 			// If no filters change the filename, we'll do a default transformation.
 			if ( basename( $file ) == $thumb = apply_filters( 'thumbnail_filename', basename( $file ) ) )
-				$thumb = preg_replace( '!(\.[^.]+)?$!', __( '.thumbnail' ).'$1', basename( $file ), 1 );
+				$thumb = preg_replace( '!(\.[^.]+)?$!', '.thumbnail' . '$1', basename( $file ), 1 );
 
 			$thumbpath = str_replace( basename( $file ), $thumb, $file );
 

wp-admin/admin-header.php

@@ -13,7 +13,7 @@ get_admin_page_title();
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
+<html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>>
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" />
 <title><?php bloginfo('name') ?> &rsaquo; <?php echo wp_specialchars( strip_tags( $title ) ); ?> &#8212; WordPress</title>
@@ -44,7 +44,7 @@ do_action('admin_head');
 </head>
 <body>
 <div id="wphead">
-<h1><?php echo wptexturize(get_option(('blogname'))); ?> <span>(<a href="<?php echo get_option('home') . '/'; ?>"><?php _e('View site &raquo;') ?></a>)</span></h1>
+<h1><?php bloginfo('name'); ?> <span>(<a href="<?php echo get_option('home') . '/'; ?>"><?php _e('View site &raquo;') ?></a>)</span></h1>
 </div>
 <div id="user_info"><p><?php printf(__('Howdy, <strong>%s</strong>.'), $user_identity) ?> [<a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="<?php _e('Log out of this account') ?>"><?php _e('Sign Out'); ?></a>, <a href="profile.php"><?php _e('My Profile'); ?></a>] </p></div>
 

wp-admin/admin.php

@@ -4,9 +4,11 @@ if ( defined('ABSPATH') )
 else
     require_once('../wp-config.php');
 
-if ( get_option('db_version') != $wp_db_version )
-	wp_die(sprintf(__("Your database is out-of-date.  Please <a href='%s'>upgrade</a>."), get_option('siteurl') . '/wp-admin/upgrade.php'));
-    
+if ( get_option('db_version') != $wp_db_version ) {
+	wp_redirect(get_option('siteurl') . '/wp-admin/upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI'])));
+	exit;
+}
+
 require_once(ABSPATH . 'wp-admin/admin-functions.php');
 require_once(ABSPATH . 'wp-admin/admin-db.php');
 require_once(ABSPATH . WPINC . '/registration.php');

wp-admin/cat.js

@@ -1,14 +1,10 @@
-<?php
-require_once('../wp-config.php');
-cache_javascript_headers();
-?>
 addLoadEvent(function(){catList=new listMan('categorychecklist');catList.ajaxRespEl='jaxcat';catList.topAdder=1;catList.alt=0;catList.showLink=0;});
 addLoadEvent(newCatAddIn);
 function newCatAddIn() {
 	var jaxcat = $('jaxcat');
 	if ( !jaxcat )
 		return false;
-	Element.update(jaxcat,'<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="<?php echo js_escape(__('Add')); ?>"/><span id="howto"><?php echo js_escape(__('Separate multiple categories with commas.')); ?></span></span>');
+	Element.update(jaxcat,'<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="' + catL10n.add + '"/><input type="hidden"/><span id="howto">' + catL10n.how + '</span></span>');
 	$('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
 	$('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };
 }

wp-admin/categories.js

@@ -2,7 +2,7 @@ addLoadEvent(function() {
 	if (!theList.theList) return false;
 	document.forms.addcat.submit.onclick = function(e) {return killSubmit('theList.ajaxAdder("cat", "addcat");', e); };
 	theList.addComplete = function(what, where, update, transport) {
-		var name = getNodeValue(transport.responseXML, 'name');
+		var name = getNodeValue(transport.responseXML, 'name').unescapeHTML();
 		var id = transport.responseXML.getElementsByTagName(what)[0].getAttribute('id');
 		var options = document.forms['addcat'].category_parent.options;
 		options[options.length] = new Option(name, id);

wp-admin/categories.php

@@ -114,7 +114,7 @@ cat_rows();
 
 <?php if ( current_user_can('manage_categories') ) : ?>
 <div class="wrap">
-<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts and links in that category.  Instead, posts in the deleted category are set to the category <strong>%s</strong> and links are set to <strong>%s</strong>.'), get_catname(get_option('default_category')), get_catname(get_option('default_link_category'))) ?></p>
+<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts and links in that category. Instead, posts that were only assigned to the deleted category are set to the category <strong>%s</strong> and links that were only assigned to the deleted category are set to <strong>%s</strong>.'), apply_filters('the_category', get_catname(get_option('default_category'))), apply_filters('the_category', get_catname(get_option('default_link_category')))) ?></p>
 </div>
 
 <?php include('edit-category-form.php'); ?>

wp-admin/comment.php

@@ -39,7 +39,7 @@ case 'mac':
 	$nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_';
 	$nonce_action .= $comment;
 
-	if ( ! $comment = get_comment($comment) )
+	if ( ! $comment = get_comment_to_edit($comment) )
 		wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));
 
 	if ( !current_user_can('edit_post', $comment->comment_post_ID) )
@@ -96,7 +96,7 @@ case 'mac':
 <?php } ?>
 <tr>
 <th scope="row" valign="top"><p><?php _e('Comment:'); ?></p></th>
-<td><?php echo apply_filters( 'comment_text', $comment->comment_content ); ?></td>
+<td><?php echo $comment->comment_content; ?></td>
 </tr>
 </table>
 
@@ -155,7 +155,7 @@ case 'unapprovecomment':
 	if ((wp_get_referer() != "") && (false == $noredir)) {
 		wp_redirect(wp_get_referer());
 	} else {
-		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
+		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
 	}
 	exit();
 	break;
@@ -185,7 +185,7 @@ case 'approvecomment':
 	if ((wp_get_referer() != "") && (false == $noredir)) {
 		wp_redirect(wp_get_referer());
 	} else {
-		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='.$comment->comment_post_ID.'&c=1#comments');
+		wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p='. (int) $comment->comment_post_ID.'&c=1#comments');
 	}
 	exit();
 	break;

wp-admin/custom-header.php

@@ -17,12 +17,13 @@ class Custom_Image_Header {
 
 	function js_includes() {
 		wp_enqueue_script('cropper');
-		wp_enqueue_script('colorpicker');	
+		wp_enqueue_script('colorpicker');
 	}
 
 	function js() {
 
 		if ( isset( $_POST['textcolor'] ) ) {
+			check_admin_referer('custom-header');
 			if ( 'blank' == $_POST['textcolor'] ) {
 				set_theme_mod('header_textcolor', 'blank');
 			} else {
@@ -31,8 +32,10 @@ class Custom_Image_Header {
 					set_theme_mod('header_textcolor', $color);
 			}
 		}
-		if ( isset($_POST['resetheader']) )
+		if ( isset($_POST['resetheader']) ) {
+			check_admin_referer('custom-header');
 			remove_theme_mods();
+		}
 	?>
 <script type="text/javascript">
 
@@ -115,7 +118,7 @@ class Custom_Image_Header {
 	function colorDefault() {
 		pickColor('<?php echo HEADER_TEXTCOLOR; ?>');
 	}
-	
+
 	function hide_text() {
 		$('name').style.display = 'none';
 		$('desc').style.display = 'none';
@@ -126,7 +129,7 @@ class Custom_Image_Header {
 //		$('hidetext').onclick = 'show_text()';
 		Event.observe( $('hidetext'), 'click', show_text );
 	}
-	
+
 	function show_text() {
 		$('name').style.display = 'block';
 		$('desc').style.display = 'block';
@@ -134,7 +137,7 @@ class Custom_Image_Header {
 		$('defaultcolor').style.display = 'inline';
 		$('textcolor').value = '<?php echo HEADER_TEXTCOLOR; ?>';
 		$('hidetext').value = '<?php _e('Hide Text'); ?>';
-		Event.stopObserving( $('hidetext'), 'click', show_text );	
+		Event.stopObserving( $('hidetext'), 'click', show_text );
 		Event.observe( $('hidetext'), 'click', hide_text );
 	}
 
@@ -157,7 +160,7 @@ Event.observe( window, 'load', hide_text );
 <h2><?php _e('Your Header Image'); ?></h2>
 <p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
 
-<div id="headimg" style="background: url(<?php header_image() ?>) no-repeat;">
+<div id="headimg" style="background: url(<?php clean_url(header_image()) ?>) no-repeat;">
 <h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
 <div id="desc"><?php bloginfo('description');?></div>
 </div>
@@ -165,7 +168,8 @@ Event.observe( window, 'load', hide_text );
 <form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
 <input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
 <input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
-<input type="hidden" name="textcolor" id="textcolor" value="#<?php header_textcolor() ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
+<?php wp_nonce_field('custom-header') ?>
+<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
 <?php } ?>
 
 <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
@@ -177,6 +181,7 @@ Event.observe( window, 'load', hide_text );
 <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
+<?php wp_nonce_field('custom-header') ?>
 <p class="submit">
 <input type="submit" value="<?php _e('Upload'); ?> &raquo;" />
 </p>
@@ -189,6 +194,7 @@ Event.observe( window, 'load', hide_text );
 <h2><?php _e('Reset Header Image and Color'); ?></h2>
 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
 <form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
+<?php wp_nonce_field('custom-header'); ?>
 <input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
 </form>
 </div>
@@ -197,6 +203,7 @@ Event.observe( window, 'load', hide_text );
 	}
 
 	function step_2() {
+		check_admin_referer('custom-header');
 		$overrides = array('test_form' => false);
 		$file = wp_handle_upload($_FILES['import'], $overrides);
 
@@ -222,7 +229,7 @@ Event.observe( window, 'load', hide_text );
 		list($width, $height, $type, $attr) = getimagesize( $file );
 
 		if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) {
-			set_theme_mod('header_image', $url);
+			set_theme_mod('header_image', clean_url($url));
 			$header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication
 			return $this->finished();
 		} elseif ( $width > HEADER_IMAGE_WIDTH ) {
@@ -256,6 +263,7 @@ Event.observe( window, 'load', hide_text );
 <input type="hidden" name="height" id="height" />
 <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
 <input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
+<?php wp_nonce_field('custom-header') ?>
 <input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" />
 </p>
 
@@ -265,6 +273,7 @@ Event.observe( window, 'load', hide_text );
 	}
 
 	function step_3() {
+		check_admin_referer('custom-header');
 		if ( $_POST['oitar'] > 1 ) {
 			$_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
 			$_POST['y1'] = $_POST['y1'] * $_POST['oitar'];

wp-admin/dbx-admin-key-js.php

@@ -1,68 +0,0 @@
-<?php
-require_once('admin.php');
-cache_javascript_headers();
-
-switch ( $_GET['pagenow'] ) :
-	case 'post.php' :
-	case 'post-new.php' :
-		$man = 'postmeta';
-		break;
-	case 'page.php' :
-	case 'page-new.php' :
-		$man = 'pagemeta';
-		break;
-	case 'link.php' :
-		$man = 'linkmeta';
-		break;
-	default:
-		exit;
-		break;
-endswitch;
-?>
-addLoadEvent( function() {var manager = new dbxManager('<?php echo $man; ?>');} );
-
-addLoadEvent( function()
-{
-	//create new docking boxes group
-	var meta = new dbxGroup(
-		'grabit', 		// container ID [/-_a-zA-Z0-9/]
-		'vertical', 	// orientation ['vertical'|'horizontal']
-		'10', 			// drag threshold ['n' pixels]
-		'no',			// restrict drag movement to container axis ['yes'|'no']
-		'10', 			// animate re-ordering [frames per transition, or '0' for no effect]
-		'yes', 			// include open/close toggle buttons ['yes'|'no']
-		'closed', 		// default state ['open'|'closed']
-		'<?php echo js_escape(__('open')); ?>', 		// word for "open", as in "open this box"
-		'<?php echo js_escape(__('close')); ?>', 		// word for "close", as in "close this box"
-		'<?php echo js_escape(__('click-down and drag to move this box')); ?>', // sentence for "move this box" by mouse
-		'<?php echo js_escape(__('click to %toggle% this box')); ?>', // pattern-match sentence for "(open|close) this box" by mouse
-		'<?php echo js_escape(__('use the arrow keys to move this box')); ?>', // sentence for "move this box" by keyboard
-		'<?php echo js_escape(__(', or press the enter key to %toggle% it')); ?>',  // pattern-match sentence-fragment for "(open|close) this box" by keyboard
-		'%mytitle%  [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
-		);
-
-	// Boxes are closed by default. Open the Category box if the cookie isn't already set.
-	var catdiv = document.getElementById('categorydiv');
-	if ( catdiv ) {
-		var button = catdiv.getElementsByTagName('A')[0];
-		if ( dbx.cookiestate == null && /dbx\-toggle\-closed/.test(button.className) )
-			meta.toggleBoxState(button, true);
-	}
-
-	var advanced = new dbxGroup(
-		'advancedstuff', 		// container ID [/-_a-zA-Z0-9/]
-		'vertical', 		// orientation ['vertical'|'horizontal']
-		'10', 			// drag threshold ['n' pixels]
-		'yes',			// restrict drag movement to container axis ['yes'|'no']
-		'10', 			// animate re-ordering [frames per transition, or '0' for no effect]
-		'yes', 			// include open/close toggle buttons ['yes'|'no']
-		'closed', 		// default state ['open'|'closed']
-		'<?php echo js_escape(__('open')); ?>', 		// word for "open", as in "open this box"
-		'<?php echo js_escape(__('close')); ?>', 		// word for "close", as in "close this box"
-		'<?php echo js_escape(__('click-down and drag to move this box')); ?>', // sentence for "move this box" by mouse
-		'<?php echo js_escape(__('click to %toggle% this box')); ?>', // pattern-match sentence for "(open|close) this box" by mouse
-		'<?php echo js_escape(__('use the arrow keys to move this box')); ?>', // sentence for "move this box" by keyboard
-		'<?php echo js_escape(__(', or press the enter key to %toggle% it')); ?>',  // pattern-match sentence-fragment for "(open|close) this box" by keyboard
-		'%mytitle%  [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
-		);
-});

wp-admin/dbx-admin-key.js

@@ -0,0 +1,47 @@
+addLoadEvent( function() {var manager = new dbxManager( dbxL10n.manager );} );
+
+addLoadEvent( function()
+{
+	//create new docking boxes group
+	var meta = new dbxGroup(
+		'grabit', 		// container ID [/-_a-zA-Z0-9/]
+		'vertical', 		// orientation ['vertical'|'horizontal']
+		'10', 			// drag threshold ['n' pixels]
+		'no',			// restrict drag movement to container axis ['yes'|'no']
+		'10', 			// animate re-ordering [frames per transition, or '0' for no effect]
+		'yes', 			// include open/close toggle buttons ['yes'|'no']
+		'closed', 		// default state ['open'|'closed']
+		dbxL10n.open, 		// word for "open", as in "open this box"
+		dbxL10n.close, 		// word for "close", as in "close this box"
+		dbxL10n.moveMouse,	// sentence for "move this box" by mouse
+		dbxL10n.toggleMouse,	// pattern-match sentence for "(open|close) this box" by mouse
+		dbxL10n.moveKey,	// sentence for "move this box" by keyboard
+		dbxL10n.toggleKey,	// pattern-match sentence-fragment for "(open|close) this box" by keyboard
+		'%mytitle%  [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
+		);
+
+	// Boxes are closed by default. Open the Category box if the cookie isn't already set.
+	var catdiv = document.getElementById('categorydiv');
+	if ( catdiv ) {
+		var button = catdiv.getElementsByTagName('A')[0];
+		if ( dbx.cookiestate == null && /dbx\-toggle\-closed/.test(button.className) )
+			meta.toggleBoxState(button, true);
+	}
+
+	var advanced = new dbxGroup(
+		'advancedstuff',
+		'vertical',
+		'10',
+		'yes',			// restrict drag movement to container axis ['yes'|'no']
+		'10',
+		'yes',
+		'closed',
+		dbxL10n.open,
+		dbxL10n.close,
+		dbxL10n.moveMouse,
+		dbxL10n.toggleMouse,
+		dbxL10n.moveKey,
+		dbxL10n.toggleKey,
+		'%mytitle%  [%dbxtitle%]' // pattern-match syntax for title-attribute conflicts
+		);
+});

wp-admin/edit-category-form.php

@@ -35,7 +35,7 @@ if ( ! empty($cat_ID) ) {
 		<tr>
 			<th scope="row" valign="top"><label for="category_parent"><?php _e('Category parent:') ?></label></th>
 			<td>        
-	  			<?php wp_dropdown_categories('hide_empty=0&name=category_parent&selected=' . $category->category_parent . '&hierarchical=1&show_option_none=' . __('None')); ?>
+	  			<?php wp_dropdown_categories('hide_empty=0&name=category_parent&orderby=name&selected=' . $category->category_parent . '&hierarchical=1&show_option_none=' . __('None')); ?>
 	  		</td>
 		</tr>
 		<tr>

wp-admin/edit-comments.js

@@ -2,15 +2,51 @@ addLoadEvent(function() {
 	theCommentList = new listMan('the-comment-list');
 	if ( !theCommentList )
 		return false;
+
+	theExtraCommentList = new listMan('the-extra-comment-list');
+	if ( theExtraCommentList ) {
+		theExtraCommentList.showLink = 0;
+		theExtraCommentList.altOffset = 1;
+		if ( theExtraCommentList.theList && theExtraCommentList.theList.childNodes )
+			var commentNum = $A(theExtraCommentList.theList.childNodes).findAll( function(i) { return Element.visible(i) } ).length;
+		else
+			var commentNum = 0;
+		var urlQ   = document.location.href.split('?');
+		var params = urlQ[1] ? urlQ[1].toQueryParams() : [];
+		var search = params['s'] ? params['s'] : '';
+		var page   = params['apage'] ? params['apage'] : 1;
+	}
+
 	theCommentList.dimComplete = function(what,id,dimClass) {
 		var m = document.getElementById('awaitmod');
-		if ( document.getElementById(what + '-' + id).className.match(dimClass) ) m.innerHTML = parseInt(m.innerHTML,10) + 1;
-		else m.innerHTML = parseInt(m.innerHTML,10) - 1;
+		if ( document.getElementById(what + '-' + id).className.match(dimClass) )
+			m.innerHTML = parseInt(m.innerHTML,10) + 1;
+		else
+			m.innerHTML = parseInt(m.innerHTML,10) - 1;
 	}
+
 	theCommentList.delComplete = function(what,id) {
 		var m = document.getElementById('awaitmod');
-		if ( document.getElementById(what + '-' + id).className.match('unapproved') ) m.innerHTML = parseInt(m.innerHTML,10) - 1;
+		what = what.split('-')[0];
+		if ( document.getElementById(what + '-' + id).className.match('unapproved') )
+			m.innerHTML = parseInt(m.innerHTML,10) - 1;
+		if ( theExtraCommentList && commentNum ) {
+			var theMover = theExtraCommentList.theList.childNodes[0];
+			Element.removeClassName(theMover,'alternate');
+			theCommentList.theList.appendChild(theMover);
+			theExtraCommentList.inputData += '&page=' + page;
+			if ( search )
+				theExtraCommentList.inputData += '&s=' + search; // trust the URL not the search box
+			theExtraCommentList.addComplete = function() {
+				if ( theExtraCommentList.theList.childNodes )
+					var commentNum = $A(theExtraCommentList.theList.childNodes).findAll( function(i) { return Element.visible(i) } ).length;
+				else
+					var commentNum = 0;
+			}
+			theExtraCommentList.ajaxAdder( 'comment', 'ajax-response' ); // Dummy Request
+		}
 	}
+
 	if ( theList ) // the post list: edit.php
 		theList.delComplete = function() {
 			var comments = document.getElementById('comments');

wp-admin/edit-comments.php

@@ -75,104 +75,53 @@ if ( !empty( $_POST['delete_comments'] ) ) :
 	echo '</p></div>';
 endif;
 
-if (isset($_GET['s'])) {
-	$s = $wpdb->escape($_GET['s']);
-	$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments  WHERE
-		(comment_author LIKE '%$s%' OR
-		comment_author_email LIKE '%$s%' OR
-		comment_author_url LIKE ('%$s%') OR
-		comment_author_IP LIKE ('%$s%') OR
-		comment_content LIKE ('%$s%') ) AND
-		comment_approved != 'spam'
-		ORDER BY comment_date DESC");
-} else {
-	if ( isset( $_GET['apage'] ) )
-		$page = (int) $_GET['apage'];
-	else
-		$page = 1;
-	$start = $offset = ( $page - 1 ) * 20;
+if ( isset( $_GET['apage'] ) )
+	$page = abs( (int) $_GET['apage'] );
+else
+	$page = 1;
 
-	$comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1' ORDER BY comment_date DESC LIMIT $start, 20" );
-	$total = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1'" );
-}
-?>
-<?php if ( $total > 20 ) {
-$total_pages = ceil( $total / 20 );
-$r = '';
-if ( 1 < $page ) {
-	$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
-	$r .=  '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
-}
-if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
-	for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
-		if ( $page == $page_num ) :
-			$r .=  "<span>$page_num</span>\n";
-		else :
-			$p = false;
-			if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
-				$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
-				$r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
-				$in = true;
-			elseif ( $in == true ) :
-				$r .= "...\n";
-				$in = false;
-			endif;
-		endif;
-	endfor;
-}
-if ( ( $page ) * 20 < $total || -1 == $total ) {
-	$args['apage'] = $page + 1;
-	$r .=  '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
-}
-echo "<p class='pagenav'>$r</p>";
-?>
+$start = $offset = ( $page - 1 ) * 20;
 
-<?php } ?>
+list($_comments, $total) = _wp_get_comment_list( isset($_GET['s']) ? $_GET['s'] : false, $start, 25 ); // Grab a few extra
+
+$comments = array_slice($_comments, 0, 20);
+$extra_comments = array_slice($_comments, 20);
+
+$page_links = paginate_links( array(
+	'base' => add_query_arg( 'apage', '%#%' ), 
+	'format' => '',
+	'total' => ceil($total / 20),
+	'current' => $page
+));
+
+if ( $page_links )
+	echo "<p class='pagenav'>$page_links</p>";
 
-<?php
 if ('view' == $mode) {
 	if ($comments) {
-?>
-<?php
-$offset = $offset + 1;
-$start = " start='$offset'";
+		$offset = $offset + 1;
+		$start = " start='$offset'";
 
-		echo "<ol id='the-comment-list' class='commentlist' $start>";
+		echo "<ol id='the-comment-list' class='commentlist' $start>\n";
 		$i = 0;
-		foreach ($comments as $comment) {
-		++$i; $class = '';
-		$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
-			$comment_status = wp_get_comment_status($comment->comment_ID);
-			if ('unapproved' == $comment_status)
-				$class .= ' unapproved';
-			if ($i % 2)
-				$class .= ' alternate';
-			echo "<li id='comment-$comment->comment_ID' class='$class'>";
-?>
-<p><strong><?php comment_author() ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
+		foreach ( $comments as $comment ) {
+			get_comment( $comment ); // Cache it
+			_wp_comment_list_item( $comment->comment_ID, ++$i );
+		}
+		echo "</ol>\n\n";
 
-<?php comment_text() ?>
-
-<p><?php comment_date('M j, g:i A');  ?> &#8212; [
+if ( $extra_comments ) : ?>
+<div id="extra-comments" style="display:none">
+<ul id="the-extra-comment-list" class="commentlist">
 <?php
-if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-	echo " <a href='comment.php?action=editcomment&amp;c=".$comment->comment_ID."'>" .  __('Edit') . '</a>';
-	echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author)) . "', theCommentList );\">" . __('Delete') . '</a> ';
-	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
-		echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Unapprove') . '</a> </span>';
-		echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $comment->comment_post_ID . '&amp;c=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\', theCommentList );">' . __('Approve') . '</a> </span>';
+	foreach ( $extra_comments as $comment ) {
+		get_comment( $comment ); // Cache it
+		_wp_comment_list_item( $comment->comment_ID, ++$i );
 	}
-	echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;dt=spam&amp;p=" . $comment->comment_post_ID . "&amp;c=" . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to mark as spam this comment by '%s'.\n'Cancel' to stop, 'OK' to mark as spam."), $comment->comment_author))  . "', theCommentList );\">" . __('Spam') . "</a> ";
-}
-$post = get_post($comment->comment_post_ID);
-$post_title = wp_specialchars( $post->post_title, 'double' );
-$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 ?>
- | <a href="<?php echo get_permalink($comment->comment_post_ID); ?>" title="<?php echo $post_title; ?>"><?php _e('View Post') ?></a> ]</p>
-		</li>
-
-<?php } // end foreach($comment) ?>
-</ol>
+</ul>
+</div>
+<?php endif; // $extra_comments ?>
 
 <div id="ajax-response"></div>
 
@@ -242,39 +191,11 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
 <?php
 	} // end if ($comments)
 }
-	?>
-<?php if ( $total > 20 ) {
-$total_pages = ceil( $total / 20 );
-$r = '';
-if ( 1 < $page ) {
-	$args['apage'] = ( 1 == $page - 1 ) ? FALSE : $page - 1;
-	$r .=  '<a class="prev" href="' . clean_url(add_query_arg( $args )) . '">&laquo; '. __('Previous Page') .'</a>' . "\n";
-}
-if ( ( $total_pages = ceil( $total / 20 ) ) > 1 ) {
-	for ( $page_num = 1; $page_num <= $total_pages; $page_num++ ) :
-		if ( $page == $page_num ) :
-			$r .=  "<span>$page_num</span>\n";
-		else :
-			$p = false;
-			if ( $page_num < 3 || ( $page_num >= $page - 3 && $page_num <= $page + 3 ) || $page_num > $total_pages - 3 ) :
-				$args['apage'] = ( 1 == $page_num ) ? FALSE : $page_num;
-				$r .= '<a class="page-numbers" href="' . clean_url(add_query_arg($args)) . '">' . ( $page_num ) . "</a>\n";
-				$in = true;
-			elseif ( $in == true ) :
-				$r .= "...\n";
-				$in = false;
-			endif;
-		endif;
-	endfor;
-}
-if ( ( $page ) * 20 < $total || -1 == $total ) {
-	$args['apage'] = $page + 1;
-	$r .=  '<a class="next" href="' . clean_url(add_query_arg($args)) . '">'. __('Next Page') .' &raquo;</a>' . "\n";
-}
-echo "<p class='pagenav'>$r</p>";
-?>
 
-<?php } ?>
+if ( $page_links )
+	echo "<p class='pagenav'>$page_links</p>";
+
+?>
 
 </div>
 

wp-admin/edit-form-advanced.php

@@ -1,10 +1,12 @@
 <?php
+if ( isset($_GET['message']) )
+	  $_GET['message'] = (int) $_GET['message'];
 $messages[1] = __('Post updated');
 $messages[2] = __('Custom field updated');
 $messages[3] = __('Custom field deleted.');
 ?>
 <?php if (isset($_GET['message'])) : ?>
-<div id="message" class="updated fade"><p><?php echo $messages[$_GET['message']]; ?></p></div>
+<div id="message" class="updated fade"><p><?php echo wp_specialchars($messages[$_GET['message']]); ?></p></div>
 <?php endif; ?>
 
 <form name="post" action="post.php" method="post" id="post">
@@ -21,16 +23,17 @@ if (0 == $post_ID) {
 	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
 	wp_nonce_field('add-post');
 } else {
+	$post_ID = (int) $post_ID;
 	$form_action = 'editpost';
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 	wp_nonce_field('update-post_' .  $post_ID);
 }
 
-$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
+$form_pingback = '<input type="hidden" name="post_pingback" value="' . (int) get_option('default_pingback_flag') . '" id="post_pingback" />';
 
-$form_prevstatus = '<input type="hidden" name="prev_status" value="' . $post->post_status . '" />';
+$form_prevstatus = '<input type="hidden" name="prev_status" value="' . attribute_escape( $post->post_status ) . '" />';
 
-$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. str_replace("\n", ' ', $post->to_ping) .'" />';
+$form_trackback = '<input type="text" name="trackback_url" style="width: 415px" id="trackback" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 
 if ('' != $post->pinged) {
 	$pings = '<p>'. __('Already pinged:') . '</p><ul>';
@@ -41,16 +44,16 @@ if ('' != $post->pinged) {
 	$pings .= '</ul>';
 }
 
-$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . __('Save and Continue Editing') . '" />';
+$saveasdraft = '<input name="save" type="submit" id="save" tabindex="3" value="' . attribute_escape( __('Save and Continue Editing') ) . '" />';
 
 if (empty($post->post_status)) $post->post_status = 'draft';
 
 ?>
 
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
-<input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
 <input type="hidden" id="post_type" name="post_type" value="post" />
 
 <?php echo $form_extra ?>
@@ -88,12 +91,12 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Password') ?></h3> 
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
 </fieldset>
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Slug') ?></h3> 
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
 </fieldset>
 
 <fieldset id="poststatusdiv" class="dbx-box">
@@ -107,7 +110,7 @@ addLoadEvent(focusit);
 
 <?php if ( current_user_can('edit_posts') ) : ?>
 <fieldset id="posttimestampdiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
+<h3 class="dbx-handle"><?php _e('Post Timestamp'); ?></h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
 </fieldset>
 <?php endif; ?>
@@ -117,7 +120,7 @@ $authors = get_editable_authors( $current_user->id ); // TODO: ROLE SYSTEM
 if ( $authors && count( $authors ) > 1 ) :
 ?>
 <fieldset id="authordiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Post Author'); ?>:</h3>
+<h3 class="dbx-handle"><?php _e('Post Author'); ?></h3>
 <div class="dbx-content">
 <select name="post_author_override" id="post_author_override">
 <?php
@@ -125,7 +128,7 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
-echo "<option value='$o->ID' $selected>$o->display_name</option>";
+echo "<option value='" . (int) $o->ID . "' $selected>" . wp_specialchars( $o->display_name ) . "</option>";
 endforeach;
 ?>
 </select>
@@ -140,11 +143,18 @@ endforeach;
 
 <fieldset id="titlediv">
 	<legend><?php _e('Title') ?></legend>
-	<div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+	<div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
 </fieldset>
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
-<legend><?php _e('Post') ?></legend>
+<legend><?php _e('Post') ?>
+
+<?php if ( 'publish' == $post->post_status ) { ?>
+<a href="<?php echo clean_url(get_permalink($post->ID)); ?>" class="view-link" target="_blank"><?php _e('View &raquo;'); ?></a>
+<?php } elseif ( 'edit' == $action ) { ?>
+<a href="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" class="view-link" target="_blank"><?php _e('Preview &raquo;'); ?></a>
+<?php } ?>
+</legend>
 
 	<?php the_editor($post->post_content); ?>
 </fieldset>
@@ -161,7 +171,7 @@ endforeach;
 if ('publish' != $post->post_status || 0 == $post_ID) {
 ?>
 <?php if ( current_user_can('publish_posts') ) : ?>
-	<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" /> 
+	<input name="publish" type="submit" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish'); ?>" /> 
 <?php endif; ?>
 <?php
 }
@@ -179,7 +189,7 @@ else
 
 <?php
 if (current_user_can('upload_files')) {
-	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
+	$uploading_iframe_ID = (int) (0 == $post_ID ? $temp_ID : $post_ID);
 	$uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
 	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
 	if ( false != $uploading_iframe_src )
@@ -244,7 +254,7 @@ list_meta($metadata);
 </div>
 
 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
-<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf(__("You are about to delete this post '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
+<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php echo ( 'draft' == $post->post_status ) ? __('Delete this draft') : __('Delete this post'); ?>" <?php echo "onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>
 
 </div>

wp-admin/edit-form-comment.php

@@ -2,13 +2,13 @@
 $submitbutton_text = __('Edit Comment »');
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
-$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='".$comment->comment_post_ID;
+$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
 ?>
 
 <form name="post" action="comment.php" method="post" id="post">
 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
 
 <script type="text/javascript">
@@ -20,19 +20,19 @@ addLoadEvent(focusit);
 <fieldset id="namediv">
     <legend><label for="name"><?php _e('Name:') ?></label></legend>
 	<div>
-	  <input type="text" name="newcomment_author" size="25" value="<?php echo $comment->comment_author ?>" tabindex="1" id="name" />
+	  <input type="text" name="newcomment_author" size="25" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" />
     </div>
 </fieldset>
 <fieldset id="emaildiv">
         <legend><label for="email"><?php _e('E-mail:') ?></label></legend>
 		<div>
-		  <input type="text" name="newcomment_author_email" size="20" value="<?php echo $comment->comment_author_email ?>" tabindex="2" id="email" />
+		  <input type="text" name="newcomment_author_email" size="20" value="<?php echo attribute_escape( $comment->comment_author_email ); ?>" tabindex="2" id="email" />
     </div>
 </fieldset>
 <fieldset id="uridiv">
         <legend><label for="newcomment_author_url"><?php _e('URL:') ?></label></legend>
 		<div>
-		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo $comment->comment_author_url ?>" tabindex="3" id="URL" />
+		  <input type="text" id="newcomment_author_url" name="newcomment_author_url" size="35" value="<?php echo attribute_escape( $comment->comment_author_url ); ?>" tabindex="3" />
     </div>
 </fieldset>
 

wp-admin/edit-form.php

@@ -6,7 +6,7 @@
 <?php if (isset($mode) && 'bookmarklet' == $mode) : ?>
 <input type="hidden" name="mode" value="bookmarklet" />
 <?php endif; ?>
-<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
+<input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='post' />
 
 <script type="text/javascript">
@@ -21,7 +21,7 @@ addLoadEvent(focusit);
 <div id="poststuff">
     <fieldset id="titlediv">
       <legend><a href="http://wordpress.org/docs/reference/post/#title" title="<?php _e('Help on titles') ?>"><?php _e('Title') ?></a></legend> 
-	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+	  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
     </fieldset>
 
     <fieldset id="categorydiv">
@@ -49,7 +49,7 @@ edCanvas = document.getElementById('content');
 //-->
 </script>
 
-<input type="hidden" name="post_pingback" value="<?php echo get_option('default_pingback_flag') ?>" id="post_pingback" />
+<input type="hidden" name="post_pingback" value="<?php echo (int) get_option('default_pingback_flag') ?>" id="post_pingback" />
 
 <p><label for="trackback"> <?php printf(__('<a href="%s" title="Help on trackbacks"><strong>TrackBack</strong> a <abbr title="Universal Resource Locator">URL</abbr></a>:</label> (Separate multiple <abbr title="Universal Resource Locator">URL</abbr>s with spaces.)'), 'http://wordpress.org/docs/reference/post/#trackback'); echo '<br />'; ?>
 	<input type="text" name="trackback_url" style="width: 360px" id="trackback" tabindex="7" /></p>
@@ -64,7 +64,7 @@ edCanvas = document.getElementById('content');
 <?php if ('bookmarklet' != $mode) {
 		echo '<input name="advanced" type="submit" id="advancededit" tabindex="7" value="' .  __('Advanced Editing &raquo;') . '" />';
 	} ?>
-	<input name="referredby" type="hidden" id="referredby" value="<?php if ( wp_get_referer() ) echo urlencode(wp_get_referer()); ?>" />
+	<input name="referredby" type="hidden" id="referredby" value="<?php if ( $refby = wp_get_referer() ) echo urlencode($refby); ?>" />
 </p>
 
 <?php do_action('simple_edit_form', ''); ?>

wp-admin/edit-link-form.php

@@ -22,9 +22,9 @@ function xfn_check($class, $value = '', $type = 'check') {
 	}
 
 	if ('' == $value) {
-		if ('family' == $class && !strstr($link_rel, 'child') && !strstr($link_rel, 'parent') && !strstr($link_rel, 'sibling') && !strstr($link_rel, 'spouse') && !strstr($link_rel, 'kin')) echo ' checked="checked"';
-		if ('friendship' == $class && !strstr($link_rel, 'friend') && !strstr($link_rel, 'acquaintance') && !strstr($link_rel, 'contact') ) echo ' checked="checked"';
-		if ('geographical' == $class && !strstr($link_rel, 'co-resident') && !strstr($link_rel, 'neighbor') ) echo ' checked="checked"';
+		if ('family' == $class && strpos($link_rel, 'child') === false && strpos($link_rel, 'parent') === false && strpos($link_rel, 'sibling') === false && strpos($link_rel, 'spouse') === false && strpos($link_rel, 'kin') === false) echo ' checked="checked"';
+		if ('friendship' == $class && strpos($link_rel, 'friend') === false && strpos($link_rel, 'acquaintance') === false && strpos($link_rel, 'contact') === false) echo ' checked="checked"';
+		if ('geographical' == $class && strpos($link_rel, 'co-resident') === false && strpos($link_rel, 'neighbor') === false) echo ' checked="checked"';
 		if ('identity' == $class && in_array('me', $rels) ) echo ' checked="checked"';
 	}
 }

wp-admin/edit-page-form.php

@@ -2,17 +2,22 @@
 <div class="wrap">
 <h2 id="write-post"><?php _e('Write Page'); ?></h2>
 <?php
+
 if (0 == $post_ID) {
 	$form_action = 'post';
 	$nonce_action = 'add-page';
 	$temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
 	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
 } else {
+	$post_ID = (int) $post_ID;
 	$form_action = 'editpost';
 	$nonce_action = 'update-page_' . $post_ID;
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 }
 
+$temp_ID = (int) $temp_ID;
+$user_ID = (int) $user_ID;
+
 $sendto = clean_url(stripslashes(wp_get_referer()));
 
 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
@@ -68,7 +73,7 @@ addLoadEvent(focusit);
 
 <fieldset id="passworddiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Password') ?></h3>
-<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
+<div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape( $post->post_password ); ?>" /></div>
 </fieldset>
 
 <fieldset id="pageparent" class="dbx-box">
@@ -93,12 +98,12 @@ addLoadEvent(focusit);
 
 <fieldset id="slugdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Page Slug') ?></h3>
-<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
+<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" /></div>
 </fieldset>
 
 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
 <fieldset id="authordiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Page Author'); ?>:</h3>
+<h3 class="dbx-handle"><?php _e('Page Author'); ?></h3>
 <div class="dbx-content">
 <select name="post_author_override" id="post_author_override">
 <?php
@@ -106,6 +111,8 @@ foreach ($authors as $o) :
 $o = get_userdata( $o->ID );
 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
 else $selected = '';
+$o->ID = (int) $o->ID;
+$o->display_name = wp_specialchars( $o->display_name );
 echo "<option value='$o->ID' $selected>$o->display_name</option>";
 endforeach;
 ?>
@@ -126,12 +133,19 @@ endforeach;
 
 <fieldset id="titlediv">
   <legend><?php _e('Page Title') ?></legend>
-  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo $post->post_title; ?>" id="title" /></div>
+  <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" /></div>
 </fieldset>
 
 
 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
-    <legend><?php _e('Page Content') ?></legend>
+<legend><?php _e('Page Content') ?>
+
+<?php if ( 'publish' == $post->post_status ) { ?>
+<a href="<?php echo clean_url(get_permalink($post->ID)); ?>" style="position: absolute; right: 2em; margin-right: 19em; text-decoration: underline;" target="_blank"><?php _e('View &raquo;'); ?></a>
+<?php } elseif ( 'edit' == $action ) { ?>
+<a href="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" style="position: absolute; right: 2em; margin-right: 19em; text-decoration: underline;" target="_blank"><?php _e('Preview &raquo;'); ?></a>
+<?php } ?>
+</legend>
 	<?php the_editor($post->post_content); ?>
 </fieldset>
 

wp-admin/edit.php

@@ -21,14 +21,14 @@ if ($drafts || $other_drafts) {
 	foreach ($drafts as $draft) {
 		if (0 != $i)
 			echo ', ';
-		$draft->post_title = stripslashes($draft->post_title);
+		$draft->post_title = apply_filters('the_title', stripslashes($draft->post_title));
 		if ($draft->post_title == '')
 			$draft->post_title = sprintf(__('Post #%s'), $draft->ID);
 		echo "<a href='post.php?action=edit&amp;post=$draft->ID' title='" . __('Edit this draft') . "'>$draft->post_title</a>";
 		++$i;
 		}
 	?>
-	.</p>
+.</p>
 <?php } ?>
 
 <?php if ($other_drafts) { ?>
@@ -38,7 +38,7 @@ if ($drafts || $other_drafts) {
 	foreach ($other_drafts as $draft) {
 		if (0 != $i)
 			echo ', ';
-		$draft->post_title = stripslashes($draft->post_title);
+		$draft->post_title = apply_filters('the_title', stripslashes($draft->post_title));
 		if ($draft->post_title == '')
 			$draft->post_title = sprintf(__('Post #%s'), $draft->ID);
 		echo "<a href='post.php?action=edit&amp;post=$draft->ID' title='" . __('Edit this draft') . "'>$draft->post_title</a>";
@@ -64,7 +64,7 @@ if ( is_month() ) {
 	printf(__('Search for &#8220;%s&#8221;'), wp_specialchars($_GET['s']) );
 } else {
 	if ( is_single() )
-		printf(__('Comments on %s'), $post->post_title);
+		printf(__('Comments on %s'), apply_filters( "the_title", $post->post_title));
 	elseif ( ! is_paged() || get_query_var('paged') == 1 )
 		_e('Last 15 Posts');
 	else
@@ -177,7 +177,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'date':
 		?>
-		<td><?php if ( '0000-00-00 00:00:00' ==$post->post_modified ) _e('Unpublished'); else the_time(_('Y-m-d \<\b\r \/\> g:i:s a')); ?></td>
+		<td><?php if ( '0000-00-00 00:00:00' ==$post->post_modified ) _e('Unpublished'); else the_time(__('Y-m-d \<\b\r \/\> g:i:s a')); ?></td>
 		<?php
 		break;
 	case 'title':

wp-admin/export.php

@@ -122,24 +122,32 @@ function wxr_category_description($c) {
 
 	echo '<wp:category_description>' . wxr_cdata($c->category_description) . '</wp:category_description>';
 }
+
+print '<?xml version="1.0" encoding="' . get_bloginfo('charset') . '"?' . ">\n";
+
 ?>
-<!-- This is a WordPress eXtended RSS file generated by WordPress as an export of your blog. -->
-<!-- It contains information about your blog's posts, comments, and categories. -->
-<!-- You may use this file to transfer that content from one site to another. -->
-<!-- This file is not intended to serve as a complete backup of your blog. -->
 
-<!-- To import this information into a WordPress blog follow these steps. -->
-<!-- 1. Log into that blog as an administrator. -->
-<!-- 2. Go to Manage: Import in the blog's admin panels. -->
-<!-- 3. Choose "WordPress" from the list. -->
-<!-- 4. Upload this file using the form provided on that page. -->
-<!-- 5. You will first be asked to map the authors in this export file to users -->
-<!--    on the blog.  For each author, you may choose to map to an -->
-<!--    existing user on the blog or to create a new user -->
-<!-- 6. WordPress will then import each of the posts, comments, and categories -->
-<!--    contained in this file into your blog -->
+<!--
+	This is a WordPress eXtended RSS file generated by WordPress as an export of 
+	your blog. It contains information about your blog's posts, comments, and 
+	categories. You may use this file to transfer that content from one site to 
+	another. This file is not intended to serve as a complete backup of your 
+	blog.
+	
+	To import this information into a WordPress blog follow these steps:
+	
+	1.	Log into that blog as an administrator.
+	2.	Go to Manage > Import in the blog's admin.
+	3.	Choose "WordPress" from the list of importers.
+	4.	Upload this file using the form provided on that page.
+	5.	You will first be asked to map the authors in this export file to users 
+		on the blog. For each author, you may choose to map an existing user on 
+		the blog or to create a new user.
+	6.	WordPress will then import each of the posts, comments, and categories 
+		contained in this file onto your blog.
+-->
 
-<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:m'); ?>"-->
+<!-- generator="wordpress/<?php bloginfo_rss('version') ?>" created="<?php echo date('Y-m-d H:i'); ?>"-->
 <rss version="2.0"
 	xmlns:content="http://purl.org/rss/1.0/modules/content/"
 	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
@@ -177,6 +185,7 @@ function wxr_category_description($c) {
 <wp:post_name><?php echo $post->post_name; ?></wp:post_name>
 <wp:status><?php echo $post->post_status; ?></wp:status>
 <wp:post_parent><?php echo $post->post_parent; ?></wp:post_parent>
+<wp:menu_order><?php echo $post->menu_order; ?></wp:menu_order>
 <wp:post_type><?php echo $post->post_type; ?></wp:post_type>
 <?php
 $postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");

wp-admin/import.php

@@ -17,10 +17,11 @@ $import_root = ABSPATH.$import_loc;
 $imports_dir = @ dir($import_root);
 if ($imports_dir) {
 	while (($file = $imports_dir->read()) !== false) {
-		if (preg_match('|^\.+$|', $file))
+		if ($file{0} == '.') {
 			continue;
-		if (preg_match('|\.php$|', $file))
-			require_once("$import_root/$file");
+		} elseif (substr($file, -4) == '.php') {
+			require_once($import_root . '/' . $file);
+		}
 	}
 }
 

wp-admin/import/dotclear.php

@@ -147,8 +147,9 @@ class Dotclear_Import {
 		echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog.  Mileage may vary.').'</p>';
 		echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
 		echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
+		wp_nonce_field('import-dotclear');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' &raquo;" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
 		echo '</form></div>';
 	}
 
@@ -558,7 +559,8 @@ class Dotclear_Import {
 
 
 		echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
 		echo '</form>';
 
 	}
@@ -570,7 +572,8 @@ class Dotclear_Import {
 		$this->users2wp($users);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
 		echo '</form>';
 	}
 
@@ -581,7 +584,8 @@ class Dotclear_Import {
 		$this->posts2wp($posts);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
 		echo '</form>';
 	}
 
@@ -592,7 +596,8 @@ class Dotclear_Import {
 		$this->comments2wp($comments);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
 		echo '</form>';
 	}
 
@@ -604,7 +609,8 @@ class Dotclear_Import {
 		add_option('dc_links', $links);
 
 		echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+		wp_nonce_field('import-dotclear');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
 		echo '</form>';
 	}
 
@@ -667,42 +673,44 @@ class Dotclear_Import {
 
 		if ( $step > 0 )
 		{
+			check_admin_referer('import-dotclear');
+
 			if($_POST['dbuser'])
 			{
 				if(get_option('dcuser'))
 					delete_option('dcuser');
-				add_option('dcuser',$_POST['dbuser']);
+				add_option('dcuser', sanitize_user($_POST['dbuser'], true));
 			}
 			if($_POST['dbpass'])
 			{
 				if(get_option('dcpass'))
 					delete_option('dcpass');
-				add_option('dcpass',$_POST['dbpass']);
+				add_option('dcpass', sanitize_user($_POST['dbpass'], true));
 			}
 
 			if($_POST['dbname'])
 			{
 				if(get_option('dcname'))
 					delete_option('dcname');
-				add_option('dcname',$_POST['dbname']);
+				add_option('dcname', sanitize_user($_POST['dbname'], true));
 			}
 			if($_POST['dbhost'])
 			{
 				if(get_option('dchost'))
 					delete_option('dchost');
-				add_option('dchost',$_POST['dbhost']);
+				add_option('dchost', sanitize_user($_POST['dbhost'], true));
 			}
 			if($_POST['dccharset'])
 			{
 				if(get_option('dccharset'))
 					delete_option('dccharset');
-				add_option('dccharset',$_POST['dccharset']);
+				add_option('dccharset', sanitize_user($_POST['dccharset'], true));
 			}
 			if($_POST['dbprefix'])
 			{
 				if(get_option('dcdbprefix'))
 					delete_option('dcdbprefix');
-				add_option('dcdbprefix',$_POST['dbprefix']);
+				add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
 			}
 
 

wp-admin/import/greymatter.php

@@ -34,6 +34,7 @@ class GM_Import {
 <form name="stepOne" method="get">
 <input type="hidden" name="import" value="greymatter" />
 <input type="hidden" name="step" value="1" />
+<?php wp_nonce_field('import-greymatter'); ?>
 <h3><?php _e('Second step: GreyMatter details:') ?></h3>
 <p><table cellpadding="0">
 <tr>
@@ -87,11 +88,13 @@ class GM_Import {
 		}
 
 		if (!chdir($archivespath))
-			wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));
+			wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
 
 		if (!chdir($gmpath))
-			wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath));
-			
+			wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
+
+		$lastentry = (int) $lastentry;
+
 		$this->header();
 ?>
 <p><?php _e('The importer is running...') ?></p>
@@ -128,7 +131,7 @@ class GM_Import {
 		$user_info = array("user_login"=>"$user_login", "user_pass"=>"$pass1", "user_nickname"=>"$user_nickname", "user_email"=>"$user_email", "user_url"=>"$user_url", "user_ip"=>"$user_ip", "user_domain"=>"$user_domain", "user_browser"=>"$user_browser", "dateYMDhour"=>"$user_joindate", "user_level"=>"1", "user_idmode"=>"nickname");
 		$user_id = wp_insert_user($user_info);
 		$this->gmnames[$userdata[0]] = $user_id;
-		
+
 		printf('<li>'.__('user %s...').' <strong>'.__('Done').'</strong></li>', "<em>$user_login</em>");
 	}
 
@@ -213,21 +216,21 @@ class GM_Import {
 					$user_email=$wpdb->escape("user@deleted.com");
 					$user_url=$wpdb->escape("");
 					$user_joindate=$wpdb->escape($user_joindate);
-					
+
 					$user_info = array("user_login"=>$user_login, "user_pass"=>$pass1, "user_nickname"=>$user_nickname, "user_email"=>$user_email, "user_url"=>$user_url, "user_ip"=>$user_ip, "user_domain"=>$user_domain, "user_browser"=>$user_browser, "dateYMDhour"=>$user_joindate, "user_level"=>0, "user_idmode"=>"nickname");
 					$user_id = wp_insert_user($user_info);
 					$this->gmnames[$postinfo[1]] = $user_id;
-					
+
 					echo ': ';
 					printf(__('registered deleted user %s at level 0 '), "<em>$user_login</em>");
 				}
-			
+
 				if (array_key_exists($postinfo[1], $this->gmnames)) {
 					$post_author = $this->gmnames[$postinfo[1]];
 				} else {
 					$post_author = $user_id;
 				}
-			
+
 				$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt');
 				$post_ID = wp_insert_post($postdata);
 			}
@@ -297,6 +300,7 @@ class GM_Import {
 				$this->greet();
 				break;
 			case 1:
+				check_admin_referer('import-greymatter');
 				$this->import();
 				break;
 		}

wp-admin/import/livejournal.php

@@ -153,6 +153,7 @@ class LJ_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->import();
 				break;
 		}

wp-admin/import/mt.php

@@ -147,6 +147,7 @@ class MT_Import {
 		$authors = $this->get_mt_authors();
 		echo '<ol id="authors">';
 		echo '<form action="?import=mt&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-mt');
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
@@ -417,9 +418,11 @@ class MT_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->select_authors();
 				break;
 			case 2:
+				check_admin_referer('import-mt');
 				$this->import();
 				break;
 		}

wp-admin/import/rss.php

@@ -156,6 +156,7 @@ class RSS_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->import();
 				break;
 		}

wp-admin/import/textpattern.php

@@ -56,8 +56,9 @@ class Textpattern_Import {
 		echo '<p>'.__('This has not been tested on previous versions of Textpattern.  Mileage may vary.').'</p>';
 		echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
 		echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
+		wp_nonce_field('import-textpattern');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' &raquo;" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories &raquo;')).'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -483,7 +484,8 @@ class Textpattern_Import {
 
 
 		echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
 		echo '</form>';
 
 	}
@@ -495,7 +497,8 @@ class Textpattern_Import {
 		$this->users2wp($users);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
 		echo '</form>';
 	}
 
@@ -506,7 +509,8 @@ class Textpattern_Import {
 		$this->posts2wp($posts);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
 		echo '</form>';
 	}
 
@@ -517,7 +521,8 @@ class Textpattern_Import {
 		$this->comments2wp($comments);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
 		echo '</form>';
 	}
 
@@ -529,7 +534,8 @@ class Textpattern_Import {
 		add_option('txp_links', $links);
 
 		echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
-		printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
+		wp_nonce_field('import-textpattern');
+		printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
 		echo '</form>';
 	}
 
@@ -590,36 +596,38 @@ class Textpattern_Import {
 
 		if ( $step > 0 )
 		{
+			check_admin_referer('import-textpattern');
+
 			if($_POST['dbuser'])
 			{
 				if(get_option('txpuser'))
 					delete_option('txpuser');
-				add_option('txpuser',$_POST['dbuser']);
+				add_option('txpuser', sanitize_user($_POST['dbuser'], true));
 			}
 			if($_POST['dbpass'])
 			{
 				if(get_option('txppass'))
 					delete_option('txppass');
-				add_option('txppass',$_POST['dbpass']);
+				add_option('txppass',  sanitize_user($_POST['dbpass'], true));
 			}
 
 			if($_POST['dbname'])
 			{
 				if(get_option('txpname'))
 					delete_option('txpname');
-				add_option('txpname',$_POST['dbname']);
+				add_option('txpname',  sanitize_user($_POST['dbname'], true));
 			}
 			if($_POST['dbhost'])
 			{
 				if(get_option('txphost'))
 					delete_option('txphost');
-				add_option('txphost',$_POST['dbhost']);
+				add_option('txphost',  sanitize_user($_POST['dbhost'], true));
 			}
 			if($_POST['dbprefix'])
 			{
 				if(get_option('tpre'))
 					delete_option('tpre');
-				add_option('tpre',$_POST['dbprefix']);
+				add_option('tpre',  sanitize_user($_POST['dbprefix']));
 			}
 
 

wp-admin/import/wordpress.php

@@ -3,6 +3,8 @@
 class WP_Import {
 
 	var $posts = array ();
+	var $posts_processed = array ();
+    // Array of arrays. [[0] => XML fragment, [1] => New post ID]
 	var $file;
 	var $id;
 	var $mtnames = array ();
@@ -33,8 +35,10 @@ class WP_Import {
 	}
 
 	function get_tag( $string, $tag ) {
+		global $wpdb;
 		preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
-		$return = addslashes( trim( $return[1] ) );
+		$return = preg_replace('|^<!\[CDATA\[(.*)\]\]>$|s', '$1', $return[1]);
+		$return = $wpdb->escape( trim( $return ) );
 		return $return;
 	}
 
@@ -62,7 +66,7 @@ class WP_Import {
 			$this->mtnames[$this->j] = $author; //add that new mt author name to an array
 			$user_id = username_exists($this->newauthornames[$this->j]); //check if the new author name defined by the user is a pre-existing wp user
 			if (!$user_id) { //banging my head against the desk now.
-				if ($newauthornames[$this->j] == 'left_blank') { //check if the user does not want to change the authorname
+				if ($this->newauthornames[$this->j] == 'left_blank') { //check if the user does not want to change the authorname
 					$user_id = wp_create_user($author, $pass);
 					$this->newauthornames[$this->j] = $author; //now we have a name, in the place of left_blank.
 				} else {
@@ -81,13 +85,40 @@ class WP_Import {
 
 	function get_entries() {
 		set_magic_quotes_runtime(0);
-		$importdata = file($this->file); // Read the file into an array
-		$importdata = implode('', $importdata); // squish it
-		$importdata = preg_replace("/(\r\n|\n|\r)/", "\n", $importdata);
-		preg_match_all('|<item>(.*?)</item>|is', $importdata, $this->posts);
-		$this->posts = $this->posts[1];
-		preg_match_all('|<wp:category>(.*?)</wp:category>|is', $importdata, $this->categories);
-		$this->categories = $this->categories[1];
+		$importdata = array_map('rtrim', file($this->file)); // Read the file into an array
+
+		$this->posts = array();
+		$this->categories = array();
+		$num = 0;
+		$doing_entry = false;
+		foreach ($importdata as $importline) {
+			if ( false !== strpos($importline, '<wp:category>') ) {
+				preg_match('|<wp:category>(.*?)</wp:category>|is', $importline, $category);
+				$this->categories[] = $category[1];
+				continue;
+			}
+			if ( false !== strpos($importline, '<item>') ) {
+				$this->posts[$num] = '';
+				$doing_entry = true;
+				continue;	
+			}
+			if ( false !== strpos($importline, '</item>') ) {
+				$num++;
+				$doing_entry = false;
+				continue;	
+			}
+			if ( $doing_entry ) {
+				$this->posts[$num] .= $importline . "\n";
+			}
+		}
+
+		foreach ($this->posts as $post) {
+			$post_ID = (int) $this->get_tag( $post, 'wp:post_id' );
+			if ($post_ID) {
+				$this->posts_processed[$post_ID][0] = &$post;
+				$this->posts_processed[$post_ID][1] = 0;
+			}
+		}
 	}
 
 	function get_wp_authors() {
@@ -150,6 +181,7 @@ class WP_Import {
 		$authors = $this->get_wp_authors();
 		echo '<ol id="authors">';
 		echo '<form action="?import=wordpress&amp;step=2&amp;id=' . $this->id . '" method="post">';
+		wp_nonce_field('import-wordpress');
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
@@ -167,10 +199,8 @@ class WP_Import {
 	function select_authors() {
 		$file = wp_import_handle_upload();
 		if ( isset($file['error']) ) {
-			$this->header();
 			echo '<p>'.__('Sorry, there has been an error.').'</p>';
 			echo '<p><strong>' . $file['error'] . '</strong></p>';
-			$this->footer();
 			return;
 		}
 		$this->file = $file['file'];
@@ -186,7 +216,7 @@ class WP_Import {
 		$cat_names = (array) $wpdb->get_col("SELECT cat_name FROM $wpdb->categories");
 
 		while ( $c = array_shift($this->categories) ) {
-			$cat_name = trim(str_replace(array ('<![CDATA[', ']]>'), '', $this->get_tag( $c, 'wp:cat_name' )));
+			$cat_name = trim($this->get_tag( $c, 'wp:cat_name' ));
 
 			// If the category exists we leave it alone
 			if ( in_array($cat_name, $cat_names) )
@@ -210,91 +240,11 @@ class WP_Import {
 	}
 
 	function process_posts() {
-		global $wpdb;
 		$i = -1;
 		echo '<ol>';
-		foreach ($this->posts as $post) {
 
-			// There are only ever one of these
-			$post_title     = $this->get_tag( $post, 'title' );
-			$post_date      = $this->get_tag( $post, 'wp:post_date' );
-			$post_date_gmt  = $this->get_tag( $post, 'wp:post_date_gmt' );
-			$comment_status = $this->get_tag( $post, 'wp:comment_status' );
-			$ping_status    = $this->get_tag( $post, 'wp:ping_status' );
-			$post_status    = $this->get_tag( $post, 'wp:status' );
-			$post_parent    = $this->get_tag( $post, 'wp:post_parent' );
-			$post_type      = $this->get_tag( $post, 'wp:post_type' );
-			$guid           = $this->get_tag( $post, 'guid' );
-			$post_author    = $this->get_tag( $post, 'dc:creator' );
-
-			$post_content = $this->get_tag( $post, 'content:encoded' );
-			$post_content = str_replace(array ('<![CDATA[', ']]>'), '', $post_content);
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
-			$post_content = str_replace('<br>', '<br />', $post_content);
-			$post_content = str_replace('<hr>', '<hr />', $post_content);
-
-			preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
-			$categories = $categories[1];
-
-			$cat_index = 0;
-			foreach ($categories as $category) {
-				$categories[$cat_index] = $wpdb->escape($this->unhtmlentities(str_replace(array ('<![CDATA[', ']]>'), '', $category)));
-				$cat_index++;
-			}
-
-			if ($post_id = post_exists($post_title, '', $post_date)) {
-				echo '<li>';
-				printf(__('Post <i>%s</i> already exists.'), stripslashes($post_title));
-			} else {
-				echo '<li>';
-				printf(__('Importing post <i>%s</i>...'), stripslashes($post_title));
-
-				$post_author = $this->checkauthor($post_author); //just so that if a post already exists, new users are not created by checkauthor
-
-				$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt', 'guid', 'post_parent', 'post_type');
-				$comment_post_ID = $post_id = wp_insert_post($postdata);
-				// Add categories.
-				if (0 != count($categories)) {
-					wp_create_categories($categories, $post_id);
-				}
-			}
-
-				// Now for comments
-				preg_match_all('|<wp:comment>(.*?)</wp:comment>|is', $post, $comments);
-				$comments = $comments[1];
-				$num_comments = 0;
-				if ( $comments) { foreach ($comments as $comment) {
-					$comment_author       = $this->get_tag( $comment, 'wp:comment_author');
-					$comment_author_email = $this->get_tag( $comment, 'wp:comment_author_email');
-					$comment_author_IP    = $this->get_tag( $comment, 'wp:comment_author_IP');
-					$comment_author_url   = $this->get_tag( $comment, 'wp:comment_author_url');
-					$comment_date         = $this->get_tag( $comment, 'wp:comment_date');
-					$comment_date_gmt     = $this->get_tag( $comment, 'wp:comment_date_gmt');
-					$comment_content      = $this->get_tag( $comment, 'wp:comment_content');
-					$comment_approved     = $this->get_tag( $comment, 'wp:comment_approved');
-					$comment_type         = $this->get_tag( $comment, 'wp:comment_type');
-					$comment_parent       = $this->get_tag( $comment, 'wp:comment_parent');
-
-					if ( !comment_exists($comment_author, $comment_date) ) {
-						$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_approved', 'comment_type', 'comment_parent');
-						wp_insert_comment($commentdata);
-						$num_comments++;
-					}
-				} }
-				if ( $num_comments )
-					printf(' '.__('(%s comments)'), $num_comments);
-
-				// Now for post meta
-				preg_match_all('|<wp:postmeta>(.*?)</wp:postmeta>|is', $post, $postmeta);
-				$postmeta = $postmeta[1];
-				if ( $postmeta) { foreach ($postmeta as $p) {
-					$key   = $this->get_tag( $p, 'wp:meta_key' );
-					$value = $this->get_tag( $p, 'wp:meta_value' );
-					add_post_meta( $post_id, $key, $value );
-				} }
-
-			$index++;
-		}
+		foreach ($this->posts as $post)
+			$this->process_post($post);
 
 		echo '</ol>';
 
@@ -302,6 +252,116 @@ class WP_Import {
 
 		echo '<h3>'.sprintf(__('All done.').' <a href="%s">'.__('Have fun!').'</a>', get_option('home')).'</h3>';
 	}
+  
+	function process_post($post) {
+		global $wpdb;
+
+		$post_ID = (int) $this->get_tag( $post, 'wp:post_id' );
+  		if ( $post_ID && !empty($this->posts_processed[$post_ID][1]) ) // Processed already
+			return 0;
+      
+		// There are only ever one of these
+		$post_title     = $this->get_tag( $post, 'title' );
+		$post_date      = $this->get_tag( $post, 'wp:post_date' );
+		$post_date_gmt  = $this->get_tag( $post, 'wp:post_date_gmt' );
+		$comment_status = $this->get_tag( $post, 'wp:comment_status' );
+		$ping_status    = $this->get_tag( $post, 'wp:ping_status' );
+		$post_status    = $this->get_tag( $post, 'wp:status' );
+		$post_name      = $this->get_tag( $post, 'wp:post_name' );
+		$post_parent    = $this->get_tag( $post, 'wp:post_parent' );
+		$menu_order     = $this->get_tag( $post, 'wp:menu_order' );
+		$post_type      = $this->get_tag( $post, 'wp:post_type' );
+		$guid           = $this->get_tag( $post, 'guid' );
+		$post_author    = $this->get_tag( $post, 'dc:creator' );
+
+		$post_content = $this->get_tag( $post, 'content:encoded' );
+		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+		$post_content = str_replace('<br>', '<br />', $post_content);
+		$post_content = str_replace('<hr>', '<hr />', $post_content);
+
+		preg_match_all('|<category>(.*?)</category>|is', $post, $categories);
+		$categories = $categories[1];
+
+		$cat_index = 0;
+		foreach ($categories as $category) {
+			$categories[$cat_index] = $wpdb->escape($this->unhtmlentities(str_replace(array ('<![CDATA[', ']]>'), '', $category)));
+			$cat_index++;
+		}
+
+		if ($post_id = post_exists($post_title, '', $post_date)) {
+			echo '<li>';
+			printf(__('Post <i>%s</i> already exists.'), stripslashes($post_title));
+		} else {
+
+			// If it has parent, process parent first.
+			$post_parent = (int) $post_parent;
+			if ($parent = $this->posts_processed[$post_parent]) {
+				if (!$parent[1]) $this->process_post($parent[0]); // If not yet, process the parent first.
+				$post_parent = $parent[1]; // New ID of the parent;
+			}
+
+			echo '<li>';
+			printf(__('Importing post <i>%s</i>...'), stripslashes($post_title));
+
+			$post_author = $this->checkauthor($post_author); //just so that if a post already exists, new users are not created by checkauthor
+
+			$postdata = compact('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'post_name', 'comment_status', 'ping_status', 'post_modified', 'post_modified_gmt', 'guid', 'post_parent', 'menu_order', 'post_type');
+			$comment_post_ID = $post_id = wp_insert_post($postdata);
+
+			// Memorize old and new ID.
+			if ( $post_id && $post_ID && $this->posts_processed[$post_ID] )
+				$this->posts_processed[$post_ID][1] = $post_id; // New ID.
+			
+			// Add categories.
+			if (count($categories) > 0) {
+				$post_cats = array();
+				foreach ($categories as $category) {
+					$cat_ID = (int) $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE cat_name = '$category'");
+					if ($cat_ID == 0) {
+						$cat_ID = wp_insert_category(array('cat_name' => $category));
+					}
+					$post_cats[] = $cat_ID;
+				}
+				wp_set_post_categories($post_id, $post_cats);
+			}	
+		}
+
+		// Now for comments
+		preg_match_all('|<wp:comment>(.*?)</wp:comment>|is', $post, $comments);
+		$comments = $comments[1];
+		$num_comments = 0;
+		if ( $comments) { foreach ($comments as $comment) {
+			$comment_author       = $this->get_tag( $comment, 'wp:comment_author');
+			$comment_author_email = $this->get_tag( $comment, 'wp:comment_author_email');
+			$comment_author_IP    = $this->get_tag( $comment, 'wp:comment_author_IP');
+			$comment_author_url   = $this->get_tag( $comment, 'wp:comment_author_url');
+			$comment_date         = $this->get_tag( $comment, 'wp:comment_date');
+			$comment_date_gmt     = $this->get_tag( $comment, 'wp:comment_date_gmt');
+			$comment_content      = $this->get_tag( $comment, 'wp:comment_content');
+			$comment_approved     = $this->get_tag( $comment, 'wp:comment_approved');
+			$comment_type         = $this->get_tag( $comment, 'wp:comment_type');
+			$comment_parent       = $this->get_tag( $comment, 'wp:comment_parent');
+
+			if ( !comment_exists($comment_author, $comment_date) ) {
+				$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_author_email', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_approved', 'comment_type', 'comment_parent');
+				wp_insert_comment($commentdata);
+				$num_comments++;
+			}
+		} }
+
+		if ( $num_comments )
+			printf(' '.__('(%s comments)'), $num_comments);
+
+		// Now for post meta
+		preg_match_all('|<wp:postmeta>(.*?)</wp:postmeta>|is', $post, $postmeta);
+		$postmeta = $postmeta[1];
+		if ( $postmeta) { foreach ($postmeta as $p) {
+			$key   = $this->get_tag( $p, 'wp:meta_key' );
+			$value = $this->get_tag( $p, 'wp:meta_value' );
+			$value = stripslashes($value); // add_post_meta() will escape.
+			add_post_meta( $post_id, $key, $value );
+		} }
+	}
 
 	function import() {
 		$this->id = (int) $_GET['id'];
@@ -325,9 +385,11 @@ class WP_Import {
 				$this->greet();
 				break;
 			case 1 :
+				check_admin_referer('import-upload');
 				$this->select_authors();
 				break;
 			case 2:
+				check_admin_referer('import-wordpress');
 				$this->import();
 				break;
 		}

wp-admin/index.php

@@ -15,6 +15,7 @@ function dashboard_init() {
 }
 add_action( 'admin_head', 'index_js' );
 wp_enqueue_script('prototype');
+wp_enqueue_script('interface');
 
 $title = __('Dashboard'); 
 $parent_file = 'index.php';
@@ -49,7 +50,7 @@ if ( $comments || $numcomments ) :
 <?php
 if ( $comments ) {
 foreach ($comments as $comment) {
-	echo '<li>' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . get_the_title($comment->comment_post_ID) . '</a>');
+	echo '<li>' . sprintf(__('%1$s on %2$s'), get_comment_author_link(), '<a href="'. get_permalink($comment->comment_post_ID) . '#comment-' . $comment->comment_ID . '">' . apply_filters('the_title', get_the_title($comment->comment_post_ID)) . '</a>');
 	edit_comment_link(__("Edit"), ' <small>(', ')</small>');
 	echo '</li>';
 }
@@ -60,7 +61,7 @@ foreach ($comments as $comment) {
 <?php endif; ?>
 
 <?php
-if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
+if ( $recentposts = $wpdb->get_results("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql('post') . " AND post_date_gmt < '$today' ORDER BY post_date DESC LIMIT 5") ) :
 ?>
 <div>
 <h3><?php _e('Posts'); ?> <a href="edit.php" title="<?php _e('More posts...'); ?>">&raquo;</a></h3>
@@ -98,21 +99,16 @@ foreach ($scheduled as $post) {
 <div>
 <h3><?php _e('Blog Stats'); ?></h3>
 <?php
-$numposts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish'");
-if (0 < $numposts) $numposts = number_format($numposts);
+$numposts = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish'");
+$numcomms = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '1'");
+$numcats  = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->categories");
 
-$numcomms = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '1'");
-if (0 < $numcomms) $numcomms = number_format($numcomms);
-
-$numcats = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->categories");
-if (0 < $numcats) $numcats = number_format($numcats);
+$post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), number_format($numposts), 'edit.php');
+$comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), number_format($numcomms), 'edit-comments.php');
+$cat_str  = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), number_format($numcats), 'categories.php');
 ?>
-<p><?php
-$post_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Posts">post</a>', '%1$s <a href="%2$s" title="Posts">posts</a>', $numposts), $numposts, 'edit.php');
-$comm_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Comments">comment</a>', '%1$s <a href="%2$s" title="Comments">comments</a>', $numcomms), $numcomms, 'edit-comments.php');
-$cat_str = sprintf(__ngettext('%1$s <a href="%2$s" title="Categories">category</a>', '%1$s <a href="%2$s" title="Categories">categories</a>', $numcats), $numcats, 'categories.php');
 
-printf(__('There are currently %1$s and %2$s, contained within %3$s.'), $post_str, $comm_str, $cat_str); ?></p>
+<p><?php printf(__('There are currently %1$s and %2$s, contained within %3$s.'), $post_str, $comm_str, $cat_str); ?></p>
 </div>
 
 <?php do_action('activity_box_end'); ?>
@@ -126,7 +122,7 @@ printf(__('There are currently %1$s and %2$s, contained within %3$s.'), $post_st
 <?php endif; ?>
 	<li><a href="profile.php"><?php _e('Update your profile or change your password'); ?></a></li>
 <?php if ( current_user_can('manage_links') ) : ?>
-	<li><a href="link-add.php"><?php _e('Add a bookmark to your blogroll'); ?></a></li>
+	<li><a href="link-add.php"><?php _e('Add a link to your blogroll'); ?></a></li>
 <?php endif; ?>
 <?php if ( current_user_can('switch_themes') ) : ?>
 	<li><a href="themes.php"><?php _e('Change your site&#8217;s look or theme'); ?></a></li>

wp-admin/install-rtl.css

@@ -1,5 +1,15 @@
-body { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; }
+body { font: 13px Tahoma, Georgia, "Times New Roman", Times, serif; }
 
 ul, ol { padding: 5px 20px 5px 5px; }
 
-.step, th { text-align: left; }
+h1, h2, h3 { font-family: "Times New Roman", Times, serif; font-weight: 700 }
+
+.step, th { text-align: left }
+
+input { font-family: "Times New Roman", Times, serif; padding: 1px }
+
+#logo {	background: url(../wp-content/plugins/WP-Jalali/wp-fa-logo.png) center right no-repeat;	text-align: left; }
+
+#admin_email {direction: ltr; text-align: left; }
+
+#footer { font-style: normal; }

wp-admin/install.php

@@ -82,7 +82,7 @@ switch($step) {
 
 <?php
 	$result = wp_install($weblog_title, 'admin', $admin_email, $public);
-	extract($result);
+	extract($result, EXTR_SKIP);
 ?>
 
 <p><em><?php _e('Finished!'); ?></em></p>

wp-admin/link-add.php

@@ -28,7 +28,7 @@ require('admin-header.php');
 
 <div id="wp-link-bookmarklet"  class="wrap">
 <h3><?php _e('Add Link Bookmarklet'); ?></h3>
-<p><?php _e('Right click on the following link and choose "Bookmark This Link..." to create an add link shortcut. Right now this only works on Mozilla or Netscape, but we&#8217;re working on it.'); ?></p>
+<p><?php _e('Right click on the following link and choose &#0147;Bookmark This Link...&#0148; or &#0147;Add to Favorites...&#0148; to create a Link This shortcut.'); ?></p>
 <?php printf('<p><a href="%s" title="'.__('Link add bookmarklet').'">'.__('Link This').'</a></p>', "javascript:void(linkmanpopup=window.open('" . get_option('siteurl') . "/wp-admin/link-add.php?action=popup&amp;linkurl='+escape(location.href)+'&amp;name='+escape(document.title),'LinkManager','scrollbars=yes,width=750,height=550,left=15,top=15,status=yes,resizable=yes'));linkmanpopup.focus();window.focus();linkmanpopup.focus();") ?>
 </div>
 

wp-admin/link-import.php

@@ -12,16 +12,16 @@ if (!$step) $step = 0;
 ?>
 <?php
 switch ($step) {
-    case 0:
-    {
-        include_once('admin-header.php');
-        if ( !current_user_can('manage_links') )
-            wp_die(__('Cheatin&#8217; uh?'));
+	case 0: {
+		include_once('admin-header.php');
+		if ( !current_user_can('manage_links') )
+			wp_die(__('Cheatin&#8217; uh?'));
 
-        $opmltype = 'blogrolling'; // default.
+		$opmltype = 'blogrolling'; // default.
 ?>
 
 <div class="wrap">
+
 <h2><?php _e('Import your blogroll from another system') ?> </h2>
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
 <?php wp_nonce_field('import-bookmarks') ?>
@@ -40,7 +40,6 @@ switch ($step) {
 <input id="userfile" name="userfile" type="file" size="30" />
 </div>
 
-
 </div>
 
 <p style="clear: both; margin-top: 1em;"><?php _e('Now select a category you want to put these links in.') ?><br />
@@ -49,7 +48,7 @@ switch ($step) {
 $categories = get_categories('hide_empty=0');
 foreach ($categories as $category) {
 ?>
-<option value="<?php echo $category->cat_ID; ?>"><?php echo wp_specialchars($category->cat_name); ?></option>
+<option value="<?php echo $category->cat_ID; ?>"><?php echo wp_specialchars(apply_filters('link_category', $category->cat_name)); ?></option>
 <?php
 } // end foreach
 ?>
@@ -60,74 +59,79 @@ foreach ($categories as $category) {
 
 </div>
 <?php
-                break;
-            } // end case 0
+		break;
+	} // end case 0
 
-    case 1: {
+	case 1: {
 		check_admin_referer('import-bookmarks');
 
-                include_once('admin-header.php');
-                if ( !current_user_can('manage_links') )
-                    wp_die(__('Cheatin&#8217; uh?'));
+		include_once('admin-header.php');
+		if ( !current_user_can('manage_links') )
+			wp_die(__('Cheatin&#8217; uh?'));
 ?>
 <div class="wrap">
 
-     <h2><?php _e('Importing...') ?></h2>
+<h2><?php _e('Importing...') ?></h2>
 <?php
-                $cat_id = $_POST['cat_id'];
-                if (($cat_id == '') || ($cat_id == 0)) {
-                    $cat_id  = 1;
-                }
+		$cat_id = abs( (int) $_POST['cat_id'] );
+		if ( $cat_id < 1 )
+			$cat_id  = 1;
 
-                $opml_url = $_POST['opml_url'];
-                if (isset($opml_url) && $opml_url != '' && $opml_url != 'http://') {
-					$blogrolling = true;
-                }
-                else // try to get the upload file.
-				{
-					$overrides = array('test_form' => false, 'test_type' => false);
-					$file = wp_handle_upload($_FILES['userfile'], $overrides);
+		$opml_url = $_POST['opml_url'];
+		if ( isset($opml_url) && $opml_url != '' && $opml_url != 'http://' ) {
+			$blogrolling = true;
+		} else { // try to get the upload file.
+			$overrides = array('test_form' => false, 'test_type' => false);
+			$file = wp_handle_upload($_FILES['userfile'], $overrides);
 
-					if ( isset($file['error']) )
-						wp_die($file['error']);
+			if ( isset($file['error']) )
+				wp_die($file['error']);
 
-					$url = $file['url'];
-					$opml_url = $file['file'];
-					$blogrolling = false;
-				}
+			$url = $file['url'];
+			$opml_url = $file['file'];
+			$blogrolling = false;
+		}
 
-                if (isset($opml_url) && $opml_url != '') {
-                    $opml = wp_remote_fopen($opml_url);
-                    include_once('link-parse-opml.php');
+		if ( isset($opml_url) && $opml_url != '' ) {
+			if ( $blogrolling === true ) {
+				$opml = wp_remote_fopen($opml_url);
+			} else {
+				$opml = file_get_contents($opml_url);
+			}
+			
+			include_once('link-parse-opml.php');
 
-                    $link_count = count($names);
-                    for ($i = 0; $i < $link_count; $i++) {
-                        if ('Last' == substr($titles[$i], 0, 4))
-                            $titles[$i] = '';
-                        if ('http' == substr($titles[$i], 0, 4))
-                            $titles[$i] = '';
-                        $link = array( 'link_url' => $urls[$i], 'link_name' => $wpdb->escape($names[$i]), 'link_category' => array($cat_id), 'link_description' => $wpdb->escape($descriptions[$i]), 'link_owner' => $user_ID, 'link_rss' => $feeds[$i]);              			
-						wp_insert_link($link);
-						echo sprintf('<p>'.__('Inserted <strong>%s</strong>').'</p>', $names[$i]);
-                    }
+			$link_count = count($names);
+			for ( $i = 0; $i < $link_count; $i++ ) {
+				if ('Last' == substr($titles[$i], 0, 4))
+					$titles[$i] = '';
+				if ( 'http' == substr($titles[$i], 0, 4) )
+					$titles[$i] = '';
+				$link = array( 'link_url' => $urls[$i], 'link_name' => $wpdb->escape($names[$i]), 'link_category' => array($cat_id), 'link_description' => $wpdb->escape($descriptions[$i]), 'link_owner' => $user_ID, 'link_rss' => $feeds[$i]);
+				wp_insert_link($link);
+				echo sprintf('<p>'.__('Inserted <strong>%s</strong>').'</p>', $names[$i]);
+			}
 ?>
-     <p><?php printf(__('Inserted %1$d links into category %2$s. All done! Go <a href="%3$s">manage those links</a>.'), $link_count, $cat_id, 'link-manager.php') ?></p>
-<?php
-                } // end if got url
-                else
-                {
-                    echo "<p>" . __("You need to supply your OPML url. Press back on your browser and try again") . "</p>\n";
-                } // end else
 
-				if ( ! $blogrolling )
-					@unlink($opml_url);
+<p><?php printf(__('Inserted %1$d links into category %2$s. All done! Go <a href="%3$s">manage those links</a>.'), $link_count, $cat_id, 'link-manager.php') ?></p>
+
+<?php
+} // end if got url
+else
+{
+	echo "<p>" . __("You need to supply your OPML url. Press back on your browser and try again") . "</p>\n";
+} // end else
+
+if ( ! $blogrolling )
+	apply_filters( 'wp_delete_file', $opml_url); 
+	@unlink($opml_url);
 ?>
 </div>
 <?php
-                break;
-            } // end case 1
+		break;
+	} // end case 1
 } // end switch
 
 include('admin-footer.php');
 
-?>
+?>

wp-admin/link-manager.php

@@ -80,7 +80,7 @@ $categories = get_categories("hide_empty=1&type=link");
 $select_cat = "<select name=\"cat_id\">\n";
 $select_cat .= '<option value="all"'  . (($cat_id == 'all') ? " selected='selected'" : '') . '>' . __('All') . "</option>\n";
 foreach ((array) $categories as $cat)
-	$select_cat .= '<option value="' . $cat->cat_ID . '"' . (($cat->cat_ID == $cat_id) ? " selected='selected'" : '') . '>' . wp_specialchars($cat->cat_name) . "</option>\n";
+	$select_cat .= '<option value="' . $cat->cat_ID . '"' . (($cat->cat_ID == $cat_id) ? " selected='selected'" : '') . '>' . wp_specialchars(apply_filters('link_category', $cat->cat_name)) . "</option>\n";
 $select_cat .= "</select>\n";
 
 $select_order = "<select name=\"order_by\">\n";
@@ -131,8 +131,8 @@ if ( $links ) {
 	<tbody id="the-list">
 <?php
 	foreach ($links as $link) {
-		$link->link_name = attribute_escape($link->link_name);
-		$link->link_description = wp_specialchars($link->link_description);
+		$link->link_name = attribute_escape(apply_filters('link_title', $link->link_name));
+		$link->link_description = wp_specialchars(apply_filters('link_description', $link->link_description));
 		$link->link_url = clean_url($link->link_url);
 		$link->link_category = wp_get_link_cats($link->link_id);
 		$short_url = str_replace('http://', '', $link->link_url);
@@ -160,7 +160,7 @@ if ( $links ) {
 					$cat_names = array();
 					foreach ($link->link_category as $category) {
 						$cat_name = get_the_category_by_ID($category);
-						$cat_name = wp_specialchars($cat_name);
+						$cat_name = wp_specialchars(apply_filters('link_category', $cat_name));
 						if ( $cat_id != $category )
 							$cat_name = "<a href='link-manager.php?cat_id=$category'>$cat_name</a>";
 						$cat_names[] = $cat_name;
@@ -180,7 +180,7 @@ if ( $links ) {
 					break;
 				default:
 					?>
-					<td><?php do_action('manage_link_custom_column', $column_name, $id); ?></td>
+					<td><?php do_action('manage_link_custom_column', $column_name, $link->link_id); ?></td>
 					<?php
 					break;
 

wp-admin/menu.php

@@ -6,15 +6,15 @@
 // The URL of the item's file
 $menu[0] = array(__('Dashboard'), 'read', 'index.php');
 
-if ( strstr($_SERVER['REQUEST_URI'], 'edit-pages.php') )
+if (strpos($_SERVER['REQUEST_URI'], 'edit-pages.php') !== false)
 	$menu[5] = array(__('Write'), 'edit_pages', 'page-new.php');
 else
 	$menu[5] = array(__('Write'), 'edit_posts', 'post-new.php');
-if ( strstr($_SERVER['REQUEST_URI'], 'page-new.php') )
+if (strpos($_SERVER['REQUEST_URI'], 'page-new.php') !== false)
 	$menu[10] = array(__('Manage'), 'edit_pages', 'edit-pages.php');
 else
 	$menu[10] = array(__('Manage'), 'edit_posts', 'edit.php');
-	
+
 $menu[15] = array(__('Comments'), 'edit_posts', 'edit-comments.php');
 $menu[20] = array(__('Blogroll'), 'manage_links', 'link-manager.php');
 $menu[25] = array(__('Presentation'), 'switch_themes', 'themes.php');
@@ -69,6 +69,8 @@ $submenu['plugins.php'][10] = array(__('Plugin Editor'), 'edit_plugins', 'plugin
 $submenu['themes.php'][5] = array(__('Themes'), 'switch_themes', 'themes.php');
 $submenu['themes.php'][10] = array(__('Theme Editor'), 'edit_themes', 'theme-editor.php');
 
+do_action('_admin_menu');
+
 // Create list of page plugin hook names.
 foreach ($menu as $menu_page) {
 	$admin_page_hooks[$menu_page[2]] = sanitize_title($menu_page[0]);
@@ -104,7 +106,7 @@ foreach ( $menu as $id => $data ) {
 	if ( $new_parent != $old_parent ) {
 		$_wp_real_parent_file[$old_parent] = $new_parent;
 		$menu[$id][2] = $new_parent;
-		
+
 		foreach ($submenu[$old_parent] as $index => $data) {
 			$submenu[$new_parent][$index] = $submenu[$old_parent][$index];
 			unset($submenu[$old_parent][$index]);

wp-admin/moderation.php

@@ -121,7 +121,7 @@ $i = 0;
 	?>
 	<p><strong><?php comment_author() ?></strong> <?php if ($comment->comment_author_email) { ?>| <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> | <?php comment_author_url_link() ?> <?php } ?>| <?php _e('IP:') ?> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
 <?php comment_text() ?>
-<p><?php comment_date('M j, g:i A'); ?> &#8212; [ <?php
+<p><?php comment_date(__('M j, g:i A')); ?> &#8212; [ <?php
 echo '<a href="comment.php?action=editcomment&amp;c='.$comment->comment_ID.'">' . __('Edit') . '</a> | ';
 echo " <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by '%s'.\n'Cancel' to stop, 'OK' to delete."), $comment->comment_author )) . "', theCommentList );\">" . __('Delete') . "</a> | "; ?>
 <?php

wp-admin/options-general.php

@@ -25,11 +25,11 @@ include('./admin-header.php');
 </tr> 
 <tr valign="top"> 
 <th scope="row"><?php _e('WordPress address (URL):') ?></th> 
-<td><input name="siteurl" type="text" id="siteurl" value="<?php form_option('siteurl'); ?>" size="40" class="code" /></td> 
+<td><input name="siteurl" type="text" id="siteurl" value="<?php form_option('siteurl'); ?>" size="40" class="code<?php if ( defined( 'WP_SITEURL' ) ) : ?> disabled" disabled="disabled"<?php else: ?>"<?php endif; ?> /></td> 
 </tr> 
 <tr valign="top">
 <th scope="row"><?php _e('Blog address (URL):') ?></th>
-<td><input name="home" type="text" id="home" value="<?php form_option('home'); ?>" size="40" class="code" /><br /><?php _e('If you want your blog homepage <a href="http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">to be different than the directory</a> you installed WordPress in, enter that address here.'); ?></td>
+<td><input name="home" type="text" id="home" value="<?php form_option('home'); ?>" size="40" class="code<?php if ( defined( 'WP_HOME' ) ) : ?> disabled" disabled="disabled"<?php else: ?>"<?php endif; ?> /><br /><?php _e('Enter the address here if you want your blog homepage <a href="http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">to be different from the directory</a> you installed WordPress.'); ?></td>
 </tr>
 <tr valign="top"> 
 <th scope="row"><?php _e('E-mail address:') ?> </th> 
@@ -97,7 +97,7 @@ endfor;
 
 <p class="submit"><input type="submit" name="Submit" value="<?php _e('Update Options &raquo;') ?>" />
 <input type="hidden" name="action" value="update" /> 
-<input type="hidden" name="page_options" value="blogname,blogdescription,siteurl,admin_email,users_can_register,gmt_offset,date_format,time_format,home,start_of_week,comment_registration,default_role" /> 
+<input type="hidden" name="page_options" value="<?php if ( ! defined( 'WP_SITEURL' ) ) echo 'siteurl,'; if ( ! defined( 'WP_HOME' ) ) echo 'home,'; ?>blogname,blogdescription,admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,default_role" /> 
 </p>
 </form>
 

wp-admin/options-head.php

@@ -1,7 +1,5 @@
 <?php wp_reset_vars(array('action', 'standalone', 'option_group_id')); ?>
 
-<br clear="all" />
-
 <?php if (isset($_GET['updated'])) : ?>
 <div id="message" class="updated fade"><p><strong><?php _e('Options saved.') ?></strong></p></div>
 <?php endif; ?>

wp-admin/options-misc.php

@@ -36,7 +36,7 @@ include('admin-header.php');
 </fieldset>
 
 <p><input name="use_linksupdate" type="checkbox" id="use_linksupdate" value="1" <?php checked('1', get_option('use_linksupdate')); ?> />
-<label for="use_linksupdate"><?php _e('Track Bookmarks&#8217; Update Times') ?></label></p>
+<label for="use_linksupdate"><?php _e('Track Links&#8217; Update Times') ?></label></p>
 <p>
 <label><input type="checkbox" name="hack_file" value="1" <?php checked('1', get_option('hack_file')); ?> /> <?php _e('Use legacy <code>my-hacks.php</code> file support') ?></label>
 </p>

wp-admin/options-writing.php

@@ -41,7 +41,7 @@ endforeach;
 </select></td>
 </tr>
 <tr valign="top">
-<th scope="row"><?php _e('Default bookmark category:') ?></th>
+<th scope="row"><?php _e('Default link category:') ?></th>
 <td><select name="default_link_category" id="default_link_category">
 <?php
 foreach ($categories as $category) :
@@ -103,7 +103,7 @@ endforeach;
 
 <?php else : ?>
 
-	<p><?php printf(__('WordPress is not notifying any <a href="http://codex.wordpress.org/Update_Services">Update Services</a> because of your blog\'s <a href="%s">privacy settings</a>'), 'options-privacy.php'); ?>
+	<p><?php printf(__('WordPress is not notifying any <a href="http://codex.wordpress.org/Update_Services">Update Services</a> because of your blog\'s <a href="%s">privacy settings</a>.'), 'options-privacy.php'); ?>
 
 <?php endif; ?>
 

wp-admin/options.php

@@ -10,77 +10,6 @@ wp_reset_vars(array('action'));
 if ( !current_user_can('manage_options') )
 	wp_die(__('Cheatin’ uh?'));
 
-function sanitize_option($option, $value) { // Remember to call stripslashes!
-
-	switch ($option) {
-		case 'admin_email':
-			$value = stripslashes($value);
-			$value = sanitize_email($value);
-			break;
-
-		case 'default_post_edit_rows':
-		case 'mailserver_port':
-		case 'comment_max_links':
-			$value = stripslashes($value);
-			$value = abs((int) $value);
-			break;
-
-		case 'posts_per_page':
-		case 'posts_per_rss':
-			$value = stripslashes($value);
-			$value = (int) $value;
-			if ( empty($value) ) $value = 1;
-			if ( $value < -1 ) $value = abs($value);
-			break;
-
-		case 'default_ping_status':
-		case 'default_comment_status':
-			$value = stripslashes($value);
-			// Options that if not there have 0 value but need to be something like "closed"
-			if ( $value == '0' || $value == '')
-				$value = 'closed';
-			break;
-
-		case 'blogdescription':
-		case 'blogname':
-			if (current_user_can('unfiltered_html') == false)
-				$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
-			$value = stripslashes($value);
-			break;
-
-		case 'blog_charset':
-			$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
-			break;
-
-		case 'date_format':
-		case 'time_format':
-		case 'mailserver_url':
-		case 'mailserver_login':
-		case 'mailserver_pass':
-		case 'ping_sites':
-		case 'upload_path':
-			$value = strip_tags($value);
-			$value = wp_filter_kses($value); // calls stripslashes then addslashes
-			$value = stripslashes($value);
-			break;
-
-		case 'gmt_offset':
-			$value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
-			break;
-
-		case 'siteurl':
-		case 'home':
-			$value = stripslashes($value);
-			$value = clean_url($value);
-			break;
-		default :
-			$value = stripslashes($value);
-			break;
-	}
-
-	return $value;	
-}
-
 switch($action) {
 
 case 'update':
@@ -100,8 +29,9 @@ case 'update':
 	if ($options) {
 		foreach ($options as $option) {
 			$option = trim($option);
-			$value = trim($_POST[$option]);
-			$value = sanitize_option($option, $value); // This does stripslashes on those that need it
+			$value = $_POST[$option];
+			if(!is_array($value))	$value = trim($value);
+			$value = stripslashes_deep($value);
 			update_option($option, $value);
 		}
 	}
@@ -127,10 +57,11 @@ $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name
 
 foreach ( (array) $options as $option) :
 	$disabled = '';
+	$option->option_name = attribute_escape($option->option_name);
 	if ( is_serialized($option->option_value) ) {
 		if ( is_serialized_string($option->option_value) ) {
 			// this is a serialized string, so we should display it
-			$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
+			$value = maybe_unserialize($option->option_value);
 			$options_to_update[] = $option->option_name;
 			$class = 'all-options';
 		} else {
@@ -139,7 +70,7 @@ foreach ( (array) $options as $option) :
 			$class = 'all-options disabled';
 		}
 	} else {
-		$value = wp_specialchars($option->option_value, 'single');
+		$value = $option->option_value;
 		$options_to_update[] = $option->option_name;
 		$class = 'all-options';
 	}
@@ -148,9 +79,9 @@ foreach ( (array) $options as $option) :
 	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
 <td>";
 
-	if (stristr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
-	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
-	
+	if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
+
 	echo "</td>
 	<td>$option->option_description</td>
 </tr>";
@@ -158,7 +89,7 @@ endforeach;
 ?>
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
-<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>
 

wp-admin/page-new.php

@@ -4,6 +4,7 @@ $title = __('New Page');
 $parent_file = 'post-new.php';
 $editing = true;
 wp_enqueue_script('prototype');
+wp_enqueue_script('interface');
 wp_enqueue_script('autosave');
 require_once('admin-header.php');
 ?>

wp-admin/page.php

@@ -52,6 +52,7 @@ case 'edit':
 
 	if($post->post_status == 'draft') {
 		wp_enqueue_script('prototype');
+		wp_enqueue_script('interface');
 		wp_enqueue_script('autosave');
 	}
 	require_once('admin-header.php');
@@ -60,12 +61,6 @@ case 'edit':
 		die ( __('You are not allowed to edit this page.') );
 
 	include('edit-page-form.php');
-	?>
-	<div id='preview' class='wrap'>
-	<h2 id="preview-post"><?php _e('Page Preview (updated when page is saved)'); ?></h2>
-		<iframe src="<?php echo clean_url(apply_filters('preview_page_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
-	</div>
-	<?php
 	break;
 
 case 'editattachment':
@@ -106,7 +101,7 @@ case 'editpost':
 		}
 
 		if ( isset($_POST['save']) )
-			$location = "page.php?action=edit&post=$page_ID";		
+			$location = "page.php?action=edit&post=$page_ID";
 	} else {
 		if ($_POST['save']) {
 			$location = "page.php?action=edit&post=$page_ID";
@@ -147,8 +142,8 @@ case 'delete':
 	}
 
 	$sendback = wp_get_referer();
-	if (strstr($sendback, 'page.php')) $sendback = get_option('siteurl') .'/wp-admin/page.php';
-	elseif (strstr($sendback, 'attachments.php')) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+	if (strpos($sendback, 'page.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/page.php';
+	elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
 	wp_redirect($sendback);
 	exit();

wp-admin/plugin-editor.php

@@ -30,6 +30,17 @@ case 'update':
 		$f = fopen($real_file, 'w+');
 		fwrite($f, $newcontent);
 		fclose($f);
+
+		// Deactivate so we can test it.
+		$current = get_option('active_plugins');
+		if ( in_array($file, $current) || isset($_POST['phperror']) ) {
+			if ( in_array($file, $current) ) {
+				array_splice($current, array_search( $file, $current), 1 ); // Array-fu!
+				update_option('active_plugins', $current);
+			}
+			wp_redirect(add_query_arg('_wpnonce', wp_create_nonce('edit-plugin-test_' . $file), "plugin-editor.php?file=$file&liveupdate=1"));
+			exit();
+		}
 		wp_redirect("plugin-editor.php?file=$file&a=te");
 	} else {
 		wp_redirect("plugin-editor.php?file=$file");
@@ -44,6 +55,24 @@ default:
 	if ( !current_user_can('edit_plugins') )
 		wp_die('<p>'.__('You do not have sufficient permissions to edit plugins for this blog.').'</p>');
 
+	if ( $_GET['liveupdate'] ) {
+		check_admin_referer('edit-plugin-test_' . $file);
+		$current = get_option('active_plugins');
+		$plugin = $file;
+		if ( validate_file($plugin) )
+			wp_die(__('Invalid plugin.'));
+		if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) )
+			wp_die(__('Plugin file does not exist.'));
+		if (!in_array($plugin, $current)) {
+			wp_redirect("plugin-editor.php?file=$file&phperror=1"); // we'll override this later if the plugin can be included without fatal error
+			@include(ABSPATH . PLUGINDIR . '/' . $plugin);
+			$current[] = $plugin;
+			sort($current);
+			update_option('active_plugins', $current);
+		}
+		wp_redirect("plugin-editor.php?file=$file&a=te");
+	}
+
 	require_once('admin-header.php');
 
 	update_recently_edited(PLUGINDIR . "/$file");
@@ -60,13 +89,23 @@ default:
 	?>
 <?php if (isset($_GET['a'])) : ?>
  <div id="message" class="updated fade"><p><?php _e('File edited successfully.') ?></p></div>
+<?php elseif (isset($_GET['phperror'])) : ?>
+ <div id="message" class="updated fade"><p><?php _e('This plugin has been deactivated because your changes resulted in a <strong>fatal error</strong>.') ?></p></div>
 <?php endif; ?>
  <div class="wrap">
 	<?php
-	if (is_writeable($real_file)) {
-		echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), $file) . '</h2>';
+	if ( in_array($file, (array) get_option('active_plugins')) ) {
+		if (is_writeable($real_file)) {
+			echo '<h2>' . sprintf(__('Editing <strong>%s</strong> (active)'), $file) . '</h2>';
+		} else {
+		echo '<h2>' . sprintf(__('Browsing <strong>%s</strong> (active)'), $file) . '</h2>';
+		}
 	} else {
-		echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), $file) . '</h2>';
+		if (is_writeable($real_file)) {
+			echo '<h2>' . sprintf(__('Editing <strong>%s</strong> (inactive)'), $file) . '</h2>';
+		} else {
+		echo '<h2>' . sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file) . '</h2>';
+		}
 	}
 	?>
 	<div id="templateside">
@@ -90,9 +129,15 @@ if ($plugin_files) :
 		<input type="hidden" name="file" value="<?php echo $file ?>" />
 		</div>
 <?php if ( is_writeable($real_file) ) : ?>
+	<?php if ( in_array($file, (array) get_option('active_plugins')) ) { ?>
+		<p><?php _e('<strong>Warning:</strong> Making changes to active plugins is not recommended.  If your changes cause a fatal error, the plugin will be automatically deactivated.'); ?></p>
+	<?php } ?>
 	<p class="submit">
 	<?php
-		echo "<input type='submit' name='submit' value='	" . __('Update File &raquo;') . "' tabindex='2' />";
+		if ( isset($_GET['phperror']) )
+			echo "<input type='hidden' name='phperror' value='1' /><input type='submit' name='submit' value='" . __('Update File and Attempt to Reactivate &raquo;') . "' tabindex='2' />";
+		else
+			echo "<input type='submit' name='submit' value='" . __('Update File &raquo;') . "' tabindex='2' />";
 	?>
 	</p>
 <?php else : ?>

wp-admin/plugins.php

@@ -11,13 +11,16 @@ if ( isset($_GET['action']) ) {
 		if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) )
 			wp_die(__('Plugin file does not exist.'));
 		if (!in_array($plugin, $current)) {
+			wp_redirect('plugins.php?error=true'); // we'll override this later if the plugin can be included without fatal error
+			ob_start();
+			@include(ABSPATH . PLUGINDIR . '/' . $plugin);
 			$current[] = $plugin;
 			sort($current);
 			update_option('active_plugins', $current);
-			include(ABSPATH . PLUGINDIR . '/' . $plugin);
 			do_action('activate_' . $plugin);
+			ob_end_clean();
 		}
-		wp_redirect('plugins.php?activate=true');
+		wp_redirect('plugins.php?activate=true'); // overrides the ?error=true one above
 	} else if ('deactivate' == $_GET['action']) {
 		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
 		$current = get_option('active_plugins');
@@ -25,6 +28,17 @@ if ( isset($_GET['action']) ) {
 		update_option('active_plugins', $current);
 		do_action('deactivate_' . trim( $_GET['plugin'] ));
 		wp_redirect('plugins.php?deactivate=true');
+	} elseif ($_GET['action'] == 'deactivate-all') {
+		check_admin_referer('deactivate-all');
+		$current = get_option('active_plugins');
+		
+		foreach ($current as $plugin) {
+			array_splice($current, array_search($plugin, $current), 1);
+			do_action('deactivate_' . $plugin);
+		}
+		
+		update_option('active_plugins', array());
+		wp_redirect('plugins.php?deactivate-all=true');
 	}
 	exit;
 }
@@ -58,13 +72,14 @@ foreach ($check_plugins as $check_plugin) {
 }
 ?>
 
-<?php if (isset($_GET['activate'])) : ?>
-<div id="message" class="updated fade"><p><?php _e('Plugin <strong>activated</strong>.') ?></p>
-</div>
-<?php endif; ?>
-<?php if (isset($_GET['deactivate'])) : ?>
-<div id="message" class="updated fade"><p><?php _e('Plugin <strong>deactivated</strong>.') ?></p>
-</div>
+<?php if ( isset($_GET['error']) ) : ?>
+	<div id="message" class="updated fade"><p><?php _e('Plugin could not be activated because it triggered a <strong>fatal error</strong>.') ?></p></div>
+<?php elseif ( isset($_GET['activate']) ) : ?>
+	<div id="message" class="updated fade"><p><?php _e('Plugin <strong>activated</strong>.') ?></p></div>
+<?php elseif ( isset($_GET['deactivate']) ) : ?>
+	<div id="message" class="updated fade"><p><?php _e('Plugin <strong>deactivated</strong>.') ?></p></div>
+<?php elseif (isset($_GET['deactivate-all'])) : ?>
+	<div id="message" class="updated fade"><p><?php _e('All plugins <strong>deactivated</strong>.'); ?></p></div>
 <?php endif; ?>
 
 <div class="wrap">
@@ -116,7 +131,7 @@ if (empty($plugins)) {
 
 		if ( $style != '' )
 			$style = 'class="' . $style . '"';
-		if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) )
+		if ( is_writable(ABSPATH . PLUGINDIR . '/' . $plugin_file) )
 			$edit = "<a href='plugin-editor.php?file=$plugin_file' title='".__('Open this file in the Plugin Editor')."' class='edit'>".__('Edit')."</a>";
 		else
 			$edit = '';
@@ -135,6 +150,11 @@ if (empty($plugins)) {
 	}
 ?>
 
+<tr>
+	<td colspan="3">&nbsp;</td>
+	<td colspan="2" style="width:12em;"><a href="<?php echo wp_nonce_url('plugins.php?action=deactivate-all', 'deactivate-all'); ?>" class="delete"><?php _e('Deactivate All Plugins'); ?></a></td>
+</tr>
+
 </table>
 <?php
 }

wp-admin/post-new.php

@@ -4,6 +4,7 @@ $title = __('Create New Post');
 $parent_file = 'post-new.php';
 $editing = true;
 wp_enqueue_script('prototype');
+wp_enqueue_script('interface');
 wp_enqueue_script('autosave');
 require_once ('./admin-header.php');
 

wp-admin/post.php

@@ -47,7 +47,7 @@ case 'edit':
 	$editing = true;
 	$post_ID = $p = (int) $_GET['post'];
 	$post = get_post($post_ID);
-	
+
 	if ( 'page' == $post->post_type ) {
 		wp_redirect("page.php?action=edit&post=$post_ID");
 		exit();
@@ -66,12 +66,6 @@ case 'edit':
 
 	include('edit-form-advanced.php');
 
-	?>
-	<div id='preview' class='wrap'>
-	<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?></h2>
-		<iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
-	</div>
-	<?php
 	break;
 
 case 'editattachment':
@@ -119,7 +113,7 @@ case 'editpost':
 		if ( !empty($_POST['referredby']) )
 			$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
 		$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
-	
+
 		if ($_POST['save']) {
 			$location = "post.php?action=edit&post=$post_ID";
 		} elseif ($_POST['updatemeta']) {
@@ -160,8 +154,8 @@ case 'delete':
 	}
 
 	$sendback = wp_get_referer();
-	if (strstr($sendback, 'post.php')) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
-	elseif (strstr($sendback, 'attachments.php')) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
+	if (strpos($sendback, 'post.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/post-new.php';
+	elseif (strpos($sendback, 'attachments.php') !== false) $sendback = get_option('siteurl') .'/wp-admin/attachments.php';
 	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
 	wp_redirect($sendback);
 	exit();

wp-admin/rtl.css

@@ -1,192 +1,247 @@
-#viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, 
-	#footer .logo, .alignleft .available-theme { float: right; }
+#viewarc, #viewcat, #namediv, #emaildiv, #uridiv, #planetnews li, #login ul li, #your-profile fieldset, #footer .logo, .alignleft .available-theme {
+	float: right;
+	}
 
-#templateside, .alignright { float: left; }
+#templateside, .alignright {
+	float: left;
+	}
 
-#login #send, .readmore, .widefat th { text-align: right; }
+#login #send, .readmore, .widefat th {
+	text-align: right;
+	}
 
-#postcustomsubmit, form#upload th, .submit, .editform th { text-align: left; }
+#postcustomsubmit, form#upload th, .submit, .editform th {
+	text-align: left;
+	}
 
-#devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, 
-	#planetnews li .post { font-family: Tahoma, Georgia, "Times New Roman", Times, serif; }
+#devnews h4, #wphead h1, #your-profile legend, fieldset.options legend, #planetnews li .post {
+	font-family: Tahoma, Georgia, "Times New Roman", Times, serif;
+	}
 
-#wphead { padding: .8em 2em .8em 19em; }
+#wphead {
+	padding: .8em 2em .8em 19em;
+	}
 
-#wphead h1 { font-size: 2.4em; }
+#wphead h1 {
+	font-size: 2.4em;
+	}
 
-#postdiv , #titlediv, #guiddiv { margin: 0 0 0 8px; }
+#postdiv, #titlediv, #guiddiv, #tagdiv {
+	margin: 0 0 0 8px;
+	}
 
-#ed_toolbar input { margin: 3px 0 2px 2px; }
+#ed_toolbar input {
+	margin: 3px 0 2px 2px;
+	}
 
-#edButtons input, #edButtons input:active { margin: 0px 0 -1px 2px; }
+#edButtons input, #edButtons input:active {
+	margin: 0px 0 -1px 2px;
+	}
 
-body, td { font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana; }
+body, td {
+	font: 13px Tahoma, "Lucida Grande", "Lucida Sans Unicode", Verdana;
+	}
 
-h2 { font: normal 32px/5px serif; }
+h1, h2, h3, h4, h5 {
+	font-family: "Times New Roman", Times, serif;
+	}
+h3.dbx-handle {
+	font-family: tahoma, Verdana, Arial, Helvetica, sans-serif;
+	}
 
-textarea, input, select { font:  13px Tahoma, Verdana, Arial, Helvetica, sans-serif; }
+textarea, input, select {
+	font:  13px Tahoma, Verdana, Arial, Helvetica, sans-serif;
+	}
 
-.quicktags, .search { font: 12px Tahoma, Georgia, "Times New Roman", Times, serif; }
+.quicktags, .search {
+	font: 12px Tahoma, Georgia, "Times New Roman", Times, serif;
+	}
 
-.updated, .confirm { padding: 0 3em 0 1em; }
+.updated, .confirm {
+	padding: 0 3em 0 1em;
+	}
 
 .submit input, .submit input:focus, .button, .button:focus {
 	border-left-color: #999;
 	border-right-color: #ccc;
-}
+	}
 
 .submit input:active, .button:active {
 	border-left-color: #ccc;
 	border-right-color: #999;
-}
+	}
 
 #adminmenu {
 	padding: .2em 2em .3em .2em;
-	height: 30px;
-}
+	height: 28px;
+	}
 
 #adminmenu a {
 	margin: 0 0 0 10px;
 	display: block;
 	float: right;
-}
+	font: 700 16px/130% "Times New Roman", Times, serif;
+	}
 
 #adminmenu a.current {
 	border-right: 0;
 	border-left: 2px solid #4f96c8;
-}
+	}
 
-#adminmenu li { line-height: 180%; }
+#submenu, #minisub {
+	padding: 1px 3em 0 2em;
+	}
 
-#submenu, #minisub { padding: 3px 3em 0 2em; }
+#submenu {
+	height: 28px;
+	}
+
+#submenu a {
+	margin: 0 0 0 10px;
+	display: block;
+	float: right;
+	line-height: 155%;
+	}
 
 #submenu .current {
 	border-right: 0;
 	border-left: 2px solid #045290;
-}
-
-#submenu a {
-	padding: .3em .4em .4em .4em;
-	margin: 0 0 0 10px;
-	display: block;
-	float: right;
-}
-
-#submenu li { line-height: 120%; }
+	}
 
 #currenttheme img {
 	float: right;
 	margin-right: auto;
 	margin-left: 1em;
-}
+	}
 
 #postdiv #quicktags {
 	padding-right: 0;
 	padding-left: 6px;
-}
+	}
 
 .readmore {
 	margin-right: auto;
 	margin-left: 5em;
-}
+	}
 
-* html #postexcerpt .dbx-toggle-open, * html #postexcerpt .dbx-toggle-open, #postexcerpt div, #attachmentlinks div {
+#postexcerpt div, #attachmentlinks div {
+	margin-right: auto;
+	margin-left: 8px;
+	}
+
+* html #postexcerpt .dbx-toggle-open {
 	padding-right: 0;
 	padding-left: 8px;
-}
+	}
 
 #searchform {
 	float: right;
 	margin-right: auto;
 	margin-left: 1em;
-}
+	}
 
 #poststuff {
 	margin-right: auto;
 	margin-left: 16em;
-}
+	}
 
 #template div {
 	margin-right: auto;
 	margin-left: 190px;
-}
+	}
 
 * html #template div {
 	margin-right: auto;
 	margin-left: 0px;
-}
+	}
 
 #user_info {
 	right: auto;
 	left: 1em;
-}
-
+	}
+	
 #zeitgeist {
 	float: left;
 	margin-left: auto;
 	margin-right: 1em;
-}
+	}
 
 #zeitgeist ul {
 	margin: 0 .6em .3em 0;
 	padding: 0 .6em 0 0;
-}
+	}
+
+.wrap ul {
+	margin-left: 500px;
+	}
 
 #categorydiv ul {
 	margin-left: auto;
 	margin-right: 10px;
-}
-
-#moremeta fieldset div { margin: 2px 0px 0 0; }
+	}
 
 #moremeta {
-	margin-right: auto;
+	margin-right: 0;
 	margin-left: 15px;
 	right: auto;
-	left: 5%;
-}
-
+	left: 6%;
+	}
+	
 #moremeta .dbx-content {
 	background: url(images/box-butt.gif) no-repeat bottom left;
-	padding-right: 0;
-	padding-left: 2px;
-}
+	padding-right: 10px;
+	padding-left: 0;
+	text-align: right;
+	}
+	
+#moremeta .dbx-handle {
+	background: #2685af url(images/box-head.gif) no-repeat left;
+	margin-top: -2px;
+	}
 
-#moremeta .dbx-handle { background: #2685af url(images/box-head.gif) no-repeat left; }
-
-#moremeta .dbx-box { background: url(images/box-bg.gif) repeat-y left; }
+#moremeta .dbx-box {
+	background: url(images/box-bg.gif) repeat-y left;
+	padding-bottom: 0;
+	}
 
 a.dbx-toggle, a.dbx-toggle:visited {
 	right: auto;
 	left: 2px;
-}
+	}
 
-#advancedstuff a.dbx-toggle, #advancedstuff a.dbx-toggle-open:visited {
-	right: auto;
-	left: 5px;
-}
-
-#advancedstuff a.dbx-toggle-open, #advancedstuff a.dbx-toggle-open:visited {
-	right: auto;
-	left: 5px;
-}
 
 #categorychecklist {
 	margin-right: auto;
 	margin-left: 6px;
-}
+	}
 
 #ajax-response.alignleft {
 	margin-left: auto;
 	margin-right: 2em;
-}
+	}
 
 #postdivrich #edButtons {
 	padding-left: 0;
 	padding-right: 3px;
-}
+	}
 
 .page-numbers {
 	margin-right: auto;
 	margin-left: 3px;
-}
+	}
+
+a.view-link {
+	right:auto;
+	left:5%;
+	margin-right:0;
+	margin-left:220px;
+	}
+#advancedstuff {
+	direction: ltr;
+	}
+#advancedstuff .dbx-handle {
+	text-align: right;
+	}
+#advancedstuff .dbx-content * {
+	direction: rtl;
+	}

wp-admin/setup-config.php

@@ -157,13 +157,13 @@ switch($step) {
 	foreach ($configFile as $line_num => $line) {
 		switch (substr($line,0,16)) {
 			case "define('DB_NAME'":
-				fwrite($handle, str_replace("wordpress", $dbname, $line));
+				fwrite($handle, str_replace("putyourdbnamehere", $dbname, $line));
 				break;
 			case "define('DB_USER'":
-				fwrite($handle, str_replace("'username'", "'$uname'", $line));
+				fwrite($handle, str_replace("'usernamehere'", "'$uname'", $line));
 				break;
 			case "define('DB_PASSW":
-				fwrite($handle, str_replace("'password'", "'$passwrd'", $line));
+				fwrite($handle, str_replace("'yourpasswordhere'", "'$passwrd'", $line));
 				break;
 			case "define('DB_HOST'":
 				fwrite($handle, str_replace("localhost", $dbhost, $line));

wp-admin/templates.php

@@ -52,7 +52,7 @@ default:
 	if ( ! current_user_can('edit_files') )
 		wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');
 
-	if ( strstr( $file, 'wp-config.php' ) )
+	if (strpos($file, 'wp-config.php') !== false)
 	wp_die('<p>'.__('The config file cannot be edited or viewed through the web interface. Sorry!').'</p>');
 
 	update_recently_edited($file);

wp-admin/themes.php

@@ -26,7 +26,7 @@ require_once('admin-header.php');
 <?php if ( ! validate_current_theme() ) : ?>
 <div id="message1" class="updated fade"><p><?php _e('The active theme is broken.  Reverting to the default theme.'); ?></p></div>
 <?php elseif ( isset($_GET['activated']) ) : ?>
-<div id="message2" class="updated fade"><p><?php printf(__('New theme activated. <a href="%s">View site &raquo;</a>'), get_bloginfo('home') . '/'); ?></p></div>
+<div id="message2" class="updated fade"><p><?php printf(__('New theme activated. <a href="%s">View site &raquo;</a>'), get_bloginfo('url') . '/'); ?></p></div>
 <?php endif; ?>
 
 <?php

wp-admin/upgrade-functions.php

@@ -21,7 +21,12 @@ function wp_install($blog_title, $user_name, $user_email, $public, $meta='') {
 	update_option('admin_email', $user_email);
 	update_option('blog_public', $public);
 	$schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
-	$guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+
+	if ( defined('WP_SITEURL') && '' != WP_SITEURL )
+		$guessurl = WP_SITEURL;
+	else
+		$guessurl = preg_replace('|/wp-admin/.*|i', '', $schema . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
+
 	update_option('siteurl', $guessurl);
 
 	// If not a public blog, don't ping.
@@ -170,6 +175,8 @@ function upgrade_all() {
 		upgrade_110();
 		upgrade_130();
 	}
+	
+	maybe_disable_automattic_widgets();
 
 	if ( $wp_current_db_version < 3308 )
 		upgrade_160();
@@ -652,7 +659,15 @@ function get_alloptions_110() {
 // Version of get_option that is private to install/upgrade.
 function __get_option($setting) {
 	global $wpdb;
-
+	
+	if ( $setting == 'home' && defined( 'WP_HOME' ) ) {
+		return preg_replace( '|/+$|', '', constant( 'WP_HOME' ) );
+	}
+	
+	if ( $setting == 'siteurl' && defined( 'WP_SITEURL' ) ) {
+		return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
+	}
+	
 	$option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
 
 	if ( 'home' == $setting && '' == $option )
@@ -922,7 +937,7 @@ function make_site_theme_from_oldschool($theme_name, $template) {
 
 		if ($oldfile == 'index.php') { // Check to make sure it's not a new index
 			$index = implode('', file("$oldpath/$oldfile"));
-			if ( strstr( $index, 'WP_USE_THEMES' ) ) {
+			if (strpos($index, 'WP_USE_THEMES') !== false) {
 				if (! @copy(ABSPATH . 'wp-content/themes/default/index.php', "$site_dir/$newfile"))
 					return false;
 				continue; // Don't copy anything
@@ -994,12 +1009,12 @@ function make_site_theme_from_default($theme_name, $template) {
 		$f = fopen("$site_dir/style.css", 'w');
 
 		foreach ($stylelines as $line) {
-			if (strstr($line, "Theme Name:")) $line = "Theme Name: $theme_name";
-			elseif (strstr($line, "Theme URI:")) $line = "Theme URI: " . __get_option('siteurl');
-			elseif (strstr($line, "Description:")) $line = "Description: Your theme";
-			elseif (strstr($line, "Version:")) $line = "Version: 1";
-			elseif (strstr($line, "Author:")) $line = "Author: You";
-			fwrite($f, "{$line}\n");
+			if (strpos($line, 'Theme Name:') !== false) $line = 'Theme Name: ' . $theme_name;
+			elseif (strpos($line, 'Theme URI:') !== false) $line = 'Theme URI: ' . __get_option('url');
+			elseif (strpos($line, 'Description:') !== false) $line = 'Description: Your theme.';
+			elseif (strpos($line, 'Version:') !== false) $line = 'Version: 1';
+			elseif (strpos($line, 'Author:') !== false) $line = 'Author: You';
+			fwrite($f, $line . "\n");
 		}
 		fclose($f);
 	}
@@ -1094,4 +1109,16 @@ function wp_check_mysql_version() {
 		die(sprintf(__('<strong>ERROR</strong>: WordPress %s requires MySQL 4.0.0 or higher'), $wp_version));
 }
 
-?>
+function maybe_disable_automattic_widgets() {
+	$plugins = __get_option( 'active_plugins' );
+	
+	foreach ( (array) $plugins as $plugin ) {
+		if ( basename( $plugin ) == 'widgets.php' ) {
+			array_splice( $plugins, array_search( $plugin, $plugins ), 1 );
+			update_option( 'active_plugins', $plugins );
+			break;
+		}
+	}
+}
+
+?>

wp-admin/upgrade-schema.php

@@ -1,6 +1,15 @@
 <?php
 // Here we keep the DB structure and option values
 
+$charset_collate = '';
+
+if ( version_compare(mysql_get_server_info(), '4.1.0', '>=') ) {
+	if ( ! empty($wpdb->charset) )
+		$charset_collate = "DEFAULT CHARACTER SET $wpdb->charset";
+	if ( ! empty($wpdb->collate) )
+		$charset_collate .= " COLLATE $wpdb->collate";
+}
+
 $wp_queries="CREATE TABLE $wpdb->categories (
   cat_ID bigint(20) NOT NULL auto_increment,
   cat_name varchar(55) NOT NULL default '',
@@ -13,7 +22,7 @@ $wp_queries="CREATE TABLE $wpdb->categories (
   links_private tinyint(1) NOT NULL default '0',
   PRIMARY KEY  (cat_ID),
   KEY category_nicename (category_nicename)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->comments (
   comment_ID bigint(20) unsigned NOT NULL auto_increment,
   comment_post_ID int(11) NOT NULL default '0',
@@ -33,14 +42,14 @@ CREATE TABLE $wpdb->comments (
   PRIMARY KEY  (comment_ID),
   KEY comment_approved (comment_approved),
   KEY comment_post_ID (comment_post_ID)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->link2cat (
   rel_id bigint(20) NOT NULL auto_increment,
   link_id bigint(20) NOT NULL default '0',
   category_id bigint(20) NOT NULL default '0',
   PRIMARY KEY  (rel_id),
   KEY link_id (link_id,category_id)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->links (
   link_id bigint(20) NOT NULL auto_increment,
   link_url varchar(255) NOT NULL default '',
@@ -59,7 +68,7 @@ CREATE TABLE $wpdb->links (
   PRIMARY KEY  (link_id),
   KEY link_category (link_category),
   KEY link_visible (link_visible)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->options (
   option_id bigint(20) NOT NULL auto_increment,
   blog_id int(11) NOT NULL default '0',
@@ -74,14 +83,14 @@ CREATE TABLE $wpdb->options (
   autoload enum('yes','no') NOT NULL default 'yes',
   PRIMARY KEY  (option_id,blog_id,option_name),
   KEY option_name (option_name)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->post2cat (
   rel_id bigint(20) NOT NULL auto_increment,
   post_id bigint(20) NOT NULL default '0',
   category_id bigint(20) NOT NULL default '0',
   PRIMARY KEY  (rel_id),
   KEY post_id (post_id,category_id)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->postmeta (
   meta_id bigint(20) NOT NULL auto_increment,
   post_id bigint(20) NOT NULL default '0',
@@ -90,7 +99,7 @@ CREATE TABLE $wpdb->postmeta (
   PRIMARY KEY  (meta_id),
   KEY post_id (post_id),
   KEY meta_key (meta_key)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->posts (
   ID bigint(20) unsigned NOT NULL auto_increment,
   post_author bigint(20) NOT NULL default '0',
@@ -119,7 +128,7 @@ CREATE TABLE $wpdb->posts (
   PRIMARY KEY  (ID),
   KEY post_name (post_name),
   KEY type_status_date (post_type,post_status,post_date,ID)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->users (
   ID bigint(20) unsigned NOT NULL auto_increment,
   user_login varchar(60) NOT NULL default '',
@@ -133,7 +142,7 @@ CREATE TABLE $wpdb->users (
   display_name varchar(250) NOT NULL default '',
   PRIMARY KEY  (ID),
   KEY user_login_key (user_login)
-);
+) $charset_collate;
 CREATE TABLE $wpdb->usermeta (
   umeta_id bigint(20) NOT NULL auto_increment,
   user_id bigint(20) NOT NULL default '0',
@@ -142,7 +151,7 @@ CREATE TABLE $wpdb->usermeta (
   PRIMARY KEY  (umeta_id),
   KEY user_id (user_id),
   KEY meta_key (meta_key)
-);";
+) $charset_collate;";
 
 function populate_options() {
 	global $wpdb, $wp_db_version;
@@ -380,4 +389,4 @@ function populate_roles_210() {
 	}
 }
 
-?>
+?>

wp-admin/upgrade.php

@@ -8,7 +8,7 @@ timer_start();
 require_once(ABSPATH . '/wp-admin/upgrade-functions.php');
 
 if (isset($_GET['step']))
-	$step = $_GET['step'];
+	$step = (int) $_GET['step'];
 else
 	$step = 0;
 @header('Content-type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
@@ -25,12 +25,21 @@ else
 </head>
 <body>
 <h1 id="logo"><img alt="WordPress" src="images/wordpress-logo.png" /></h1>
-<?php
-switch($step) {
+
+<?php if ( get_option('db_version') == $wp_db_version ) : ?>
+
+<h2><?php _e('No Upgrade Required'); ?></h2>
+<p><?php _e('Your WordPress database is already up-to-date!'); ?></p>
+<h2 class="step"><a href="<?php echo get_option('home'); ?>/"><?php _e('Continue &raquo;'); ?></a></h2>
+
+<?php else :
+switch($step) :
 	case 0:
 		$goback = clean_url(stripslashes(wp_get_referer()));
-?> 
-<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p> 
+?>
+<h2><?php _e('Database Upgrade Required'); ?></h2>
+<p><?php _e('Your WordPress database is out-of-date, and must be upgraded before you can continue.'); ?></p>
+<p><?php _e('The upgrade process may take a while, so please be patient.'); ?></p> 
 <h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
 <?php
 		break;
@@ -38,12 +47,13 @@ switch($step) {
 		wp_upgrade();
 
 		if ( empty( $_GET['backto'] ) )
-			$backto = __get_option('home');
+			$backto = __get_option('home') . '/';
 		else
 			$backto = clean_url(stripslashes($_GET['backto']));
 ?> 
-<h2><?php _e('Step 1'); ?></h2> 
-	<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"),  $backto); ?></p>
+<h2><?php _e('Upgrade Complete'); ?></h2>
+	<p><?php _e('Your WordPress database has been successfully upgraded!'); ?></p>
+	<h2 class="step"><a href="<?php echo $backto; ?>"><?php _e('Continue &raquo;'); ?></a></h2>
 
 <!--
 <pre>
@@ -55,7 +65,8 @@ switch($step) {
 
 <?php
 		break;
-}
+endswitch;
+endif;
 ?>
 </body>
 </html>

wp-admin/upload-functions.php

@@ -13,13 +13,13 @@ function wp_upload_display( $dims = false, $href = '' ) {
 	}
 	if ( isset($attachment_data['width']) )
 		list($width,$height) = wp_shrink_dimensions($attachment_data['width'], $attachment_data['height'], 171, 128);
-		
+
 	ob_start();
 		the_title();
 		$post_title = attribute_escape(ob_get_contents());
 	ob_end_clean();
-	$post_content = apply_filters( 'content_edit_pre', $post->post_content );
-	
+	$post_content = attribute_escape(apply_filters( 'content_edit_pre', $post->post_content ));
+
 	$class = 'text';
 	$innerHTML = get_attachment_innerHTML( $id, false, $dims );
 	if ( $image_src = get_attachment_icon_src() ) {
@@ -35,7 +35,7 @@ function wp_upload_display( $dims = false, $href = '' ) {
 	$r = '';
 
 	if ( $href )
-		$r .= "<a id='file-link-$id' href='" . clean_url($href) ."' title='$post_title' class='file-link $class'>\n";
+		$r .= "<a id='file-link-$id' href='$href' title='$post_title' class='file-link $class'>\n";
 	if ( $href || $image_src )
 		$r .= "\t\t\t$innerHTML";
 	if ( $href )
@@ -105,8 +105,9 @@ function wp_upload_form() {
 	$id = get_the_ID();
 	global $post_id, $tab, $style;
 	$enctype = $id ? '' : ' enctype="multipart/form-data"';
+	$post_id = (int) $post_id;
 ?>
-	<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
+	<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option('siteurl') . '/wp-admin/upload.php?style=' . attribute_escape($style . '&amp;tab=upload&amp;post_id=' . $post_id); ?>">
 <?php
 	if ( $id ) :
 		$attachment = get_post_to_edit( $id );
@@ -201,7 +202,7 @@ function wp_upload_tab_upload_action() {
 
 		if ( !current_user_can( 'upload_files' ) )
 			wp_die( __('You are not allowed to upload files.')
-				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=browse-all&amp;post_id=$post_id'>"
+				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=browse-all&amp;post_id=$post_id") . "'>"
 				. __('Browse Files') . '</a>'
 			);
 
@@ -211,7 +212,7 @@ function wp_upload_tab_upload_action() {
 
 		if ( isset($file['error']) )
 			wp_die($file['error'] . "<br /><a href='" . get_option('siteurl')
-			. "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>" . __('Back to Image Uploading') . '</a>'
+			. "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>" . __('Back to Image Uploading') . '</a>'
 		);
 
 		$url = $file['url'];
@@ -258,7 +259,7 @@ function wp_upload_tab_upload_action() {
 
 		if ( !current_user_can('edit_post', (int) $ID) )
 			wp_die( __('You are not allowed to delete this attachment.')
-				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=$style&amp;tab=$from_tab&amp;post_id=$post_id'>"
+				. " <a href='" . get_option('siteurl') . "/wp-admin/upload.php?style=" . attribute_escape($style . "&amp;tab=$from_tab&amp;post_id=$post_id") . "'>"
 				. __('Go back') . '</a>'
 			);
 
@@ -285,7 +286,7 @@ function wp_upload_posts_where( $where ) {
 function wp_upload_tab_browse() {
 	global $wpdb, $action, $paged;
 	$old_vars = compact( 'paged' );
-	
+
 	switch ( $action ) :
 	case 'edit' :
 	case 'view' :
@@ -355,3 +356,5 @@ function wp_upload_admin_head() {
 		echo "</style>";
 	}
 }
+
+?>

wp-admin/upload.css

@@ -44,6 +44,7 @@ body > #upload-menu { border-bottom: 7px solid #fff; }
 }
 
 #upload-menu li #current-tab-nav {
+	background: #f9fcfe;
 	float: left;
 	padding: 5px 5px 0 0;
 	margin-left: -5px;

wp-admin/upload.js

@@ -1,4 +1,3 @@
-<?php require_once('admin.php'); cache_javascript_headers(); ?>
 addLoadEvent( function() {
 	theFileList = {
 		currentImage: {ID: 0},
@@ -69,22 +68,23 @@ addLoadEvent( function() {
 				var params = $H(this.params);
 				params.ID = '';
 				params.action = '';
-				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "' title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')); ?></a>";
+				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'";
 			} else {
-				h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')) ?></a>";
+				h += "<a href='#' onclick='return theFileList.cancelView();'";
 			}
+			h += " title='" + this.browseTitle + "' class='back'>" + this.back + "</a>";
 			h += "<div id='file-title'>"
 			if ( 0 == this.currentImage.isImage )
-				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
+				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='" + this.directTitle + "'>" + this.currentImage.title + "</a></h2>";
 			else
 				h += "<h2>" + this.currentImage.title + "</h2>";
 			h += " &#8212; <span>";
-			h += "<a href='#' onclick='return theFileList.editView(" + id + ");'><?php echo attribute_escape(__('Edit')); ?></a>"
+			h += "<a href='#' onclick='return theFileList.editView(" + id + ");'>" + this.edit + "</a>"
 			h += "</span>";
 			h += '</div>'
 			h += "<div id='upload-file-view' class='alignleft'>";
 			if ( 1 == this.currentImage.isImage ) {
-				h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>";
+				h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='" + this.directTitle + "'>";
 				h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />";
 				h += "</a>";
 			} else
@@ -98,28 +98,28 @@ addLoadEvent( function() {
 			if ( 1 == this.currentImage.isImage ) {
 				checked = 'display-full';
 				if ( this.currentImage.thumb ) {
-					display.push("<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' /> <?php echo attribute_escape(__('Thumbnail')); ?></label><br />");
+					display.push("<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' /> " + this.thumb + "</label><br />");
 					checked = 'display-thumb';
 				}
-				display.push("<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> <?php echo attribute_escape(__('Full size')); ?></label>");
+				display.push("<label for='display-full'><input type='radio' name='display' id='display-full' value='full' /> " + this.full + "</label>");
 			} else if ( this.currentImage.thumb ) {
-				display.push("<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' /> <?php echo attribute_escape(__('Icon')); ?></label>");
+				display.push("<label for='display-thumb'><input type='radio' name='display' id='display-thumb' value='thumb' /> " + this.icon + "</label>");
 			}
 			if ( display.length ) {
-				display.push("<br /><label for='display-title'><input type='radio' name='display' id='display-title' value='title' /> <?php echo attribute_escape(__('Title')); ?></label>");
-				h += "<tr><th style='padding-bottom:.5em'><?php echo attribute_escape(__('Show:')); ?></th><td style='padding-bottom:.5em'>";
+				display.push("<br /><label for='display-title'><input type='radio' name='display' id='display-title' value='title' /> " + this.title + "</label>");
+				h += "<tr><th style='padding-bottom:.5em'>" + this.show + "</th><td style='padding-bottom:.5em'>";
 				$A(display).each( function(i) { h += i; } );
 				h += "</td></tr>";
 			}
 
-			h += "<tr><th><?php echo attribute_escape(__('Link to:')); ?></th><td>";
-			h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> <?php echo attribute_escape(__('File')); ?></label><br />";
-			h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> <?php echo attribute_escape(__('Page')); ?></label><br />";
-			h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> <?php echo attribute_escape(__('None')); ?></label>";
+			h += "<tr><th>" + this.link + "</th><td>";
+			h += "<label for='link-file'><input type='radio' name='link' id='link-file' value='file' checked='checked'/> " + this.file + "</label><br />";
+			h += "<label for='link-page'><input type='radio' name='link' id='link-page' value='page' /> " + this.page + "</label><br />";
+			h += "<label for='link-none'><input type='radio' name='link' id='link-none' value='none' /> " + this.none + "</label>";
 			h += "</td></tr>";
 
 			h += "<tr><td colspan='2'><p class='submit'>";
-			h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='<?php echo attribute_escape(__('Send to editor &raquo;')); ?>' />";
+			h += "<input type='button' class='button' name='send' onclick='theFileList.sendToEditor(" + id + ")' value='" + this.editorText + "' />";
 			h += "</p></td></tr></table>";
 			h += "</form>";
 
@@ -147,22 +147,23 @@ addLoadEvent( function() {
 				var params = $H(this.params);
 				params.ID = '';
 				params.action = '';
-				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'  title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')); ?></a>";
+				h += "<a href='" + this.urlData[0] + '?' + params.toQueryString() + "'";
 			} else {
-				h += "<a href='#' onclick='return theFileList.cancelView();'  title='<?php echo attribute_escape(__('Browse your files')); ?>' class='back'><?php echo attribute_escape(__('&laquo; Back')); ?></a>";
+				h += "<a href='#' onclick='return theFileList.cancelView();'";
 			}
+			h += " title='" + this.browseTitle + "' class='back'>" + this.back + "</a>";
 			h += "<div id='file-title'>"
 			if ( 0 == this.currentImage.isImage )
-				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo attribute_escape(__('Direct link to file')); ?>'>" + this.currentImage.title + "</a></h2>";
+				h += "<h2><a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='" + this.directTitle + "'>" + this.currentImage.title + "</a></h2>";
 			else
 				h += "<h2>" + this.currentImage.title + "</h2>";
 			h += " &#8212; <span>";
-			h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'><?php echo attribute_escape(__('Insert')); ?></a>"
+			h += "<a href='#' onclick='return theFileList.imageView(" + id + ");'>" + this.insert + "</a>";
 			h += "</span>";
 			h += '</div>'
 			h += "<div id='upload-file-view' class='alignleft'>";
 			if ( 1 == this.currentImage.isImage ) {
-				h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='<?php echo wp_specialchars(__('Direct link to file')); ?>'>";
+				h += "<a href='" + this.currentImage.srcBase + this.currentImage.src + "' onclick='return false;' title='" + this.directTitle + "'>";
 				h += "<img src='" + ( this.currentImage.thumb ? this.currentImage.thumb : this.currentImage.src ) + "' alt='" + this.currentImage.title + "' width='" + this.currentImage.width + "' height='" + this.currentImage.height + "' />";
 				h += "</a>";
 			} else
@@ -170,26 +171,26 @@ addLoadEvent( function() {
 			h += "</div>";
 
 
-			h += "<table><col /><col class='widefat' /><tr>"
-			h += "<th scope='row'><label for='url'><?php echo attribute_escape(__('URL')); ?></label></th>";
+			h += "<table><col /><col class='widefat' /><tr>";
+			h += "<th scope='row'><label for='url'>" + this.urlText + "</label></th>";
 			h += "<td><input type='text' id='url' class='readonly' value='" + this.currentImage.srcBase + this.currentImage.src + "' readonly='readonly' /></td>";
 			h += "</tr><tr>";
-			h += "<th scope='row'><label for='post_title'><?php echo attribute_escape(__('Title')); ?></label></th>";
+			h += "<th scope='row'><label for='post_title'>" + this.title + "</label></th>";
 			h += "<td><input type='text' id='post_title' name='post_title' value='" + this.currentImage.title + "' /></td>";
 			h += "</tr><tr>";
-			h += "<th scope='row'><label for='post_content'><?php echo attribute_escape(__('Description')); ?></label></th>";
+			h += "<th scope='row'><label for='post_content'>" + this.desc + "</label></th>";
 			h += "<td><textarea name='post_content' id='post_content'>" + this.currentImage.description + "</textarea></td>";
-			h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='<?php echo attribute_escape(__('Delete File')); ?>' onclick='theFileList.deleteFile(" + id + ");' />";
+			h += "</tr><tr id='buttons' class='submit'><td colspan='2'><input type='button' id='delete' name='delete' class='delete alignleft' value='" + this.deleteText + "' onclick='theFileList.deleteFile(" + id + ");' />";
 			h += "<input type='hidden' name='from_tab' value='" + this.tab + "' />";
 			h += "<input type='hidden' name='action' id='action-value' value='save' />";
 			h += "<input type='hidden' name='ID' value='" + id + "' />";
 			h += "<input type='hidden' name='_wpnonce' value='" + this.nonce + "' />";
-			h += "<div class='submit'><input type='submit' value='<?php echo attribute_escape(__('Save &raquo;')); ?>' /></div>";
+			h += "<div class='submit'><input type='submit' value='" + this.saveText + "' /></div>";
 			h += "</td></tr></table></form>";
 
 			new Insertion.Top('upload-content', h);
 			if (e) Event.stop(e);
-			return false;		
+			return false;
 		},
 
 		prepView: function(id) {
@@ -257,15 +258,16 @@ addLoadEvent( function() {
 		},
 
 		deleteFile: function(id) {
-			if ( confirm("<?php printf(js_escape(__("Are you sure you want to delete the file '%s'?\nClick ok to delete or cancel to go back.")), '" + this.currentImage.title + "'); ?>") ) {
+			if ( confirm( this.confirmText.replace(/%title%/g, this.currentImage.title) ) ) {
 				$('action-value').value = 'delete';
 				$('upload-file').submit();
 				return true;
 			}
 			return false;
 		}
-			
+
 	};
+	Object.extend( theFileList, uploadL10n );
 	theFileList.initializeVars();
 	theFileList.initializeLinks();
 } );

wp-admin/upload.php

@@ -89,7 +89,7 @@ echo "<ul id='upload-menu'>\n";
 foreach ( $wp_upload_tabs as $t => $tab_array ) { // We've already done the current_user_can check
 	$href = add_query_arg( array('tab' => $t, 'ID' => '', 'action' => '', 'paged' => '') );
 	if ( isset($tab_array[4]) && is_array($tab_array[4]) )
-		add_query_arg( $tab_array[4], $href );
+		$href = add_query_arg( $tab_array[4], $href );
 	$_href = clean_url( $href);
 	$page_links = '';
 	$class = 'upload-tab alignleft';

wp-admin/user-edit.php

@@ -55,7 +55,7 @@ include ('admin-header.php');
 <div id="message" class="updated fade">
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php if ( $wp_http_referer ) : ?>
-	<p><a href="<?php echo clean_url($wp_http_referer); ?>"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
+	<p><a href="users.php"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
@@ -76,13 +76,17 @@ include ('admin-header.php');
 <form name="profile" id="your-profile" action="user-edit.php" method="post">
 <?php wp_nonce_field('update-user_' . $user_id) ?>
 <?php if ( $wp_http_referer ) : ?>
-	<input type="hidden" name="wp_http_referer" value="<?php echo wp_specialchars($wp_http_referer); ?>" />
+	<input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
 <?php endif; ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
 </p>
 
+<p><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="true" <?php checked('true', $profileuser->rich_editing); ?> /> <?php _e('Use the visual editor when writing'); ?></label></p>
+
+<p class="submit"><input type="submit" value="<?php _e('Update User &raquo;'); ?>" name="submit" /></p>
+
 <fieldset>
 <legend><?php _e('Name'); ?></legend>
 <p><label><?php _e('Username: (no editing)'); ?><br />

wp-admin/users.php

@@ -85,8 +85,8 @@ class WP_User_Search {
 			$this->paging_text = paginate_links( array(
 				'total' => ceil($this->total_users_for_query / $this->users_per_page),
 				'current' => $this->page,
-				'prev_text' => '« Previous Page',
-				'next_text' => 'Next Page »',
+				'prev_text' => __('« Previous Page'),
+				'next_text' => __('Next Page »'),
 				'base' => 'users.php?%_%',
 				'format' => 'userspage=%#%',
 				'add_args' => array( 'usersearch' => urlencode($this->search_term) )
@@ -338,7 +338,7 @@ default:
 	<?php endif; ?>
 
 	<form action="" method="get" name="search" id="search">
-		<p><input type="text" name="usersearch" id="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search 	users &raquo;'); ?>" class="button" /></p>
+		<p><input type="text" name="usersearch" id="usersearch" value="<?php echo attribute_escape($wp_user_search->search_term); ?>" /> <input type="submit" value="<?php _e('Search Users &raquo;'); ?>" class="button" /></p>
 	</form>
 
 	<?php if ( is_wp_error( $wp_user_search->search_errors ) ) : ?>
@@ -381,7 +381,7 @@ foreach($roleclasses as $role => $roleclass) {
 <?php if ( !empty($role) ) : ?>
 	<th colspan="7"><h3><?php echo $wp_roles->role_names[$role]; ?></h3></th>
 <?php else : ?>
-	<th colspan="7"><h3><em><?php _e('No role for this blog'); ?></h3></th>
+	<th colspan="7"><h3><em><?php _e('No role for this blog'); ?></em></h3></th>
 <?php endif; ?>
 </tr>
 <tr class="thead">
@@ -450,7 +450,12 @@ foreach ( (array) $roleclass as $user_object ) {
 
 <div class="narrow">
 
-<?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_option('siteurl').'/wp-register.php').'</p>'; ?>
+<?php 
+	if ( get_option('users_can_register') ) 
+		echo '<p>' . sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_option('siteurl').'/wp-register.php') . '</p>'; 
+	else 
+        echo '<p>' . sprintf(__('Users cannot currently <a href="%1$s">register themselves</a>, but you can manually create users here.'), get_option('siteurl').'/wp-admin/options-general.php#users_can_register') . '</p>'; 
+?>
 <form action="#add-new-user" method="post" name="adduser" id="adduser">
 <?php wp_nonce_field('add-user') ?>
 <table class="editform" width="100%" cellspacing="2" cellpadding="5">

wp-admin/widgets-rtl.css

@@ -0,0 +1,40 @@
+#sbreset, #lastmodule, #palettediv .module, .dropzone, .dropzone ul { float: right; }
+
+* .module, #lastmodule { text-align: right; }
+
+* html #palettediv ul { padding: 0 10px 0 0; }
+
+#palettediv ul { padding: 0 10px 0 0;
+ margin-left: 1px!important;}
+
+* .handle, #lastmodule span {
+	border-right: 1px solid #f2f2f2;
+	border-left: 1px solid #e8e8e8;
+}
+
+#sbadmin p.submit {
+	padding-right: 0;
+	padding-left: 10px;
+	clear: right;
+}
+
+#palettediv .module, #lastmodule, .dropzone {
+	margin-right: auto;
+	margin-left: 10px;
+}
+
+* .popper {
+	right: auto;
+	left: 3px;
+	background-position: 5px 0;
+}
+
+.controlcloser {
+	right: auto;
+	left: 8px;
+}
+
+#shadow {
+	left: auto;
+	right: 0px;
+}

wp-admin/widgets.css

@@ -0,0 +1,214 @@
+body {
+	height: 100%;
+}
+
+#sbadmin #zones {
+	-moz-user-select: none;
+	-khtml-user-select: none;
+	user-select: none;
+}
+
+#sbreset {
+	float: left;
+	margin: 1px 0;
+}
+
+.dropzone {
+	float: left;
+	margin-right: 10px;
+	padding: 5px;
+	border: 1px solid #bbb;
+	background-color: #f0f8ff;
+}
+
+.dropzone h3 {
+	text-align: center;
+	color: #333;
+}
+
+.dropzone ul {
+	list-style-type: none;
+	width: 240px;
+	float: left;
+	margin: 0;
+	padding: 0;
+}
+
+* .module, #lastmodule {
+	width: 238px;
+	padding: 0;
+	margin: 5px 0;
+	cursor: move;
+	display: block;
+	border: 1px solid #ccc;
+	background-color: #fbfbfb;
+	text-align: left;
+	line-height: 25px;
+}
+
+* .handle, #lastmodule span {
+	display: block;
+	width: 216px;
+	padding: 0 10px;
+	border-top: 1px solid #f2f2f2;
+	border-right: 1px solid #e8e8e8;
+	border-bottom: 1px solid #e8e8e8;
+	border-left: 1px solid #f2f2f2;
+}
+
+* .popper {
+	margin: 0;
+	display: inline;
+	position: absolute;
+	top: 3px;
+	right: 3px;
+	overflow: hidden;
+	text-align: center;
+	height: 16px;
+	font-size: 18px;
+	line-height: 14px;
+	cursor: pointer;
+	padding: 0 3px 1px;
+	border-top: 4px solid #6da6d1;
+	background: url( images/fade-butt.png ) -5px 0px;
+}
+
+* html .popper {
+	padding: 1px 6px 0;
+	font-size: 16px;
+}
+
+#sbadmin p.submit {
+	padding-right: 10px;
+	clear: left;
+}
+
+.placematt {
+	cursor: default;
+	margin: 10px 0 0;
+	padding: 0;
+	width: 238px;
+	float:left;
+	background-color: #ffe;
+}
+
+* html .placematt {
+	margin-top: 5px;
+}
+
+.placematt h4 {
+	text-align: center;
+	margin-bottom: 5px;
+}
+
+.placematt span {
+	padding: 0 10px 10px;
+	text-align: justify;
+}
+
+
+#palettediv {
+	border: 1px solid #bbb;
+	background-color: #f0f8ff;
+	height:auto;
+	margin-top: 10px;
+}
+
+#palettediv h3 {
+	text-align: center;
+	color: #333;
+}
+
+#palettediv ul {
+	padding: 0 0 0 10px;
+}
+
+#palettediv .module, #lastmodule {
+	margin-right: 10px;
+	float: left;
+	width: 120px;
+}
+
+#palettediv .handle, #lastmodule span {
+	height: 40px;
+	font-size: 90%;
+	width: 110px;
+	padding: 0 5px;
+}
+
+#palettediv .popper {
+	visibility: hidden;
+}
+
+#lastmodule {
+	visibility: hidden;
+}
+
+* html #palettediv ul {
+	margin: 0;
+	padding: 0 0 0 10px;
+}
+
+* html #palettediv .module {
+	float: none;
+	display: inline;
+}
+
+#controls {
+	height: 0px;
+}
+
+.control {
+	position: absolute;
+	display: block;
+	background: #f9fcfe;
+	padding: 0;
+}
+
+.controlhandle {
+	cursor: move;
+	background-color: #6da6d1;
+	border-bottom: 2px solid #448abd;
+	color: #333;
+	display: block;
+	margin: 0 0 5px;
+	padding: 4px;
+	font-size: 120%;
+}
+
+.controlcloser {
+	cursor: pointer;
+	font-size: 120%;
+	display: block;
+	position: absolute;
+	top: 2px;
+	right: 8px;
+	padding: 0 3px;
+	font-weight: bold;
+}
+
+.controlform {
+	margin: 20px 30px;
+}
+
+.controlform p {
+	text-align: center;
+}
+
+.control .checkbox {
+	border: none;
+	background: transparent;
+}
+
+.hidden {
+	display: none;
+}
+
+#shadow {
+	background: black;
+	display: none;
+	position: absolute;
+	top: 0px;
+	left: 0px;
+	width: 100%;
+}

wp-admin/widgets.php

@@ -0,0 +1,392 @@
+<?php
+
+require_once 'admin.php';
+
+if ( ! current_user_can('switch_themes') )
+	wp_die( __( 'Cheatin&#8217; uh?' ));
+
+wp_enqueue_script( 'scriptaculous-effects' );
+wp_enqueue_script( 'scriptaculous-dragdrop' );
+
+function wp_widgets_admin_head() {
+	global $wp_registered_sidebars, $wp_registered_widgets, $wp_registered_widget_controls;
+	
+	define( 'WP_WIDGETS_WIDTH', 1 + 262 * ( count( $wp_registered_sidebars ) ) );
+	define( 'WP_WIDGETS_HEIGHT', 35 * ( count( $wp_registered_widgets ) ) );
+?>
+	<link rel="stylesheet" href="widgets.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+	<!--[if IE 7]>
+	<style type="text/css">
+	#palette {float:left;}
+	</style>
+	<![endif]-->
+	<style type="text/css">
+		.dropzone ul { height: <?php echo constant( 'WP_WIDGETS_HEIGHT' ); ?>px; }
+		#sbadmin #zones { width: <?php echo constant( 'WP_WIDGETS_WIDTH' ); ?>px; }
+	</style>
+<?php
+	if ( get_bloginfo( 'text_direction' ) == 'rtl' ) { 
+?>
+	<link rel="stylesheet" href="widgets-rtl.css?version=<?php bloginfo('version'); ?>" type="text/css" />
+<?php
+	}
+	
+	$cols = array();
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		$cols[] = '\'' . $index . '\'';
+	}
+	$cols = implode( ', ', $cols );
+	
+	$widgets = array();
+	foreach ( $wp_registered_widgets as $name => $widget ) {
+		$widgets[] = '\'' . $widget['id'] . '\'';
+	}
+	$widgets = implode( ', ', $widgets );
+?>
+<script type="text/javascript">
+// <![CDATA[
+	var cols = [<?php echo $cols; ?>];
+	var widgets = [<?php echo $widgets; ?>];
+	var controldims = new Array;
+	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
+		controldims['<?php echo $widget['id']; ?>control'] = new Array;
+		controldims['<?php echo $widget['id']; ?>control']['width'] = <?php echo (int) $widget['width']; ?>;
+		controldims['<?php echo $widget['id']; ?>control']['height'] = <?php echo (int) $widget['height']; ?>;
+	<?php endforeach; ?>
+	function initWidgets() {
+	<?php foreach ( $wp_registered_widget_controls as $name => $widget ) : ?>
+		$('<?php echo $widget['id']; ?>popper').onclick = function() {popControl('<?php echo $widget['id']; ?>control');};
+		$('<?php echo $widget['id']; ?>closer').onclick = function() {unpopControl('<?php echo $widget['id']; ?>control');};
+		new Draggable('<?php echo $widget['id']; ?>control', {revert:false,handle:'controlhandle',starteffect:function(){},endeffect:function(){},change:function(o){dragChange(o);}});
+		if ( true && window.opera )
+			$('<?php echo $widget['id']; ?>control').style.border = '1px solid #bbb';
+	<?php endforeach; ?>
+		if ( true && window.opera )
+			$('shadow').style.background = 'transparent';
+		new Effect.Opacity('shadow', {to:0.0});
+		widgets.map(function(o) {o='widgetprefix-'+o; Position.absolutize(o); Position.relativize(o);} );
+		$A(Draggables.drags).map(function(o) {o.startDrag(null); o.finishDrag(null);});
+		//for ( var n in Draggables.drags ) {
+		for ( n=0; n<=Draggables.drags.length; n++ ) {
+			if ( parseInt( n ) ) {
+				if ( Draggables.drags[n].element.id == 'lastmodule' ) {
+					Draggables.drags[n].destroy();
+					break;
+				}
+			}
+		}
+		resetPaletteHeight();
+	}
+	function resetDroppableHeights() {
+		var max = 6;
+		cols.map(function(o) {var c = $(o).childNodes.length; if ( c > max ) max = c;} );
+		var height = 35 * ( max + 1);
+		cols.map(function(o) {h = (($(o).childNodes.length + 1) * 35); $(o).style.height = (h > 280 ? h : 280) + 'px';} );
+	}
+	function resetPaletteHeight() {
+		var p = $('palette'), pd = $('palettediv'), last = $('lastmodule');
+		p.appendChild(last);
+		if ( Draggables.activeDraggable && last.id == Draggables.activeDraggable.element.id )
+			last = last.previousSibling;
+		var y1 = Position.cumulativeOffset(last)[1] + last.offsetHeight;
+		var y2 = Position.cumulativeOffset(pd)[1] + pd.offsetHeight;
+		var dy = y1 - y2;
+		pd.style.height = (pd.offsetHeight + dy + 9) + "px";
+	}
+	function maxHeight(elm) {
+		htmlheight = document.body.parentNode.clientHeight;
+		bodyheight = document.body.clientHeight;
+		var height = htmlheight > bodyheight ? htmlheight : bodyheight;
+		$(elm).style.height = height + 'px';
+	}
+	function dragChange(o) {
+		el = o.element ? o.element : $(o);
+		var p = Position.page(el);
+		var right = p[0];
+		var top = p[1];
+		var left = $('shadow').offsetWidth - (el.offsetWidth + right);
+		var bottom = $('shadow').offsetHeight - (el.offsetHeight + top);
+		if ( right < 1 ) el.style.left = 0;
+		if ( top < 1 ) el.style.top = 0;
+		if ( left < 1 ) el.style.left = (left + right) + 'px';
+		if ( bottom < 1 ) el.style.top = (top + bottom) + 'px';
+	}
+	function popControl(elm) {
+		el = $(elm);
+		el.style.width = controldims[elm]['width'] + 'px';
+		el.style.height = controldims[elm]['height'] + 'px';
+		var x = ( document.body.clientWidth - controldims[elm]['width'] ) / 2;
+		var y = ( document.body.parentNode.clientHeight - controldims[elm]['height'] ) / 2;
+		el.style.position = 'absolute';
+		el.style.right = '' + x + 'px';
+		el.style.top = '' + y + 'px';
+		el.style.zIndex = 1000;
+		el.className='control';
+		$('shadow').onclick = function() {unpopControl(elm);};
+	    window.onresize = function(){maxHeight('shadow');dragChange(elm);};
+		popShadow();
+	}
+	function popShadow() {
+		maxHeight('shadow');
+		var shadow = $('shadow');
+		shadow.style.zIndex = 999;
+		shadow.style.display = 'block';
+	    new Effect.Opacity('shadow', {duration:0.5, from:0.0, to:0.2});
+	}
+	function unpopShadow() {
+	    new Effect.Opacity('shadow', {to:0.0});
+		$('shadow').style.display = 'none';
+	}
+	function unpopControl(el) {
+		$(el).className='hidden';
+		unpopShadow();
+	}
+	function serializeAll() {
+	<?php foreach ( $wp_registered_sidebars as $index => $sidebar ) : ?>
+		$('<?php echo $index; ?>order').value = Sortable.serialize('<?php echo $index; ?>');
+	<?php endforeach; ?>
+	}
+	function updateAll() {
+		resetDroppableHeights();
+		resetPaletteHeight();
+		cols.map(function(o){
+			var pm = $(o+'placematt');
+			if ( $(o).childNodes.length == 0 ) {
+				pm.style.display = 'block';
+				//Position.absolutize(o+'placematt');
+			} else {
+				pm.style.display = 'none';
+			}
+		});
+	}
+	function noSelection(event) {
+		if ( document.selection ) {
+			var range = document.selection.createRange();
+			range.collapse(false);
+			range.select();
+			return false;
+		}
+	}
+	addLoadEvent(updateAll);
+	addLoadEvent(initWidgets);
+	Event.observe(window, 'resize', resetPaletteHeight);
+// ]]>
+</script>
+<?php
+}
+add_action( 'admin_head', 'wp_widgets_admin_head' );
+do_action( 'sidebar_admin_setup' );
+
+function wp_widget_draggable( $name ) {
+	global $wp_registered_widgets, $wp_registered_widget_controls;
+	
+	if ( !isset( $wp_registered_widgets[$name] ) ) {
+		return;
+	}
+	
+	$sanitized_name = sanitize_title( $wp_registered_widgets[$name]['id'] );
+	$link_title = __( 'Configure' );
+	$popper = ( isset( $wp_registered_widget_controls[$name] ) ) 
+		? ' <div class="popper" id="' . $sanitized_name . 'popper" title="' . $link_title . '">&#8801;</div>'
+		: '';
+	
+	$output = '<li class="module" id="widgetprefix-%1$s"><span class="handle">%2$s</span></li>';
+	
+	printf( $output, $sanitized_name, $wp_registered_widgets[$name]['name'] . $popper );
+}
+
+$title = __( 'Widgets' );
+$parent_file = 'themes.php';
+
+require_once 'admin-header.php';
+
+if ( count( $wp_registered_sidebars ) < 1 ) {
+?>
+	<div class="wrap">
+		<h2><?php _e( 'No Sidebars Defined' ); ?></h2>
+		
+		<p><?php _e( 'You are seeing this message because the theme you are currently using isn&#8217;t widget-aware, meaning that it has no sidebars that you are able to change. For information on making your theme widget-aware, please <a href="http://automattic.com/code/widgets/themes/">follow these instructions</a>.' ); /* TODO: article on codex */; ?></p>
+	</div>
+<?php
+	
+	require_once 'admin-footer.php';
+	exit;
+}
+
+$sidebars_widgets = wp_get_sidebars_widgets();
+
+if ( empty( $sidebars_widgets ) ) {
+	$sidebars_widgets = wp_get_widget_defaults();
+}
+
+if ( isset( $_POST['action'] ) ) {
+	check_admin_referer( 'widgets-save-widget-order' );
+	
+	switch ( $_POST['action'] ) {
+		case 'default' :
+			$sidebars_widgets = wp_get_widget_defaults();
+			wp_set_sidebars_widgets( $sidebars_widgets );
+		break;
+		
+		case 'save_widget_order' :
+			$sidebars_widgets = array();
+			
+			foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+				$postindex = $index . 'order';
+				
+				parse_str( $_POST[$postindex], $order );
+				
+				$new_order = $order[$index];
+				
+				if ( is_array( $new_order ) ) {
+					foreach ( $new_order as $sanitized_name ) {
+						foreach ( $wp_registered_widgets as $name => $widget ) {
+							if ( $sanitized_name == $widget['id'] ) {
+								$sidebars_widgets[$index][] = $name;
+							}
+						}
+					}
+				}
+			}
+			
+			wp_set_sidebars_widgets( $sidebars_widgets );
+		break;
+	}
+}
+
+ksort( $wp_registered_widgets );
+
+$inactive_widgets = array();
+
+foreach ( $wp_registered_widgets as $name => $widget ) {
+	$is_active = false;
+	
+	foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+		if ( is_array( $sidebars_widgets[$index] ) && in_array( $name, $sidebars_widgets[$index] ) ) {
+			$is_active = true;
+			break;
+		}
+	}
+	
+	if ( !$is_active ) {
+		$inactive_widgets[] = $name;
+	}
+}
+
+$containers = array( 'palette' );
+
+foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+	$containers[] = $index;
+}
+
+$c_string = '';
+
+foreach ( $containers as $container ) {
+	$c_string .= '"' . $container . '",';
+}
+
+$c_string = substr( $c_string, 0, -1 );
+
+if ( isset( $_POST['action'] ) ) {
+?>
+	<div class="fade updated" id="message">
+		<p><?php printf( __( 'Sidebar updated. <a href="%s">View site &raquo;</a>' ), get_bloginfo( 'url' ) . '/' ); ?></p>
+	</div>
+<?php
+}
+?>
+	<div class="wrap">
+		<h2><?php _e( 'Sidebar Arrangement' ); ?></h2>
+		
+		<p><?php _e( 'You can drag and drop widgets onto your sidebar below.' ); ?></p>
+		
+		<form id="sbadmin" method="post" onsubmit="serializeAll();">
+			<p class="submit">
+				<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+			</p>
+			<div id="zones">
+			<?php
+				foreach ( $wp_registered_sidebars as $index => $sidebar ) {
+			?>
+				<input type="hidden" id="<?php echo $index; ?>order" name="<?php echo $index; ?>order" value="" />
+				
+				<div class="dropzone">
+					<h3><?php echo $sidebar['name']; ?></h3>
+					
+					<div id="<?php echo $index; ?>placematt" class="module placemat">
+						<span class="handle">
+							<h4><?php _e( 'Default Sidebar' ); ?></h4>
+							<?php _e( 'Your theme will display its usual sidebar when this box is empty. Dragging widgets into this box will replace the usual sidebar with your customized sidebar.' ); ?>
+						</span>
+					</div>
+					
+					<ul id="<?php echo $index; ?>">
+					<?php
+						if ( is_array( $sidebars_widgets[$index] ) ) {
+							foreach ( $sidebars_widgets[$index] as $name ) {
+								wp_widget_draggable( $name );
+							}
+						}
+					?>
+					</ul>
+				</div>
+			<?php
+				}
+			?>
+			
+			<br class="clear" />
+			
+			</div>
+		
+			<div id="palettediv">
+				<h3><?php _e( 'Available Widgets' ); ?></h3>
+			
+				<ul id="palette">
+				<?php
+					foreach ( $inactive_widgets as $name ) {
+						wp_widget_draggable( $name );
+					}
+				?>
+					<li id="lastmodule"><span></span></li>
+				</ul>
+			</div>
+		
+			<script type="text/javascript">
+			// <![CDATA[
+			<?php foreach ( $containers as $container ) { ?>
+				Sortable.create("<?php echo $container; ?>", {
+					dropOnEmpty: true, containment: [<?php echo $c_string; ?>], 
+					handle: 'handle', constraint: false, onUpdate: updateAll, 
+					format: /^widgetprefix-(.*)$/
+				});
+			<?php } ?>
+			// ]]>
+			</script>
+		
+			<p class="submit">
+			<?php wp_nonce_field( 'widgets-save-widget-order' ); ?>
+				<input type="hidden" name="action" id="action" value="save_widget_order" />
+				<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
+			</p>
+		
+			<div id="controls">
+			<?php foreach ( $wp_registered_widget_controls as $name => $widget ) { ?>
+				<div class="hidden" id="<?php echo $widget['id']; ?>control">
+					<span class="controlhandle"><?php echo $widget['name']; ?></span>
+					<span id="<?php echo $widget['id']; ?>closer" class="controlcloser">&#215;</span>
+					<div class="controlform">
+					<?php call_user_func_array( $widget['callback'], $widget['params'] ); ?>
+					</div>
+				</div>
+			<?php } ?>
+			</div>
+		</form>
+		
+		<br class="clear" />
+	</div>
+	
+	<div id="shadow"> </div>
+	
+	<?php do_action( 'sidebar_admin_page' ); ?>
+
+<?php require_once 'admin-footer.php'; ?>

wp-admin/wp-admin.css

@@ -201,14 +201,14 @@ textarea, input, select {
 	background: #f4f4f4;
 	border: 1px solid #b2b2b2;
 	color: #000;
-	font:  13px Verdana, Arial, Helvetica, sans-serif;
+	font: 13px Verdana, Arial, Helvetica, sans-serif;
 	margin: 1px;
 	padding: 3px;
 }
 
 #uploading {
 	border-style: none;
-	padding: 0px;
+	padding: 0;
 	margin-bottom: 16px;
 	height: 18em;
 	width: 100%;
@@ -292,6 +292,11 @@ form#upload #post_content {
 	margin: 0;
 }
 
+.commentlist li li {
+	border-bottom: 0px;
+	padding: 0;
+}
+
 .commentlist p {
 	padding: 0;
 	margin: 0 0 .8em;
@@ -459,7 +464,6 @@ input.disabled, textarea.disabled {
 	padding: .2em .2em .3em 2em;
 }
 
-
 #adminmenu .current, #submenu .current {
 	font-weight: bold;
 	text-decoration: none;
@@ -484,6 +488,7 @@ input.disabled, textarea.disabled {
 	line-height: 200%;
 	list-style: none;
 	text-align: center;
+	white-space: nowrap;
 }
 
 #adminmenu a.current {
@@ -529,33 +534,32 @@ input.disabled, textarea.disabled {
 	height: 25px;
 }
 
-
 #categorydiv input, #poststatusdiv input, #commentstatusdiv input, #pingstatusdiv input {
 	border: none;
 }
 
 #postdiv, #titlediv, #guiddiv {
 	margin: 0 8px 0 0;
-	padding: 0px;
+	padding: 0;
 }
 
 #postdivrich {
-	margin: 0px;
-	padding: 0px;
+	margin: 0;
+	padding: 0;
 }
 
 #content {
-	margin: 0 0 0 0;
+	margin: 0;
 	width: 100%;
 }
 
 #postdivrich #content {
-	padding: .7em;
+	padding: 5px;
 	line-height: 140%;
 }
 
 #titlediv input, #guiddiv input {
-	margin: 0px;
+	margin: 0;
 	width: 100%;
 }
 
@@ -579,7 +583,7 @@ input.delete:hover {
 
 #postdivrich #quicktags {
 	background: #f0f0ee;
-	padding: 0px;
+	padding: 0;
 	border: 1px solid #ccc;
 	border-bottom: none;
 }
@@ -593,11 +597,11 @@ input.delete:hover {
 }
 
 #quicktags #ed_toolbar {
-	padding: 0px 2px;
+	padding: 0 2px;
 }
 
 #ed_toolbar input {
-	background: #fff url( images/fade-butt.png ) repeat-x 0px -2px;
+	background: #fff url( images/fade-butt.png ) repeat-x 0 -2px;
 	margin: 3px 2px 2px;
 }
 
@@ -625,7 +629,7 @@ input.delete:hover {
 
 #title {
 	font-size: 1.7em;
-	padding: 4px;
+	padding: 4px 3px;
 }
 
 #postexcerpt div, #attachmentlinks div {
@@ -643,7 +647,7 @@ input.delete:hover {
 }
 
 #excerpt, .attachmentlinks {
-	margin: 0px;
+	margin: 0;
 	height: 4em;
 	width: 100%;
 }
@@ -728,10 +732,7 @@ input.delete:hover {
 	width: 320px;
 	display: block;
 	border-bottom: none;
-}
-
-#login .hide {
-	display: none;
+	text-indent: -9999px;
 }
 
 #login .message {
@@ -814,7 +815,7 @@ input.delete:hover {
 
 #postcustom table {
 	border: 1px solid #ccc;
-	margin: 0px;
+	margin: 0;
 	width: 100%;
 }
 
@@ -835,7 +836,7 @@ input.delete:hover {
 }
 
 * html #template div {
-	margin-right: 0px;
+	margin-right: 0;
 }
 
 #template, #template div, #editcat, #addcat {
@@ -890,7 +891,7 @@ input.delete:hover {
 	font-weight: normal;
 	letter-spacing: -.05em;
 	margin: 0;
-	font-family: Georgia, "Times New Roman", Times, serif
+	font-family: Georgia, "Times New Roman", Times, serif;
 }
 
 #wphead h1 span {
@@ -967,32 +968,32 @@ input.delete:hover {
 Some browsers will disable them when you
 set display:none; */
 .zerosize {
-	height: 0px;
-	width: 0px;
-	margin: 0px;
-	border: 0px;
-	padding: 0px;
+	height: 0;
+	width: 0;
+	margin: 0;
+	border: 0;
+	padding: 0;
 	overflow: hidden;
 	position: absolute;
 }
 
 /* Box stuff */
 .dbx-clone {
-	position:absolute;
-	visibility:hidden;
+	position: absolute;
+	visibility: hidden;
 }
 .dbx-clone, .dbx-clone .dbx-handle-cursor {
-	cursor:move !important;
+	cursor: move !important;
 }
 .dbx-dummy {
-	display:block;
-	width:0;
-	height:0;
-	overflow:hidden;
+	display: block;
+	width: 0;
+	height: 0;
+	overflow: hidden;
 }
 .dbx-group, .dbx-box, .dbx-handle {
-	position:relative;
-	display:block;
+	position: relative;
+	display: block;
 }
 
 #grabit {
@@ -1000,7 +1001,7 @@ set display:none; */
 }
 
 * html #themeselect {
-	padding: 0px 3px;
+	padding: 0 3px;
 	height: 22px;
 }
 
@@ -1010,9 +1011,9 @@ to reduce visual discrepancies between it and the clone.
 overall, dbx-box is best left as visually unstyled as possible
 *****************************************************************/
 .dbx-box {
-	margin:0;
-	padding:0;
-	border:none;
+	margin: 0;
+	padding: 0;
+	border: none;
 }
 
 /* Can change this */
@@ -1020,7 +1021,7 @@ overall, dbx-box is best left as visually unstyled as possible
 	margin-bottom: 1em;
 }
 #moremeta fieldset div {
-	margin: 2px 0 0 0px;
+	margin: 2px 0 0 0;
 	padding: 7px;
 }
 #moremeta {
@@ -1083,7 +1084,7 @@ overall, dbx-box is best left as visually unstyled as possible
 	margin: 1em 1em 1em 0;
 }
 
-#your-profile fieldset input  {
+#your-profile fieldset input {
 	width: 100%;
 	font-size: 20px;
 	padding: 2px;
@@ -1122,7 +1123,7 @@ overall, dbx-box is best left as visually unstyled as possible
 
 /* handles */
 
-.dbx-handle  {
+.dbx-handle {
 	background: #2685af;
 	padding: 6px 1em 2px;
 	font-size: 12px;
@@ -1157,7 +1158,7 @@ overall, dbx-box is best left as visually unstyled as possible
 #advancedstuff div.dbx-content {
 	margin-left: 8px;
 	background: url(images/box-bg-right.gif) repeat-y right;
-	padding: 10px 10px 15px 0px;
+	padding: 10px 10px 15px 0;
 }
 
 #postexcerpt div.dbx-content {
@@ -1190,7 +1191,6 @@ overall, dbx-box is best left as visually unstyled as possible
 	background: url(images/box-butt-right.gif) no-repeat bottom right;
 }
 
-
 /* handle cursors */
 .dbx-handle-cursor {
 	cursor: move;
@@ -1198,22 +1198,22 @@ overall, dbx-box is best left as visually unstyled as possible
 
 /* toggle images */
 a.dbx-toggle, a.dbx-toggle:visited {
-	display:block;
+	display: block;
 	overflow: hidden;
 	background-image: url( images/toggle.gif );
 	position: absolute;
-	top: 0px;
-	right: 0px;
+	top: 0;
+	right: 0;
 	background-repeat: no-repeat;
-	border: 0px;
-	margin: 0px;
-	padding: 0px;
+	border: 0;
+	margin: 0;
+	padding: 0;
 }
 
 #moremeta a.dbx-toggle, #moremeta a.dbx-toggle-open:visited {
 	height: 25px;
 	width: 27px;
-	background-position: 0 0px;
+	background-position: 0 0;
 }
 
 #moremeta a.dbx-toggle-open, #moremeta a.dbx-toggle-open:visited {
@@ -1296,7 +1296,7 @@ input #catadd {
 }
 
 #edButtons input, #edButtons input:active {
-	margin: 0px 2px -1px;
+	margin: 0 2px -1px;
 }
 
 #edButtons input.edButtonFore, #edButtons input.edButtonFore:active {
@@ -1305,7 +1305,7 @@ input #catadd {
 }
 
 #edButtons input.edButtonBack, #edButtons input.edButtonBack:active {
-	background: #fff url( images/fade-butt.png ) repeat-x 0px 15px;
+	background: #fff url( images/fade-butt.png ) repeat-x 0 15px;
 	border-bottom: 1px solid #ccc;
 }
 
@@ -1331,4 +1331,11 @@ a.page-numbers:hover {
 .pagenav span {
 	font-weight: bold;
 	margin: 0 6px;
-}
+}
+
+a.view-link {
+	position: absolute;
+	right: 5%;
+	margin-right: 220px;
+	text-decoration:underline;
+}

wp-atom.php

@@ -5,41 +5,6 @@ if (empty($wp)) {
 	wp('feed=atom');
 }
 
-header('Content-type: application/atom+xml; charset=' . get_option('blog_charset'), true);
-$more = 1;
+require (ABSPATH . WPINC . '/feed-atom.php');
 
-?>
-<?php echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; ?>
-<feed version="0.3"
-	xmlns="http://purl.org/atom/ns#"
-	xmlns:dc="http://purl.org/dc/elements/1.1/"
-	xml:lang="<?php echo get_option('rss_language'); ?>"
-	<?php do_action('atom_ns'); ?>
->
-	<title><?php bloginfo_rss('name') ?></title>
-	<link rel="alternate" type="text/html" href="<?php bloginfo_rss('home') ?>" />
-	<tagline><?php bloginfo_rss("description") ?></tagline>
-	<modified><?php echo mysql2date('Y-m-d\TH:i:s\Z', get_lastpostmodified('GMT'), false); ?></modified>
-	<copyright>Copyright <?php echo mysql2date('Y', get_lastpostdate('blog'), 0); ?></copyright>
-	<generator url="http://wordpress.org/" version="<?php bloginfo_rss('version'); ?>">WordPress</generator>
-	<?php do_action('atom_head'); ?>
-	<?php while (have_posts()) : the_post(); ?>
-	<entry>
-		<author>
-			<name><?php the_author() ?></name>
-		</author>
-		<title type="text/html" mode="escaped"><![CDATA[<?php the_title_rss() ?>]]></title>
-		<link rel="alternate" type="text/html" href="<?php permalink_single_rss() ?>" />
-		<id><?php the_guid(); ?></id>
-		<modified><?php echo get_post_time('Y-m-d\TH:i:s\Z', true); ?></modified>
-		<issued><?php echo get_post_time('Y-m-d\TH:i:s\Z', true); ?></issued>
-		<?php the_category_rss('rdf') ?>
-		<summary type="<?php bloginfo('html_type'); ?>" mode="escaped"><![CDATA[<?php the_excerpt_rss(); ?>]]></summary>
-<?php if ( !get_option('rss_use_excerpt') ) : ?>
-		<content type="<?php bloginfo('html_type'); ?>" mode="escaped" xml:base="<?php permalink_single_rss() ?>"><![CDATA[<?php the_content('', 0, '') ?>]]></content>
-<?php endif; ?>
-<?php rss_enclosure(); ?>
-<?php do_action('atom_entry'); ?>
-	</entry>
-	<?php endwhile ; ?>
-</feed>
+?>

wp-blog-header.php

@@ -2,11 +2,13 @@
 
 if (! isset($wp_did_header)):
 if ( !file_exists( dirname(__FILE__) . '/wp-config.php') ) {
-	if ( strstr( $_SERVER['PHP_SELF'], 'wp-admin') ) $path = '';
+	if (strpos($_SERVER['PHP_SELF'], 'wp-admin') !== false) $path = '';
 	else $path = 'wp-admin/';
 
-  require_once( dirname(__FILE__) . '/wp-includes/functions.php');
-  wp_die("There doesn't seem to be a <code>wp-config.php</code> file. I need this before we can get started. Need more help? <a href='http://codex.wordpress.org/Editing_wp-config.php'>We got it</a>. You can <a href='{$path}setup-config.php'>create a <code>wp-config.php</code> file through a web interface</a>, but this doesn't work for all server setups. The safest way is to manually create the file.", "WordPress &rsaquo; Error");
+	require_once( dirname(__FILE__) . '/wp-includes/classes.php');
+	require_once( dirname(__FILE__) . '/wp-includes/functions.php');
+	require_once( dirname(__FILE__) . '/wp-includes/plugin.php');
+	wp_die("There doesn't seem to be a <code>wp-config.php</code> file. I need this before we can get started. Need more help? <a href='http://codex.wordpress.org/Editing_wp-config.php'>We got it</a>. You can <a href='{$path}setup-config.php'>create a <code>wp-config.php</code> file through a web interface</a>, but this doesn't work for all server setups. The safest way is to manually create the file.", "WordPress &rsaquo; Error");
 }
 
 $wp_did_header = true;

wp-comments-post.php

@@ -1,4 +1,10 @@
 <?php
+if ($_SERVER["REQUEST_METHOD"] != "POST") {
+    header('Allow: POST');
+	header("HTTP/1.1 405 Method Not Allowed");
+	header("Content-type: text/plain");
+    exit;
+}
 require( dirname(__FILE__) . '/wp-config.php' );
 
 nocache_headers();
@@ -18,7 +24,7 @@ if ( empty($status->comment_status) ) {
 	exit;
 }
 
-$comment_author       = trim($_POST['author']);
+$comment_author       = trim(strip_tags($_POST['author']));
 $comment_author_email = trim($_POST['email']);
 $comment_author_url   = trim($_POST['url']);
 $comment_content      = trim($_POST['comment']);

wp-commentsrss2.php

@@ -5,85 +5,6 @@ if (empty($wp)) {
 	wp('feed=rss2&withcomments=1');
 }
 
-header('Content-type: text/xml;charset=' . get_option('blog_charset'), true);
+require (ABSPATH . WPINC . '/feed-rss2-comments.php');
 
-echo '<?xml version="1.0" encoding="'.get_option('blog_charset').'"?'.'>'; 
-?>
-<!-- generator="wordpress/<?php echo $wp_version ?>" -->
-<rss version="2.0" 
-	xmlns:content="http://purl.org/rss/1.0/modules/content/">
-<channel>
-<?php
-$i = 0;
-if (have_posts()) :
-  while (have_posts()) : the_post();
-	if ($i < 1) {
-		$i++;
-?>
-	<title><?php if (is_single() || is_page() ) { printf(__('Comments on: %s'), get_the_title_rss()); } else { printf(__('Comments for %s'), get_bloginfo_rss("name")); } ?></title>
-	<link><?php (is_single()) ? permalink_single_rss() : bloginfo_rss("url") ?></link>
-	<description><?php bloginfo_rss("description") ?></description>
-	<pubDate><?php echo gmdate('r'); ?></pubDate>
-	<generator>http://wordpress.org/?v=<?php echo $wp_version ?></generator>
-
-<?php 
-		if (is_single() || is_page()) {
-			$comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_author_email, 
-			comment_author_url, comment_date, comment_date_gmt, comment_content, comment_post_ID, 
-			$wpdb->posts.ID, $wpdb->posts.post_password FROM $wpdb->comments 
-			LEFT JOIN $wpdb->posts ON comment_post_id = id WHERE comment_post_ID = '" . get_the_ID() . "' 
-			AND $wpdb->comments.comment_approved = '1' AND $wpdb->posts.post_status = 'publish' 
-			AND post_date_gmt < '" . gmdate("Y-m-d H:i:59") . "' 
-			ORDER BY comment_date_gmt ASC" );
-		} else { // if no post id passed in, we'll just ue the last 10 comments.
-			$comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_author_email, 
-			comment_author_url, comment_date, comment_date_gmt, comment_content, comment_post_ID, 
-			$wpdb->posts.ID, $wpdb->posts.post_password FROM $wpdb->comments 
-			LEFT JOIN $wpdb->posts ON comment_post_id = id WHERE $wpdb->posts.post_status = 'publish' 
-			AND $wpdb->comments.comment_approved = '1' AND post_date_gmt < '" . gmdate("Y-m-d H:i:s") . "'  
-			ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss') );
-		}
-	// this line is WordPress' motor, do not delete it.
-		if ($comments) {
-			foreach ($comments as $comment) {
-				$GLOBALS['comment'] =& $comment;
-				// Some plugins may need to know the metadata
-				// associated with this comment's post:
-				get_post_custom($comment->comment_post_ID);
-?>
-	<item>
-		<title><?php if ( ! (is_single() || is_page()) ) {
-			$title = get_the_title($comment->comment_post_ID);
-			$title = apply_filters('the_title', $title);
-			$title = apply_filters('the_title_rss', $title);
-			printf(__('Comment on %1$s by %2$s'), $title, get_comment_author_rss());
-		} else {
-			printf(__('By: %s'), get_comment_author_rss());
-		} ?></title>
-		<link><?php comment_link() ?></link>
-		<author><?php echo get_comment_author_rss() ?></author>
-		<pubDate><?php echo mysql2date('D, d M Y H:i:s +0000', get_comment_time('Y-m-d H:i:s', true), false); ?></pubDate>
-		<guid><?php comment_link() ?></guid>
-			<?php
-			if (!empty($comment->post_password) && $_COOKIE['wp-postpass'] != $comment->post_password) {
-			?>
-		<description><?php _e('Protected Comments: Please enter your password to view comments.'); ?></description>
-		<content:encoded><![CDATA[<?php echo get_the_password_form() ?>]]></content:encoded>
-			<?php
-			} else {
-			?>
-		<description><?php comment_text_rss() ?></description>
-		<content:encoded><![CDATA[<?php comment_text() ?>]]></content:encoded>
-			<?php
-			} // close check for password
-			do_action('commentrss2_item', $comment->comment_ID, $comment->comment_post_ID);
-			?>
-	</item>
-<?php
-			}
-		}
-	}
-endwhile; endif;
-?>
-</channel>
-</rss>
+?>

wp-config-sample.php

@@ -1,21 +1,23 @@
-<?php
-// ** MySQL settings ** //
-define('DB_NAME', 'wordpress');    // The name of the database
-define('DB_USER', 'username');     // Your MySQL username
-define('DB_PASSWORD', 'password'); // ...and password
-define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
-
-// You can have multiple installations in one database if you give each a unique prefix
-$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!
-
-// Change this to localize WordPress.  A corresponding MO file for the
-// chosen language must be installed to wp-includes/languages.
-// For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
-// to enable German language support.
-define ('WPLANG', '');
-
-/* That's all, stop editing! Happy blogging. */
-
-define('ABSPATH', dirname(__FILE__).'/');
-require_once(ABSPATH.'wp-settings.php');
-?>
+<?php
+// ** MySQL settings ** //
+define('DB_NAME', 'putyourdbnamehere');    // The name of the database
+define('DB_USER', 'usernamehere');     // Your MySQL username
+define('DB_PASSWORD', 'yourpasswordhere'); // ...and password
+define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
+define('DB_CHARSET', 'utf8');
+define('DB_COLLATE', '');
+
+// You can have multiple installations in one database if you give each a unique prefix
+$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!
+
+// Change this to localize WordPress.  A corresponding MO file for the
+// chosen language must be installed to wp-content/languages.
+// For example, install de.mo to wp-content/languages and set WPLANG to 'de'
+// to enable German language support.
+define ('WPLANG', '');
+
+/* That's all, stop editing! Happy blogging. */
+
+define('ABSPATH', dirname(__FILE__).'/');
+require_once(ABSPATH.'wp-settings.php');
+?>

wp-content/themes/classic/comments-popup.php

@@ -21,7 +21,7 @@ while( have_posts()) : the_post();
 
 <h2 id="comments"><?php _e("Comments"); ?></h2>
 
-<p><a href="<?php echo get_option('siteurl'); ?>/wp-commentsrss2.php?p=<?php echo $post->ID; ?>"><?php _e("<abbr title=\"Really Simple Syndication\">RSS</abbr> feed for comments on this post."); ?></a></p>
+<p><a href="<?php echo get_post_comments_feed_link($post->ID); ?>"><?php _e("<abbr title=\"Really Simple Syndication\">RSS</abbr> feed for comments on this post."); ?></a></p>
 
 <?php if ('open' == $post->ping_status) { ?>
 <p><?php _e("The <abbr title=\"Universal Resource Locator\">URL</abbr> to TrackBack this entry is:"); ?> <em><?php trackback_url() ?></em></p>
@@ -56,6 +56,9 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
 <p><?php _e("Line and paragraph breaks automatic, e-mail address never displayed, <acronym title=\"Hypertext Markup Language\">HTML</acronym> allowed:"); ?> <code><?php echo allowed_tags(); ?></code></p>
 
 <form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
+<?php if ( $user_ID ) : ?> 
+	<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="Log out of this account">Logout &raquo;</a></p>
+<?php else : ?> 
 	<p>
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author"><?php _e("Name"); ?></label>
@@ -72,6 +75,7 @@ if (!empty($commentstatus->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH
 	  <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" />
 	   <label for="url"><?php _e("<abbr title=\"Universal Resource Locator\">URL</abbr>"); ?></label>
 	</p>
+<?php endif; ?>
 
 	<p>
 	  <label for="comment"><?php _e("Your Comment"); ?></label>

wp-content/themes/classic/functions.php

@@ -0,0 +1,10 @@
+<?php
+if ( function_exists('register_sidebar') )
+	register_sidebar(array(
+        'before_widget' => '<li id="%1$s" class="widget %2$s">',
+        'after_widget' => '</li>',
+        'before_title' => '',
+        'after_title' => '',
+    ));
+
+?>

wp-content/themes/classic/sidebar.php

@@ -3,6 +3,8 @@
 <div id="menu">
 
 <ul>
+<?php 	/* Widgetized sidebar, if you have the plugin installed. */
+		if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar() ) : ?>
 	<?php wp_list_pages('title_li=' . __('Pages:')); ?>
 	<?php wp_list_bookmarks('title_after=&title_before='); ?>
 	<?php wp_list_categories('title_li=' . __('Categories:')); ?>
@@ -32,6 +34,7 @@
 		<?php wp_meta(); ?>
 	</ul>
  </li>
+<?php endif; ?>
 
 </ul>
 

wp-content/themes/default/archive.php

@@ -6,7 +6,7 @@
 
 		 <?php $post = $posts[0]; // Hack. Set $post so that the_date() works. ?>
 <?php /* If this is a category archive */ if (is_category()) { ?>
-		<h2 class="pagetitle">Archive for the &#8216;<?php echo single_cat_title(); ?>&#8217; Category</h2>
+		<h2 class="pagetitle">Archive for the &#8216;<?php single_cat_title(); ?>&#8217; Category</h2>
 
  	  <?php /* If this is a daily archive */ } elseif (is_day()) { ?>
 		<h2 class="pagetitle">Archive for <?php the_time('F jS, Y'); ?></h2>

wp-content/themes/default/comments-popup.php

@@ -21,7 +21,7 @@ while ( have_posts()) : the_post();
 
 <h2 id="comments">Comments</h2>
 
-<p><a href="<?php echo get_option('siteurl'); ?>/wp-commentsrss2.php?p=<?php echo $post->ID; ?>"><abbr title="Really Simple Syndication">RSS</abbr> feed for comments on this post.</a></p>
+<p><a href="<?php echo get_post_comments_feed_link($post->ID); ?>"><abbr title="Really Simple Syndication">RSS</abbr> feed for comments on this post.</a></p>
 
 <?php if ('open' == $post->ping_status) { ?>
 <p>The <abbr title="Universal Resource Locator">URL</abbr> to TrackBack this entry is: <em><?php trackback_url() ?></em></p>
@@ -56,6 +56,9 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 <p>Line and paragraph breaks automatic, e-mail address never displayed, <acronym title="Hypertext Markup Language">HTML</acronym> allowed: <code><?php echo allowed_tags(); ?></code></p>
 
 <form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">
+<?php if ( $user_ID ) : ?> 
+	<p>Logged in as <a href="<?php echo get_option('siteurl'); ?>/wp-admin/profile.php"><?php echo $user_identity; ?></a>. <a href="<?php echo get_option('siteurl'); ?>/wp-login.php?action=logout" title="Log out of this account">Logout &raquo;</a></p>
+<?php else : ?> 
 	<p>
 	  <input type="text" name="author" id="author" class="textarea" value="<?php echo $comment_author; ?>" size="28" tabindex="1" />
 	   <label for="author">Name</label>
@@ -72,6 +75,7 @@ if (!empty($post->post_password) && $_COOKIE['wp-postpass_'. COOKIEHASH] != $pos
 	  <input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="28" tabindex="3" />
 	   <label for="url"><abbr title="Universal Resource Locator">URL</abbr></label>
 	</p>
+<?php endif; ?>
 
 	<p>
 	  <label for="comment">Your Comment</label>

wp-content/themes/default/comments.php

@@ -6,7 +6,7 @@
 		if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) {  // and it doesn't match the cookie
 			?>
 
-			<p class="nocomments">This post is password protected. Enter the password to view comments.<p>
+			<p class="nocomments">This post is password protected. Enter the password to view comments.</p>
 
 			<?php
 			return;
@@ -14,7 +14,7 @@
 	}
 
 	/* This variable is for alternating comment background */
-	$oddcomment = 'alt';
+	$oddcomment = 'class="alt" ';
 ?>
 
 <!-- You can start editing here. -->
@@ -26,22 +26,22 @@
 
 	<?php foreach ($comments as $comment) : ?>
 
-		<li class="<?php echo $oddcomment; ?>" id="comment-<?php comment_ID() ?>">
+		<li <?php echo $oddcomment; ?>id="comment-<?php comment_ID() ?>">
 			<cite><?php comment_author_link() ?></cite> Says:
 			<?php if ($comment->comment_approved == '0') : ?>
 			<em>Your comment is awaiting moderation.</em>
 			<?php endif; ?>
 			<br />
 
-			<small class="commentmetadata"><a href="#comment-<?php comment_ID() ?>" title=""><?php comment_date('F jS, Y') ?> at <?php comment_time() ?></a> <?php edit_comment_link('e','',''); ?></small>
+			<small class="commentmetadata"><a href="#comment-<?php comment_ID() ?>" title=""><?php comment_date('F jS, Y') ?> at <?php comment_time() ?></a> <?php edit_comment_link('edit','&nbsp;&nbsp;',''); ?></small>
 
 			<?php comment_text() ?>
 
 		</li>
 
-	<?php /* Changes every other comment to a different class */
-		if ('alt' == $oddcomment) $oddcomment = '';
-		else $oddcomment = 'alt';
+	<?php
+		/* Changes every other comment to a different class */
+		$oddcomment = ( empty( $oddcomment ) ) ? 'class="alt" ' : '';
 	?>
 
 	<?php endforeach; /* end for each comment */ ?>
@@ -88,7 +88,7 @@
 
 <?php endif; ?>
 
-<!--<p><small><strong>XHTML:</strong> You can use these tags: <?php echo allowed_tags(); ?></small></p>-->
+<!--<p><small><strong>XHTML:</strong> You can use these tags: <code><?php echo allowed_tags(); ?></code></small></p>-->
 
 <p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>
 

wp-content/themes/default/footer.php

@@ -1,7 +1,7 @@
 
 <hr />
 <div id="footer">
-<!-- If you'd like to support WordPress, having the "powered by" link someone on your blog is the best way, it's our only promotion or advertising. -->
+<!-- If you'd like to support WordPress, having the "powered by" link somewhere on your blog is the best way, it's our only promotion or advertising. -->
 	<p>
 		<?php bloginfo('name'); ?> is proudly powered by
 		<a href="http://wordpress.org/">WordPress</a>

wp-content/themes/default/functions.php

@@ -1,4 +1,11 @@
 <?php
+if ( function_exists('register_sidebar') )
+    register_sidebar(array(
+        'before_widget' => '<li id="%1$s" class="widget %2$s">',
+        'after_widget' => '</li>',
+        'before_title' => '<h2 class="widgettitle">',
+        'after_title' => '</h2>',
+    ));
 
 function kubrick_head() {
 	$head = "<style type='text/css'>\n<!--";
@@ -25,7 +32,7 @@ function kubrick_header_image() {
 }
 
 function kubrick_upper_color() {
-	if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {
+	if (strpos($url = kubrick_header_image_url(), 'header-img.php?') !== false) {
 		parse_str(substr($url, strpos($url, '?') + 1), $q);
 		return $q['upper'];
 	} else
@@ -33,7 +40,7 @@ function kubrick_upper_color() {
 }
 
 function kubrick_lower_color() {
-	if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {
+	if (strpos($url = kubrick_header_image_url(), 'header-img.php?') !== false) {
 		parse_str(substr($url, strpos($url, '?') + 1), $q);
 		return $q['lower'];
 	} else
@@ -75,6 +82,7 @@ add_action('admin_menu', 'kubrick_add_theme_page');
 function kubrick_add_theme_page() {
 	if ( $_GET['page'] == basename(__FILE__) ) {
 		if ( 'save' == $_REQUEST['action'] ) {
+			check_admin_referer('kubrick-header');
 			if ( isset($_REQUEST['njform']) ) {
 				if ( isset($_REQUEST['defaults']) ) {
 					delete_option('kubrick_header_image');
@@ -83,13 +91,14 @@ function kubrick_add_theme_page() {
 				} else {
 					if ( '' == $_REQUEST['njfontcolor'] )
 						delete_option('kubrick_header_color');
-					else
-						update_option('kubrick_header_color', $_REQUEST['njfontcolor']);
-
+					else {
+						$fontcolor = preg_replace('/^.*(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['njfontcolor']);
+						update_option('kubrick_header_color', $fontcolor);
+					}
 					if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {
 						$uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];
 						$lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0];
-						update_option('kubrick_header_image', "header-img.php?upper=$uc&amp;lower=$lc");
+						update_option('kubrick_header_image', "header-img.php?upper=$uc&lower=$lc");
 					}
 
 					if ( isset($_REQUEST['toggledisplay']) ) {
@@ -102,20 +111,27 @@ function kubrick_add_theme_page() {
 			} else {
 
 				if ( isset($_REQUEST['headerimage']) ) {
+					check_admin_referer('kubrick-header');
 					if ( '' == $_REQUEST['headerimage'] )
 						delete_option('kubrick_header_image');
-					else
-						update_option('kubrick_header_image', $_REQUEST['headerimage']);
+					else {
+						$headerimage = preg_replace('/^.*?(header-img.php\?upper=[0-9a-fA-F]{6}&lower=[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['headerimage']);
+						update_option('kubrick_header_image', $headerimage);
+					}
 				}
 
 				if ( isset($_REQUEST['fontcolor']) ) {
+					check_admin_referer('kubrick-header');
 					if ( '' == $_REQUEST['fontcolor'] )
 						delete_option('kubrick_header_color');
-					else
-						update_option('kubrick_header_color', $_REQUEST['fontcolor']);
+					else {
+						$fontcolor = preg_replace('/^.*?(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['fontcolor']);
+						update_option('kubrick_header_color', $fontcolor);
+					}
 				}
 
 				if ( isset($_REQUEST['fontdisplay']) ) {
+					check_admin_referer('kubrick-header');
 					if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
 						delete_option('kubrick_header_display');
 					else
@@ -128,7 +144,7 @@ function kubrick_add_theme_page() {
 		}
 		add_action('admin_head', 'kubrick_theme_page_head');
 	}
-	add_theme_page('Customize Header', 'Header Image and Color', 'edit_themes', basename(__FILE__), 'kubrick_theme_page');
+	add_theme_page(__('Customize Header'), __('Header Image and Color'), 'edit_themes', basename(__FILE__), 'kubrick_theme_page');
 }
 
 function kubrick_theme_page_head() {
@@ -141,7 +157,7 @@ function kubrick_theme_page_head() {
 		kUpdate(ColorPicker_targetInput.id);
 	}
 	function PopupWindow_populate(contents) {
-		contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="Close Color Picker" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
+		contents += '<br /><p style="text-align:center;margin-top:0px;"><input type="button" value="<?php echo attribute_escape(__('Close Color Picker')); ?>" onclick="cp.hidePopup(\'prettyplease\')"></input></p>';
 		this.contents = contents;
 		this.populated = false;
 	}
@@ -226,13 +242,13 @@ function kubrick_theme_page_head() {
 		document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
 	}
 	function kRevert() {
-		document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>';
-		document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>';
-		document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>';
-		document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat';
+		document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
+		document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
+		document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
+		document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
 		document.getElementById('header').style.color = '';
-		document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>';
-		document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>';
+		document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
+		document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
 		document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
 	}
 	function kInit() {
@@ -338,11 +354,11 @@ function kubrick_theme_page_head() {
 }
 
 function kubrick_theme_page() {
-	if ( $_REQUEST['saved'] ) echo '<div id="message" class="updated fade"><p><strong>Options saved.</strong></p></div>';
+	if ( $_REQUEST['saved'] ) echo '<div id="message" class="updated fade"><p><strong>'.__('Options saved.').'</strong></p></div>';
 ?>
 <div class='wrap'>
 	<div id="kubrick-header">
-		<h2>Header Image and Color</h2>
+	<h2><?php _e('Header Image and Color'); ?></h2>
 		<div id="headwrap">
 			<div id="header">
 				<div id="headerimg">
@@ -354,41 +370,44 @@ function kubrick_theme_page() {
 		<br />
 		<div id="nonJsForm">
 			<form method="post" action="">
-				<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
-				<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
-				<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
-				<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
-				<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />
-				<input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
-				<input type="submit" name="defaults" value="Use Defaults" />
-				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" />
+				<?php wp_nonce_field('kubrick-header'); ?>
+				<div class="zerosize"><input type="submit" name="defaultsubmit" value="<?php echo attribute_escape(__('Save')); ?>" /></div>
+					<label for="njfontcolor"><?php _e('Font Color:'); ?></label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> <?php printf(__('Any CSS color (%s or %s or %s)'), '<code>red</code>', '<code>#FF0000</code>', '<code>rgb(255, 0, 0)</code>'); ?><br />
+					<label for="njuppercolor"><?php _e('Upper Color:'); ?></label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
+				<label for="njlowercolor"><?php _e('Lower Color:'); ?></label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> <?php printf(__('HEX only (%s or %s)'), '<code>#FF0000</code>', '<code>#F00</code>'); ?><br />
+				<input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
+				<input type="submit" name="toggledisplay" id="toggledisplay" value="<?php echo attribute_escape(__('Toggle Text')); ?>" />
+				<input type="submit" name="defaults" value="<?php echo attribute_escape(__('Use Defaults')); ?>" />
+				<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;<?php _e('Save'); ?>&nbsp;&nbsp;" />
 				<input type="hidden" name="action" value="save" />
 				<input type="hidden" name="njform" value="true" />
 			</form>
 		</div>
 		<div id="jsForm">
-			<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
-				<input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>
-				<input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input>
-				<input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="Lower Color"></input>
-				<input type="button" name="revert" value="Revert" onclick="kRevert()" />
-				<input type="button" value="Advanced" onclick="toggleAdvanced()" />
+			<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo attribute_escape($_SERVER['REQUEST_URI']); ?>">
+				<?php wp_nonce_field('kubrick-header'); ?>
+	<input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="<?php echo attribute_escape(__('Font Color')); ?>"></input>
+		<input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="<?php echo attribute_escape(__('Upper Color')); ?>"></input>
+		<input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="<?php echo attribute_escape(__('Lower Color')); ?>"></input>
+				<input type="button" name="revert" value="<?php echo attribute_escape(__('Revert')); ?>" onclick="kRevert()" />
+				<input type="button" value="<?php echo attribute_escape(__('Advanced')); ?>" onclick="toggleAdvanced()" />
 				<input type="hidden" name="action" value="save" />
-				<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo kubrick_header_display(); ?>" />
-				<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo kubrick_header_color(); ?>" />
-				<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo kubrick_upper_color(); ?>" />
-				<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo kubrick_lower_color(); ?>" />
-				<input type="hidden" name="headerimage" id="headerimage" value="<?php echo kubrick_header_image(); ?>" />
-				<p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header &raquo;'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
+				<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
+				<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
+				<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
+				<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
+				<input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
+				<p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php echo attribute_escape(__('Update Header &raquo;')); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
 			</form>
 			<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
 			<div id="advanced">
 				<form id="jsAdvanced" style="display:none;" action="">
-					<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />
-					<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />
-					<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />
-					<input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br />
-					<input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />
+					<?php wp_nonce_field('kubrick-header'); ?>
+					<label for="advfontcolor"><?php _e('Font Color (CSS):'); ?> </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
+					<label for="advuppercolor"><?php _e('Upper Color (HEX):');?> </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
+					<label for="advlowercolor"><?php _e('Lower Color (HEX):'); ?> </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
+					<input type="button" name="default" value="<?php echo attribute_escape(__('Select Default Colors')); ?>" onclick="kDefaults()" /><br />
+					<input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="<?php echo attribute_escape(__('Toggle Text Display')); ?>"></input><br />
 				</form>
 			</div>
 		</div>

wp-content/themes/default/header.php

@@ -18,7 +18,7 @@
 // Checks to see whether it needs a sidebar or not
 if ( !$withcomments && !is_single() ) {
 ?>
-	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg.jpg") repeat-y top; border: none; }
+	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbg-<?php bloginfo('text_direction'); ?>.jpg") repeat-y top; border: none; }
 <?php } else { // No sidebar ?>
 	#page { background: url("<?php bloginfo('stylesheet_directory'); ?>/images/kubrickbgwide.jpg") repeat-y top; border: none; }
 <?php } ?>

wp-content/themes/default/rtl.css

@@ -0,0 +1,63 @@
+/* Based on Arabic (RTL) version of Kubrick theme, converted by Serdal (Serdal.com) */
+
+.narrowcolumn, .alignleft, .widecolumn .smallattachment { float: right; }
+.alignright, #commentform #submit { float: left; }
+
+#page, #wp-calendar #prev a { text-align: right; }
+
+
+body, #commentform p { font-family: Tahoma, 'Lucida Grande', Verdana, Arial, Sans-Serif; }
+
+small { font-family: Tahoma, Arial, Helvetica, Sans-Serif; }
+
+.commentlist li, #commentform input, #commentform textarea { font: 0.9em Tahoma, 'Lucida Grande', Verdana, Arial, Sans-Serif; }
+
+#sidebar { font: 1em Tahoma, 'Lucida Grande', Verdana, Arial, Sans-Serif; }
+
+#wp-calendar caption { font: bold 1.3em Tahoma, 'Lucida Grande', Verdana, Arial, Sans-Serif; }
+
+#header { margin: 0 1px 0 0; }
+
+.narrowcolumn { padding: 0 45px 20px 0; }
+
+.widecolumn { margin: 5px 150px 0 0; }
+
+.widecolumn .smallattachment { margin: 5px 0px 5px 5px; }
+
+.postmetadata { clear: right; }
+
+img.alignright { margin: 0 7px 2px 0; }
+
+img.alignleft { margin: 0 0 2px 7px; }
+
+.entry ol { padding: 0 35px 0 0; }
+
+#sidebar ul ul, #sidebar ul ol { margin: 5px 10px 0 0; }
+
+#sidebar ul ul ul, #sidebar ul ol { margin: 0 10px 0 0; }
+
+#commentform input { margin: 5px 0 1px 5px; }
+
+.commentlist p { margin: 10px 0 10px 5px; }
+
+#sidebar { margin-right: 545px; }
+
+#wp-calendar #prev a, html>body .entry ul { padding-right: 10px; }
+
+html>body .entry li { margin: 7px 10px 8px 0; }
+
+html>body .entry ul {
+	margin-right: 0px;
+	padding: 0 30px 0 0;
+}
+
+blockquote {
+	margin: 15px 10px 0 30px;
+	padding-right: 20px;
+	border-right: 5px solid #ddd;
+}
+
+#wp-calendar #next a {
+	padding-left: 10px;
+	text-align: left;
+}

wp-content/themes/default/searchform.php

@@ -1,4 +1,4 @@
-<form method="get" id="searchform" action="<?php bloginfo('home'); ?>/">
+<form method="get" id="searchform" action="<?php bloginfo('url'); ?>/">
 <div><input type="text" value="<?php the_search_query(); ?>" name="s" id="s" />
 <input type="submit" id="searchsubmit" value="Search" />
 </div>

wp-content/themes/default/sidebar.php

@@ -1,6 +1,7 @@
 	<div id="sidebar">
 		<ul>
-
+			<?php 	/* Widgetized sidebar, if you have the plugin installed. */
+					if ( !function_exists('dynamic_sidebar') || !dynamic_sidebar() ) : ?>
 			<li>
 				<?php include (TEMPLATEPATH . '/searchform.php'); ?>
 			</li>
@@ -11,32 +12,36 @@
 			</li>
 			-->
 
-			<li>
+			<?php if ( is_404() || is_category() || is_day() || is_month() ||
+						is_year() || is_search() || is_paged() ) {
+			?> <li>
+
 			<?php /* If this is a 404 page */ if (is_404()) { ?>
 			<?php /* If this is a category archive */ } elseif (is_category()) { ?>
 			<p>You are currently browsing the archives for the <?php single_cat_title(''); ?> category.</p>
 
 			<?php /* If this is a yearly archive */ } elseif (is_day()) { ?>
-			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
+			<p>You are currently browsing the <a href="<?php bloginfo('url'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the day <?php the_time('l, F jS, Y'); ?>.</p>
 
 			<?php /* If this is a monthly archive */ } elseif (is_month()) { ?>
-			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
+			<p>You are currently browsing the <a href="<?php bloginfo('url'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <?php the_time('F, Y'); ?>.</p>
 
 			<?php /* If this is a yearly archive */ } elseif (is_year()) { ?>
-			<p>You are currently browsing the <a href="<?php bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
+			<p>You are currently browsing the <a href="<?php bloginfo('url'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for the year <?php the_time('Y'); ?>.</p>
 
 			<?php /* If this is a monthly archive */ } elseif (is_search()) { ?>
-			<p>You have searched the <a href="<?php echo bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
+			<p>You have searched the <a href="<?php echo bloginfo('url'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives
 			for <strong>'<?php the_search_query(); ?>'</strong>. If you are unable to find anything in these search results, you can try one of these links.</p>
 
 			<?php /* If this is a monthly archive */ } elseif (isset($_GET['paged']) && !empty($_GET['paged'])) { ?>
-			<p>You are currently browsing the <a href="<?php echo bloginfo('home'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives.</p>
+			<p>You are currently browsing the <a href="<?php echo bloginfo('url'); ?>/"><?php echo bloginfo('name'); ?></a> weblog archives.</p>
 
 			<?php } ?>
-			</li>
+				
+			</li> <?php }?>
 
 			<?php wp_list_pages('title_li=<h2>Pages</h2>' ); ?>
 
@@ -62,7 +67,8 @@
 				</ul>
 				</li>
 			<?php } ?>
-
+			
+			<?php endif; ?>
 		</ul>
 	</div>
 

wp-cron.php

@@ -3,7 +3,7 @@ ignore_user_abort(true);
 define('DOING_CRON', TRUE);
 require_once('wp-config.php');
 
-if ( $_GET['check'] != md5(DB_PASS . '187425') )
+if ( $_GET['check'] != wp_hash('187425') )
 	exit;
 
 if ( get_option('doing_cron') > time() )

wp-includes/author-template.php

@@ -173,6 +173,8 @@ function get_author_name( $auth_id ) {
 }
 
 function wp_list_authors($args = '') {
+	global $wpdb;
+	
 	if ( is_array($args) )
 		$r = &$args;
 	else
@@ -181,16 +183,19 @@ function wp_list_authors($args = '') {
 	$defaults = array('optioncount' => false, 'exclude_admin' => true, 'show_fullname' => false, 'hide_empty' => true,
 		'feed' => '', 'feed_image' => '');
 	$r = array_merge($defaults, $r);
-	extract($r);
-
-	global $wpdb;
+	extract($r, EXTR_SKIP);
+	
 	// TODO:  Move select to get_authors().
-	$query = "SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name";
-	$authors = $wpdb->get_results($query);
+	$authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name");
+	
+	$author_count = array();
+	foreach ((array) $wpdb->get_results("SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_status = 'publish' GROUP BY post_author") as $row) {
+		$author_count[$row->post_author] = $row->count;
+	}
 
 	foreach ( (array) $authors as $author ) {
 		$author = get_userdata( $author->ID );
-		$posts = get_usernumposts($author->ID);
+		$posts = (isset($author_count[$author->ID])) ? $author_count[$author->ID] : 0;
 		$name = $author->nickname;
 
 		if ( $show_fullname && ($author->first_name != '' && $author->last_name != '') )

wp-includes/bookmark-template.php

@@ -136,6 +136,10 @@ function get_links($category = -1,
 
 		if ( $show_description && '' != $desc )
 			$output .= $between . $desc;
+		
+		if ($show_rating) {
+			$output .= $between . get_linkrating($row);
+		}
 
 		$output .= "$after\n";
 	} // end while
@@ -249,7 +253,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
 	$defaults = array('show_updated' => 0, 'show_description' => 0, 'show_images' => 1, 'before' => '<li>',
 		'after' => '</li>', 'between' => "\n");
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	foreach ( (array) $bookmarks as $bookmark ) {
 		if ( !isset($bookmark->recently_updated) )
@@ -266,9 +270,9 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
 		if ( '' != $rel )
 			$rel = ' rel="' . $rel . '"';
 
-		$desc = attribute_escape($bookmark->link_description);
-		$name = attribute_escape($bookmark->link_name);
-		$title = $desc;
+		$desc = attribute_escape(apply_filters('link_description', $bookmark->link_description)); 
+ 		$name = attribute_escape(apply_filters('link_title', $bookmark->link_name)); 
+ 		$title = $desc;
 
 		if ( $show_updated )
 			if ( '00' != substr($bookmark->link_updated_f, 0, 2) ) {
@@ -304,6 +308,11 @@ function _walk_bookmarks($bookmarks, $args = '' ) {
 
 		if ( $show_description && '' != $desc )
 			$output .= $between . $desc;
+		
+		if ($show_rating) {
+			$output .= $between . get_linkrating($bookmark);
+		}
+		
 		$output .= "$after\n";
 	} // end while
 
@@ -322,7 +331,7 @@ function wp_list_bookmarks($args = '') {
 		'category_orderby' => 'name', 'category_order' => 'ASC', 'class' => 'linkcat',
 		'category_before' => '<li id="%id" class="%class">', 'category_after' => '</li>');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$output = '';
 
@@ -331,18 +340,20 @@ function wp_list_bookmarks($args = '') {
 		$cats = get_categories("type=link&category_name=$category_name&include=$category&orderby=$category_orderby&order=$category_order&hierarchical=0");
 
 		foreach ( (array) $cats as $cat ) {
-			$bookmarks = get_bookmarks("limit=$limit&category={$cat->cat_ID}&show_updated=$show_updated&orderby=$orderby&order=$order&hide_invisible=$hide_invisible&show_updated=$show_updated");
+			$params = array_merge($r, array('category'=>$cat->cat_ID));
+			$bookmarks = get_bookmarks($params);
 			if ( empty($bookmarks) )
 				continue;
 			$output .= str_replace(array('%id', '%class'), array("linkcat-$cat->cat_ID", $class), $category_before);
-			$output .= "$title_before$cat->cat_name$title_after\n\t<ul>\n";
+			$catname = apply_filters( "link_category", $cat->cat_name );
+			$output .= "$title_before$catname$title_after\n\t<ul>\n";
 			$output .= _walk_bookmarks($bookmarks, $r);
 			$output .= "\n\t</ul>\n$category_after\n";
 		}
 	} else {
 		//output one single list using title_li for the title
-		$bookmarks = get_bookmarks("limit=$limit&category=$category&show_updated=$show_updated&orderby=$orderby&order=$order&hide_invisible=$hide_invisible&show_updated=$show_updated");
-		
+		$bookmarks = get_bookmarks($r);
+
 		if ( !empty($bookmarks) ) {
 			if ( !empty( $title_li ) ){
 				$output .= str_replace(array('%id', '%class'), array("linkcat-$category", $class), $category_before);

wp-includes/bookmark.php

@@ -34,7 +34,7 @@ function get_bookmarks($args = '') {
 	$defaults = array('orderby' => 'name', 'order' => 'ASC', 'limit' => -1, 'category' => '',
 		'category_name' => '', 'hide_invisible' => 1, 'show_updated' => 0, 'include' => '', 'exclude' => '');
 	$r = array_merge($defaults, $r);
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$key = md5( serialize( $r ) );
 	if ( $cache = wp_cache_get( 'get_bookmarks', 'bookmark' ) )
@@ -73,7 +73,7 @@ function get_bookmarks($args = '') {
 	}
 	if (!empty($exclusions))
 		$exclusions .= ')';
-		
+
 	if ( ! empty($category_name) ) {
 		if ( $cat_id = $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE cat_name='$category_name' LIMIT 1") )
 			$category = $cat_id;
@@ -136,7 +136,7 @@ function get_bookmarks($args = '') {
 	$results = $wpdb->get_results($query);
 
 	$cache[ $key ] = $results;
-	wp_cache_set( 'get_bookmarks', $cache, 'bookmark' );
+	wp_cache_add( 'get_bookmarks', $cache, 'bookmark' );
 
 	return apply_filters('get_bookmarks', $results, $r);
 }

wp-includes/cache.php

@@ -194,21 +194,8 @@ class WP_Object_Cache {
 				foreach ($dogs as $catt)
 					$this->cache['category'][$catt->cat_ID] = $catt;
 			}
-		} else
-			if ('options' == $group) {
-				$wpdb->hide_errors();
-				if (!$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'")) {
-					$options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options");
-				}
-				$wpdb->show_errors();
+		}
 
-				if ( ! $options )
-					return;
-
-				foreach ($options as $option) {
-					$this->cache['options'][$option->option_name] = $option->option_value;
-				}
-			}
 	}
 
 	function make_group_dir($group, $perms) {
@@ -353,10 +340,9 @@ class WP_Object_Cache {
 				fputs($fd, $serial);
 				fclose($fd);
 				if (!@ rename($temp_file, $cache_file)) {
-					if (@ copy($temp_file, $cache_file))
-						@ unlink($temp_file);
-					else
+					if (!@ copy($temp_file, $cache_file))
 						$errors++;
+					@ unlink($temp_file);
 				}
 				@ chmod($cache_file, $file_perms);
 			}
@@ -399,7 +385,7 @@ class WP_Object_Cache {
 	function WP_Object_Cache() {
 		return $this->__construct();
 	}
-	
+
 	function __construct() {
 		global $blog_id;
 
@@ -442,7 +428,7 @@ class WP_Object_Cache {
 
 	function __destruct() {
 		$this->save();
-		return true;	
+		return true;
 	}
 }
 ?>

wp-includes/category-template.php

@@ -32,10 +32,10 @@ function get_category_link($category_id) {
 		$category_nicename = $category->category_nicename;
 
 		if ( $parent = $category->category_parent )
-			$category_nicename = get_category_parents($parent, false, '/', true) . $category_nicename . '/';
+			$category_nicename = get_category_parents($parent, false, '/', true) . $category_nicename;
 
 		$catlink = str_replace('%category%', $category_nicename, $catlink);
-		$catlink = get_option('home') . trailingslashit($catlink);
+		$catlink = get_option('home') . user_trailingslashit($catlink, 'category');
 	}
 	return apply_filters('category_link', $catlink, $category_id);
 }
@@ -72,13 +72,26 @@ global $post, $category_cache, $blog_id;
 	$categories = $category_cache[$blog_id][$id];
 
 	if ( !empty($categories) )
-		sort($categories);
+		usort($categories, '_get_the_category_usort');
 	else
 		$categories = array();
 
 	return $categories;
 }
 
+function _get_the_category_usort($a, $b) {
+	return strcmp($a->category_name, $b->category_name);
+}
+
+function _get_the_category_usort_by_ID($a, $b) {
+	if ( $a->cat_ID > $b->cat_ID )
+		return 1;
+	elseif ( $a->cat_ID < $b->cat_ID )
+		return -1;
+	else
+		return 0;
+}
+
 function get_the_category_by_ID($cat_ID) {
 	$cat_ID = (int) $cat_ID;
 	$category = &get_category($cat_ID);
@@ -86,10 +99,13 @@ function get_the_category_by_ID($cat_ID) {
 }
 
 function get_the_category_list($separator = '', $parents='') {
+	global $wp_rewrite;
 	$categories = get_the_category();
 	if (empty($categories))
 		return apply_filters('the_category', __('Uncategorized'), $separator, $parents);
 
+	$rel = ( is_object($wp_rewrite) && $wp_rewrite->using_permalinks() ) ? 'rel="category tag"' : 'rel="category"';
+
 	$thelist = '';
 	if ( '' == $separator ) {
 		$thelist .= '<ul class="post-categories">';
@@ -99,17 +115,17 @@ function get_the_category_list($separator = '', $parents='') {
 				case 'multiple':
 					if ($category->category_parent)
 						$thelist .= get_category_parents($category->category_parent, TRUE);
-					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" rel="category tag">'.$category->cat_name.'</a></li>';
+					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
 					break;
 				case 'single':
-					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . ' rel="category tag">';
+					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" ' . $rel . '>';
 					if ($category->category_parent)
 						$thelist .= get_category_parents($category->category_parent, FALSE);
 					$thelist .= $category->cat_name.'</a></li>';
 					break;
 				case '':
 				default:
-					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" rel="category tag">'.$category->cat_name.'</a></li>';
+					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
 			}
 		}
 		$thelist .= '</ul>';
@@ -122,17 +138,17 @@ function get_the_category_list($separator = '', $parents='') {
 				case 'multiple':
 					if ( $category->category_parent )
 						$thelist .= get_category_parents($category->category_parent, TRUE);
-					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" rel="category tag">'.$category->cat_name.'</a>';
+					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" ' . $rel . '>' . $category->cat_name.'</a>';
 					break;
 				case 'single':
-					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" rel="category tag">';
+					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" ' . $rel . '>';
 					if ( $category->category_parent )
 						$thelist .= get_category_parents($category->category_parent, FALSE);
 					$thelist .= "$category->cat_name</a>";
 					break;
 				case '':
 				default:
-					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" rel="category tag">'.$category->cat_name.'</a>';
+					$thelist .= '<a href="' . get_category_link($category->cat_ID) . '" title="' . sprintf(__("View all posts in %s"), $category->cat_name) . '" ' . $rel . '>' . $category->cat_name.'</a>';
 			}
 			++$i;
 		}
@@ -175,7 +191,7 @@ function wp_dropdown_categories($args = '') {
 	$defaults['selected'] = ( is_category() ) ? get_query_var('cat') : 0;
 	$r = array_merge($defaults, $r);
 	$r['include_last_update_time'] = $r['show_last_update'];
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$categories = get_categories($r);
 
@@ -226,7 +242,7 @@ function wp_list_categories($args = '') {
 		$r['pad_counts'] = true;
 	if ( isset($r['show_date']) )
 		$r['include_last_update_time'] = $r['show_date'];
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$categories = get_categories($r);
 
@@ -242,6 +258,12 @@ function wp_list_categories($args = '') {
 	} else {
 		global $wp_query;
 		
+		if( !empty($show_option_all) )
+			if ('list' == $style )  
+				$output .= '<li><a href="' .  get_bloginfo('url')  . '">' . $show_option_all . '</a></li>';
+			else
+				$output .= '<a href="' .  get_bloginfo('url')  . '">' . $show_option_all . '</a>';
+		
 		if ( is_category() )
 			$r['current_category'] = $wp_query->get_queried_object_id();
 

wp-includes/category.php

@@ -5,7 +5,7 @@ function get_all_category_ids() {
 
 	if ( ! $cat_ids = wp_cache_get('all_category_ids', 'category') ) {
 		$cat_ids = $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories");
-		wp_cache_set('all_category_ids', $cat_ids, 'category');
+		wp_cache_add('all_category_ids', $cat_ids, 'category');
 	}
 
 	return $cat_ids;
@@ -28,7 +28,7 @@ function &get_categories($args = '') {
 	else
 		$r['orderby'] = "cat_" . $r['orderby'];  // restricts order by to cat_ID and cat_name fields
 	$r['number'] = (int) $r['number'];
-	extract($r);
+	extract($r, EXTR_SKIP);
 
 	$key = md5( serialize( $r ) );
 	if ( $cache = wp_cache_get( 'get_categories', 'category' ) )
@@ -105,8 +105,11 @@ function &get_categories($args = '') {
 		unset($cat_stamps);
 	}
 
-	if ( $child_of || $hierarchical )
-		$categories = & _get_cat_children($child_of, $categories);
+	if ( $child_of || $hierarchical ) {
+		$children = _get_category_hierarchy();
+		if ( ! empty($children) )
+			$categories = & _get_cat_children($child_of, $categories);
+	}
 
 	// Update category counts to include children.
 	if ( $pad_counts )
@@ -129,9 +132,10 @@ function &get_categories($args = '') {
 	reset ( $categories );
 
 	$cache[ $key ] = $categories;
-	wp_cache_set( 'get_categories', $cache, 'category' );
+	wp_cache_add( 'get_categories', $cache, 'category' );
 
-	return apply_filters('get_categories', $categories, $r);
+	$categories = apply_filters('get_categories', $categories, $r);
+	return $categories;
 }
 
 // Retrieves category data given a category ID or category object.
@@ -149,7 +153,7 @@ function &get_category(&$category, $output = OBJECT) {
 		$category = (int) $category;
 		if ( ! $_category = wp_cache_get($category, 'category') ) {
 			$_category = $wpdb->get_row("SELECT * FROM $wpdb->categories WHERE cat_ID = '$category' LIMIT 1");
-			wp_cache_set($category, $_category, 'category');
+			wp_cache_add($category, $_category, 'category');
 		}
 	}
 
@@ -247,12 +251,21 @@ function &_get_cat_children($category_id, $categories) {
 		return array();
 
 	$category_list = array();
+	$has_children = _get_category_hierarchy();
+
+	if  ( ( 0 != $category_id ) && ! isset($has_children[$category_id]) )
+		return array();
+
 	foreach ( $categories as $category ) {
 		if ( $category->cat_ID == $category_id )
 			continue;
 
 		if ( $category->category_parent == $category_id ) {
 			$category_list[] = $category;
+
+			if ( !isset($has_children[$category->cat_ID]) )
+				continue;
+
 			if ( $children = _get_cat_children($category->cat_ID, $categories) )
 				$category_list = array_merge($category_list, $children);
 		}
@@ -300,4 +313,19 @@ function _pad_category_counts($type, &$categories) {
 			$cats[$id]->{'link' == $type ? 'link_count' : 'category_count'} = count($items);
 }
 
+function _get_category_hierarchy() {
+	$children = get_option('category_children');
+	if ( is_array($children) )
+		return $children;
+
+	$children = array();
+	$categories = get_categories('hide_empty=0&hierarchical=0');
+	foreach ( $categories as $cat ) {
+		if ( $cat->category_parent > 0 )
+			$children[$cat->category_parent][] = $cat->cat_ID;
+	}
+	update_option('category_children', $children);
+
+	return $children;
+}
 ?>

wp-includes/class-pop3.php

@@ -3,7 +3,7 @@
    /**
     * mail_fetch/setup.php
     *
-    * Copyright (c) 1999-2002 The SquirrelMail Project Team
+    * Copyright (c) 1999-2006 The SquirrelMail Project Team
     *
     * Copyright (c) 1999 CDI (cdi@thewebmasters.net) All Rights Reserved
     * Modified by Philippe Mingo 2001 mingo@rotedic.com
@@ -40,9 +40,6 @@ class POP3 {
     var $BANNER     = '';       //  Holds the banner returned by the
                                 //  pop server - used for apop()
 
-    var $RFC1939    = TRUE;     //  Set by noop(). See rfc1939.txt
-                                //
-
     var $ALLOWAPOP  = FALSE;    //  Allow or disallow apop()
                                 //  This must be set to true
                                 //  manually
@@ -59,12 +56,14 @@ class POP3 {
         if(!empty($timeout)) {
             settype($timeout,"integer");
             $this->TIMEOUT = $timeout;
+            if (!ini_get('safe_mode'))
             set_time_limit($timeout);
         }
         return true;
     }
 
     function update_timer () {
+        if (!ini_get('safe_mode'))
         set_time_limit($this->TIMEOUT);
         return true;
     }
@@ -75,6 +74,7 @@ class POP3 {
 
         // If MAILSERVER is set, override $server with it's value
 
+        if (!isset($port) || !$port) {$port = 110;}
         if(!empty($this->MAILSERVER))
             $server = $this->MAILSERVER;
 
@@ -84,7 +84,7 @@ class POP3 {
             return false;
         }
 
-        $fp = fsockopen("$server", $port, $errno, $errstr);
+        $fp = @fsockopen("$server", $port, $errno, $errstr);
 
         if(!$fp) {
             $this->ERROR = _("POP3 connect:") . ' ' . _("Error ") . "[$errno] [$errstr]";
@@ -105,25 +105,7 @@ class POP3 {
         }
         $this->FP = $fp;
         $this->BANNER = $this->parse_banner($reply);
-        $this->RFC1939 = $this->noop();
-        if($this->RFC1939) {
-            $this->ERROR = _("POP3: premature NOOP OK, NOT an RFC 1939 Compliant server");
-            $this->quit();
-            return false;
-        } else
-            return true;
-    }
-
-    function noop () {
-    
-        if(!isset($this->FP)) {
-            $this->ERROR = _("POP3 noop:") . ' ' . _("No connection to server");
-            return false;
-        } else {
-            $cmd = "NOOP";
-            $reply = $this->send_cmd( $cmd );
-            return( $this->is_ok( $reply ) );
-        }
+        return true;
     }
 
     function user ($user = "") {
@@ -158,20 +140,14 @@ class POP3 {
         } else {
             $reply = $this->send_cmd("PASS $pass");
             if(!$this->is_ok($reply)) {
-                $this->ERROR = _("POP3 pass:") . ' ' . _("authentication failed ") . "[$reply]";
+                $this->ERROR = _("POP3 pass:") . ' ' . _("Authentication failed ") . "[$reply]";
                 $this->quit();
                 return false;
             } else {
                 //  Auth successful.
                 $count = $this->last("count");
                 $this->COUNT = $count;
-                $this->RFC1939 = $this->noop();
-                if(!$this->RFC1939) {
-                    $this->ERROR = _("POP3 pass:") . ' ' . _("NOOP failed. Server not RFC 1939 compliant");
-                    $this->quit();
-                    return false;
-                } else
-                    return $count;
+                return $count;
             }
         }
     }
@@ -214,13 +190,7 @@ class POP3 {
                     //  Auth successful.
                     $count = $this->last("count");
                     $this->COUNT = $count;
-                    $this->RFC1939 = $this->noop();
-                    if(!$this->RFC1939) {
-                        $this->ERROR = _("POP3 apop:") . ' ' . _("NOOP failed. Server not RFC 1939 compliant");
-                        $this->quit();
-                        return false;
-                    } else
-                        return $count;
+                    return $count;
                 }
             }
         }
@@ -330,7 +300,7 @@ class POP3 {
                 $this->ERROR = _("POP3 pop_list:") . ' ' . _("Error ") . "[$reply]";
                 return false;
             }
-            list($junk,$num,$size) = explode(" ",$reply);
+            list($junk,$num,$size) = preg_split('/\s+/',$reply);
             return $size;
         }
         $cmd = "LIST";
@@ -353,7 +323,7 @@ class POP3 {
                 $this->ERROR = _("POP3 pop_list:") . ' ' . _("Premature end of list");
                 return false;
             }
-            list($thisMsg,$msgSize) = explode(" ",$line);
+            list($thisMsg,$msgSize) = preg_split('/\s+/',$line);
             settype($thisMsg,"integer");
             if($thisMsg != $msgC)
             {
@@ -393,13 +363,18 @@ class POP3 {
         $count = 0;
         $MsgArray = array();
 
-        $line = fgets($fp,$buffer);
+        $line = "";
         while ( !ereg("^\.\r\n",$line))
         {
+            $line = fgets($fp,$buffer);
+            if (preg_match("/^\s+/", $line) && $count > 0) {
+                $MsgArray[$count-1] .= $line;
+                continue;
+            }
+            if(empty($line))    { break; }
+
             $MsgArray[$count] = $line;
             $count++;
-            $line = fgets($fp,$buffer);
-            if(empty($line))    { break; }
         }
         return $MsgArray;
     }
@@ -423,7 +398,7 @@ class POP3 {
             return $last;
         }
 
-        $Vars = explode(" ",$reply);
+        $Vars = preg_split('/\s+/',$reply);
         $count = $Vars[1];
         $size = $Vars[2];
         settype($count,"integer");
@@ -554,7 +529,7 @@ class POP3 {
                 $this->ERROR = _("POP3 uidl:") . ' ' . _("Error ") . "[$reply]";
                 return false;
             }
-            list ($ok,$num,$myUidl) = explode(" ",$reply);
+            list ($ok,$num,$myUidl) = preg_split('/\s+/',$reply);
             return $myUidl;
         } else {
             $this->update_timer();
@@ -585,7 +560,7 @@ class POP3 {
                 if(ereg("^\.\r\n",$line)) {
                     break;
                 }
-                list ($msg,$msgUidl) = explode(" ",$line);
+                list ($msg,$msgUidl) = preg_split('/\s+/',$line);
                 $msgUidl = $this->strip_clf($msgUidl);
                 if($count == $msg) {
                     $UIDLArray[$msg] = $msgUidl;
@@ -656,7 +631,7 @@ class POP3 {
         for($count =0; $count < $length; $count++)
         {
             $digit = substr($server_text, $count, 1);
-            if ( false !== $digit ) {
+            if (!empty($digit)) {
                 if( (!$outside) && ($digit != '<') && ($digit != '>') )
                 {
                     $banner .= $digit;

wp-includes/classes.php

@@ -58,7 +58,7 @@ class WP {
 			// front.  For path info requests, this leaves us with the requesting
 			// filename, if any.  For 404 requests, this leaves us with the
 			// requested permalink.
-			$req_uri = str_replace($pathinfo, '', $req_uri);
+			$req_uri = str_replace($pathinfo, '', rawurldecode($req_uri));
 			$req_uri = trim($req_uri, '/');
 			$req_uri = preg_replace("|^$home_path|", '', $req_uri);
 			$req_uri = trim($req_uri, '/');
@@ -120,14 +120,14 @@ class WP {
 			}
 
 			// If req_uri is empty or if it is a request for ourself, unset error.
-			if ( empty($request) || $req_uri == $self || strstr($_SERVER['PHP_SELF'], 'wp-admin/') ) {
+			if (empty($request) || $req_uri == $self || strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false) {
 				if (isset($_GET['error']))
 					unset($_GET['error']);
 
 				if (isset($error))
 					unset($error);
 
-				if ( isset($perma_query_vars) && strstr($_SERVER['PHP_SELF'], 'wp-admin/') )
+				if (isset($perma_query_vars) && strpos($_SERVER['PHP_SELF'], 'wp-admin/') !== false)
 					unset($perma_query_vars);
 
 				$this->did_permalink = false;
@@ -417,16 +417,16 @@ class Walker {
 					$cb_args = array_merge( array($output, $element, $depth - 1), $args);
 					$output = call_user_func_array(array(&$this, 'start_el'), $cb_args);
 				}
-	
+
 				// End the element.
 				if ( isset($element->$id_field) && $element->$id_field != 0 ) {
 					$cb_args = array_merge( array($output, $element, $depth - 1), $args);
 					$output = call_user_func_array(array(&$this, 'end_el'), $cb_args);
 				}
-	
-				continue;	
+
+				continue;
 			}
-	
+
 			// Walk the tree.
 			if ( !empty($previous_element) && ($element->$parent_field == $previous_element->$id_field) ) {
 				// Previous element is my parent. Descend a level.
@@ -506,7 +506,7 @@ class Walker_Page extends Walker {
 	function start_el($output, $page, $depth, $current_page, $args) {
 		if ( $depth )
 			$indent = str_repeat("\t", $depth);
-		extract($args);
+		extract($args, EXTR_SKIP);
 		$css_class = 'page_item';
 		$_current_page = get_page( $current_page );
 		if ( $page->ID == $current_page )
@@ -514,20 +514,20 @@ class Walker_Page extends Walker {
 		elseif ( $_current_page && $page->ID == $_current_page->post_parent )
 			$css_class .= ' current_page_parent';
 
-		$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape($page->post_title) . '">' . $page->post_title . '</a>';
-	
+		$output .= $indent . '<li class="' . $css_class . '"><a href="' . get_page_link($page->ID) . '" title="' . attribute_escape(apply_filters('the_title', $page->post_title)) . '">' . apply_filters('the_title', $page->post_title) . '</a>';
+
 		if ( !empty($show_date) ) {
 			if ( 'modified' == $show_date )
 				$time = $page->post_modified;
 			else
 				$time = $page->post_date;
-	
+
 			$output .= " " . mysql2date($date_format, $time);
 		}
 
 		return $output;
 	}
-	
+
 	function end_el($output, $page, $depth) {
 		$output .= "</li>\n";
 
@@ -581,13 +581,14 @@ class Walker_Category extends Walker {
 		extract($args);
 
 		$cat_name = attribute_escape( $category->cat_name);
+		$cat_name = apply_filters( 'list_cats', $cat_name, $category );
 		$link = '<a href="' . get_category_link( $category->cat_ID ) . '" ';
 		if ( $use_desc_for_title == 0 || empty($category->category_description) )
 			$link .= 'title="' . sprintf(__( 'View all posts filed under %s' ), $cat_name) . '"';
 		else
 			$link .= 'title="' . attribute_escape( apply_filters( 'category_description', $category->category_description, $category )) . '"';
 		$link .= '>';
-		$link .= apply_filters( 'list_cats', $category->cat_name, $category ).'</a>';
+		$link .= $cat_name . '</a>';
 
 		if ( (! empty($feed_image)) || (! empty($feed)) ) {
 			$link .= ' ';
@@ -616,10 +617,10 @@ class Walker_Category extends Walker {
 			if ( empty($feed_image) )
 				$link .= ')';
 		}
-	
+
 		if ( isset($show_count) && $show_count )
 			$link .= ' (' . intval($category->category_count) . ')';
-	
+
 		if ( isset($show_date) && $show_date ) {
 			$link .= ' ' . gmdate('Y-m-d', $category->last_update_timestamp);
 		}
@@ -695,7 +696,7 @@ class WP_Ajax_Response {
 				'data' => '', 'supplemental' => array());
 
 		$r = array_merge($defaults, $r);
-		extract($r);
+		extract($r, EXTR_SKIP);
 
 		if ( is_wp_error($id) ) {
 			$data = $id;