2.8.3

git-svn-id: http://svn.automattic.com/wordpress/tags/2.8.3@11770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Stop direct loading of files in wp-admin that should only be included, for 2.8
2009-08-03 15:26:43 +00:00 · 2009-08-03 00:07:41 +00:00 · 2009-08-02 23:18:57 +00:00 · 2009-08-02 23:11:54 +00:00 · 2009-08-02 02:24:43 +00:00 · 2009-08-01 21:15:59 +00:00
454 changed files with 49888 additions and 20263 deletions
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo" style="text-align: center">
 	<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-	<br /> Version 2.7
+	<br /> Version 2.8.3
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>

@@ -29,7 +29,7 @@

 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.7:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.3:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified.</li>
 	<li>Upload the new files.</li>
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -16,6 +16,9 @@ define('WP_ADMIN', true);

 require_once('../wp-load.php');
 require_once('includes/admin.php');
+@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+
+do_action('admin_init');

 if ( ! is_user_logged_in() ) {

@@ -34,17 +37,25 @@ if ( ! is_user_logged_in() ) {
 			$x->send();
 	}

+	if ( !empty( $_POST['action']) )
+		do_action( 'wp_ajax_nopriv_' . $_POST['action'] );
+
 	die('-1');
 }

 if ( isset( $_GET['action'] ) ) :
 switch ( $action = $_GET['action'] ) :
 case 'ajax-tag-search' :
-	if ( !current_user_can( 'manage_categories' ) )
+	if ( !current_user_can( 'edit_posts' ) )
 		die('-1');

 	$s = $_GET['q']; // is this slashed already?

+	if ( isset($_GET['tax']) )
+		$taxonomy = sanitize_title($_GET['tax']);
+	else
+		die('0');
+
 	if ( false !== strpos( $s, ',' ) ) {
 		$s = explode( ',', $s );
 		$s = $s[count( $s ) - 1];
@@ -52,10 +63,54 @@ case 'ajax-tag-search' :
 	$s = trim( $s );
 	if ( strlen( $s ) < 2 )
 		die; // require 2 chars for matching
-	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ('%". $s . "%')" );
+
+	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
+
 	echo join( $results, "\n" );
 	die;
 	break;
+case 'wp-compression-test' :
+	if ( !current_user_can( 'manage_options' ) )
+		die('-1');
+
+	if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
+		update_site_option('can_compress_scripts', 0);
+		die('0');
+	}
+
+	if ( isset($_GET['test']) ) {
+		header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
+		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+		header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
+		header( 'Pragma: no-cache' );
+		header('Content-Type: application/x-javascript; charset=UTF-8');
+		$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
+		$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
+
+		 if ( 1 == $_GET['test'] ) {
+		 	echo $test_str;
+		 	die;
+		 } elseif ( 2 == $_GET['test'] ) {
+			if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
+				header('Content-Encoding: deflate');
+				$out = gzdeflate( $test_str, 1 );
+			} elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
+				header('Content-Encoding: gzip');
+				$out = gzencode( $test_str, 1 );
+			} else {
+				die('-1');
+			}
+			echo $out;
+			die;
+		} elseif ( 'no' == $_GET['test'] ) {
+			update_site_option('can_compress_scripts', 0);
+		} elseif ( 'yes' == $_GET['test'] ) {
+			update_site_option('can_compress_scripts', 1);
+		}
+	}
+
+	die('0');
+	break;
 default :
 	do_action( 'wp_ajax_' . $_GET['action'] );
 	die('0');
@@ -63,24 +118,85 @@ default :
 endswitch;
 endif;

+/**
+ * Sends back current comment total and new page links if they need to be updated.
+ *
+ * Contrary to normal success AJAX response ("1"), die with time() on success.
+ *
+ * @since 2.7
+ *
+ * @param int $comment_id
+ * @return die
+ */
+function _wp_ajax_delete_comment_response( $comment_id ) {
+	$total = (int) @$_POST['_total'];
+	$per_page = (int) @$_POST['_per_page'];
+	$page = (int) @$_POST['_page'];
+	$url = esc_url_raw( @$_POST['_url'] );
+	// JS didn't send us everything we need to know. Just die with success message
+	if ( !$total || !$per_page || !$page || !$url )
+		die( (string) time() );
+
+	if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
+		$total = 0;
+
+	if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
+		die( (string) time() );
+
+	$status = 'total_comments'; // What type of comment count are we looking for?
+	$parsed = parse_url( $url );
+	if ( isset( $parsed['query'] ) ) {
+		parse_str( $parsed['query'], $query_vars );
+		if ( !empty( $query_vars['comment_status'] ) )
+			$status = $query_vars['comment_status'];
+	}
+
+	$comment_count = wp_count_comments();
+	$time = time(); // The time since the last comment count
+
+	if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
+		$total = $comment_count->$status;
+	// else use the decremented value from above
+
+	$page_links = paginate_links( array(
+		'base' => add_query_arg( 'apage', '%#%', $url ),
+		'format' => '',
+		'prev_text' => __('&laquo;'),
+		'next_text' => __('&raquo;'),
+		'total' => ceil($total / $per_page),
+		'current' => $page
+	) );
+	$x = new WP_Ajax_Response( array(
+		'what' => 'comment',
+		'id' => $comment_id, // here for completeness - not used
+		'supplemental' => array(
+			'pageLinks' => $page_links,
+			'total' => $total,
+			'time' => $time
+		)
+	) );
+	$x->send();
+}
+
 $id = isset($_POST['id'])? (int) $_POST['id'] : 0;
 switch ( $action = $_POST['action'] ) :
-case 'delete-comment' :
+case 'delete-comment' : // On success, die with time() instead of 1
 	check_ajax_referer( "delete-comment_$id" );
 	if ( !$comment = get_comment( $id ) )
-		die('1');
+		die( (string) time() );
 	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
 		die('-1');

 	if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
 		if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
-			die('1');
+			die( (string) time() );
 		$r = wp_set_comment_status( $comment->comment_ID, 'spam' );
 	} else {
 		$r = wp_delete_comment( $comment->comment_ID );
 	}
-
-	die( $r ? '1' : '0' );
+	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
+		_wp_ajax_delete_comment_response( $comment->comment_ID );
+	die( '0' );
 	break;
 case 'delete-cat' :
 	check_ajax_referer( "delete-category_$id" );
@@ -101,11 +217,16 @@ case 'delete-tag' :
 	if ( !current_user_can( 'manage_categories' ) )
 		die('-1');

-	$tag = get_term( $id, 'post_tag' );
+	if ( !empty($_POST['taxonomy']) )
+		$taxonomy = $_POST['taxonomy'];
+	else
+		$taxonomy = 'post_tag';
+
+	$tag = get_term( $id, $taxonomy );
 	if ( !$tag || is_wp_error( $tag ) )
 		die('1');

-	if ( wp_delete_term($id, 'post_tag'))
+	if ( wp_delete_term($id, $taxonomy))
 		die('1');
 	else
 		die('0');
@@ -121,8 +242,10 @@ case 'delete-link-cat' :

 	$cat_name = get_term_field('name', $id, 'link_category');

+	$default = get_option('default_link_category');
+
 	// Don't delete the default cats.
-	if ( $id == get_option('default_link_category') ) {
+	if ( $id == $default ) {
 		$x = new WP_AJAX_Response( array(
 			'what' => 'link-cat',
 			'id' => $id,
@@ -131,7 +254,7 @@ case 'delete-link-cat' :
 		$x->send();
 	}

-	$r = wp_delete_term($id, 'link_category');
+	$r = wp_delete_term($id, 'link_category', array('default' => $default));
 	if ( !$r )
 		die('0');
 	if ( is_wp_error($r) ) {
@@ -195,9 +318,15 @@ case 'delete-page' :
 	else
 		die('0');
 	break;
-case 'dim-comment' :
-	if ( !$comment = get_comment( $id ) )
-		die('0');
+case 'dim-comment' : // On success, die with time() instead of 1
+
+	if ( !$comment = get_comment( $id ) ) {
+		$x = new WP_Ajax_Response( array(
+			'what' => 'comment',
+			'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
+		) );
+		$x->send();
+	}

 	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
 		die('-1');
@@ -206,18 +335,27 @@ case 'dim-comment' :

 	$current = wp_get_comment_status( $comment->comment_ID );
 	if ( $_POST['new'] == $current )
-		die('1');
+		die( (string) time() );

+	$r = 0;
 	if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
 		check_ajax_referer( "approve-comment_$id" );
-		if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
-			die('1');
+		$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
 	} else {
 		check_ajax_referer( "unapprove-comment_$id" );
-		if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
-			die('1');
+		$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
 	}
-	die('0');
+	if ( is_wp_error($result) ) {
+		$x = new WP_Ajax_Response( array(
+			'what' => 'comment',
+			'id' => $result
+		) );
+		$x->send();
+	}
+
+	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
+	_wp_ajax_delete_comment_response( $comment->comment_ID );
+	die( '0' );
 	break;
 case 'add-category' : // On the Fly
 	check_ajax_referer( $action );
@@ -286,11 +424,11 @@ case 'add-link-category' : // On the Fly
 			$cat_id = wp_insert_term( $cat_name, 'link_category' );
 		}
 		$cat_id = $cat_id['term_id'];
-		$cat_name = wp_specialchars(stripslashes($cat_name));
+		$cat_name = esc_html(stripslashes($cat_name));
 		$x->add( array(
 			'what' => 'link-category',
 			'id' => $cat_id,
-			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
+			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
 			'position' => -1
 		) );
 	}
@@ -309,7 +447,7 @@ case 'add-cat' : // From Manage->Categories
 		$x->send();
 	}

-	if ( category_exists( trim( $_POST['cat_name'] ) ) ) {
+	if ( category_exists( trim( $_POST['cat_name'] ), $_POST['category_parent'] ) ) {
 		$x = new WP_Ajax_Response( array(
 			'what' => 'cat',
 			'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
@@ -338,7 +476,7 @@ case 'add-cat' : // From Manage->Categories
 		$cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
 		$level++;
 	}
-	$cat_full_name = attribute_escape($cat_full_name);
+	$cat_full_name = esc_attr($cat_full_name);

 	$x = new WP_Ajax_Response( array(
 		'what' => 'cat',
@@ -397,7 +535,12 @@ case 'add-tag' : // From Manage->Tags
 		$x->send();
 	}

-	$tag = wp_insert_term($_POST['name'], 'post_tag', $_POST );
+	if ( !empty($_POST['taxonomy']) )
+		$taxonomy = $_POST['taxonomy'];
+	else
+		$taxonomy = 'post_tag';
+
+	$tag = wp_insert_term($_POST['name'], $taxonomy, $_POST );

 	if ( is_wp_error($tag) ) {
 		$x = new WP_Ajax_Response( array(
@@ -407,36 +550,45 @@ case 'add-tag' : // From Manage->Tags
 		$x->send();
 	}

-	if ( !$tag || (!$tag = get_term( $tag['term_id'], 'post_tag' )) )
+	if ( !$tag || (!$tag = get_term( $tag['term_id'], $taxonomy )) )
 		die('0');

 	$tag_full_name = $tag->name;
-	$tag_full_name = attribute_escape($tag_full_name);
+	$tag_full_name = esc_attr($tag_full_name);

 	$x = new WP_Ajax_Response( array(
 		'what' => 'tag',
 		'id' => $tag->term_id,
 		'position' => '-1',
-		'data' => _tag_row( $tag ),
+		'data' => _tag_row( $tag, '', $taxonomy ),
 		'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
 	) );
 	$x->send();
 	break;
 case 'get-tagcloud' :
-	if ( !current_user_can( 'manage_categories' ) )
+	if ( !current_user_can( 'edit_posts' ) )
 		die('-1');

-	$tags = get_tags( array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
+	if ( isset($_POST['tax']) )
+		$taxonomy = sanitize_title($_POST['tax']);
+	else
+		die('0');
+
+	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );

 	if ( empty( $tags ) )
 		die( __('No tags found!') );

+	if ( is_wp_error($tags) )
+		die($tags->get_error_message());
+
 	foreach ( $tags as $key => $tag ) {
 		$tags[ $key ]->link = '#';
 		$tags[ $key ]->id = $tag->term_id;
 	}

-	$return = wp_generate_tag_cloud( $tags );
+	// We need raw tag names here, so don't filter the output
+	$return = wp_generate_tag_cloud( $tags, array('filter' => 0) );

 	if ( empty($return) )
 		die('0');
@@ -450,8 +602,12 @@ case 'add-comment' :
 	if ( !current_user_can( 'edit_post', $id ) )
 		die('-1');
 	$search = isset($_POST['s']) ? $_POST['s'] : false;
-	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
-	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false;
+	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
+	$per_page = isset($_POST['per_page']) ?  (int) $_POST['per_page'] + 8 : 28;
+	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
+	if ( 1 > $start )
+		$start = 27;
+
 	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
 	$p = isset($_POST['p']) ? $_POST['p'] : 0;
 	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
@@ -593,6 +749,7 @@ case 'edit-comment' :
 	$mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
 	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
 	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
+	$comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';

 	if ( get_option('show_avatars') && 'single' != $mode )
 		add_filter( 'comment_author', 'floated_admin_avatar' );
@@ -600,7 +757,7 @@ case 'edit-comment' :
 	$x = new WP_Ajax_Response();

 	ob_start();
-		_wp_comment_row( $comment_id, $mode, true, $checkbox );
+		_wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
 		$comment_list_item = ob_get_contents();
 	ob_end_clean();

@@ -620,7 +777,7 @@ case 'add-meta' :
 	if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
 		if ( !current_user_can( 'edit_post', $pid ) )
 			die('-1');
-		if ( '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
+		if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
 			die('1');
 		if ( $pid < 0 ) {
 			$now = current_time('timestamp', 1);
@@ -634,12 +791,13 @@ case 'add-meta' :
 					) );
 					$x->send();
 				}
-				$mid = add_meta( $pid );
+				if ( !$mid = add_meta( $pid ) )
+					die(__('Please provide a custom field value.'));
 			} else {
 				die('0');
 			}
 		} else if ( !$mid = add_meta( $pid ) ) {
-			die('0');
+			die(__('Please provide a custom field value.'));
 		}

 		$meta = get_post_meta_by_id( $mid );
@@ -660,8 +818,11 @@ case 'add-meta' :
 			die('0'); // if meta doesn't exist
 		if ( !current_user_can( 'edit_post', $meta->post_id ) )
 			die('-1');
-		if ( !$u = update_meta( $mid, $key, $value ) )
-			die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+		if ( $meta->meta_value != stripslashes($value) ) {
+			if ( !$u = update_meta( $mid, $key, $value ) )
+				die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+		}
+
 		$key = stripslashes($key);
 		$value = stripslashes($value);
 		$x = new WP_Ajax_Response( array(
@@ -712,7 +873,6 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 	global $current_user;

 	$_POST['post_category'] = explode(",", $_POST['catslist']);
-	$_POST['tags_input'] = explode(",", $_POST['tags_input']);
 	if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
 		unset($_POST['post_category']);

@@ -720,7 +880,9 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 	$do_lock = true;

 	$data = '';
-	$message = sprintf( __('Draft Saved at %s.'), date( __('g:i:s a'), current_time( 'timestamp', true ) ) );
+	/* translators: draft saved date format, see http://php.net/date */
+	$draft_saved_date_format = __('g:i:s a');
+	$message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );

 	$supplemental = array();

@@ -744,7 +906,7 @@ case 'autosave' : // The name of this action is hardcoded in edit_post()
 			$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
 			$data = new WP_Error( 'locked', sprintf(
 				$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
-				wp_specialchars( $last_user_name )
+				esc_html( $last_user_name )
 			) );

 			$supplemental['disable_autosave'] = 'disable';
@@ -815,32 +977,65 @@ case 'autosave-generate-nonces' :
 break;
 case 'closed-postboxes' :
 	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
-	$closed = isset( $_POST['closed'] )? $_POST['closed'] : '';
+	$closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
 	$closed = explode( ',', $_POST['closed'] );
-	$hidden = isset( $_POST['hidden'] )? $_POST['hidden'] : '';
+	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
 	$hidden = explode( ',', $_POST['hidden'] );
-	$page = isset( $_POST['page'] )? $_POST['page'] : '';
-	if ( !preg_match( '/^[a-z-_]+$/', $page ) ) {
-		die(-1);
-	}
-	$current_user = wp_get_current_user();
+	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
+
+	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+		die('-1');
+
+	if ( ! $user = wp_get_current_user() )
+		die('-1');
+
 	if ( is_array($closed) )
-		update_usermeta($current_user->ID, 'closedpostboxes_'.$page, $closed);
-	if ( is_array($hidden) )
-		update_usermeta($current_user->ID, 'meta-box-hidden_'.$page, $hidden);
-break;
-case 'hidden-columns' :
-	check_ajax_referer( 'hiddencolumns', 'hiddencolumnsnonce' );
-	$hidden = isset( $_POST['hidden'] )? $_POST['hidden'] : '';
-	$hidden = explode( ',', $_POST['hidden'] );
-	$page = isset( $_POST['page'] )? $_POST['page'] : '';
-	if ( !preg_match( '/^[a-z-_]+$/', $page ) ) {
-		die(-1);
+		update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
+
+	if ( is_array($hidden) ) {
+		$hidden = array_diff( $hidden, array('submitdiv', 'pagesubmitdiv', 'linksubmitdiv') ); // postboxes that are always shown
+		update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
 	}
-	$current_user = wp_get_current_user();
+
+	die('1');
+	break;
+case 'hidden-columns' :
+	check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
+	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
+	$hidden = explode( ',', $_POST['hidden'] );
+	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
+
+	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+		die('-1');
+
+	if ( ! $user = wp_get_current_user() )
+		die('-1');
+
 	if ( is_array($hidden) )
-		update_usermeta($current_user->ID, "manage-$page-columns-hidden", $hidden);
-break;
+		update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden);
+
+	die('1');
+	break;
+case 'meta-box-order':
+	check_ajax_referer( 'meta-box-order' );
+	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
+	$page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
+	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
+
+	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+		die('-1');
+
+	if ( ! $user = wp_get_current_user() )
+		die('-1');
+
+	if ( $order )
+		update_user_option($user->ID, "meta-box-order_$page", $order);
+
+	if ( $page_columns )
+		update_usermeta($user->ID, "screen_layout_$page", $page_columns);
+
+	die('1');
+	break;
 case 'get-permalink':
 	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
 	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
@@ -870,12 +1065,15 @@ case 'inline-save':
 	if ( $last = wp_check_post_lock( $post_ID ) ) {
 		$last_user = get_userdata( $last );
 		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
-		printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),	wp_specialchars( $last_user_name ) );
+		printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),	esc_html( $last_user_name ) );
 		exit;
 	}

 	$data = &$_POST;
+
 	$post = get_post( $post_ID, ARRAY_A );
+	$post = add_magic_quotes($post); //since it is from db
+
 	$data['content'] = $post['post_content'];
 	$data['excerpt'] = $post['post_excerpt'];

@@ -897,7 +1095,6 @@ case 'inline-save':
 		$data['ping_status'] = 'closed';

 	// update the post
-	$_POST = $data;
 	edit_post();

 	$post = array();
@@ -951,9 +1148,17 @@ case 'inline-save-tax':

 			break;
 		case 'tag' :
-			$updated = wp_update_term($id, 'post_tag', $_POST);
+			if ( !empty($_POST['taxonomy']) )
+				$taxonomy = $_POST['taxonomy'];
+			else
+				$taxonomy = 'post_tag';
+
+			$tag = get_term( $id, $taxonomy );
+			$_POST['description'] = $tag->description;
+
+			$updated = wp_update_term($id, $taxonomy, $_POST);
 			if ( $updated && !is_wp_error($updated) ) {
-				$tag = get_term( $updated['term_id'], 'post_tag' );
+				$tag = get_term( $updated['term_id'], $taxonomy );
 				if ( !$tag || is_wp_error( $tag ) )
 					die( __('Tag not updated.') );

@@ -967,11 +1172,6 @@ case 'inline-save-tax':

 	exit;
 	break;
-case 'meta-box-order':
-	check_ajax_referer( 'meta-box-order' );
-	update_user_option( $GLOBALS['current_user']->ID, "meta-box-order_$_POST[page]", $_POST['order'] );
-	die('1');
-	break;
 case 'find_posts':
 	check_ajax_referer( 'find-posts' );

@@ -998,7 +1198,7 @@ case 'find_posts':
 	if ( ! $posts )
 		exit( __('No posts found.') );

-	$html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
+	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
 	foreach ( $posts as $post ) {

 		switch ( $post->post_status ) {
@@ -1020,11 +1220,12 @@ case 'find_posts':
 		if ( '0000-00-00 00:00:00' == $post->post_date ) {
 			$time = '';
 		} else {
+			/* translators: date format in table columns, see http://php.net/date */
 			$time = mysql2date(__('Y/m/d'), $post->post_date);
 		}

-		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="'.$post->ID.'"></td>';
-		$html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
+		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
+		$html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
 	}
 	$html .= '</tbody></table>';

@@ -1035,6 +1236,117 @@ case 'find_posts':
 	));
 	$x->send();

+	break;
+case 'lj-importer' :
+	check_ajax_referer( 'lj-api-import' );
+	if ( !current_user_can( 'publish_posts' ) )
+		die('-1');
+	if ( empty( $_POST['step'] ) )
+		die( '-1' );
+	define('WP_IMPORTING', true);
+	include( ABSPATH . 'wp-admin/import/livejournal.php' );
+	$result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
+	if ( is_wp_error( $result ) )
+		echo $result->get_error_message();
+	die;
+	break;
+case 'widgets-order' :
+	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
+
+	if ( !current_user_can('switch_themes') )
+		die('-1');
+
+	unset( $_POST['savewidgets'], $_POST['action'] );
+
+	// save widgets order for all sidebars
+	if ( is_array($_POST['sidebars']) ) {
+		$sidebars = array();
+		foreach ( $_POST['sidebars'] as $key => $val ) {
+			$sb = array();
+			if ( !empty($val) ) {
+				$val = explode(',', $val);
+				foreach ( $val as $k => $v ) {
+					if ( strpos($v, 'widget-') === false )
+						continue;
+
+					$sb[$k] = substr($v, strpos($v, '_') + 1);
+				}
+			}
+			$sidebars[$key] = $sb;
+		}
+		wp_set_sidebars_widgets($sidebars);
+		die('1');
+	}
+
+	die('-1');
+	break;
+case 'save-widget' :
+	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
+
+	if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) )
+		die('-1');
+
+	unset( $_POST['savewidgets'], $_POST['action'] );
+
+	do_action('load-widgets.php');
+	do_action('widgets.php');
+	do_action('sidebar_admin_setup');
+
+	$id_base = $_POST['id_base'];
+	$widget_id = $_POST['widget-id'];
+	$sidebar_id = $_POST['sidebar'];
+	$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
+	$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
+	$error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
+
+	$sidebars = wp_get_sidebars_widgets();
+	$sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
+
+	// delete
+	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
+
+		if ( !isset($wp_registered_widgets[$widget_id]) )
+			die($error);
+
+		$sidebar = array_diff( $sidebar, array($widget_id) );
+		$_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
+	} elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
+		if ( !$multi_number )
+			die($error);
+
+		$_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
+		$widget_id = $id_base . '-' . $multi_number;
+		$sidebar[] = $widget_id;
+	}
+	$_POST['widget-id'] = $sidebar;
+
+	foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
+
+		if ( $name == $id_base ) {
+			if ( !is_callable( $control['callback'] ) )
+				continue;
+
+			ob_start();
+				call_user_func_array( $control['callback'], $control['params'] );
+			ob_end_clean();
+			break;
+		}
+	}
+
+	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
+		$sidebars[$sidebar_id] = $sidebar;
+		wp_set_sidebars_widgets($sidebars);
+		echo "deleted:$widget_id";
+		die();
+	}
+
+	if ( !empty($_POST['add_new']) )
+		die();
+
+	if ( $form = $wp_registered_widget_controls[$widget_id] )
+		call_user_func_array( $form['callback'], $form['params'] );
+
+	die();
 	break;
 default :
 	do_action( 'wp_ajax_' . $_POST['action'] );
--- a/wp-admin/admin-footer.php
+++ b/wp-admin/admin-footer.php
@@ -5,6 +5,10 @@
 * @package WordPress
 * @subpackage Administration
 */
+
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 ?>

 <div class="clear"></div></div><!-- wpbody-content -->
@@ -16,13 +20,25 @@
 <p id="footer-left" class="alignleft"><?php
 do_action( 'in_admin_footer' );
 $upgrade = apply_filters( 'update_footer', '' );
-echo '<span id="footer-thankyou">' . __('Thank you for creating with <a href="http://wordpress.org/">WordPress</a>.').'</span> | '.__('<a href="http://codex.wordpress.org/">Documentation</a>').' | '.__('<a href="http://wordpress.org/support/forum/4">Feedback</a>'); ?>
+echo apply_filters( 'admin_footer_text', '<span id="footer-thankyou">' . __('Thank you for creating with <a href="http://wordpress.org/">WordPress</a>.').'</span> | '.__('<a href="http://codex.wordpress.org/">Documentation</a>').' | '.__('<a href="http://wordpress.org/support/forum/4">Feedback</a>') ); ?>
 </p>
 <?php // if ( $is_IE ) browse_happy(); ?>
 <p id="footer-upgrade" class="alignright"><?php echo $upgrade; ?></p>
 <div class="clear"></div>
 </div>
-<?php do_action('admin_footer', ''); ?>
+<?php
+do_action('admin_footer', '');
+do_action('admin_print_footer_scripts');
+do_action("admin_footer-$hook_suffix");
+
+// get_site_option() won't exist when auto upgrading from <= 2.7
+if ( function_exists('get_site_option') ) {
+	if ( false === get_site_option('can_compress_scripts') )
+		compression_test();
+}
+
+?>
+
 <script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
 </body>
-</html>
+</html>
--- a/wp-admin/admin-header.php
+++ b/wp-admin/admin-header.php
@@ -10,52 +10,22 @@
 if (!isset($_GET["page"])) require_once('admin.php');

 get_admin_page_title();
-$title = wp_specialchars( strip_tags( $title ) );
+$title = esc_html( strip_tags( $title ) );
 wp_user_settings();
+wp_menu_unfold();
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>>
 <head>
 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" />
-<title><?php bloginfo('name') ?> &rsaquo; <?php echo $title; ?> &#8212; WordPress</title>
+<title><?php echo $title; ?> &lsaquo; <?php bloginfo('name') ?>  &#8212; WordPress</title>
 <?php

 wp_admin_css( 'css/global' );
 wp_admin_css();
 wp_admin_css( 'css/colors' );
 wp_admin_css( 'css/ie' );
-
-?>
-<script type="text/javascript">
-//<![CDATA[
-addLoadEvent = function(func) {if (typeof jQuery != "undefined") jQuery(document).ready(func); else if (typeof wpOnload!='function'){wpOnload=func;} else {var oldonload=wpOnload; wpOnload=function(){oldonload();func();}}};
-
-function convertEntities(o) {
-	var c = function(s) {
-		if (/&[^;]+;/.test(s)) {
-			var e = document.createElement("div");
-			e.innerHTML = s;
-			return !e.firstChild ? s : e.firstChild.nodeValue;
-		}
-		return s;
-	}
-
-	if ( typeof o === 'string' )
-		return c(o);
-	else if ( typeof o === 'object' )
-		for (var v in o) {
-			if ( typeof o[v] === 'string' )
-				o[v] = c(o[v]);
-		}
-	return o;
-};
-//]]>
-</script>
-<?php
-
-if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
-	add_action( 'admin_head', 'wp_tiny_mce' );
-}
+wp_enqueue_script('utils');

 $hook_suffix = '';
 if ( isset($page_hook) )
@@ -65,6 +35,23 @@ else if ( isset($plugin_page) )
 else if ( isset($pagenow) )
 	$hook_suffix = "$pagenow";

+$admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix);
+?>
+<script type="text/javascript">
+//<![CDATA[
+addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time() ?>'};
+var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = '<?php echo substr($pagenow, 0, -4); ?>', adminpage = '<?php echo $admin_body_class; ?>';
+//]]>
+</script>
+<?php
+
+if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
+	add_action( 'admin_print_footer_scripts', 'wp_tiny_mce', 25 );
+	wp_enqueue_script('quicktags');
+}
+
+do_action('admin_enqueue_scripts', $hook_suffix);
 do_action("admin_print_styles-$hook_suffix");
 do_action('admin_print_styles');
 do_action("admin_print_scripts-$hook_suffix");
@@ -72,11 +59,24 @@ do_action('admin_print_scripts');
 do_action("admin_head-$hook_suffix");
 do_action('admin_head');

+if ( get_user_setting('mfold') == 'f' ) {
+	$admin_body_class .= ' folded';
+}
+
 if ( $is_iphone ) { ?>
 <style type="text/css">.row-actions{visibility:visible;}</style>
 <?php } ?>
 </head>
-<body class="wp-admin <?php echo apply_filters( 'admin_body_class', '' ); ?>">
+<body class="wp-admin no-js <?php echo apply_filters( 'admin_body_class', '' ) . " $admin_body_class"; ?>">
+<script type="text/javascript">
+//<![CDATA[
+(function(){
+var c = document.body.className;
+c = c.replace(/no-js/, 'js');
+document.body.className = c;
+})();
+//]]>
+</script>

 <div id="wpwrap">
 <div id="wpcontent">
@@ -101,7 +101,7 @@ if ( function_exists('mb_strlen') ) {
 }
 ?>

-<img id="header-logo" src="../wp-includes/images/blank.gif" alt="" width="32" height="32" /> <h1 <?php echo $title_class ?>><a href="<?php echo trailingslashit( get_bloginfo('url') ); ?>" title="<?php _e('Visit site') ?>"><?php echo $blog_name ?> <span>&larr; <?php _e('Visit site') ?></span></a></h1>
+<img id="header-logo" src="../wp-includes/images/blank.gif" alt="" width="32" height="32" /> <h1 id="site-heading" <?php echo $title_class ?>><a href="<?php echo trailingslashit( get_bloginfo('url') ); ?>" title="<?php _e('Visit Site') ?>"><span id="site-title"><?php echo $blog_name ?></span> <em id="site-visit-button"><?php _e('Visit Site') ?></em></a></h1>

 <div id="wphead-info">
 <div id="user_info">
@@ -110,14 +110,10 @@ if ( function_exists('mb_strlen') ) {
 <a href="<?php echo wp_logout_url() ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a></p>
 </div>

-<?php favorite_actions(); ?>
+<?php favorite_actions($hook_suffix); ?>
 </div>
 </div>

-<?php if ( get_user_setting('mfold') == 'f' ) { ?>
-<script type="text/javascript">jQuery('#wpcontent').addClass('folded');</script>
-<?php } ?>
-
 <div id="wpbody">
 <?php require(ABSPATH . 'wp-admin/menu-header.php'); ?>

--- a/wp-admin/admin-post.php
+++ b/wp-admin/admin-post.php
@@ -16,14 +16,15 @@ else

 require_once(ABSPATH . 'wp-admin/includes/admin.php');

-if ( !wp_validate_auth_cookie() )
-	wp_die(__('Cheatin&#8217; uh?'));
-
 nocache_headers();

 do_action('admin_init');

 $action = 'admin_post';
+
+if ( !wp_validate_auth_cookie() )
+	$action .= '_nopriv';
+
 if ( !empty($_REQUEST['action']) )
 	$action .= '_' . $_REQUEST['action'];

--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@@ -11,14 +11,25 @@
 *
 * @since unknown
 */
-define('WP_ADMIN', TRUE);
+if ( !defined('WP_ADMIN') )
+	define('WP_ADMIN', TRUE);

 if ( defined('ABSPATH') )
 	require_once(ABSPATH . 'wp-load.php');
 else
 	require_once('../wp-load.php');

-if ( get_option('db_version') != $wp_db_version ) {
+if ( get_option('db_upgraded') ) {
+	$wp_rewrite->flush_rules();
+	update_option( 'db_upgraded',  false );
+
+	/**
+	 * Runs on the next page load after successful upgrade
+	 *
+	 * @since 2.8
+	 */
+	do_action('after_db_upgrade');
+} elseif ( get_option('db_version') != $wp_db_version ) {
 	wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
 	exit;
 }
@@ -31,8 +42,9 @@ nocache_headers();

 update_category_cache();

+set_screen_options();
+
 $posts_per_page = get_option('posts_per_page');
-$what_to_show = get_option('what_to_show');
 $date_format = get_option('date_format');
 $time_format = get_option('time_format');

@@ -61,7 +73,12 @@ if (isset($plugin_page)) {
 		$page_hook = get_plugin_page_hook($plugin_page, $plugin_page);
 		// backwards compatibility for plugins using add_management_page
 		if ( empty( $page_hook ) && 'edit.php' == $pagenow && '' != get_plugin_page_hook($plugin_page, 'tools.php') ) {
-			wp_redirect('tools.php?page=' . $plugin_page);
+			// There could be plugin specific params on the URL, so we need the whole query string
+			if ( !empty($_SERVER[ 'QUERY_STRING' ]) )
+				$query_string = $_SERVER[ 'QUERY_STRING' ];
+			else
+				$query_string = 'page=' . $plugin_page;
+			wp_redirect( 'tools.php?' . $query_string );
 			exit;
 		}
 	}
@@ -129,7 +146,7 @@ if (isset($plugin_page)) {

 	// Make sure rules are flushed
 	global $wp_rewrite;
-	$wp_rewrite->flush_rules();
+	$wp_rewrite->flush_rules(false);

 	exit();
 } else {
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@@ -6,6 +6,8 @@
 * @subpackage Administration
 */

+define('WP_ADMIN', true);
+
 if ( defined('ABSPATH') )
 	require_once(ABSPATH . 'wp-load.php');
 else
@@ -28,8 +30,9 @@ if ( !current_user_can('upload_files') )
 if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
 	if ( 2 == $_REQUEST['fetch'] ) {
 		add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
-		echo get_media_item($id, array( 'send' => false, 'delete' => false ));
+		echo get_media_item($id, array( 'send' => false, 'delete' => true ));
 	} else {
+		add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
 		echo get_media_item($id);
 	}
 	exit;
@@ -39,7 +42,7 @@ check_admin_referer('media-form');

 $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
 if (is_wp_error($id)) {
-	echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
+	echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
 	exit;
 }

@@ -53,4 +56,4 @@ else {
 	echo apply_filters("async_upload_{$type}", $id);
 }

-?>
+?>
--- a/wp-admin/categories.php
+++ b/wp-admin/categories.php
@@ -25,11 +25,11 @@ case 'addcat':
 	if ( !current_user_can('manage_categories') )
 		wp_die(__('Cheatin&#8217; uh?'));

-	if( wp_insert_category($_POST ) ) {
-		wp_redirect('categories.php?message=1#addcat');
-	} else {
-		wp_redirect('categories.php?message=4#addcat');
-	}
+	if ( wp_insert_category($_POST ) )
+		wp_safe_redirect( add_query_arg( 'message', 1, wp_get_referer() ) . '#addcat' );
+	else
+		wp_safe_redirect( add_query_arg( 'message', 4, wp_get_referer() ) . '#addcat' );
+
 	exit;
 break;

@@ -40,15 +40,15 @@ case 'delete':
 	if ( !current_user_can('manage_categories') )
 		wp_die(__('Cheatin&#8217; uh?'));

-	$cat_name = get_catname($cat_ID);
+	$cat_name = get_cat_name($cat_ID);

 	// Don't delete the default cats.
-    if ( $cat_ID == get_option('default_category') )
+	if ( $cat_ID == get_option('default_category') )
 		wp_die(sprintf(__("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name));

 	wp_delete_category($cat_ID);

-	wp_redirect('categories.php?message=2');
+	wp_safe_redirect( add_query_arg( 'message', 2, wp_get_referer() ) );
 	exit;

 break;
@@ -60,7 +60,7 @@ case 'bulk-delete':
 		wp_die( __('You are not allowed to delete categories.') );

 	foreach ( (array) $_GET['delete'] as $cat_ID ) {
-		$cat_name = get_catname($cat_ID);
+		$cat_name = get_cat_name($cat_ID);

 		// Don't delete the default cats.
 		if ( $cat_ID == get_option('default_category') )
@@ -69,9 +69,7 @@ case 'bulk-delete':
 		wp_delete_category($cat_ID);
 	}

-	$sendback = wp_get_referer();
-
-	wp_redirect($sendback);
+	wp_safe_redirect( wp_get_referer() );
 	exit();

 break;
@@ -131,9 +129,9 @@ $messages[5] = __('Category not updated.');

 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
 </h2>

 <?php
@@ -144,9 +142,9 @@ endif; ?>

 <form class="search-form topmargin" action="" method="get">
 <p class="search-box">
-	<label class="hidden" for="category-search-input"><?php _e('Search Categories'); ?>:</label>
-	<input type="text" class="search-input" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Categories' ); ?>" class="button" />
+	<label class="screen-reader-text" for="category-search-input"><?php _e('Search Categories'); ?>:</label>
+	<input type="text" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" />
 </p>
 </form>
 <br class="clear" />
@@ -162,15 +160,23 @@ endif; ?>
 $pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
 if ( empty($pagenum) )
 	$pagenum = 1;
-if( ! isset( $catsperpage ) || $catsperpage < 0 )
-	$catsperpage = 20;
+
+$cats_per_page = get_user_option('categories_per_page');
+if ( empty($cats_per_page) )
+	$cats_per_page = 20;
+$cats_per_page = apply_filters('edit_categories_per_page', $cats_per_page);
+
+if ( !empty($_GET['s']) )
+	$num_cats = count(get_categories(array('hide_empty' => 0, 'search' => $_GET['s'])));
+else
+	$num_cats = wp_count_terms('category');

 $page_links = paginate_links( array(
 	'base' => add_query_arg( 'pagenum', '%#%' ),
 	'format' => '',
 	'prev_text' => __('&laquo;'),
 	'next_text' => __('&raquo;'),
-	'total' => ceil(wp_count_terms('category') / $catsperpage),
+	'total' => ceil($num_cats / $cats_per_page),
 	'current' => $pagenum
 ));

@@ -183,7 +189,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-categories'); ?>
 </div>

@@ -207,7 +213,7 @@ if ( $page_links )

 	<tbody id="the-list" class="list:cat">
 <?php
-cat_rows(0, 0, 0, $pagenum, $catsperpage);
+cat_rows(0, 0, 0, $pagenum, $cats_per_page);
 ?>
 	</tbody>
 </table>
@@ -223,7 +229,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 <?php wp_nonce_field('bulk-categories'); ?>
 </div>

@@ -233,7 +239,7 @@ if ( $page_links )
 </form>

 <div class="form-wrap">
-<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the category <strong>%s</strong>.'), apply_filters('the_category', get_catname(get_option('default_category')))) ?></p>
+<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the category <strong>%s</strong>.'), apply_filters('the_category', get_cat_name(get_option('default_category')))) ?></p>
 <p><?php printf(__('Categories can be selectively converted to tags using the <a href="%s">category to tag converter</a>.'), 'admin.php?import=wp-cat2tag') ?></p>
 </div>

@@ -277,7 +283,7 @@ if ( $page_links )
    <p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
 </div>

-<p class="submit"><input type="submit" class="button" name="submit" value="<?php _e('Add Category'); ?>" /></p>
+<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p>
 <?php do_action('edit_category_form', $category); ?>
 </form></div>

@@ -289,21 +295,6 @@ if ( $page_links )
 </div><!-- /col-container -->
 </div><!-- /wrap -->

-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected categories.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-/* ]]> */
-</script>
-
 <?php
 inline_edit_term_row('categories');

--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) )
 *
 * @param string $msg Error Message. Assumed to contain HTML and be sanitized.
 */
-function comment_footer_die( $msg ) {  //
+function comment_footer_die( $msg ) {
 	echo "<div class='wrap'><p>$msg</p></div>";
 	include('admin-footer.php');
 	die;
@@ -90,18 +90,18 @@ if ( 'spam' == $_GET['dt'] ) {

 <table width="100%">
 <tr>
-<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
-<td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td>
+<td><input type='button' class="button" value='<?php esc_attr_e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
+<td class="textright"><input type='submit' class="button" value='<?php echo esc_attr($button); ?>' /></td>
 </tr>
 </table>

 <?php wp_nonce_field( $nonce_action ); ?>
-<input type='hidden' name='action' value='<?php echo $formaction; ?>' />
+<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
 <?php if ( 'spam' == $_GET['dt'] ) { ?>
 <input type='hidden' name='dt' value='spam' />
 <?php } ?>
-<input type='hidden' name='p' value='<?php echo $comment->comment_post_ID; ?>' />
-<input type='hidden' name='c' value='<?php echo $comment->comment_ID; ?>' />
+<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
+<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
 <input type='hidden' name='noredir' value='1' />
 </form>

@@ -119,11 +119,11 @@ if ( 'spam' == $_GET['dt'] ) {
 <?php if ( $comment->comment_author_url ) { ?>
 <tr>
 <th scope="row"><?php _e('URL'); ?></th>
-<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
+<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
 </tr>
 <?php } ?>
 <tr>
-<th scope="row" valign="top"><?php echo _c('Comment|noun'); ?></th>
+<th scope="row" valign="top"><?php /* translators: field name in comment form */ echo _x('Comment', 'noun'); ?></th>
 <td><?php echo $comment->comment_content; ?></td>
 </tr>
 </table>
@@ -216,7 +216,7 @@ case 'approvecomment' :
 case 'editedcomment' :

 	$comment_id = absint( $_POST['comment_ID'] );
-	$comment_post_id = absint( $_POST['comment_post_id'] );
+	$comment_post_id = absint( $_POST['comment_post_ID'] );

 	check_admin_referer( 'update-comment_' . $comment_id );

--- a/wp-admin/css/colors-classic-rtl.css
+++ b/wp-admin/css/colors-classic-rtl.css
@@ -12,7 +12,7 @@
 	background-image: url(../images/bubble_bg-rtl.gif);
 }
 .tablenav .tablenav-pages a {
-	background: #eee url('../images/menu-bits-rtl.gif') repeat-x scroll right -379px;
+	background: #eee url('../images/menu-bits-rtl-vs.gif') repeat-x scroll right -379px;
 }
 #upload-menu li.current {
 	border-right-color: transparent;
@@ -20,7 +20,7 @@
 }

 #adminmenu .wp-submenu .current a.current {
-	background: transparent url(../images/menu-bits-rtl.gif) no-repeat scroll  right -289px;
+	background: transparent url(../images/menu-bits-rtl-vs.gif) no-repeat scroll  right -289px;
 }

 #adminmenu li.wp-menu-separator {
@@ -33,7 +33,7 @@

 #adminmenu li.wp-has-current-submenu .wp-menu-toggle,
 #adminmenu li.wp-has-current-submenu:hover .wp-menu-toggle {
-	background: transparent url(../images/menu-bits-rtl.gif) repeat-x scroll right -207px;
+	background: transparent url(../images/menu-bits-rtl-vs.gif) repeat-x scroll right -207px;
 }

 #adminmenu .wp-has-current-submenu ul li a.current {
@@ -42,7 +42,7 @@

 #adminmenu li.wp-has-current-submenu a.wp-has-current-submenu,
 #adminmenu .menu-top .current {
-	background: url(../images/menu-bits-rtl.gif) top right repeat-x;
+	background: url(../images/menu-bits-rtl-vs.gif) top right repeat-x;
 }

 #adminmenu li.wp-has-current-submenu ul li a {
@@ -50,31 +50,31 @@
 }

 #adminmenu li.wp-has-current-submenu.wp-menu-open .wp-menu-toggle, #adminmenu li.wp-has-current-submenu:hover .wp-menu-toggle {
-	background: transparent url(../images/menu-bits-rtl.gif) no-repeat right -207px;
+	background: transparent url(../images/menu-bits-rtl-vs.gif) no-repeat right -207px;
 }

 #adminmenu .wp-has-submenu:hover .wp-menu-toggle,
 #adminmenu .wp-menu-open .wp-menu-toggle {
-	background: transparent url(../images/menu-bits-rtl.gif) repeat-x scroll right -109px;
+	background: transparent url(../images/menu-bits-rtl-vs.gif) repeat-x scroll right -109px;
 }

 #adminmenu a.wp-has-submenu {
-	background: #f1f1f1 url(../images/menu-bits-rtl.gif) repeat-x scroll right -379px;
+	background: #f1f1f1 url(../images/menu-bits-rtl-vs.gif) repeat-x scroll right -379px;
 }

 #adminmenu .wp-submenu a {
-	background: #FFFFFF url(../images/menu-bits-rtl.gif) no-repeat scroll right -310px;
+	background: #FFFFFF url(../images/menu-bits-rtl-vs.gif) no-repeat scroll right -310px;
 }

 #adminmenu li.current a,
 #adminmenu .wp-submenu a:hover {
-	background: transparent url(../images/menu-bits-rtl.gif) no-repeat scroll  right -289px;
+	background: transparent url(../images/menu-bits-rtl-vs.gif) no-repeat scroll  right -289px;
 }

 #adminmenu li.wp-has-current-submenu a.wp-has-submenu {
-	background: #b5b5b5 url(../images/menu-bits-rtl.gif) repeat-x scroll right top;
+	background: #b5b5b5 url(../images/menu-bits-rtl-vs.gif) repeat-x scroll right top;
 }

 .meta-box-sortables .postbox:hover .handlediv {
-	background: transparent url(../images/menu-bits-rtl.gif) no-repeat scroll right -111px;
+	background: transparent url(../images/menu-bits-rtl-vs.gif) no-repeat scroll right -111px;
 }
--- a/wp-admin/css/colors-classic.css
+++ b/wp-admin/css/colors-classic.css
--- a/wp-admin/css/colors-fresh.css
+++ b/wp-admin/css/colors-fresh.css
@@ -2,6 +2,26 @@ html {
 	background-color: #f9f9f9;
 }

+* html input,
+* html .widget {
+    border-color: #dfdfdf;
+}
+
+textarea,
+input,
+select {
+	border-color: #DFDFDF;
+}
+
+kbd,
+code {
+	background: #eaeaea;
+}
+
+input[readonly] {
+	background-color: #eee;
+}
+
 .find-box-search {
 	border-color: #dfdfdf;
 	background-color: #f1f1f1;
@@ -29,11 +49,6 @@ body > #upload-menu {
 	border-bottom-color: #fff;
 }

-kbd, code {
-	background: #eaeaea;
-}
-
-div#current-widgets,
 #postcustomstuff table,
 #your-profile fieldset,
 #rightnow,
@@ -83,16 +98,16 @@ div.dashboard-widget-notice {
 	background-color: #cfe1ef;
 }

-div.dashboard-widget-submit,
-ul.widget-control-list div.widget-control-actions {
+div.dashboard-widget-submit {
 	border-top-color: #ccc;
 }

-div.ui-tabs-panel {
-	border-color: #f1f1f1;
+div.tabs-panel,
+ul#category-tabs li.tabs {
+	border-color: #dfdfdf;
 }

-ul#category-tabs li.ui-tabs-selected {
+ul#category-tabs li.tabs {
 	background-color: #f1f1f1;
 }

@@ -101,10 +116,6 @@ textarea.disabled {
 	background-color: #ccc;
 }
 /* #upload-menu li a.upload-tab-link, */
-li.widget-list-control-item h4.widget-title a:hover,
-li.widget-list-control-item h4.widget-title a,
-#dragHelper li.widget-list-control-item h4.widget-title a,
-#draghelper li.widget-list-control-item h4.widget-title a:visited,
 .login #backtoblog a:hover,
 #plugin-information .action-button a,
 #plugin-information .action-button a:hover,
@@ -112,14 +123,9 @@ li.widget-list-control-item h4.widget-title a,
 	color: #fff;
 }

-li.widget-list-control-item div.widget-control {
-	background-color: #fff;
-	border-color: #dfdfdf;
-}
-
-.metabox-holder .postbox h3,
-#poststuff .postbox h3,
-#poststuff .stuffbox h3 {
+.widget .widget-top,
+.postbox h3,
+.stuffbox h3 {
 	background: #dfdfdf url("../images/gray-grad.png") repeat-x left top;
 	text-shadow: #fff 0 1px 0;
 }
@@ -130,29 +136,21 @@ li.widget-list-control-item div.widget-control {
 	text-shadow: #fff 0 1px 0;
 }

-.setting-description, .form-wrap p {
+.description,
+.form-wrap p {
 	color: #666;
 }

-select {
-	background-color: #fff;
-	border-color: #ddd;
-}
-
 strong .post-com-count span {
 	background-color: #21759b;
 }

-ul#widget-list li.widget-list-item h4.widget-title {
-	background-color: #f0f0f0;
-	color: #000;
-}
-
 .sorthelper {
 	background-color: #ccf3fa;
 }

-.ac_match, .subsubsub a.current {
+.ac_match,
+.subsubsub a.current {
 	color: #000;
 }

@@ -173,7 +171,8 @@ ul#widget-list li.widget-list-item h4.widget-title {
 	color: #101010;
 }

-.alternate, .alt {
+.alternate,
+.alt {
 	background-color: #f9f9f9;
 }

@@ -190,11 +189,13 @@ ul#widget-list li.widget-list-item h4.widget-title {
 #media-upload {
 	background: #fff;
 }
+
 #media-upload .slidetoggle {
 	border-top-color: #dfdfdf;
 }

-.error, #login #login_error {
+.error,
+#login #login_error {
 	background-color: #ffebe8;
 	border-color: #c00;
 }
@@ -211,11 +212,6 @@ ul#widget-list li.widget-list-item h4.widget-title {
 	border-color: #c00 !important;
 }

-.form-table input,
-.form-table textarea,
-.search-input,
-.form-field input,
-.form-field textarea,
 .submit {
 	border-color: #DFDFDF;
 }
@@ -271,11 +267,11 @@ td.help {
 	color: #000;
 }

-.side-info h5, .bordertitle {
+.side-info h5 {
 	border-bottom-color: #dadada;
 }

-.side-info ul, .widget-description {
+.side-info ul {
 	color: #666;
 }

@@ -348,12 +344,15 @@ a:hover,
 #adminmenu ul.wp-submenu a:hover,
 #the-comment-list .comment a:hover,
 #rightnow a:hover,
+#login form .submit input:hover,
+#media-upload a.del-link:hover,
+div.dashboard-widget-submit input:hover,
 .subsubsub a:hover,
 .subsubsub a.current:hover,
-#login form .submit input:hover,
-div.dashboard-widget-submit input:hover,
-#media-upload a.del-link:hover,
-.ui-tabs-nav a:hover {
+.ui-tabs-nav a:hover,
+.plugins .inactive a:hover,
+#all-plugins-table .plugins .inactive a:hover,
+#search-plugins-table .plugins .inactive a:hover {
 	color: #d54e21;
 }

@@ -368,7 +367,7 @@ div.dashboard-widget-submit input:hover,
 	color: #EAF2FA !important;
 }

-#side-info-column #category-tabs .ui-tabs-selected a {
+#side-sortables #category-tabs .tabs a {
 	color: #333;
 }

@@ -382,13 +381,17 @@ div.dashboard-widget-submit input:hover,
 	color: #ccc;
 }

-.submitbox .submitdelete, a.delete {
+.plugins a.delete:hover,
+#all-plugins-table .plugins a.delete:hover,
+#search-plugins-table .plugins a.delete:hover,
+.submitbox .submitdelete,
+a.delete {
 	color: #f00;
 	border-bottom-color: #f00;
 }

 .submitbox .submitdelete:hover,
-#media-upload a.delete:hover {
+#media-items a.delete:hover {
 	color: #fff;
 	background-color: #f00;
 	border-bottom-color: #f00;
@@ -423,18 +426,22 @@ div.dashboard-widget-submit input:hover,
 	border-color: #e6db55;
 }

+.update-message {
+	color: #000000;
+}
+
 a.page-numbers {
 	border-bottom-color: #B8D3E2;
 }

-div#available-widgets-filter,
-ul#widget-list li.widget-list-item,
 .commentlist li {
 	border-bottom-color: #ccc;
 }

 .widefat td,
-.widefat th {
+.widefat th,
+#install-plugins .plugins td,
+#install-plugins .plugins th {
 	border-color: #dfdfdf;
 }

@@ -460,19 +467,21 @@ h3.dashboard-widget-title small a:hover {
 	color: #fff;
 }

+a,
 #adminmenu a,
 #poststuff #edButtonPreview,
 #poststuff #edButtonHTML,
 #the-comment-list p.comment-author strong a,
 #media-upload a.del-link,
-#media-upload a.delete,
-.ui-tabs-nav a, a {
+#media-items a.delete,
+.plugins a.delete,
+.ui-tabs-nav a {
 	color: #21759b;
 }

 /* Because we don't want visited on these links */
-body.press-this .ui-tabs-selected a,
-body.press-this .ui-tabs-selected a:hover {
+body.press-this .tabs a,
+body.press-this .tabs a:hover {
 	background-color: #fff;
 	border-color: #c6d9e9;
 	border-bottom-color: #fff;
@@ -502,10 +511,10 @@ body.press-this .ui-tabs-selected a:hover {
 	background-color: #ddd;
 	color: #000;
 	text-shadow: none;
-	-moz-box-shadow: rgba(0,0,0,0.2) 0px -1px 0px;
-	-khtml-box-shadow: rgba(0,0,0,0.2) 0px -1px 0px;
-	-webkit-box-shadow: rgba(0,0,0,0.2) 0px -1px 0px;
-	box-shadow: rgba(0,0,0,0.2) 0px -1px 0px;
+	-moz-box-shadow: rgba(0,0,0,0.2) 0 -1px 0;
+	-khtml-box-shadow: rgba(0,0,0,0.2) 0 -1px 0;
+	-webkit-box-shadow: rgba(0,0,0,0.2) 0 -1px 0;
+	box-shadow: rgba(0,0,0,0.2) 0 -1px 0;
 }

 #adminmenu li.current a:hover #awaiting-mod,
@@ -516,24 +525,16 @@ body.press-this .ui-tabs-selected a:hover {
 	color: #fff;
 }

-div#media-upload-header {
+div#media-upload-header,
+div#plugin-information-header {
 	background-color: #f9f9f9;
 	border-bottom-color: #dfdfdf;
 }

-div#plugin-information-header {
-	background-color: #e4f2fd;
-	border-bottom-color: #c6d9e9;
-}
-
 #currenttheme img {
 	border-color: #666;
 }

-#current-widgets .drop-widget-here {
-	background-color: #ffc;
-}
-
 #dashboard_secondary div.dashboard-widget-content ul li a {
 	background-color: #f9f9f9;
 }
@@ -542,13 +543,6 @@ input.readonly, textarea.readonly {
 	background-color: #ddd;
 }

-#dragHelper h4.widget-title,
-li.widget-list-control-item h4,
-#dragHelper li.widget-list-control-item h4 {
-	background-color: #2683ae;
-	color: #fff;
-}
-
 #ed_toolbar input,
 #ed_reply_toolbar input {
 	background: #fff url("../images/fade-butt.png") repeat-x 0 -2px;
@@ -582,46 +576,38 @@ li.widget-list-control-item h4,
 	border-color: #dfdfdf;
 }

-#pass-strength-result {
-	background-color: #eee;
-	border-color: #ddd !important;
-}
-
-#pass-strength-result.bad {
-	background-color: #ffb78c;
-	border-color: #ff853c !important;
-}
-
-#pass-strength-result.good {
-	background-color: #ffec8b;
-	border-color: #fc0 !important;
-}
-
-#pass-strength-result.short {
-	background-color: #ffa0a0;
-	border-color: #f04040 !important;
-}
-
-#pass-strength-result.strong {
-	background-color: #c3ff88;
-	border-color: #8dff1c !important;
-}
-
 .checkbox,
 .side-info,
+.plugins tr,
 #your-profile #rich_editing {
 	background-color: #fff;
 }

-.plugins .active {
-	background-color: #e7f7d3;
+.plugins .inactive,
+.plugins .inactive th,
+.plugins .inactive td,
+tr.inactive + tr.plugin-update-tr .plugin-update {
+	background-color: #eee;
 }

-.plugins .togl {
-	border-right-color: #ccc;
+.plugin-update-tr .update-message {
+	background-color: #fffbe4;
+	border-color: #dfdfdf;
 }

-#the-comment-list .unapproved {
+.plugins .active,
+.plugins .active th,
+.plugins .active td {
+	color: #000;
+}
+
+.plugins .inactive a { 
+	color: #557799; 	
+}
+
+#the-comment-list .unapproved,
+#the-comment-list .unapproved th,
+#the-comment-list .unapproved td {
 	background-color: #ffffe0;
 }

@@ -637,31 +623,25 @@ li.widget-list-control-item h4,
 	color: #bc0b0b;
 }

-.plugins tr {
-	background-color: #fff;
-}
-
-.metabox-holder .postbox,
-#poststuff .postbox,
+.widget,
+#widget-list .widget-top,
+.postbox,
 #titlediv,
 #poststuff .postarea,
-#poststuff .stuffbox,
-.postbox input[type="text"],
-.postbox textarea,
-.stuffbox input[type="text"],
-.stuffbox textarea {
+.stuffbox {
 	border-color: #dfdfdf;
 }

-.metabox-holder .postbox,
-#poststuff .postbox {
-	background-color: #FFF;
+.widget,
+.postbox {
+	background-color: #fff;
 }

 .ui-sortable .postbox h3 {
 	color: #464646;
 }

+.widget .widget-top,
 .ui-sortable .postbox h3:hover {
 	color: #000;
 }
@@ -682,20 +662,19 @@ li.widget-list-control-item h4,
 	color: #448abd;
 }

-#tagchecklist span a,
+.tagchecklist span a,
 #bulk-titles div a {
 	background: url(../images/xit.gif) no-repeat;
 }

-#tagchecklist span a:hover,
+.tagchecklist span a:hover,
 #bulk-titles div a:hover {
 	background: url(../images/xit.gif) no-repeat -10px 0;
 }

-#update-nag, .plugin-update {
+#update-nag {
 	background-color: #fffeeb;
-	border-bottom-color: #ccc;
-	border-top-color: #ccc;
+	border-color: #ccc;
 	color: #555;
 }

@@ -719,25 +698,26 @@ body.login {
 	color: #555;
 }

-#wphead h1 a:hover {
-	text-decoration: underline;
-}
-
 #user_info {
 	color: #999;
 }

-#user_info a:link, #user_info a:visited, #footer a:link, #footer a:visited {
+#user_info a:link,
+#user_info a:visited,
+#footer a:link,
+#footer a:visited {
 	color: #ccc;
 	text-decoration: none;
 }

-#user_info a:hover, #footer a:hover {
+#user_info a:hover,
+#footer a:hover {
 	color: #fff;
 	text-decoration: underline !important;
 }

-#user_info a:active, #footer a:active {
+#user_info a:active,
+#footer a:active {
 	color: #ccc !important;
 }

@@ -749,8 +729,29 @@ abbr.required,
 	color: #f00;
 }

-#media-upload a.delete {
-	color: #888;
+#pass-strength-result {
+	background-color: #eee;
+	border-color: #ddd !important;
+}
+
+#pass-strength-result.bad {
+	background-color: #ffb78c;
+	border-color: #ff853c !important;
+}
+
+#pass-strength-result.good {
+	background-color: #ffec8b;
+	border-color: #fc0 !important;
+}
+
+#pass-strength-result.short {
+	background-color: #ffa0a0;
+	border-color: #f04040 !important;
+}
+
+#pass-strength-result.strong {
+	background-color: #c3ff88;
+	border-color: #8dff1c !important;
 }

 /* editors */
@@ -854,7 +855,6 @@ abbr.required,
 /* SplitButton */
 .wp_themeSkin .mceSplitButton a.mceAction,
 .wp_themeSkin .mceSplitButton a.mceOpen {
-	background-color: #e8e8e8;
 	border-color: #B2B2B2;
 }

@@ -925,7 +925,7 @@ abbr.required,
 }

 .wp_themeSkin tr.mceFirst td.mceToolbar {
-	background-color: #dfdfdf;
+	background: #dfdfdf url("../images/ed-bg.gif") repeat-x scroll left top;
 	border-color: #dfdfdf;
 }

@@ -992,7 +992,8 @@ abbr.required,

 #editorcontainer,
 #post-status-info,
-#titlediv #title {
+#titlediv #title,
+.editwidget .widget-inside {
 	border-color: #dfdfdf;
 }

@@ -1007,7 +1008,7 @@ abbr.required,

 #timestampdiv input,
 #namediv input,
-#tagsdiv #the-tagcloud {
+#poststuff .inside .the-tagcloud {
 	border-color: #ddd;
 }

@@ -1225,12 +1226,15 @@ abbr.required,
 table.diff .diff-deletedline {
 	background-color: #ffdddd;
 }
+
 table.diff .diff-deletedline del {
 	background-color: #ff9999;
 }
+
 table.diff .diff-addedline {
 	background-color: #ddffdd;
 }
+
 table.diff .diff-addedline ins {
 	background-color: #99ff99;
 }
@@ -1252,7 +1256,6 @@ table.diff .diff-addedline ins {
 	color: #D54E21;
 }

-
 #screen-options-wrap,
 #contextual-help-wrap {
 	background-color: #f1f1f1;
@@ -1287,7 +1290,9 @@ table.diff .diff-addedline ins {
 }

 /* table vim shortcuts */
-.vim-current {
+.vim-current,
+.vim-current th,
+.vim-current td {
 	background-color: #E4F2FD !important;
 }

@@ -1335,10 +1340,6 @@ div.star.select:hover {
 	border-color: #ddd;
 }

-.inline-edit-row p.submit {
-	background-color: #f1f1f1;
-}
-
 .inline-editor .categories .catshow,
 .inline-editor .categories .cathide {
 	color: #21759b;
@@ -1436,7 +1437,7 @@ fieldset.inline-edit-col-right .inline-edit-col {
 	background-color: #f5f5f5;
 }

-#post-body ul#category-tabs li.ui-tabs-selected a {
+#post-body ul#category-tabs li.tabs a {
 	color: #333;
 }

@@ -1543,6 +1544,7 @@ fieldset.inline-edit-col-right .inline-edit-col {
 }

 #icon-users,
+#icon-profile,
 #icon-user-edit {
 	background: transparent url(../images/icons32.png) no-repeat -600px -5px;
 }
@@ -1575,3 +1577,84 @@ fieldset.inline-edit-col-right .inline-edit-col {
 #header-logo {
 	background: transparent url(../images/wp-logo.gif) no-repeat scroll center center;
 }
+
+#wphead #site-visit-button {
+	background-color:#585858;
+	background-image: url(../images/visit-site-button-grad.gif);
+	color:#aaa;
+	text-shadow: #3F3F3F 0 -1px 0;
+}
+
+#wphead a:hover #site-visit-button {
+	color:#fff;
+}
+
+#wphead a:focus #site-visit-button,
+#wphead a:active #site-visit-button {
+	background-position:0 -27px;
+}
+
+.popular-tags,
+.feature-filter {
+	background-color: #FFFFFF;
+	border-color: #DFDFDF;
+}
+
+#theme-information .action-button {
+	border-top-color: #DFDFDF;
+}
+
+.theme-listing br.line {
+	border-bottom-color: #ccc;
+}
+
+div.widgets-sortables,
+#widgets-left .inactive {
+	background-color: #f1f1f1;
+    border-color: #ddd;
+}
+
+#available-widgets .widget-holder {
+    background-color: #fff;
+    border-color: #ddd;
+}
+
+#widgets-left .sidebar-name {
+	background-color: #aaa;
+	background-image: url(../images/ed-bg.gif);
+	text-shadow: #FFFFFF 0 1px 0;
+	border-color: #dfdfdf;
+}
+
+#widgets-right .sidebar-name {
+	background-image: url(../images/fav.png);
+	text-shadow: #3f3f3f 0 -1px 0;
+	background-color: #636363;
+	border-color: #636363;
+	color: #fff;
+}
+
+.sidebar-name:hover,
+#removing-widget {
+	color: #d54e21;
+}
+
+#removing-widget span {
+	color: black;
+}
+
+#widgets-left .sidebar-name-arrow {
+	background: transparent url(../images/menu-bits.gif) no-repeat scroll left -109px;
+}
+
+#widgets-right .sidebar-name-arrow {
+	background: transparent url(../images/fav-arrow.gif) no-repeat scroll 0 -1px;
+}
+
+.in-widget-title {
+	color: #606060;
+}
+
+.deleting .widget-title * {
+	color: #aaa;
+}
--- a/wp-admin/css/dashboard.css
+++ b/wp-admin/css/dashboard.css
@@ -56,18 +56,6 @@ form .textarea-wrap {
 	min-width: 0;
 }

-#dashboard-widgets-wrap .has-sidebar {
-	margin-right: -51%;
-}
-
-#dashboard-widgets-wrap .inner-sidebar {
-	width: 49%;
-}
-
-#dashboard-widgets-wrap .has-sidebar .has-sidebar-content {
-	margin-right: 51%;
-}
-
 div.postbox div.inside {
 	margin: 10px;
 	position: relative;
@@ -167,7 +155,7 @@ div.postbox div.inside {
 }

 #dashboard_right_now .waiting {
-	color: orange;
+	color: #e66f00;
 }

 #dashboard_right_now .approved {
@@ -210,7 +198,7 @@ div.postbox div.inside {
 }

 #the-comment-list .comment-item {
-	padding: 1em 10px 1em 70px;
+	padding: 1em 10px;
 	border-top: 1px solid;
 }

@@ -229,7 +217,7 @@ div.postbox div.inside {

 #the-comment-list .comment-item .avatar {
 	float: left;
-	margin-left: -60px;
+	margin: 0 10px 5px 0;
 }

 #the-comment-list .comment-item h4 {
@@ -394,3 +382,9 @@ a.rsswidget {
 	margin: 0 0 1.4em;
 	line-height: 1.4em;
 }
+
+.dashboard-comment-wrap {
+	overflow: hidden;
+	word-wrap: break-word;
+}
+
--- a/wp-admin/css/farbtastic-rtl.css
+++ b/wp-admin/css/farbtastic-rtl.css
@@ -1,7 +1,7 @@
-.farbtastic .color, .farbtastic .overlay {
-	left: 0;
-	right: 47px;
-}
-.farbtastic .marker {
-	margin: -8px -8px 0 0;
-}
+.farbtastic .color, .farbtastic .overlay {
+	left: 0;
+	right: 47px;
+}
+.farbtastic .marker {
+	margin: -8px -8px 0 0;
+}
--- a/wp-admin/css/global-rtl.css
+++ b/wp-admin/css/global-rtl.css
@@ -5,7 +5,7 @@
 	margin-right:-160px;
 	margin-left: 5px;
 }
-div.folded #adminmenu {
+body.folded #adminmenu {
 	margin-left: 0;
 	margin-right: -45px;
 }
@@ -14,16 +14,19 @@ div.folded #adminmenu {
 	float: left;
 	clear: left;
 }
-.has-sidebar {
-	float: right;
-	clear: right;
-	margin-right: 0;
-	margin-left: -340px;
+
+.has-right-sidebar #post-body {
+	clear:right;
+	float:right;
+	margin-right:0;
+	margin-left:-340px;
 }
-.has-sidebar .has-sidebar-content {
-	margin-right: 0;
-	margin-left: 305px;
+
+.has-right-sidebar #post-body-content {
+	margin-left: 300px;
+	margin-right:0;
 }
+
 #wpbody {
 	margin-left:0;
 	margin-right: 175px;
@@ -72,3 +75,9 @@ body, td, textarea, input, select {
 .updated, .error {
 	clear: both;
 }
+
+.screen-reader-text, .screen-reader-text span {
+	left:auto;
+	right:-1000em;
+}
+}
--- a/wp-admin/css/global.css
+++ b/wp-admin/css/global.css
@@ -112,23 +112,32 @@ table {
 }

 /* inner 2 column liquid layout */
-
 .inner-sidebar {
 	float: right;
 	clear: right;
-	width: 280px;
+	display: none;
+	width: 281px;
 	position: relative;
 }

-.has-sidebar {
+.inner-sidebar #side-sortables {
+	width: 280px;
+	min-height: 300px;
+}
+
+.has-right-sidebar .inner-sidebar {
+	display: block;
+}
+
+.has-right-sidebar #post-body {
 	float: left;
 	clear: left;
 	width: 100%;
 	margin-right: -340px;
 }

-.has-sidebar .has-sidebar-content {
-	margin-right: 305px;
+.has-right-sidebar #post-body-content {
+	margin-right: 300px;
 }

 /* 2 columns main area */
@@ -176,14 +185,26 @@ table {
 	clear: both;
 }

+/* Hide visually but not from screen readers */
+.screen-reader-text,
+.screen-reader-text span {
+	position: absolute;
+	left: -1000em;
+	height: 1px;
+	width: 1px;
+	overflow: hidden;
+}
+
 .hidden,
-.closed .inside,
-.hide-if-no-js {
+.js .closed .inside,
+.js .hide-if-js,
+.no-js .hide-if-no-js {
 	display: none;
 }

 /* include margin and padding in the width calculation of input and textarea */
 input[type="text"],
+input[type="password"],
 textarea {
 	-moz-box-sizing: border-box;
 	-webkit-box-sizing: border-box;
@@ -193,7 +214,7 @@ textarea {

 input[type="checkbox"],
 input[type="radio"] {
-	vertical-align: text-top;
+	vertical-align: middle;
 }

 /* styles for use by people extending the WordPress interface */
@@ -203,8 +224,22 @@ body {
 }

 body,
-td {
-	font: 13px "Lucida Grande", Verdana, Arial, "Bitstream Vera Sans", sans-serif;
+td,
+textarea,
+input,
+select {
+	font-family: "Lucida Grande", Verdana, Arial, "Bitstream Vera Sans", sans-serif;
+	font-size: 13px;
+}
+
+body,
+textarea {
+	line-height: 1.4em;
+}
+
+input,
+select {
+	line-height: 1em;
 }

 p {
@@ -235,7 +270,6 @@ dt {
 textarea,
 input,
 select {
-	font: 13px/19px "Lucida Grande", Verdana, Arial, "Bitstream Vera Sans", sans-serif;
 	margin: 1px;
 	padding: 3px;
 }
@@ -263,6 +297,7 @@ h3 {

 h4 {
  display: block;
+  font-size: 1em;
  font-weight: bold;
  margin: 1.33em 0;
 }
@@ -281,6 +316,30 @@ h6 {
  margin: 2.33em 0;
 }

+ul.ul-disc {
+	list-style: disc outside;
+}
+
+ul.ul-square {
+	list-style: square outside;
+}
+
+ol.ol-decimal {
+	list-style: decimal outside;
+}
+
+ul.ul-disc,
+ul.ul-square,
+ol.ol-decimal {
+	margin-left: 1.8em;
+}
+
+ul.ul-disc > li,
+ul.ul-square > li,
+ol.ol-decimal > li {
+	margin: 0 0 0.5em;
+}
+
 .subsubsub {
 	list-style: none;
 	margin: 8px 0 5px;
@@ -316,7 +375,6 @@ h6 {
 .widefat {
 	border-width: 1px;
 	border-style: solid;
-	border-collapse: separate;
 	border-spacing: 0;
 	width: 100%;
 	clear: both;
@@ -344,39 +402,13 @@ h6 {
 }

 .widefat td {
-	padding: 7px 7px 5px;
+	padding: 3px 7px;
 	vertical-align: top;
 }

-.widefat thead tr th:first {
-	-moz-border-radius-topleft: 4px;
-	-webkit-border-top-left-radius: 4px;
-	-khtml-border-top-left-radius: 4px;
-	border-top-left-radius: 4px;
-}
-
-.widefat thead tr th:last {
-	-moz-border-radius-topright: 4px;
-	-webkit-border-top-right-radius: 4px;
-	-khtml-border-top-right-radius: 4px;
-	border-top-right-radius: 4px;
-}
-
-.widefat tfoot tr th:first {
-	-moz-border-radius-bottomleft: 4px;
-	-webkit-border-bottom-left-radius: 4px;
-	-khtml-border-bottom-left-radius: 4px;
-	border-bottom-left-radius: 4px;
-}
-
-.widefat tfoot tr th:last {
-	-moz-border-radius-bottomright: 4px;
-	-webkit-border-bottom-right-radius: 4px;
-	-khtml-border-bottom-right-radius: 4px;
-	border-bottom-right-radius: 4px;
-}
-
-.widefat td p {
+.widefat td p,
+.widefat td ol,
+.widefat td ul {
 	font-size: 11px;
 }

@@ -439,7 +471,7 @@ h6 {

 .wrap .updated,
 .wrap .error {
-	margin: 5px 0;
+	margin: 5px 0 15px;
 }

 .wrap h2 {
--- a/wp-admin/css/ie-rtl.css
+++ b/wp-admin/css/ie-rtl.css
@@ -44,7 +44,7 @@ div#dashboard-widgets {
 	padding-right: 0;
 	padding-left: 1px;
 }
-#tagchecklist span a {
+.tagchecklist span a {
 	margin: 4px -9px 0 0;
 }
 .widefat th input {
--- a/wp-admin/css/ie.css
+++ b/wp-admin/css/ie.css
@@ -7,8 +7,7 @@ input.button-highlighted {
 }

 #minor-publishing-actions input,
-#major-publishing-actions input,
-#minor-publishing-actions .preview {
+#major-publishing-actions input {
 	min-width: auto;
 	padding-left: 0;
 	padding-right: 0;
@@ -22,8 +21,9 @@ input.button-highlighted {
 	margin-bottom: -1px;
 }

-* html #side-info-column {
-	height: auto;
+* html .inner-sidebar #side-sortables,
+* html .postbox-container .meta-box-sortables {
+	height: 300px;
 }

 * html #wpbody-content #screen-options-link-wrap {
@@ -38,21 +38,11 @@ input.button-highlighted {
 	text-align: center;
 }

-/*
-* html body.minwidth {
-	_width: expression(document.documentElement.clientWidth < 810 ? "808px" : "99.9%");
-}
-
-* html #wpbody {
-	_width: expression(document.documentElement.clientWidth > 982 ? "980px" : "99.9%");
-}
-*/
-
 * html #adminmenu {
 	margin-left: -80px;
 }

-* html div.folded #adminmenu {
+* html .folded #adminmenu {
 	margin-left: -22px;
 }

@@ -62,8 +52,13 @@ input.button-highlighted {
 	margin: 0;
 }

-#wpcontent.folded #adminmenu li.menu-top {
+* html #footer {
+	margin: 0;
+}
+
+.folded #adminmenu li.menu-top {
 	display: block;
+	zoom: 100%;
 }

 ul#adminmenu {
@@ -106,7 +101,7 @@ ul#adminmenu {
 	zoom: 100%;
 }

-#wpcontent.folded #adminmenu li.wp-menu-separator {
+.folded #adminmenu li.wp-menu-separator {
 	width: 28px;
 }

@@ -115,7 +110,7 @@ ul#adminmenu {
 	zoom: 100%;
 }

-#wpcontent.folded #adminmenu .menu-top {
+.folded #adminmenu .menu-top {
 	height: 30px;
 }

@@ -126,7 +121,8 @@ ul#adminmenu {
 #template,
 #template div,
 #editcat,
-#addcat {
+#addcat,
+* html .stuffbox h3 {
 	zoom: 100%;
 }

@@ -179,6 +175,10 @@ ul#adminmenu {
 }
 /* end Inline Editor */

+input {
+	line-height: 1;
+}
+
 * html .row-actions {
 	visibility: visible;
 }
@@ -188,11 +188,6 @@ ul#adminmenu {
 	line-height: 20px;
 }

-#the-comment-list .comment-item,
-ul#widget-list li.widget-list-item {
-	zoom: 100%;
-}
-
 #wphead-info {
 	float: right;
 }
@@ -204,9 +199,10 @@ ul#widget-list li.widget-list-item {
 a.button {
 	line-height: 1.4em;
 	margin: 1px;
+	padding: 4px 6px;
 }

-* html div.widget-liquid-left-holder,
+* html div.widget-liquid-left,
 * html div.widget-liquid-right {
 	display: block;
 	position: relative;
@@ -226,10 +222,10 @@ a.button {
 	zoom: 100%;
 }

+#the-comment-list .comment-item,
 #post-status-info,
 #wpwrap,
 #wpcontent,
-#post,
 #wrap,
 #postdivrich,
 #postdiv,
@@ -239,16 +235,19 @@ a.button {
 #post-body,
 #editorcontainer,
 .tablenav,
-.widget-control-list,
-li.widget-list-control-item,
+.widget-liquid-left,
+.widget-liquid-right,
+#widgets-left,
+.widgets-sortables,
 #dragHelper,
-li.widget-list-control-item h4,
-.widget-sortable,
+.widget .widget-top,
+.widget,
 .widget-control-actions,
-#tagchecklist,
+.tagchecklist,
 #col-container,
 #col-left,
-#col-right {
+#col-right,
+.fileedit-sub {
 	display: block;
 	zoom: 100%;
 }
@@ -273,7 +272,8 @@ form#template div {
 	width: 100%;
 }

-#ed_toolbar input {
+#ed_toolbar input,
+#ed_reply_toolbar input {
 	overflow: visible;
 	padding: 0 4px;
 }
@@ -296,12 +296,12 @@ div#dashboard-widgets {
 	padding-right: 1px;
 }

-#tagchecklist span, #tagchecklist span a {
+.tagchecklist span, .tagchecklist span a {
 	display: inline-block;
 	display: block;
 }

-#tagchecklist span a {
+.tagchecklist span a {
 	margin: 4px 0 0 -9px;
 }

@@ -338,7 +338,64 @@ table.ie-fixed {
 	padding: 4px 0 22px;
 }

+.widefat {
+	empty-cells: show;
+	border-collapse: collapse;
+}
+
 .tablenav a.button-secondary {
 	display: inline-block;
 	padding: 2px 5px;
 }
+
+* html .stuffbox,
+* html .stuffbox input,
+* html .stuffbox textarea {
+	border: 1px solid #DFDFDF;
+}
+
+* html .feature-filter .feature-group li {
+	width: 145px;
+}
+
+* html .widget-top .widget-title-action a {
+    background: url("../images/menu-bits.gif") no-repeat scroll 0 -110px;
+}
+
+* html div.widget-liquid-left {
+    width: 99%;
+}
+
+#wp_inactive_widgets {
+	padding-bottom: 8px;
+}
+
+* html .widgets-sortables {
+	height: 50px;
+}
+
+* html a#content_resize {
+	right: -2px;
+}
+
+* html .widget-title h4 {
+	width: 205px;
+}
+
+* html #removing-widget .in-widget-title {
+	display: none;
+}
+
+#available-widgets .widget-holder {
+	padding-bottom: 65px;
+}
+
+#widgets-left .inactive {
+	padding-bottom: 10px;
+}
+
+.widget-liquid-right .widget,
+#wp_inactive_widgets .widget {
+	position: relative;
+}
+
--- a/wp-admin/css/login.css
+++ b/wp-admin/css/login.css
@@ -105,3 +105,7 @@ h1 a {
 	border: 1px solid #e5e5e5;
 	background: #fbfbfb;
 }
+
+.clear {
+	clear: both;
+}
--- a/wp-admin/css/media.css
+++ b/wp-admin/css/media.css
@@ -104,46 +104,6 @@ tr.image-size label {
 	max-height: 40px;
 }

-.filename.original {
-	float: left;
-}
-
-.crunching {
-	display: block;
-	line-height: 32px;
-	text-align: right;
-	margin-right: 5px;
-}
-
-button.dismiss {
-	position: absolute;
-	top: 7px;
-	right: 5px;
-	z-index: 4;
-	width: 8em;
-}
-
-.file-error {
-	float: left;
-	font-weight: bold;
-	padding: 10px;
-}
-
-.progress {
-	position: absolute;
-	top: 0;
-	left: 0;
-	width: 623px;
-	height: 36px;
-}
-
-.bar {
-	width: 0;
-	height: 100%;
-	border-right-width: 3px;
-	border-right-style: solid;
-}
-
 #library-form .progress,
 #gallery-form .progress,
 #flash-upload-ui,
@@ -229,7 +189,7 @@ abbr.required {
 	margin: 0 1em 1em 0;
 }

-#media-upload .media-upload-form p.ml-submit {
+#media-upload p.ml-submit {
 	padding: 1em 0;
 }

@@ -252,7 +212,6 @@ abbr.required {
 }

 #media-upload .media-item {
-	position: relative;
 	border-bottom-width: 1px;
 	border-bottom-style: solid;
 	min-height: 36px;
@@ -264,11 +223,9 @@ abbr.required {
 }

 .filename {
-	float: left;
 	line-height: 36px;
-	margin-left: 10px;
+	padding: 0 10px;
 	overflow: hidden;
-	max-width: 430px;
 }

 #media-upload .describe {
@@ -314,11 +271,6 @@ abbr.required {
 	width: auto;
 }

-#media-upload a.delete,
-#media-upload a.del-link {
-	padding: 0 3px 1px;
-}
-
 #media-upload .del-attachment {
 	display: none;
 	margin: 5px 0;
@@ -355,7 +307,9 @@ abbr.required {
 }

 .sorthelper {
-	z-index: -1;
+	height: 37px;
+	width: 623px;
+	display: block;
 }

 #gallery-settings th.label {
@@ -424,3 +378,23 @@ h3.media-title  {
 #gallery-settings select#columns {
 	width: 6em;
 }
+
+#sort-buttons {
+	font-size: 0.8em;
+	margin: 3px 25px -8px 0;
+	text-align: right;
+	max-width: 625px;
+}
+
+#sort-buttons a {
+	text-decoration: none;
+}
+
+#sort-buttons #asc,
+#sort-buttons #showall {
+	padding-left: 5px;
+}
+
+#sort-buttons span {
+	margin-right: 25px;
+}
--- a/wp-admin/css/plugin-install.css
+++ b/wp-admin/css/plugin-install.css
@@ -68,7 +68,7 @@ div.star img {
 	border-top-left-radius: 3px;
 	-webkit-border-bottom-left-radius: 3px;
 	-khtml-border-bottom-left-radius: 3px;
-	border-top-bottom-radius: 3px;
+	border-bottom-left-radius: 3px;
 }

 #plugin-information .action-button a {
@@ -85,8 +85,7 @@ div.star img {
 }

 #plugin-information .fyi {
-	margin-left: 10px;
-	margin-bottom: 50px;
+	margin: 0 10px 50px;
 	width: 210px;
 }

@@ -111,7 +110,7 @@ div.star img {
 	-moz-border-radius-bottomleft: 3px;
 	-webkit-border-bottom-left-radius: 3px;
 	-khtml-border-bottom-left-radius: 3px;
-	border-top-bottom-radius: 3px;
+	border-bottom-left-radius: 3px;
 }

 #plugin-information .fyi li {
@@ -146,4 +145,4 @@ div.star img {

 #plugin-information pre {
 	padding: 7px;
-}
+}
--- a/wp-admin/css/press-this-rtl.css
+++ b/wp-admin/css/press-this-rtl.css
@@ -1,22 +1,26 @@
 body {
 	font-family: Tahoma, Arial;
 }
+
 #poststuff #edButtonPreview,
 #poststuff #edButtonHTML {
-	margin: 0px 0 0 5px;
+	margin: 0 0 0 5px;
 	float: right;
 }
+
 /* Editor/Main Column */
 div#poststuff {
 	padding-left: 0;
 	padding-right: 10px;
 }
+
 .posting {
 	margin-right: 0;
 	margin-left: 228px;
-	left:auto;
+	left: auto;
 	right: 0;
 }
+
 #side-info-column {
 	float: left;
 	right: auto;
@@ -24,50 +28,62 @@ div#poststuff {
 	margin-right: 0;
 	margin-left: 10px;
 }
+
 #side-info-column .sleeve {
 	padding-left: 0;
 	padding-right: 10px;
 }
+
 h3.tb {
 	margin-left: 0;
 	margin-right: 5px;
 }
+
 #actions {
 	float: left;
 }
+
 #extra_fields #actions {
 	right: auto;
 	left: 4px;
 }
+
 #actions li {
 	float: right;
 	margin-right: 0;
 	margin-left: 10px;
 }
+
 #extra_fields .button {
 	margin-right: 0;
 	margin-left: 5px;
 }
+
 /* Photo Styles */
 #img_container a {
 	float: right;
 }
+
 #category-add input, #category-add select {
 	font-family: Tahoma, Arial;
 }
+
 #categorydiv ul.categorychecklist ul {
 	margin-left: 0;
 	margin-right: 18px;
 }
+
 /* Tags */
 #tagsdiv #newtag {
 	margin-right: 0;
 	margin-left: 5px;
 }
+
 #tagadd {
 	margin-left: 0;
 	margin-right: 3px;
 }
+
 #tagchecklist span {
 	margin-left: .5em;
 	margin-right: 10px;
@@ -77,29 +93,35 @@ h3.tb {
 	margin: 6px -9px 0 0;
 	float: right;
 }
+
 #content {
 	margin-left: 0;
 	margin-right: 1%;
 }
+
 .submit input,
 .button,
 .button-primary,
 .button-secondary,
 .button-highlighted,
 #postcustomstuff .submit input {
-	font-family: tahoma;
+	font-family: Tahoma, Arial, sans-serif;
 }
+
 .ac_results li {
 	text-align: right;
 }
+
 #TB_ajaxContent #options {
 	right: auto;
 	left: 25px;
 }
+
 #post_status {
 	margin-left: 0;
 	margin-right: 10px;
 }
+
 /* Footer */
 #footer {
 	padding: 10px 60px 0 0;
--- a/wp-admin/css/press-this.css
+++ b/wp-admin/css/press-this.css
@@ -1,5 +1,5 @@
 body {
-	font: 13px "Lucida Grande", "Bitstream Vera Sans", Verdana, Arial, sans-serif;
+	font: 13px "Lucida Grande", Verdana, Arial, "Bitstream Vera Sans", sans-serif;
 	color: #333;
 	margin: 0;
 	padding: 0;
@@ -16,34 +16,26 @@ img {
 	background: #444 !important;
 }

+.tagchecklist span a {
+background: transparent url(../images/xit.gif) no-repeat 0 0;
+}
+
 #poststuff #edButtonPreview,
 #poststuff #edButtonHTML {
-	-moz-border-radius-bottomleft: 0;
-	-moz-border-radius-bottomright: 0;
-	-moz-border-radius-topleft: 3px;
-	-moz-border-radius-topright: 3px;
-	-khtml-border-radius-bottomleft: 0;
-	-khtml-border-radius-bottomright: 0;
-	-khtml-border-radius-topleft: 3px;
-	-khtml-border-radius-topright: 3px;
-	-webkit-border-radius-bottomleft: 0;
-	-webkit-border-radius-bottomright: 0;
-	-webkit-border-radius-topleft: 3px;
-	-webkit-border-radius-topright: 3px;
-	border-radius-bottomleft: 0;
-	border-radius-bottomright: 0;
-	border-radius-topleft: 3px;
-	border-radius-topright: 3px;
+	-moz-border-radius: 3px 3px 0 0;
+	-webkit-border-top-right-radius: 3px;
+	-webkit-border-top-left-radius: 3px;
+	-khtml-border-top-right-radius: 3px;
+	-khtml-border-top-left-radius: 3px;
+	border-top-right-radius: 3px;
+	border-top-left-radius: 3px;
 	border-style: solid;
 	border-width: 1px;
 	cursor: pointer;
 	display: block;
 	height: 18px;
-	margin: 0px 5px 0 0;
-	padding: 0px 5px 0px;
-	background-color: #E9E9E9;
-	border-bottom-color: #E9E9E9;
-	color: #333333;
+	margin: 0 5px 0 0;
+	padding: 0 5px 0;
 	font-size: 10px;
 	line-height: 18px;
 	float: left;
@@ -107,6 +99,7 @@ div.zerosize {
 }

 #side-info-column .sleeve {
+	padding-top: 5px;
 	padding-left: 10px;
 }

@@ -116,23 +109,15 @@ div.zerosize {
 }

 #poststuff h2, #poststuff h3 {
-	font-size: 14px;
-	font-weight: bold;
-	padding: 7px;
-	margin: 0 0 10px;
-	background-image: url(../images/postbox-bg.gif);
-	background-position: left top;
-	background-repeat: repeat-x;
 	font-size: 12px;
 	font-weight: bold;
 	line-height: 1;
 	margin: 0 0 10px;
 	padding: 7px 9px;
-	text-shadow: 0 1px 0 #FFFFFF;
 }

 h3.tb {
-	text-shadow: 0 1px 0 #FFFFFF;
+	text-shadow: 0 1px 0 #fff;
 	font-weight: bold;
 	font-size: 12px;
 	margin-left: 5px;
@@ -146,7 +131,6 @@ h3.tb {
 	border-radius: 6px;
 }

-.metabox-holder .postbox,
 .postbox,
 .stuffbox {
 	margin-bottom: 10px;
@@ -157,14 +141,10 @@ h3.tb {
 	-khtml-border-radius: 6px;
 	-webkit-border-radius: 6px;
 	border-radius: 6px;
-	border-color: #DFDFDF;
 }

-.titlediv {
-	border-color: #DFDFDF;
-}
-
-#title, .tbtitle {
+#title,
+.tbtitle {
 	-moz-border-radius: 6px;
 	-khtml-border-radius: 6px;
 	-webkit-border-radius: 6px;
@@ -174,7 +154,7 @@ h3.tb {
 	font-size: 1.7em;
 	outline: none;
 	padding: 3px 4px;
-	border-color: #DFDFDF;
+	border-color: #dfdfdf;
 }

 .tbtitle {
@@ -186,22 +166,13 @@ h3.tb {
 	width: 98%;
 }

-.postbox h2 {
-	background-image: url(../images/postbox-bg.gif);
-	background-position: left top;
-	background-repeat: repeat-x;
-	background-color: #DFDFDF;
-}
-
 .editor-container {
 	-moz-border-radius: 6px;
 	-khtml-border-radius: 6px;
 	-webkit-border-radius: 6px;
 	border-radius: 6px;
-	border-collapse: separate;
-	border-style: solid;
-	border-width: 1px;
-	border-color: #DFDFDF;
+	border: 1px solid #dfdfdf;
+	background-color: #fff;
 }

 .postdivrich {
@@ -215,12 +186,12 @@ h3.tb {
 	margin-top: -19px;
 	position: relative;
 }
+
 #extra_fields #actions {
 	clear: both;
-	position: absolute;
-	right: 4px;
-	top: 6px;
-	margin: 0;
+	position: relative;
+	right: 0px;
+	margin: -24px 0 0;
 }

 #actions li {
@@ -228,8 +199,14 @@ h3.tb {
 	list-style: none;
 	margin-right: 10px;
 }
+
 #extra_fields .button {
 	margin-right: 5px;
+	padding: 3px 6px;
+	border-radius: 10px; 
+	-webkit-border-radius: 10px; 
+	-khtml-border-radius: 10px;
+	-moz-border-radius: 10px;
 }

 /* Photo Styles */
@@ -244,8 +221,9 @@ h3.tb {

 #img_container {
 	background-color: #fff;
-	height: 101px;
-	width: 100%;
+}
+#img_container_container {
+	overflow: auto;
 }

 #extra_fields {
@@ -274,14 +252,13 @@ h3.tb {
 	vertical-align: center;
 }

-#img_container img, #img_container a {
+#img_container img,
+#img_container a {
 	width: 68px;
 	height: 68px;
 }

 #img_container img {
-	width: 68px;
-	height: 68px;
 	border: none;
 	background-color: #f4f4f4;
 	cursor: pointer;
@@ -318,11 +295,12 @@ h3.tb {
 }

 #viewsite .button {
-	margin: 0 0 0px 0;
+	margin: 0;
 	display: block;
 }

-.wp-hidden-children .wp-hidden-child {
+.wp-hidden-children
+.wp-hidden-child {
 	display: none;
 }

@@ -356,12 +334,14 @@ h3.tb {
 	vertical-align: top;
 }

-#category-add input#category-add-sumbit {
+#category-add input,
+#category-add-sumbit {
 	width: auto;
 }

 /* Categories */
-#categorydiv ul, #linkcategorydiv ul {
+#categorydiv ul,
+#linkcategorydiv ul {
 	list-style: none;
 	padding: 0;
 	margin: 0;
@@ -371,8 +351,8 @@ h3.tb {
 	margin-left: 18px;
 }

-#categorydiv div.ui-tabs-panel {
-	height: 150px;
+#categorydiv div.tabs-panel {
+	height: 140px;
 	overflow: auto;
 }

@@ -383,34 +363,32 @@ ul.categorychecklist li {
 }

 /* Tags */
-#tagsdiv #newtag {
-	padding: 3px;
+.tagsdiv .newtag {
 	margin-right: 5px;
-	width: 16em;
 }

-#jaxtag {
+.jaxtag {
 	clear: both;
 	margin: 0;
 }

-#tagadd {
+.tagadd {
 	margin-left: 3px;
 }

-#tagchecklist {
+.tagchecklist {
 	margin-top: 3px;
 	margin-bottom: 1em;
 	font-size: 12px;
 	overflow: auto;
 }

-#tagchecklist strong {
+.tagchecklist strong {
 	position: absolute;
 	font-size: .75em;
 }

-#tagchecklist span {
+.tagchecklist span {
 	margin-right: .5em;
 	margin-left: 10px;
 	display: block;
@@ -421,7 +399,7 @@ ul.categorychecklist li {
 	cursor: default;
 }

-#tagchecklist span a {
+.tagchecklist span a {
 	margin: 6px 0 0 -9px;
 	cursor: pointer;
 	width: 10px;
@@ -437,13 +415,15 @@ ul.categorychecklist li {
 	width: 96% !important;
 	margin-left: 1%;
 	margin-bottom: 10px;
-	border: 1px solid #f1f1f1;
+	border: 0 none;
+	height: 365px;
 }

 /* Submit */

 #saving {
 	display: inline;
+	vertical-align: middle;
 }

 .submit input,
@@ -452,7 +432,7 @@ ul.categorychecklist li {
 .button-secondary,
 .button-highlighted,
 #postcustomstuff .submit input {
-	font-family: "Lucida Grande", "Bitstream Vera Sans", Verdana, Arial, sans-serif;
+	font-family: "Lucida Grande", Verdana, Arial, "Bitstream Vera Sans", sans-serif;
 	text-decoration: none;
 	font-size: 11px !important;
 	line-height: 16px;
@@ -469,7 +449,7 @@ ul.categorychecklist li {
 .button-primary {
 	background: #21759B url(../images/button-grad.png) repeat-x scroll left top;
 	border-color: #21759B;
-	color: #FFFFFF;
+	color: #fff;
 }

 .ac_results {
@@ -569,3 +549,11 @@ ul.categorychecklist li {
 .hidden {
 	display: none;
 }
+
+.postbox input[type="text"],
+.postbox textarea,
+.stuffbox input[type="text"],
+.stuffbox textarea {
+	border-width: 1px;
+	border-style: solid;
+}
--- a/wp-admin/css/theme-editor-rtl.css
+++ b/wp-admin/css/theme-editor-rtl.css
@@ -1,12 +1,3 @@
 #templateside {
 	float: left;
 }
-#themeselector {
-	padding-right: 0;
-	padding-left: 5px;
-	float: left;
-}
-div.tablenav {
-	margin-right: 0;
-	margin-left: 210px;
-}
--- a/wp-admin/css/theme-editor.css
+++ b/wp-admin/css/theme-editor.css
@@ -11,41 +11,26 @@
 #templateside {
 	float: right;
 	width: 190px;
+	word-wrap: break-word;
 }

-#templateside h3, #postcustomstuff p.submit {
+#templateside h3,
+#postcustomstuff p.submit {
 	margin: 0;
 }

-h3#bordertitle {
-	margin-bottom: 10px;
-}
-
 #templateside h4 {
-	margin-bottom: 0;
+	margin: 1em 0 0;
 }

-#templateside ol, #templateside ul {
-	list-style: none;
+#templateside ol,
+#templateside ul {
 	margin: .5em;
 	padding: 0;
 }

-#templateside ol li, #templateside ul li {
-	margin: 1px 0;
-}
-
-#themeselector {
-	padding-right: 5px;
-	float: right;
-	position: relative;
-	bottom: 25px;
-	top:20px;
-}
-
-#themeselector select {
-	margin: 0;
-	padding: 0;
+#templateside li {
+	margin: 4px 0;
 }

 .nonessential {
@@ -56,11 +41,20 @@ h3#bordertitle {
 	padding: 1px;
 }

-div.bordertitle h2 {
-	border: none;
-	padding-bottom: 0;
-}
-
 div.tablenav {
 	margin-right: 210px;
 }
+
+#documentation {
+	margin-top: 10px;
+}
+#documentation label {
+	line-height: 22px;
+	vertical-align: top;
+	font-weight: bold;
+}
+
+.fileedit-sub {
+	padding: 10px 0 8px;
+	line-height: 180%;
+}
--- a/wp-admin/css/theme-install.css
+++ b/wp-admin/css/theme-install.css
@@ -0,0 +1,142 @@
+/* NOTE: the following CSS rules(.star*) are taken more or less straight from the bbPress rating plugin. */
+div.star-holder {
+	position: relative;
+	height: 19px;
+	width: 100px;
+	font-size: 19px;
+}
+
+div.star {
+	height: 100%;
+	position: absolute;
+	top: 0;
+	left: 0;
+	background-color: transparent;
+	letter-spacing: 1ex;
+	border: none;
+}
+
+.star1 { width: 20%; }
+.star2 { width: 40%; }
+.star3 { width: 60%; }
+.star4 { width: 80%; }
+.star5 { width: 100%; }
+
+.star img, div.star a, div.star a:hover, div.star a:visited {
+	display: block;
+	position: absolute;
+	right: 0;
+	border: none;
+	text-decoration: none;
+}
+
+div.star img {
+	width: 19px;
+	height: 19px;
+	border-left: 1px solid #fff;
+	border-right: 1px solid #fff;
+}
+
+.theme-listing .theme-item {
+	display: inline-block;
+	width: 200px;
+	border: thin solid #ccc;
+	vertical-align: top;
+}
+
+.theme-listing .theme-item h3 {
+	text-align: center;
+	font-size: 14px;
+	font-style: italic;
+	margin: 0;
+	padding: 0;
+}
+
+.theme-listing .theme-item img {
+	max-width: 150px;
+	max-height: 150px;
+}
+
+.theme-listing .theme-item-info span {
+	display: none;
+}
+.theme-listing .theme-item:hover .theme-item-info span {
+	display: inline;
+}
+.theme-listing .theme-item:hover .theme-item-info span.dots {
+	display: none;
+}
+.theme-listing .theme-item-info span.action-links {
+	font-weight: bold;
+	text-align: center;
+}
+
+.theme-listing br.line {
+	border-bottom-width: 1px;
+	border-bottom-style: solid;
+	margin-bottom: 3px;
+}
+
+.available-theme {
+	padding: 20px 15px;
+}
+
+#theme-information .theme-preview-img {
+	float: left;
+	margin: 5px 25px 10px 15px;
+	width: 300px;
+}
+
+#theme-information .action-button {
+	border-top-width: 1px;
+	border-top-style: solid;
+	margin: 10px 5px 20px;
+}
+
+#theme-information .action-button #cancel {
+	float: left;
+	margin: 10px 15px;
+}
+
+#theme-information .action-button #install {
+	float: right;
+	margin: 10px 15px;
+}
+
+#theme-information .available-theme h3 {
+	margin: 1em 0;
+}
+
+body#theme-information {
+	height: auto;
+}
+
+.feature-filter {
+	-moz-border-radius: 8px;
+	-khtml-border-radius: 8px;
+	-webkit-border-radius: 8px;
+	border-radius: 8px;
+	border-width: 1px;
+	border-style: solid;
+	padding: 8px 12px 0;
+}
+
+.feature-filter .feature-group {
+	float: left;
+	margin-bottom: 20px;
+	width: 695px;
+}
+
+.feature-filter .feature-name {
+	float: left;
+	text-align: right;
+	width: 95px;
+}
+
+.feature-filter .feature-group li {
+	display: inline;
+	float: left;
+	list-style-type: none;
+	padding-right: 25px;
+	min-width: 145px;
+}
--- a/wp-admin/css/widgets-rtl.css
+++ b/wp-admin/css/widgets-rtl.css
@@ -1,14 +1,4 @@
-h4.widget-title span {
-	float: right;
-}
-h4.widget-title a {
-	float: left;
-	margin-left: 0;
-	margin-right: 1em;
-}
-ul#widget-list li.widget-list-item h4.widget-title {
-	float: right;
-}
+
 ul#widget-list li.widget-list-item div.widget-description {
 	margin: 0 200px 0 0;
 	padding: 0 4em 0 0;
@@ -19,9 +9,3 @@ ul#widget-list li.widget-list-item div.widget-description {
 	margin-left: 8px;
 	float: right;
 }
-li.widget-list-control-item h4.widget-title a,
-#dragHelper li.widget-list-control-item h4.widget-title a,
-#draghelper li.widget-list-control-item h4.widget-title a:visited {
-	right: auto;
-	left: 1em;
-}
--- a/wp-admin/css/widgets.css
+++ b/wp-admin/css/widgets.css
@@ -1,177 +1,365 @@
+html,
+body {
+	min-width: 950px;
+}
+
 /* 2 column liquid layout */
-div.widget-liquid-left-holder {
+div.widget-liquid-left {
 	float: left;
 	clear: left;
 	width: 100%;
-	margin-right: -310px;
+	margin-right: -325px;
 }

-div.widget-liquid-left {
-	margin-right: 320px;
+div#widgets-left {
+	margin-left: 5px;
+	margin-right: 325px;
+}
+
+div#widgets-right {
+	width: 285px;
+	margin: 0 auto;
 }

 div.widget-liquid-right {
 	float: right;
 	clear: right;
 	width: 300px;
-	position: relative;
 }

-/* pasitioning etc. */
-form#widgets-filter {
-	position: relative;
+.widget-liquid-right .widget,
+#wp_inactive_widgets .widget {
+	width: 250px;
+	margin: 0 auto 20px;
+	overflow: hidden;
 }

-div#available-widgets-filter {
-	border-bottom-width: 1px;
-	border-bottom-style: solid;
+#wp_inactive_widgets .widget {
+	margin: 0 10px 20px;
+	float: left;
+}
+
+div.sidebar-name h3 {
+	margin: 0;
+	padding: 5px 12px;
+	font-size: 13px;
+	height: 19px;
+	overflow: hidden;
+	white-space: nowrap;
+}
+
+div.sidebar-name {
+	background-repeat: repeat-x;
+	background-position: 0 0;
+	cursor: pointer;
+	font-size: 13px;
+	border-width: 1px;
+	border-style: solid;
+	-moz-border-radius-topleft: 8px;
+	-moz-border-radius-topright: 8px;
+	-webkit-border-top-right-radius: 8px;
+	-webkit-border-top-left-radius: 8px;
+	-khtml-border-top-right-radius: 8px;
+	-khtml-border-top-left-radius: 8px;
+	border-top-right-radius: 8px;
+	border-top-left-radius: 8px;
+}
+
+.js .closed .sidebar-name {
+	-moz-border-radius-bottomleft: 8px;
+	-moz-border-radius-bottomright: 8px;
+	-webkit-border-bottom-right-radius: 8px;
+	-webkit-border-bottom-left-radius: 8px;
+	-khtml-border-bottom-right-radius: 8px;
+	-khtml-border-bottom-left-radius: 8px;
+	border-bottom-right-radius: 8px;
+	border-bottom-left-radius: 8px;
+}
+
+.widget-liquid-right .widgets-sortables,
+#widgets-left .widget-holder {
+	border-width: 0 1px 1px;
+	border-style: none solid solid;
+    -moz-border-radius-bottomleft: 8px;
+	-moz-border-radius-bottomright: 8px;
+	-webkit-border-bottom-right-radius: 8px;
+	-webkit-border-bottom-left-radius: 8px;
+	-khtml-border-bottom-right-radius: 8px;
+	-khtml-border-bottom-left-radius: 8px;
+	border-bottom-right-radius: 8px;
+	border-bottom-left-radius: 8px;
+}
+
+.js .closed .widgets-sortables,
+.js .closed .widget-holder {
+	display: none;
+}
+
+.widget-liquid-right .widgets-sortables {
+	padding: 15px 0 0;
+}
+
+#available-widgets .widget-holder {
+	padding: 7px 5px 0;
+}
+
+#wp_inactive_widgets {
+	padding: 5px 5px 0;
+}
+
+#widget-list .widget {
+	width: 250px;
+	margin: 0 10px 15px;
+	border: 0 none;
+	float: left;
+}
+
+#widget-list .widget-description {
+	padding: 5px 8px;
+}
+
+#widget-list .widget-top {
+	border-width: 1px;
+	border-style: solid;
+	-moz-border-radius: 6px;
+	-khtml-border-radius: 6px;
+	-webkit-border-radius: 6px;
+	border-radius: 6px;
+}
+
+.widget-placeholder {
+	border-width: 1px;
+	border-style: dashed;
+	margin: 0 auto 20px;
+	height: 26px;
+	width: 250px;
+}
+
+#wp_inactive_widgets .widget-placeholder {
+	margin: 0 10px 20px;
+	float: left;
+}
+
+div.widgets-holder-wrap {
+	padding: 0;
+	margin: 10px 0 20px;
+}
+
+#widgets-left #available-widgets {
+    background-color: transparent;
+    border: 0 none;
 }

 ul#widget-list {
 	list-style: none;
 	margin: 0;
 	padding: 0;
+	min-height: 100px;
 }

-ul#widget-list li.widget-list-item {
-	padding: .7em 0.9em;
-	margin: 0;
-	border-bottom-width: 1px;
-	border-bottom-style: solid;
-	line-height: 1;
+.widget .widget-top {
+	font-size: 12px;
+	font-weight: bold;
+	height: 26px;
+	overflow: hidden;
 }

-h4.widget-title span {
-	float: left;
+.widget-top .widget-title {
+	padding: 5px 9px;
 }

-h4.widget-title a {
+.widget-top .widget-title-action {
 	float: right;
-	text-decoration: underline;
-	border-bottom: none;
-	margin-left: 1em;
 }

-ul#widget-list li.widget-list-item h4.widget-title {
-	position: relative;
-	margin: 0;
-	padding: .5em 1em;
-	width: 200px;
-	float: left;
-	font-size: 13px;
-	-moz-border-radius: 3px;
-	-khtml-border-radius: 3px;
-	-webkit-border-radius: 3px;
-	border-radius: 3px;
+a.widget-action {
+    display: block;
+    width: 24px;
+    height: 26px;
 }

-#dragHelper h4.widget-title {
-	padding: .5em 1em;
-	margin: 0;
-}
-
-ul#widget-list li.widget-list-item div.widget-description {
-	display: block;
-	margin: 0 0 0 200px;
-	padding: 0 0 0 4em;
-	font-size: 11px;
-}
-
-ul#widget-list li.widget-list-item ul.widget-control-info {
+#available-widgets a.widget-action {
 	display: none;
 }

+.widget-top a.widget-action {
+    background: url("../images/menu-bits.gif") no-repeat scroll 0 -110px;
+}
+
+.widget .widget-inside,
+.widget .widget-description {
+	padding: 12px 12px 10px;
+	font-size: 11px;
+	line-height: 16px;
+}
+
+.widget-inside,
+.widget-description {
+	display: none;
+}
+
+#available-widgets .widget-description {
+	display: block;
+}
+
+.widget .widget-inside p {
+	margin: 0 0 1em;
+	padding: 0;
+}
+
+.widget-title h4 {
+	margin: 0;
+	line-height: 1.3;
+	overflow: hidden;
+	white-space: nowrap;
+}
+
+.widgets-sortables {
+    min-height: 90px;
+}
+
+.widget-control-actions {
+    margin-top: 8px;
+}
+
+.widget-control-actions a {
+	text-decoration: none;
+}
+
+.widget-control-actions a:hover {
+	text-decoration: underline;
+}
+
+.widget-control-actions .ajax-feedback {
+	padding-bottom: 3px;
+}
+
+.widget-control-actions div.alignleft {
+	margin-top: 6px;
+}
+
 div#sidebar-info {
 	padding: 0 1em;
 	margin-bottom: 1em;
 	font-size: 11px;
 }

-ul.widget-control-list {
-	list-style: none;
-	margin: 0;
-	padding: 0 1em;
-}
-
-div#current-widgets p.submit {
-	padding: 1em;
-}
-
-li.widget-list-control-item {
-	margin: 1em 0;
-	-moz-border-radius: 3px;
-	-khtml-border-radius: 3px;
-	-webkit-border-radius: 3px;
-	border-radius: 3px;
-}
-
-li.widget-list-control-item h4,
-#dragHelper li.widget-list-control-item h4,
-li.widget-sortable h4 {
-	margin: 0;
-	cursor: move;
-	font-size: 13px;
-	padding: 0.4em 0.8em;
-	position: relative;
-	-moz-border-radius: 3px;
-	-khtml-border-radius: 3px;
-	-webkit-border-radius: 3px;
-	border-radius: 3px;
-}
-
-.widget-control-save,
-.widget-control-remove {
-	margin-right: 8px;
-	float: left;
-	text-decoration: none;
-}
-
-li.widget-list-control-item h4.widget-title a,
-#dragHelper li.widget-list-control-item h4.widget-title a,
-#draghelper li.widget-list-control-item h4.widget-title a:visited {
-	right: 1em;
-}
-
-li.widget-list-control-item h4.widget-title a:hover {
+.widget-title a,
+.widget-title a:hover {
 	text-decoration: none;
 	border-bottom: none;
 }

-li.widget-list-control-item div.widget-control {
-	border-width: 0 1px 1px;
-	border-style: none solid solid;
-	display: none;
-	padding: 15px;
-	font-size: 11px;
-	position: relative;
-}
-
-li.widget-list-control-item div.widget-control p {
-	margin: 0 0 1em;
-	padding: 0;
-}
-
-ul.widget-control-list div.widget-control-actions {
-	padding: 0.5em 0 0;
-}
-
 .widget-control-edit {
-	font-size: 10px;
+	display: block;
+	font-size: 11px;
 	font-weight: normal;
+	line-height: 26px;
+	padding: 0 8px 0 0;
 }

-div#current-widgets {
-	padding-top: 1em;
-	border-width: 1px 0 0;
-	border-style: solid none none;
+a.widget-control-edit {
+	text-decoration: none;
 }

-#widget-controls .widefat {
-	width: 92%;
-	padding: 3px;
+.widget-control-edit .add,
+.widget-control-edit .edit {
+	display: none;
 }

-#widget-controls select.widefat {
-	width: auto;
+#available-widgets .widget-control-edit .add,
+#widgets-right .widget-control-edit .edit,
+#wp_inactive_widgets .widget-control-edit .edit {
+	display: inline;
+}
+
+.editwidget {
+	margin: 0 auto 15px;
+}
+
+.editwidget .widget-inside {
+	display: block;
+	border-width: 1px;
+	border-style: solid;
+	padding: 10px;
+	-moz-border-radius: 6px;
+	-khtml-border-radius: 6px;
+	-webkit-border-radius: 6px;
+	border-radius: 6px;
+}
+
+.inactive p.description {
+	margin: 5px 15px 8px;
+}
+
+#available-widgets p.description {
+	margin: 0 12px 12px;
+}
+
+.widget-position {
+	margin-top: 8px;
+}
+
+.inactive {
+	padding-top: 2px;
+}
+
+.sidebar-name-arrow {
+	float: right;
+	height: 29px;
+	width: 26px;
+}
+
+.widget-title .in-widget-title {
+	font-size: 11px;
+	white-space: nowrap;
+}
+
+#removing-widget {
+	display: none;
+	font-weight: normal;
+	padding-left: 15px;
+	font-size: 12px;
+}
+
+.widget-control-noform,
+#access-off,
+.widgets_access .widget-action,
+.widgets_access .sidebar-name-arrow,
+.widgets_access #access-on,
+.widgets_access .widget-holder .description {
+	display: none;
+}
+
+.widgets_access .widget-holder,
+.widgets_access #widget-list {
+	padding-top: 10px;
+}
+
+.widgets_access #access-off {
+	display: inline;
+}
+
+.widgets_access #wpbody-content .widget-title-action,
+.widgets_access #wpbody-content .widget-control-edit,
+.widgets_access .closed .widgets-sortables,
+.widgets_access .closed .widget-holder {
 	display: block;
 }
+
+.widgets_access .closed .sidebar-name {
+	-moz-border-radius-bottomleft: 0;
+	-moz-border-radius-bottomright: 0;
+	-webkit-border-bottom-right-radius: 0;
+	-webkit-border-bottom-left-radius: 0;
+	-khtml-border-bottom-right-radius: 0;
+	-khtml-border-bottom-left-radius: 0;
+	border-bottom-right-radius: 0;
+	border-bottom-left-radius: 0;
+}
+
+.widgets_access .sidebar-name,
+.widgets_access .widget .widget-top {
+	cursor: default;
+}
+
--- a/wp-admin/custom-header.php
+++ b/wp-admin/custom-header.php
@@ -41,7 +41,7 @@ class Custom_Image_Header {
 	 * @since unknown
 	 */
 	function init() {
-		$page = add_theme_page(__('Custom Image Header'), __('Custom Image Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
+		$page = add_theme_page(__('Custom Header'), __('Custom Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));

 		add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
 		add_action("admin_print_styles-$page", array(&$this, 'css_includes'));
@@ -79,7 +79,7 @@ class Custom_Image_Header {
 		if ( 1 == $step )
 			wp_enqueue_script('farbtastic');
 		elseif ( 2 == $step )
-			wp_enqueue_script('cropper');
+			wp_enqueue_script('jcrop');
 	}

 	/**
@@ -90,9 +90,10 @@ class Custom_Image_Header {
 	function css_includes() {
 		$step = $this->step();

-		if ( 1 == $step ) {
+		if ( 1 == $step )
 			wp_enqueue_style('farbtastic');
-		}
+		elseif ( 2 == $step )
+			wp_enqueue_style('jcrop');
 	}

 	/**
@@ -215,13 +216,13 @@ class Custom_Image_Header {
 	 */
 	function js_2() { ?>
 <script type="text/javascript">
-	function onEndCrop( coords, dimensions ) {
-		jQuery( '#x1' ).val(coords.x1);
-		jQuery( '#y1' ).val(coords.y1);
+	function onEndCrop( coords ) {
+		jQuery( '#x1' ).val(coords.x);
+		jQuery( '#y1' ).val(coords.y);
 		jQuery( '#x2' ).val(coords.x2);
 		jQuery( '#y2' ).val(coords.y2);
-		jQuery( '#width' ).val(dimensions.width);
-		jQuery( '#height' ).val(dimensions.height);
+		jQuery( '#width' ).val(coords.w);
+		jQuery( '#height' ).val(coords.h);
 	}

 	// with a supplied ratio
@@ -231,6 +232,15 @@ class Custom_Image_Header {
 		var ratio = xinit / yinit;
 		var ximg = jQuery('#upload').width();
 		var yimg = jQuery('#upload').height();
+
+		//set up default values
+		jQuery( '#x1' ).val(0);
+		jQuery( '#y1' ).val(0);
+		jQuery( '#x2' ).val(xinit);
+		jQuery( '#y2' ).val(yinit);
+		jQuery( '#width' ).val(xinit);
+		jQuery( '#height' ).val(yinit);
+
 		if ( yimg < yinit || ximg < xinit ) {
 			if ( ximg / yimg > ratio ) {
 				yinit = yimg;
@@ -240,14 +250,12 @@ class Custom_Image_Header {
 				yinit = xinit / ratio;
 			}
 		}
-		new Cropper.Img(
-			'upload',
-			{
-				ratioDim: { x: xinit, y: yinit },
-				displayOnInit: true,
-				onEndCrop: onEndCrop
-			}
-		)
+
+		jQuery('#upload').Jcrop({
+			aspectRatio: ratio,
+			setSelect: [ 0, 0, xinit, yinit ],
+			onSelect: onEndCrop
+		});
 	});
 </script>
 <?php
@@ -270,16 +278,16 @@ class Custom_Image_Header {
 <h2><?php _e('Your Header Image'); ?></h2>
 <p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>

-<div id="headimg" style="background-image: url(<?php clean_url(header_image()) ?>);">
+<div id="headimg" style="background-image: url(<?php esc_url(header_image()) ?>);">
 <h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
 <div id="desc"><?php bloginfo('description');?></div>
 </div>
 <?php if ( !defined( 'NO_HEADER_TEXT' ) ) { ?>
 <form method="post" action="<?php echo admin_url('themes.php?page=custom-header&amp;updated=true') ?>">
-<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
-<input type="button" value="<?php _e('Select a Text Color'); ?>" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
+<input type="button" class="button" value="<?php esc_attr_e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
+<input type="button" class="button" value="<?php esc_attr_e('Select a Text Color'); ?>" id="pickcolor" /><input type="button" class="button" value="<?php esc_attr_e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
 <?php wp_nonce_field('custom-header') ?>
-<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?>" /></form>
+<input type="hidden" name="textcolor" id="textcolor" value="#<?php esc_attr(header_textcolor()) ?>" /><input name="submit" type="submit" class="button" value="<?php esc_attr_e('Save Changes'); ?>" /></form>
 <?php } ?>

 <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;display:none;"> </div>
@@ -288,12 +296,12 @@ class Custom_Image_Header {
 <h2><?php _e('Upload New Header Image'); ?></h2><p><?php _e('Here you can upload a custom header image to be shown at the top of your blog instead of the default one. On the next screen you will be able to crop the image.'); ?></p>
 <p><?php printf(__('Images of exactly <strong>%1$d x %2$d pixels</strong> will be used as-is.'), HEADER_IMAGE_WIDTH, HEADER_IMAGE_HEIGHT); ?></p>

-<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
+<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo esc_attr(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
 <?php wp_nonce_field('custom-header') ?>
 <p class="submit">
-<input type="submit" value="<?php _e('Upload'); ?>" />
+<input type="submit" value="<?php esc_attr_e('Upload'); ?>" />
 </p>
 </form>

@@ -303,9 +311,9 @@ class Custom_Image_Header {
 <div class="wrap">
 <h2><?php _e('Reset Header Image and Color'); ?></h2>
 <p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
-<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
+<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)) ?>">
 <?php wp_nonce_field('custom-header'); ?>
-<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
+<input type="submit" class="button" name="resetheader" value="<?php esc_attr_e('Restore Original Header'); ?>" />
 </form>
 </div>
 		<?php endif;
@@ -346,7 +354,7 @@ class Custom_Image_Header {
 			// Add the meta-data
 			wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );

-			set_theme_mod('header_image', clean_url($url));
+			set_theme_mod('header_image', esc_url($url));
 			do_action('wp_create_file_in_uploads', $file, $id); // For replication
 			return $this->finished();
 		} elseif ( $width > HEADER_IMAGE_WIDTH ) {
@@ -364,7 +372,7 @@ class Custom_Image_Header {

 <div class="wrap">

-<form method="POST" action="<?php echo attribute_escape(add_query_arg('step', 3)) ?>">
+<form method="POST" action="<?php echo esc_attr(add_query_arg('step', 3)) ?>">

 <p><?php _e('Choose the part of the image you want to use as your header.'); ?></p>
 <div id="testWrap" style="position: relative">
@@ -378,10 +386,10 @@ class Custom_Image_Header {
 <input type="hidden" name="y2" id="y2" />
 <input type="hidden" name="width" id="width" />
 <input type="hidden" name="height" id="height" />
-<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
-<input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
+<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($id); ?>" />
+<input type="hidden" name="oitar" id="oitar" value="<?php echo esc_attr($oitar); ?>" />
 <?php wp_nonce_field('custom-header') ?>
-<input type="submit" value="<?php _e('Crop Header'); ?>" />
+<input type="submit" value="<?php esc_attr_e('Crop Header'); ?>" />
 </p>

 </form>
--- a/wp-admin/edit-attachment-rows.php
+++ b/wp-admin/edit-attachment-rows.php
@@ -6,7 +6,9 @@
 * @subpackage Administration
 */

-if ( ! defined('ABSPATH') ) die();
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');

 if ( have_posts() ) { ?>
 <table class="widefat fixed" cellspacing="0">
@@ -24,7 +26,7 @@ if ( have_posts() ) { ?>

 	<tbody id="the-list" class="list:post">
 <?php
-add_filter('the_title','wp_specialchars');
+add_filter('the_title','esc_html');
 $alt = '';
 $posts_columns = get_column_headers('upload');
 $hidden = get_hidden_columns('upload');
@@ -62,7 +64,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 			if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) {
 ?>

-				<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>">
+				<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>">
 					<?php echo $thumb; ?>
 				</a>

@@ -74,7 +76,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {

 	case 'media':
 		?>
-		<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
+		<td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />
 		<?php echo strtoupper(preg_replace('/^.*?\.(\w+)$/', '$1', get_attached_file($post->ID))); ?>
 		<p>
 		<?php
@@ -82,8 +84,8 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 		if ( current_user_can('edit_post', $post->ID) )
 			$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
 		if ( current_user_can('delete_post', $post->ID) )
-			$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
-		$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . attribute_escape(sprintf(__('View "%s"'), $title)) . '" rel="permalink">' . __('View') . '</a>';
+			$actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this attachment '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
+		$actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View &#8220;%s&#8221;'), $title)) . '" rel="permalink">' . __('View') . '</a>';
 		$action_count = count($actions);
 		$i = 0;
 		echo '<div class="row-actions">';
@@ -110,7 +112,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 		if ( !empty( $tags ) ) {
 			$out = array();
 			foreach ( $tags as $c )
-				$out[] = "<a href='edit.php?tag=$c->slug'> " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
+				$out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>";
 			echo join( ', ', $out );
 		} else {
 			_e('No Tags');
@@ -131,7 +133,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 		} else {
 			$t_time = get_the_time(__('Y/m/d g:i:s A'));
 			$m_time = $post->post_date;
-			$time = get_post_time( 'G', true, $post );
+			$time = get_post_time( 'G', true, $post, false );
 			if ( ( abs($t_diff = time() - $time) ) < 86400 ) {
 				if ( $t_diff < 0 )
 					$h_time = sprintf( __('%s from now'), human_time_diff( $time ) );
@@ -171,7 +173,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 		$pending_phrase = sprintf( __('%s pending'), number_format( $left ) );
 		if ( $left )
 			echo '<strong>';
-		comments_number("<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . __('0') . '</span></a>', "<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . __('1') . '</span></a>', "<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . __('%') . '</span></a>');
+		comments_number("<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link */ _x('0', 'comment count') . '</span></a>', "<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link */ _x('1', 'comment count') . '</span></a>', "<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link: % will be substituted by comment count */ _x('%', 'comment count') . '</span></a>');
 		if ( $left )
 			echo '</strong>';
 		?>
@@ -182,7 +184,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 	case 'actions':
 		?>
 		<td <?php echo $attributes ?>>
-		<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo attribute_escape(sprintf(__('Edit "%s"'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
+		<a href="media.php?action=edit&amp;attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit &#8220;%s&#8221;'), $att_title)); ?>"><?php _e('Edit'); ?></a> |
 		<a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a>
 		</td>
 		<?php
@@ -202,7 +204,7 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 </table>
 <?php } else { ?>

-<p><?php _e('No posts found.') ?></p>
+<p><?php _e('No media attachments found.') ?></p>

 <?php
 } // end if ( have_posts() )
--- a/wp-admin/edit-category-form.php
+++ b/wp-admin/edit-category-form.php
@@ -6,6 +6,13 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit categories for this blog.'));
+
 /**
 * @var object
 */
@@ -44,33 +51,34 @@ _fill_empty_category($category);
 <div id="ajax-response"></div>
 <form name="editcat" id="editcat" method="post" action="categories.php" class="validate">
 <input type="hidden" name="action" value="editedcat" />
-<input type="hidden" name="cat_ID" value="<?php echo $category->term_id ?>" />
+<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" />
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-category_' . $cat_ID); ?>
 	<table class="form-table">
 		<tr class="form-field form-required">
 			<th scope="row" valign="top"><label for="cat_name"><?php _e('Category Name') ?></label></th>
-			<td><input name="cat_name" id="cat_name" type="text" value="<?php echo attribute_escape($category->name); ?>" size="40" aria-required="true" /><br />
-            <?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></td>
+			<td><input name="cat_name" id="cat_name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /><br />
+            <span class="description"><?php _e('The name is used to identify the category almost everywhere, for example under the post or in the category widget.'); ?></span></td>
 		</tr>
 		<tr class="form-field">
 			<th scope="row" valign="top"><label for="category_nicename"><?php _e('Category Slug') ?></label></th>
-			<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo attribute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
-            <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
+			<td><input name="category_nicename" id="category_nicename" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
+            <span class="description"><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></span></td>
 		</tr>
 		<tr class="form-field">
 			<th scope="row" valign="top"><label for="category_parent"><?php _e('Category Parent') ?></label></th>
 			<td>
 	  			<?php wp_dropdown_categories(array('hide_empty' => 0, 'name' => 'category_parent', 'orderby' => 'name', 'selected' => $category->parent, 'hierarchical' => true, 'show_option_none' => __('None'))); ?><br />
-                <?php _e('Categories, unlike tags, can have a hierarchy. You might have a Jazz category, and under that have children categories for Bebop and Big Band. Totally optional.'); ?>
+                <span class="description"><?php _e('Categories, unlike tags, can have a hierarchy. You might have a Jazz category, and under that have children categories for Bebop and Big Band. Totally optional.'); ?></span>
 	  		</td>
 		</tr>
 		<tr class="form-field">
 			<th scope="row" valign="top"><label for="category_description"><?php _e('Description') ?></label></th>
-			<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo wp_specialchars($category->description); ?></textarea><br />
-            <?php _e('The description is not prominent by default, however some themes may show it.'); ?></td>
+			<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($category->description); ?></textarea><br />
+            <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
 		</tr>
+		<?php do_action('edit_category_form_fields', $category); ?>
 	</table>
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _e('Update Category'); ?>" /></p>
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Category'); ?>" /></p>
 <?php do_action('edit_category_form', $category); ?>
 </form>
 </div>
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();

@@ -18,8 +21,11 @@ if ( ( isset( $_REQUEST['delete_all_spam'] ) || isset( $_REQUEST['delete_all_spa
 	check_admin_referer('bulk-spam-delete', '_spam_nonce');

 	$delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
-	$deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
-
+	if ( current_user_can('moderate_comments')) {
+		$deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
+	} else {
+		$deleted_spam = 0;
+	}
 	$redirect_to = 'edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam;
 	if ( $post_id )
 		$redirect_to = add_query_arg( 'p', absint( $post_id ), $redirect_to );
@@ -80,20 +86,22 @@ else

 require_once('admin-header.php');

-$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attribute_escape($_GET['mode']);
+$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : esc_attr($_GET['mode']);

-$comment_status = !empty($_GET['comment_status']) ? attribute_escape($_GET['comment_status']) : '';
+$comment_status = isset($_REQUEST['comment_status']) ? $_REQUEST['comment_status'] : 'all';
+if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam')) )
+	$comment_status = 'all';

-$comment_type = !empty($_GET['comment_type']) ? attribute_escape($_GET['comment_type']) : '';
+$comment_type = !empty($_GET['comment_type']) ? esc_attr($_GET['comment_type']) : '';

 $search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
-$search = attribute_escape( $search_dirty ); ?>
+$search = esc_attr( $search_dirty ); ?>

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( wp_specialchars( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
+	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
 </h2>

 <?php
@@ -106,17 +114,17 @@ if ( isset( $_GET['approved'] ) || isset( $_GET['deleted'] ) || isset( $_GET['sp
 		echo '<div id="moderated" class="updated fade"><p>';

 		if ( $approved > 0 ) {
-			printf( __ngettext( '%s comment approved', '%s comments approved', $approved ), $approved );
+			printf( _n( '%s comment approved', '%s comments approved', $approved ), $approved );
 			echo '<br />';
 		}

 		if ( $deleted > 0 ) {
-			printf( __ngettext( '%s comment deleted', '%s comments deleted', $deleted ), $deleted );
+			printf( _n( '%s comment deleted', '%s comments deleted', $deleted ), $deleted );
 			echo '<br />';
 		}

 		if ( $spam > 0 ) {
-			printf( __ngettext( '%s comment marked as spam', '%s comments marked as spam', $spam ), $spam );
+			printf( _n( '%s comment marked as spam', '%s comments marked as spam', $spam ), $spam );
 			echo '<br />';
 		}

@@ -133,34 +141,31 @@ $num_comments = ( $post_id ) ? wp_count_comments( $post_id ) : wp_count_comments
 //, number_format_i18n($num_comments->moderated) ), "<span class='comment-count'>" . number_format_i18n($num_comments->moderated) . "</span>"),
 //, number_format_i18n($num_comments->spam) ), "<span class='spam-comment-count'>" . number_format_i18n($num_comments->spam) . "</span>")
 $stati = array(
-		'all' => __ngettext_noop('All', 'All'), // singular not used
-		'moderated' => __ngettext_noop('Pending (<span class="pending-count">%s</span>)', 'Pending (<span class="pending-count">%s</span>)'),
-		'approved' => __ngettext_noop('Approved', 'Approved'), // singular not used
-		'spam' => __ngettext_noop('Spam (<span class="spam-count">%s</span>)', 'Spam (<span class="spam-count">%s</span>)')
+		'all' => _n_noop('All', 'All'), // singular not used
+		'moderated' => _n_noop('Pending (<span class="pending-count">%s</span>)', 'Pending (<span class="pending-count">%s</span>)'),
+		'approved' => _n_noop('Approved', 'Approved'), // singular not used
+		'spam' => _n_noop('Spam (<span class="spam-count">%s</span>)', 'Spam (<span class="spam-count">%s</span>)')
 	);
-$class = ( '' === $comment_status ) ? ' class="current"' : '';
-// $status_links[] = "<li><a href='edit-comments.php'$class>" . __( 'All' ) . '</a>';
 $link = 'edit-comments.php';
 if ( !empty($comment_type) && 'all' != $comment_type )
 	$link = add_query_arg( 'comment_type', $comment_type, $link );
 foreach ( $stati as $status => $label ) {
 	$class = '';

-	if ( str_replace( 'all', '', $status ) == $comment_status )
+	if ( $status == $comment_status )
 		$class = ' class="current"';
 	if ( !isset( $num_comments->$status ) )
 		$num_comments->$status = 10;
-	if ( 'all' != $status )
-		$link = add_query_arg( 'comment_status', $status, $link );
+	$link = add_query_arg( 'comment_status', $status, $link );
 	if ( $post_id )
 		$link = add_query_arg( 'p', absint( $post_id ), $link );
 	/*
 	// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
 	if ( !empty( $_GET['s'] ) )
-		$link = add_query_arg( 's', attribute_escape( stripslashes( $_GET['s'] ) ), $link );
+		$link = add_query_arg( 's', esc_attr( stripslashes( $_GET['s'] ) ), $link );
 	*/
 	$status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf(
-		__ngettext( $label[0], $label[1], $num_comments->$status ),
+		_n( $label[0], $label[1], $num_comments->$status ),
 		number_format_i18n( $num_comments->$status )
 	) . '</a>';
 }
@@ -173,13 +178,16 @@ unset($status_links);
 </ul>

 <p class="search-box">
-	<label class="hidden" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label>
-	<input type="text" class="search-input" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Comments' ); ?>" class="button" />
+	<label class="screen-reader-text" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label>
+	<input type="text" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Comments' ); ?>" class="button" />
 </p>

 <?php
-$comments_per_page = apply_filters('comments_per_page', 20, $comment_status);
+$comments_per_page = get_user_option('edit_comments_per_page');
+if ( empty($comments_per_page) )
+	$comments_per_page = 20;
+$comments_per_page = apply_filters('comments_per_page', $comments_per_page, $comment_status);

 if ( isset( $_GET['apage'] ) )
 	$page = abs( (int) $_GET['apage'] );
@@ -188,7 +196,7 @@ else

 $start = $offset = ( $page - 1 ) * $comments_per_page;

-list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 5, $post_id, $comment_type ); // Grab a few extra
+list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 8, $post_id, $comment_type ); // Grab a few extra

 $_comment_post_ids = array();
 foreach ( $_comments as $_c ) {
@@ -214,12 +222,12 @@ $page_links = paginate_links( array(

 ?>

-<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
+<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
 <?php if ( $post_id ) : ?>
-<input type="hidden" name="p" value="<?php echo intval( $post_id ); ?>" />
+<input type="hidden" name="p" value="<?php echo esc_attr( intval( $post_id ) ); ?>" />
 <?php endif; ?>
-<input type="hidden" name="comment_status" value="<?php echo $comment_status; ?>" />
-<input type="hidden" name="pagegen_timestamp" value="<?php echo current_time('mysql', 1); ?>" />
+<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
+<input type="hidden" name="pagegen_timestamp" value="<?php echo esc_attr(current_time('mysql', 1)); ?>" />

 <div class="tablenav">

@@ -227,18 +235,21 @@ $page_links = paginate_links( array(
 <div class="tablenav-pages"><?php $page_links_text = sprintf( '<span class="displaying-num">' . __( 'Displaying %s&#8211;%s of %s' ) . '</span>%s',
 	number_format_i18n( $start + 1 ),
 	number_format_i18n( min( $page * $comments_per_page, $total ) ),
-	number_format_i18n( $total ),
+	'<span class="total-type-count">' . number_format_i18n( $total ) . '</span>',
 	$page_links
 ); echo $page_links_text; ?></div>
+<input type="hidden" name="_total" value="<?php echo esc_attr($total); ?>" />
+<input type="hidden" name="_per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
+<input type="hidden" name="_page" value="<?php echo esc_attr($page); ?>" />
 <?php endif; ?>

 <div class="alignleft actions">
 <select name="action">
 <option value="-1" selected="selected"><?php _e('Bulk Actions') ?></option>
-<?php if ( empty($comment_status) || 'approved' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'approved' == $comment_status ): ?>
 <option value="unapprove"><?php _e('Unapprove'); ?></option>
 <?php endif; ?>
-<?php if ( empty($comment_status) || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
 <option value="approve"><?php _e('Approve'); ?></option>
 <?php endif; ?>
 <?php if ( 'spam' != $comment_status ): ?>
@@ -246,10 +257,9 @@ $page_links = paginate_links( array(
 <?php endif; ?>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" name="doaction" id="doaction" value="<?php _e('Apply'); ?>" class="button-secondary apply" />
+<input type="submit" name="doaction" id="doaction" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
 <?php wp_nonce_field('bulk-comments'); ?>

-<?php if ( $comment_status ) echo "<input type='hidden' name='comment_status' value='$comment_status' />\n"; ?>
 <select name="comment_type">
 	<option value="all"><?php _e('Show all comment types'); ?></option>
 <?php
@@ -259,22 +269,24 @@ $page_links = paginate_links( array(
 	) );

 	foreach ( $comment_types as $type => $label ) {
-		echo "	<option value='$type'";
+		echo "	<option value='" . esc_attr($type) . "'";
 		selected( $comment_type, $type );
 		echo ">$label</option>\n";
 	}
 ?>
 </select>
-<input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />

 <?php if ( isset($_GET['apage']) ) { ?>
-	<input type="hidden" name="apage" value="<?php echo absint( $_GET['apage'] ); ?>" />
+	<input type="hidden" name="apage" value="<?php echo esc_attr( absint( $_GET['apage'] ) ); ?>" />
 <?php }

 if ( 'spam' == $comment_status ) {
-	wp_nonce_field('bulk-spam-delete', '_spam_nonce'); ?>
-<input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
-<?php } ?>
+	wp_nonce_field('bulk-spam-delete', '_spam_nonce');
+        if ( current_user_can ('moderate_comments')) { ?>
+		<input type="submit" name="delete_all_spam" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" />
+<?php	}
+} ?>
 <?php do_action('manage_comments_nav', $comment_status); ?>
 </div>

@@ -321,10 +333,10 @@ if ( $page_links )
 <div class="alignleft actions">
 <select name="action2">
 <option value="-1" selected="selected"><?php _e('Bulk Actions') ?></option>
-<?php if ( empty($comment_status) || 'approved' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'approved' == $comment_status ): ?>
 <option value="unapprove"><?php _e('Unapprove'); ?></option>
 <?php endif; ?>
-<?php if ( empty($comment_status) || 'moderated' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
 <option value="approve"><?php _e('Approve'); ?></option>
 <?php endif; ?>
 <?php if ( 'spam' != $comment_status ): ?>
@@ -332,10 +344,10 @@ if ( $page_links )
 <?php endif; ?>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" name="doaction2" id="doaction2" value="<?php _e('Apply'); ?>" class="button-secondary apply" />
+<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />

 <?php if ( 'spam' == $comment_status ) { ?>
-<input type="submit" name="delete_all_spam2" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
+<input type="submit" name="delete_all_spam2" value="<?php esc_attr_e('Delete All Spam'); ?>" class="button-secondary apply" />
 <?php } ?>
 <?php do_action('manage_comments_nav', $comment_status); ?>
 </div>
@@ -346,18 +358,19 @@ if ( $page_links )
 </form>

 <form id="get-extra-comments" method="post" action="" class="add:the-extra-comment-list:" style="display: none;">
-	<input type="hidden" name="s" value="<?php echo $search; ?>" />
-	<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
-	<input type="hidden" name="comment_status" value="<?php echo $comment_status; ?>" />
-	<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
-	<input type="hidden" name="p" value="<?php echo attribute_escape( $post_id ); ?>" />
-	<input type="hidden" name="comment_type" value="<?php echo attribute_escape( $comment_type ); ?>" />
+	<input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" />
+	<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
+	<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
+	<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
+	<input type="hidden" name="per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
+	<input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" />
+	<input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" />
 	<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
 </form>

 <div id="ajax-response"></div>

-<?php } elseif ( 'moderated' == $_GET['comment_status'] ) { ?>
+<?php } elseif ( 'moderated' == $comment_status ) { ?>
 <p><?php _e('No comments awaiting moderation&hellip; yet.') ?></p>
 </form>

@@ -368,21 +381,6 @@ if ( $page_links )
 <?php } ?>
 </div>

-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected comments.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-/* ]]> */
-</script>
-
 <?php
 wp_comment_reply('-1', true, 'detail');
 include('admin-footer.php'); ?>
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -6,20 +6,21 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
 * Post ID global
 * @name $post_ID
 * @var int
 */
-if ( ! isset( $post_ID ) )
-	$post_ID = 0;
-else
-	$post_ID = (int) $post_ID;
+$post_ID = isset($post_ID) ? (int) $post_ID : 0;

 $action = isset($action) ? $action : '';
 if ( isset($_GET['message']) )
 	$_GET['message'] = absint( $_GET['message'] );
-$messages[1] = sprintf( __( 'Post updated. Continue editing below or <a href="%s">go back</a>.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
+$messages[1] = sprintf(__('Post updated. <a href="%s">View post</a>'), get_permalink($post_ID));
 $messages[2] = __('Custom field updated.');
 $messages[3] = __('Custom field deleted.');
 $messages[4] = __('Post updated.');
@@ -36,15 +37,15 @@ $notices[1] = __( 'There is an autosave of this post that is more recent than th
 if ( 0 == $post_ID ) {
 	$form_action = 'post';
 	$temp_ID = -1 * time(); // don't change this formula without looking at wp_write_post()
-	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
+	$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='" . esc_attr($temp_ID) . "' />";
 	$autosave = false;
 } else {
 	$form_action = 'editpost';
-	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
+	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
 	$autosave = wp_get_post_autosave( $post_ID );

 	// Detect if there exists an autosave newer than the post and if that autosave is different than the post
-	if ( $autosave && mysql2date( 'U', $autosave->post_modified_gmt ) > mysql2date( 'U', $post->post_modified_gmt ) ) {
+	if ( $autosave && mysql2date( 'U', $autosave->post_modified_gmt, false ) > mysql2date( 'U', $post->post_modified_gmt, false ) ) {
 		foreach ( _wp_post_revision_fields() as $autosave_field => $_autosave_field ) {
 			if ( normalize_whitespace( $autosave->$autosave_field ) != normalize_whitespace( $post->$autosave_field ) ) {
 				$notice = sprintf( $notices[1], get_edit_post_link( $autosave->ID ) );
@@ -75,22 +76,29 @@ function post_submit_meta_box($post) {

 <?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
 <div style="display:none;">
-<input type="submit" name="save" value="<?php echo attribute_escape( __('Save') ); ?>" />
+<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
 </div>

 <div id="minor-publishing-actions">
 <div id="save-action">
 <?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
-<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
+<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
 <?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
-<input type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
+<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
 <?php } ?>
 </div>

 <div id="preview-action">
-<?php $preview_link = 'publish' == $post->post_status ? clean_url(get_permalink($post->ID)) : clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>
-
-<a class="preview button" href="<?php echo $preview_link; ?>" target="wp-preview" id="post-preview" tabindex="4"><?php _e('Preview'); ?></a>
+<?php
+if ( 'publish' == $post->post_status ) {
+	$preview_link = esc_url(get_permalink($post->ID));
+	$preview_button = __('Preview Changes');
+} else {
+	$preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
+	$preview_button = __('Preview');
+}
+?>
+<a class="preview button" href="<?php echo $preview_link; ?>" target="wp-preview" id="post-preview" tabindex="4"><?php echo $preview_button; ?></a>
 <input type="hidden" name="wp-preview" id="wp-preview" value="" />
 </div>

@@ -100,7 +108,7 @@ function post_submit_meta_box($post) {
 <div id="misc-publishing-actions">

 <div class="misc-pub-section<?php if ( !$can_publish ) { echo '  misc-pub-section-last'; } ?>"><label for="post_status"><?php _e('Status:') ?></label>
-<b><span id="post-status-display">
+<span id="post-status-display">
 <?php
 switch ( $post->post_status ) {
 	case 'private':
@@ -120,12 +128,12 @@ switch ( $post->post_status ) {
 		break;
 }
 ?>
-</span></b>
+</span>
 <?php if ( 'publish' == $post->post_status || 'private' == $post->post_status || $can_publish ) { ?>
 <a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>

 <div id="post-status-select" class="hide-if-js">
-<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo $post->post_status; ?>" />
+<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
 <select name='post_status' id='post_status' tabindex='4'>
 <?php if ( 'publish' == $post->post_status ) : ?>
 <option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@@ -145,7 +153,7 @@ switch ( $post->post_status ) {
 </div><?php // /misc-pub-section ?>

 <div class="misc-pub-section " id="visibility">
-<?php _e('Visibility:'); ?> <b><span id="post-visibility-display"><?php
+<?php _e('Visibility:'); ?> <span id="post-visibility-display"><?php

 if ( 'private' == $post->post_status ) {
 	$post->post_password = '';
@@ -162,18 +170,18 @@ if ( 'private' == $post->post_status ) {
 	$visibility_trans = __('Public');
 }

-?><?php echo wp_specialchars( $visibility_trans ); ?></span></b> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
+?><?php echo esc_html( $visibility_trans ); ?></span> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>

 <div id="post-visibility-select" class="hide-if-js">
-<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attribute_escape($post->post_password); ?>" />
-<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID), true); ?> />
-<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attribute_escape( $visibility ); ?>" />
+<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
+<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
+<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />


 <input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
-<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID), true); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
+<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
-<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /><br /></span>
+<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />

 <p>
@@ -187,7 +195,8 @@ if ( 'private' == $post->post_status ) {


 <?php
-$datef = _c( 'M j, Y @ G:i|Publish box date format');
+// translators: Publish box date formt, see http://php.net/date
+$datef = __( 'M j, Y @ G:i' );
 if ( 0 != $post->ID ) {
 	if ( 'future' == $post->post_status ) { // scheduled for publishing at a future date
 		$stamp = __('Scheduled for: <b>%1$s</b>');
@@ -205,8 +214,8 @@ if ( 0 != $post->ID ) {
 	$stamp = __('Publish <b>immediately</b>');
 	$date = date_i18n( $datef, strtotime( current_time('mysql') ) );
 }
-?>
-<?php if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
+
+if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
 <div class="misc-pub-section curtime misc-pub-section-last">
 	<span id="timestamp">
 	<?php printf($stamp, $date); ?></span>
@@ -224,29 +233,31 @@ if ( 0 != $post->ID ) {
 <div id="delete-action">
 <?php
 if ( ( 'edit' == $action ) && current_user_can('delete_post', $post->ID) ) { ?>
-<a class="submitdelete deletion" href="<?php echo wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
+<a class="submitdelete deletion" href="<?php echo wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
 <?php } ?>
 </div>

 <div id="publishing-action">
 <?php
-if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) { ?>
-<?php if ( current_user_can('publish_posts') ) : ?>
-	<?php if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Schedule') ?>" />
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Schedule') ?>" />
-	<?php else : ?>
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Publish') ?>" />
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
-	<?php endif; ?>
-<?php else : ?>
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Submit for Review') ?>" />
-	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Submit for Review') ?>" />
-<?php endif; ?>
-<?php } else { ?>
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Update Post') ?>" />
-	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Update Post') ?>" />
-<?php } ?>
+if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) {
+	if ( current_user_can('publish_posts') ) :
+		if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
+<?php	else : ?>
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
+<?php	endif;
+	else : ?>
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
+<?php
+	endif;
+} else { ?>
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Post') ?>" />
+		<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Post') ?>" />
+<?php
+} ?>
 </div>
 <div class="clear"></div>
 </div>
@@ -263,14 +274,38 @@ add_meta_box('submitdiv', __('Publish'), 'post_submit_meta_box', 'post', 'side',
 *
 * @param object $post
 */
-function post_tags_meta_box($post) {
+function post_tags_meta_box($post, $box) {
+	$tax_name = esc_attr(substr($box['id'], 8));
+	$taxonomy = get_taxonomy($tax_name);
+	$helps = isset($taxonomy->helps) ? esc_attr($taxonomy->helps) : __('Separate tags with commas.');
 ?>
-<p id="jaxtag"><label class="hidden" for="newtag"><?php _e('Tags'); ?></label><input type="text" name="tags_input" class="tags-input" id="tags-input" size="40" tabindex="3" value="<?php echo get_tags_to_edit( $post->ID ); ?>" /></p>
-<div id="tagchecklist"></div>
-<p id="tagcloud-link" class="hide-if-no-js"><a href='#'><?php _e( 'Choose from the most popular tags' ); ?></a></p>
+<div class="tagsdiv" id="<?php echo $tax_name; ?>">
+	<div class="jaxtag">
+	<div class="nojs-tags hide-if-js">
+	<p><?php _e('Add or remove tags'); ?></p>
+	<textarea name="<?php echo "tax_input[$tax_name]"; ?>" class="the-tags" id="tax-input[<?php echo $tax_name; ?>]"><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>
+
+	<span class="ajaxtag hide-if-no-js">
+		<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>
+		<input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" />
+		<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" />
+	</span></div>
+	<p class="howto"><?php echo $helps; ?></p>
+	<div class="tagchecklist"></div>
+</div>
+<p class="tagcloud-link hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php printf( __('Choose from the most used tags in %s'), $box['title'] ); ?></a></p>
 <?php
 }
-add_meta_box('tagsdiv', __('Tags'), 'post_tags_meta_box', 'post', 'side', 'core');
+
+// all tag-style post taxonomies
+foreach ( get_object_taxonomies('post') as $tax_name ) {
+	if ( !is_taxonomy_hierarchical($tax_name) ) {
+		$taxonomy = get_taxonomy($tax_name);
+		$label = isset($taxonomy->label) ? esc_attr($taxonomy->label) : $tax_name;
+
+		add_meta_box('tagsdiv-' . $tax_name, $label, 'post_tags_meta_box', 'post', 'side', 'core');
+	}
+}

 /**
 * Display post categories form fields.
@@ -282,19 +317,19 @@ add_meta_box('tagsdiv', __('Tags'), 'post_tags_meta_box', 'post', 'side', 'core'
 function post_categories_meta_box($post) {
 ?>
 <ul id="category-tabs">
-	<li class="ui-tabs-selected"><a href="#categories-all" tabindex="3"><?php _e( 'All Categories' ); ?></a></li>
+	<li class="tabs"><a href="#categories-all" tabindex="3"><?php _e( 'All Categories' ); ?></a></li>
 	<li class="hide-if-no-js"><a href="#categories-pop" tabindex="3"><?php _e( 'Most Used' ); ?></a></li>
 </ul>

-<div id="categories-pop" class="ui-tabs-panel" style="display: none;">
+<div id="categories-pop" class="tabs-panel" style="display: none;">
 	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear" >
-		<?php $popular_ids = wp_popular_terms_checklist('category'); ?>
+<?php $popular_ids = wp_popular_terms_checklist('category'); ?>
 	</ul>
 </div>

-<div id="categories-all" class="ui-tabs-panel">
+<div id="categories-all" class="tabs-panel">
 	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
-		<?php wp_category_checklist($post->ID, false, false, $popular_ids) ?>
+<?php wp_category_checklist($post->ID, false, false, $popular_ids) ?>
 	</ul>
 </div>

@@ -302,12 +337,11 @@ function post_categories_meta_box($post) {
 <div id="category-adder" class="wp-hidden-children">
 	<h4><a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a></h4>
 	<p id="category-add" class="wp-hidden-child">
-		<label class="hidden" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
-		<label class="hidden" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
-		<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
-		<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
-		<span id="category-ajax-response"></span>
-	</p>
+	<label class="screen-reader-text" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
+	<label class="screen-reader-text" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
+	<input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" />
+<?php	wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
+	<span id="category-ajax-response"></span></p>
 </div>
 <?php
 endif;
@@ -324,11 +358,9 @@ add_meta_box('categorydiv', __('Categories'), 'post_categories_meta_box', 'post'
 */
 function post_password_meta_box($post) {
 ?>
-<p>
-	<label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="checkbox" value="private" <?php checked($post->post_status, 'private'); ?> tabindex="4" /> <?php _e('Keep this post private') ?></label>
-</p>
+<p><label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="checkbox" value="private" <?php checked($post->post_status, 'private'); ?> tabindex="4" /> <?php _e('Keep this post private') ?></label></p>
 <h4><?php _e( 'Post Password' ); ?></h4>
-<p><label class="hidden" for="post_password"><?php _e('Password Protect This Post') ?></label><input name="post_password" type="text" size="25" id="post_password" value="<?php the_post_password(); ?>" /></p>
+<p><label class="screen-reader-text" for="post_password"><?php _e('Password Protect This Post') ?></label><input name="post_password" type="text" size="25" id="post_password" value="<?php the_post_password(); ?>" /></p>
 <p><?php _e('Setting a password will require people who visit your blog to enter the above password to view this post and its comments.'); ?></p>
 <?php
 }
@@ -343,8 +375,8 @@ function post_password_meta_box($post) {
 */
 function post_excerpt_meta_box($post) {
 ?>
-<label class="hidden" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea>
-<p><?php _e('Excerpts are optional hand-crafted summaries of your content. You can <a href="http://codex.wordpress.org/Template_Tags/the_excerpt" target="_blank">use them in your template</a>'); ?></p>
+<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea>
+<p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
 <?php
 }
 add_meta_box('postexcerpt', __('Excerpt'), 'post_excerpt_meta_box', 'post', 'normal', 'core');
@@ -357,12 +389,12 @@ add_meta_box('postexcerpt', __('Excerpt'), 'post_excerpt_meta_box', 'post', 'nor
 * @param object $post
 */
 function post_trackback_meta_box($post) {
-	$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" tabindex="7" value="'. attribute_escape( str_replace("\n", ' ', $post->to_ping) ) .'" />';
+	$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. esc_attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
 	if ('' != $post->pinged) {
 		$pings = '<p>'. __('Already pinged:') . '</p><ul>';
 		$already_pinged = explode("\n", trim($post->pinged));
 		foreach ($already_pinged as $pinged_url) {
-			$pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
+			$pings .= "\n\t<li>" . esc_html($pinged_url) . "</li>";
 		}
 		$pings .= '</ul>';
 	}
@@ -390,8 +422,7 @@ function post_custom_meta_box($post) {
 <?php
 $metadata = has_meta($post->ID);
 list_meta($metadata);
-meta_form();
-?>
+meta_form(); ?>
 </div>
 <p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
 <?php
@@ -408,41 +439,53 @@ do_action('dbx_post_advanced');
 * @param object $post
 */
 function post_comment_status_meta_box($post) {
-	global $wpdb, $post_ID;
 ?>
 <input name="advanced_view" type="hidden" value="1" />
 <p class="meta-options">
 	<label for="comment_status" class="selectit"> <input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> /> <?php _e('Allow comments on this post') ?></label><br />
-	<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow <a href="http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments" target="_blank">trackbacks and pingbacks</a> on this post') ?></label>
-</p>
+	<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow <a href="http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments" target="_blank">trackbacks and pingbacks</a> on this post') ?></label></p>
 <?php
+}
+add_meta_box('commentstatusdiv', __('Discussion'), 'post_comment_status_meta_box', 'post', 'normal', 'core');
+
+/**
+ * Display comments for post.
+ *
+ * @since 2.8.0
+ *
+ * @param object $post
+ */
+function post_comment_meta_box($post) {
+	global $wpdb, $post_ID;
+
 	$total = $wpdb->get_var($wpdb->prepare("SELECT count(1) FROM $wpdb->comments WHERE comment_post_ID = '%d' AND ( comment_approved = '0' OR comment_approved = '1')", $post_ID));

-	if ( !$post_ID || $post_ID < 0 || 1 > $total )
+	if ( 1 > $total ) {
+		echo '<p>' . __('No comments yet.') . '</p>';
 		return;
+	}

-wp_nonce_field( 'get-comments', 'add_comment_nonce', false );
+	wp_nonce_field( 'get-comments', 'add_comment_nonce', false );
 ?>

 <table class="widefat comments-box fixed" cellspacing="0" style="display:none;">
-<thead>
-	<tr>
+<thead><tr>
    <th scope="col" class="column-author"><?php _e('Author') ?></th>
-    <th scope="col" class="column-comment"><?php echo _c('Comment|noun') ?></th>
-  </tr>
-</thead>
-<tbody id="the-comment-list" class="list:comment">
-</tbody>
+    <th scope="col" class="column-comment">
+<?php /* translators: field name in comment form */ echo _x('Comment', 'noun'); ?></th>
+</tr></thead>
+<tbody id="the-comment-list" class="list:comment"></tbody>
 </table>
-<p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="images/loading.gif" alt="" /></p>
+<p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="images/wpspin_light.gif" alt="" /></p>
 <?php
 	$hidden = get_hidden_meta_boxes('post');
-	if ( ! in_array('commentstatusdiv', $hidden) ) { ?>
-		<script type="text/javascript">commentsBox.get(<?php echo $total; ?>, 10);</script>
+	if ( ! in_array('commentsdiv', $hidden) ) { ?>
+		<script type="text/javascript">jQuery(document).ready(function(){commentsBox.get(<?php echo $total; ?>, 10);});</script>
 <?php
 	}
 }
-add_meta_box('commentstatusdiv', __('Discussion'), 'post_comment_status_meta_box', 'post', 'normal', 'core');
+if ( 'publish' == $post->post_status || 'private' == $post->post_status )
+	add_meta_box('commentsdiv', __('Comments'), 'post_comment_meta_box', 'post', 'normal', 'core');

 /**
 * Display post slug form fields.
@@ -453,7 +496,7 @@ add_meta_box('commentstatusdiv', __('Discussion'), 'post_comment_status_meta_box
 */
 function post_slug_meta_box($post) {
 ?>
-<label class="hidden" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
+<label class="screen-reader-text" for="post_name"><?php _e('Post Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
 <?php
 }
 if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) )
@@ -476,7 +519,7 @@ function post_author_meta_box($post) {
 	if ( $post->post_author && !in_array($post->post_author, $authors) )
 		$authors[] = $post->post_author;
 ?>
-<label class="hidden" for="post_author_override"><?php _e('Post Author'); ?></label><?php wp_dropdown_users( array('include' => $authors, 'name' => 'post_author_override', 'selected' => empty($post->ID) ? $user_ID : $post->post_author) ); ?>
+<label class="screen-reader-text" for="post_author_override"><?php _e('Post Author'); ?></label><?php wp_dropdown_users( array('include' => $authors, 'name' => 'post_author_override', 'selected' => empty($post->ID) ? $user_ID : $post->post_author) ); ?>
 <?php
 }
 add_meta_box('authordiv', __('Post Author'), 'post_author_meta_box', 'post', 'normal', 'core');
@@ -510,7 +553,7 @@ require_once('admin-header.php');

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo esc_html( $title ); ?></h2>
 <?php if ( $notice ) : ?>
 <div id="notice" class="error"><p><?php echo $notice ?></p></div>
 <?php endif; ?>
@@ -528,18 +571,19 @@ else
 ?>

 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" />
-<input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
-<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
-<input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
-<input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
-<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
-<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
-<?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>
+<input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr($form_action) ?>" />
+<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
+<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
+<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
+<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
+<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
+<?php
+if ( 'draft' != $post->post_status )
+	wp_original_referer_field(true, 'previous');

-<?php echo $form_extra ?>
-
-<div id="poststuff" class="metabox-holder">
+echo $form_extra ?>

+<div id="poststuff" class="metabox-holder<?php echo 2 == $screen_layout_columns ? ' has-right-sidebar' : ''; ?>">
 <div id="side-info-column" class="inner-sidebar">

 <?php do_action('submitpost_box'); ?>
@@ -547,21 +591,25 @@ else
 <?php $side_meta_boxes = do_meta_boxes('post', 'side', $post); ?>
 </div>

-<div id="post-body" class="<?php echo $side_meta_boxes ? 'has-sidebar' : ''; ?>">
-<div id="post-body-content" class="has-sidebar-content">
+<div id="post-body">
+<div id="post-body-content">
 <div id="titlediv">
 <div id="titlewrap">
-	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" autocomplete="off" />
+	<label class="screen-reader-text" for="title"><?php _e('Title') ?></label>
+	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
 </div>
 <div class="inside">
-<?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
-<?php if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) ) { ?>
+<?php
+$sample_permalink_html = get_sample_permalink_html($post->ID);
+if ( !( 'pending' == $post->post_status && !current_user_can( 'publish_posts' ) ) ) { ?>
 	<div id="edit-slug-box">
-<?php if ( ! empty($post->ID) && ! empty($sample_permalink_html) ) :
-	echo $sample_permalink_html;
+<?php
+	if ( ! empty($post->ID) && ! empty($sample_permalink_html) ) :
+		echo $sample_permalink_html;
 endif; ?>
 	</div>
-<?php } ?>
+<?php
+} ?>
 </div>
 </div>

@@ -569,32 +617,30 @@ endif; ?>

 <?php the_editor($post->post_content); ?>

-<div id="post-status-info">
-	<span id="wp-word-count" class="alignleft"></span>
-	<span class="alignright">
+<table id="post-status-info" cellspacing="0"><tbody><tr>
+	<td id="wp-word-count"></td>
+	<td class="autosave-info">
 	<span id="autosave">&nbsp;</span>
 <?php
 	if ( $post_ID ) {
 		echo '<span id="last-edit">';
 		if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
 			$last_user = get_userdata($last_id);
-			printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
+			printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
 		} else {
 			printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
 		}
 		echo '</span>';
-	}
-?>
-	</span>
-	<br class="clear" />
-</div>
+	} ?>
+	</td>
+</tr></tbody></table>

-
-<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
-<?php wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?>
-<?php wp_nonce_field( 'getpermalink', 'getpermalinknonce', false ); ?>
-<?php wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); ?>
-<?php wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
+<?php
+wp_nonce_field( 'autosave', 'autosavenonce', false );
+wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
+wp_nonce_field( 'getpermalink', 'getpermalinknonce', false );
+wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false );
+wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
 </div>

 <?php
@@ -605,9 +651,7 @@ do_action('edit_form_advanced');

 do_meta_boxes('post', 'advanced', $post);

-do_action('dbx_post_sidebar');
-
-?>
+do_action('dbx_post_sidebar'); ?>

 </div>
 </div>
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -6,13 +6,18 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
 * @var string
 */
 $submitbutton_text = __('Edit Comment');
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
-$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment->comment_ID . "' />\n<input type='hidden' name='comment_post_ID' value='" . $comment->comment_post_ID;
+$form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . esc_attr($comment->comment_post_ID);
+$comment->comment_author_email = esc_attr($comment->comment_author_email);
 ?>

 <form name="post" action="comment.php" method="post" id="post">
@@ -21,15 +26,9 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 <?php screen_icon(); ?>
 <h2><?php _e('Edit Comment'); ?></h2>

-<div id="poststuff" class="metabox-holder">
+<div id="poststuff" class="metabox-holder has-right-sidebar">
 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
-<?php
-
-$email = attribute_escape( $comment->comment_author_email );
-$url = attribute_escape( $comment->comment_author_url );
-// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
-?>

 <div id="side-info-column" class="inner-sidebar">
 <div id="submitdiv" class="stuffbox" >
@@ -48,14 +47,15 @@ $url = attribute_escape( $comment->comment_author_url );
 <div id="misc-publishing-actions">

 <div class="misc-pub-section" id="comment-status-radio">
-<label class="approved"><input type="radio"<?php checked( $comment->comment_approved, '1' ); ?> name="comment_status" value="1" /><?php echo _c('Approved|adjective') ?></label><br />
-<label class="waiting"><input type="radio"<?php checked( $comment->comment_approved, '0' ); ?> name="comment_status" value="0" /><?php echo _c('Pending|adjective') ?></label><br />
-<label class="spam"><input type="radio"<?php checked( $comment->comment_approved, 'spam' ); ?> name="comment_status" value="spam" /><?php echo _c('Spam|adjective'); ?></label>
+<label class="approved"><input type="radio"<?php checked( $comment->comment_approved, '1' ); ?> name="comment_status" value="1" /><?php /* translators: comment type radio button */ echo _x('Approved', 'adjective') ?></label><br />
+<label class="waiting"><input type="radio"<?php checked( $comment->comment_approved, '0' ); ?> name="comment_status" value="0" /><?php /* translators: comment type radio button */ echo _x('Pending', 'adjective') ?></label><br />
+<label class="spam"><input type="radio"<?php checked( $comment->comment_approved, 'spam' ); ?> name="comment_status" value="spam" /><?php /* translators: comment type radio button */ echo _x('Spam', 'adjective'); ?></label>
 </div>

 <div class="misc-pub-section curtime misc-pub-section-last">
 <?php
-$datef = _c( 'M j, Y @ G:i|Publish box date format');
+// translators: Publish box date formt, see http://php.net/date
+$datef = __( 'M j, Y @ G:i' );
 $stamp = __('Submitted on: <b>%1$s</b>');
 $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
 ?>
@@ -68,10 +68,10 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );

 <div id="major-publishing-actions">
 <div id="delete-action">
-<a class='submitdelete deletion' href='<?php echo wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . wp_get_referer(), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . js_escape(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ) { return true;}return false;\">" . __('Delete'); ?></a>
+<?php echo "<a class='submitdelete deletion' href='" . wp_nonce_url("comment.php?action=deletecomment&amp;c=$comment->comment_ID&amp;_wp_original_http_referer=" . urlencode(wp_get_referer()), 'delete-comment_' . $comment->comment_ID) . "' onclick=\"if ( confirm('" . esc_js(__("You are about to delete this comment. \n  'Cancel' to stop, 'OK' to delete.")) . "') ){return true;}return false;\">" . __('Delete') . "</a>\n"; ?>
 </div>
 <div id="publishing-action">
-<input type="submit" name="save" value="<?php _e('Update Comment'); ?>" tabindex="4" class="button-primary" />
+<input type="submit" name="save" value="<?php esc_attr_e('Update Comment'); ?>" tabindex="4" class="button-primary" />
 </div>
 <div class="clear"></div>
 </div>
@@ -80,40 +80,38 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
 </div>
 </div>

-<div id="post-body" class="has-sidebar">
-<div id="post-body-content" class="has-sidebar-content">
-
+<div id="post-body">
+<div id="post-body-content">
 <div id="namediv" class="stuffbox">
 <h3><label for="name"><?php _e( 'Author' ) ?></label></h3>
 <div class="inside">
-<table class="form-table">
+<table class="form-table editcomment">
 <tbody>
 <tr valign="top">
 	<td class="first"><?php _e( 'Name:' ); ?></td>
-	<td><input type="text" name="newcomment_author" size="30" value="<?php echo attribute_escape( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
+	<td><input type="text" name="newcomment_author" size="30" value="<?php echo esc_attr( $comment->comment_author ); ?>" tabindex="1" id="name" /></td>
 </tr>
 <tr valign="top">
 	<td class="first">
 	<?php
-		if ( $email ) {
+		if ( $comment->comment_author_email ) {
 			printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
 		} else {
 			_e( 'E-mail:' );
 		}
 ?></td>
-	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $email; ?>" tabindex="2" id="email" /></td>
+	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
 </tr>
 <tr valign="top">
 	<td class="first">
 	<?php
-		$url = get_comment_author_url();
-		if ( ! empty( $url ) && 'http://' != $url ) {
-			$link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
+		if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
+			$link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
 			printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
 		} else {
 			_e( 'URL:' );
 		} ?></td>
-	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" value="<?php echo $url; ?>" tabindex="3" /></td>
+	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($comment->comment_author_url); ?>" tabindex="3" /></td>
 </tr>
 </tbody>
 </table>
@@ -128,9 +126,9 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );

 <?php do_meta_boxes('comment', 'normal', $comment); ?>

-<input type="hidden" name="c" value="<?php echo $comment->comment_ID ?>" />
-<input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
-<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
+<input type="hidden" name="c" value="<?php echo esc_attr($comment->comment_ID) ?>" />
+<input type="hidden" name="p" value="<?php echo esc_attr($comment->comment_post_ID) ?>" />
+<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
 <?php wp_original_referer_field(true, 'previous'); ?>
 <input type="hidden" name="noredir" value="1" />

--- a/wp-admin/edit-link-categories.php
+++ b/wp-admin/edit-link-categories.php
@@ -61,9 +61,9 @@ $messages[6] = __('Categories deleted.'); ?>

 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
 </h2>

 <?php if ( isset($_GET['message']) && ( $msg = (int) $_GET['message'] ) ) : ?>
@@ -73,9 +73,9 @@ endif; ?>

 <form class="search-form" action="" method="get">
 <p class="search-box">
-	<label class="hidden" for="link-category-search-input"><?php _e( 'Search Categories' ); ?>:</label>
-	<input type="text" class="search-input" id="link-category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Categories' ); ?>" class="button" />
+	<label class="screen-reader-text" for="link-category-search-input"><?php _e( 'Search Categories' ); ?>:</label>
+	<input type="text" id="link-category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" />
 </p>
 </form>
 <br class="clear" />
@@ -112,7 +112,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-link-categories'); ?>
 </div>

@@ -166,7 +166,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>

 <br class="clear" />
@@ -189,19 +189,19 @@ if ( $page_links )
 	$category = (object) array(); $category->parent = 0; do_action('add_link_category_form_pre', $category); ?>

 <div class="form-wrap">
-<h3><?php _e('Add Category'); ?></h3>
+<h3><?php _e('Add Link Category'); ?></h3>
 <div id="ajax-response"></div>
 <form name="addcat" id="addcat" class="add:the-list: validate" method="post" action="link-category.php">
 <input type="hidden" name="action" value="addcat" />
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-link-category'); ?>

 <div class="form-field form-required">
-	<label for="name"><?php _e('Category name') ?></label>
+	<label for="name"><?php _e('Link Category name') ?></label>
 	<input name="name" id="name" type="text" value="" size="40" aria-required="true" />
 </div>

 <div class="form-field">
-	<label for="slug"><?php _e('Category slug') ?></label>
+	<label for="slug"><?php _e('Link Category slug') ?></label>
 	<input name="slug" id="slug" type="text" value="" size="40" />
 	<p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p>
 </div>
@@ -211,7 +211,7 @@ if ( $page_links )
 	<textarea name="description" id="description" rows="5" cols="40"></textarea>
 </div>

-<p class="submit"><input type="submit" class="button" name="submit" value="<?php _e('Add Category'); ?>" /></p>
+<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p>
 <?php do_action('edit_link_category_form', $category); ?>
 </form>
 </div>
@@ -224,20 +224,5 @@ if ( $page_links )
 </div><!-- /col-container -->
 </div><!-- /wrap -->

-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected link categories.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-/* ]]> */
-</script>
-
 <?php inline_edit_term_row('edit-link-categories'); ?>
 <?php include('admin-footer.php'); ?>
--- a/wp-admin/edit-link-category-form.php
+++ b/wp-admin/edit-link-category-form.php
@@ -6,6 +6,13 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit link categories for this blog.'));
+
 /**
 * @var object
 */
@@ -57,25 +64,26 @@ _fill_empty_link_category($category);
 <?php echo $heading ?>
 <div id="ajax-response"></div>
 <?php echo $form ?>
-<input type="hidden" name="action" value="<?php echo $action ?>" />
-<input type="hidden" name="cat_ID" value="<?php echo $category->term_id ?>" />
+<input type="hidden" name="action" value="<?php echo esc_attr($action) ?>" />
+<input type="hidden" name="cat_ID" value="<?php echo esc_attr($category->term_id) ?>" />
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field($nonce_action); ?>
 	<table class="form-table">
 		<tr class="form-field form-required">
-			<th scope="row" valign="top"><label for="name"><?php _e('Category name') ?></label></th>
-			<td><input name="name" id="name" type="text" value="<?php echo $category->name; ?>" size="40" aria-required="true" /></td>
+			<th scope="row" valign="top"><label for="name"><?php _e('Link Category name') ?></label></th>
+			<td><input name="name" id="name" type="text" value="<?php echo esc_attr($category->name); ?>" size="40" aria-required="true" /></td>
 		</tr>
 		<tr class="form-field">
-			<th scope="row" valign="top"><label for="slug"><?php _e('Category slug') ?></label></th>
-			<td><input name="slug" id="slug" type="text" value="<?php echo attribute_escape(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
+			<th scope="row" valign="top"><label for="slug"><?php _e('Link Category slug') ?></label></th>
+			<td><input name="slug" id="slug" type="text" value="<?php echo esc_attr(apply_filters('editable_slug', $category->slug)); ?>" size="40" /><br />
            <?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></td>
 		</tr>
 		<tr class="form-field">
 			<th scope="row" valign="top"><label for="description"><?php _e('Description (optional)') ?></label></th>
 			<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $category->description; ?></textarea></td>
 		</tr>
+		<?php do_action('edit_link_category_form_fields', $category); ?>
 	</table>
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo $submit_text ?>" /></p>
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo esc_attr($submit_text) ?>" /></p>
 <?php do_action('edit_link_category_form', $category); ?>
 </form>
 </div>
--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -6,6 +6,10 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 if ( ! empty($link_id) ) {
 	$heading = sprintf( __( '<a href="%s">Links</a> / Edit Link' ), 'link-manager.php' );
 	$submit_text = __('Update Link');
@@ -60,7 +64,7 @@ function link_submit_meta_box($link) {

 <?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
 <div style="display:none;">
-<input type="submit" name="save" value="<?php echo attribute_escape( __('Save') ); ?>" />
+<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
 </div>

 <div id="minor-publishing-actions">
@@ -85,15 +89,15 @@ function link_submit_meta_box($link) {
 <div id="delete-action">
 <?php
 if ( !empty($_GET['action']) && 'edit' == $_GET['action'] && current_user_can('manage_links') ) { ?>
-	<a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf(__("You are about to delete this link '%s'\n  'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
+	<a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&amp;link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf(__("You are about to delete this link '%s'\n  'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
 <?php } ?>
 </div>

 <div id="publishing-action">
 <?php if ( !empty($link->link_id) ) { ?>
-	<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php _e('Update Link') ?>" />
+	<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Update Link') ?>" />
 <?php } else { ?>
-	<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php _e('Add Link') ?>" />
+	<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Add Link') ?>" />
 <?php } ?>
 </div>
 <div class="clear"></div>
@@ -113,23 +117,12 @@ add_meta_box('linksubmitdiv', __('Save'), 'link_submit_meta_box', 'link', 'side'
 * @param object $link
 */
 function link_categories_meta_box($link) { ?>
-<div id="category-adder" class="wp-hidden-children">
-	<h4><a id="category-add-toggle" href="#category-add"><?php _e( '+ Add New Category' ); ?></a></h4>
-	<p id="link-category-add" class="wp-hidden-child">
-		<label class="hidden" for="newcat"><?php _e( '+ Add New Category' ); ?></label>
-		<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" aria-required="true" />
-		<input type="button" id="category-add-sumbit" class="add:categorychecklist:linkcategorydiv button" value="<?php _e( 'Add' ); ?>" />
-		<?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?>
-		<span id="category-ajax-response"></span>
-	</p>
-</div>
-
 <ul id="category-tabs">
-	<li class="ui-tabs-selected"><a href="#categories-all"><?php _e( 'All Categories' ); ?></a></li>
+	<li class="tabs"><a href="#categories-all"><?php _e( 'All Categories' ); ?></a></li>
 	<li class="hide-if-no-js"><a href="#categories-pop"><?php _e( 'Most Used' ); ?></a></li>
 </ul>

-<div id="categories-all" class="ui-tabs-panel">
+<div id="categories-all" class="tabs-panel">
 	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
 		<?php
 		if ( isset($link->link_id) )
@@ -140,11 +133,22 @@ function link_categories_meta_box($link) { ?>
 	</ul>
 </div>

-<div id="categories-pop" class="ui-tabs-panel" style="display: none;">
+<div id="categories-pop" class="tabs-panel" style="display: none;">
 	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear">
 		<?php wp_popular_terms_checklist('link_category'); ?>
 	</ul>
 </div>
+
+<div id="category-adder" class="wp-hidden-children">
+	<h4><a id="category-add-toggle" href="#category-add"><?php _e( '+ Add New Category' ); ?></a></h4>
+	<p id="link-category-add" class="wp-hidden-child">
+		<label class="screen-reader-text" for="newcat"><?php _e( '+ Add New Category' ); ?></label>
+		<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" />
+		<input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php esc_attr_e( 'Add' ); ?>" />
+		<?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?>
+		<span id="category-ajax-response"></span>
+	</p>
+</div>
 <?php
 }
 add_meta_box('linkcategorydiv', __('Categories'), 'link_categories_meta_box', 'link', 'normal', 'core');
@@ -157,18 +161,18 @@ add_meta_box('linkcategorydiv', __('Categories'), 'link_categories_meta_box', 'l
 * @param object $link
 */
 function link_target_meta_box($link) { ?>
-<fieldset><legend class="hidden"><?php _e('Target') ?></legend>
-<label for="link_target_blank" class="selectit">
+<fieldset><legend class="screen-reader-text"><span><?php _e('Target') ?></span></legend>
+<p><label for="link_target_blank" class="selectit">
 <input id="link_target_blank" type="radio" name="link_target" value="_blank" <?php echo ( isset( $link->link_target ) && ($link->link_target == '_blank') ? 'checked="checked"' : ''); ?> />
-<code>_blank</code></label><br />
-<label for="link_target_top" class="selectit">
+<?php _e('<code>_blank</code> - new window or tab.'); ?></label></p>
+<p><label for="link_target_top" class="selectit">
 <input id="link_target_top" type="radio" name="link_target" value="_top" <?php echo ( isset( $link->link_target ) && ($link->link_target == '_top') ? 'checked="checked"' : ''); ?> />
-<code>_top</code></label><br />
-<label for="link_target_none" class="selectit">
+<?php _e('<code>_top</code> - current window or tab, with no frames.'); ?></label></p>
+<p><label for="link_target_none" class="selectit">
 <input id="link_target_none" type="radio" name="link_target" value="" <?php echo ( isset( $link->link_target ) && ($link->link_target == '') ? 'checked="checked"' : ''); ?> />
-<?php _e('none') ?></label>
+<?php _e('<code>_none</code> - same window or tab.'); ?></label></p>
 </fieldset>
-<p><?php _e('Choose the frame your link targets. Essentially this means if you choose <code>_blank</code> your link will open in a new window.'); ?></p>
+<p><?php _e('Choose the target frame for your link.'); ?></p>
 <?php
 }
 add_meta_box('linktargetdiv', __('Target'), 'link_target_meta_box', 'link', 'normal', 'core');
@@ -184,104 +188,104 @@ function link_xfn_meta_box($link) {
 ?>
 <table class="editform" style="width: 100%;" cellspacing="2" cellpadding="5">
 	<tr>
-		<th style="width: 20%;" scope="row"><label for="link_rel"><?php _e('rel:') ?></label></th>
-		<td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? $link->link_rel : ''); ?>" /></td>
+		<th style="width: 20%;" scope="row"><label for="link_rel"><?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('rel:') ?></label></th>
+		<td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? esc_attr($link->link_rel) : ''); ?>" /></td>
 	</tr>
 	<tr>
 		<td colspan="2">
 			<table cellpadding="3" cellspacing="5" class="form-table">
 				<tr>
-					<th scope="row"> <?php _e('identity') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('identity') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('identity') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('identity') ?> </span></legend>
 						<label for="me">
 						<input type="checkbox" name="identity" value="me" id="me" <?php xfn_check('identity', 'me'); ?> />
 						<?php _e('another web address of mine') ?></label>
 					</fieldset></td>
 				</tr>
 				<tr>
-					<th scope="row"> <?php _e('friendship') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('friendship') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('friendship') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('friendship') ?> </span></legend>
 						<label for="contact">
-						<input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php _e('contact') ?></label>
+						<input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact', 'radio'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('contact') ?></label>
 						<label for="acquaintance">
-						<input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php _e('acquaintance') ?></label>
+						<input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance', 'radio'); ?> />  <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('acquaintance') ?></label>
 						<label for="friend">
-						<input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php _e('friend') ?></label>
+						<input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend', 'radio'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('friend') ?></label>
 						<label for="friendship">
-						<input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php _e('none') ?></label>
+						<input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship', '', 'radio'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('none') ?></label>
 					</fieldset></td>
 				</tr>
 				<tr>
-					<th scope="row"> <?php _e('physical') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('physical') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('physical') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('physical') ?> </span></legend>
 						<label for="met">
 						<input class="valinp" type="checkbox" name="physical" value="met" id="met" <?php xfn_check('physical', 'met'); ?> />
-						<?php _e('met') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('met') ?></label>
 					</fieldset></td>
 				</tr>
 				<tr>
-					<th scope="row"> <?php _e('professional') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('professional') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('professional') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('professional') ?> </span></legend>
 						<label for="co-worker">
 						<input class="valinp" type="checkbox" name="professional" value="co-worker" id="co-worker" <?php xfn_check('professional', 'co-worker'); ?> />
-						<?php _e('co-worker') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('co-worker') ?></label>
 						<label for="colleague">
 						<input class="valinp" type="checkbox" name="professional" value="colleague" id="colleague" <?php xfn_check('professional', 'colleague'); ?> />
-						<?php _e('colleague') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('colleague') ?></label>
 					</fieldset></td>
 				</tr>
 				<tr>
-					<th scope="row"> <?php _e('geographical') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('geographical') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('geographical') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('geographical') ?> </span></legend>
 						<label for="co-resident">
 						<input class="valinp" type="radio" name="geographical" value="co-resident" id="co-resident" <?php xfn_check('geographical', 'co-resident', 'radio'); ?> />
-						<?php _e('co-resident') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('co-resident') ?></label>
 						<label for="neighbor">
 						<input class="valinp" type="radio" name="geographical" value="neighbor" id="neighbor" <?php xfn_check('geographical', 'neighbor', 'radio'); ?> />
-						<?php _e('neighbor') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('neighbor') ?></label>
 						<label for="geographical">
 						<input class="valinp" type="radio" name="geographical" value="" id="geographical" <?php xfn_check('geographical', '', 'radio'); ?> />
-						<?php _e('none') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('none') ?></label>
 					</fieldset></td>
 				</tr>
 				<tr>
-					<th scope="row"> <?php _e('family') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('family') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('family') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('family') ?> </span></legend>
 						<label for="child">
 						<input class="valinp" type="radio" name="family" value="child" id="child" <?php xfn_check('family', 'child', 'radio'); ?>  />
-						<?php _e('child') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('child') ?></label>
 						<label for="kin">
 						<input class="valinp" type="radio" name="family" value="kin" id="kin" <?php xfn_check('family', 'kin', 'radio'); ?>  />
-						<?php _e('kin') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('kin') ?></label>
 						<label for="parent">
 						<input class="valinp" type="radio" name="family" value="parent" id="parent" <?php xfn_check('family', 'parent', 'radio'); ?> />
-						<?php _e('parent') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('parent') ?></label>
 						<label for="sibling">
 						<input class="valinp" type="radio" name="family" value="sibling" id="sibling" <?php xfn_check('family', 'sibling', 'radio'); ?> />
-						<?php _e('sibling') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('sibling') ?></label>
 						<label for="spouse">
 						<input class="valinp" type="radio" name="family" value="spouse" id="spouse" <?php xfn_check('family', 'spouse', 'radio'); ?> />
-						<?php _e('spouse') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('spouse') ?></label>
 						<label for="family">
 						<input class="valinp" type="radio" name="family" value="" id="family" <?php xfn_check('family', '', 'radio'); ?> />
-						<?php _e('none') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('none') ?></label>
 					</fieldset></td>
 				</tr>
 				<tr>
-					<th scope="row"> <?php _e('romantic') ?> </th>
-					<td><fieldset><legend class="hidden"> <?php _e('romantic') ?> </legend>
+					<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('romantic') ?> </th>
+					<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('romantic') ?> </span></legend>
 						<label for="muse">
 						<input class="valinp" type="checkbox" name="romantic" value="muse" id="muse" <?php xfn_check('romantic', 'muse'); ?> />
-						<?php _e('muse') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('muse') ?></label>
 						<label for="crush">
 						<input class="valinp" type="checkbox" name="romantic" value="crush" id="crush" <?php xfn_check('romantic', 'crush'); ?> />
-						<?php _e('crush') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('crush') ?></label>
 						<label for="date">
 						<input class="valinp" type="checkbox" name="romantic" value="date" id="date" <?php xfn_check('romantic', 'date'); ?> />
-						<?php _e('date') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('date') ?></label>
 						<label for="romantic">
 						<input class="valinp" type="checkbox" name="romantic" value="sweetheart" id="romantic" <?php xfn_check('romantic', 'sweetheart'); ?> />
-						<?php _e('sweetheart') ?></label>
+						<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('sweetheart') ?></label>
 					</fieldset></td>
 				</tr>
 			</table>
@@ -305,11 +309,11 @@ function link_advanced_meta_box($link) {
 <table class="form-table" style="width: 100%;" cellspacing="2" cellpadding="5">
 	<tr class="form-field">
 		<th valign="top"  scope="row"><label for="link_image"><?php _e('Image Address') ?></label></th>
-		<td><input type="text" name="link_image" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? $link->link_image : ''); ?>" style="width: 95%" /></td>
+		<td><input type="text" name="link_image" class="code" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? esc_attr($link->link_image) : ''); ?>" style="width: 95%" /></td>
 	</tr>
 	<tr class="form-field">
 		<th valign="top"  scope="row"><label for="rss_uri"><?php _e('RSS Address') ?></label></th>
-		<td><input name="link_rss" type="text" id="rss_uri" value="<?php echo  ( isset( $link->link_rss ) ? $link->link_rss : ''); ?>" size="50" style="width: 95%" /></td>
+		<td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo  ( isset( $link->link_rss ) ? esc_attr($link->link_rss) : ''); ?>" size="50" style="width: 95%" /></td>
 	</tr>
 	<tr class="form-field">
 		<th valign="top"  scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
@@ -320,7 +324,7 @@ function link_advanced_meta_box($link) {
 		<td><select name="link_rating" id="link_rating" size="1">
 		<?php
 			for ($r = 0; $r < 10; $r++) {
-				echo('            <option value="'.$r.'" ');
+				echo('            <option value="'. esc_attr($r) .'" ');
 				if ( isset($link->link_rating) && $link->link_rating == $r)
 					echo 'selected="selected"';
 				echo('>'.$r.'</option>');
@@ -340,11 +344,9 @@ do_action('do_meta_boxes', 'link', 'side', $link);
 require_once ('admin-header.php');

 ?>
-
-
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo esc_html( $title ); ?></h2>

 <?php if ( isset( $_GET['added'] ) ) : ?>
 <div id="message" class="updated fade"><p><?php _e('Link added.'); ?></p></div>
@@ -360,7 +362,7 @@ wp_nonce_field( $nonce_action );
 wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
 wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>

-<div id="poststuff" class="metabox-holder">
+<div id="poststuff" class="metabox-holder<?php echo 2 == $screen_layout_columns ? ' has-right-sidebar' : ''; ?>">

 <div id="side-info-column" class="inner-sidebar">
 <?php
@@ -371,12 +373,12 @@ $side_meta_boxes = do_meta_boxes( 'link', 'side', $link );
 ?>
 </div>

-<div id="post-body" class="<?php echo $side_meta_boxes ? 'has-sidebar' : ''; ?>">
-<div id="post-body-content" class="has-sidebar-content">
+<div id="post-body">
+<div id="post-body-content">
 <div id="namediv" class="stuffbox">
 <h3><label for="link_name"><?php _e('Name') ?></label></h3>
 <div class="inside">
-	<input type="text" name="link_name" size="30" tabindex="1" value="<?php echo $link->link_name; ?>" id="link_name" />
+	<input type="text" name="link_name" size="30" tabindex="1" value="<?php echo esc_attr($link->link_name); ?>" id="link_name" />
    <p><?php _e('Example: Nifty blogging software'); ?></p>
 </div>
 </div>
@@ -384,7 +386,7 @@ $side_meta_boxes = do_meta_boxes( 'link', 'side', $link );
 <div id="addressdiv" class="stuffbox">
 <h3><label for="link_url"><?php _e('Web Address') ?></label></h3>
 <div class="inside">
-	<input type="text" name="link_url" size="30" tabindex="1" value="<?php echo $link->link_url; ?>" id="link_url" />
+	<input type="text" name="link_url" size="30" class="code" tabindex="1" value="<?php echo esc_attr($link->link_url); ?>" id="link_url" />
    <p><?php _e('Example: <code>http://wordpress.org/</code> &#8212; don&#8217;t forget the <code>http://</code>'); ?></p>
 </div>
 </div>
@@ -392,7 +394,7 @@ $side_meta_boxes = do_meta_boxes( 'link', 'side', $link );
 <div id="descriptiondiv" class="stuffbox">
 <h3><label for="link_description"><?php _e('Description') ?></label></h3>
 <div class="inside">
-	<input type="text" name="link_description" size="30" tabindex="1" value="<?php echo isset($link->link_description) ? $link->link_description : ''; ?>" id="link_description" />
+	<input type="text" name="link_description" size="30" tabindex="1" value="<?php echo isset($link->link_description) ? esc_attr($link->link_description) : ''; ?>" id="link_description" />
    <p><?php _e('This will be shown when someone hovers over the link in the blogroll, or optionally below the link.'); ?></p>
 </div>
 </div>
@@ -406,7 +408,7 @@ do_meta_boxes('link', 'advanced', $link);
 if ( $link_id ) : ?>
 <input type="hidden" name="action" value="save" />
 <input type="hidden" name="link_id" value="<?php echo (int) $link_id; ?>" />
-<input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
+<input type="hidden" name="order_by" value="<?php echo esc_attr($order_by); ?>" />
 <input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
 <?php else: ?>
 <input type="hidden" name="action" value="add" />
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -6,6 +6,10 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
 * Post ID global.
 * @name $post_ID
@@ -18,10 +22,9 @@ if ( ! isset( $temp_ID ) )

 if ( isset($_GET['message']) )
 	$_GET['message'] = absint( $_GET['message'] );
-$messages[1] = sprintf( __( 'Page updated. Continue editing below or <a href="%s">go back</a>.' ), attribute_escape( stripslashes( ( isset( $_GET['_wp_original_http_referer'] ) ? $_GET['_wp_original_http_referer'] : '') ) ) );
+$messages[1] = sprintf(__('Page updated. <a href="%s">View page</a>'), get_permalink($post_ID));
 $messages[2] = __('Custom field updated.');
 $messages[3] = __('Custom field deleted.');
-$messages[4] = __('Page updated.');
 $messages[5] = sprintf(__('Page published. <a href="%s">View page</a>'), get_permalink($post_ID));
 $messages[6] = sprintf(__('Page submitted. <a href="%s">Preview page</a>'), add_query_arg( 'preview', 'true', get_permalink($post_ID) ) );

@@ -42,7 +45,7 @@ if ( 0 == $post_ID) {
 	$nonce_action = 'update-page_' . $post_ID;
 	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
 	$autosave = wp_get_post_autosave( $post_ID );
-	if ( $autosave && mysql2date( 'U', $autosave->post_modified_gmt ) > mysql2date( 'U', $post->post_modified_gmt ) )
+	if ( $autosave && mysql2date( 'U', $autosave->post_modified_gmt, false ) > mysql2date( 'U', $post->post_modified_gmt, false ) )
 		$notice = sprintf( $notices[1], get_edit_post_link( $autosave->ID ) );
 }

@@ -67,22 +70,29 @@ function page_submit_meta_box($post) {

 <?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
 <div style="display:none;">
-<input type="submit" name="save" value="<?php echo attribute_escape( __('Save') ); ?>" />
+<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
 </div>

 <div id="minor-publishing-actions">
 <div id="save-action">
 <?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status )  { ?>
-<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save Draft') ); ?>" tabindex="4" class="button button-highlighted" />
+<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
 <?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
-<input type="submit" name="save" id="save-post" value="<?php echo attribute_escape( __('Save as Pending') ); ?>" tabindex="4" class="button button-highlighted" />
+<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
 <?php } ?>
 </div>

 <div id="preview-action">
-<?php $preview_link = 'publish' == $post->post_status ? clean_url(get_permalink($post->ID)) : clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>
-
-<a class="preview button" href="<?php echo $preview_link; ?>" target="wp-preview" id="post-preview" tabindex="4"><?php _e('Preview'); ?></a>
+<?php
+if ( 'publish' == $post->post_status ) {
+	$preview_link = esc_url(get_permalink($post->ID));
+	$preview_button = __('Preview Changes');
+} else {
+	$preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
+	$preview_button = __('Preview');
+}
+?>
+<a class="preview button" href="<?php echo $preview_link; ?>" target="wp-preview" id="post-preview" tabindex="4"><?php echo $preview_button; ?></a>
 <input type="hidden" name="wp-preview" id="wp-preview" value="" />
 </div>

@@ -92,7 +102,7 @@ function page_submit_meta_box($post) {
 <div id="misc-publishing-actions">

 <div class="misc-pub-section<?php if ( !$can_publish ) { echo ' misc-pub-section-last'; } ?>"><label for="post_status"><?php _e('Status:') ?></label>
-<b><span id="post-status-display">
+<span id="post-status-display">
 <?php
 switch ( $post->post_status ) {
 	case 'private':
@@ -112,12 +122,12 @@ switch ( $post->post_status ) {
 		break;
 }
 ?>
-</span></b>
+</span>
 <?php if ( 'publish' == $post->post_status || 'private' == $post->post_status || $can_publish ) { ?>
 <a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>

 <div id="post-status-select" class="hide-if-js">
-<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo $post->post_status; ?>" />
+<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr($post->post_status); ?>" />
 <select name='post_status' id='post_status' tabindex='4'>
 <?php if ( 'publish' == $post->post_status ) : ?>
 <option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
@@ -138,7 +148,7 @@ switch ( $post->post_status ) {
 </div><?php // /misc-pub-section ?>

 <div class="misc-pub-section " id="visibility">
-<?php _e('Visibility:'); ?> <b><span id="post-visibility-display"><?php
+<?php _e('Visibility:'); ?> <span id="post-visibility-display"><?php

 if ( 'private' == $post->post_status ) {
 	$post->post_password = '';
@@ -152,29 +162,29 @@ if ( 'private' == $post->post_status ) {
 	$visibility_trans = __('Public');
 }

-?><?php echo wp_specialchars( $visibility_trans ); ?></span></b> <?php if ( $can_publish ) { ?> <a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
+echo esc_html( $visibility_trans ); ?></span>
+<?php if ( $can_publish ) { ?>
+<a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>

 <div id="post-visibility-select" class="hide-if-js">
-<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo attribute_escape($post->post_password); ?>" />
-<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo attribute_escape( $visibility ); ?>" />
-
+<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
+<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />

 <input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
 <input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
-<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /><br /></span>
+<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
 <input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />

-<p>
- <a href="#visibility" class="save-post-visibility hide-if-no-js button"><?php _e('OK'); ?></a>
- <a href="#visibility" class="cancel-post-visibility hide-if-no-js"><?php _e('Cancel'); ?></a>
-</p>
+<p><a href="#visibility" class="save-post-visibility hide-if-no-js button"><?php _e('OK'); ?></a>
+<a href="#visibility" class="cancel-post-visibility hide-if-no-js"><?php _e('Cancel'); ?></a></p>
 </div>
 <?php } ?>

 </div><?php // /misc-pub-section ?>

 <?php
-$datef = _c( 'M j, Y @ G:i|Publish box date format');
+// translators: Publish box date formt, see http://php.net/date
+$datef = __( 'M j, Y @ G:i' );
 if ( 0 != $post->ID ) {
 	if ( 'future' == $post->post_status ) { // scheduled for publishing at a future date
 		$stamp = __('Scheduled for: <b>%1$s</b>');
@@ -192,15 +202,14 @@ if ( 0 != $post->ID ) {
 	$stamp = __('Publish <b>immediately</b>');
 	$date = date_i18n( $datef, strtotime( current_time('mysql') ) );
 }
-?>
-<?php if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
+
+if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
 <div class="misc-pub-section curtime misc-pub-section-last">
-	<span id="timestamp">
-	<?php printf($stamp, $date); ?></span>
+	<span id="timestamp"><?php printf($stamp, $date); ?></span>
 	<a href="#edit_timestamp" class="edit-timestamp hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
 	<div id="timestampdiv" class="hide-if-js"><?php touch_time(($action == 'edit'),1,4); ?></div>
-</div><?php // /misc-pub-section ?>
-<?php endif; ?>
+</div><?php // /misc-pub-section
+endif; ?>

 </div>
 <div class="clear"></div>
@@ -211,29 +220,32 @@ if ( 0 != $post->ID ) {
 <div id="delete-action">
 <?php
 if ( ( 'edit' == $action ) && current_user_can('delete_page', $post->ID) ) { ?>
-<a class="submitdelete deletion" href="<?php echo wp_nonce_url("page.php?action=delete&amp;post=$post->ID", 'delete-page_' . $post->ID); ?>" onclick="if ( confirm('<?php echo js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
+<a class="submitdelete deletion" href="<?php echo wp_nonce_url("page.php?action=delete&amp;post=$post->ID", 'delete-page_' . $post->ID); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n  'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n  'Cancel' to stop, 'OK' to delete."), $post->post_title )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
 <?php } ?>
 </div>

 <div id="publishing-action">
 <?php
 if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) || 0 == $post->ID ) { ?>
-<?php if ( $can_publish ) : ?>
-	<?php if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Schedule') ?>" />
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Schedule') ?>" />
-	<?php else : ?>
-		<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Publish') ?>" />
-		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" />
-	<?php endif; ?>
-<?php else : ?>
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Submit for Review') ?>" />
-	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Submit for Review') ?>" />
-<?php endif; ?>
-<?php } else { ?>
-	<input name="original_publish" type="hidden" id="original_publish" value="<?php _e('Update Page') ?>" />
-	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php _e('Update Page') ?>" />
-<?php } ?>
+<?php
+	if ( $can_publish ) :
+		if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
+<?php	else : ?>
+		<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
+		<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
+<?php	endif;
+	else : ?>
+	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
+	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
+<?php
+	endif;
+} else { ?>
+	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update Page') ?>" />
+	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update Page') ?>" />
+<?php
+} ?>
 </div>
 <div class="clear"></div>
 </div>
@@ -253,7 +265,7 @@ function page_password_meta_box($post){
 ?>
 <p><label for="post_status_private" class="selectit"><input id="post_status_private" name="post_status" type="checkbox" value="private" <?php checked($post->post_status, 'private'); ?> tabindex='4' /> <?php _e('Keep this page private') ?></label></p>
 <h4><?php _e( 'Page Password' ); ?></h4>
-<p><label class="hidden" for="post_password"><?php _e('Password Protect This Page') ?></label><input name="post_password" type="text" size="25" id="post_password" value="<?php the_post_password(); ?>" /></p>
+<p><label class="screen-reader-text" for="post_password"><?php _e('Password Protect This Page') ?></label><input name="post_password" type="text" size="25" id="post_password" value="<?php the_post_password(); ?>" /></p>
 <p><?php _e('Setting a password will require people who visit your blog to enter the above password to view this page and its comments.'); ?></p>
 <?php
 }
@@ -269,23 +281,21 @@ function page_password_meta_box($post){
 function page_attributes_meta_box($post){
 ?>
 <h5><?php _e('Parent') ?></h5>
-<label class="hidden" for="parent_id"><?php _e('Page Parent') ?></label>
+<label class="screen-reader-text" for="parent_id"><?php _e('Page Parent') ?></label>
 <?php wp_dropdown_pages(array('exclude_tree' => $post->ID, 'selected' => $post->post_parent, 'name' => 'parent_id', 'show_option_none' => __('Main Page (no parent)'), 'sort_column'=> 'menu_order, post_title')); ?>
 <p><?php _e('You can arrange your pages in hierarchies, for example you could have an &#8220;About&#8221; page that has &#8220;Life Story&#8221; and &#8220;My Dog&#8221; pages under it. There are no limits to how deeply nested you can make pages.'); ?></p>
 <?php
-	if ( 0 != count( get_page_templates() ) ) {
-?>
+	if ( 0 != count( get_page_templates() ) ) { ?>
 <h5><?php _e('Template') ?></h5>
-<label class="hidden" for="page_template"><?php _e('Page Template') ?></label><select name="page_template" id="page_template">
+<label class="screen-reader-text" for="page_template"><?php _e('Page Template') ?></label><select name="page_template" id="page_template">
 <option value='default'><?php _e('Default Template'); ?></option>
 <?php page_template_dropdown($post->page_template); ?>
 </select>
 <p><?php _e('Some themes have custom templates you can use for certain pages that might have additional features or custom layouts. If so, you&#8217;ll see them above.'); ?></p>
 <?php
-	}
-?>
+	} ?>
 <h5><?php _e('Order') ?></h5>
-<p><label class="hidden" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $post->menu_order ?>" /></p>
+<p><label class="screen-reader-text" for="menu_order"><?php _e('Page Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo esc_attr($post->menu_order) ?>" /></p>
 <p><?php _e('Pages are usually ordered alphabetically, but you can put a number above to change the order pages appear in. (We know this is a little janky, it&#8217;ll be better in future releases.)'); ?></p>
 <?php
 }
@@ -302,11 +312,10 @@ function page_custom_meta_box($post){
 ?>
 <div id="postcustomstuff">
 <?php
-$metadata = has_meta($post->ID);
-list_meta($metadata);
-meta_form();
-?>
-<div id="ajax-response"></div>
+	$metadata = has_meta($post->ID);
+	list_meta($metadata);
+	meta_form(); ?>
+	<div id="ajax-response"></div>
 </div>
 <p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
 <?php
@@ -341,7 +350,7 @@ add_meta_box('pagecommentstatusdiv', __('Discussion'), 'page_comments_status_met
 */
 function page_slug_meta_box($post){
 ?>
-<label class="hidden" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape( $post->post_name ); ?>" />
+<label class="screen-reader-text" for="post_name"><?php _e('Page Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
 <?php
 }
 add_meta_box('pageslugdiv', __('Page Slug'), 'page_slug_meta_box', 'page', 'normal', 'core');
@@ -363,7 +372,7 @@ if ( $authors && count( $authors ) > 1 ) {
 		if ( $post->post_author && !in_array($post->post_author, $authors) )
 			$authors[] = $post->post_author;
 ?>
-<label class="hidden" for="post_author_override"><?php _e('Page Author'); ?></label><?php wp_dropdown_users( array('include' => $authors, 'name' => 'post_author_override', 'selected' => empty($post->ID) ? $user_ID : $post->post_author) ); ?>
+<label class="screen-reader-text" for="post_author_override"><?php _e('Page Author'); ?></label><?php wp_dropdown_users( array('include' => $authors, 'name' => 'post_author_override', 'selected' => empty($post->ID) ? $user_ID : $post->post_author) ); ?>
 <?php
 	}
 	add_meta_box('pageauthordiv', __('Page Author'), 'page_author_meta_box', 'page', 'normal', 'core');
@@ -392,7 +401,7 @@ require_once('admin-header.php');

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo esc_html( $title ); ?></h2>

 <form name="post" action="page.php" method="post" id="post">
 <?php if ( $notice ) : ?>
@@ -409,33 +418,29 @@ if (isset($mode) && 'bookmarklet' == $mode)
 	echo '<input type="hidden" name="mode" value="bookmarklet" />';
 ?>
 <input type="hidden" id="user-id" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
-<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
-<input type="hidden" id="post_author" name="post_author" value="<?php echo attribute_escape( $post->post_author ); ?>" />
+<input type="hidden" id="hiddenaction" name="action" value='<?php echo esc_attr($form_action) ?>' />
+<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr($form_action) ?>" />
+<input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr( $post->post_author ); ?>" />
 <?php echo $form_extra ?>
-<input type="hidden" id="post_type" name="post_type" value="<?php echo $post->post_type ?>" />
-<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status ?>" />
-<input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" />
+<input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post->post_type) ?>" />
+<input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status) ?>" />
+<input name="referredby" type="hidden" id="referredby" value="<?php echo esc_url(stripslashes(wp_get_referer())); ?>" />
 <?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?>

-<div id="poststuff" class="metabox-holder">
+<div id="poststuff" class="metabox-holder<?php echo 2 == $screen_layout_columns ? ' has-right-sidebar' : ''; ?>">

 <div id="side-info-column" class="inner-sidebar">
-
 <?php
-
 do_action('submitpage_box');
-$side_meta_boxes = do_meta_boxes('page', 'side', $post);
-
-?>
+$side_meta_boxes = do_meta_boxes('page', 'side', $post); ?>
 </div>

-<div id="post-body" class="<?php echo $side_meta_boxes ? 'has-sidebar' : ''; ?>">
-<div id="post-body-content" class="has-sidebar-content">
-
+<div id="post-body">
+<div id="post-body-content">
 <div id="titlediv">
 <div id="titlewrap">
-  <input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape( $post->post_title ); ?>" id="title" autocomplete="off" />
+	<label class="screen-reader-text" for="title"><?php _e('Title') ?></label>
+	<input type="text" name="post_title" size="30" tabindex="1" value="<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>" id="title" autocomplete="off" />
 </div>
 <div class="inside">
 <?php $sample_permalink_html = get_sample_permalink_html($post->ID); ?>
@@ -450,38 +455,36 @@ endif; ?>
 <div id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>" class="postarea">

 <?php the_editor($post->post_content); ?>
-<div id="post-status-info">
-	<span id="wp-word-count" class="alignleft"></span>
-	<span class="alignright">
+<table id="post-status-info" cellspacing="0"><tbody><tr>
+	<td id="wp-word-count"></td>
+	<td class="autosave-info">
 	<span id="autosave">&nbsp;</span>

 <?php
 	if ($post_ID) {
 		if ( $last_id = get_post_meta($post_ID, '_edit_last', true) ) {
 			$last_user = get_userdata($last_id);
-			printf(__('Last edited by %1$s on %2$s at %3$s'), wp_specialchars( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
+			printf(__('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
 		} else {
 			printf(__('Last edited on %1$s at %2$s'), mysql2date(get_option('date_format'), $post->post_modified), mysql2date(get_option('time_format'), $post->post_modified));
 		}
 	}
 ?>
-	</span>
-	<br class="clear" />
-</div>
+	</td>
+</tr></tbody></table>

-<?php wp_nonce_field( 'autosave', 'autosavenonce', false ); ?>
-<?php wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?>
-<?php wp_nonce_field( 'getpermalink', 'getpermalinknonce', false ); ?>
-<?php wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); ?>
-<?php wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
+<?php
+wp_nonce_field( 'autosave', 'autosavenonce', false );
+wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
+wp_nonce_field( 'getpermalink', 'getpermalinknonce', false );
+wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false );
+wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?>
 </div>

 <?php
-
 do_meta_boxes('page', 'normal', $post);
 do_action('edit_page_form');
 do_meta_boxes('page', 'advanced', $post);
-
 ?>

 </div>
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_pages') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Handle bulk actions
 if ( isset($_GET['action']) && ( -1 != $_GET['action'] || -1 != $_GET['action2'] ) ) {
 	$doaction = ( -1 != $_GET['action'] ) ? $_GET['action'] : $_GET['action2'];
@@ -75,14 +78,16 @@ $parent_file = 'edit-pages.php';
 wp_enqueue_script('inline-edit-post');

 $post_stati  = array(	//	array( adj, noun )
-		'publish' => array(__('Published|page'), __('Published pages'), _n_noop('Published <span class="count">(%s)</span>|page', 'Published <span class="count">(%s)</span>')),
-		'future' => array(__('Scheduled|page'), __('Scheduled pages'), _n_noop('Scheduled <span class="count">(%s)</span>|page', 'Scheduled <span class="count">(%s)</span>')),
-		'pending' => array(__('Pending Review|page'), __('Pending pages'), _n_noop('Pending Review <span class="count">(%s)</span>|page', 'Pending Review <span class="count">(%s)</span>')),
-		'draft' => array(__('Draft|page'), _c('Drafts|manage posts header'), _n_noop('Draft <span class="count">(%s)</span>|page', 'Drafts <span class="count">(%s)</span>')),
-		'private' => array(__('Private|page'), __('Private pages'), _n_noop('Private <span class="count">(%s)</span>|page', 'Private <span class="count">(%s)</span>'))
+		'publish' => array(_x('Published', 'page'), __('Published pages'), _nx_noop('Published <span class="count">(%s)</span>', 'Published <span class="count">(%s)</span>', 'page')),
+		'future' => array(_x('Scheduled', 'page'), __('Scheduled pages'), _nx_noop('Scheduled <span class="count">(%s)</span>', 'Scheduled <span class="count">(%s)</span>', 'page')),
+		'pending' => array(_x('Pending Review', 'page'), __('Pending pages'), _nx_noop('Pending Review <span class="count">(%s)</span>', 'Pending Review <span class="count">(%s)</span>', 'page')),
+		'draft' => array(_x('Draft', 'page'), _x('Drafts', 'manage posts header'), _nx_noop('Draft <span class="count">(%s)</span>', 'Drafts <span class="count">(%s)</span>', 'page')),
+		'private' => array(_x('Private', 'page'), __('Private pages'), _nx_noop('Private <span class="count">(%s)</span>', 'Private <span class="count">(%s)</span>', 'page'))
 	);

-$query = array('post_type' => 'page', 'orderby' => 'menu_order title', 'what_to_show' => 'posts',
+$post_stati = apply_filters('page_stati', $post_stati);
+
+$query = array('post_type' => 'page', 'orderby' => 'menu_order title',
 	'posts_per_page' => -1, 'posts_per_archive_page' => -1, 'order' => 'asc');

 $post_status_label = __('Pages');
@@ -104,30 +109,30 @@ require_once('admin-header.php'); ?>

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( get_search_query() ) ); ?>
 </h2>

 <?php if ( isset($_GET['locked']) || isset($_GET['skipped']) || isset($_GET['updated']) || isset($_GET['deleted']) ) { ?>
 <div id="message" class="updated fade"><p>
 <?php if ( isset($_GET['updated']) && (int) $_GET['updated'] ) {
-	printf( __ngettext( '%s page updated.', '%s pages updated.', $_GET['updated'] ), number_format_i18n( $_GET['updated'] ) );
+	printf( _n( '%s page updated.', '%s pages updated.', $_GET['updated'] ), number_format_i18n( $_GET['updated'] ) );
 	unset($_GET['updated']);
 }

 if ( isset($_GET['skipped']) && (int) $_GET['skipped'] ) {
-	printf( __ngettext( '%s page not updated, invalid parent page specified.', '%s pages not updated, invalid parent page specified.', $_GET['skipped'] ), number_format_i18n( $_GET['skipped'] ) );
+	printf( _n( '%s page not updated, invalid parent page specified.', '%s pages not updated, invalid parent page specified.', $_GET['skipped'] ), number_format_i18n( $_GET['skipped'] ) );
 	unset($_GET['skipped']);
 }

 if ( isset($_GET['locked']) && (int) $_GET['locked'] ) {
-	printf( __ngettext( '%s page not updated, somebody is editing it.', '%s pages not updated, somebody is editing them.', $_GET['locked'] ), number_format_i18n( $_GET['skipped'] ) );
+	printf( _n( '%s page not updated, somebody is editing it.', '%s pages not updated, somebody is editing them.', $_GET['locked'] ), number_format_i18n( $_GET['skipped'] ) );
 	unset($_GET['locked']);
 }

 if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) {
-	printf( __ngettext( 'Page deleted.', '%s pages deleted.', $_GET['deleted'] ), number_format_i18n( $_GET['deleted'] ) );
+	printf( _n( 'Page deleted.', '%s pages deleted.', $_GET['deleted'] ), number_format_i18n( $_GET['deleted'] ) );
 	unset($_GET['deleted']);
 }
 $_SERVER['REQUEST_URI'] = remove_query_arg( array('locked', 'skipped', 'updated', 'deleted'), $_SERVER['REQUEST_URI'] );
@@ -150,7 +155,7 @@ $status_links = array();
 $num_posts = wp_count_posts('page', 'readable');
 $total_posts = array_sum( (array) $num_posts );
 $class = empty($_GET['post_status']) ? ' class="current"' : '';
-$status_links[] = "<li><a href='edit-pages.php'$class>" . sprintf( __ngettext( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_posts ), number_format_i18n( $total_posts ) ) . '</a>';
+$status_links[] = "<li><a href='edit-pages.php'$class>" . sprintf( _nx( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_posts, 'pages' ), number_format_i18n( $total_posts ) ) . '</a>';
 foreach ( $post_stati as $status => $label ) {
 	$class = '';

@@ -160,7 +165,7 @@ foreach ( $post_stati as $status => $label ) {
 	if ( isset( $_GET['post_status'] ) && $status == $_GET['post_status'] )
 		$class = ' class="current"';

-	$status_links[] = "<li><a href='edit-pages.php?post_status=$status'$class>" . sprintf( _nc( $label[2][0], $label[2][1], $num_posts->$status ), number_format_i18n( $num_posts->$status ) ) . '</a>';
+	$status_links[] = "<li><a href='edit-pages.php?post_status=$status'$class>" . sprintf( _nx( $label[2][0], $label[2][1], $num_posts->$status, $label[2][2] ), number_format_i18n( $num_posts->$status ) ) . '</a>';
 }
 echo implode( " |</li>\n", $status_links ) . '</li>';
 unset($status_links);
@@ -169,13 +174,13 @@ endif;
 </ul>

 <p class="search-box">
-	<label class="hidden" for="page-search-input"><?php _e( 'Search Pages' ); ?>:</label>
-	<input type="text" class="search-input" id="page-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Pages' ); ?>" class="button" />
+	<label class="screen-reader-text" for="page-search-input"><?php _e( 'Search Pages' ); ?>:</label>
+	<input type="text" id="page-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Pages' ); ?>" class="button" />
 </p>

 <?php if ( isset($_GET['post_status'] ) ) : ?>
-<input type="hidden" name="post_status" value="<?php echo attribute_escape($_GET['post_status']) ?>" />
+<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" />
 <?php endif; ?>

 <?php if ($posts) { ?>
@@ -186,7 +191,8 @@ endif;
 $pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
 if ( empty($pagenum) )
 	$pagenum = 1;
-if( ! isset( $per_page ) || $per_page < 0 )
+$per_page = get_user_option('edit_pages_per_page');
+if ( empty( $per_page ) || $per_page < 0 )
 	$per_page = 20;

 $num_pages = ceil($wp_query->post_count / $per_page);
@@ -214,7 +220,7 @@ if ( $page_links ) : ?>
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-pages'); ?>
 </div>

@@ -253,7 +259,7 @@ if ( $page_links )
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>

 <br class="clear" />
@@ -290,7 +296,9 @@ if ( 1 == count($posts) && is_singular() ) :
 <table class="widefat" cellspacing="0">
 <thead>
  <tr>
-    <th scope="col" class="column-comment"><?php echo _c('Comment|noun') ?></th>
+    <th scope="col" class="column-comment">
+		<?php  /* translators: column name */ echo _x('Comment', 'column name') ?>
+	</th>
    <th scope="col" class="column-author"><?php _e('Author') ?></th>
    <th scope="col" class="column-date"><?php _e('Submitted') ?></th>
  </tr>
@@ -312,20 +320,5 @@ endif; // posts;

 </div>

-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected pages.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-columns.init('edit-pages');
-/* ]]> */
-</script>
-
-<?php include('admin-footer.php'); ?>
+<?php
+include('admin-footer.php');
--- a/wp-admin/edit-post-rows.php
+++ b/wp-admin/edit-post-rows.php
@@ -6,7 +6,9 @@
 * @subpackage Administration
 */

-if ( ! defined('ABSPATH') ) die();
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 ?>
 <table class="widefat post fixed" cellspacing="0">
 	<thead>
--- a/wp-admin/edit-tag-form.php
+++ b/wp-admin/edit-tag-form.php
@@ -6,6 +6,13 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit tags for this blog.'));
+
 if ( empty($tag_ID) ) { ?>
 	<div id="message" class="updated fade"><p><strong><?php _e('A tag was not selected for editing.'); ?></strong></p></div>
 <?php
@@ -20,21 +27,28 @@ do_action('edit_tag_form_pre', $tag); ?>
 <div id="ajax-response"></div>
 <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate">
 <input type="hidden" name="action" value="editedtag" />
-<input type="hidden" name="tag_ID" value="<?php echo $tag->term_id ?>" />
+<input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" />
+<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" />
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?>
 	<table class="form-table">
 		<tr class="form-field form-required">
 			<th scope="row" valign="top"><label for="name"><?php _e('Tag name') ?></label></th>
-			<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo attribute_escape($tag->name); ?>" size="40" aria-required="true" />
-            <p><?php _e('The name is how the tag appears on your site.'); ?></p></td>
+			<td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo esc_attr($tag->name); ?>" size="40" aria-required="true" />
+            <p class="description"><?php _e('The name is how the tag appears on your site.'); ?></p></td>
 		</tr>
 		<tr class="form-field">
 			<th scope="row" valign="top"><label for="slug"><?php _e('Tag slug') ?></label></th>
-			<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo attribute_escape(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
-            <p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td>
+			<td><input name="slug" id="slug" type="text" value="<?php if ( isset( $tag->slug ) ) echo esc_attr(apply_filters('editable_slug', $tag->slug)); ?>" size="40" />
+            <p class="description"><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td>
 		</tr>
+		<tr class="form-field">
+			<th scope="row" valign="top"><label for="description"><?php _e('Description') ?></label></th>
+			<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
+            <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
+		</tr>
+		<?php do_action('edit_tag_form_fields', $tag); ?>
 	</table>
-<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php _e('Update Tag'); ?>" /></p>
+<p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Tag'); ?>" /></p>
 <?php do_action('edit_tag_form', $tag); ?>
 </form>
 </div>
--- a/wp-admin/edit-tags.php
+++ b/wp-admin/edit-tags.php
@@ -11,7 +11,16 @@ require_once('admin.php');

 $title = __('Tags');

-wp_reset_vars( array('action', 'tag') );
+wp_reset_vars( array('action', 'tag', 'taxonomy') );
+
+if ( empty($taxonomy) )
+	$taxonomy = 'post_tag';
+
+if ( !is_taxonomy($taxonomy) )
+	wp_die(__('Invalid taxonomy'));
+
+$parent_file = 'edit.php';
+$submenu_file = "edit-tags.php?taxonomy=$taxonomy";

 if ( isset( $_GET['action'] ) && isset($_GET['delete_tags']) && ( 'delete' == $_GET['action'] || 'delete' == $_GET['action2'] ) )
 	$action = 'bulk-delete';
@@ -25,7 +34,7 @@ case 'addtag':
 	if ( !current_user_can('manage_categories') )
 		wp_die(__('Cheatin&#8217; uh?'));

-	$ret = wp_insert_term($_POST['name'], 'post_tag', $_POST);
+	$ret = wp_insert_term($_POST['name'], $taxonomy, $_POST);
 	if ( $ret && !is_wp_error( $ret ) ) {
 		wp_redirect('edit-tags.php?message=1#addtag');
 	} else {
@@ -41,9 +50,16 @@ case 'delete':
 	if ( !current_user_can('manage_categories') )
 		wp_die(__('Cheatin&#8217; uh?'));

-	wp_delete_term( $tag_ID, 'post_tag');
+	wp_delete_term( $tag_ID, $taxonomy);

-	wp_redirect('edit-tags.php?message=2');
+	$location = 'edit-tags.php';
+	if ( $referer = wp_get_referer() ) {
+		if ( false !== strpos($referer, 'edit-tags.php') )
+			$location = $referer;
+	}
+
+	$location = add_query_arg('message', 2, $location);
+	wp_redirect($location);
 	exit;

 break;
@@ -56,7 +72,7 @@ case 'bulk-delete':

 	$tags = $_GET['delete_tags'];
 	foreach( (array) $tags as $tag_ID ) {
-		wp_delete_term( $tag_ID, 'post_tag');
+		wp_delete_term( $tag_ID, $taxonomy);
 	}

 	$location = 'edit-tags.php';
@@ -77,7 +93,7 @@ case 'edit':
 	require_once ('admin-header.php');
 	$tag_ID = (int) $_GET['tag_ID'];

-	$tag = get_term($tag_ID, 'post_tag', OBJECT, 'edit');
+	$tag = get_term($tag_ID, $taxonomy, OBJECT, 'edit');
 	include('edit-tag-form.php');

 break;
@@ -89,7 +105,7 @@ case 'editedtag':
 	if ( !current_user_can('manage_categories') )
 		wp_die(__('Cheatin&#8217; uh?'));

-	$ret = wp_update_term($tag_ID, 'post_tag', $_POST);
+	$ret = wp_update_term($tag_ID, $taxonomy, $_POST);

 	$location = 'edit-tags.php';
 	if ( $referer = wp_get_original_referer() ) {
@@ -130,9 +146,9 @@ $messages[6] = __('Tags deleted.'); ?>

 <div class="wrap nosubsub">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
 </h2>

 <?php if ( isset($_GET['message']) && ( $msg = (int) $_GET['message'] ) ) : ?>
@@ -141,10 +157,11 @@ if ( isset($_GET['s']) && $_GET['s'] )
 endif; ?>

 <form class="search-form" action="" method="get">
+<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
 <p class="search-box">
-	<label class="hidden" for="tag-search-input"><?php _e( 'Search Tags' ); ?>:</label>
-	<input type="text" class="search-input" id="tag-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Tags' ); ?>" class="button" />
+	<label class="screen-reader-text" for="tag-search-input"><?php _e( 'Search Tags' ); ?>:</label>
+	<input type="text" id="tag-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Tags' ); ?>" class="button" />
 </p>
 </form>
 <br class="clear" />
@@ -154,20 +171,25 @@ endif; ?>
 <div id="col-right">
 <div class="col-wrap">
 <form id="posts-filter" action="" method="get">
+<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
 <div class="tablenav">
 <?php
 $pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
 if ( empty($pagenum) )
 	$pagenum = 1;

-$tagsperpage = apply_filters("tagsperpage",20);
+$tags_per_page = get_user_option('edit_tags_per_page');
+if ( empty($tags_per_page) )
+	$tags_per_page = 20;
+$tags_per_page = apply_filters('edit_tags_per_page', $tags_per_page);
+$tags_per_page = apply_filters('tagsperpage', $tags_per_page); // Old filter

 $page_links = paginate_links( array(
 	'base' => add_query_arg( 'pagenum', '%#%' ),
 	'format' => '',
 	'prev_text' => __('&laquo;'),
 	'next_text' => __('&raquo;'),
-	'total' => ceil(wp_count_terms('post_tag') / $tagsperpage),
+	'total' => ceil(wp_count_terms($taxonomy) / $tags_per_page),
 	'current' => $pagenum
 ));

@@ -180,7 +202,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-tags'); ?>
 </div>

@@ -207,7 +229,7 @@ if ( $page_links )

 $searchterms = isset( $_GET['s'] ) ? trim( $_GET['s'] ) : '';

-$count = tag_rows( $pagenum, $tagsperpage, $searchterms );
+$count = tag_rows( $pagenum, $tags_per_page, $searchterms, $taxonomy );
 ?>
 	</tbody>
 </table>
@@ -223,7 +245,7 @@ if ( $page_links )
 <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 </div>

 <br class="clear" />
@@ -241,9 +263,9 @@ if ( $page_links )
 <h3><?php _e('Popular Tags'); ?></h3>
 <?php
 if ( $can_manage )
-	wp_tag_cloud(array('link' => 'edit'));
+	wp_tag_cloud(array('taxonomy' => $taxonomy, 'link' => 'edit'));
 else
-	wp_tag_cloud();
+	wp_tag_cloud(array('taxonomy' => $taxonomy));
 ?>
 </div>

@@ -255,21 +277,28 @@ else
 <div id="ajax-response"></div>
 <form name="addtag" id="addtag" method="post" action="edit-tags.php" class="add:the-list: validate">
 <input type="hidden" name="action" value="addtag" />
+<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" />
 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('add-tag'); ?>

 <div class="form-field form-required">
 	<label for="name"><?php _e('Tag name') ?></label>
 	<input name="name" id="name" type="text" value="" size="40" aria-required="true" />
-    <p><?php _e('The name is how the tag appears on your site.'); ?></p>
+	<p><?php _e('The name is how the tag appears on your site.'); ?></p>
 </div>

 <div class="form-field">
 	<label for="slug"><?php _e('Tag slug') ?></label>
 	<input name="slug" id="slug" type="text" value="" size="40" />
-    <p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p>
+	<p><?php _e('The &#8220;slug&#8221; is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p>
 </div>

-<p class="submit"><input type="submit" class="button" name="submit" value="<?php _e('Add Tag'); ?>" /></p>
+<div class="form-field">
+	<label for="description"><?php _e('Description') ?></label>
+	<textarea name="description" id="description" rows="5" cols="40"></textarea>
+    <p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
+</div>
+
+<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Tag'); ?>" /></p>
 <?php do_action('add_tag_form'); ?>
 </form></div>
 <?php } ?>
@@ -280,21 +309,6 @@ else
 </div><!-- /col-container -->
 </div><!-- /wrap -->

-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected tags.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-/* ]]> */
-</script>
-
 <?php inline_edit_term_row('edit-tags'); ?>

 <?php
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Back-compat for viewing comments of an entry
 if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
 	wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );
@@ -92,13 +95,13 @@ if ( !isset( $_GET['paged'] ) )
 if ( empty($_GET['mode']) )
 	$mode = 'list';
 else
-	$mode = attribute_escape($_GET['mode']); ?>
+	$mode = esc_attr($_GET['mode']); ?>

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( get_search_query() ) ); ?>
+	printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( get_search_query() ) ); ?>
 </h2>

 <?php
@@ -110,7 +113,7 @@ endif; ?>
 <?php if ( isset($_GET['locked']) || isset($_GET['skipped']) || isset($_GET['updated']) || isset($_GET['deleted']) ) { ?>
 <div id="message" class="updated fade"><p>
 <?php if ( isset($_GET['updated']) && (int) $_GET['updated'] ) {
-	printf( __ngettext( '%s post updated.', '%s posts updated.', $_GET['updated'] ), number_format_i18n( $_GET['updated'] ) );
+	printf( _n( '%s post updated.', '%s posts updated.', $_GET['updated'] ), number_format_i18n( $_GET['updated'] ) );
 	unset($_GET['updated']);
 }

@@ -118,12 +121,12 @@ if ( isset($_GET['skipped']) && (int) $_GET['skipped'] )
 	unset($_GET['skipped']);

 if ( isset($_GET['locked']) && (int) $_GET['locked'] ) {
-	printf( __ngettext( '%s post not updated, somebody is editing it.', '%s posts not updated, somebody is editing them.', $_GET['locked'] ), number_format_i18n( $_GET['locked'] ) );
+	printf( _n( '%s post not updated, somebody is editing it.', '%s posts not updated, somebody is editing them.', $_GET['locked'] ), number_format_i18n( $_GET['locked'] ) );
 	unset($_GET['locked']);
 }

 if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) {
-	printf( __ngettext( 'Post deleted.', '%s posts deleted.', $_GET['deleted'] ), number_format_i18n( $_GET['deleted'] ) );
+	printf( _n( 'Post deleted.', '%s posts deleted.', $_GET['deleted'] ), number_format_i18n( $_GET['deleted'] ) );
 	unset($_GET['deleted']);
 }

@@ -141,7 +144,7 @@ $status_links = array();
 $num_posts = wp_count_posts( 'post', 'readable' );
 $total_posts = array_sum( (array) $num_posts );
 $class = empty( $_GET['post_status'] ) ? ' class="current"' : '';
-$status_links[] = "<li><a href='edit.php' $class>" . sprintf( __ngettext( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_posts ), number_format_i18n( $total_posts ) ) . '</a>';
+$status_links[] = "<li><a href='edit.php' $class>" . sprintf( _nx( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $total_posts, 'posts' ), number_format_i18n( $total_posts ) ) . '</a>';


 foreach ( $post_stati as $status => $label ) {
@@ -155,7 +158,7 @@ foreach ( $post_stati as $status => $label ) {
 	if ( isset($_GET['post_status']) && $status == $_GET['post_status'] )
 		$class = ' class="current"';

-	$status_links[] = "<li><a href='edit.php?post_status=$status' $class>" . sprintf( __ngettext( $label[2][0], $label[2][1], $num_posts->$status ), number_format_i18n( $num_posts->$status ) ) . '</a>';
+	$status_links[] = "<li><a href='edit.php?post_status=$status' $class>" . sprintf( _n( $label[2][0], $label[2][1], $num_posts->$status ), number_format_i18n( $num_posts->$status ) ) . '</a>';
 }
 echo implode( " |</li>\n", $status_links ) . '</li>';
 unset( $status_links );
@@ -164,15 +167,15 @@ endif;
 </ul>

 <p class="search-box">
-	<label class="hidden" for="post-search-input"><?php _e( 'Search Posts' ); ?>:</label>
-	<input type="text" class="search-input" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Posts' ); ?>" class="button" />
+	<label class="screen-reader-text" for="post-search-input"><?php _e( 'Search Posts' ); ?>:</label>
+	<input type="text" id="post-search-input" name="s" value="<?php the_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Posts' ); ?>" class="button" />
 </p>

 <?php if ( isset($_GET['post_status'] ) ) : ?>
-<input type="hidden" name="post_status" value="<?php echo attribute_escape($_GET['post_status']) ?>" />
+<input type="hidden" name="post_status" value="<?php echo esc_attr($_GET['post_status']) ?>" />
 <?php endif; ?>
-<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
+<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />

 <?php if ( have_posts() ) { ?>

@@ -195,7 +198,7 @@ $page_links = paginate_links( array(
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
 <?php wp_nonce_field('bulk-posts'); ?>

 <?php // view filters
@@ -222,7 +225,7 @@ foreach ($arc_result as $arc_row) {
 	else
 		$default = '';

-	echo "<option$default value='$arc_row->yyear$arc_row->mmonth'>";
+	echo "<option$default value='" . esc_attr("$arc_row->yyear$arc_row->mmonth") . "'>";
 	echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";
 	echo "</option>\n";
 }
@@ -236,7 +239,7 @@ $dropdown_options = array('show_option_all' => __('View all categories'), 'hide_
 wp_dropdown_categories($dropdown_options);
 do_action('restrict_manage_posts');
 ?>
-<input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />

 <?php } ?>
 </div>
@@ -251,8 +254,8 @@ do_action('restrict_manage_posts');
 <?php } ?>

 <div class="view-switch">
-	<a href="<?php echo clean_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
-	<a href="<?php echo clean_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
+	<a href="<?php echo esc_url(add_query_arg('mode', 'list', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'list' == $mode ) echo 'class="current"'; ?> id="view-switch-list" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('List View') ?>" alt="<?php _e('List View') ?>" /></a>
+	<a href="<?php echo esc_url(add_query_arg('mode', 'excerpt', $_SERVER['REQUEST_URI'])) ?>"><img <?php if ( 'excerpt' == $mode ) echo 'class="current"'; ?> id="view-switch-excerpt" src="../wp-includes/images/blank.gif" width="20" height="20" title="<?php _e('Excerpt View') ?>" alt="<?php _e('Excerpt View') ?>" /></a>
 </div>

 <div class="clear"></div>
@@ -275,7 +278,7 @@ if ( $page_links )
 <option value="edit"><?php _e('Edit'); ?></option>
 <option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
 <br class="clear" />
 </div>
 <br class="clear" />
@@ -296,20 +299,5 @@ if ( $page_links )

 </div>

-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected posts.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-columns.init('edit');
-/* ]]> */
-</script>
-
-<?php include('admin-footer.php'); ?>
+<?php
+include('admin-footer.php');
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -9,6 +9,9 @@
 /** Load WordPress Bootstrap */
 require_once ('admin.php');

+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to export the content of this blog.'));
+
 /** Load WordPress export API */
 require_once('includes/export.php');
 $title = __('Export');
@@ -24,7 +27,7 @@ require_once ('admin-header.php');

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo esc_html( $title ); ?></h2>

 <p><?php _e('When you click the button below WordPress will create an XML file for you to save to your computer.'); ?></p>
 <p><?php _e('This format, which we call WordPress eXtended RSS or WXR, will contain your posts, pages, comments, custom fields, categories, and tags.'); ?></p>
@@ -42,14 +45,14 @@ require_once ('admin-header.php');
 $authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" );
 foreach ( $authors as $id ) {
 	$o = get_userdata( $id );
-	echo "<option value='$o->ID'>$o->display_name</option>";
+	echo "<option value='" . esc_attr($o->ID) . "'>$o->display_name</option>";
 }
 ?>
 </select>
 </td>
 </tr>
 </table>
-<p class="submit"><input type="submit" name="submit" class="button" value="<?php _e('Download Export File'); ?>" />
+<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Download Export File'); ?>" />
 <input type="hidden" name="download" value="true" />
 </p>
 </form>
--- a/wp-admin/gears-manifest.php
+++ b/wp-admin/gears-manifest.php
@@ -6,119 +6,19 @@
 * @subpackage Administration
 */

+/**
+ * Disable error reporting
+ *
+ * Set this to error_reporting( E_ALL ) or error_reporting( E_ALL | E_STRICT ) for debugging
+ */
+error_reporting(0);
+
 /** Set ABSPATH for execution */
-define( 'ABSPATH', dirname(dirname(__FILE__)) );
-define( 'WPINC', '/wp-includes' );
+define( 'ABSPATH', dirname(dirname(__FILE__)) . '/' );

-/**
- * @ignore
- */
-function __() {}
+require(ABSPATH . '/wp-admin/includes/manifest.php');

-/**
- * @ignore
- */
-function _c() {}
-
-/**
- * @ignore
- */
-function add_filter() {}
-
-/**
- * @ignore
- */
-function attribute_escape() {}
-
-/**
- * @ignore
- */
-function apply_filters() {}
-
-/**
- * @ignore
- */
-function get_option() {}
-
-/**
- * @ignore
- */
-function is_lighttpd_before_150() {}
-
-/**
- * @ignore
- */
-function add_action() {}
-
-/**
- * @ignore
- */
-function do_action_ref_array() {}
-
-/**
- * @ignore
- */
-function get_bloginfo() {}
-
-/**
- * @ignore
- */
-function is_admin() {return true;}
-
-/**
- * @ignore
- */
-function site_url() {}
-
-/**
- * @ignore
- */
-function admin_url() {}
-
-/**
- * @ignore
- */
-function wp_guess_url() {}
-
-require(ABSPATH . '/wp-includes/script-loader.php');
-require(ABSPATH . '/wp-includes/version.php');
-
-$wp_scripts = new WP_Scripts();
-wp_default_scripts($wp_scripts);
-
-$wp_styles = new WP_Styles();
-wp_default_styles($wp_styles);
-
-$defaults = $man_version = '';
-foreach ( $wp_scripts->registered as $script ) {
-	if ( empty($script->src) ) continue;
-	$ver = empty($script->ver) ? $wp_version : $script->ver;
-	if ( 'editor' == $script->handle ) $mce_ver = $script->ver;
-	$src = str_replace( array( '/wp-admin/', '/wp-includes/' ), array( '', '../wp-includes/' ), $script->src );
-	$defaults .= '{ "url" : "' . $src . '?ver=' . $ver . '" },' . "\n";
-	$man_version .= $ver;
-}
-
-foreach ( $wp_styles->registered as $style ) {
-	if ( empty($style->src) ) continue;
-
-	$ver = empty($style->ver) ? $wp_version : $style->ver;
-	$src = str_replace( array( '/wp-admin/', '/wp-includes/' ), array( '', '../wp-includes/' ), $style->src );
-	if ( 'colors' == $style->handle ) $src = 'css/colors-classic.css';
-	$defaults .= '{ "url" : "' . $src . '?ver=' . $ver . '" },' . "\n";
-
-	if ( isset($style->extra['rtl']) && $style->extra['rtl'] ) {
-		if ( is_bool( $style->extra['rtl'] ) )
-			$rtl_href = str_replace( '.css', '-rtl.css', $src );
-		else
-			$rtl_href = str_replace( array( '/wp-admin/', '/wp-includes/' ), array( '', '../wp-includes/' ), $style->extra['rtl'] );
-
-		$defaults .= '{ "url" : "' . $rtl_href . '?ver=' . $ver . '" },' . "\n";
-	}
-	$man_version .= $ver;
-}
-
-$man_version = md5($man_version);
+$files = get_manifest();

 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
@@ -128,190 +28,24 @@ header( 'Content-Type: application/x-javascript; charset=UTF-8' );
 ?>
 {
 "betaManifestVersion" : 1,
-"version" : "<?php echo $man_version; ?>_20081201",
+"version" : "<?php echo $man_version; ?>",
 "entries" : [
-<?php echo $defaults; ?>
+<?php
+$entries = '';

-{ "url" : "images/align-center.png" },
-{ "url" : "images/align-left.png" },
-{ "url" : "images/align-none.png" },
-{ "url" : "images/align-right.png" },
-{ "url" : "images/archive-link.png" },
-{ "url" : "images/blue-grad.png" },
-{ "url" : "images/browse-happy.gif" },
-{ "url" : "images/bubble_bg.gif" },
-{ "url" : "images/bubble_bg-rtl.gif" },
-{ "url" : "images/button-grad.png" },
-{ "url" : "images/button-grad-active.png" },
-{ "url" : "images/comment-grey-bubble.png" },
-{ "url" : "images/date-button.gif" },
-{ "url" : "images/ed-bg.gif" },
-{ "url" : "images/fade-butt.png" },
-{ "url" : "images/fav.png" },
-{ "url" : "images/fav-arrow.gif" },
-{ "url" : "images/fav-arrow-rtl.gif" },
-{ "url" : "images/fav-top.png" },
-{ "url" : "images/generic.png" },
-{ "url" : "images/gray-grad.png" },
-{ "url" : "images/icons32.png" },
-{ "url" : "images/icons32-vs.png" },
-{ "url" : "images/list.png" },
-{ "url" : "images/list-vs.png" },
-{ "url" : "images/loading.gif" },
-{ "url" : "images/loading-publish.gif" },
-{ "url" : "images/logo.gif" },
-{ "url" : "images/logo-ghost.png" },
-{ "url" : "images/logo-login.gif" },
-{ "url" : "images/media-button-image.gif" },
-{ "url" : "images/media-button-music.gif" },
-{ "url" : "images/media-button-other.gif" },
-{ "url" : "images/media-button-video.gif" },
-{ "url" : "images/menu.png" },
-{ "url" : "images/menu-vs.png" },
-{ "url" : "images/menu-arrows.gif" },
-{ "url" : "images/menu-bits.gif" },
-{ "url" : "images/menu-bits-rtl.gif" },
-{ "url" : "images/menu-dark.gif" },
-{ "url" : "images/menu-dark-rtl.gif" },
-{ "url" : "images/no.png" },
-{ "url" : "images/required.gif" },
-{ "url" : "images/resize.gif" },
-{ "url" : "images/screen-options-left.gif" },
-{ "url" : "images/screen-options-right.gif" },
-{ "url" : "images/screen-options-right-up.gif" },
-{ "url" : "images/se.png" },
-{ "url" : "images/star.gif" },
-{ "url" : "images/toggle-arrow.gif" },
-{ "url" : "images/toggle-arrow-rtl.gif" },
-{ "url" : "images/white-grad.png" },
-{ "url" : "images/white-grad-active.png" },
-{ "url" : "images/wordpress-logo.png" },
-{ "url" : "images/wp-logo.gif" },
-{ "url" : "images/xit.gif" },
-{ "url" : "images/yes.png" },
+foreach ( $files as $file ) {
+	// If version is not set, just output the file
+	if ( !isset($file[1]) )
+		$entries .= '{ "url" : "' . $file[0] . '" },' . "\n";
+	// If ver is set but ignoreQuery is not, output file with ver tacked on
+	elseif ( !isset($file[2]) )
+		$entries .= '{ "url" : "' . $file[0] . '?' . $file[1] . '" },' . "\n";
+	// Output url, src, and ignoreQuery
+	else
+		$entries .= '{ "url" : "' . $file[0] . '", "src" : "' . $file[0] . '?' . $file[1] . '", "ignoreQuery" : true },' . "\n";
+}

-<?php if ( is_file('../wp-includes/js/tinymce/tiny_mce.js') ) { ?>
-{ "url" : "../wp-includes/js/tinymce/tiny_mce.js", "src" : "../wp-includes/js/tinymce/tiny_mce.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/langs/wp-langs-en.js", "src" : "../wp-includes/js/tinymce/langs/wp-langs-en.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/wordpress.css", "src" : "../wp-includes/js/tinymce/wordpress.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/utils/mctabs.js", "src" : "../wp-includes/js/tinymce/utils/mctabs.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/utils/validate.js", "src" : "../wp-includes/js/tinymce/utils/validate.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/utils/form_utils.js", "src" : "../wp-includes/js/tinymce/utils/form_utils.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/utils/editable_selects.js", "src" : "../wp-includes/js/tinymce/utils/editable_selects.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/tiny_mce_popup.js", "src" : "../wp-includes/js/tinymce/tiny_mce_popup.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
+echo trim( trim($entries), ',' );
+?>

-{ "url" : "../wp-includes/js/tinymce/themes/advanced/editor_template.js", "src" : "../wp-includes/js/tinymce/themes/advanced/editor_template.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/source_editor.htm", "src" : "../wp-includes/js/tinymce/themes/advanced/source_editor.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/anchor.htm", "src" : "../wp-includes/js/tinymce/themes/advanced/anchor.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/image.htm", "src" : "../wp-includes/js/tinymce/themes/advanced/image.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/link.htm", "src" : "../wp-includes/js/tinymce/themes/advanced/link.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/color_picker.htm", "src" : "../wp-includes/js/tinymce/themes/advanced/color_picker.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/charmap.htm", "src" : "../wp-includes/js/tinymce/themes/advanced/charmap.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/js/color_picker.js", "src" : "../wp-includes/js/tinymce/themes/advanced/js/color_picker.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/js/charmap.js", "src" : "../wp-includes/js/tinymce/themes/advanced/js/charmap.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/js/image.js", "src" : "../wp-includes/js/tinymce/themes/advanced/js/image.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/js/link.js", "src" : "../wp-includes/js/tinymce/themes/advanced/js/link.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/js/source_editor.js", "src" : "../wp-includes/js/tinymce/themes/advanced/js/source_editor.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/js/anchor.js", "src" : "../wp-includes/js/tinymce/themes/advanced/js/anchor.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/ui.css", "src" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/ui.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/content.css", "src" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/content.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/dialog.css", "src" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/dialog.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/autosave/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/autosave/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm", "src" : "../wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/template.htm", "src" : "../wp-includes/js/tinymce/plugins/inlinepopups/template.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css", "src" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/media/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/media/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/js/media.js", "src" : "../wp-includes/js/tinymce/plugins/media/js/media.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/media.htm", "src" : "../wp-includes/js/tinymce/plugins/media/media.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/css/content.css", "src" : "../wp-includes/js/tinymce/plugins/media/css/content.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/css/media.css", "src" : "../wp-includes/js/tinymce/plugins/media/css/media.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/paste/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/js/pasteword.js", "src" : "../wp-includes/js/tinymce/plugins/paste/js/pasteword.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/js/pastetext.js", "src" : "../wp-includes/js/tinymce/plugins/paste/js/pastetext.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/pasteword.htm", "src" : "../wp-includes/js/tinymce/plugins/paste/pasteword.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/blank.htm", "src" : "../wp-includes/js/tinymce/plugins/paste/blank.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/pastetext.htm", "src" : "../wp-includes/js/tinymce/plugins/paste/pastetext.htm?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/css/pasteword.css", "src" : "../wp-includes/js/tinymce/plugins/paste/css/pasteword.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/paste/css/blank.css", "src" : "../wp-includes/js/tinymce/plugins/paste/css/blank.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/safari/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/safari/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/spellchecker/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/spellchecker/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/spellchecker/css/content.css", "src" : "../wp-includes/js/tinymce/plugins/spellchecker/css/content.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/css/content.css", "src" : "../wp-includes/js/tinymce/plugins/wordpress/css/content.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/editimage.html", "src" : "../wp-includes/js/tinymce/plugins/wpeditimage/editimage.html?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.js", "src" : "../wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/css/editimage.css", "src" : "../wp-includes/js/tinymce/plugins/wpeditimage/css/editimage.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/css/editimage-rtl.css", "src" : "../wp-includes/js/tinymce/plugins/wpeditimage/css/editimage-rtl.css?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js", "src" : "../wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js?ver=<?php echo $mce_ver; ?>", "ignoreQuery" : true },
-
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/img/icons.gif" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/img/colorpicker.jpg" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/img/fm.gif" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/img/gotmoxie.png" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/img/sflogo.png" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/butt2.png" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/fade-butt.png" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/tabs.gif" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/down_arrow.gif" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/default/img/progress.gif" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_check.gif" },
-{ "url" : "../wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_arrow.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/drag.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/corners.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/buttons.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/horizontal.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/alert.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/button.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/flash.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/flv_player.swf" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/quicktime.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/realmedia.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/shockwave.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/windowsmedia.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/media/img/trans.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/spellchecker/img/wline.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/more.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/more_bug.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/page.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/page_bug.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/toolbars.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/help.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/image.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/media.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/video.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wordpress/img/audio.gif" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/img/image.png" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpeditimage/img/delete.png" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpgallery/img/delete.png" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpgallery/img/edit.png" },
-{ "url" : "../wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png" },
-<?php } ?>
-
-{ "url" : "../wp-includes/images/crystal/archive.png" },
-{ "url" : "../wp-includes/images/crystal/audio.png" },
-{ "url" : "../wp-includes/images/crystal/code.png" },
-{ "url" : "../wp-includes/images/crystal/default.png" },
-{ "url" : "../wp-includes/images/crystal/document.png" },
-{ "url" : "../wp-includes/images/crystal/interactive.png" },
-{ "url" : "../wp-includes/images/crystal/text.png" },
-{ "url" : "../wp-includes/images/crystal/video.png" },
-{ "url" : "../wp-includes/images/crystal/spreadsheet.png" },
-{ "url" : "../wp-includes/images/rss.png" },
-{ "url" : "../wp-includes/js/thickbox/loadingAnimation.gif" },
-{ "url" : "../wp-includes/js/thickbox/tb-close.png" }
 ]}
--- a/wp-admin/images/blue-grad.png
+++ b/wp-admin/images/blue-grad.png
--- a/wp-admin/images/button-grad-active-vs.png
+++ b/wp-admin/images/button-grad-active-vs.png
--- a/wp-admin/images/button-grad-vs.png
+++ b/wp-admin/images/button-grad-vs.png
--- a/wp-admin/images/ed-bg-vs.gif
+++ b/wp-admin/images/ed-bg-vs.gif
--- a/wp-admin/images/fav-arrow-vs.gif
+++ b/wp-admin/images/fav-arrow-vs.gif
--- a/wp-admin/images/fav-top-vs.gif
+++ b/wp-admin/images/fav-top-vs.gif
--- a/wp-admin/images/fav-vs.png
+++ b/wp-admin/images/fav-vs.png
--- a/wp-admin/images/menu-bits-rtl-vs.gif
+++ b/wp-admin/images/menu-bits-rtl-vs.gif
--- a/wp-admin/images/menu-bits-vs.gif
+++ b/wp-admin/images/menu-bits-vs.gif
--- a/wp-admin/images/menu.png
+++ b/wp-admin/images/menu.png
--- a/wp-admin/images/visit-site-button-grad-vs.gif
+++ b/wp-admin/images/visit-site-button-grad-vs.gif
--- a/wp-admin/images/visit-site-button-grad.gif
+++ b/wp-admin/images/visit-site-button-grad.gif
--- a/wp-admin/images/wp-logo-vs.gif
+++ b/wp-admin/images/wp-logo-vs.gif
--- a/wp-admin/images/wpspin_dark.gif
+++ b/wp-admin/images/wpspin_dark.gif
--- a/wp-admin/images/wpspin_light.gif
+++ b/wp-admin/images/wpspin_light.gif
--- a/wp-admin/import.php
+++ b/wp-admin/import.php
@@ -8,6 +8,10 @@

 /** Load WordPress Bootstrap */
 require_once ('admin.php');
+
+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to import content in this blog.'));
+
 $title = __('Import');
 require_once ('admin-header.php');
 $parent_file = 'tools.php';
@@ -15,7 +19,7 @@ $parent_file = 'tools.php';

 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title ); ?></h2>
+<h2><?php echo esc_html( $title ); ?></h2>
 <p><?php _e('If you have posts or comments in another system, WordPress can import those into this blog. To get started, choose a system to import from below:'); ?></p>

 <?php
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -51,7 +51,7 @@ class Blogger_Import {
 		$welcome = __('Howdy! This importer allows you to import posts and comments from your Blogger account into your WordPress blog.');
 		$prereqs = __('To use this importer, you must have a Google account and an upgraded (New, was Beta) blog hosted on blogspot.com or a custom domain (not FTP).');
 		$stepone = __('The first thing you need to do is tell Blogger to let WordPress access your account. You will be sent back here after providing authorization.');
-		$auth = __('Authorize');
+		$auth = esc_attr__('Authorize');

 		echo "
 		<div class='wrap'>
@@ -190,20 +190,20 @@ class Blogger_Import {
 			}
 		}
 //echo '<pre>'.print_r($this,1).'</pre>';
-		$start    = js_escape( __('Import') );
-		$continue = js_escape( __('Continue') );
-		$stop     = js_escape( __('Importing...') );
-		$authors  = js_escape( __('Set Authors') );
-		$loadauth = js_escape( __('Preparing author mapping form...') );
-		$authhead = js_escape( __('Final Step: Author Mapping') );
-		$nothing  = js_escape( __('Nothing was imported. Had you already imported this blog?') );
+		$start    = esc_js( __('Import') );
+		$continue = esc_js( __('Continue') );
+		$stop     = esc_js( __('Importing...') );
+		$authors  = esc_js( __('Set Authors') );
+		$loadauth = esc_js( __('Preparing author mapping form...') );
+		$authhead = esc_js( __('Final Step: Author Mapping') );
+		$nothing  = esc_js( __('Nothing was imported. Had you already imported this blog?') );
 		$title    = __('Blogger Blogs');
 		$name     = __('Blog Name');
 		$url      = __('Blog URL');
 		$action   = __('The Magic Button');
 		$posts    = __('Posts');
 		$comments = __('Comments');
-		$noscript = __('This feature requires Javascript but it seems to be disabled. Please enable Javascript and then reload this page. Don\'t worry, you can turn it back off when you\'re done.');
+		$noscript = __('This feature requires Javascript but it seems to be disabled. Please enable Javascript and then reload this page. Don&#8217;t worry, you can turn it back off when you&#8217;re done.');

 		$interval = STATUS_INTERVAL * 1000;

@@ -214,7 +214,8 @@ class Blogger_Import {
 				$value = $continue;
 			else
 				$value = $authors;
-			$blogtitle = js_escape( $blog['title'] );
+			$value = esc_attr($value);
+			$blogtitle = esc_js( $blog['title'] );
 			$pdone = isset($blog['posts_done']) ? (int) $blog['posts_done'] : 0;
 			$cdone = isset($blog['comments_done']) ? (int) $blog['comments_done'] : 0;
 			$init .= "blogs[$i]=new blog($i,'$blogtitle','{$blog['mode']}'," . $this->get_js_status($i) . ');';
@@ -437,7 +438,7 @@ class Blogger_Import {
 				if ( count( $matches[1] ) )
 					foreach ( $matches[1] as $match )
 						if ( preg_match('/rel=.previous./', $match) )
-							$query = html_entity_decode( preg_replace('/^.*href=[\'"].*\?(.+)[\'"].*$/', '$1', $match) );
+							$query = @html_entity_decode( preg_replace('/^.*href=[\'"].*\?(.+)[\'"].*$/', '$1', $match), ENT_COMPAT, get_option('blog_charset') );

 				if ( $query ) {
 					parse_str($query, $q);
@@ -495,7 +496,7 @@ class Blogger_Import {
 				if ( count( $matches[1] ) )
 					foreach ( $matches[1] as $match )
 						if ( preg_match('/rel=.previous./', $match) )
-							$query = html_entity_decode( preg_replace('/^.*href=[\'"].*\?(.+)[\'"].*$/', '$1', $match) );
+							$query = @html_entity_decode( preg_replace('/^.*href=[\'"].*\?(.+)[\'"].*$/', '$1', $match), ENT_COMPAT, get_option('blog_charset') );

 				parse_str($query, $q);

@@ -545,12 +546,12 @@ class Blogger_Import {
 		}

 		$post_date    = $this->convert_date( $entry->published );
-		$post_content = trim( addslashes( $this->no_apos( html_entity_decode( $entry->content ) ) ) );
+		$post_content = trim( addslashes( $this->no_apos( @html_entity_decode( $entry->content, ENT_COMPAT, get_option('blog_charset') ) ) ) );
 		$post_title   = trim( addslashes( $this->no_apos( $this->min_whitespace( $entry->title ) ) ) );
 		$post_status  = isset( $entry->draft ) ? 'draft' : 'publish';

 		// Clean up content
-		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+		$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 		$post_content = str_replace('<br>', '<br />', $post_content);
 		$post_content = str_replace('<hr>', '<hr />', $post_content);

@@ -600,10 +601,10 @@ class Blogger_Import {
 		$comment_author  = addslashes( $this->no_apos( strip_tags( (string) $matches[1] ) ) );
 		$comment_author_url = addslashes( $this->no_apos( strip_tags( (string) $matches[2] ) ) );
 		$comment_date    = $this->convert_date( $entry->updated );
-		$comment_content = addslashes( $this->no_apos( html_entity_decode( $entry->content ) ) );
+		$comment_content = addslashes( $this->no_apos( @html_entity_decode( $entry->content, ENT_COMPAT, get_option('blog_charset') ) ) );

 		// Clean up content
-		$comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content);
+		$comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content);
 		$comment_content = str_replace('<br>', '<br />', $comment_content);
 		$comment_content = str_replace('<hr>', '<hr />', $comment_content);

@@ -652,17 +653,17 @@ class Blogger_Import {
 			$this->save_vars();
 		}

-		$directions = __('All posts were imported with the current user as author. Use this form to move each Blogger user\'s posts to a different WordPress user. You may <a href="users.php">add users</a> and then return to this page and complete the user mapping. This form may be used as many times as you like until you activate the "Restart" function below.');
+		$directions = __('All posts were imported with the current user as author. Use this form to move each Blogger user&#8217;s posts to a different WordPress user. You may <a href="users.php">add users</a> and then return to this page and complete the user mapping. This form may be used as many times as you like until you activate the &#8220;Restart&#8221; function below.');
 		$heading = __('Author mapping');
 		$blogtitle = "{$blog['title']} ({$blog['host']})";
 		$mapthis = __('Blogger username');
 		$tothis = __('WordPress login');
-		$submit = js_escape( __('Save Changes') );
+		$submit = esc_js( __('Save Changes') );

 		foreach ( $blog['authors'] as $i => $author )
 			$rows .= "<tr><td><label for='authors[$i]'>{$author[0]}</label></td><td><select name='authors[$i]' id='authors[$i]'>" . $this->get_user_options($author[1]) . "</select></td></tr>";

-		return "<div class='wrap'><h2>$heading</h2><h3>$blogtitle</h3><p>$directions</p><form action='index.php?import=blogger&amp;noheader=true&saveauthors=1' method='post'><input type='hidden' name='blog' value='$importing_blog' /><table cellpadding='5'><thead><td>$mapthis</td><td>$tothis</td></thead>$rows<tr><td></td><td class='submit'><input type='submit' class='button authorsubmit' value='$submit' /></td></tr></table></form></div>";
+		return "<div class='wrap'><h2>$heading</h2><h3>$blogtitle</h3><p>$directions</p><form action='index.php?import=blogger&amp;noheader=true&saveauthors=1' method='post'><input type='hidden' name='blog' value='" . esc_attr($importing_blog) . "' /><table cellpadding='5'><thead><td>$mapthis</td><td>$tothis</td></thead>$rows<tr><td></td><td class='submit'><input type='submit' class='button authorsubmit' value='$submit' /></td></tr></table></form></div>";
 	}

 	function get_user_options($current) {
@@ -795,7 +796,7 @@ class Blogger_Import {
 		$blog = (int) $_GET['blog'];
 		echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>';
 		if ( count($this->import['blogs']) > 1 )
-			echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
+			echo '<li>'.__('In case you haven&#8217;t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
 		if ( $n = count($this->import['blogs'][$blog]['newusers']) )
 			echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors &amp; Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>';
 		echo '<li>'.__('For security, click the link below to reset this importer.').'</li>';
@@ -831,7 +832,7 @@ class Blogger_Import {
 		if ( $saved && !isset($_GET['noheader']) ) {
 			$restart = __('Restart');
 			$message = __('We have saved some information about your Blogger account in your WordPress database. Clearing this information will allow you to start over. Restarting will not affect any posts you have already imported. If you attempt to re-import a blog, duplicate posts and comments will be skipped.');
-			$submit = __('Clear account information');
+			$submit = esc_attr__('Clear account information');
 			echo "<div class='wrap'><h2>$restart</h2><p>$message</p><form method='post' action='?import=blogger&amp;noheader=true'><p class='submit' style='text-align:left;'><input type='submit' class='button' value='$submit' name='restart' /></p></form></div>";
 		}
 	}
--- a/wp-admin/import/blogware.php
+++ b/wp-admin/import/blogware.php
@@ -89,7 +89,7 @@ class BW_Import {
 			}

 			// Clean up content
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 			$post_content = str_replace('<br>', '<br />', $post_content);
 			$post_content = str_replace('<hr>', '<hr />', $post_content);
 			$post_content = $wpdb->escape($post_content);
@@ -109,7 +109,7 @@ class BW_Import {
 					return $post_id;
 				}
 				if (!$post_id) {
-					_e("Couldn't get post ID");
+					_e('Couldn&#8217;t get post ID');
 					echo '</li>';
 					break;
 				}
@@ -129,7 +129,7 @@ class BW_Import {
 					$comment_content = $this->unhtmlentities($comment_content);

 					// Clean up content
-					$comment_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $comment_content);
+					$comment_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $comment_content);
 					$comment_content = str_replace('<br>', '<br />', $comment_content);
 					$comment_content = str_replace('<hr>', '<hr />', $comment_content);
 					$comment_content = $wpdb->escape($comment_content);
@@ -155,7 +155,7 @@ class BW_Import {
 			}
 			if ( $num_comments ) {
 				echo ' ';
-				printf( __ngettext('%s comment', '%s comments', $num_comments), $num_comments );
+				printf( _n('%s comment', '%s comments', $num_comments), $num_comments );
 			}
 			echo '</li>';
 			flush();
--- a/wp-admin/import/btt.php
+++ b/wp-admin/import/btt.php
@@ -35,7 +35,7 @@ class BunnyTags_Import {
 		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
 		echo '<form action="admin.php?import=btt&amp;step=1" method="post">';
 		wp_nonce_field('import-btt');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Import Tags').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -83,7 +83,7 @@ class BunnyTags_Import {
 			return false;
 		} else {
 			$count = count($metakeys);
-			echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
+			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
 			echo '<ul>';
 			foreach ( $metakeys as $post_meta ) {
 				if ( $post_meta->meta_value != '' ) {
@@ -105,7 +105,7 @@ class BunnyTags_Import {

 		echo '<form action="admin.php?import=btt&amp;step='.($precheck? 2:3).'" method="post">';
 		wp_nonce_field('import-btt');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Next').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
--- a/wp-admin/import/dotclear.php
+++ b/wp-admin/import/dotclear.php
@@ -48,115 +48,9 @@ if(!function_exists('link_exists'))
 	}
 }

-/*
- Identify UTF-8 text
- Taken from http://www.php.net/manual/fr/function.mb-detect-encoding.php#50087
-*/
-//
-//    utf8 encoding validation developed based on Wikipedia entry at:
-//    http://en.wikipedia.org/wiki/UTF-8
-//
-//    Implemented as a recursive descent parser based on a simple state machine
-//    copyright 2005 Maarten Meijer
-//
-//    This cries out for a C-implementation to be included in PHP core
-//
-
 /**
- * @package WordPress
- * @subpackage Dotclear_Import
+ * Convert from dotclear charset to utf8 if required
 *
- * @param string $char
- * @return string
- */
-function valid_1byte($char) {
-	if(!is_int($char)) return false;
-		return ($char & 0x80) == 0x00;
-}
-
-/**
- * @package WordPress
- * @subpackage Dotclear_Import
- *
- * @param string $char
- * @return string
- */
-function valid_2byte($char) {
-	if(!is_int($char)) return false;
-		return ($char & 0xE0) == 0xC0;
-}
-
-/**
- * @package WordPress
- * @subpackage Dotclear_Import
- *
- * @param string $char
- * @return string
- */
-function valid_3byte($char) {
-	if(!is_int($char)) return false;
-		return ($char & 0xF0) == 0xE0;
-}
-
-/**
- * @package WordPress
- * @subpackage Dotclear_Import
- *
- * @param string $char
- * @return string
- */
-function valid_4byte($char) {
-	if(!is_int($char)) return false;
-		return ($char & 0xF8) == 0xF0;
-}
-
-/**
- * @package WordPress
- * @subpackage Dotclear_Import
- *
- * @param string $char
- * @return string
- */
-function valid_nextbyte($char) {
-	if(!is_int($char)) return false;
-		return ($char & 0xC0) == 0x80;
-}
-
-/**
- * @package WordPress
- * @subpackage Dotclear_Import
- *
- * @param string $string
- * @return string
- */
-function valid_utf8($string) {
-	$len = strlen($string);
-	$i = 0;
-	while( $i < $len ) {
-		$char = ord(substr($string, $i++, 1));
-		if(valid_1byte($char)) {    // continue
-			continue;
-		} else if(valid_2byte($char)) { // check 1 byte
-			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-				return false;
-		} else if(valid_3byte($char)) { // check 2 bytes
-			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-				return false;
-			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-				return false;
-		} else if(valid_4byte($char)) { // check 3 bytes
-			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-				return false;
-			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-				return false;
-			if(!valid_nextbyte(ord(substr($string, $i++, 1))))
-				return false;
-		} // goto next char
-	}
-	return true; // done
-}
-
-/**
 * @package WordPress
 * @subpackage Dotclear_Import
 *
@@ -164,7 +58,7 @@ function valid_utf8($string) {
 * @return string
 */
 function csc ($s) {
-	if (valid_utf8 ($s)) {
+	if (seems_utf8 ($s)) {
 		return $s;
 	} else {
 		return iconv(get_option ("dccharset"),"UTF-8",$s);
@@ -215,7 +109,7 @@ class Dotclear_Import {
 		echo '<form action="admin.php?import=dotclear&amp;step=1" method="post">';
 		wp_nonce_field('import-dotclear');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attribute_escape(__('Import Categories')).'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Categories').'" /></p>';
 		echo '</form></div>';
 	}

@@ -312,7 +206,7 @@ class Dotclear_Import {

 			// Store category translation for future use
 			add_option('dccat2wpcat',$dccat2wpcat);
-			echo '<p>'.sprintf(__ngettext('Done! <strong>%1$s</strong> category imported.', 'Done! <strong>%1$s</strong> categories imported.', $count), $count).'<br /><br /></p>';
+			echo '<p>'.sprintf(_n('Done! <strong>%1$s</strong> category imported.', 'Done! <strong>%1$s</strong> categories imported.', $count), $count).'<br /><br /></p>';
 			return true;
 		}
 		echo __('No Categories to Import!');
@@ -613,7 +507,7 @@ class Dotclear_Import {
 			}
 			add_option('dclinks2wplinks',$dclinks2wplinks);
 			echo '<p>';
-			printf(__ngettext('Done! <strong>%s</strong> link or link category imported.', 'Done! <strong>%s</strong> links or link categories imported.', $count), $count);
+			printf(_n('Done! <strong>%s</strong> link or link category imported.', 'Done! <strong>%s</strong> links or link categories imported.', $count), $count);
 			echo '<br /><br /></p>';
 			return true;
 		}
@@ -632,7 +526,7 @@ class Dotclear_Import {

 		echo '<form action="admin.php?import=dotclear&amp;step=2" method="post">';
 		wp_nonce_field('import-dotclear');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Users')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Users'));
 		echo '</form>';

 	}
@@ -645,7 +539,7 @@ class Dotclear_Import {

 		echo '<form action="admin.php?import=dotclear&amp;step=3" method="post">';
 		wp_nonce_field('import-dotclear');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Posts')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Posts'));
 		echo '</form>';
 	}

@@ -659,7 +553,7 @@ class Dotclear_Import {

 		echo '<form action="admin.php?import=dotclear&amp;step=4" method="post">';
 		wp_nonce_field('import-dotclear');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Comments')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Comments'));
 		echo '</form>';
 	}

@@ -671,7 +565,7 @@ class Dotclear_Import {

 		echo '<form action="admin.php?import=dotclear&amp;step=5" method="post">';
 		wp_nonce_field('import-dotclear');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Links')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Links'));
 		echo '</form>';
 	}

@@ -684,7 +578,7 @@ class Dotclear_Import {

 		echo '<form action="admin.php?import=dotclear&amp;step=6" method="post">';
 		wp_nonce_field('import-dotclear');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Finish')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Finish'));
 		echo '</form>';
 	}

@@ -710,11 +604,11 @@ class Dotclear_Import {
 	{
 		echo '<p>'.__('Welcome to WordPress.  We hope (and expect!) that you will find this platform incredibly rewarding!  As a new WordPress user coming from DotClear, there are some things that we would like to point out.  Hopefully, they will help your transition go as smoothly as possible.').'</p>';
 		echo '<h3>'.__('Users').'</h3>';
-		echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn\'t have that login in DotClear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
+		echo '<p>'.sprintf(__('You have already setup WordPress and have been assigned an administrative login and password.  Forget it.  You didn&#8217;t have that login in DotClear, why should you have it here?  Instead we have taken care to import all of your users into our system.  Unfortunately there is one downside.  Because both WordPress and DotClear uses a strong encryption hash with passwords, it is impossible to decrypt it and we are forced to assign temporary passwords to all your users.  <strong>Every user has the same username, but their passwords are reset to password123.</strong>  So <a href="%1$s">Login</a> and change it.'), '/wp-login.php').'</p>';
 		echo '<h3>'.__('Preserving Authors').'</h3>';
 		echo '<p>'.__('Secondly, we have attempted to preserve post authors.  If you are the only author or contributor to your blog, then you are safe.  In most cases, we are successful in this preservation endeavor.  However, if we cannot ascertain the name of the writer due to discrepancies between database tables, we assign it to you, the administrative user.').'</p>';
 		echo '<h3>'.__('Textile').'</h3>';
-		echo '<p>'.__('Also, since you\'re coming from DotClear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me... You\'ll want it.').'</p>';
+		echo '<p>'.__('Also, since you&#8217;re coming from DotClear, you probably have been using Textile to format your comments and posts.  If this is the case, we recommend downloading and installing <a href="http://www.huddledmasses.org/category/development/wordpress/textile/">Textile for WordPress</a>.  Trust me&#8230; You&#8217;ll want it.').'</p>';
 		echo '<h3>'.__('WordPress Resources').'</h3>';
 		echo '<p>'.__('Finally, there are numerous WordPress resources around the internet.  Some of them are:').'</p>';
 		echo '<ul>';
@@ -722,7 +616,7 @@ class Dotclear_Import {
 		echo '<li>'.__('<a href="http://wordpress.org/support/">The WordPress support forums</a>').'</li>';
 		echo '<li>'.__('<a href="http://codex.wordpress.org">The Codex (In other words, the WordPress Bible)</a>').'</li>';
 		echo '</ul>';
-		echo '<p>'.sprintf(__('That\'s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
+		echo '<p>'.sprintf(__('That&#8217;s it! What are you waiting for? Go <a href="%1$s">login</a>!'), '../wp-login.php').'</p>';
 	}

 	function db_form()
--- a/wp-admin/import/greymatter.php
+++ b/wp-admin/import/greymatter.php
@@ -61,12 +61,12 @@ class GM_Import {
 <td><input type="text" style="width:300px" name="archivespath" id="archivespath" value="/home/my/site/cgi-bin/greymatter/archives/" /></td>
 </tr>
 <tr>
-<td><label for="lastentry"><?php _e("Last entry's number:") ?></label></td>
+<td><label for="lastentry"><?php _e('Last entry&#8217;s number:') ?></label></td>
 <td><input type="text" name="lastentry" id="lastentry" value="00000001" /><br />
-	<?php _e("This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don't know that number, just log into your FTP and look it out<br />in the entries' folder)") ?></td>
+	<?php _e('This importer will search for files 00000001.cgi to 000-whatever.cgi,<br />so you need to enter the number of the last GM post here.<br />(if you don&#8217;t know that number, just log into your FTP and look it out<br />in the entries&#8217; folder)') ?></td>
 </tr>
 </table>
-<p class="submit"><input type="submit" name="submit" class="button" value="<?php _e('Start Importing') ?>" /></p>
+<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Start Importing') ?>" /></p>
 </form>
 <?php
 		$this->footer();
@@ -283,12 +283,12 @@ class GM_Import {
 				}
 				if ($numAddedComments > 0) {
 					echo ': ';
-				printf( __ngettext('imported %s comment', 'imported %s comments', $numAddedComments) , $numAddedComments);
+				printf( _n('imported %s comment', 'imported %s comments', $numAddedComments) , $numAddedComments);
 				}
 				$preExisting = $numComments - numAddedComments;
 				if ($preExisting > 0) {
 					echo ' ';
-					printf( __ngettext( 'ignored %s pre-existing comment', 'ignored %s pre-existing comments', $preExisting ) , $preExisting);
+					printf( _n( 'ignored %s pre-existing comment', 'ignored %s pre-existing comments', $preExisting ) , $preExisting);
 				}
 			}
 			echo '... <strong>'.__('Done').'</strong></li>';
--- a/wp-admin/import/jkw.php
+++ b/wp-admin/import/jkw.php
@@ -34,11 +34,11 @@ class JeromesKeyword_Import {
 		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
 		echo '<form action="admin.php?import=jkw&amp;step=1" method="post">';
 		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Import Version 1.x').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>';
 		echo '</form>';
 		echo '<form action="admin.php?import=jkw&amp;step=3" method="post">';
 		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Import Version 2.0a').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -98,7 +98,7 @@ class JeromesKeyword_Import {
 			return false;
 		} else {
 			$count = count($metakeys);
-			echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
+			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
 			echo '<ul>';
 			foreach ( $metakeys as $post_meta ) {
 				if ( $post_meta->meta_value != '' ) {
@@ -120,7 +120,7 @@ class JeromesKeyword_Import {

 		echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 2:6).'" method="post">';
 		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Next').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -139,7 +139,7 @@ class JeromesKeyword_Import {
 			return false;
 		} else {
 			$count = count($metakeys);
-			echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
+			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
 			echo '<ul>';
 			foreach ( $metakeys as $post_meta ) {
 				$keyword = addslashes(trim($post_meta->tag_name));
@@ -153,7 +153,7 @@ class JeromesKeyword_Import {
 		}
 		echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 4:5).'" method="post">';
 		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Next').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
--- a/wp-admin/import/livejournal.php
+++ b/wp-admin/import/livejournal.php
--- a/wp-admin/import/mt.php
+++ b/wp-admin/import/mt.php
@@ -36,20 +36,20 @@ class MT_Import {
 		$this->header();
 ?>
 <div class="narrow">
-<p><?php _e('Howdy! We&#8217;re about to begin importing all of your Movable Type or Typepad entries into WordPress. To begin, either choose a file to upload and click "Upload file and import," or use FTP to upload your MT export file as <code>mt-export.txt</code> in your <code>/wp-content/</code> directory and then click "Import mt-export.txt"'); ?></p>
+<p><?php _e('Howdy! We&#8217;re about to begin importing all of your Movable Type or Typepad entries into WordPress. To begin, either choose a file to upload and click &#8220;Upload file and import&#8221;, or use FTP to upload your MT export file as <code>mt-export.txt</code> in your <code>/wp-content/</code> directory and then click "Import mt-export.txt"'); ?></p>

 <?php wp_import_upload_form( add_query_arg('step', 1) ); ?>
-<form method="post" action="<?php echo add_query_arg('step', 1); ?>" class="import-upload-form">
+<form method="post" action="<?php echo esc_attr(add_query_arg('step', 1)); ?>" class="import-upload-form">

 <?php wp_nonce_field('import-upload'); ?>
 <p>
 	<input type="hidden" name="upload_type" value="ftp" />
 <?php _e('Or use <code>mt-export.txt</code> in your <code>/wp-content/</code> directory'); ?></p>
 <p class="submit">
-<input type="submit" class="button" value="<?php echo attribute_escape(__('Import mt-export.txt')); ?>" />
+<input type="submit" class="button" value="<?php esc_attr_e('Import mt-export.txt'); ?>" />
 </p>
 </form>
-<p><?php _e('The importer is smart enough not to import duplicates, so you can run this multiple times without worry if&#8212;for whatever reason&#8212;it doesn\'t finish. If you get an <strong>out of memory</strong> error try splitting up the import file into pieces.'); ?> </p>
+<p><?php _e('The importer is smart enough not to import duplicates, so you can run this multiple times without worry if&#8212;for whatever reason&#8212;it doesn&#8217;t finish. If you get an <strong>out of memory</strong> error try splitting up the import file into pieces.'); ?> </p>
 </div>
 <?php
 		$this->footer();
@@ -194,9 +194,9 @@ class MT_Import {
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php _e('Assign Authors'); ?></h2>
-<p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as admin\'s entries.'); ?></p>
+<p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as admin&#8217;s entries.'); ?></p>
 <p><?php _e('Below, you can see the names of the authors of the MovableType posts in <em>italics</em>. For each of these names, you can either pick an author in your WordPress installation from the menu, or enter a name for the author in the textbox.'); ?></p>
-<p><?php _e('If a new user is created by WordPress, a password will be randomly generated. Manually change the user\'s details if necessary.'); ?></p>
+<p><?php _e('If a new user is created by WordPress, a password will be randomly generated. Manually change the user&#8217;s details if necessary.'); ?></p>
 	<?php


@@ -207,12 +207,12 @@ class MT_Import {
 		$j = -1;
 		foreach ($authors as $author) {
 			++ $j;
-			echo '<li><label>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user[]'.'" maxlength="30"> <br />');
+			echo '<li><label>'.__('Current author:').' <strong>'.$author.'</strong><br />'.sprintf(__('Create user %1$s or map to existing'), ' <input type="text" value="'. esc_attr($author) .'" name="'.'user[]'.'" maxlength="30"> <br />');
 			$this->users_form($j);
 			echo '</label></li>';
 		}

-		echo '<p class="submit"><input type="submit" class="button" value="'.__('Submit').'"></p>'.'<br />';
+		echo '<p class="submit"><input type="submit" class="button" value="'.esc_attr__('Submit').'"></p>'.'<br />';
 		echo '</form>';
 		echo '</ol></div>';

@@ -288,7 +288,7 @@ class MT_Import {
 		}

 		if ( $num_comments )
-			printf(' '.__ngettext('(%s comment)', '(%s comments)', $num_comments), $num_comments);
+			printf(' '._n('(%s comment)', '(%s comments)', $num_comments), $num_comments);

 		$num_pings = 0;
 		foreach ( $pings as $ping ) {
@@ -305,7 +305,7 @@ class MT_Import {
 		}

 		if ( $num_pings )
-			printf(' '.__ngettext('(%s ping)', '(%s pings)', $num_pings), $num_pings);
+			printf(' '._n('(%s ping)', '(%s pings)', $num_pings), $num_pings);

 		echo "</li>";
 		//ob_flush();flush();
@@ -439,7 +439,9 @@ class MT_Import {
 			} else {
 				// Processing multi-line field, check context.

-				$line .= "\n";
+				if( !empty($line) )
+					$line .= "\n";
+
 				if ( 'body' == $context ) {
 					$post->post_content .= $line;
 				} else if ( 'extended' ==  $context ) {
--- a/wp-admin/import/opml.php
+++ b/wp-admin/import/opml.php
@@ -42,7 +42,7 @@ switch ($step) {
 <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
 <div style="width: 48%;" class="alignleft">
 <h3><label for="opml_url"><?php _e('Specify an OPML URL:'); ?></label></h3>
-<input type="text" name="opml_url" id="opml_url" size="50" style="width: 90%;" value="http://" />
+<input type="text" name="opml_url" id="opml_url" size="50" class="code" style="width: 90%;" value="http://" />
 </div>

 <div style="width: 48%;" class="alignleft">
@@ -58,13 +58,13 @@ switch ($step) {
 $categories = get_terms('link_category', 'get=all');
 foreach ($categories as $category) {
 ?>
-<option value="<?php echo $category->term_id; ?>"><?php echo wp_specialchars(apply_filters('link_category', $category->name)); ?></option>
+<option value="<?php echo $category->term_id; ?>"><?php echo esc_html(apply_filters('link_category', $category->name)); ?></option>
 <?php
 } // end foreach
 ?>
 </select></p>

-<p class="submit"><input type="submit" name="submit" value="<?php _e('Import OPML File') ?>" /></p>
+<p class="submit"><input type="submit" name="submit" value="<?php esc_attr_e('Import OPML File') ?>" /></p>
 </form>

 </div>
@@ -92,6 +92,7 @@ foreach ($categories as $category) {
 			$blogrolling = true;
 		} else { // try to get the upload file.
 			$overrides = array('test_form' => false, 'test_type' => false);
+			$_FILES['userfile']['name'] .= '.txt';
 			$file = wp_handle_upload($_FILES['userfile'], $overrides);

 			if ( isset($file['error']) )
--- a/wp-admin/import/rss.php
+++ b/wp-admin/import/rss.php
@@ -103,7 +103,7 @@ class RSS_Import {
 			}

 			// Clean up content
-			$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+			$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 			$post_content = str_replace('<br>', '<br />', $post_content);
 			$post_content = str_replace('<hr>', '<hr />', $post_content);

@@ -129,7 +129,7 @@ class RSS_Import {
 				if ( is_wp_error( $post_id ) )
 					return $post_id;
 				if (!$post_id) {
-					_e("Couldn't get post ID");
+					_e('Couldn&#8217;t get post ID');
 					return;
 				}

--- a/wp-admin/import/stp.php
+++ b/wp-admin/import/stp.php
@@ -33,7 +33,7 @@ class STP_Import {
 		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
 		echo '<form action="admin.php?import=stp&amp;step=1" method="post">';
 		wp_nonce_field('import-stp');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 1').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 1').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -88,12 +88,12 @@ class STP_Import {

 			add_option('stpimp_posts', $posts);
 			$count = count($posts);
-			echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> tag to post relationships were read.', 'Done! <strong>%s</strong> tags to post relationships were read.', $count), $count ) . '<br /></p>';
+			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag to post relationships were read.', 'Done! <strong>%s</strong> tags to post relationships were read.', $count), $count ) . '<br /></p>';
 		}

 		echo '<form action="admin.php?import=stp&amp;step=2" method="post">';
 		wp_nonce_field('import-stp');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 2').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 2').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -106,10 +106,10 @@ class STP_Import {
 		// run that funky magic!
 		$tags_added = $this->tag2post();

-		echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> tag was added!', 'Done! <strong>%s</strong> tags were added!', $tags_added), $tags_added ) . '<br /></p>';
+		echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag was added!', 'Done! <strong>%s</strong> tags were added!', $tags_added), $tags_added ) . '<br /></p>';
 		echo '<form action="admin.php?import=stp&amp;step=3" method="post">';
 		wp_nonce_field('import-stp');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 3').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 3').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
--- a/wp-admin/import/textpattern.php
+++ b/wp-admin/import/textpattern.php
@@ -70,7 +70,7 @@ class Textpattern_Import {
 		echo '<form action="admin.php?import=textpattern&amp;step=1" method="post">';
 		wp_nonce_field('import-textpattern');
 		$this->db_form();
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.attribute_escape(__('Import')).'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -201,7 +201,7 @@ class Textpattern_Import {

 			// Store category translation for future use
 			add_option('txpcat2wpcat',$txpcat2wpcat);
-			echo '<p>'.sprintf(__ngettext('Done! <strong>%1$s</strong> category imported.', 'Done! <strong>%1$s</strong> categories imported.', $count), $count).'<br /><br /></p>';
+			echo '<p>'.sprintf(_n('Done! <strong>%1$s</strong> category imported.', 'Done! <strong>%1$s</strong> categories imported.', $count), $count).'<br /><br /></p>';
 			return true;
 		}
 		echo __('No Categories to Import!');
@@ -486,7 +486,7 @@ class Textpattern_Import {
 			}
 			add_option('txplinks2wplinks',$txplinks2wplinks);
 			echo '<p>';
-			printf(__ngettext('Done! <strong>%s</strong> link imported', 'Done! <strong>%s</strong> links imported', $count), $count);
+			printf(_n('Done! <strong>%s</strong> link imported', 'Done! <strong>%s</strong> links imported', $count), $count);
 			echo '<br /><br /></p>';
 			return true;
 		}
@@ -505,7 +505,7 @@ class Textpattern_Import {

 		echo '<form action="admin.php?import=textpattern&amp;step=2" method="post">';
 		wp_nonce_field('import-textpattern');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Users')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Users'));
 		echo '</form>';

 	}
@@ -518,7 +518,7 @@ class Textpattern_Import {

 		echo '<form action="admin.php?import=textpattern&amp;step=3" method="post">';
 		wp_nonce_field('import-textpattern');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Posts')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Posts'));
 		echo '</form>';
 	}

@@ -532,7 +532,7 @@ class Textpattern_Import {

 		echo '<form action="admin.php?import=textpattern&amp;step=4" method="post">';
 		wp_nonce_field('import-textpattern');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Comments')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Comments'));
 		echo '</form>';
 	}

@@ -544,7 +544,7 @@ class Textpattern_Import {

 		echo '<form action="admin.php?import=textpattern&amp;step=5" method="post">';
 		wp_nonce_field('import-textpattern');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Import Links')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Import Links'));
 		echo '</form>';
 	}

@@ -557,7 +557,7 @@ class Textpattern_Import {

 		echo '<form action="admin.php?import=textpattern&amp;step=6" method="post">';
 		wp_nonce_field('import-textpattern');
-		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', attribute_escape(__('Finish')));
+		printf('<p class="submit"><input type="submit" name="submit" class="button" value="%s" /></p>', esc_attr__('Finish'));
 		echo '</form>';
 	}

--- a/wp-admin/import/utw.php
+++ b/wp-admin/import/utw.php
@@ -33,7 +33,7 @@ class UTW_Import {
 		echo '<p>'.__('To accommodate larger databases for those tag-crazy authors out there, we have made this into an easy 5-step program to help you kick that nasty UTW habit. Just keep clicking along and we will let you know when you are in the clear!').'</p>';
 		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
 		echo '<form action="admin.php?import=utw&amp;step=1" method="post">';
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 1').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 1').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -98,7 +98,7 @@ class UTW_Import {

 			$count = count($tags);

-			echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
+			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
 			echo '<p>' . __('The following tags were found:') . '</p>';

 			echo '<ul>';
@@ -120,7 +120,7 @@ class UTW_Import {

 		echo '<form action="admin.php?import=utw&amp;step=2" method="post">';
 		wp_nonce_field('import-utw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 2').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 2').'" /></p>';
 		echo '</form>';
 		echo '</div>';
 	}
@@ -150,13 +150,13 @@ class UTW_Import {

 			$count = count($posts);

-			echo '<p>' . sprintf( __ngettext('Done! <strong>%s</strong> tag to post relationships were read.', 'Done! <strong>%s</strong> tags to post relationships were read.', $count), $count ) . '<br /></p>';
+			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag to post relationships were read.', 'Done! <strong>%s</strong> tags to post relationships were read.', $count), $count ) . '<br /></p>';

 		}

 		echo '<form action="admin.php?import=utw&amp;step=3" method="post">';
 		wp_nonce_field('import-utw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 3').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 3').'" /></p>';
 		echo '</form>';
 		echo '</div>';

@@ -171,11 +171,11 @@ class UTW_Import {
 		// run that funky magic!
 		$tags_added = $this->tag2post();

-		echo '<p>' . sprintf( __ngettext( 'Done! <strong>%s</strong> tag were added!', 'Done! <strong>%s</strong> tags were added!', $tags_added ), $tags_added ) . '<br /></p>';
+		echo '<p>' . sprintf( _n( 'Done! <strong>%s</strong> tag were added!', 'Done! <strong>%s</strong> tags were added!', $tags_added ), $tags_added ) . '<br /></p>';

 		echo '<form action="admin.php?import=utw&amp;step=4" method="post">';
 		wp_nonce_field('import-utw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.__('Step 4').'" /></p>';
+		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Step 4').'" /></p>';
 		echo '</form>';
 		echo '</div>';

--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -203,7 +203,7 @@ class WP_Import {
 <p><?php _e('To make it easier for you to edit and save the imported posts and drafts, you may want to change the name of the author of the posts. For example, you may want to import all the entries as <code>admin</code>s entries.'); ?></p>
 <?php
 	if ( $this->allow_create_users() ) {
-		echo '<p>'.__('If a new user is created by WordPress, a password will be randomly generated. Manually change the user\'s details if necessary.')."</p>\n";
+		echo '<p>'.__('If a new user is created by WordPress, a password will be randomly generated. Manually change the user&#8217;s details if necessary.')."</p>\n";
 	}


@@ -233,7 +233,7 @@ class WP_Import {
 		}

 		echo '<p class="submit">';
-		echo '<input type="submit" class="button" value="'.attribute_escape( __('Submit') ).'" />'.'<br />';
+		echo '<input type="submit" class="button" value="'. esc_attr__('Submit') .'" />'.'<br />';
 		echo '</p>';
 		echo '</form>';

@@ -242,14 +242,14 @@ class WP_Import {
 	function users_form($n, $author) {

 		if ( $this->allow_create_users() ) {
-			printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'.$author.'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />');
+			printf('<label>'.__('Create user %1$s or map to existing'), ' <input type="text" value="'. esc_attr($author) .'" name="'.'user_create['.intval($n).']'.'" maxlength="30" /></label> <br />');
 		}
 		else {
 			echo __('Map to existing').'<br />';
 		}

 		// keep track of $n => $author name
-		echo '<input type="hidden" name="author_in['.intval($n).']" value="'.htmlspecialchars($author).'" />';
+		echo '<input type="hidden" name="author_in['.intval($n).']" value="' . esc_attr($author).'" />';

 		$users = get_users_of_blog();
 ?><select name="user_select[<?php echo $n; ?>]">
@@ -300,6 +300,7 @@ class WP_Import {
 				continue;

 			$category_nicename	= $this->get_tag( $c, 'wp:category_nicename' );
+			$category_description = $this->get_tag( $c, 'wp:category_description' );
 			$posts_private		= (int) $this->get_tag( $c, 'wp:posts_private' );
 			$links_private		= (int) $this->get_tag( $c, 'wp:links_private' );

@@ -310,7 +311,7 @@ class WP_Import {
 			else
 				$category_parent = category_exists($parent);

-			$catarr = compact('category_nicename', 'category_parent', 'posts_private', 'links_private', 'posts_private', 'cat_name');
+			$catarr = compact('category_nicename', 'category_parent', 'posts_private', 'links_private', 'posts_private', 'cat_name', 'category_description');

 			$cat_ID = wp_insert_category($catarr);
 		}
@@ -381,12 +382,12 @@ class WP_Import {
 		$post_author    = $this->get_tag( $post, 'dc:creator' );

 		$post_excerpt = $this->get_tag( $post, 'excerpt:encoded' );
-		$post_excerpt = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_excerpt);
+		$post_excerpt = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_excerpt);
 		$post_excerpt = str_replace('<br>', '<br />', $post_excerpt);
 		$post_excerpt = str_replace('<hr>', '<hr />', $post_excerpt);

 		$post_content = $this->get_tag( $post, 'content:encoded' );
-		$post_content = preg_replace('|<(/?[A-Z]+)|e', "'<' . strtolower('$1')", $post_content);
+		$post_content = preg_replace_callback('|<(/?[A-Z]+)|', create_function('$match', 'return "<" . strtolower($match[1]);'), $post_content);
 		$post_content = str_replace('<br>', '<br />', $post_content);
 		$post_content = str_replace('<hr>', '<hr />', $post_content);

@@ -528,7 +529,7 @@ class WP_Import {
 		} }

 		if ( $num_comments )
-			printf(' '.__ngettext('(%s comment)', '(%s comments)', $num_comments), $num_comments);
+			printf(' '._n('(%s comment)', '(%s comments)', $num_comments), $num_comments);

 		// Now for post meta
 		preg_match_all('|<wp:postmeta>(.*?)</wp:postmeta>|is', $post, $postmeta);
--- a/wp-admin/import/wp-cat2tag.php
+++ b/wp-admin/import/wp-cat2tag.php
@@ -65,7 +65,7 @@ class WP_Categories_to_Tags {

 		if ( $cat_num > 0 ) {
 			screen_icon();
-			echo '<h2>' . sprintf( __ngettext( 'Convert Category to Tag.', 'Convert Categories (%d) to Tags.', $cat_num ), $cat_num ) . '</h2>';
+			echo '<h2>' . sprintf( _n( 'Convert Category to Tag.', 'Convert Categories (%d) to Tags.', $cat_num ), $cat_num ) . '</h2>';
 			echo '<div class="narrow">';
 			echo '<p>' . __('Hey there. Here you can selectively convert existing categories to tags. To get started, check the categories you wish to be converted, then click the Convert button.') . '</p>';
 			echo '<p>' . __('Keep in mind that if you convert a category with child categories, the children become top-level orphans.') . '</p></div>';
@@ -103,7 +103,7 @@ function check_all_rows() {
 </script>

 <form name="catlist" id="catlist" action="admin.php?import=wp-cat2tag&amp;step=2" method="post">
-<p><input type="button" class="button-secondary" value="<?php _e('Check All'); ?>" onclick="this.value=check_all_rows()" />
+<p><input type="button" class="button-secondary" value="<?php esc_attr_e('Check All'); ?>" onclick="this.value=check_all_rows()" />
 <?php wp_nonce_field('import-cat2tag'); ?></p>
 <ul style="list-style:none">

@@ -128,7 +128,7 @@ function check_all_rows() {
 <?php	if ( ! empty($this->hybrids_ids) )
 			echo '<p><a name="note"></a>' . __('* This category is also a tag. Converting it will add that tag to all posts that are currently in the category.') . '</p>'; ?>

-<p class="submit"><input type="submit" name="submit" class="button" value="<?php _e('Convert Categories to Tags'); ?>" /></p>
+<p class="submit"><input type="submit" name="submit" class="button" value="<?php esc_attr_e('Convert Categories to Tags'); ?>" /></p>
 </form>

 <?php }
@@ -141,9 +141,9 @@ function check_all_rows() {

 		if ( $tags_num > 0 ) {
 			screen_icon();
-			echo '<h2>' . sprintf( __ngettext( 'Convert Tag to Category.', 'Convert Tags (%d) to Categories.', $tags_num ), $tags_num ) . '</h2>';
+			echo '<h2>' . sprintf( _n( 'Convert Tag to Category.', 'Convert Tags (%d) to Categories.', $tags_num ), $tags_num ) . '</h2>';
 			echo '<div class="narrow">';
-			echo '<p>' . __('Here you can selectively converts existing tags to categories. To get started, check the tags you wish to be converted, then click the Convert button.') . '</p>';
+			echo '<p>' . __('Here you can selectively convert existing tags to categories. To get started, check the tags you wish to be converted, then click the Convert button.') . '</p>';
 			echo '<p>' . __('The newly created categories will still be associated with the same posts.') . '</p></div>';

 			$this->tags_form();
@@ -179,12 +179,12 @@ function check_all_tagrows() {
 </script>

 <form name="taglist" id="taglist" action="admin.php?import=wp-cat2tag&amp;step=4" method="post">
-<p><input type="button" class="button-secondary" value="<?php _e('Check All'); ?>" onclick="this.value=check_all_tagrows()" />
+<p><input type="button" class="button-secondary" value="<?php esc_attr_e('Check All'); ?>" onclick="this.value=check_all_tagrows()" />
 <?php wp_nonce_field('import-cat2tag'); ?></p>
 <ul style="list-style:none">

 <?php	foreach ( $this->all_tags as $tag ) { ?>
-	<li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo attribute_escape($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id),  $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>
+	<li><label><input type="checkbox" name="tags_to_convert[]" value="<?php echo intval($tag->term_id); ?>" /> <?php echo esc_attr($tag->name) . ' (' . $tag->count . ')'; ?></label><?php if ( in_array( intval($tag->term_id),  $this->hybrids_ids ) ) echo ' <a href="#note"> * </a>'; ?></li>

 <?php	} ?>
 </ul>
@@ -192,7 +192,7 @@ function check_all_tagrows() {
 <?php	if ( ! empty($this->hybrids_ids) )
 			echo '<p><a name="note"></a>' . __('* This tag is also a category. When converted, all posts associated with the tag will also be in the category.') . '</p>'; ?>

-<p class="submit"><input type="submit" name="submit_tags" class="button" value="<?php _e('Convert Tags to Categories'); ?>" /></p>
+<p class="submit"><input type="submit" name="submit_tags" class="button" value="<?php esc_attr_e('Convert Tags to Categories'); ?>" /></p>
 </form>

 <?php }
@@ -249,7 +249,7 @@ function check_all_tagrows() {
 			$cat_id = (int) $cat_id;

 			if ( ! $this->_category_exists($cat_id) ) {
-				echo '<li>' . sprintf( __('Category %s doesn\'t exist!'),  $cat_id ) . "</li>\n";
+				echo '<li>' . sprintf( __('Category %s doesn&#8217;t exist!'),  $cat_id ) . "</li>\n";
 			} else {
 				$category =& get_category($cat_id);
 				echo '<li>' . sprintf(__('Converting category <strong>%s</strong> ... '),  $category->name);
@@ -325,14 +325,12 @@ function check_all_tagrows() {

 		if ( ! empty($clean_term_cache) ) {
 			$clean_term_cache = array_unique(array_values($clean_term_cache));
-			foreach ( $clean_term_cache as $id )
-				wp_cache_delete($id, 'post_tag');
+			clean_term_cache($clean_term_cache, 'post_tag');
 		}

 		if ( ! empty($clean_cat_cache) ) {
 			$clean_cat_cache = array_unique(array_values($clean_cat_cache));
-			foreach ( $clean_cat_cache as $id )
-				wp_cache_delete($id, 'category');
+			clean_term_cache($clean_cat_cache, 'category');
 		}

 		if ( $clear_parents ) delete_option('category_children');
@@ -408,20 +406,18 @@ function check_all_tagrows() {
 				echo __('Converted successfully.') . "</li>\n";

 			} else {
-				printf( '<li>' . __('Tag #%s doesn\'t exist!') . "</li>\n",  $tag_id );
+				printf( '<li>' . __('Tag #%s doesn&#8217;t exist!') . "</li>\n",  $tag_id );
 			}
 		}

 		if ( ! empty($clean_term_cache) ) {
 			$clean_term_cache = array_unique(array_values($clean_term_cache));
-			foreach ( $clean_term_cache as $id )
-				wp_cache_delete($id, 'post_tag');
+			clean_term_cache($clean_term_cache, 'post_tag');
 		}

 		if ( ! empty($clean_cat_cache) ) {
 			$clean_cat_cache = array_unique(array_values($clean_cat_cache));
-			foreach ( $clean_cat_cache as $id )
-				wp_cache_delete($id, 'category');
+			clean_term_cache($clean_term_cache, 'category');
 		}

 		if ( $clear_parents ) delete_option('category_children');
--- a/wp-admin/includes/bookmark.php
+++ b/wp-admin/includes/bookmark.php
@@ -29,11 +29,11 @@ function edit_link( $link_id = '' ) {
 	if (!current_user_can( 'manage_links' ))
 		wp_die( __( 'Cheatin&#8217; uh?' ));

-	$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
-	$_POST['link_url'] = clean_url($_POST['link_url']);
-	$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
-	$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
-	$_POST['link_rss'] = clean_url($_POST['link_rss']);
+	$_POST['link_url'] = esc_html( $_POST['link_url'] );
+	$_POST['link_url'] = esc_url($_POST['link_url']);
+	$_POST['link_name'] = esc_html( $_POST['link_name'] );
+	$_POST['link_image'] = esc_html( $_POST['link_image'] );
+	$_POST['link_rss'] = esc_url($_POST['link_rss']);
 	if ( !isset($_POST['link_visible']) || 'N' != $_POST['link_visible'] )
 		$_POST['link_visible'] = 'Y';

@@ -54,12 +54,12 @@ function edit_link( $link_id = '' ) {
 */
 function get_default_link_to_edit() {
 	if ( isset( $_GET['linkurl'] ) )
-		$link->link_url = clean_url( $_GET['linkurl']);
+		$link->link_url = esc_url( $_GET['linkurl']);
 	else
 		$link->link_url = '';

 	if ( isset( $_GET['name'] ) )
-		$link->link_name = attribute_escape( $_GET['name']);
+		$link->link_name = esc_attr( $_GET['name']);
 	else
 		$link->link_name = '';

@@ -142,8 +142,13 @@ function wp_insert_link( $linkdata, $wp_error = false ) {
 	if ( !empty( $link_id ) )
 		$update = true;

-	if ( trim( $link_name ) == '' )
-		return 0;
+	if ( trim( $link_name ) == '' ) {
+		if ( trim( $link_url ) != '' ) {
+			$link_name = $link_url;
+		} else {
+			return 0;
+		}
+	}

 	if ( trim( $link_url ) == '' )
 		return 0;
--- a/wp-admin/includes/class-pclzip.php
+++ b/wp-admin/includes/class-pclzip.php
--- a/wp-admin/includes/class-wp-filesystem-base.php
+++ b/wp-admin/includes/class-wp-filesystem-base.php
@@ -46,8 +46,6 @@ class WP_Filesystem_Base {
 	 * @return string The location of the remote path.
 	 */
 	function abspath() {
-		if ( defined('FTP_BASE') && strpos($this->method, 'ftp') !== false )
-			return FTP_BASE;
 		$folder = $this->find_folder(ABSPATH);
 		//Perhaps the FTP folder is rooted at the WordPress install, Check for wp-includes folder in root, Could have some false positives, but rare.
 		if ( ! $folder && $this->is_dir('/wp-includes') )
@@ -62,8 +60,6 @@ class WP_Filesystem_Base {
 	 * @return string The location of the remote path.
 	 */
 	function wp_content_dir() {
-		if ( defined('FTP_CONTENT_DIR') && strpos($this->method, 'ftp') !== false )
-			return FTP_CONTENT_DIR;
 		return $this->find_folder(WP_CONTENT_DIR);
 	}
 	/**
@@ -75,8 +71,6 @@ class WP_Filesystem_Base {
 	 * @return string The location of the remote path.
 	 */
 	function wp_plugins_dir() {
-		if ( defined('FTP_PLUGIN_DIR') && strpos($this->method, 'ftp') !== false )
-			return FTP_PLUGIN_DIR;
 		return $this->find_folder(WP_PLUGIN_DIR);
 	}
 	/**
@@ -142,6 +136,15 @@ class WP_Filesystem_Base {
 	 */
 	function find_folder($folder) {

+		if ( strpos($this->method, 'ftp') !== false ) {
+			$constant_overrides = array( 'FTP_BASE' => ABSPATH, 'FTP_CONTENT_DIR' => WP_CONTENT_DIR, 'FTP_PLUGIN_DIR' => WP_PLUGIN_DIR );
+			foreach ( $constant_overrides as $constant => $dir )
+				if ( defined($constant) && $folder === $dir )
+					return trailingslashit(constant($constant));
+		} elseif ( 'direct' == $this->method ) {
+			return trailingslashit($folder);
+		}
+
 		$folder = preg_replace('|^([a-z]{1}):|i', '', $folder); //Strip out windows driveletter if its there.
 		$folder = str_replace('\\', '/', $folder); //Windows path sanitiation

@@ -149,6 +152,7 @@ class WP_Filesystem_Base {
 			return $this->cache[ $folder ];

 		if ( $this->exists($folder) ) { //Folder exists at that absolute path.
+			$folder = trailingslashit($folder);
 			$this->cache[ $folder ] = $folder;
 			return $folder;
 		}
@@ -189,23 +193,23 @@ class WP_Filesystem_Base {
 			// If its found, change into it and follow through looking for it.
 			// If it cant find WordPress down that route, it'll continue onto the next folder level, and see if that matches, and so on.
 			// If it reaches the end, and still cant find it, it'll return false for the entire function.
-			if( isset($files[ $key ]) ){
+			if ( isset($files[ $key ]) ){
 				//Lets try that folder:
 				$newdir = trailingslashit(path_join($base, $key));
-				if( $this->verbose )
+				if ( $this->verbose )
 					printf( __('Changing to %s') . '<br/>', $newdir );
-				if( $ret = $this->search_for_folder( $folder, $newdir, $loop) )
+				if ( $ret = $this->search_for_folder( $folder, $newdir, $loop) )
 					return $ret;
 			}
 		}

 		//Only check this as a last resort, to prevent locating the incorrect install. All above proceeedures will fail quickly if this is the right branch to take.
-		if(isset( $files[ $last_path ] ) ) {
-			if( $this->verbose )
+		if (isset( $files[ $last_path ] ) ) {
+			if ( $this->verbose )
 				printf( __('Found %s') . '<br/>',  $base . $last_path );
-			return $base . $last_path;
+			return trailingslashit($base . $last_path);
 		}
-		if( $loop )
+		if ( $loop )
 			return false;//Prevent tihs function looping again.
 		//As an extra last resort, Change back to / if the folder wasnt found. This comes into effect when the CWD is /home/user/ but WP is at /var/www/.... mainly dedicated setups.
 		return $this->search_for_folder($folder, '/', true);
--- a/wp-admin/includes/class-wp-filesystem-direct.php
+++ b/wp-admin/includes/class-wp-filesystem-direct.php
@@ -14,13 +14,12 @@
 * @subpackage Filesystem
 * @uses WP_Filesystem_Base Extends class
 */
-class WP_Filesystem_Direct  extends WP_Filesystem_Base {
+class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	var $permission = null;
-	var $errors = array();
+	var $errors = null;
 	function WP_Filesystem_Direct($arg) {
 		$this->method = 'direct';
 		$this->errors = new WP_Error();
-		$this->permission = umask();
 	}
 	function connect() {
 		return true;
@@ -49,82 +48,92 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 		return @chdir($dir);
 	}
 	function chgrp($file, $group, $recursive = false) {
-		if( ! $this->exists($file) )
+		if ( ! $this->exists($file) )
 			return false;
-		if( ! $recursive )
+		if ( ! $recursive )
 			return @chgrp($file, $group);
-		if( ! $this->is_dir($file) )
+		if ( ! $this->is_dir($file) )
 			return @chgrp($file, $group);
 		//Is a directory, and we want recursive
 		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename)
+		foreach ($filelist as $filename)
 			$this->chgrp($file . $filename, $group, $recursive);

 		return true;
 	}
 	function chmod($file, $mode = false, $recursive = false) {
-		if( ! $mode )
-			$mode = $this->permission;
-		if( ! $this->exists($file) )
+		if ( ! $this->exists($file) )
 			return false;
-		if( ! $recursive )
-			return @chmod($file,$mode);
-		if( ! $this->is_dir($file) )
+
+		if ( ! $mode ) {
+			if ( $this->permission )
+				$mode = $this->permission;
+			elseif ( $this->is_file($file) )
+				$mode = FS_CHMOD_FILE;
+			elseif ( $this->is_dir($file) )
+				$mode = FS_CHMOD_DIR;
+			else
+				return false;	
+		}
+
+		if ( ! $recursive )
+			return @chmod($file, $mode);
+		if ( ! $this->is_dir($file) )
 			return @chmod($file, $mode);
 		//Is a directory, and we want recursive
 		$file = trailingslashit($file);
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename)
+		foreach ($filelist as $filename)
 			$this->chmod($file . $filename, $mode, $recursive);

 		return true;
 	}
 	function chown($file, $owner, $recursive = false) {
-		if( ! $this->exists($file) )
+		if ( ! $this->exists($file) )
 			return false;
-		if( ! $recursive )
+		if ( ! $recursive )
 			return @chown($file, $owner);
-		if( ! $this->is_dir($file) )
+		if ( ! $this->is_dir($file) )
 			return @chown($file, $owner);
 		//Is a directory, and we want recursive
 		$filelist = $this->dirlist($file);
-		foreach($filelist as $filename){
+		foreach ($filelist as $filename){
 			$this->chown($file . '/' . $filename, $owner, $recursive);
 		}
 		return true;
 	}
 	function owner($file) {
 		$owneruid = @fileowner($file);
-		if( ! $owneruid )
+		if ( ! $owneruid )
 			return false;
-		if( ! function_exists('posix_getpwuid') )
+		if ( ! function_exists('posix_getpwuid') )
 			return $owneruid;
 		$ownerarray = posix_getpwuid($owneruid);
 		return $ownerarray['name'];
 	}
 	function getchmod($file) {
-		return @fileperms($file);
+		return substr(decoct(@fileperms($file)),3);
 	}
 	function group($file) {
 		$gid = @filegroup($file);
-		if( ! $gid )
+		if ( ! $gid )
 			return false;
-		if( ! function_exists('posix_getgrgid') )
+		if ( ! function_exists('posix_getgrgid') )
 			return $gid;
 		$grouparray = posix_getgrgid($gid);
 		return $grouparray['name'];
 	}

 	function copy($source, $destination, $overwrite = false) {
-		if( ! $overwrite && $this->exists($destination) )
+		if ( ! $overwrite && $this->exists($destination) )
 			return false;
 		return copy($source, $destination);
 	}

 	function move($source, $destination, $overwrite = false) {
 		//Possible to use rename()?
-		if( $this->copy($source, $destination, $overwrite) && $this->exists($destination) ){
+		if ( $this->copy($source, $destination, $overwrite) && $this->exists($destination) ){
 			$this->delete($source);
 			return true;
 		} else {
@@ -133,11 +142,13 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 	}

 	function delete($file, $recursive = false) {
+		if ( empty($file) ) //Some filesystems report this as /, which can cause non-expected recursive deletion of all files in the filesystem.
+			return false;
 		$file = str_replace('\\', '/', $file); //for win32, occasional problems deleteing files otherwise

-		if( $this->is_file($file) )
+		if ( $this->is_file($file) )
 			return @unlink($file);
-		if( ! $recursive && $this->is_dir($file) )
+		if ( ! $recursive && $this->is_dir($file) )
 			return @rmdir($file);

 		//At this point its a folder, and we're in recursive mode
@@ -145,13 +156,13 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 		$filelist = $this->dirlist($file, true);

 		$retval = true;
-		if( is_array($filelist) ) //false if no files, So check first.
-			foreach($filelist as $filename => $fileinfo)
-				if( ! $this->delete($file . $filename, $recursive) )
+		if ( is_array($filelist) ) //false if no files, So check first.
+			foreach ($filelist as $filename => $fileinfo)
+				if ( ! $this->delete($file . $filename, $recursive) )
 					$retval = false;

-		if( ! @rmdir($file) )
-			return false;
+		if ( file_exists($file) && ! @rmdir($file) )
+			$retval = false;
 		return $retval;
 	}

@@ -187,33 +198,31 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 	}

 	function touch($file, $time = 0, $atime = 0){
-		if($time == 0)
+		if ($time == 0)
 			$time = time();
-		if($atime == 0)
+		if ($atime == 0)
 			$atime = time();
 		return @touch($file, $time, $atime);
 	}

 	function mkdir($path, $chmod = false, $chown = false, $chgrp = false){
-		if( ! $chmod)
-			$chmod = $this->permission;
-
-		if( ! @mkdir($path, $chmod) )
+		if ( ! @mkdir($path) )
 			return false;
-		if( $chown )
+		$this->chmod($path, $chmod);
+		if ( $chown )
 			$this->chown($path, $chown);
-		if( $chgrp )
+		if ( $chgrp )
 			$this->chgrp($path, $chgrp);
 		return true;
 	}

 	function rmdir($path, $recursive = false) {
 		//Currently unused and untested, Use delete() instead.
-		if( ! $recursive )
+		if ( ! $recursive )
 			return @rmdir($path);
 		//recursive:
 		$filelist = $this->dirlist($path);
-		foreach($filelist as $filename => $det) {
+		foreach ($filelist as $filename => $det) {
 			if ( '/' == substr($filename, -1, 1) )
 				$this->rmdir($path . '/' . $filename, $recursive);
 			@rmdir($filename);
@@ -222,13 +231,13 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 	}

 	function dirlist($path, $incdot = false, $recursive = false) {
-		if( $this->is_file($path) ) {
+		if ( $this->is_file($path) ) {
 			$limitFile = basename($path);
 			$path = dirname($path);
 		} else {
 			$limitFile = false;
 		}
-		if( ! $this->is_dir($path) )
+		if ( ! $this->is_dir($path) )
 			return false;

 		$ret = array();
@@ -239,11 +248,11 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 			$struc = array();
 			$struc['name'] = $entry;

-			if( '.' == $struc['name'] || '..' == $struc['name'] )
+			if ( '.' == $struc['name'] || '..' == $struc['name'] )
 				continue; //Do not care about these folders.
-			if( '.' == $struc['name'][0] && !$incdot)
+			if ( '.' == $struc['name'][0] && !$incdot)
 				continue;
-			if( $limitFile && $struc['name'] != $limitFile)
+			if ( $limitFile && $struc['name'] != $limitFile)
 				continue;

 			$struc['perms'] 	= $this->gethchmod($path.'/'.$entry);
@@ -258,7 +267,7 @@ class WP_Filesystem_Direct  extends WP_Filesystem_Base {
 			$struc['type']		= $this->is_dir($path.'/'.$entry) ? 'd' : 'f';

 			if ( 'd' == $struc['type'] ) {
-				if( $recursive )
+				if ( $recursive )
 					$struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive);
 				else
 					$struc['files'] = array();
--- a/wp-admin/includes/class-wp-filesystem-ftpext.php
+++ b/wp-admin/includes/class-wp-filesystem-ftpext.php
@@ -17,7 +17,7 @@
 class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 	var $link;
 	var $timeout = 5;
-	var $errors = array();
+	var $errors = null;
 	var $options = array();

 	var $permission = null;
@@ -47,28 +47,26 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 			$this->wp_base = $opt['base'];

 		// Check if the options provided are OK.
-		if ( empty ($opt['username']) )
+		if ( empty($opt['username']) )
 			$this->errors->add('empty_username', __('FTP username is required'));
 		else
 			$this->options['username'] = $opt['username'];

-		if ( empty ($opt['password']) )
+		if ( empty($opt['password']) )
 			$this->errors->add('empty_password', __('FTP password is required'));
 		else
 			$this->options['password'] = $opt['password'];

 		$this->options['ssl'] = false;
-		if ( isset($opt['ssl']) )
-			$this->options['ssl'] = ( !empty($opt['ssl']) );
-		elseif ( isset( $opt['connection_type']) )
-			$this->options['ssl'] = ( 'ftps' == $opt['connection_type'] );
+		if ( isset($opt['connection_type']) && 'ftps' == $opt['connection_type'] )
+			$this->options['ssl'] = true;
 	}

 	function connect() {
-		if ( $this->options['ssl'] && function_exists('ftp_ssl_connect') )
-			$this->link = @ftp_ssl_connect($this->options['hostname'], $this->options['port'],$this->timeout);
+		if ( isset($this->options['ssl']) && $this->options['ssl'] && function_exists('ftp_ssl_connect') )
+			$this->link = @ftp_ssl_connect($this->options['hostname'], $this->options['port'], $this->timeout);
 		else
-			$this->link = @ftp_connect($this->options['hostname'], $this->options['port'],$this->timeout);
+			$this->link = @ftp_connect($this->options['hostname'], $this->options['port'], $this->timeout);

 		if ( ! $this->link ) {
 			$this->errors->add('connect', sprintf(__('Failed to connect to FTP Server %1$s:%2$s'), $this->options['hostname'], $this->options['port']));
@@ -146,7 +144,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 			$mode = $this->permission;
 		if( ! $mode )
 			return false;
-		if ( ! $this->exists($file) )
+		if ( ! $this->exists($file) && ! $this->is_dir($file) )
 			return false;
 		if ( ! $recursive || ! $this->is_dir($file) ) {
 			if ( ! function_exists('ftp_chmod') )
@@ -187,30 +185,31 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		return ftp_rename($this->link, $source, $destination);
 	}

-	function delete($file,$recursive=false) {
+	function delete($file, $recursive = false ) {
+		if ( empty($file) )
+			return false;
 		if ( $this->is_file($file) )
 			return @ftp_delete($this->link, $file);
 		if ( !$recursive )
 			return @ftp_rmdir($this->link, $file);
-		$filelist = $this->dirlist($file);
-		foreach ((array) $filelist as $filename => $fileinfo) {
-			$this->delete($file . '/' . $filename, $recursive);
-		}
+
+		$filelist = $this->dirlist( trailingslashit($file) );
+		if ( !empty($filelist) )
+			foreach ( $filelist as $delete_file )
+				$this->delete( trailingslashit($file) . $delete_file['name'], $recursive);
 		return @ftp_rmdir($this->link, $file);
 	}

 	function exists($file) {
-		$list = ftp_rawlist($this->link, $file, false);
-		if( ! $list )
-			return false;
-		return count($list) == 1 ? true : false;
+		$list = @ftp_rawlist($this->link, $file, false);
+		return !empty($list); //empty list = no file, so invert.
 	}
 	function is_file($file) {
-		return $this->is_dir($file) ? false : true;
+		return $this->exists($file) && !$this->is_dir($file);
 	}
 	function is_dir($path) {
 		$cwd = $this->cwd();
-		$result = @ftp_chdir($this->link, $path);
+		$result = @ftp_chdir($this->link, trailingslashit($path) );
 		if( $result && $path == $this->cwd() || $this->cwd() != $cwd ) {
 			@ftp_chdir($this->link, $cwd);
 			return true;
@@ -218,7 +217,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		return false;
 	}
 	function is_readable($file) {
-		//Get dir list, Check if the file is writable by the current user??
+		//Get dir list, Check if the file is readable by the current user??
 		return true;
 	}
 	function is_writable($file) {
@@ -238,7 +237,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		return false;
 	}
 	function mkdir($path, $chmod = false, $chown = false, $chgrp = false) {
-		if( !@ftp_mkdir($this->link, $path) )
+		if( !ftp_mkdir($this->link, $path) )
 			return false;
 		if( $chmod )
 			$this->chmod($path, $chmod);
@@ -249,17 +248,14 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
 		return true;
 	}
 	function rmdir($path, $recursive = false) {
-		if( ! $recursive )
-			return @ftp_rmdir($this->link, $path);
-
-		//TODO: Recursive Directory delete, Have to delete files from the folder first.
-		//$dir = $this->dirlist($path);
-		//foreach($dir as $file)
-
+		return $this->delete($path, $recursive);
 	}

 	function parselisting($line) {
-		$is_windows = ($this->OS_remote == FTP_OS_Windows);
+		static $is_windows;
+		if ( is_null($is_windows) )
+			$is_windows = strpos( strtolower(ftp_systype($this->link)), 'win') !== false;
+
 		if ($is_windows && preg_match("/([0-9]{2})-([0-9]{2})-([0-9]{2}) +([0-9]{2}):([0-9]{2})(AM|PM) +([0-9]+|<DIR>) +(.+)/", $line, $lucifer)) {
 			$b = array();
 			if ($lucifer[3]<70) { $lucifer[3] +=2000; } else { $lucifer[3]+=1900; } // 4digit year fix
--- a/wp-admin/includes/class-wp-filesystem-ftpsockets.php
+++ b/wp-admin/includes/class-wp-filesystem-ftpsockets.php
@@ -17,7 +17,7 @@
 class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 	var $ftp = false;
 	var $timeout = 5;
-	var $errors;
+	var $errors = null;
 	var $options = array();

 	var $permission = null;
@@ -210,6 +210,8 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base {
 	}

 	function delete($file, $recursive = false ) {
+		if ( empty($file) )
+			return false;
 		if ( $this->is_file($file) )
 			return $this->ftp->delete($file);
 		if ( !$recursive )
--- a/wp-admin/includes/class-wp-filesystem-ssh2.php
+++ b/wp-admin/includes/class-wp-filesystem-ssh2.php
@@ -13,7 +13,7 @@
 *
 * @contrib http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/ - Installation Notes
 *
- * Complie libssh2 (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now.)
+ * Complie libssh2 (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now, But many users have found the latest versions work)
 *
 * cd /usr/src
 * wget http://surfnet.dl.sourceforge.net/sourceforge/libssh2/libssh2-0.14.tar.gz
@@ -22,7 +22,7 @@
 * ./configure
 * make all install
 *
- * Note: No not leave the directory yet!
+ * Note: Do not leave the directory yet!
 *
 * Enter: pecl install -f ssh2
 *
@@ -33,6 +33,7 @@
 * Restart Apache!
 * Check phpinfo() streams to confirm that: ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp  exist.
 *
+ * Note: as of WordPress 2.8, This utilises the PHP5+ function 'stream_get_contents'
 *
 * @since 2.7
 * @package WordPress
@@ -41,13 +42,11 @@
 */
 class WP_Filesystem_SSH2 extends WP_Filesystem_Base {

-	var $debugtest = false;	//	set this to true only if your a debuging your connection
-
-	var $link = null;
-	var $sftp_link = null;
+	var $link = false;
+	var $sftp_link = false;
 	var $keys = false;
 	/*
-	 * This is the timeout value for ssh results to comeback.
+	 * This is the timeout value for ssh results.
 	 * Slower servers might need this incressed, but this number otherwise should not change.
 	 *
 	 * @parm $timeout int
@@ -68,6 +67,10 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			$this->errors->add('no_ssh2_ext', __('The ssh2 PHP extension is not available'));
 			return false;
 		}
+		if ( !function_exists('stream_get_contents') ) {
+			$this->errors->add('ssh2_php_requirement', __('The ssh2 PHP extension is available, however, we require the PHP5 function <code>stream_get_contents()</code>'));
+			return false;
+		}

 		// Set defaults:
 		if ( empty($opt['port']) )
@@ -84,23 +87,22 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			$this->wp_base = $opt['base'];

 		// Check if the options provided are OK.
-		if ( empty ($opt['username']) )
-			$this->errors->add('empty_username', __('SSH2 username is required'));
-		else
-			$this->options['username'] = $opt['username'];
-
-		if ( ( !empty ($opt['public_key']) ) && ( !empty ($opt['private_key']) ) ) {
+		if ( !empty ($opt['public_key']) && !empty ($opt['private_key']) ) {
 			$this->options['public_key'] = $opt['public_key'];
 			$this->options['private_key'] = $opt['private_key'];

-			$this->options['hostkey'] = array("hostkey" => "ssh-rsa");
+			$this->options['hostkey'] = array('hostkey' => 'ssh-rsa');

 			$this->keys = true;
+		} elseif ( empty ($opt['username']) ) {
+			$this->errors->add('empty_username', __('SSH2 username is required'));
 		}

+		if ( !empty($opt['username']) )
+			$this->options['username'] = $opt['username'];

 		if ( empty ($opt['password']) ) {
-			if ( !$this->keys )	//	 password can be blank if we are using keys
+			if ( !$this->keys )	//password can be blank if we are using keys
 				$this->errors->add('empty_password', __('SSH2 password is required'));
 		} else {
 			$this->options['password'] = $opt['password'];
@@ -109,8 +111,6 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function connect() {
-		$this->debug("connect();");
-
 		if ( ! $this->keys ) {
 			$this->link = @ssh2_connect($this->options['hostname'], $this->options['port']);
 		} else {
@@ -129,7 +129,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			}
 		} else {
 			if ( ! @ssh2_auth_pubkey_file($this->link, $this->options['username'], $this->options['public_key'], $this->options['private_key'], $this->options['password'] ) ) {
-				$this->errors->add('auth', sprintf(__('Public and Private keys incorrent for %s'), $this->options['username']));
+				$this->errors->add('auth', sprintf(__('Public and Private keys incorrect for %s'), $this->options['username']));
 				return false;
 			}
 		}
@@ -139,48 +139,27 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		return true;
 	}

-	function run_command($link, $command, $returnbool = false) {
-		$this->debug("run_command();");
-		if(!($stream = @ssh2_exec( $link, $command . "; echo \"__COMMAND_FINISHED__\";"))) {
+	function run_command( $command, $returnbool = false) {
+
+		if ( ! $this->link )
+			return false;
+
+		if ( ! ($stream = ssh2_exec($this->link, $command)) ) {
 			$this->errors->add('command', sprintf(__('Unable to perform command: %s'), $command));
 		} else {
 			stream_set_blocking( $stream, true );
-			$time_start = time();
-			$data = null;
-			while( true ) {
-				if (strpos($data,"__COMMAND_FINISHED__") !== false){
-					break;	//	the command has finshed!
-				}
-				if( (time()-$time_start) > $this->timeout ){
-					$this->errors->add('command', sprintf(__('Connection to the server has timeout after %s seconds.'), $this->timeout));
-					unset($this->link);
-					unset($this->sftp_link); //	close connections
-					return false;
-				}
-				while( $buf = fread( $stream, strlen($stream) ) )
-					$data .= $buf;
-			}
-			fclose($stream);
-			$data = trim(str_replace("__COMMAND_FINISHED__", "", $data));
-			if (($returnbool) && ( (int) $data )) {
-				return true;
-			} elseif (($returnbool) && (! (int) $data )) {
-				return false;
-			} else {
+			stream_set_timeout( $stream, $this->timeout );
+			$data = stream_get_contents( $stream );
+			fclose( $stream );
+
+			if ( $returnbool )
+				return ( $data === false ) ? false : '' != trim($data);
+			else
 				return $data;
-			}
 		}
 		return false;
 	}

-	function debug($text)
-	{
-		if ($this->debugtest)
-		{
-			echo "<br/>" . $text . "<br/>";
-		}
-	}
-
 	function setDefaultPermissions($perm) {
 		$this->debug("setDefaultPermissions();");
 		if ( $perm )
@@ -188,59 +167,40 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function get_contents($file, $type = '', $resumepos = 0 ) {
-		$this->debug("get_contents();");
-		$tempfile = wp_tempnam( $file );
-		if ( ! $tempfile )
-			return false;
-		if( ! ssh2_scp_recv($this->link, $file, $tempfile) )
-			return false;
-		$contents = file_get_contents($tempfile);
-		unlink($tempfile);
-		return $contents;
+		$file = ltrim($file, '/');
+		return file_get_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function get_contents_array($file) {
-		$this->debug("get_contents_array();");
-		return explode("\n", $this->get_contents($file));
+		$file = ltrim($file, '/');
+		return file('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function put_contents($file, $contents, $type = '' ) {
-		$this->debug("put_contents($file);");
-		$tempfile = wp_tempnam( $file );
-		$temp = fopen($tempfile, 'w');
-		if ( ! $temp )
-			return false;
-		fwrite($temp, $contents);
-		fclose($temp);
-		$ret = ssh2_scp_send($this->link, $tempfile, $file, $this->permission);
-		unlink($tempfile);
-		return $ret;
+		$file = ltrim($file, '/');
+		return file_put_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file, $contents);
 	}

 	function cwd() {
-		$this->debug("cwd();");
-		$cwd = $this->run_command($this->link, 'pwd');
+		$cwd = $this->run_command('pwd');
 		if( $cwd )
 			$cwd = trailingslashit($cwd);
 		return $cwd;
 	}

 	function chdir($dir) {
-		$this->debug("chdir();");
-		return $this->run_command($this->link, 'cd ' . $dir, true);
+		return $this->run_command('cd ' . $dir, true);
 	}

 	function chgrp($file, $group, $recursive = false ) {
-		$this->debug("chgrp();");
 		if ( ! $this->exists($file) )
 			return false;
 		if ( ! $recursive || ! $this->is_dir($file) )
-			return $this->run_command($this->link, sprintf('chgrp %o %s', $mode, $file), true);
-		return $this->run_command($this->link, sprintf('chgrp -R %o %s', $mode, $file), true);
+			return $this->run_command(sprintf('chgrp %o %s', $mode, escapeshellarg($file)), true);
+		return $this->run_command(sprintf('chgrp -R %o %s', $mode, escapeshellarg($file)), true);
 	}

 	function chmod($file, $mode = false, $recursive = false) {
-		$this->debug("chmod();");
 		if( ! $mode )
 			$mode = $this->permission;
 		if( ! $mode )
@@ -248,39 +208,43 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		if ( ! $this->exists($file) )
 			return false;
 		if ( ! $recursive || ! $this->is_dir($file) )
-			return $this->run_command($this->link, sprintf('chmod %o %s', $mode, $file), true);
-		return $this->run_command($this->link, sprintf('chmod -R %o %s', $mode, $file), true);
+			return $this->run_command(sprintf('chmod %o %s', $mode, escapeshellarg($file)), true);
+		return $this->run_command(sprintf('chmod -R %o %s', $mode, escapeshellarg($file)), true);
 	}

 	function chown($file, $owner, $recursive = false ) {
-		$this->debug("chown();");
 		if ( ! $this->exists($file) )
 			return false;
 		if ( ! $recursive || ! $this->is_dir($file) )
-			return $this->run_command($this->link, sprintf('chown %o %s', $mode, $file), true);
-		return $this->run_command($this->link, sprintf('chown -R %o %s', $mode, $file), true);
+			return $this->run_command(sprintf('chown %o %s', $mode, escapeshellarg($file)), true);
+		return $this->run_command(sprintf('chown -R %o %s', $mode, escapeshellarg($file)), true);
 	}

 	function owner($file) {
-		$this->debug("owner();");
-		$dir = $this->dirlist($file);
-		return $dir[$file]['owner'];
+		$owneruid = @fileowner('ssh2.sftp://' . $this->sftp_link . '/' . ltrim($file, '/'));
+		if ( ! $owneruid )
+			return false;
+		if ( ! function_exists('posix_getpwuid') )
+			return $owneruid;
+		$ownerarray = posix_getpwuid($owneruid);
+		return $ownerarray['name'];
 	}

 	function getchmod($file) {
-		$this->debug("getchmod();");
-		$dir = $this->dirlist($file);
-		return $dir[$file]['permsn'];
+		return substr(decoct(@fileperms( 'ssh2.sftp://' . $this->sftp_link . '/' . ltrim($file, '/') )),3);
 	}

 	function group($file) {
-		$this->debug("group();");
-		$dir = $this->dirlist($file);
-		return $dir[$file]['group'];
+		$gid = @filegroup('ssh2.sftp://' . $this->sftp_link . '/' . ltrim($file, '/'));
+		if ( ! $gid )
+			return false;
+		if ( ! function_exists('posix_getgrgid') )
+			return $gid;
+		$grouparray = posix_getgrgid($gid);
+		return $grouparray['name'];
 	}

 	function copy($source, $destination, $overwrite = false ) {
-		$this->debug("copy();");
 		if( ! $overwrite && $this->exists($destination) )
 			return false;
 		$content = $this->get_contents($source);
@@ -290,12 +254,10 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function move($source, $destination, $overwrite = false) {
-		$this->debug("move();");
 		return @ssh2_sftp_rename($this->link, $source, $destination);
 	}

 	function delete($file, $recursive = false) {
-		$this->debug("delete();");
 		if ( $this->is_file($file) )
 			return ssh2_sftp_unlink($this->sftp_link, $file);
 		if ( ! $recursive )
@@ -310,49 +272,43 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function exists($file) {
-		$this->debug("exists();");
-		return $this->run_command($this->link, sprintf('ls -lad %s', $file), true);
+		$file = ltrim($file, '/');
+		return file_exists('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function is_file($file) {
-		$this->debug("is_file();");
-		//DO NOT RELY ON dirlist()!
-		$list = $this->run_command($this->link, sprintf('ls -lad %s', $file));
-		$list = $this->parselisting($list);
-		if ( ! $list )
-			return false;
-		else
-			return ( !$list['isdir'] && !$list['islink'] ); //ie. not a file or link, yet exists, must be file.
+		$file = ltrim($file, '/');
+		return is_file('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function is_dir($path) {
-		$this->debug("is_dir();");
-		//DO NOT RELY ON dirlist()!
-		$list = $this->parselisting($this->run_command($this->link, sprintf('ls -lad %s', untrailingslashit($path))));
-		if ( ! $list )
-			return false;
-		else
-			return $list['isdir'];
+		$path = ltrim($path, '/');
+		return is_dir('ssh2.sftp://' . $this->sftp_link . '/' . $path);
 	}

 	function is_readable($file) {
-		//Not implmented.
+		$file = ltrim($file, '/');
+		return is_readable('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function is_writable($file) {
-		//Not implmented.
+		$file = ltrim($file, '/');
+		return is_writable('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function atime($file) {
-		//Not implmented.
+		$file = ltrim($file, '/');
+		return fileatime('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function mtime($file) {
-		//Not implmented.
+		$file = ltrim($file, '/');
+		return filemtime('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function size($file) {
-		//Not implmented.
+		$file = ltrim($file, '/');
+		return filesize('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function touch($file, $time = 0, $atime = 0) {
@@ -360,148 +316,68 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function mkdir($path, $chmod = null, $chown = false, $chgrp = false) {
-		$this->debug("mkdir();");
 		$path = untrailingslashit($path);
-		if( ! ssh2_sftp_mkdir($this->sftp_link, $path, $chmod, true) )
+		$chmod = !empty($chmod) ? $chmod : $this->permission;
+		if ( ! ssh2_sftp_mkdir($this->sftp_link, $path, $chmod, true) )
 			return false;
-		if( $chown )
+		if ( $chown )
 			$this->chown($path, $chown);
-		if( $chgrp )
+		if ( $chgrp )
 			$this->chgrp($path, $chgrp);
 		return true;
 	}

 	function rmdir($path, $recursive = false) {
-		$this->debug("rmdir();");
 		return $this->delete($path, $recursive);
 	}

-	function parselisting($line) {
-	$this->debug("parselisting();");
-		$is_windows = ($this->OS_remote == FTP_OS_Windows);
-		if ($is_windows && preg_match("/([0-9]{2})-([0-9]{2})-([0-9]{2}) +([0-9]{2}):([0-9]{2})(AM|PM) +([0-9]+|<DIR>) +(.+)/", $line, $lucifer)) {
-			$b = array();
-			if ($lucifer[3]<70) { $lucifer[3] +=2000; } else { $lucifer[3]+=1900; } // 4digit year fix
-			$b['isdir'] = ($lucifer[7]=="<DIR>");
-			if ( $b['isdir'] )
-				$b['type'] = 'd';
-			else
-				$b['type'] = 'f';
-			$b['size'] = $lucifer[7];
-			$b['month'] = $lucifer[1];
-			$b['day'] = $lucifer[2];
-			$b['year'] = $lucifer[3];
-			$b['hour'] = $lucifer[4];
-			$b['minute'] = $lucifer[5];
-			$b['time'] = @mktime($lucifer[4]+(strcasecmp($lucifer[6],"PM")==0?12:0),$lucifer[5],0,$lucifer[1],$lucifer[2],$lucifer[3]);
-			$b['am/pm'] = $lucifer[6];
-			$b['name'] = $lucifer[8];
-		} else if (!$is_windows && $lucifer=preg_split("/[ ]/",$line,9,PREG_SPLIT_NO_EMPTY)) {
-			//echo $line."\n";
-			$lcount=count($lucifer);
-			if ($lcount<8) return '';
-			$b = array();
-			$b['isdir'] = $lucifer[0]{0} === "d";
-			$b['islink'] = $lucifer[0]{0} === "l";
-			if ( $b['isdir'] )
-				$b['type'] = 'd';
-			elseif ( $b['islink'] )
-				$b['type'] = 'l';
-			else
-				$b['type'] = 'f';
-			$b['perms'] = $lucifer[0];
-			$b['number'] = $lucifer[1];
-			$b['owner'] = $lucifer[2];
-			$b['group'] = $lucifer[3];
-			$b['size'] = $lucifer[4];
-			if ($lcount==8) {
-				sscanf($lucifer[5],"%d-%d-%d",$b['year'],$b['month'],$b['day']);
-				sscanf($lucifer[6],"%d:%d",$b['hour'],$b['minute']);
-				$b['time'] = @mktime($b['hour'],$b['minute'],0,$b['month'],$b['day'],$b['year']);
-				$b['name'] = $lucifer[7];
-			} else {
-				$b['month'] = $lucifer[5];
-				$b['day'] = $lucifer[6];
-				if (preg_match("/([0-9]{2}):([0-9]{2})/",$lucifer[7],$l2)) {
-					$b['year'] = date("Y");
-					$b['hour'] = $l2[1];
-					$b['minute'] = $l2[2];
-				} else {
-					$b['year'] = $lucifer[7];
-					$b['hour'] = 0;
-					$b['minute'] = 0;
-				}
-				$b['time'] = strtotime(sprintf("%d %s %d %02d:%02d",$b['day'],$b['month'],$b['year'],$b['hour'],$b['minute']));
-				$b['name'] = $lucifer[8];
-			}
-		}
-
-		return $b;
-	}
-
-	function dirlist($path = '.', $incdot = false, $recursive = false) {
-		$this->debug("dirlist();");
-		if( $this->is_file($path) ) {
+	function dirlist($path, $incdot = false, $recursive = false) {
+		if ( $this->is_file($path) ) {
 			$limitFile = basename($path);
-			$path = trailingslashit(dirname($path));
+			$path = dirname($path);
 		} else {
 			$limitFile = false;
 		}
-
-		$list = $this->run_command($this->link, sprintf('ls -la %s', $path));
-
-		if ( $list === false )
+		if ( ! $this->is_dir($path) )
 			return false;

-		$list = explode("\n", $list);
-
-		$dirlist = array();
-		foreach ( (array)$list as $k => $v ) {
-			$entry = $this->parselisting($v);
-			if ( empty($entry) )
-				continue;
-
-			if ( '.' == $entry['name'] || '..' == $entry['name'] )
-				continue;
-
-			$dirlist[ $entry['name'] ] = $entry;
-		}
-
-		if ( ! $dirlist )
-			return false;
-
-		if ( empty($dirlist) )
-			return array();
-
 		$ret = array();
-		foreach ( $dirlist as $struc ) {
+		$dir = @dir('ssh2.sftp://' . $this->sftp_link .'/' . ltrim($path, '/') );
+		if ( ! $dir )
+			return false;
+		while (false !== ($entry = $dir->read()) ) {
+			$struc = array();
+			$struc['name'] = $entry;
+
+			if ( '.' == $struc['name'] || '..' == $struc['name'] )
+				continue; //Do not care about these folders.
+			if ( '.' == $struc['name'][0] && !$incdot)
+				continue;
+			if ( $limitFile && $struc['name'] != $limitFile)
+				continue;
+
+			$struc['perms'] 	= $this->gethchmod($path.'/'.$entry);
+			$struc['permsn']	= $this->getnumchmodfromh($struc['perms']);
+			$struc['number'] 	= false;
+			$struc['owner']    	= $this->owner($path.'/'.$entry);
+			$struc['group']    	= $this->group($path.'/'.$entry);
+			$struc['size']    	= $this->size($path.'/'.$entry);
+			$struc['lastmodunix']= $this->mtime($path.'/'.$entry);
+			$struc['lastmod']   = date('M j',$struc['lastmodunix']);
+			$struc['time']    	= date('h:i:s',$struc['lastmodunix']);
+			$struc['type']		= $this->is_dir($path.'/'.$entry) ? 'd' : 'f';

 			if ( 'd' == $struc['type'] ) {
-				$struc['files'] = array();
-
-				if ( $incdot ){
-					//We're including the doted starts
-					if( '.' != $struc['name'] && '..' != $struc['name'] ){ //Ok, It isnt a special folder
-						if ($recursive)
-							$struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive);
-					}
-				} else { //No dots
-					if ( $recursive )
-						$struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive);
-				}
+				if ( $recursive )
+					$struc['files'] = $this->dirlist($path . '/' . $struc['name'], $incdot, $recursive);
+				else
+					$struc['files'] = array();
 			}
-			//File
-			$ret[$struc['name']] = $struc;
+
+			$ret[ $struc['name'] ] = $struc;
 		}
+		$dir->close();
+		unset($dir);
 		return $ret;
 	}
-	function __destruct() {
-		$this->debug("__destruct();");
-		if ( $this->link )
-			unset($this->link);
-		if ( $this->sftp_link )
-			unset($this->sftp_link);
-	}
 }
-
-?>
--- a/wp-admin/includes/class-wp-upgrader.php
+++ b/wp-admin/includes/class-wp-upgrader.php
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -19,6 +19,9 @@
 function comment_exists($comment_author, $comment_date) {
 	global $wpdb;

+	$comment_author = stripslashes($comment_author);
+	$comment_date = stripslashes($comment_date);
+
 	return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
 			WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
 }
@@ -86,8 +89,8 @@ function get_comment_to_edit( $id ) {

 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
-	$comment->comment_author_url = clean_url($comment->comment_author_url);
 	$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
+	$comment->comment_author_url = esc_url($comment->comment_author_url);

 	return $comment;
 }
@@ -156,7 +159,7 @@ function enqueue_comment_hotkeys_js() {
 		wp_enqueue_script( 'jquery-table-hotkeys' );
 }

-if ( is_admin() && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) ) {
+if ( is_admin() && isset($pagenow) && ('edit-comments.php' == $pagenow || 'edit.php' == $pagenow) ) {
 	if ( get_option('show_avatars') )
 		add_filter( 'comment_author', 'floated_admin_avatar' );
 }
--- a/wp-admin/includes/continents-cities.php
+++ b/wp-admin/includes/continents-cities.php
@@ -0,0 +1,493 @@
+<?php
+
+/* Continent and city translations for timezone selection.
+ * This file is not included anywhere. It exists solely for use by xgettext.
+ */
+
+__('Africa', 'continents-cities');
+__('Abidjan', 'continents-cities');
+__('Accra', 'continents-cities');
+__('Addis Ababa', 'continents-cities');
+__('Algiers', 'continents-cities');
+__('Asmara', 'continents-cities');
+__('Asmera', 'continents-cities');
+__('Bamako', 'continents-cities');
+__('Bangui', 'continents-cities');
+__('Banjul', 'continents-cities');
+__('Bissau', 'continents-cities');
+__('Blantyre', 'continents-cities');
+__('Brazzaville', 'continents-cities');
+__('Bujumbura', 'continents-cities');
+__('Cairo', 'continents-cities');
+__('Casablanca', 'continents-cities');
+__('Ceuta', 'continents-cities');
+__('Conakry', 'continents-cities');
+__('Dakar', 'continents-cities');
+__('Dar es Salaam', 'continents-cities');
+__('Djibouti', 'continents-cities');
+__('Douala', 'continents-cities');
+__('El Aaiun', 'continents-cities');
+__('Freetown', 'continents-cities');
+__('Gaborone', 'continents-cities');
+__('Harare', 'continents-cities');
+__('Johannesburg', 'continents-cities');
+__('Kampala', 'continents-cities');
+__('Khartoum', 'continents-cities');
+__('Kigali', 'continents-cities');
+__('Kinshasa', 'continents-cities');
+__('Lagos', 'continents-cities');
+__('Libreville', 'continents-cities');
+__('Lome', 'continents-cities');
+__('Luanda', 'continents-cities');
+__('Lubumbashi', 'continents-cities');
+__('Lusaka', 'continents-cities');
+__('Malabo', 'continents-cities');
+__('Maputo', 'continents-cities');
+__('Maseru', 'continents-cities');
+__('Mbabane', 'continents-cities');
+__('Mogadishu', 'continents-cities');
+__('Monrovia', 'continents-cities');
+__('Nairobi', 'continents-cities');
+__('Ndjamena', 'continents-cities');
+__('Niamey', 'continents-cities');
+__('Nouakchott', 'continents-cities');
+__('Ouagadougou', 'continents-cities');
+__('Porto-Novo', 'continents-cities');
+__('Sao Tome', 'continents-cities');
+__('Timbuktu', 'continents-cities');
+__('Tripoli', 'continents-cities');
+__('Tunis', 'continents-cities');
+__('Windhoek', 'continents-cities');
+__('America', 'continents-cities');
+__('Adak', 'continents-cities');
+__('Anchorage', 'continents-cities');
+__('Anguilla', 'continents-cities');
+__('Antigua', 'continents-cities');
+__('Araguaina', 'continents-cities');
+__('Argentina', 'continents-cities');
+__('Buenos Aires', 'continents-cities');
+__('Catamarca', 'continents-cities');
+__('ComodRivadavia', 'continents-cities');
+__('Cordoba', 'continents-cities');
+__('Jujuy', 'continents-cities');
+__('La Rioja', 'continents-cities');
+__('Mendoza', 'continents-cities');
+__('Rio Gallegos', 'continents-cities');
+__('San Juan', 'continents-cities');
+__('San Luis', 'continents-cities');
+__('Tucuman', 'continents-cities');
+__('Ushuaia', 'continents-cities');
+__('Aruba', 'continents-cities');
+__('Asuncion', 'continents-cities');
+__('Atikokan', 'continents-cities');
+__('Atka', 'continents-cities');
+__('Bahia', 'continents-cities');
+__('Barbados', 'continents-cities');
+__('Belem', 'continents-cities');
+__('Belize', 'continents-cities');
+__('Blanc-Sablon', 'continents-cities');
+__('Boa Vista', 'continents-cities');
+__('Bogota', 'continents-cities');
+__('Boise', 'continents-cities');
+__('Cambridge Bay', 'continents-cities');
+__('Campo Grande', 'continents-cities');
+__('Cancun', 'continents-cities');
+__('Caracas', 'continents-cities');
+__('Cayenne', 'continents-cities');
+__('Cayman', 'continents-cities');
+__('Chicago', 'continents-cities');
+__('Chihuahua', 'continents-cities');
+__('Coral Harbour', 'continents-cities');
+__('Costa Rica', 'continents-cities');
+__('Cuiaba', 'continents-cities');
+__('Curacao', 'continents-cities');
+__('Danmarkshavn', 'continents-cities');
+__('Dawson', 'continents-cities');
+__('Dawson Creek', 'continents-cities');
+__('Denver', 'continents-cities');
+__('Detroit', 'continents-cities');
+__('Dominica', 'continents-cities');
+__('Edmonton', 'continents-cities');
+__('Eirunepe', 'continents-cities');
+__('El Salvador', 'continents-cities');
+__('Ensenada', 'continents-cities');
+__('Fort Wayne', 'continents-cities');
+__('Fortaleza', 'continents-cities');
+__('Glace Bay', 'continents-cities');
+__('Godthab', 'continents-cities');
+__('Goose Bay', 'continents-cities');
+__('Grand Turk', 'continents-cities');
+__('Grenada', 'continents-cities');
+__('Guadeloupe', 'continents-cities');
+__('Guatemala', 'continents-cities');
+__('Guayaquil', 'continents-cities');
+__('Guyana', 'continents-cities');
+__('Halifax', 'continents-cities');
+__('Havana', 'continents-cities');
+__('Hermosillo', 'continents-cities');
+__('Indiana', 'continents-cities');
+__('Indianapolis', 'continents-cities');
+__('Knox', 'continents-cities');
+__('Marengo', 'continents-cities');
+__('Petersburg', 'continents-cities');
+__('Tell City', 'continents-cities');
+__('Vevay', 'continents-cities');
+__('Vincennes', 'continents-cities');
+__('Winamac', 'continents-cities');
+__('Inuvik', 'continents-cities');
+__('Iqaluit', 'continents-cities');
+__('Jamaica', 'continents-cities');
+__('Juneau', 'continents-cities');
+__('Kentucky', 'continents-cities');
+__('Louisville', 'continents-cities');
+__('Monticello', 'continents-cities');
+__('Knox IN', 'continents-cities');
+__('La Paz', 'continents-cities');
+__('Lima', 'continents-cities');
+__('Los Angeles', 'continents-cities');
+__('Maceio', 'continents-cities');
+__('Managua', 'continents-cities');
+__('Manaus', 'continents-cities');
+__('Marigot', 'continents-cities');
+__('Martinique', 'continents-cities');
+__('Mazatlan', 'continents-cities');
+__('Menominee', 'continents-cities');
+__('Merida', 'continents-cities');
+__('Mexico City', 'continents-cities');
+__('Miquelon', 'continents-cities');
+__('Moncton', 'continents-cities');
+__('Monterrey', 'continents-cities');
+__('Montevideo', 'continents-cities');
+__('Montreal', 'continents-cities');
+__('Montserrat', 'continents-cities');
+__('Nassau', 'continents-cities');
+__('New York', 'continents-cities');
+__('Nipigon', 'continents-cities');
+__('Nome', 'continents-cities');
+__('Noronha', 'continents-cities');
+__('North Dakota', 'continents-cities');
+__('Center', 'continents-cities');
+__('New Salem', 'continents-cities');
+__('Panama', 'continents-cities');
+__('Pangnirtung', 'continents-cities');
+__('Paramaribo', 'continents-cities');
+__('Phoenix', 'continents-cities');
+__('Port-au-Prince', 'continents-cities');
+__('Port of Spain', 'continents-cities');
+__('Porto Acre', 'continents-cities');
+__('Porto Velho', 'continents-cities');
+__('Puerto Rico', 'continents-cities');
+__('Rainy River', 'continents-cities');
+__('Rankin Inlet', 'continents-cities');
+__('Recife', 'continents-cities');
+__('Regina', 'continents-cities');
+__('Resolute', 'continents-cities');
+__('Rio Branco', 'continents-cities');
+__('Rosario', 'continents-cities');
+__('Santiago', 'continents-cities');
+__('Santo Domingo', 'continents-cities');
+__('Sao Paulo', 'continents-cities');
+__('Scoresbysund', 'continents-cities');
+__('Shiprock', 'continents-cities');
+__('St Barthelemy', 'continents-cities');
+__('St Johns', 'continents-cities');
+__('St Kitts', 'continents-cities');
+__('St Lucia', 'continents-cities');
+__('St Thomas', 'continents-cities');
+__('St Vincent', 'continents-cities');
+__('Swift Current', 'continents-cities');
+__('Tegucigalpa', 'continents-cities');
+__('Thule', 'continents-cities');
+__('Thunder Bay', 'continents-cities');
+__('Tijuana', 'continents-cities');
+__('Toronto', 'continents-cities');
+__('Tortola', 'continents-cities');
+__('Vancouver', 'continents-cities');
+__('Virgin', 'continents-cities');
+__('Whitehorse', 'continents-cities');
+__('Winnipeg', 'continents-cities');
+__('Yakutat', 'continents-cities');
+__('Yellowknife', 'continents-cities');
+__('Antarctica', 'continents-cities');
+__('Casey', 'continents-cities');
+__('Davis', 'continents-cities');
+__('DumontDUrville', 'continents-cities');
+__('Mawson', 'continents-cities');
+__('McMurdo', 'continents-cities');
+__('Palmer', 'continents-cities');
+__('Rothera', 'continents-cities');
+__('South Pole', 'continents-cities');
+__('Syowa', 'continents-cities');
+__('Vostok', 'continents-cities');
+__('Arctic', 'continents-cities');
+__('Longyearbyen', 'continents-cities');
+__('Asia', 'continents-cities');
+__('Aden', 'continents-cities');
+__('Almaty', 'continents-cities');
+__('Amman', 'continents-cities');
+__('Anadyr', 'continents-cities');
+__('Aqtau', 'continents-cities');
+__('Aqtobe', 'continents-cities');
+__('Ashgabat', 'continents-cities');
+__('Ashkhabad', 'continents-cities');
+__('Baghdad', 'continents-cities');
+__('Bahrain', 'continents-cities');
+__('Baku', 'continents-cities');
+__('Bangkok', 'continents-cities');
+__('Beirut', 'continents-cities');
+__('Bishkek', 'continents-cities');
+__('Brunei', 'continents-cities');
+__('Calcutta', 'continents-cities');
+__('Choibalsan', 'continents-cities');
+__('Chongqing', 'continents-cities');
+__('Chungking', 'continents-cities');
+__('Colombo', 'continents-cities');
+__('Dacca', 'continents-cities');
+__('Damascus', 'continents-cities');
+__('Dhaka', 'continents-cities');
+__('Dili', 'continents-cities');
+__('Dubai', 'continents-cities');
+__('Dushanbe', 'continents-cities');
+__('Gaza', 'continents-cities');
+__('Harbin', 'continents-cities');
+__('Ho Chi Minh', 'continents-cities');
+__('Hong Kong', 'continents-cities');
+__('Hovd', 'continents-cities');
+__('Irkutsk', 'continents-cities');
+__('Istanbul', 'continents-cities');
+__('Jakarta', 'continents-cities');
+__('Jayapura', 'continents-cities');
+__('Jerusalem', 'continents-cities');
+__('Kabul', 'continents-cities');
+__('Kamchatka', 'continents-cities');
+__('Karachi', 'continents-cities');
+__('Kashgar', 'continents-cities');
+__('Katmandu', 'continents-cities');
+__('Kolkata', 'continents-cities');
+__('Krasnoyarsk', 'continents-cities');
+__('Kuala Lumpur', 'continents-cities');
+__('Kuching', 'continents-cities');
+__('Kuwait', 'continents-cities');
+__('Macao', 'continents-cities');
+__('Macau', 'continents-cities');
+__('Magadan', 'continents-cities');
+__('Makassar', 'continents-cities');
+__('Manila', 'continents-cities');
+__('Muscat', 'continents-cities');
+__('Nicosia', 'continents-cities');
+__('Novosibirsk', 'continents-cities');
+__('Omsk', 'continents-cities');
+__('Oral', 'continents-cities');
+__('Phnom Penh', 'continents-cities');
+__('Pontianak', 'continents-cities');
+__('Pyongyang', 'continents-cities');
+__('Qatar', 'continents-cities');
+__('Qyzylorda', 'continents-cities');
+__('Rangoon', 'continents-cities');
+__('Riyadh', 'continents-cities');
+__('Saigon', 'continents-cities');
+__('Sakhalin', 'continents-cities');
+__('Samarkand', 'continents-cities');
+__('Seoul', 'continents-cities');
+__('Shanghai', 'continents-cities');
+__('Singapore', 'continents-cities');
+__('Taipei', 'continents-cities');
+__('Tashkent', 'continents-cities');
+__('Tbilisi', 'continents-cities');
+__('Tehran', 'continents-cities');
+__('Tel Aviv', 'continents-cities');
+__('Thimbu', 'continents-cities');
+__('Thimphu', 'continents-cities');
+__('Tokyo', 'continents-cities');
+__('Ujung Pandang', 'continents-cities');
+__('Ulaanbaatar', 'continents-cities');
+__('Ulan Bator', 'continents-cities');
+__('Urumqi', 'continents-cities');
+__('Vientiane', 'continents-cities');
+__('Vladivostok', 'continents-cities');
+__('Yakutsk', 'continents-cities');
+__('Yekaterinburg', 'continents-cities');
+__('Yerevan', 'continents-cities');
+__('Atlantic', 'continents-cities');
+__('Azores', 'continents-cities');
+__('Bermuda', 'continents-cities');
+__('Canary', 'continents-cities');
+__('Cape Verde', 'continents-cities');
+__('Faeroe', 'continents-cities');
+__('Faroe', 'continents-cities');
+__('Jan Mayen', 'continents-cities');
+__('Madeira', 'continents-cities');
+__('Reykjavik', 'continents-cities');
+__('South Georgia', 'continents-cities');
+__('St Helena', 'continents-cities');
+__('Stanley', 'continents-cities');
+__('Australia', 'continents-cities');
+__('ACT', 'continents-cities');
+__('Adelaide', 'continents-cities');
+__('Brisbane', 'continents-cities');
+__('Broken Hill', 'continents-cities');
+__('Canberra', 'continents-cities');
+__('Currie', 'continents-cities');
+__('Darwin', 'continents-cities');
+__('Eucla', 'continents-cities');
+__('Hobart', 'continents-cities');
+__('LHI', 'continents-cities');
+__('Lindeman', 'continents-cities');
+__('Lord Howe', 'continents-cities');
+__('Melbourne', 'continents-cities');
+__('North', 'continents-cities');
+__('NSW', 'continents-cities');
+__('Perth', 'continents-cities');
+__('Queensland', 'continents-cities');
+__('South', 'continents-cities');
+__('Sydney', 'continents-cities');
+__('Tasmania', 'continents-cities');
+__('Victoria', 'continents-cities');
+__('West', 'continents-cities');
+__('Yancowinna', 'continents-cities');
+__('Etc', 'continents-cities');
+__('GMT', 'continents-cities');
+__('GMT+0', 'continents-cities');
+__('GMT+1', 'continents-cities');
+__('GMT+10', 'continents-cities');
+__('GMT+11', 'continents-cities');
+__('GMT+12', 'continents-cities');
+__('GMT+2', 'continents-cities');
+__('GMT+3', 'continents-cities');
+__('GMT+4', 'continents-cities');
+__('GMT+5', 'continents-cities');
+__('GMT+6', 'continents-cities');
+__('GMT+7', 'continents-cities');
+__('GMT+8', 'continents-cities');
+__('GMT+9', 'continents-cities');
+__('GMT-0', 'continents-cities');
+__('GMT-1', 'continents-cities');
+__('GMT-10', 'continents-cities');
+__('GMT-11', 'continents-cities');
+__('GMT-12', 'continents-cities');
+__('GMT-13', 'continents-cities');
+__('GMT-14', 'continents-cities');
+__('GMT-2', 'continents-cities');
+__('GMT-3', 'continents-cities');
+__('GMT-4', 'continents-cities');
+__('GMT-5', 'continents-cities');
+__('GMT-6', 'continents-cities');
+__('GMT-7', 'continents-cities');
+__('GMT-8', 'continents-cities');
+__('GMT-9', 'continents-cities');
+__('GMT0', 'continents-cities');
+__('Greenwich', 'continents-cities');
+__('UCT', 'continents-cities');
+__('Universal', 'continents-cities');
+__('UTC', 'continents-cities');
+__('Zulu', 'continents-cities');
+__('Europe', 'continents-cities');
+__('Amsterdam', 'continents-cities');
+__('Andorra', 'continents-cities');
+__('Athens', 'continents-cities');
+__('Belfast', 'continents-cities');
+__('Belgrade', 'continents-cities');
+__('Berlin', 'continents-cities');
+__('Bratislava', 'continents-cities');
+__('Brussels', 'continents-cities');
+__('Bucharest', 'continents-cities');
+__('Budapest', 'continents-cities');
+__('Chisinau', 'continents-cities');
+__('Copenhagen', 'continents-cities');
+__('Dublin', 'continents-cities');
+__('Gibraltar', 'continents-cities');
+__('Guernsey', 'continents-cities');
+__('Helsinki', 'continents-cities');
+__('Isle of Man', 'continents-cities');
+__('Jersey', 'continents-cities');
+__('Kaliningrad', 'continents-cities');
+__('Kiev', 'continents-cities');
+__('Lisbon', 'continents-cities');
+__('Ljubljana', 'continents-cities');
+__('London', 'continents-cities');
+__('Luxembourg', 'continents-cities');
+__('Madrid', 'continents-cities');
+__('Malta', 'continents-cities');
+__('Mariehamn', 'continents-cities');
+__('Minsk', 'continents-cities');
+__('Monaco', 'continents-cities');
+__('Moscow', 'continents-cities');
+__('Oslo', 'continents-cities');
+__('Paris', 'continents-cities');
+__('Podgorica', 'continents-cities');
+__('Prague', 'continents-cities');
+__('Riga', 'continents-cities');
+__('Rome', 'continents-cities');
+__('Samara', 'continents-cities');
+__('San Marino', 'continents-cities');
+__('Sarajevo', 'continents-cities');
+__('Simferopol', 'continents-cities');
+__('Skopje', 'continents-cities');
+__('Sofia', 'continents-cities');
+__('Stockholm', 'continents-cities');
+__('Tallinn', 'continents-cities');
+__('Tirane', 'continents-cities');
+__('Tiraspol', 'continents-cities');
+__('Uzhgorod', 'continents-cities');
+__('Vaduz', 'continents-cities');
+__('Vatican', 'continents-cities');
+__('Vienna', 'continents-cities');
+__('Vilnius', 'continents-cities');
+__('Volgograd', 'continents-cities');
+__('Warsaw', 'continents-cities');
+__('Zagreb', 'continents-cities');
+__('Zaporozhye', 'continents-cities');
+__('Zurich', 'continents-cities');
+__('Indian', 'continents-cities');
+__('Antananarivo', 'continents-cities');
+__('Chagos', 'continents-cities');
+__('Christmas', 'continents-cities');
+__('Cocos', 'continents-cities');
+__('Comoro', 'continents-cities');
+__('Kerguelen', 'continents-cities');
+__('Mahe', 'continents-cities');
+__('Maldives', 'continents-cities');
+__('Mauritius', 'continents-cities');
+__('Mayotte', 'continents-cities');
+__('Reunion', 'continents-cities');
+__('Pacific', 'continents-cities');
+__('Apia', 'continents-cities');
+__('Auckland', 'continents-cities');
+__('Chatham', 'continents-cities');
+__('Easter', 'continents-cities');
+__('Efate', 'continents-cities');
+__('Enderbury', 'continents-cities');
+__('Fakaofo', 'continents-cities');
+__('Fiji', 'continents-cities');
+__('Funafuti', 'continents-cities');
+__('Galapagos', 'continents-cities');
+__('Gambier', 'continents-cities');
+__('Guadalcanal', 'continents-cities');
+__('Guam', 'continents-cities');
+__('Honolulu', 'continents-cities');
+__('Johnston', 'continents-cities');
+__('Kiritimati', 'continents-cities');
+__('Kosrae', 'continents-cities');
+__('Kwajalein', 'continents-cities');
+__('Majuro', 'continents-cities');
+__('Marquesas', 'continents-cities');
+__('Midway', 'continents-cities');
+__('Nauru', 'continents-cities');
+__('Niue', 'continents-cities');
+__('Norfolk', 'continents-cities');
+__('Noumea', 'continents-cities');
+__('Pago Pago', 'continents-cities');
+__('Palau', 'continents-cities');
+__('Pitcairn', 'continents-cities');
+__('Ponape', 'continents-cities');
+__('Port Moresby', 'continents-cities');
+__('Rarotonga', 'continents-cities');
+__('Saipan', 'continents-cities');
+__('Samoa', 'continents-cities');
+__('Tahiti', 'continents-cities');
+__('Tarawa', 'continents-cities');
+__('Tongatapu', 'continents-cities');
+__('Truk', 'continents-cities');
+__('Wake', 'continents-cities');
+__('Wallis', 'continents-cities');
+__('Yap', 'continents-cities');
--- a/wp-admin/includes/dashboard.php
+++ b/wp-admin/includes/dashboard.php
@@ -37,7 +37,7 @@ function wp_dashboard_setup() {
 		$widget_options['dashboard_incoming_links'] = array(
 			'home' => get_option('home'),
 			'link' => apply_filters( 'dashboard_incoming_links_link', 'http://blogsearch.google.com/blogsearch?hl=en&scoring=d&partner=wordpress&q=link:' . trailingslashit( get_option('home') ) ),
-			'url' => apply_filters( 'dashboard_incoming_links_feed', 'http://blogsearch.google.com/blogsearch_feeds?hl=en&scoring=d&ie=utf-8&num=10&output=rss&partner=wordpress&q=link:' . trailingslashit( get_option('home') ) ),
+			'url' => isset($widget_options['dashboard_incoming_links']['url']) ? apply_filters( 'dashboard_incoming_links_feed', $widget_options['dashboard_incoming_links']['url'] ) : apply_filters( 'dashboard_incoming_links_feed', 'http://blogsearch.google.com/blogsearch_feeds?hl=en&scoring=d&ie=utf-8&num=20&output=rss&partner=wordpress&q=link:' . trailingslashit( get_option('home') ) ),
 			'items' => isset($widget_options['dashboard_incoming_links']['items']) ? $widget_options['dashboard_incoming_links']['items'] : 10,
 			'show_date' => isset($widget_options['dashboard_incoming_links']['show_date']) ? $widget_options['dashboard_incoming_links']['show_date'] : false
 		);
@@ -115,12 +115,12 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
 		$wp_dashboard_control_callbacks[$widget_id] = $control_callback;
 		if ( isset( $_GET['edit'] ) && $widget_id == $_GET['edit'] ) {
 			list($url) = explode( '#', add_query_arg( 'edit', false ), 2 );
-			$widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
+			$widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( $url ) . '">' . __( 'Cancel' ) . '</a></span>';
 			add_meta_box( $widget_id, $widget_name, '_wp_dashboard_control_callback', 'dashboard', 'normal', 'core' );
 			return;
 		}
 		list($url) = explode( '#', add_query_arg( 'edit', $widget_id ), 2 );
-		$widget_name .= ' <span class="postbox-title-action"><a href="' . clean_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
+		$widget_name .= ' <span class="postbox-title-action"><a href="' . esc_url( "$url#$widget_id" ) . '" class="edit-box open-box">' . __( 'Configure' ) . '</a></span>';
 	}
 	$side_widgets = array('dashboard_quick_press', 'dashboard_recent_drafts', 'dashboard_primary', 'dashboard_secondary');
 	$location = 'normal';
@@ -132,7 +132,7 @@ function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_
 function _wp_dashboard_control_callback( $dashboard, $meta_box ) {
 	echo '<form action="" method="post" class="dashboard-widget-control-form">';
 	wp_dashboard_trigger_widget_control( $meta_box['id'] );
-	echo "<p class='submit'><input type='hidden' name='widget_id' value='$meta_box[id]' /><input type='submit' value='" . __( 'Submit' ) . "' /></p>";
+	echo "<p class='submit'><input type='hidden' name='widget_id' value='" . esc_attr($meta_box['id']) . "' /><input type='submit' value='" . esc_attr__( 'Submit' ) . "' /></p>";

 	echo '</form>';
 }
@@ -143,29 +143,59 @@ function _wp_dashboard_control_callback( $dashboard, $meta_box ) {
 * @since unknown
 */
 function wp_dashboard() {
-	echo "<div id='dashboard-widgets' class='metabox-holder'>\n\n";
+	global $screen_layout_columns;

-	echo "<div id='side-info-column' class='inner-sidebar'>\n\n";
-	$class = do_meta_boxes( 'dashboard', 'side', '' ) ? ' class="has-sidebar"' : '';
-	echo "</div>\n\n";
-
-	echo "<div id='post-body'$class>\n\n";
-	echo "<div id='dashboard-widgets-main-content' class='has-sidebar-content'>\n\n";
+	$hide2 = $hide3 = $hide4 = '';
+	switch ( $screen_layout_columns ) {
+		case 4:
+			$width = 'width:24.5%;';
+			break;
+		case 3:
+			$width = 'width:32.67%;';
+			$hide4 = 'display:none;';
+			break;
+		case 2:
+			$width = 'width:49%;';
+			$hide3 = $hide4 = 'display:none;';
+			break;
+		default:
+			$width = 'width:98%;';
+			$hide2 = $hide3 = $hide4 = 'display:none;';
+	}
+?>
+<div id='dashboard-widgets' class='metabox-holder'>
+<?php
+	echo "\t<div class='postbox-container' style='$width'>\n";
 	do_meta_boxes( 'dashboard', 'normal', '' );
-	echo "</div>\n\n";
-	echo "</div>\n\n";

-	echo "<form style='display: none' method='get' action=''>\n<p>\n";
+	echo "\t</div><div class='postbox-container' style='{$hide2}$width'>\n";
+	do_meta_boxes( 'dashboard', 'side', '' );
+
+	echo "\t</div><div class='postbox-container' style='{$hide3}$width'>\n";
+	do_meta_boxes( 'dashboard', 'column3', '' );
+
+	echo "\t</div><div class='postbox-container' style='{$hide4}$width'>\n";
+	do_meta_boxes( 'dashboard', 'column4', '' );
+?>
+</div></div>
+
+<form style='display: none' method='get' action=''>
+	<p>
+<?php
 	wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
 	wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false );
-	echo "</p>\n</form>\n";
+?>
+	</p>
+</form>

-	echo "</div>";
+<?php
 }

 /* Dashboard Widgets */

 function wp_dashboard_right_now() {
+	global $wp_registered_sidebars;
+
 	$num_posts = wp_count_posts( 'post' );
 	$num_pages = wp_count_posts( 'page' );

@@ -181,24 +211,25 @@ function wp_dashboard_right_now() {

 	// Posts
 	$num = number_format_i18n( $num_posts->publish );
-	if ( current_user_can( 'edit_posts' ) )
-		$text = "<a href='edit.php'>$num</a>";
-	else
-		$text = $num;
-	echo '<td class="first b b-posts">' . $text . '</td>';
-	echo '<td class="t posts">' . __ngettext( 'Post', 'Posts', intval($num_posts->publish) ) . '</td>';
+	$text = _n( 'Post', 'Posts', intval($num_posts->publish) );
+	if ( current_user_can( 'edit_posts' ) ) {
+		$num = "<a href='edit.php'>$num</a>";
+		$text = "<a href='edit.php'>$text</a>";
+	}
+	echo '<td class="first b b-posts">' . $num . '</td>';
+	echo '<td class="t posts">' . $text . '</td>';
 	/* TODO: Show status breakdown on hover
 	if ( $can_edit_pages && !empty($num_pages->publish) ) { // how many pages is not exposed in feeds.  Don't show if !current_user_can
-		$post_type_texts[] = '<a href="edit-pages.php">'.sprintf( __ngettext( '%s page', '%s pages', $num_pages->publish ), number_format_i18n( $num_pages->publish ) ).'</a>';
+		$post_type_texts[] = '<a href="edit-pages.php">'.sprintf( _n( '%s page', '%s pages', $num_pages->publish ), number_format_i18n( $num_pages->publish ) ).'</a>';
 	}
 	if ( $can_edit_posts && !empty($num_posts->draft) ) {
-		$post_type_texts[] = '<a href="edit.php?post_status=draft">'.sprintf( __ngettext( '%s draft', '%s drafts', $num_posts->draft ), number_format_i18n( $num_posts->draft ) ).'</a>';
+		$post_type_texts[] = '<a href="edit.php?post_status=draft">'.sprintf( _n( '%s draft', '%s drafts', $num_posts->draft ), number_format_i18n( $num_posts->draft ) ).'</a>';
 	}
 	if ( $can_edit_posts && !empty($num_posts->future) ) {
-		$post_type_texts[] = '<a href="edit.php?post_status=future">'.sprintf( __ngettext( '%s scheduled post', '%s scheduled posts', $num_posts->future ), number_format_i18n( $num_posts->future ) ).'</a>';
+		$post_type_texts[] = '<a href="edit.php?post_status=future">'.sprintf( _n( '%s scheduled post', '%s scheduled posts', $num_posts->future ), number_format_i18n( $num_posts->future ) ).'</a>';
 	}
 	if ( current_user_can('publish_posts') && !empty($num_posts->pending) ) {
-		$pending_text = sprintf( __ngettext( 'There is <a href="%1$s">%2$s post</a> pending your review.', 'There are <a href="%1$s">%2$s posts</a> pending your review.', $num_posts->pending ), 'edit.php?post_status=pending', number_format_i18n( $num_posts->pending ) );
+		$pending_text = sprintf( _n( 'There is <a href="%1$s">%2$s post</a> pending your review.', 'There are <a href="%1$s">%2$s posts</a> pending your review.', $num_posts->pending ), 'edit.php?post_status=pending', number_format_i18n( $num_posts->pending ) );
 	} else {
 		$pending_text = '';
 	}
@@ -206,58 +237,79 @@ function wp_dashboard_right_now() {

 	// Total Comments
 	$num = number_format_i18n($num_comm->total_comments);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = _n( 'Comment', 'Comments', $num_comm->total_comments );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php'>$num</a>";
-	echo '<td class="b b-comments">'.$num.'</td>';
-	echo '<td class="last t comments">' . __ngettext( 'Comment', 'Comments', $num_comm->total_comments ) . '</td>';
+		$text = "<a href='edit-comments.php'>$text</a>";
+	}
+	echo '<td class="b b-comments">' . $num . '</td>';
+	echo '<td class="last t comments">' . $text . '</td>';

 	echo '</tr><tr>';

 	// Pages
 	$num = number_format_i18n( $num_pages->publish );
-	if ( current_user_can( 'edit_pages' ) )
+	$text = _n( 'Page', 'Pages', $num_pages->publish );
+	if ( current_user_can( 'edit_pages' ) ) {
 		$num = "<a href='edit-pages.php'>$num</a>";
-	echo '<td class="first b b_pages">'.$num.'</td>';
-	echo '<td class="t pages">' . __ngettext( 'Page', 'Pages', $num_pages->publish ) . '</td>';
+		$text = "<a href='edit-pages.php'>$text</a>";
+	}
+	echo '<td class="first b b_pages">' . $num . '</td>';
+	echo '<td class="t pages">' . $text . '</td>';

 	// Approved Comments
 	$num = number_format_i18n($num_comm->approved);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = _nc( 'Approved|Right Now', 'Approved', $num_comm->approved );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php?comment_status=approved'>$num</a>";
-	echo '<td class="b b_approved">'.$num.'</td>';
-	echo '<td class="last t approved">' . __ngettext( 'Approved', 'Approved', $num_comm->approved ) . '</td>';
+		$text = "<a class='approved' href='edit-comments.php?comment_status=approved'>$text</a>";
+	}
+	echo '<td class="b b_approved">' . $num . '</td>';
+	echo '<td class="last t">' . $text . '</td>';

 	echo "</tr>\n\t<tr>";

 	// Categories
 	$num = number_format_i18n( $num_cats );
-	if ( current_user_can( 'manage_categories' ) )
+	$text = _n( 'Category', 'Categories', $num_cats );
+	if ( current_user_can( 'manage_categories' ) ) {
 		$num = "<a href='categories.php'>$num</a>";
-	echo '<td class="first b b-cats">'.$num.'</td>';
-	echo '<td class="t cats">' . __ngettext( 'Category', 'Categories', $num_cats ) . '</td>';
+		$text = "<a href='categories.php'>$text</a>";
+	}
+	echo '<td class="first b b-cats">' . $num . '</td>';
+	echo '<td class="t cats">' . $text . '</td>';

 	// Pending Comments
 	$num = number_format_i18n($num_comm->moderated);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = _n( 'Pending', 'Pending', $num_comm->moderated );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php?comment_status=moderated'><span class='pending-count'>$num</span></a>";
-	echo '<td class="b b-waiting">'.$num.'</td>';
-	echo '<td class="last t waiting">' . __ngettext( 'Pending', 'Pending', $num_comm->moderated ) . '</td>';
+		$text = "<a class='waiting' href='edit-comments.php?comment_status=moderated'>$text</a>";
+	}
+	echo '<td class="b b-waiting">' . $num . '</td>';
+	echo '<td class="last t">' . $text . '</td>';

 	echo "</tr>\n\t<tr>";

 	// Tags
 	$num = number_format_i18n( $num_tags );
-	if ( current_user_can( 'manage_categories' ) )
+	$text = _n( 'Tag', 'Tags', $num_tags );
+	if ( current_user_can( 'manage_categories' ) ) {
 		$num = "<a href='edit-tags.php'>$num</a>";
-	echo '<td class="first b b-tags">'.$num.'</td>';
-	echo '<td class="t tags">' . __ngettext( 'Tag', 'Tags', $num_tags ) . '</td>';
+		$text = "<a href='edit-tags.php'>$text</a>";
+	}
+	echo '<td class="first b b-tags">' . $num . '</td>';
+	echo '<td class="t tags">' . $text . '</td>';

 	// Spam Comments
 	$num = number_format_i18n($num_comm->spam);
-	if ( current_user_can( 'moderate_comments' ) )
+	$text = _n( 'Spam', 'Spam', $num_comm->spam );
+	if ( current_user_can( 'moderate_comments' ) ) {
 		$num = "<a href='edit-comments.php?comment_status=spam'><span class='spam-count'>$num</span></a>";
-	echo '<td class="b b-spam">'.$num.'</td>';
-	echo '<td class="last t spam">' . __ngettext( 'Spam', 'Spam', $num_comm->spam ) . '</td>';
+		$text = "<a class='spam' href='edit-comments.php?comment_status=spam'>$text</a>";
+	}
+	echo '<td class="b b-spam">' . $num . '</td>';
+	echo '<td class="last t">' . $text . '</td>';

 	echo "</tr>";
 	do_action('right_now_table_end');
@@ -265,23 +317,38 @@ function wp_dashboard_right_now() {

 	echo "\n\t".'<div class="versions">';
 	$ct = current_theme_info();
-	$sidebars_widgets = wp_get_sidebars_widgets();
-	$num_widgets = array_reduce( $sidebars_widgets, create_function( '$prev, $curr', 'return $prev+count($curr);' ), 0 );
-	$num = number_format_i18n( $num_widgets );

 	echo "\n\t<p>";
-	if ( current_user_can( 'switch_themes' ) ) {
-		echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>';
-		printf(__ngettext('Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $ct->title, $num);
-	} else {
-		printf(__ngettext('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $ct->title, $num);
-	}
+	if ( !empty($wp_registered_sidebars) ) {
+		$sidebars_widgets = wp_get_sidebars_widgets();
+		$num_widgets = 0;
+		foreach ( (array) $sidebars_widgets as $k => $v ) {
+			if ( 'wp_inactive_widgets' == $k )
+				continue;
+			if ( is_array($v) )
+				$num_widgets = $num_widgets + count($v);
+		}
+		$num = number_format_i18n( $num_widgets );

+		if ( current_user_can( 'switch_themes' ) ) {
+			echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>';
+			printf(_n('Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widget</a></span>', 'Theme <span class="b"><a href="themes.php">%1$s</a></span> with <span class="b"><a href="widgets.php">%2$s Widgets</a></span>', $num_widgets), $ct->title, $num);
+		} else {
+			printf(_n('Theme <span class="b">%1$s</span> with <span class="b">%2$s Widget</span>', 'Theme <span class="b">%1$s</span> with <span class="b">%2$s Widgets</span>', $num_widgets), $ct->title, $num);
+		}
+	} else {
+		if ( current_user_can( 'switch_themes' ) ) {
+			echo '<a href="themes.php" class="button rbutton">' . __('Change Theme') . '</a>';
+			printf('Theme <span class="b"><a href="themes.php">%1$s</a></span>', $ct->title);
+		} else {
+			printf('Theme <span class="b">%1$s</span>', $ct->title);
+		}
+	}
 	echo '</p>';

 	update_right_now_message();

-	echo "\n\t".'</div>';
+	echo "\n\t".'<br class="clear" /></div>';
 	do_action( 'rightnow_end' );
 	do_action( 'activity_box_end' );
 }
@@ -290,17 +357,16 @@ function wp_dashboard_quick_press() {
 	$drafts = false;
 	if ( 'post' === strtolower( $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['action'] ) && 0 === strpos( $_POST['action'], 'post-quickpress' ) && (int) $_POST['post_ID'] ) {
 		$view = get_permalink( $_POST['post_ID'] );
-		$edit = clean_url( get_edit_post_link( $_POST['post_ID'] ) );
+		$edit = esc_url( get_edit_post_link( $_POST['post_ID'] ) );
 		if ( 'post-quickpress-publish' == $_POST['action'] ) {
 			if ( current_user_can('publish_posts') )
-				printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( $view ), $edit );
+				printf( '<div class="message"><p>' . __( 'Post Published. <a href="%s">View post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( $view ), $edit );
 			else
-				printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
+				printf( '<div class="message"><p>' . __( 'Post submitted. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
 		} else {
-			printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', clean_url( add_query_arg( 'preview', 1, $view ) ), $edit );
+			printf( '<div class="message"><p>' . __( 'Draft Saved. <a href="%s">Preview post</a> | <a href="%s">Edit post</a>' ) . '</p></div>', esc_url( add_query_arg( 'preview', 1, $view ) ), $edit );
 			$drafts_query = new WP_Query( array(
 				'post_type' => 'post',
-				'what_to_show' => 'posts',
 				'post_status' => 'draft',
 				'author' => $GLOBALS['current_user']->ID,
 				'posts_per_page' => 1,
@@ -318,10 +384,10 @@ function wp_dashboard_quick_press() {
 	$post = get_default_post_to_edit();
 ?>

-	<form name="post" action="<?php echo clean_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
+	<form name="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>" method="post" id="quick-press">
 		<h4 id="quick-post-title"><label for="title"><?php _e('Title') ?></label></h4>
 		<div class="input-text-wrap">
-			<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo attribute_escape( $post->post_title ); ?>" />
+			<input type="text" name="post_title" id="title" tabindex="1" autocomplete="off" value="<?php echo esc_attr( $post->post_title ); ?>" />
 		</div>

 		<?php if ( current_user_can( 'upload_files' ) ) : ?>
@@ -346,12 +412,12 @@ function wp_dashboard_quick_press() {
 			<input type="hidden" name="action" id="quickpost-action" value="post-quickpress-save" />
 			<input type="hidden" name="quickpress_post_ID" value="<?php echo (int) $post->ID; ?>" />
 			<?php wp_nonce_field('add-post'); ?>
-			<input type="submit" name="save" id="save-post" class="button" tabindex="4" value="<?php _e('Save Draft'); ?>" />
-			<input type="reset" value="<?php _e( 'Cancel' ); ?>" class="cancel" />
+			<input type="submit" name="save" id="save-post" class="button" tabindex="4" value="<?php esc_attr_e('Save Draft'); ?>" />
+			<input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" />
 			<?php if ( current_user_can('publish_posts') ) { ?>
-			<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php _e('Publish'); ?>" />
+			<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php esc_attr_e('Publish'); ?>" />
 			<?php } else { ?>
-			<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php _e('Submit for Review'); ?>" />
+			<input type="submit" name="publish" id="publish" accesskey="p" tabindex="5" class="button-primary" value="<?php esc_attr_e('Submit for Review'); ?>" />
 			<?php } ?>
 			<br class="clear" />
 		</p>
@@ -367,7 +433,6 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
 	if ( !$drafts ) {
 		$drafts_query = new WP_Query( array(
 			'post_type' => 'post',
-			'what_to_show' => 'posts',
 			'post_status' => 'draft',
 			'author' => $GLOBALS['current_user']->ID,
 			'posts_per_page' => 5,
@@ -382,7 +447,7 @@ function wp_dashboard_recent_drafts( $drafts = false ) {
 		foreach ( $drafts as $draft ) {
 			$url = get_edit_post_link( $draft->ID );
 			$title = _draft_or_post_title( $draft->ID );
-			$item = "<h4><a href='$url' title='" . sprintf( __( 'Edit "%s"' ), attribute_escape( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
+			$item = "<h4><a href='$url' title='" . sprintf( __( 'Edit &#8220;%s&#8221;' ), esc_attr( $title ) ) . "'>$title</a> <abbr title='" . get_the_time(__('Y/m/d g:i:s A'), $draft) . "'>" . get_the_time( get_option( 'date_format' ), $draft ) . '</abbr></h4>';
 			if ( $the_content = preg_split( '#\s#', strip_tags( $draft->post_content ), 11, PREG_SPLIT_NO_EMPTY ) )
 				$item .= '<p>' . join( ' ', array_slice( $the_content, 0, 10 ) ) . ( 10 < count( $the_content ) ? '&hellip;' : '' ) . '</p>';
 			$list[] = $item;
@@ -458,14 +523,14 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 	$GLOBALS['comment'] =& $comment;

 	$comment_post_url = get_edit_post_link( $comment->comment_post_ID );
-	$comment_post_title = get_the_title( $comment->comment_post_ID );
+	$comment_post_title = strip_tags(get_the_title( $comment->comment_post_ID ));
 	$comment_post_link = "<a href='$comment_post_url'>$comment_post_title</a>";
-	$comment_link = '<a class="comment-link" href="' . get_comment_link() . '">#</a>';
+	$comment_link = '<a class="comment-link" href="' . esc_url(get_comment_link()) . '">#</a>';

-	$delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
-	$approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
-	$unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
-	$spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
+	$delete_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
+	$approve_url = esc_url( wp_nonce_url( "comment.php?action=approvecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
+	$unapprove_url = esc_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$comment->comment_post_ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
+	$spam_url = esc_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$comment->comment_post_ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );

 	$actions = array();

@@ -476,7 +541,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 		$actions['edit'] = "<a href='comment.php?action=editcomment&amp;c={$comment->comment_ID}' title='" . __('Edit comment') . "'>". __('Edit') . '</a>';
 		//$actions['quickedit'] = '<a onclick="commentReply.open(\''.$comment->comment_ID.'\',\''.$comment->comment_post_ID.'\',\'edit\');return false;" class="vim-q" title="'.__('Quick Edit').'" href="#">' . __('Quick&nbsp;Edit') . '</a>';
 		$actions['reply'] = '<a onclick="commentReply.open(\''.$comment->comment_ID.'\',\''.$comment->comment_post_ID.'\');return false;" class="vim-r hide-if-no-js" title="'.__('Reply to this comment').'" href="#">' . __('Reply') . '</a>';
-		$actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . __( 'Mark this comment as spam' ) . "'>" . _c( 'Spam|verb' ) . '</a>';
+		$actions['spam'] = "<a href='$spam_url' class='delete:the-comment-list:comment-$comment->comment_ID::spam=1 vim-s vim-destructive' title='" . __( 'Mark this comment as spam' ) . "'>" . /* translators: mark as spam link */  _x( 'Spam', 'verb' ) . '</a>';
 		$actions['delete'] = "<a href='$delete_url' class='delete:the-comment-list:comment-$comment->comment_ID delete vim-d vim-destructive'>" . __('Delete') . '</a>';

 		$actions = apply_filters( 'comment_row_actions', $actions, $comment );
@@ -500,6 +565,8 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 			<?php if ( !$comment->comment_type || 'comment' == $comment->comment_type ) : ?>

 			<?php echo get_avatar( $comment, 50 ); ?>
+
+			<div class="dashboard-comment-wrap">
 			<h4 class="comment-meta"><?php printf( __( 'From %1$s on %2$s%3$s' ), '<cite class="comment-author">' . get_comment_author_link() . '</cite>', $comment_post_link." ".$comment_link, ' <span class="approve">' . __( '[Pending]' ) . '</span>' ); ?></h4>

 			<?php
@@ -514,10 +581,11 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 				default :
 					$type = ucwords( $comment->comment_type );
 				endswitch;
-				$type = wp_specialchars( $type );
+				$type = esc_html( $type );
 			?>
-
-			<h4 class="comment-meta"><?php printf( __( '%1$s on %2$s' ), "<strong>$type</strong>", $comment_post_link ); ?></h4>
+			<div class="dashboard-comment-wrap">
+			<?php /* translators: %1$s is type of comment, %2$s is link to the post */ ?>
+			<h4 class="comment-meta"><?php printf( _x( '%1$s on %2$s', 'dashboard' ), "<strong>$type</strong>", $comment_post_link ); ?></h4>
 			<p class="comment-author"><?php comment_author_link(); ?></p>

 			<?php endif; // comment_type ?>
@@ -526,18 +594,18 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {

 			<div id="inline-<?php echo $comment->comment_ID; ?>" class="hidden">
 				<textarea class="comment" rows="3" cols="10"><?php echo $comment->comment_content; ?></textarea>
-				<div class="author-email"><?php echo attribute_escape( $comment->comment_author_email ); ?></div>
-				<div class="author"><?php echo attribute_escape( $comment->comment_author ); ?></div>
-				<div class="author-url"><?php echo attribute_escape( $comment->comment_author_url ); ?></div>
+				<div class="author-email"><?php echo esc_attr( $comment->comment_author_email ); ?></div>
+				<div class="author"><?php echo esc_attr( $comment->comment_author ); ?></div>
+				<div class="author-url"><?php echo esc_attr( $comment->comment_author_url ); ?></div>
 				<div class="comment_status"><?php echo $comment->comment_approved; ?></div>
 			</div>
-
+			</div>
 		</div>
 <?php
 }

 function wp_dashboard_incoming_links() {
-	wp_dashboard_cached_rss_widget( 'dashboard_incoming_links', 'wp_dashboard_incoming_links_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 /**
@@ -548,60 +616,73 @@ function wp_dashboard_incoming_links() {
 function wp_dashboard_incoming_links_output() {
 	$widgets = get_option( 'dashboard_widget_options' );
 	@extract( @$widgets['dashboard_incoming_links'], EXTR_SKIP );
-	$rss = @fetch_rss( $url );
-	if ( isset($rss->items) && 0 < count($rss->items) )  {
+	$rss = fetch_feed( $url );

-		echo "<ul>\n";
+	if ( is_wp_error($rss) ) {
+		if ( is_admin() || current_user_can('manage_options') ) {
+			echo '<p>';
+			printf(__('<strong>RSS Error</strong>: %s'), $rss->get_error_message());
+			echo '</p>';
+		}
+		return;
+	}

-		$rss->items = array_slice($rss->items, 0, $items);
-		foreach ( $rss->items as $item ) {
-			$publisher = '';
-			$site_link = '';
-			$link = '';
-			$content = '';
-			$date = '';
-			$link = clean_url( strip_tags( $item['link'] ) );
+	if ( !$rss->get_item_quantity() ) {
+		echo '<p>' . __('This dashboard widget queries <a href="http://blogsearch.google.com/">Google Blog Search</a> so that when another blog links to your site it will show up here. It has found no incoming links&hellip; yet. It&#8217;s okay &#8212; there is no rush.') . "</p>\n";
+		return;
+	}

-			if ( isset( $item['author_uri'] ) )
-				$site_link = clean_url( strip_tags( $item['author_uri'] ) );
+	echo "<ul>\n";

-			if ( !$publisher = wp_specialchars( strip_tags( isset($item['dc']['publisher']) ? $item['dc']['publisher'] : $item['author_name'] ) ) )
+	if ( !isset($items) )
+		$items = 10;
+
+	foreach ( $rss->get_items(0, $items) as $item ) {
+		$publisher = '';
+		$site_link = '';
+		$link = '';
+		$content = '';
+		$date = '';
+		$link = esc_url( strip_tags( $item->get_link() ) );
+
+		$author = $item->get_author();
+		if ( $author ) {
+			$site_link = esc_url( strip_tags( $author->get_link() ) );
+
+			if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
 				$publisher = __( 'Somebody' );
-			if ( $site_link )
-				$publisher = "<a href='$site_link'>$publisher</a>";
-			else
-				$publisher = "<strong>$publisher</strong>";
+		} else {
+		  $publisher = __( 'Somebody' );
+		}
+		if ( $site_link )
+			$publisher = "<a href='$site_link'>$publisher</a>";
+		else
+			$publisher = "<strong>$publisher</strong>";

-			if ( isset($item['description']) )
-				$content = $item['description'];
-			elseif ( isset($item['summary']) )
-				$content = $item['summary'];
-			elseif ( isset($item['atom_content']) )
-				$content = $item['atom_content'];
-			else
-				$content = __( 'something' );
-			$content = wp_html_excerpt($content, 50) . ' ...';
-			if ( $link )
-				$text = _c( '%1$s linked here <a href="%2$s">saying</a>, "%3$s"|feed_display' );
-			else
-				$text = _c( '%1$s linked here saying, "%3$s"|feed_display' );
+		$content = $item->get_content();
+		$content = wp_html_excerpt($content, 50) . ' ...';

-			if ( $show_date ) {
-				if ( $show_author || $show_summary )
-					$text .= _c( ' on %4$s|feed_display' );
-				$date = wp_specialchars( strip_tags( isset($item['pubdate']) ? $item['pubdate'] : $item['published'] ) );
-				$date = strtotime( $date );
-				$date = gmdate( get_option( 'date_format' ), $date );
-			}
+		if ( $link )
+			/* translators: incoming links feed, %1$s is other person, %3$s is content */
+			$text = __( '%1$s linked here <a href="%2$s">saying</a>, "%3$s"' );
+		else
+			/* translators: incoming links feed, %1$s is other person, %3$s is content */
+			$text = __( '%1$s linked here saying, "%3$s"' );

-			echo "\t<li>" . sprintf( _c( "$text|feed_display" ), $publisher, $link, $content, $date ) . "</li>\n";
+		if ( $show_date ) {
+			if ( $show_author || $show_summary )
+				/* translators: incoming links feed, %4$s is the date */
+				$text .= ' ' . __( 'on %4$s' );
+			$date = esc_html( strip_tags( $item->get_date() ) );
+			$date = strtotime( $date );
+			$date = gmdate( get_option( 'date_format' ), $date );
 		}

-		echo "</ul>\n";
-
-	} else {
-		echo '<p>' . __('This dashboard widget queries <a href="http://blogsearch.google.com/">Google Blog Search</a> so that when another blog links to your site it will show up here. It has found no incoming links&hellip; yet. It&#8217;s okay &#8212; there is no rush.') . "</p>\n";
+		echo "\t<li>" . sprintf( $text, $publisher, $link, $content, $date ) . "</li>\n";
 	}
+
+	echo "</ul>\n";
+
 }

 function wp_dashboard_incoming_links_control() {
@@ -609,7 +690,7 @@ function wp_dashboard_incoming_links_control() {
 }

 function wp_dashboard_primary() {
-	wp_dashboard_cached_rss_widget( 'dashboard_primary', 'wp_dashboard_rss_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 function wp_dashboard_primary_control() {
@@ -631,7 +712,7 @@ function wp_dashboard_rss_output( $widget_id ) {
 }

 function wp_dashboard_secondary() {
-	wp_dashboard_cached_rss_widget( 'dashboard_secondary', 'wp_dashboard_secondary_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 function wp_dashboard_secondary_control() {
@@ -648,32 +729,25 @@ function wp_dashboard_secondary_control() {
 function wp_dashboard_secondary_output() {
 	$widgets = get_option( 'dashboard_widget_options' );
 	@extract( @$widgets['dashboard_secondary'], EXTR_SKIP );
-	$rss = @fetch_rss( $url );
+	$rss = @fetch_feed( $url );

-	if ( !isset($rss->items) || 0 == count($rss->items) )
-		return false;
-
-	$rss->items = array_slice($rss->items, 0, $items);
-
-	if ( 'http://planet.wordpress.org/' == $rss->channel['link'] ) {
-		foreach ( array_keys($rss->items) as $i ) {
-			list($site, $description) = explode( ':', wp_specialchars($rss->items[$i]['title']), 2 );
-			$rss->items[$i]['dc']['creator'] = trim($site);
-			$rss->items[$i]['title'] = trim($description);
+	if ( is_wp_error($rss) ) {
+		if ( is_admin() || current_user_can('manage_options') ) {
+			echo '<div class="rss-widget"><p>';
+			printf(__('<strong>RSS Error</strong>: %s'), $rss->get_error_message());
+			echo '</p></div>';
 		}
+	} elseif ( !$rss->get_item_quantity() ) {
+		return false;
+	} else {
+		echo '<div class="rss-widget">';
+		wp_widget_rss_output( $rss, $widgets['dashboard_secondary'] );
+		echo '</div>';
 	}
-
-	echo "<div class='rss-widget'>";
-	wp_widget_rss_output( $rss, $widgets['dashboard_secondary'] );
-	echo "</div>";
 }

 function wp_dashboard_plugins() {
-	wp_dashboard_cached_rss_widget( 'dashboard_plugins', 'wp_dashboard_plugins_output', array(
-		'http://wordpress.org/extend/plugins/rss/browse/popular/',
-		'http://wordpress.org/extend/plugins/rss/browse/new/',
-		'http://wordpress.org/extend/plugins/rss/browse/updated/'
-	) );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 /**
@@ -682,42 +756,68 @@ function wp_dashboard_plugins() {
 * @since unknown
 */
 function wp_dashboard_plugins_output() {
-	$popular = @fetch_rss( 'http://wordpress.org/extend/plugins/rss/browse/popular/' );
-	$new     = @fetch_rss( 'http://wordpress.org/extend/plugins/rss/browse/new/' );
-	$updated = @fetch_rss( 'http://wordpress.org/extend/plugins/rss/browse/updated/' );
+	$popular = fetch_feed( 'http://wordpress.org/extend/plugins/rss/browse/popular/' );
+	$new     = fetch_feed( 'http://wordpress.org/extend/plugins/rss/browse/new/' );
+	$updated = fetch_feed( 'http://wordpress.org/extend/plugins/rss/browse/updated/' );
+
+	if ( false === $plugin_slugs = get_transient( 'plugin_slugs' ) ) {
+		$plugin_slugs = array_keys( get_plugins() );
+		set_transient( 'plugin_slugs', $plugin_slugs, 86400 );
+	}

 	foreach ( array( 'popular' => __('Most Popular'), 'new' => __('Newest Plugins'), 'updated' => __('Recently Updated') ) as $feed => $label ) {
-		if ( !isset($$feed->items) || 0 == count($$feed->items) )
+		if ( is_wp_error($$feed) || !$$feed->get_item_quantity() )
 			continue;

-		$$feed->items = array_slice($$feed->items, 0, 5);
-		$item_key = array_rand($$feed->items);
+		$items = $$feed->get_items(0, 5);
+
+		// Pick a random, non-installed plugin
+		while ( true ) {
+			// Abort this foreach loop iteration if there's no plugins left of this type
+			if ( 0 == count($items) )
+				continue 2;
+
+			$item_key = array_rand($items);
+			$item = $items[$item_key];
+
+			list($link, $frag) = explode( '#', $item->get_link() );
+
+			$link = esc_url($link);
+			if ( preg_match( '|/([^/]+?)/?$|', $link, $matches ) )
+				$slug = $matches[1];
+			else {
+				unset( $items[$item_key] );
+				continue;
+			}
+
+			// Is this random plugin's slug already installed? If so, try again.
+			reset( $plugin_slugs );
+			foreach ( $plugin_slugs as $plugin_slug ) {
+				if ( $slug == substr( $plugin_slug, 0, strlen( $slug ) ) ) {
+					unset( $items[$item_key] );
+					continue 2;
+				}
+			}
+
+			// If we get to this point, then the random plugin isn't installed and we can stop the while().
+			break;
+		}

 		// Eliminate some common badly formed plugin descriptions
-		while ( ( null !== $item_key = array_rand($$feed->items) ) && false !== strpos( $$feed->items[$item_key]['description'], 'Plugin Name:' ) )
-			unset($$feed->items[$item_key]);
+		while ( ( null !== $item_key = array_rand($items) ) && false !== strpos( $items[$item_key]->get_description(), 'Plugin Name:' ) )
+			unset($items[$item_key]);

-		if ( !isset($$feed->items[$item_key]) )
+		if ( !isset($items[$item_key]) )
 			continue;

-		$item = $$feed->items[$item_key];
-
 		// current bbPress feed item titles are: user on "topic title"
-		if ( preg_match( '/"(.*)"/s', $item['title'], $matches ) )
+		if ( preg_match( '/&quot;(.*)&quot;/s', $item->get_title(), $matches ) )
 			$title = $matches[1];
 		else // but let's make it forward compatible if things change
-			$title = $item['title'];
-		$title = wp_specialchars( $title );
+			$title = $item->get_title();
+		$title = esc_html( $title );

-		$description = wp_specialchars( strip_tags(html_entity_decode($item['description'], ENT_QUOTES)) );
-
-		list($link, $frag) = explode( '#', $item['link'] );
-
-		$link = clean_url($link);
-		if( preg_match('|/([^/]+?)/?$|', $link, $matches) )
-			$slug = $matches[1];
-		else
-			$slug = '';
+		$description = esc_html( strip_tags(@html_entity_decode($item->get_description(), ENT_QUOTES, get_option('blog_charset'))) );

 		$ilink = wp_nonce_url('plugin-install.php?tab=plugin-information&plugin=' . $slug, 'install-plugin_' . $slug) .
 							'&amp;TB_iframe=true&amp;width=600&amp;height=800';
@@ -755,15 +855,10 @@ function wp_dashboard_cached_rss_widget( $widget_id, $callback, $check_urls = ar
 		$check_urls = array( $widgets[$widget_id]['url'] );
 	}

-
-	require_once( ABSPATH . WPINC . '/rss.php' );
-	init(); // initialize rss constants
-
-	$cache = new RSSCache( MAGPIE_CACHE_DIR, MAGPIE_CACHE_AGE );
-
+	include_once ABSPATH . WPINC . '/class-feed.php';
 	foreach ( $check_urls as $check_url ) {
-		$status = $cache->check_cache( $check_url );
-		if ( 'HIT' !== $status ) {
+		$cache = new WP_Feed_Cache_Transient('', md5($check_url), '');
+		if ( ! $cache->load() ) {
 			echo $loading;
 			return false;
 		}
@@ -822,9 +917,11 @@ function wp_dashboard_rss_control( $widget_id, $form_inputs = array() ) {
 		$widget_options[$widget_id] = wp_widget_rss_process( $_POST['widget-rss'][$number] );
 		// title is optional.  If black, fill it if possible
 		if ( !$widget_options[$widget_id]['title'] && isset($_POST['widget-rss'][$number]['title']) ) {
-			require_once(ABSPATH . WPINC . '/rss.php');
-			$rss = fetch_rss($widget_options[$widget_id]['url']);
-			$widget_options[$widget_id]['title'] = htmlentities(strip_tags($rss->channel['title']));
+			$rss = fetch_feed($widget_options[$widget_id]['url']);
+			if ( ! is_wp_error($rss) )
+				$widget_options[$widget_id]['title'] = htmlentities(strip_tags($rss->get_title()));
+			else
+				$widget_options[$widget_id]['title'] = htmlentities(__('Unknown Feed'));
 		}
 		update_option( 'dashboard_widget_options', $widget_options );
 	}
--- a/wp-admin/includes/export.php
+++ b/wp-admin/includes/export.php
@@ -99,7 +99,7 @@ function wxr_cdata($str) {
 	if ( seems_utf8($str) == false )
 		$str = utf8_encode($str);

-	// $str = ent2ncr(wp_specialchars($str));
+	// $str = ent2ncr(esc_html($str));

 	$str = "<![CDATA[$str" . ( ( substr($str, -1) == ']' ) ? ' ' : '') . "]]>";

--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -52,7 +52,7 @@ function get_file_description( $file ) {
 	elseif ( file_exists( WP_CONTENT_DIR . $file ) && is_file( WP_CONTENT_DIR . $file ) ) {
 		$template_data = implode( '', file( WP_CONTENT_DIR . $file ) );
 		if ( preg_match( '|Template Name:(.*)$|mi', $template_data, $name ))
-			return $name[1] . ' Page Template';
+			return _cleanup_header_comment($name[1]) . ' Page Template';
 	}

 	return basename( $file );
@@ -67,11 +67,12 @@ function get_file_description( $file ) {
 */
 function get_home_path() {
 	$home = get_option( 'home' );
-	if ( $home != '' && $home != get_option( 'siteurl' ) ) {
-		$home_path = parse_url( $home );
-		$home_path = $home_path['path'];
-		$root = str_replace( $_SERVER["PHP_SELF"], '', $_SERVER["SCRIPT_FILENAME"] );
-		$home_path = trailingslashit( $root.$home_path );
+	$siteurl = get_option( 'siteurl' );
+	if ( $home != '' && $home != $siteurl ) {
+	        $wp_path_rel_to_home = str_replace($home, '', $siteurl); /* $siteurl - $home */
+	        $pos = strpos($_SERVER["SCRIPT_FILENAME"], $wp_path_rel_to_home);
+	        $home_path = substr($_SERVER["SCRIPT_FILENAME"], 0, $pos);
+		$home_path = trailingslashit( $home_path );
 	} else {
 		$home_path = ABSPATH;
 	}
@@ -194,7 +195,7 @@ function validate_file_to_edit( $file, $allowed_files = '' ) {

 	switch ( $code ) {
 		case 1 :
-			wp_die( __('Sorry, can&#8217;t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' ));
+			wp_die( __('Sorry, can&#8217;t edit files with &#8220;..&#8221; in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' ));

 		case 2 :
 			wp_die( __('Sorry, can&#8217;t call files with their real path.' ));
@@ -238,7 +239,8 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) {
 		__( "No file was uploaded." ),
 		'',
 		__( "Missing a temporary folder." ),
-		__( "Failed to write file to disk." ));
+		__( "Failed to write file to disk." ),
+		__( "File upload stopped by extension." ));

 	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
 	$test_form = true;
@@ -282,6 +284,8 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) {

 		if ( !$type )
 			$type = $file['type'];
+	} else {
+		$type = '';
 	}

 	// A writable uploads dir will pass this test. Again, there's no point overriding this one.
@@ -304,9 +308,7 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) {
 	// Compute the URL
 	$url = $uploads['url'] . "/$filename";

-	$return = apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $type ) );
-
-	return $return;
+	return apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $type ) );
 }

 /**
@@ -339,12 +341,14 @@ function wp_handle_sideload( &$file, $overrides = false ) {

 	// Courtesy of php.net, the strings that describe the error indicated in $_FILES[{form field}]['error'].
 	$upload_error_strings = array( false,
-		__( "The file exceeds the <code>upload_max_filesize</code> directive in <code>php.ini</code>." ),
-		__( "The file exceeds the <em>MAX_FILE_SIZE</em> directive that was specified in the HTML form." ),
-		__( "The file was only partially uploaded." ),
-		__( "No file was sent." ),
+		__( "The uploaded file exceeds the <code>upload_max_filesize</code> directive in <code>php.ini</code>." ),
+		__( "The uploaded file exceeds the <em>MAX_FILE_SIZE</em> directive that was specified in the HTML form." ),
+		__( "The uploaded file was only partially uploaded." ),
+		__( "No file was uploaded." ),
+		'',
 		__( "Missing a temporary folder." ),
-		__( "Failed to write file to disk." ));
+		__( "Failed to write file to disk." ),
+		__( "File upload stopped by extension." ));

 	// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
 	$test_form = true;
@@ -441,7 +445,7 @@ function download_url( $url ) {
 	if ( ! $handle )
 		return new WP_Error('http_no_file', __('Could not create Temporary file'));

-	$response = wp_remote_get($url, array('timeout' => 30));
+	$response = wp_remote_get($url, array('timeout' => 60));

 	if ( is_wp_error($response) ) {
 		fclose($handle);
@@ -579,26 +583,28 @@ function copy_dir($from, $to) {
 * @param unknown_type $args
 * @return unknown
 */
-function WP_Filesystem( $args = false ) {
+function WP_Filesystem( $args = false, $context = false ) {
 	global $wp_filesystem;

 	require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php');

-	$method = get_filesystem_method($args);
+	$method = get_filesystem_method($args, $context);

 	if ( ! $method )
 		return false;

-	$abstraction_file = apply_filters('filesystem_method_file', ABSPATH . 'wp-admin/includes/class-wp-filesystem-' . $method . '.php', $method);
-	if( ! file_exists($abstraction_file) )
-		return;
-
-	require_once($abstraction_file);
+	if ( ! class_exists("WP_Filesystem_$method") ) {
+		$abstraction_file = apply_filters('filesystem_method_file', ABSPATH . 'wp-admin/includes/class-wp-filesystem-' . $method . '.php', $method);
+		if( ! file_exists($abstraction_file) )
+			return;
+	
+		require_once($abstraction_file);
+	}
 	$method = "WP_Filesystem_$method";

 	$wp_filesystem = new $method($args);

-	if ( $wp_filesystem->errors->get_error_code() )
+	if ( is_wp_error($wp_filesystem->errors) && $wp_filesystem->errors->get_error_code() )
 		return false;

 	if ( !$wp_filesystem->connect() )
@@ -619,21 +625,30 @@ function WP_Filesystem( $args = false ) {
 * @since unknown
 *
 * @param unknown_type $args
+ * @param string $context Full path to the directory that is tested for being writable.
 * @return unknown
 */
-function get_filesystem_method($args = array()) {
-	$method = false;
-	if( function_exists('getmyuid') && function_exists('fileowner') ){
-		$temp_file = wp_tempnam();
-		if ( getmyuid() == fileowner($temp_file) )
-			$method = 'direct';
-		unlink($temp_file);
-	}
+function get_filesystem_method($args = array(), $context = false) {
+	$method = defined('FS_METHOD') ? FS_METHOD : false; //Please ensure that this is either 'direct', 'ssh', 'ftpext' or 'ftpsockets'

-	if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') ) $method = 'ssh2';
+	if( ! $method && function_exists('getmyuid') && function_exists('fileowner') ){
+		if ( !$context )
+			$context = WP_CONTENT_DIR;
+		$context = trailingslashit($context);
+		$temp_file_name = $context . '.write-test-' . time();
+		$temp_handle = @fopen($temp_file_name, 'w');
+		if ( $temp_handle ) {
+			if ( getmyuid() == fileowner($temp_file_name) )
+				$method = 'direct';
+			@fclose($temp_handle);
+			unlink($temp_file_name);
+		}
+ 	}
+
+	if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') && function_exists('stream_get_contents') ) $method = 'ssh2';
 	if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
 	if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
-	return apply_filters('filesystem_method', $method);
+	return apply_filters('filesystem_method', $method, $args);
 }

 /**
@@ -646,40 +661,55 @@ function get_filesystem_method($args = array()) {
 * @param unknown_type $error
 * @return unknown
 */
-function request_filesystem_credentials($form_post, $type = '', $error = false) {
-	$req_cred = apply_filters('request_filesystem_credentials', '', $form_post, $type, $error);
+function request_filesystem_credentials($form_post, $type = '', $error = false, $context = false) {
+	$req_cred = apply_filters('request_filesystem_credentials', '', $form_post, $type, $error, $context);
 	if ( '' !== $req_cred )
 		return $req_cred;

 	if ( empty($type) )
-		$type = get_filesystem_method();
+		$type = get_filesystem_method(array(), $context);

 	if ( 'direct' == $type )
 		return true;

-	$credentials = get_option('ftp_credentials', array());
+	$credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
+
 	// If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
 	$credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? $_POST['hostname'] : $credentials['hostname']);
 	$credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? $_POST['username'] : $credentials['username']);
-	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? $_POST['password'] : $credentials['password']);
+	$credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? $_POST['password'] : '');

 	// Check to see if we are setting the public/private keys for ssh
-	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? $_POST['public_key'] : $credentials['public_key']);
-	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? $_POST['private_key'] : $credentials['private_key']);
+	$credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? $_POST['public_key'] : '');
+	$credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? $_POST['private_key'] : '');
+
+	//sanitize the hostname, Some people might pass in odd-data:
+	$credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off

 	if ( strpos($credentials['hostname'], ':') )
 		list( $credentials['hostname'], $credentials['port'] ) = explode(':', $credentials['hostname'], 2);
+	else
+		unset($credentials['port']);

-	if ( defined('FTP_SSH') || (isset($_POST['connection_type']) && 'ssh' == $_POST['connection_type']) )
+	if ( defined('FTP_SSH') || (defined('FS_METHOD') && 'ssh' == FS_METHOD) )
 		$credentials['connection_type'] = 'ssh';
-	else if ( defined('FTP_SSL') || (isset($_POST['connection_type']) && 'ftps' == $_POST['connection_type']) )
+	else if ( defined('FTP_SSL') && 'ftpext' == $type ) //Only the FTP Extension understands SSL
 		$credentials['connection_type'] = 'ftps';
-	else if ( !isset($credentials['connection_type']) || (isset($_POST['connection_type']) && 'ftp' == $_POST['connection_type']) )
+	else if ( !empty($_POST['connection_type']) )
+		$credentials['connection_type'] = $_POST['connection_type'];
+	else if ( !isset($credentials['connection_type']) ) //All else fails (And its not defaulted to something else saved), Default to FTP
 		$credentials['connection_type'] = 'ftp';

-	if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
+	if ( ! $error &&
+			(
+				( !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) ||
+				( 'ssh' == $credentials['connection_type'] && !empty($credentials['public_key']) && !empty($credentials['private_key']) )
+			) ) {
 		$stored_credentials = $credentials;
-		unset($stored_credentials['password'], $stored_credentials['private_key'], $stored_credentials['public_key']);
+		if ( !empty($stored_credentials['port']) ) //save port as part of hostname to simplify above code.
+			$stored_credentials['hostname'] .= ':' . $stored_credentials['port'];
+
+		unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']);
 		update_option('ftp_credentials', $stored_credentials);
 		return $credentials;
 	}
@@ -705,60 +735,68 @@ jQuery(function($){
 	jQuery("#ftp, #ftps").click(function () {
 		jQuery("#ssh_keys").hide();
 	});
+	jQuery('form input[value=""]:first').focus();
 });
 -->
 </script>
 <form action="<?php echo $form_post ?>" method="post">
 <div class="wrap">
+<?php screen_icon(); ?>
 <h2><?php _e('Connection Information') ?></h2>
 <p><?php _e('To perform the requested action, connection information is required.') ?></p>

 <table class="form-table">
 <tr valign="top">
 <th scope="row"><label for="hostname"><?php _e('Hostname') ?></label></th>
-<td><input name="hostname" type="text" id="hostname" value="<?php echo attribute_escape($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
+<td><input name="hostname" type="text" id="hostname" value="<?php echo esc_attr($hostname); if ( !empty($port) ) echo ":$port"; ?>"<?php if( defined('FTP_HOST') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>

 <tr valign="top">
 <th scope="row"><label for="username"><?php _e('Username') ?></label></th>
-<td><input name="username" type="text" id="username" value="<?php echo attribute_escape($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
+<td><input name="username" type="text" id="username" value="<?php echo esc_attr($username) ?>"<?php if( defined('FTP_USER') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>

 <tr valign="top">
 <th scope="row"><label for="password"><?php _e('Password') ?></label></th>
-<td><input name="password" type="password" id="password" value=""<?php if( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /><?php if( defined('FTP_PASS') && !empty($password) ) echo '<em>'.__('(Password not shown)').'</em>'; ?></td>
+<td><input name="password" type="password" id="password" value="<?php if ( defined('FTP_PASS') ) echo '*****'; ?>"<?php if ( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>

+<?php if ( extension_loaded('ssh2') && function_exists('stream_get_contents') ) : ?>
 <tr id="ssh_keys" valign="top" style="<?php if ( 'ssh' != $connection_type ) echo 'display:none' ?>">
 <th scope="row"><?php _e('Authentication Keys') ?>
 <div class="key-labels textright">
 <label for="public_key"><?php _e('Public Key:') ?></label ><br />
 <label for="private_key"><?php _e('Private Key:') ?></label>
 </div></th>
-<td><br /><input name="public_key" type="text" id="public_key" value=""<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value=""<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
+<td><br /><input name="public_key" type="text" id="public_key" value="<?php echo esc_attr($public_key) ?>"<?php if( defined('FTP_PUBKEY') ) echo ' disabled="disabled"' ?> size="40" /><br /><input name="private_key" type="text" id="private_key" value="<?php echo esc_attr($private_key) ?>"<?php if( defined('FTP_PRIKEY') ) echo ' disabled="disabled"' ?> size="40" />
 <div><?php _e('Enter the location on the server where the keys are located. If a passphrase is needed, enter that in the password field above.') ?></div></td>
 </tr>
+<?php endif; ?>

 <tr valign="top">
 <th scope="row"><?php _e('Connection Type') ?></th>
 <td>
-<fieldset><legend class="hidden"><?php _e('Connection Type') ?></legend>
-<label><input id="ftp" name="connection_type"  type="radio" value="ftp" <?php checked('ftp', $connection_type); if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"'; ?>/> <?php _e('FTP') ?></label><br />
-<label><input id="ftps" name="connection_type" type="radio" value="ftps" <?php checked('ftps', $connection_type); if ( defined('FTP_SSH') || defined('FTP_SSH') ) echo ' disabled="disabled"';  ?>/> <?php _e('FTPS (SSL)') ?></label><br />
-<?php if ( extension_loaded('ssh2') ) { ?><label><input id="ssh" name="connection_type" type="radio" value="ssh" <?php checked('ssh', $connection_type);  if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"'; ?>/> <?php _e('SSH') ?></label><?php } ?>
+<fieldset><legend class="screen-reader-text"><span><?php _e('Connection Type') ?></span></legend>
+<label><input id="ftp" name="connection_type"  type="radio" value="ftp" <?php checked('ftp', $connection_type); if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"'; ?>/> <?php _e('FTP') ?></label>
+<?php if ( 'ftpext' == $type ) : ?>
+<br /><label><input id="ftps" name="connection_type" type="radio" value="ftps" <?php checked('ftps', $connection_type); if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"';  ?>/> <?php _e('FTPS (SSL)') ?></label>
+<?php endif; ?>
+<?php if ( extension_loaded('ssh2') && function_exists('stream_get_contents') ) : ?>
+<br /><label><input id="ssh" name="connection_type" type="radio" value="ssh" <?php checked('ssh', $connection_type);  if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"'; ?>/> <?php _e('SSH') ?></label>
+<?php endif; ?>
 </fieldset>
 </td>
 </tr>
 </table>

 <?php if ( isset( $_POST['version'] ) ) : ?>
-<input type="hidden" name="version" value="<?php echo attribute_escape($_POST['version']) ?>" />
+<input type="hidden" name="version" value="<?php echo esc_attr($_POST['version']) ?>" />
 <?php endif; ?>
 <?php if ( isset( $_POST['locale'] ) ) : ?>
-<input type="hidden" name="locale" value="<?php echo attribute_escape($_POST['locale']) ?>" />
+<input type="hidden" name="locale" value="<?php echo esc_attr($_POST['locale']) ?>" />
 <?php endif; ?>
 <p class="submit">
-<input id="upgrade" name="upgrade" type="submit" class="button" value="<?php _e('Proceed'); ?>" />
+<input id="upgrade" name="upgrade" type="submit" class="button" value="<?php esc_attr_e('Proceed'); ?>" />
 </p>
 </div>
 </form>
--- a/wp-admin/includes/image.php
+++ b/wp-admin/includes/image.php
@@ -68,7 +68,7 @@ function wp_crop_image( $src_file, $src_x, $src_y, $src_w, $src_h, $dst_w, $dst_

 	$dst_file = preg_replace( '/\\.[^\\.]+$/', '.jpg', $dst_file );

-	if ( imagejpeg( $dst, $dst_file ) )
+	if ( imagejpeg( $dst, $dst_file, apply_filters( 'jpeg_quality', 90, 'wp_crop_image' ) ) )
 		return $dst_file;
 	else
 		return false;
@@ -137,7 +137,7 @@ function wp_load_image( $file ) {
 		$file = get_attached_file( $file );

 	if ( ! file_exists( $file ) )
-		return sprintf(__("File '%s' doesn't exist?"), $file);
+		return sprintf(__('File &#8220;%s&#8221; doesn&#8217;t exist?'), $file);

 	if ( ! function_exists('imagecreatefromstring') )
 		return __('The GD image library is not installed.');
@@ -147,7 +147,7 @@ function wp_load_image( $file ) {
 	$image = imagecreatefromstring( file_get_contents( $file ) );

 	if ( !is_resource( $image ) )
-		return sprintf(__("File '%s' is not an image."), $file);
+		return sprintf(__('File &#8220;%s&#8221; is not an image.'), $file);

 	return $image;
 }
--- a/wp-admin/includes/import.php
+++ b/wp-admin/includes/import.php
@@ -60,7 +60,7 @@ function wp_import_cleanup( $id ) {
 */
 function wp_import_handle_upload() {
 	$overrides = array( 'test_form' => false, 'test_type' => false );
-	$_FILES['import']['name'] .= '.import';
+	$_FILES['import']['name'] .= '.txt';
 	$file = wp_handle_upload( $_FILES['import'], $overrides );

 	if ( isset( $file['error'] ) )
--- a/wp-admin/includes/manifest.php
+++ b/wp-admin/includes/manifest.php
@@ -0,0 +1,208 @@
+<?php
+
+if ( !defined('ABSPATH') )
+	exit;
+
+require(ABSPATH . 'wp-includes/version.php');
+
+$man_version = md5( $tinymce_version . $manifest_version );
+$mce_ver = "ver=$tinymce_version";
+
+/**
+ * Retrieve list of all cacheable WP files
+ *
+ * Array format: file, version (optional), bool (whether to use src and set ignoreQuery)
+ */
+function &get_manifest() {
+	global $mce_ver;
+
+	$files = array(
+		array('images/align-center.png'),
+		array('images/align-left.png'),
+		array('images/align-none.png'),
+		array('images/align-right.png'),
+		array('images/archive-link.png'),
+		array('images/blue-grad.png'),
+		array('images/browse-happy.gif'),
+		array('images/bubble_bg.gif'),
+		array('images/bubble_bg-rtl.gif'),
+		array('images/button-grad.png'),
+		array('images/button-grad-active.png'),
+		array('images/comment-grey-bubble.png'),
+		array('images/date-button.gif'),
+		array('images/ed-bg.gif'),
+		array('images/fade-butt.png'),
+		array('images/fav.png'),
+		array('images/fav-arrow.gif'),
+		array('images/fav-arrow-rtl.gif'),
+		array('images/fav-top.png'),
+		array('images/generic.png'),
+		array('images/gray-grad.png'),
+		array('images/icons32.png'),
+		array('images/icons32-vs.png'),
+		array('images/list.png'),
+		array('images/list-vs.png'),
+		array('images/wpspin_light.gif'),
+		array('images/wpspin_dark.gif'),
+		array('images/logo.gif'),
+		array('images/logo-ghost.png'),
+		array('images/logo-login.gif'),
+		array('images/media-button-image.gif'),
+		array('images/media-button-music.gif'),
+		array('images/media-button-other.gif'),
+		array('images/media-button-video.gif'),
+		array('images/menu.png'),
+		array('images/menu-vs.png'),
+		array('images/menu-arrows.gif'),
+		array('images/menu-bits.gif'),
+		array('images/menu-bits-rtl.gif'),
+		array('images/menu-dark.gif'),
+		array('images/menu-dark-rtl.gif'),
+		array('images/no.png'),
+		array('images/required.gif'),
+		array('images/resize.gif'),
+		array('images/screen-options-left.gif'),
+		array('images/screen-options-right.gif'),
+		array('images/screen-options-right-up.gif'),
+		array('images/se.png'),
+		array('images/star.gif'),
+		array('images/toggle-arrow.gif'),
+		array('images/toggle-arrow-rtl.gif'),
+		array('images/white-grad.png'),
+		array('images/white-grad-active.png'),
+		array('images/wordpress-logo.png'),
+		array('images/wp-logo.gif'),
+		array('images/xit.gif'),
+		array('images/yes.png'),
+		array('../wp-includes/images/crystal/archive.png'),
+		array('../wp-includes/images/crystal/audio.png'),
+		array('../wp-includes/images/crystal/code.png'),
+		array('../wp-includes/images/crystal/default.png'),
+		array('../wp-includes/images/crystal/document.png'),
+		array('../wp-includes/images/crystal/interactive.png'),
+		array('../wp-includes/images/crystal/text.png'),
+		array('../wp-includes/images/crystal/video.png'),
+		array('../wp-includes/images/crystal/spreadsheet.png'),
+		array('../wp-includes/images/rss.png'),
+		array('../wp-includes/images/blank.gif'),
+		array('../wp-includes/images/upload.png'),
+		array('../wp-includes/js/thickbox/loadingAnimation.gif'),
+		array('../wp-includes/js/thickbox/tb-close.png'),
+	);
+
+	if ( @is_file('../wp-includes/js/tinymce/tiny_mce.js') ) :
+	$mce = array(
+		array('../wp-includes/js/tinymce/wp-tinymce.php', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/tiny_mce.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/langs/wp-langs-en.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/utils/mctabs.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/utils/validate.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/utils/form_utils.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/utils/editable_selects.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/tiny_mce_popup.js', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/themes/advanced/editor_template.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/source_editor.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/anchor.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/image.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/link.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/color_picker.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/charmap.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/js/color_picker.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/js/charmap.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/js/image.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/js/link.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/js/source_editor.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/js/anchor.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/ui.css', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/content.css', $mce_ver, true),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/dialog.css', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/fullscreen/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/template.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/window.css', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/media/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/media/js/media.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/media/media.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/media/css/content.css', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/media/css/media.css', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/paste/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/paste/js/pasteword.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/paste/js/pastetext.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/paste/pasteword.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/paste/blank.htm', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/paste/pastetext.htm', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/safari/editor_plugin.js', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/spellchecker/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/spellchecker/css/content.css', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/tabfocus/editor_plugin.js', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/wordpress/css/content.css', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/editimage.html', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/js/editimage.js', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/css/editimage.css', $mce_ver, true),
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/css/editimage-rtl.css', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/plugins/wpgallery/editor_plugin.js', $mce_ver, true),
+
+		array('../wp-includes/js/tinymce/themes/advanced/img/icons.gif'),
+		array('../wp-includes/js/tinymce/themes/advanced/img/colorpicker.jpg'),
+		array('../wp-includes/js/tinymce/themes/advanced/img/fm.gif'),
+		array('../wp-includes/js/tinymce/themes/advanced/img/gotmoxie.png'),
+		array('../wp-includes/js/tinymce/themes/advanced/img/sflogo.png'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/butt2.png'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/fade-butt.png'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/tabs.gif'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/down_arrow.gif'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/default/img/progress.gif'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_check.gif'),
+		array('../wp-includes/js/tinymce/themes/advanced/skins/default/img/menu_arrow.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/drag.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/corners.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/buttons.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/horizontal.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/alert.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/button.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/confirm.gif'),
+		array('../wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/vertical.gif'),
+		array('../wp-includes/js/tinymce/plugins/media/img/flash.gif'),
+		array('../wp-includes/js/tinymce/plugins/media/img/flv_player.swf'),
+		array('../wp-includes/js/tinymce/plugins/media/img/quicktime.gif'),
+		array('../wp-includes/js/tinymce/plugins/media/img/realmedia.gif'),
+		array('../wp-includes/js/tinymce/plugins/media/img/shockwave.gif'),
+		array('../wp-includes/js/tinymce/plugins/media/img/windowsmedia.gif'),
+		array('../wp-includes/js/tinymce/plugins/media/img/trans.gif'),
+		array('../wp-includes/js/tinymce/plugins/spellchecker/img/wline.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/more.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/more_bug.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/page.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/page_bug.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/toolbars.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/help.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/image.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/media.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/video.gif'),
+		array('../wp-includes/js/tinymce/plugins/wordpress/img/audio.gif'),
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/img/image.png'),
+		array('../wp-includes/js/tinymce/plugins/wpeditimage/img/delete.png'),
+		array('../wp-includes/js/tinymce/plugins/wpgallery/img/delete.png'),
+		array('../wp-includes/js/tinymce/plugins/wpgallery/img/edit.png'),
+		array('../wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png')
+	);
+	$files = array_merge($files, $mce);
+	endif;
+
+	return $files;
+}
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -69,17 +69,16 @@ function the_media_upload_tabs() {
 			$current = $redir_tab;
 		elseif ( isset($_GET['tab']) && array_key_exists($_GET['tab'], $tabs) )
 			$current = $_GET['tab'];
-		else {
-			$keys = array_keys($tabs);
-			$current = array_shift($keys);
-		}
+		else
+			$current = apply_filters('media_upload_default_tab', 'type');
+
 		foreach ( $tabs as $callback => $text ) {
 			$class = '';
 			if ( $current == $callback )
 				$class = " class='current'";
 			$href = add_query_arg(array('tab'=>$callback, 's'=>false, 'paged'=>false, 'post_mime_type'=>false, 'm'=>false));
-			$link = "<a href='" . clean_url($href) . "'$class>$text</a>";
-			echo "\t<li id='" . attribute_escape("tab-$callback") . "'>$link</li>\n";
+			$link = "<a href='" . esc_url($href) . "'$class>$text</a>";
+			echo "\t<li id='" . esc_attr("tab-$callback") . "'>$link</li>\n";
 		}
 		echo "</ul>\n";
 	}
@@ -105,10 +104,10 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal

 	$html = get_image_tag($id, $htmlalt, $title, $align, $size);

-	$rel = $rel ? ' rel="attachment wp-att-'.attribute_escape($id).'"' : '';
+	$rel = $rel ? ' rel="attachment wp-att-' . esc_attr($id).'"' : '';

 	if ( $url )
-		$html = '<a href="' . clean_url($url) . "\"$rel>$html</a>";
+		$html = '<a href="' . esc_url($url) . "\"$rel>$html</a>";

 	$html = apply_filters( 'image_send_to_editor', $html, $id, $alt, $title, $align, $url, $size );

@@ -131,15 +130,20 @@ function get_image_send_to_editor($id, $alt, $title, $align, $url='', $rel = fal
 */
 function image_add_caption( $html, $id, $alt, $title, $align, $url, $size ) {

-	if ( empty($alt) || apply_filters( 'disable_captions', '' ) ) return $html;
+	if ( empty($alt) || apply_filters( 'disable_captions', '' ) )
+		return $html;
+
 	$id = ( 0 < (int) $id ) ? 'attachment_' . $id : '';

 	preg_match( '/width="([0-9]+)/', $html, $matches );
-	if ( ! isset($matches[1]) ) return $html;
+	if ( ! isset($matches[1]) )
+		return $html;
+
 	$width = $matches[1];

-	$html = preg_replace( '/align[^\s\'"]+\s?/', '', $html );
-	if ( empty($align) ) $align = 'none';
+	$html = preg_replace( '/(class=["\'][^\'"]*)align(none|left|right|center)\s?/', '$1', $html );
+	if ( empty($align) )
+		$align = 'none';

 	$alt = ! empty($alt) ? addslashes($alt) : '';

@@ -190,15 +194,19 @@ function media_handle_upload($file_id, $post_id, $post_data = array()) {
 			$time = $post->post_date;
 	}

+	$name = $_FILES[$file_id]['name'];
 	$file = wp_handle_upload($_FILES[$file_id], $overrides, $time);

 	if ( isset($file['error']) )
 		return new WP_Error( 'upload_error', $file['error'] );

+	$name_parts = pathinfo($name);
+	$name = trim( substr( $name, 0, -(1 + strlen($name_parts['extension'])) ) );
+
 	$url = $file['url'];
 	$type = $file['type'];
 	$file = $file['file'];
-	$title = preg_replace('/\.[^.]+$/', '', basename($file));
+	$title = $name;
 	$content = '';

 	// use image exif/iptc data for title and caption defaults if possible
@@ -303,11 +311,12 @@ wp_enqueue_style( 'wp-admin' );
 wp_enqueue_style( 'colors' );
 if ( 0 === strpos( $content_func, 'media' ) )
 	wp_enqueue_style( 'media' );
-
+wp_enqueue_style( 'ie' );
 ?>
 <script type="text/javascript">
 //<![CDATA[
-function addLoadEvent(func) {if ( typeof wpOnload!='function'){wpOnload=func;}else{ var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}
+addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time() ?>'};
 //]]>
 </script>
 <?php
@@ -323,7 +332,10 @@ if ( is_string($content_func) )
 	$args = func_get_args();
 	$args = array_slice($args, 1);
 	call_user_func_array($content_func, $args);
+
+	do_action('admin_print_footer_scripts');
 ?>
+<script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
 </body>
 </html>
 <?php
@@ -348,16 +360,15 @@ function media_buttons() {
 	$audio_title = __('Add Audio');
 	$out = <<<EOF

-	<a href="{$image_upload_iframe_src}&amp;TB_iframe=true" id="add_image" class="thickbox" title='$image_title'><img src='images/media-button-image.gif' alt='$image_title' /></a>
-	<a href="{$video_upload_iframe_src}&amp;TB_iframe=true" id="add_video" class="thickbox" title='$video_title'><img src='images/media-button-video.gif' alt='$video_title' /></a>
-	<a href="{$audio_upload_iframe_src}&amp;TB_iframe=true" id="add_audio" class="thickbox" title='$audio_title'><img src='images/media-button-music.gif' alt='$audio_title' /></a>
-	<a href="{$media_upload_iframe_src}&amp;TB_iframe=true" id="add_media" class="thickbox" title='$media_title'><img src='images/media-button-other.gif' alt='$media_title' /></a>
+	<a href="{$image_upload_iframe_src}&amp;TB_iframe=true" id="add_image" class="thickbox" title='$image_title' onclick="return false;"><img src='images/media-button-image.gif' alt='$image_title' /></a>
+	<a href="{$video_upload_iframe_src}&amp;TB_iframe=true" id="add_video" class="thickbox" title='$video_title' onclick="return false;"><img src='images/media-button-video.gif' alt='$video_title' /></a>
+	<a href="{$audio_upload_iframe_src}&amp;TB_iframe=true" id="add_audio" class="thickbox" title='$audio_title' onclick="return false;"><img src='images/media-button-music.gif' alt='$audio_title' /></a>
+	<a href="{$media_upload_iframe_src}&amp;TB_iframe=true" id="add_media" class="thickbox" title='$media_title' onclick="return false;"><img src='images/media-button-other.gif' alt='$media_title' /></a>

 EOF;
 	printf($context, $out);
 }
 add_action( 'media_buttons', 'media_buttons' );
-add_action('media_upload_media', 'media_upload_handler');

 /**
 * {@internal Missing Short Description}}
@@ -369,6 +380,13 @@ add_action('media_upload_media', 'media_upload_handler');
 function media_upload_form_handler() {
 	check_admin_referer('media-form');

+	$errors = null;
+
+	if ( isset($_POST['send']) ) {
+		$keys = array_keys($_POST['send']);
+		$send_id = (int) array_shift($keys);
+	}
+
 	if ( !empty($_POST['attachments']) ) foreach ( $_POST['attachments'] as $attachment_id => $attachment ) {
 		$post = $_post = get_post($attachment_id, ARRAY_A);
 		if ( isset($attachment['post_content']) )
@@ -379,8 +397,11 @@ function media_upload_form_handler() {
 			$post['post_excerpt'] = $attachment['post_excerpt'];
 		if ( isset($attachment['menu_order']) )
 			$post['menu_order'] = $attachment['menu_order'];
-		if ( isset($attachment['post_parent']) )
-			$post['post_parent'] = $attachment['post_parent'];
+
+		if ( isset($send_id) && $attachment_id == $send_id ) {
+			if ( isset($attachment['post_parent']) )
+				$post['post_parent'] = $attachment['post_parent'];
+		}

 		$post = apply_filters('attachment_fields_to_save', $post, $attachment);

@@ -408,16 +429,16 @@ function media_upload_form_handler() {
 		exit;
 	}

-	if ( isset($_POST['send']) ) {
-		$keys = array_keys($_POST['send']);
-		$send_id = (int) array_shift($keys);
+	if ( isset($send_id) ) {
 		$attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
+
 		$html = $attachment['post_title'];
 		if ( !empty($attachment['url']) ) {
 			if ( strpos($attachment['url'], 'attachment_id') || false !== strpos($attachment['url'], get_permalink($_POST['post_id'])) )
-				$rel = " rel='attachment wp-att-".attribute_escape($send_id)."'";
+				$rel = " rel='attachment wp-att-" . esc_attr($send_id)."'";
 			$html = "<a href='{$attachment['url']}'$rel>$html</a>";
 		}
+
 		$html = apply_filters('media_send_to_editor', $html, $send_id, $attachment);
 		return media_send_to_editor($html);
 	}
@@ -450,13 +471,14 @@ function media_upload_image() {
 		$src = $_POST['insertonly']['src'];
 		if ( !empty($src) && !strpos($src, '://') )
 			$src = "http://$src";
-		$alt = attribute_escape($_POST['insertonly']['alt']);
+		$alt = esc_attr($_POST['insertonly']['alt']);
 		if ( isset($_POST['insertonly']['align']) ) {
-			$align = attribute_escape($_POST['insertonly']['align']);
+			$align = esc_attr($_POST['insertonly']['align']);
 			$class = " class='align$align'";
 		}
 		if ( !empty($src) )
 			$html = "<img src='$src' alt='$alt'$class />";
+		$html = apply_filters('image_send_to_editor_url', $html, $src, $alt, $align);
 		return media_send_to_editor($html);
 	}

@@ -543,11 +565,12 @@ function media_upload_audio() {
 		$href = $_POST['insertonly']['href'];
 		if ( !empty($href) && !strpos($href, '://') )
 			$href = "http://$href";
-		$title = attribute_escape($_POST['insertonly']['title']);
+		$title = esc_attr($_POST['insertonly']['title']);
 		if ( empty($title) )
 			$title = basename($href);
 		if ( !empty($title) && !empty($href) )
 			$html = "<a href='$href' >$title</a>";
+		$html = apply_filters('audio_send_to_editor_url', $html, $href, $title);
 		return media_send_to_editor($html);
 	}

@@ -596,11 +619,12 @@ function media_upload_video() {
 		$href = $_POST['insertonly']['href'];
 		if ( !empty($href) && !strpos($href, '://') )
 			$href = "http://$href";
-		$title = attribute_escape($_POST['insertonly']['title']);
+		$title = esc_attr($_POST['insertonly']['title']);
 		if ( empty($title) )
 			$title = basename($href);
 		if ( !empty($title) && !empty($href) )
 			$html = "<a href='$href' >$title</a>";
+		$html = apply_filters('video_send_to_editor_url', $html, $href, $title);
 		return media_send_to_editor($html);
 	}

@@ -649,11 +673,12 @@ function media_upload_file() {
 		$href = $_POST['insertonly']['href'];
 		if ( !empty($href) && !strpos($href, '://') )
 			$href = "http://$href";
-		$title = attribute_escape($_POST['insertonly']['title']);
+		$title = esc_attr($_POST['insertonly']['title']);
 		if ( empty($title) )
 			$title = basename($href);
 		if ( !empty($title) && !empty($href) )
 			$html = "<a href='$href' >$title</a>";
+		$html = apply_filters('file_send_to_editor_url', $html, $href, $title);
 		return media_send_to_editor($html);
 	}

@@ -730,18 +755,18 @@ function media_upload_library() {
 * @param unknown_type $checked
 * @return unknown
 */
-function image_align_input_fields($post, $checked='') {
+function image_align_input_fields( $post, $checked = '' ) {

-	$alignments = array('none' => 'None', 'left' => 'Left', 'center' => 'Center', 'right' => 'Right');
-	if ( !array_key_exists($checked, $alignments) )
+	$alignments = array('none' => __('None'), 'left' => __('Left'), 'center' => __('Center'), 'right' => __('Right'));
+	if ( !array_key_exists( (string) $checked, $alignments ) )
 		$checked = 'none';

 	$out = array();
 	foreach ($alignments as $name => $label) {
-
+		$name = esc_attr($name);
 		$out[] = "<input type='radio' name='attachments[{$post->ID}][align]' id='image-align-{$name}-{$post->ID}' value='$name'".
 		 	( $checked == $name ? " checked='checked'" : "" ) .
-			" /><label for='image-align-{$name}-{$post->ID}' class='align image-align-{$name}-label'>" . __($label) . "</label>";
+			" /><label for='image-align-{$name}-{$post->ID}' class='align image-align-{$name}-label'>" . $label . "</label>";
 	}
 	return join("\n", $out);
 }
@@ -755,12 +780,12 @@ function image_align_input_fields($post, $checked='') {
 * @param unknown_type $checked
 * @return unknown
 */
-function image_size_input_fields($post, $checked='') {
+function image_size_input_fields( $post, $checked = '' ) {

 		// get a list of the actual pixel dimensions of each possible intermediate version of this image
 		$size_names = array('thumbnail' => __('Thumbnail'), 'medium' => __('Medium'), 'large' => __('Large'), 'full' => __('Full size'));

-		foreach ( $size_names as $size => $name) {
+		foreach ( $size_names as $size => $name ) {
 			$downsize = image_downsize($post->ID, $size);

 			// is this size selectable?
@@ -812,10 +837,10 @@ function image_link_input_fields($post, $url_type='') {
 	elseif ( $url_type == 'post' )
 		$url = $link;

-	return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . attribute_escape($url) . "' /><br />
+	return "<input type='text' class='urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br />
 				<button type='button' class='button urlnone' title=''>" . __('None') . "</button>
-				<button type='button' class='button urlfile' title='" . attribute_escape($file) . "'>" . __('File URL') . "</button>
-				<button type='button' class='button urlpost' title='" . attribute_escape($link) . "'>" . __('Post URL') . "</button>
+				<button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button>
+				<button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Post URL') . "</button>
 ";
 }

@@ -831,6 +856,9 @@ function image_link_input_fields($post, $url_type='') {
 function image_attachment_fields_to_edit($form_fields, $post) {
 	if ( substr($post->post_mime_type, 0, 5) == 'image' ) {
 		$form_fields['post_title']['required'] = true;
+		$file = wp_get_attachment_url($post->ID);
+
+		$form_fields['image_url']['value'] = $file;

 		$form_fields['post_excerpt']['label'] = __('Caption');
 		$form_fields['post_excerpt']['helps'][] = __('Also used as alternate text for the image');
@@ -864,6 +892,11 @@ function media_single_attachment_fields_to_edit( $form_fields, $post ) {
 	return $form_fields;
 }

+function media_post_single_attachment_fields_to_edit( $form_fields, $post ) {
+	unset($form_fields['image_url']);
+	return $form_fields;
+}
+
 /**
 * {@internal Missing Short Description}}
 *
@@ -936,6 +969,8 @@ function get_attachment_fields_to_edit($post, $errors = null) {
 	if ( is_array($post) )
 		$post = (object) $post;

+	$image_url = wp_get_attachment_url($post->ID);
+
 	$edit_post = sanitize_post($post, 'edit');

 	$form_fields = array(
@@ -962,6 +997,13 @@ function get_attachment_fields_to_edit($post, $errors = null) {
 			'label'      => __('Order'),
 			'value'      => $edit_post->menu_order
 		),
+		'image_url'	=> array(
+			'label'      => __('File URL'),
+			'input'      => 'html',
+			'html'       => "<input type='text' class='urlfield' readonly='readonly' name='attachments[$post->ID][url]' value='" . esc_attr($image_url) . "' /><br />",
+			'value'      => isset($edit_post->post_url) ? $edit_post->post_url : '',
+			'helps'      => __('Location of the uploaded file.'),
+		)
 	);

 	foreach ( get_attachment_taxonomies($post) as $taxonomy ) {
@@ -1055,19 +1097,19 @@ function get_media_item( $attachment_id, $args = null ) {
 	$post = get_post($attachment_id);

 	$filename = basename($post->guid);
-	$title = attribute_escape($post->post_title);
+	$title = esc_attr($post->post_title);

 	if ( $_tags = get_the_tags($attachment_id) ) {
 		foreach ( $_tags as $tag )
 			$tags[] = $tag->name;
-		$tags = attribute_escape(join(', ', $tags));
+		$tags = esc_attr(join(', ', $tags));
 	}

 	$type = '';
 	if ( isset($post_mime_types) ) {
 		$keys = array_keys(wp_match_mime_types(array_keys($post_mime_types), $post->post_mime_type));
 		$type = array_shift($keys);
-		$type = "<input type='hidden' id='type-of-$attachment_id' value='" . attribute_escape( $type ) . "' />";
+		$type = "<input type='hidden' id='type-of-$attachment_id' value='" . esc_attr( $type ) . "' />";
 	}

 	$form_fields = get_attachment_fields_to_edit($post, $errors);
@@ -1126,7 +1168,7 @@ function get_media_item( $attachment_id, $args = null ) {

 	$delete_href = wp_nonce_url("post.php?action=delete-post&amp;post=$attachment_id", 'delete-post_' . $attachment_id);
 	if ( $send )
-		$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . attribute_escape( __( 'Insert into Post' ) ) . "' />";
+		$send = "<input type='submit' class='button' name='send[$attachment_id]' value='" . esc_attr__( 'Insert into Post' ) . "' />";
 	if ( $delete )
 		$delete = "<a href=\"#\" class=\"del-link\" onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __('Delete') . "</a>";
 	if ( ( $send || $delete ) && !isset($form_fields['buttons']) )
@@ -1162,9 +1204,9 @@ function get_media_item( $attachment_id, $args = null ) {
 		if ( !empty($field[$field['input']]) )
 			$item .= $field[$field['input']];
 		elseif ( $field['input'] == 'textarea' ) {
-			$item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . htmlspecialchars( $field['value'] ) . "</textarea>";
+			$item .= "<textarea type='text' id='$name' name='$name'" . $aria_required . ">" . esc_html( $field['value'] ) . "</textarea>";
 		} else {
-			$item .= "<input type='text' id='$name' name='$name' value='" . attribute_escape( $field['value'] ) . "'" . $aria_required . "/>";
+			$item .= "<input type='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "'" . $aria_required . "/>";
 		}
 		if ( !empty($field['helps']) )
 			$item .= "<p class='help'>" . join( "</p>\n<p class='help'>", array_unique((array) $field['helps']) ) . '</p>';
@@ -1192,9 +1234,9 @@ function get_media_item( $attachment_id, $args = null ) {
 	$item .= "\t</table>\n";

 	foreach ( $hidden_fields as $name => $value )
-		$item .= "\t<input type='hidden' name='$name' id='$name' value='" . attribute_escape( $value ) . "' />\n";
+		$item .= "\t<input type='hidden' name='$name' id='$name' value='" . esc_attr( $value ) . "' />\n";

-	if ( $post->post_parent < 1 && (int) $_REQUEST['post_id'] ) {
+	if ( $post->post_parent < 1 && isset($_REQUEST['post_id']) ) {
 		$parent = (int) $_REQUEST['post_id'];
 		$parent_name = "attachments[$attachment_id][post_parent]";

@@ -1239,6 +1281,16 @@ function media_upload_form( $errors = null ) {
 	$post_id = isset($_REQUEST['post_id']) ? intval($_REQUEST['post_id']) : 0;

 ?>
+<script type="text/javascript">
+//<![CDATA[
+var uploaderMode = 0;
+jQuery(document).ready(function($){
+	uploaderMode = getUserSetting('uploader');
+	$('.upload-html-bypass a').click(function(){deleteUserSetting('uploader');uploaderMode=0;swfuploadPreLoad();return false;});
+	$('.upload-flash-bypass a').click(function(){setUserSetting('uploader', '1');uploaderMode=1;swfuploadPreLoad();return false;});
+});
+//]]>
+</script>
 <div id="media-upload-notice">
 <?php if (isset($errors['upload_notice']) ) { ?>
 	<?php echo $errors['upload_notice']; ?>
@@ -1254,16 +1306,18 @@ function media_upload_form( $errors = null ) {

 <?php if ( $flash ) : ?>
 <script type="text/javascript">
-<!--
+//<![CDATA[
+var swfu;
 SWFUpload.onload = function() {
-	swfu = new SWFUpload({
+	var settings = {
 			button_text: '<span class="button"><?php _e('Select Files'); ?></span>',
-			button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande","Lucida Sans Unicode",Tahoma,Verdana,sans-serif; }',
+			button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif; }',
 			button_height: "24",
 			button_width: "132",
+			button_text_top_padding: 2,
 			button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
 			button_placeholder_id: "flash-browse-button",
-			upload_url : "<?php echo attribute_escape( $flash_action_url ); ?>",
+			upload_url : "<?php echo esc_attr( $flash_action_url ); ?>",
 			flash_url : "<?php echo includes_url('js/swfupload/swfupload.swf'); ?>",
 			file_post_name: "async-upload",
 			file_types: "<?php echo apply_filters('upload_file_glob', '*.*'); ?>",
@@ -1292,32 +1346,36 @@ SWFUpload.onload = function() {
 				swfupload_element_id : "flash-upload-ui" // id of the element displayed when swfupload is available
 			},
 			debug: false
-		});
+		};
+		swfu = new SWFUpload(settings);
 };
-//-->
+//]]>
 </script>

 <div id="flash-upload-ui">
 <?php do_action('pre-flash-upload-ui'); ?>

-	<div><?php _e( 'Choose files to upload' ); ?> <div id="flash-browse-button"></div></div>
+	<div>
+	<?php _e( 'Choose files to upload' ); ?>
+	<div id="flash-browse-button"></div>
+	<span><input id="cancel-upload" disabled="disabled" onclick="cancelUpload()" type="button" value="<?php esc_attr_e('Cancel Upload'); ?>" class="button" /></span>
+	</div>
 <?php do_action('post-flash-upload-ui'); ?>
 	<p class="howto"><?php _e('After a file has been uploaded, you can add titles and descriptions.'); ?></p>
 </div>
-
 <?php endif; // $flash ?>

 <div id="html-upload-ui">
 <?php do_action('pre-html-upload-ui'); ?>
 	<p id="async-upload-wrap">
-	<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php echo attribute_escape(__('Upload')); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
+	<label class="screen-reader-text" for="async-upload"><?php _e('Upload'); ?></label>
+	<input type="file" name="async-upload" id="async-upload" /> <input type="submit" class="button" name="html-upload" value="<?php esc_attr_e('Upload'); ?>" /> <a href="#" onclick="return top.tb_remove();"><?php _e('Cancel'); ?></a>
 	</p>
-
-	<br class="clear" />
+	<div class="clear"></div>
 	<?php if ( is_lighttpd_before_150() ): ?>
 	<p><?php _e('If you want to use all capabilities of the uploader, like uploading multiple files at once, please upgrade to lighttpd 1.5.'); ?></p>
 	<?php endif;?>
-<?php do_action('post-html-upload-ui'); ?>
+<?php do_action('post-html-upload-ui', $flash); ?>
 </div>
 <?php do_action('post-upload-ui'); ?>
 <?php
@@ -1341,7 +1399,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
 	$form_action_url = apply_filters('media_upload_form_url', $form_action_url, $type);
 ?>

-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>

@@ -1350,7 +1408,7 @@ function media_upload_type_form($type = 'file', $errors = null, $id = null) {
 <?php media_upload_form( $errors ); ?>

 <script type="text/javascript">
-<!--
+//<![CDATA[
 jQuery(function($){
 	var preloaded = $(".media-item.preloaded");
 	if ( preloaded.length > 0 ) {
@@ -1358,21 +1416,24 @@ jQuery(function($){
 	}
 	updateMediaForm();
 });
-->
+//]]>
 </script>
 <div id="media-items">
 <?php
 if ( $id ) {
 	if ( !is_wp_error($id) ) {
+		add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
 		echo get_media_items( $id, $errors );
 	} else {
-		echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
+		echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
 		exit;
 	}
 }
 ?>
 </div>
-<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<p class="savebutton ml-submit">
+<input type="submit" class="button" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
+</p>
 <?php
 }

@@ -1396,7 +1457,7 @@ function media_upload_type_url_form($type = 'file', $errors = null, $id = null)
 	$callback = "type_url_form_$type";
 ?>

-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form type-form validate" id="<?php echo $type; ?>-form">
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 <?php wp_nonce_field('media-form'); ?>

@@ -1469,7 +1530,7 @@ var addExtImage = {
 			t.resetImageData();
 			return false;
 		}
-		document.getElementById('status_img').src = 'images/loading.gif';
+		document.getElementById('status_img').src = 'images/wpspin_light.gif';
 		t.preloadImg = new Image();
 		t.preloadImg.onload = t.updateImageData;
 		t.preloadImg.onerror = t.resetImageData;
@@ -1481,7 +1542,7 @@ var addExtImage = {

 <div id="media-items">
 <div class="media-item media-blank">
-<?php echo call_user_func($callback); ?>
+<?php echo apply_filters($callback, call_user_func($callback)); ?>
 </div>
 </div>
 </form>
@@ -1519,8 +1580,18 @@ jQuery(function($){
 });
 -->
 </script>
-
-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
+<div id="sort-buttons" class="hide-if-no-js">
+<span>
+<?php _e('All Tabs:'); ?>
+<a href="#" id="showall"><?php _e('Show'); ?></a>
+<a href="#" id="hideall" style="display:none;"><?php _e('Hide'); ?></a>
+</span>
+<?php _e('Sort Order:'); ?>
+<a href="#" id="asc"><?php _e('Ascending'); ?></a> |
+<a href="#" id="desc"><?php _e('Descending'); ?></a> |
+<a href="#" id="clear"><?php _e('Clear'); ?></a>
+</div>
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="gallery-form">
 <?php wp_nonce_field('media-form'); ?>
 <?php //media_upload_form( $errors ); ?>
 <table class="widefat" cellspacing="0">
@@ -1530,14 +1601,15 @@ jQuery(function($){
 </tr></thead>
 </table>
 <div id="media-items">
+<?php add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2); ?>
 <?php echo get_media_items($post_id, $errors); ?>
 </div>

 <p class="ml-submit">
-<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button savebutton" style="display:none;" name="save" id="save-all" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
-<input type="hidden" name="type" value="<?php echo attribute_escape( $GLOBALS['type'] ); ?>" />
-<input type="hidden" name="tab" value="<?php echo attribute_escape( $GLOBALS['tab'] ); ?>" />
+<input type="hidden" name="type" value="<?php echo esc_attr( $GLOBALS['type'] ); ?>" />
+<input type="hidden" name="tab" value="<?php echo esc_attr( $GLOBALS['tab'] ); ?>" />
 </p>

 <div id="gallery-settings" style="display:none;">
@@ -1567,8 +1639,9 @@ jQuery(function($){
 	<td class="field">
 		<select id="orderby" name="orderby">
 			<option value="menu_order" selected="selected"><?php _e('Menu order'); ?></option>
-			<option value="post_name"><?php _e('Name'); ?></option>
+			<option value="title"><?php _e('Title'); ?></option>
 			<option value="ID"><?php _e('Date/Time'); ?></option>
+			<option value="rand"><?php _e('Random'); ?></option>
 		</select>
 	</td>
 	</tr>
@@ -1610,8 +1683,8 @@ jQuery(function($){
 </tbody></table>

 <p class="ml-submit">
-<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php echo attribute_escape( __( 'Insert gallery' ) ); ?>" />
-<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php echo attribute_escape( __( 'Update gallery settings' ) ); ?>" />
+<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="insert-gallery" id="insert-gallery" value="<?php esc_attr_e( 'Insert gallery' ); ?>" />
+<input type="button" class="button" style="display:none;" onmousedown="wpgallery.update();" name="update-gallery" id="update-gallery" value="<?php esc_attr_e( 'Update gallery settings' ); ?>" />
 </p>
 </div>
 </form>
@@ -1647,15 +1720,15 @@ function media_upload_library_form($errors) {
 ?>

 <form id="filter" action="" method="get">
-<input type="hidden" name="type" value="<?php echo attribute_escape( $type ); ?>" />
-<input type="hidden" name="tab" value="<?php echo attribute_escape( $tab ); ?>" />
+<input type="hidden" name="type" value="<?php echo esc_attr( $type ); ?>" />
+<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" />
 <input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
-<input type="hidden" name="post_mime_type" value="<?php echo attribute_escape( $_GET['post_mime_type'] ); ?>" />
+<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" />

 <p id="media-search" class="search-box">
-	<label class="hidden" for="media-search-input"><?php _e('Search Media');?>:</label>
-	<input type="text" id="media-search-input" class="search-input" name="s" value="<?php the_search_query(); ?>" />
-	<input type="submit" value="<?php echo attribute_escape( __( 'Search Media' ) ); ?>" class="button" />
+	<label class="screen-reader-text" for="media-search-input"><?php _e('Search Media');?>:</label>
+	<input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" />
 </p>

 <ul class="subsubsub">
@@ -1665,7 +1738,10 @@ $_num_posts = (array) wp_count_attachments();
 $matches = wp_match_mime_types(array_keys($post_mime_types), array_keys($_num_posts));
 foreach ( $matches as $_type => $reals )
 	foreach ( $reals as $real )
-		$num_posts[$_type] += $_num_posts[$real];
+		if ( isset($num_posts[$_type]) )
+			$num_posts[$_type] += $_num_posts[$real];
+		else
+			$num_posts[$_type] = $_num_posts[$real];
 // If available type specified by media button clicked, filter by that type
 if ( empty($_GET['post_mime_type']) && !empty($num_posts[$type]) ) {
 	$_GET['post_mime_type'] = $type;
@@ -1673,17 +1749,19 @@ if ( empty($_GET['post_mime_type']) && !empty($num_posts[$type]) ) {
 }
 if ( empty($_GET['post_mime_type']) || $_GET['post_mime_type'] == 'all' )
 	$class = ' class="current"';
-$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
+else
+	$class = '';
+$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>'all', 'paged'=>false, 'm'=>false))) . "'$class>".__('All Types')."</a>";
 foreach ( $post_mime_types as $mime_type => $label ) {
 	$class = '';

 	if ( !wp_match_mime_types($mime_type, $avail_post_mime_types) )
 		continue;

-	if ( wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
+	if ( isset($_GET['post_mime_type']) && wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
 		$class = ' class="current"';

-	$type_links[] = "<li><a href='" . clean_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(__ngettext($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
+	$type_links[] = "<li><a href='" . esc_url(add_query_arg(array('post_mime_type'=>$mime_type, 'paged'=>false))) . "'$class>" . sprintf(_n($label[2][0], $label[2][1], $num_posts[$mime_type]), "<span id='$mime_type-counter'>" . number_format_i18n( $num_posts[$mime_type] ) . '</span>') . '</a>';
 }
 echo implode(' | </li>', $type_links) . '</li>';
 unset($type_links);
@@ -1729,15 +1807,15 @@ foreach ($arc_result as $arc_row) {
 	else
 		$default = '';

-	echo "<option$default value='" . attribute_escape( $arc_row->yyear . $arc_row->mmonth ) . "'>";
-	echo wp_specialchars( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
+	echo "<option$default value='" . esc_attr( $arc_row->yyear . $arc_row->mmonth ) . "'>";
+	echo esc_html( $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear" );
 	echo "</option>\n";
 }
 ?>
 </select>
 <?php } ?>

-<input type="submit" id="post-query-submit" value="<?php echo attribute_escape( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php echo esc_attr( __( 'Filter &#187;' ) ); ?>" class="button-secondary" />

 </div>

@@ -1745,7 +1823,7 @@ foreach ($arc_result as $arc_row) {
 </div>
 </form>

-<form enctype="multipart/form-data" method="post" action="<?php echo attribute_escape($form_action_url); ?>" class="media-upload-form validate" id="library-form">
+<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="media-upload-form validate" id="library-form">

 <?php wp_nonce_field('media-form'); ?>
 <?php //media_upload_form( $errors ); ?>
@@ -1763,10 +1841,11 @@ jQuery(function($){
 </script>

 <div id="media-items">
+<?php add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2); ?>
 <?php echo get_media_items(null, $errors); ?>
 </div>
 <p class="ml-submit">
-<input type="submit" class="button savebutton" name="save" value="<?php echo attribute_escape( __( 'Save all changes' ) ); ?>" />
+<input type="submit" class="button savebutton" name="save" value="<?php esc_attr_e( 'Save all changes' ); ?>" />
 <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" />
 </p>
 </form>
@@ -1784,7 +1863,7 @@ function type_url_form_image() {

 	if ( apply_filters( 'disable_captions', '' ) ) {
 		$alt = __('Alternate Text');
-		$alt_help = __('Alt text for the image, e.g. "The Mona Lisa"');
+		$alt_help = __('Alt text for the image, e.g. &#8220;The Mona Lisa&#8221;');
 	} else {
 		$alt = __('Image Caption');
 		$alt_help = __('Also used as alternate text for the image');
@@ -1848,7 +1927,7 @@ function type_url_form_image() {
 		<tr>
 			<td></td>
 			<td>
-				<input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . attribute_escape(__('Insert into Post')) . '" />
+				<input type="button" class="button" id="go_button" style="color:#bbb;" onclick="addExtImage.insert()" value="' . esc_attr__('Insert into Post') . '" />
 			</td>
 		</tr>
 	</tbody></table>
@@ -1880,11 +1959,11 @@ function type_url_form_audio() {
 			</th>
 			<td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td>
 		</tr>
-		<tr><td></td><td class="help">' . __('Link text, e.g. "Still Alive by Jonathan Coulton"') . '</td></tr>
+		<tr><td></td><td class="help">' . __('Link text, e.g. &#8220;Still Alive by Jonathan Coulton&#8221;') . '</td></tr>
 		<tr>
 			<td></td>
 			<td>
-				<input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
+				<input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
 			</td>
 		</tr>
 	</tbody></table>
@@ -1915,11 +1994,11 @@ function type_url_form_video() {
 			</th>
 			<td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td>
 		</tr>
-		<tr><td></td><td class="help">' . __('Link text, e.g. "Lucy on YouTube"') . '</td></tr>
+		<tr><td></td><td class="help">' . __('Link text, e.g. &#8220;Lucy on YouTube&#8220;') . '</td></tr>
 		<tr>
 			<td></td>
 			<td>
-				<input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
+				<input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
 			</td>
 		</tr>
 	</tbody></table>
@@ -1950,11 +2029,11 @@ function type_url_form_file() {
 			</th>
 			<td class="field"><input id="insertonly[title]" name="insertonly[title]" value="" type="text" aria-required="true"></td>
 		</tr>
-		<tr><td></td><td class="help">' . __('Link text, e.g. "Ransom Demands (PDF)"') . '</td></tr>
+		<tr><td></td><td class="help">' . __('Link text, e.g. &#8220;Ransom Demands (PDF)&#8221;') . '</td></tr>
 		<tr>
 			<td></td>
 			<td>
-				<input type="submit" class="button" name="insertonlybutton" value="' . attribute_escape(__('Insert into Post')) . '" />
+				<input type="submit" class="button" name="insertonlybutton" value="' . esc_attr__('Insert into Post') . '" />
 			</td>
 		</tr>
 	</tbody></table>
@@ -1986,7 +2065,7 @@ add_filter('flash_uploader', 'media_upload_use_flash');
 */
 function media_upload_flash_bypass() {
 	echo '<p class="upload-flash-bypass">';
-	printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), clean_url(add_query_arg('flash', 0)) );
+	printf( __('You are using the Flash uploader.  Problems?  Try the <a href="%s">Browser uploader</a> instead.'), esc_url(add_query_arg('flash', 0)) );
 	echo '</p>';
 }

@@ -1995,16 +2074,15 @@ function media_upload_flash_bypass() {
 *
 * @since unknown
 */
-function media_upload_html_bypass() {
+function media_upload_html_bypass($flash = true) {
 	echo '<p class="upload-html-bypass">';
-	if ( array_key_exists('flash', $_REQUEST) )
+	_e('You are using the Browser uploader.');
+	if ( $flash ) {
 		// the user manually selected the browser uploader, so let them switch back to Flash
-		printf( __('You are using the Browser uploader.  Try the <a href="%s">Flash uploader</a> instead.'), clean_url(add_query_arg('flash', 1)) );
-	else
-		// the user probably doesn't have Flash
-		printf( __('You are using the Browser uploader.') );
-
-	echo '</p>';
+		echo ' ';
+		printf( __('Try the <a href="%s">Flash uploader</a> instead.'), esc_url(add_query_arg('flash', 1)) );
+	}
+	echo "</p>\n";
 }

 add_action('post-flash-upload-ui', 'media_upload_flash_bypass');
@@ -2028,8 +2106,6 @@ function media_upload_bypass_url($url) {

 add_filter('media_upload_form_url', 'media_upload_bypass_url');

-
-
 add_filter('async_upload_image', 'get_media_item', 10, 2);
 add_filter('async_upload_audio', 'get_media_item', 10, 2);
 add_filter('async_upload_video', 'get_media_item', 10, 2);
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -72,7 +72,9 @@ function insert_with_markers( $filename, $marker, $insertion ) {
 			$markerdata = explode( "\n", implode( '', file( $filename ) ) );
 		}

-		$f = fopen( $filename, 'w' );
+		if ( !$f = @fopen( $filename, 'w' ) )
+			return false;
+
 		$foundit = false;
 		if ( $markerdata ) {
 			$state = true;
@@ -135,6 +137,34 @@ function save_mod_rewrite_rules() {
 	return false;
 }

+/**
+ * Updates the IIS web.config file with the current rules if it is writable.
+ * If the permalinks do not require rewrite rules then the rules are deleted from the web.config file.
+ *
+ * @since 2.8.0
+ *
+ * @return bool True if web.config was updated successfully
+ */
+function iis7_save_url_rewrite_rules(){
+	global $wp_rewrite;
+
+	$home_path = get_home_path();
+	$web_config_file = $home_path . 'web.config';
+
+	// Using win_is_writable() instead of is_writable() because of a bug in Windows PHP
+	if ( ( ! file_exists($web_config_file) && win_is_writable($home_path) && $wp_rewrite->using_mod_rewrite_permalinks() ) || win_is_writable($web_config_file) ) {
+		if ( iis7_supports_permalinks() ) {
+			$rule = $wp_rewrite->iis7_url_rewrite_rules();
+			if ( ! empty($rule) ) {
+				return iis7_add_rewrite_rule($web_config_file, $rule);
+			} else {
+				return iis7_delete_rewrite_rule($web_config_file);
+			}
+		}
+	}
+	return false;
+}
+
 /**
 * {@internal Missing Short Description}}
 *
@@ -238,4 +268,374 @@ function show_message($message) {
 	echo "<p>$message</p>\n";
 }

+function wp_doc_link_parse( $content ) {
+	if ( !is_string( $content ) || empty( $content ) )
+		return array();
+
+	if ( !function_exists('token_get_all') )
+		return array();
+
+	$tokens = token_get_all( $content );
+	$functions = array();
+	$ignore_functions = array();
+	for ( $t = 0, $count = count( $tokens ); $t < $count; $t++ ) {
+		if ( !is_array( $tokens[$t] ) ) continue;
+		if ( T_STRING == $tokens[$t][0] && ( '(' == $tokens[ $t + 1 ] || '(' == $tokens[ $t + 2 ] ) ) {
+			// If it's a function or class defined locally, there's not going to be any docs available
+			if ( ( isset( $tokens[ $t - 2 ][1] ) && in_array( $tokens[ $t - 2 ][1], array( 'function', 'class' ) ) ) || ( isset( $tokens[ $t - 2 ][0] ) && T_OBJECT_OPERATOR == $tokens[ $t - 1 ][0] ) ) {
+				$ignore_functions[] = $tokens[$t][1];
+			}
+			// Add this to our stack of unique references
+			$functions[] = $tokens[$t][1];
+		}
+	}
+
+	$functions = array_unique( $functions );
+	sort( $functions );
+	$ignore_functions = apply_filters( 'documentation_ignore_functions', $ignore_functions );
+	$ignore_functions = array_unique( $ignore_functions );
+
+	$out = array();
+	foreach ( $functions as $function ) {
+		if ( in_array( $function, $ignore_functions ) )
+			continue;
+		$out[] = $function;
+	}
+
+	return $out;
+}
+
+/**
+ * Determines the language to use for CodePress syntax highlighting,
+ * based only on a filename.
+ *
+ * @since 2.8
+ *
+ * @param string $filename The name of the file to be highlighting
+**/
+function codepress_get_lang( $filename ) {
+	$codepress_supported_langs = apply_filters( 'codepress_supported_langs',
+									array( '.css' => 'css',
+											'.js' => 'javascript',
+											'.php' => 'php',
+											'.html' => 'html',
+											'.htm' => 'html',
+											'.txt' => 'text'
+											) );
+	$extension = substr( $filename, strrpos( $filename, '.' ) );
+	if ( $extension && array_key_exists( $extension, $codepress_supported_langs ) )
+		return $codepress_supported_langs[$extension];
+
+	return 'generic';
+}
+
+/**
+ * Adds Javascript required to make CodePress work on the theme/plugin editors.
+ *
+ * This code is attached to the action admin_print_footer_scripts.
+ *
+ * @since 2.8
+**/
+function codepress_footer_js() {
+	// Script-loader breaks CP's automatic path-detection, thus CodePress.path
+	// CP edits in an iframe, so we need to grab content back into normal form
+	?><script type="text/javascript">
+/* <![CDATA[ */
+var codepress_path = '<?php echo includes_url('js/codepress/'); ?>';
+jQuery('#template').submit(function(){
+	if (jQuery('#newcontent_cp').length)
+		jQuery('#newcontent_cp').val(newcontent.getCode()).removeAttr('disabled');
+});
+jQuery('#codepress-on').hide();
+jQuery('#codepress-off').show();
+/* ]]> */
+</script>
+<?php
+}
+
+/**
+ * Determine whether to use CodePress or not.
+ *
+ * @since 2.8
+**/
+function use_codepress() {
+
+	if ( isset($_GET['codepress']) ) {
+		$on = 'on' == $_GET['codepress'] ? 'on' : 'off';
+		set_user_setting( 'codepress', $on );
+	} else {
+		$on = get_user_setting('codepress', 'on');
+	}
+
+	if ( 'on' == $on ) {
+		add_action( 'admin_print_footer_scripts', 'codepress_footer_js' );
+		return true;
+	}
+
+	return false;
+}
+
+/**
+ * Saves option for number of rows when listing posts, pages, comments, etc.
+ *
+ * @since 2.8
+**/
+function set_screen_options() {
+
+	if ( isset($_POST['wp_screen_options']) && is_array($_POST['wp_screen_options']) ) {
+		check_admin_referer( 'screen-options-nonce', 'screenoptionnonce' );
+
+		if ( !$user = wp_get_current_user() )
+			return;
+		$option = $_POST['wp_screen_options']['option'];
+		$value = $_POST['wp_screen_options']['value'];
+
+		if ( !preg_match( '/^[a-z_-]+$/', $option ) )
+			return;
+
+		$option = str_replace('-', '_', $option);
+
+		switch ( $option ) {
+			case 'edit_per_page':
+			case 'edit_pages_per_page':
+			case 'edit_comments_per_page':
+			case 'upload_per_page':
+			case 'categories_per_page':
+			case 'edit_tags_per_page':
+			case 'plugins_per_page':
+				$value = (int) $value;
+				if ( $value < 1 || $value > 999 )
+					return;
+				break;
+			default:
+				$value = apply_filters('set-screen-option', false, $option, $value);
+				if ( false === $value )
+					return;
+				break;
+		}
+
+		update_usermeta($user->ID, $option, $value);
+		wp_redirect( remove_query_arg( array('pagenum', 'apage', 'paged'), wp_get_referer() ) );
+		exit;
+	}
+}
+
+function wp_menu_unfold() {
+	if ( isset($_GET['unfoldmenu']) ) {
+		delete_user_setting('mfold');
+		wp_redirect( remove_query_arg( 'unfoldmenu', stripslashes($_SERVER['REQUEST_URI']) ) );
+	 	exit;
+	}
+}
+
+/**
+ * Check if IIS 7 supports pretty permalinks
+ *
+ * @since 2.8.0
+ *
+ * @return bool
+ */
+function iis7_supports_permalinks() {
+	global $is_iis7;
+
+	$supports_permalinks = false;
+	if ( $is_iis7 ) {
+		/* First we check if the DOMDocument class exists. If it does not exist,
+		 * which is the case for PHP 4.X, then we cannot easily update the xml configuration file,
+		 * hence we just bail out and tell user that pretty permalinks cannot be used.
+		 * This is not a big issue because PHP 4.X is going to be depricated and for IIS it
+		 * is recommended to use PHP 5.X NTS.
+		 * Next we check if the URL Rewrite Module 1.1 is loaded and enabled for the web site. When
+		 * URL Rewrite 1.1 is loaded it always sets a server variable called 'IIS_UrlRewriteModule'.
+		 * Lastly we make sure that PHP is running via FastCGI. This is important because if it runs
+		 * via ISAPI then pretty permalinks will not work.
+		 */
+		$supports_permalinks = class_exists('DOMDocument') && isset($_SERVER['IIS_UrlRewriteModule']) && ( php_sapi_name() == 'cgi-fcgi' );
+	}
+
+	return apply_filters('iis7_supports_permalinks', $supports_permalinks);
+}
+
+/**
+ * Check if rewrite rule for WordPress already exists in the IIS 7 configuration file
+ *
+ * @since 2.8.0
+ *
+ * @return bool
+ * @param string $filename The file path to the configuration file
+ */
+function iis7_rewrite_rule_exists($filename) {
+	if ( ! file_exists($filename) )
+		return false;
+	if ( ! class_exists('DOMDocument') )
+		return false;
+
+	$doc = new DOMDocument();
+	if ( $doc->load($filename) === false )
+		return false;
+	$xpath = new DOMXPath($doc);
+	$rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[@name=\'wordpress\']');
+	if ( $rules->length == 0 )
+		return false;
+	else
+		return true;
+}
+
+/**
+ * Delete WordPress rewrite rule from web.config file if it exists there
+ *
+ * @since 2.8.0
+ *
+ * @param string $filename Name of the configuration file
+ * @return bool
+ */
+function iis7_delete_rewrite_rule($filename) {
+	// If configuration file does not exist then rules also do not exist so there is nothing to delete
+	if ( ! file_exists($filename) )
+		return true;
+
+	if ( ! class_exists('DOMDocument') )
+		return false;
+
+	$doc = new DOMDocument();
+	$doc->preserveWhiteSpace = false;
+
+	if ( $doc -> load($filename) === false )
+		return false;
+	$xpath = new DOMXPath($doc);
+	$rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[@name=\'wordpress\']');
+	if ( $rules->length > 0 ) {
+		$child = $rules->item(0);
+		$parent = $child->parentNode;
+		$parent->removeChild($child);
+		$doc->formatOutput = true;
+		saveDomDocument($doc, $filename);
+	}
+	return true;
+}
+
+/**
+ * Add WordPress rewrite rule to the IIS 7 configuration file.
+ *
+ * @since 2.8.0
+ *
+ * @param string $filename The file path to the configuration file
+ * @param string $rewrite_rule The XML fragment with URL Rewrite rule
+ * @return bool
+ */
+function iis7_add_rewrite_rule($filename, $rewrite_rule) {
+	if ( ! class_exists('DOMDocument') )
+		return false;
+
+	// If configuration file does not exist then we create one.
+	if ( ! file_exists($filename) ) {
+		$fp = fopen( $filename, 'w');
+		fwrite($fp, '<configuration/>');
+		fclose($fp);
+	}
+
+	$doc = new DOMDocument();
+	$doc->preserveWhiteSpace = false;
+
+	if ( $doc->load($filename) === false )
+		return false;
+
+	$xpath = new DOMXPath($doc);
+
+	// First check if the rule already exists as in that case there is no need to re-add it
+	$wordpress_rules = $xpath->query('/configuration/system.webServer/rewrite/rules/rule[@name=\'wordpress\']');
+	if ( $wordpress_rules->length > 0 )
+		return true;
+
+	// Check the XPath to the rewrite rule and create XML nodes if they do not exist
+	$xmlnodes = $xpath->query('/configuration/system.webServer/rewrite/rules');
+	if ( $xmlnodes->length > 0 ) {
+		$rules_node = $xmlnodes->item(0);
+	} else {
+		$rules_node = $doc->createElement('rules');
+
+		$xmlnodes = $xpath->query('/configuration/system.webServer/rewrite');
+		if ( $xmlnodes->length > 0 ) {
+			$rewrite_node = $xmlnodes->item(0);
+			$rewrite_node->appendChild($rules_node);
+		} else {
+			$rewrite_node = $doc->createElement('rewrite');
+			$rewrite_node->appendChild($rules_node);
+
+			$xmlnodes = $xpath->query('/configuration/system.webServer');
+			if ( $xmlnodes->length > 0 ) {
+				$system_webServer_node = $xmlnodes->item(0);
+				$system_webServer_node->appendChild($rewrite_node);
+			} else {
+				$system_webServer_node = $doc->createElement('system.webServer');
+				$system_webServer_node->appendChild($rewrite_node);
+
+				$xmlnodes = $xpath->query('/configuration');
+				if ( $xmlnodes->length > 0 ) {
+					$config_node = $xmlnodes->item(0);
+					$config_node->appendChild($system_webServer_node);
+				} else {
+					$config_node = $doc->createElement('configuration');
+					$doc->appendChild($config_node);
+					$config_node->appendChild($system_webServer_node);
+				}
+			}
+		}
+	}
+
+	$rule_fragment = $doc->createDocumentFragment();
+	$rule_fragment->appendXML($rewrite_rule);
+	$rules_node->appendChild($rule_fragment);
+
+	$doc->formatOutput = true;
+	saveDomDocument($doc, $filename);
+
+	return true;
+}
+
+/**
+ * Saves the XML document into a file
+ *
+ * @since 2.8.0
+ *
+ * @param DOMDocument $doc
+ * @param string $filename
+ */
+function saveDomDocument($doc, $filename) {
+	$config = $doc->saveXML();
+	$config = preg_replace("/([^\r])\n/", "$1\r\n", $config);
+	$fp = fopen($filename, 'w');
+	fwrite($fp, $config);
+	fclose($fp);
+}
+
+/**
+ * Workaround for Windows bug in is_writable() function
+ *
+ * @since 2.8.0
+ *
+ * @param object $path
+ * @return bool
+ */
+function win_is_writable($path) {
+	/* will work in despite of Windows ACLs bug
+	 * NOTE: use a trailing slash for folders!!!
+	 * see http://bugs.php.net/bug.php?id=27609
+	 * see http://bugs.php.net/bug.php?id=30931
+	 */
+
+    if ( $path{strlen($path)-1} == '/' ) // recursively return a temporary file path
+        return win_is_writable($path . uniqid(mt_rand()) . '.tmp');
+    else if ( is_dir($path) )
+        return win_is_writable($path . '/' . uniqid(mt_rand()) . '.tmp');
+    // check tmp file for read/write capabilities
+    $rm = file_exists($path);
+    $f = @fopen($path, 'a');
+    if ($f===false)
+        return false;
+    fclose($f);
+    if ( ! $rm )
+        unlink($path);
+    return true;
+}
 ?>
--- a/wp-admin/includes/plugin-install.php
+++ b/wp-admin/includes/plugin-install.php
@@ -40,12 +40,14 @@ function plugins_api($action, $args = null) {
 	if ( ! $res ) {
 		$request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
 		if ( is_wp_error($request) ) {
-			$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
+			$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
 		} else {
 			$res = unserialize($request['body']);
 			if ( ! $res )
-				$res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
+				$res = new WP_Error('plugins_api_failed', __('An unknown error occurred'), $request['body']);
 		}
+	} elseif ( !is_wp_error($res) ) {
+		$res->external = true;
 	}

 	return apply_filters('plugins_api_result', $res, $action, $args);
@@ -125,24 +127,11 @@ function install_dashboard() {
 	<p><?php _e('Plugins extend and expand the functionality of WordPress. You may automatically install plugins from the <a href="http://wordpress.org/extend/plugins/">WordPress Plugin Directory</a> or upload a plugin in .zip format via this page.') ?></p>

 	<h4><?php _e('Search') ?></h4>
-	<?php install_search_form('<a href="' . add_query_arg('show-help', !isset($_REQUEST['show-help'])) .'" onclick="jQuery(\'#search-help\').toggle(); return false;">' . __('[need help?]') . '</a>') ?>
-	<div id="search-help" style="display: <?php echo isset($_REQUEST['show-help']) ? 'block' : 'none'; ?>;">
-	<p>	<?php _e('You may search based on 3 criteria:') ?><br />
-		<?php _e('<strong>Term:</strong> Searches plugins names and descriptions for the specified term') ?><br />
-		<?php _e('<strong>Tag:</strong> Searches for plugins tagged as such') ?><br />
-		<?php _e('<strong>Author:</strong> Searches for plugins created by the Author, or which the Author contributed to.') ?></p>
-	</div>
-
-	<h4><?php _e('Install a plugin in .zip format') ?></h4>
-	<p><?php _e('If you have a plugin in a .zip format, You may install it by uploading it here.') ?></p>
-	<form method="post" enctype="multipart/form-data" action="<?php echo admin_url('plugin-install.php?tab=upload') ?>">
-		<?php wp_nonce_field( 'plugin-upload') ?>
-		<input type="file" name="pluginzip" />
-		<input type="submit" class="button" value="<?php _e('Install Now') ?>" />
-	</form>
+	<p class="install-help"><?php _e('Search for plugins by keyword, author, or tag.') ?></p>
+	<?php install_search_form(); ?>

 	<h4><?php _e('Popular tags') ?></h4>
-	<p><?php _e('You may also browse based on the most popular tags in the Plugin Directory:') ?></p>
+	<p class="install-help"><?php _e('You may also browse based on the most popular tags in the Plugin Directory:') ?></p>
 	<?php

 	$api_tags = install_popular_tags();
@@ -151,11 +140,13 @@ function install_dashboard() {
 	$tags = array();
 	foreach ( (array)$api_tags as $tag )
 		$tags[ $tag['name'] ] = (object) array(
-								'link' => clean_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
+								'link' => esc_url( admin_url('plugin-install.php?tab=search&type=tag&s=' . urlencode($tag['name'])) ),
 								'name' => $tag['name'],
 								'id' => sanitize_title_with_dashes($tag['name']),
 								'count' => $tag['count'] );
+	echo '<p class="popular-tags">';
 	echo wp_generate_tag_cloud($tags, array( 'single_text' => __('%d plugin'), 'multiple_text' => __('%d plugins') ) );
+	echo '</p><br class="clear" />';
 }

 /**
@@ -167,14 +158,15 @@ function install_search_form(){
 	$type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
 	$term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';

-	?><form id="search-plugins" method="post" action="<?php echo admin_url('plugin-install.php?tab=search') ?>">
+	?><form id="search-plugins" method="post" action="<?php echo admin_url('plugin-install.php?tab=search'); ?>">
 		<select name="type" id="typeselector">
-			<option value="term"<?php selected('term', $type) ?>><?php _e('Term') ?></option>
-			<option value="author"<?php selected('author', $type) ?>><?php _e('Author') ?></option>
-			<option value="tag"<?php selected('tag', $type) ?>><?php _e('Tag') ?></option>
+			<option value="term"<?php selected('term', $type) ?>><?php _e('Term'); ?></option>
+			<option value="author"<?php selected('author', $type) ?>><?php _e('Author'); ?></option>
+			<option value="tag"<?php selected('tag', $type) ?>><?php echo _x('Tag', 'Plugin Installer'); ?></option>
 		</select>
-		<input type="text" name="s" id="search-field" value="<?php echo attribute_escape($term) ?>" />
-		<input type="submit" name="search" value="<?php echo attribute_escape(__('Search')) ?>" class="button" />
+		<input type="text" name="s" value="<?php echo esc_attr($term) ?>" />
+		<label class="screen-reader-text" for="plugin-search-input"><?php _e('Search Plugins'); ?></label>
+		<input type="submit" id="plugin-search-input" name="search" value="<?php esc_attr_e('Search Plugins'); ?>" class="button" />
 	</form><?php
 }

@@ -208,6 +200,26 @@ function install_popular($page = 1) {
 	display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
 }

+add_action('install_plugins_upload', 'install_plugins_upload', 10, 1);
+/**
+ * Upload from zip
+ * @since 2.8.0
+ *
+ * @param string $page
+ */
+function install_plugins_upload( $page = 1 ) {
+?>
+	<h4><?php _e('Install a plugin in .zip format') ?></h4>
+	<p class="install-help"><?php _e('If you have a plugin in a .zip format, You may install it by uploading it here.') ?></p>
+	<form method="post" enctype="multipart/form-data" action="<?php echo admin_url('update.php?action=upload-plugin') ?>">
+		<?php wp_nonce_field( 'plugin-upload') ?>
+		<label class="screen-reader-text" for="pluginzip"><?php _e('Plugin zip file'); ?></label>
+		<input type="file" id="pluginzip" name="pluginzip" />
+		<input type="submit" class="button" value="<?php esc_attr_e('Install Now') ?>" />
+	</form>
+<?php
+}
+
 add_action('install_plugins_new', 'install_new', 10, 1);
 /**
 * Display new plugins.
@@ -254,7 +266,8 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){

 	$plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
 								'abbr' => array('title' => array()),'acronym' => array('title' => array()),
-								'code' => array(), 'pre' => array(), 'em' => array(),'strong' => array());
+								'code' => array(), 'pre' => array(), 'em' => array(),'strong' => array(),
+								'ul' => array(), 'ol' => array(), 'li' => array(), 'p' => array(), 'br' => array());

 ?>
 	<div class="tablenav">
@@ -262,7 +275,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
 		<?php do_action('install_plugins_table_header'); ?>
 		</div>
 		<?php
-			$url = clean_url($_SERVER['REQUEST_URI']);
+			$url = esc_url($_SERVER['REQUEST_URI']);
 			if ( ! empty($term) )
 				$url = add_query_arg('s', $term, $url);
 			if ( ! empty($type) )
@@ -313,7 +326,17 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
 					$plugin = (array) $plugin;

 				$title = wp_kses($plugin['name'], $plugins_allowedtags);
-				$description = wp_kses($plugin['description'], $plugins_allowedtags);
+				//Limit description to 400char, and remove any HTML.
+				$description = strip_tags($plugin['description']);
+				if ( strlen($description) > 400 )
+					$description = mb_substr($description, 0, 400) . '&#8230;';
+				//remove any trailing entities
+				$description = preg_replace('/&[^;\s]{0,6}$/', '', $description);
+				//strip leading/trailing & multiple consecutive lines
+				$description = trim($description);
+				$description = preg_replace("|(\r?\n)+|", "\n", $description);
+				//\n => <br>
+				$description = nl2br($description);
 				$version = wp_kses($plugin['version'], $plugins_allowedtags);

 				$name = strip_tags($title . ' ' . $version);
@@ -325,12 +348,12 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
 				$author = wp_kses($author, $plugins_allowedtags);

 				if( isset($plugin['homepage']) )
-					$title = '<a target="_blank" href="' . attribute_escape($plugin['homepage']) . '">' . $title . '</a>';
+					$title = '<a target="_blank" href="' . esc_attr($plugin['homepage']) . '">' . $title . '</a>';

 				$action_links = array();
 				$action_links[] = '<a href="' . admin_url('plugin-install.php?tab=plugin-information&amp;plugin=' . $plugin['slug'] .
-									'&amp;TB_iframe=true&amp;width=600&amp;height=800') . '" class="thickbox onclick" title="' .
-									attribute_escape($name) . '">' . __('Install') . '</a>';
+									'&amp;TB_iframe=true&amp;width=600&amp;height=550') . '" class="thickbox onclick" title="' .
+									esc_attr($name) . '">' . __('Install') . '</a>';

 				$action_links = apply_filters('plugin_install_action_links', $action_links, $plugin);
 			?>
@@ -338,8 +361,8 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
 				<td class="name"><?php echo $title; ?></td>
 				<td class="vers"><?php echo $version; ?></td>
 				<td class="vers">
-					<div class="star-holder" title="<?php printf(__ngettext('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>">
-						<div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
+					<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $plugin['num_ratings']), number_format_i18n($plugin['num_ratings'])) ?>">
+						<div class="star star-rating" style="width: <?php echo esc_attr($plugin['rating']) ?>px"></div>
 						<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
 						<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
 						<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
@@ -347,7 +370,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
 						<div class="star star1"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('1 star') ?>" /></div>
 					</div>
 				</td>
-				<td class="desc"><p><?php echo $description, $author; ?></p></td>
+				<td class="desc"><?php echo $description, $author; ?></td>
 				<td class="action-links"><?php if ( !empty($action_links) )	echo implode(' | ', $action_links); ?></td>
 			</tr>
 			<?php
@@ -406,8 +429,8 @@ function install_plugin_information() {

 		$class = ( $section_name == $section ) ? ' class="current"' : '';
 		$href = add_query_arg( array('tab' => $tab, 'section' => $section_name) );
-		$href = clean_url($href);
-		$san_title = attribute_escape(sanitize_title_with_dashes($title));
+		$href = esc_url($href);
+		$san_title = esc_attr(sanitize_title_with_dashes($title));
 		echo "\t<li><a name='$san_title' target='' href='$href'$class>$title</a></li>\n";
 	}
 	echo "</ul>\n";
@@ -420,26 +443,28 @@ function install_plugin_information() {
 			//Default to a "new" plugin
 			$type = 'install';
 			//Check to see if this plugin is known to be installed, and has an update awaiting it.
-			$update_plugins = get_option('update_plugins');
-			foreach ( (array)$update_plugins->response as $file => $plugin ) {
-				if ( $plugin->slug === $api->slug ) {
-					$type = 'update_available';
-					$update_file = $file;
-					break;
+			$update_plugins = get_transient('update_plugins');
+			if ( is_object( $update_plugins ) ) {
+				foreach ( (array)$update_plugins->response as $file => $plugin ) {
+					if ( $plugin->slug === $api->slug ) {
+						$type = 'update_available';
+						$update_file = $file;
+						break;
+					}
 				}
 			}
 			if ( 'install' == $type && is_dir( WP_PLUGIN_DIR  . '/' . $api->slug ) ) {
 				$installed_plugin = get_plugins('/' . $api->slug);
 				if ( ! empty($installed_plugin) ) {
 					$key = array_shift( $key = array_keys($installed_plugin) ); //Use the first plugin regardless of the name, Could have issues for multiple-plugins in one directory if they share different version numbers
-					if ( version_compare($api->version, $installed_plugin[ $key ]['Version'], '>') ){
+					if ( version_compare($api->version, $installed_plugin[ $key ]['Version'], '=') ){
 						$type = 'latest_installed';
 					} elseif ( version_compare($api->version, $installed_plugin[ $key ]['Version'], '<') ) {
 						$type = 'newer_installed';
 						$newer_version = $installed_plugin[ $key ]['Version'];
 					} else {
 						//If the above update check failed, Then that probably means that the update checker has out-of-date information, force a refresh
-						delete_option('update_plugins');
+						delete_transient('update_plugins');
 						$update_file = $api->slug . '/' . $key; //This code branch only deals with a plugin which is in a folder the same name as its slug, Doesnt support plugins which have 'non-standard' names
 						$type = 'update_available';
 					}
@@ -450,7 +475,7 @@ function install_plugin_information() {
 				default:
 				case 'install':
 					if ( current_user_can('install_plugins') ) :
-				?><a href="<?php echo wp_nonce_url(admin_url('plugin-install.php?tab=install&plugin=' . $api->slug), 'install-plugin_' . $api->slug) ?>" target="_parent"><?php _e('Install Now') ?></a><?php
+				?><a href="<?php echo wp_nonce_url(admin_url('update.php?action=install-plugin&plugin=' . $api->slug), 'install-plugin_' . $api->slug) ?>" target="_parent"><?php _e('Install Now') ?></a><?php
 					endif;
 				break;
 				case 'update_available':
@@ -485,30 +510,34 @@ function install_plugin_information() {
 <?php endif; if ( ! empty($api->tested) ) : ?>
 			<li><strong><?php _e('Compatible up to:') ?></strong> <?php echo $api->tested ?></li>
 <?php endif; if ( ! empty($api->downloaded) ) : ?>
-			<li><strong><?php _e('Downloaded:') ?></strong> <?php printf(__ngettext('%s time', '%s times', $api->downloaded), number_format_i18n($api->downloaded)) ?></li>
-<?php endif; if ( ! empty($api->slug) ) : ?>
+			<li><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $api->downloaded), number_format_i18n($api->downloaded)) ?></li>
+<?php endif; if ( ! empty($api->slug) && empty($api->external) ) : ?>
 			<li><a target="_blank" href="http://wordpress.org/extend/plugins/<?php echo $api->slug ?>/"><?php _e('WordPress.org Plugin Page &#187;') ?></a></li>
 <?php endif; if ( ! empty($api->homepage) ) : ?>
 			<li><a target="_blank" href="<?php echo $api->homepage ?>"><?php _e('Plugin Homepage  &#187;') ?></a></li>
 <?php endif; ?>
 		</ul>
+		<?php if ( ! empty($api->rating) ) : ?>
 		<h2><?php _e('Average Rating') ?></h2>
-		<div class="star-holder" title="<?php printf(__ngettext('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
-			<div class="star star-rating" style="width: <?php echo attribute_escape($api->rating) ?>px"></div>
+		<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
+			<div class="star star-rating" style="width: <?php echo esc_attr($api->rating) ?>px"></div>
 			<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
 			<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
 			<div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
 			<div class="star star2"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('2 stars') ?>" /></div>
 			<div class="star star1"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('1 star') ?>" /></div>
 		</div>
-		<small><?php printf(__ngettext('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?></small>
+		<small><?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?></small>
+		<?php endif; ?>
 	</div>
 	<div id="section-holder" class="wrap">
 	<?php
-		if ( version_compare($GLOBALS['wp_version'], $api->tested, '>') )
+		if ( !empty($api->tested) && version_compare( substr($GLOBALS['wp_version'], 0, strlen($api->tested)), $api->tested, '>') )
 			echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This plugin has <strong>not been tested</strong> with your current version of WordPress.') . '</p></div>';
-		else if ( version_compare($GLOBALS['wp_version'], $api->requires, '<') )
-			echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This plugin has not been marked as <strong>compatible</strong> with your version of WordPress.') . '</p></div>';
+
+		else if ( !empty($api->requires) && version_compare( substr($GLOBALS['wp_version'], 0, strlen($api->requires)), $api->requires, '<') )
+			echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This plugin has <strong>not been marked as compatible</strong> with your version of WordPress.') . '</p></div>';
+
 		foreach ( (array)$api->sections as $section_name => $content ) {
 			$title = $section_name;
 			$title[0] = strtoupper($title[0]);
@@ -517,7 +546,7 @@ function install_plugin_information() {
 			$content = links_add_base_url($content, 'http://wordpress.org/extend/plugins/' . $api->slug . '/');
 			$content = links_add_target($content, '_blank');

-			$san_title = attribute_escape(sanitize_title_with_dashes($title));
+			$san_title = esc_attr(sanitize_title_with_dashes($title));

 			$display = ( $section_name == $section ) ? 'block' : 'none';

@@ -531,364 +560,3 @@ function install_plugin_information() {
 	iframe_footer();
 	exit;
 }
-
-
-add_action('install_plugins_upload', 'upload_plugin');
-function upload_plugin() {
-
-	if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
-		wp_die($uploads['error']);
-
-	if ( !empty($_FILES) )
-		$filename = $_FILES['pluginzip']['name'];
-	else if ( isset($_GET['package']) )
-		$filename = $_GET['package'];
-
-	check_admin_referer('plugin-upload');
-
-	echo '<div class="wrap">';
-	echo '<h2>', sprintf( __('Installing Plugin from file: %s'), basename($filename) ), '</h2>';
-
-	//Handle a newly uploaded file, Else assume it was
-	if ( !empty($_FILES) ) {
-		$filename = wp_unique_filename( $uploads['basedir'], $filename );
-		$local_file = $uploads['basedir'] . '/' . $filename;
-
-		// Move the file to the uploads dir
-		if ( false === @ move_uploaded_file( $_FILES['pluginzip']['tmp_name'], $local_file) )
-			wp_die( sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path']));
-	} else {
-		$local_file = $uploads['basedir'] . '/' . $filename;
-	}
-
-	do_plugin_install_local_package($local_file, $filename);
-	echo '</div>';
-}
-
-add_action('install_plugins_install', 'install_plugin');
-
-/**
- * Display plugin link and execute install.
- *
- * @since 2.7.0
- */
-function install_plugin() {
-
-	$plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : '';
-
-	check_admin_referer('install-plugin_' . $plugin);
-	$api = plugins_api('plugin_information', array('slug' => $plugin, 'fields' => array('sections' => false) ) ); //Save on a bit of bandwidth.
-
-	if ( is_wp_error($api) )
-		wp_die($api);
-
-	echo '<div class="wrap">';
-	echo '<h2>', sprintf( __('Installing Plugin: %s'), $api->name . ' ' . $api->version ), '</h2>';
-
-	do_plugin_install($api->download_link, $api);
-	echo '</div>';
-
-}
-
-/**
- * Retrieve plugin and install.
- *
- * @since 2.7.0
- *
- * @param string $download_url Download URL.
- * @param object $plugin_information Optional. Plugin information
- */
-function do_plugin_install($download_url, $plugin_information = null) {
-	global $wp_filesystem;
-
-	if ( empty($download_url) ) {
-		show_message( __('No plugin Specified') );
-		return;
-	}
-
-	$plugin = isset($_REQUEST['plugin']) ? stripslashes( $_REQUEST['plugin'] ) : '';
-
-	$url = 'plugin-install.php?tab=install';
-	$url = add_query_arg(array('plugin' => $plugin, 'plugin_name' => stripslashes( $_REQUEST['plugin_name'] ), 'download_url' => stripslashes( $_REQUEST['download_url'] ) ), $url);
-
-	$url = wp_nonce_url($url, 'install-plugin_' . $plugin);
-	if ( false === ($credentials = request_filesystem_credentials($url)) )
-		return;
-
-	if ( ! WP_Filesystem($credentials) ) {
-		request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again
-		return;
-	}
-
-	if ( $wp_filesystem->errors->get_error_code() ) {
-		foreach ( $wp_filesystem->errors->get_error_messages() as $message )
-			show_message($message);
-		return;
-	}
-
-	$result = wp_install_plugin( $download_url, 'show_message' );
-
-	if ( is_wp_error($result) ) {
-		show_message($result);
-		show_message( __('Installation Failed') );
-	} else {
-		show_message( sprintf(__('Successfully installed the plugin <strong>%s %s</strong>.'), $plugin_information->name, $plugin_information->version) );
-		$plugin_file = $result;
-
-		$install_actions = apply_filters('install_plugin_complete_actions', array(
-			'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . attribute_escape(__('Activate this plugin')) . '" target="_parent">' . __('Activate Plugin') . '</a>',
-			'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . attribute_escape(__('Goto plugins page')) . '" target="_parent">' . __('Return to Plugins page') . '</a>'
-							), $plugin_information, $plugin_file);
-		if ( ! empty($install_actions) )
-			show_message('<strong>' . __('Actions:') . '</strong> ' . implode(' | ', (array)$install_actions));
-	}
-}
-
-/**
- * Install a plugin from a local file.
- *
- * @since 2.7.0
- *
- * @param string $package Local Plugin zip
- * @param string $filename Optional. Original filename
- * @param object $plugin_information Optional. Plugin information
- */
-function do_plugin_install_local_package($package, $filename = '') {
-	global $wp_filesystem;
-
-	if ( empty($package) ) {
-		show_message( __('No plugin Specified') );
-		return;
-	}
-
-	if ( empty($filename) )
-		$filename = basename($package);
-
-	$url = 'plugin-install.php?tab=upload';
-	$url = add_query_arg(array('package' => $filename), $url);
-
-	$url = wp_nonce_url($url, 'plugin-upload');
-	if ( false === ($credentials = request_filesystem_credentials($url)) )
-		return;
-
-	if ( ! WP_Filesystem($credentials) ) {
-		request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again
-		return;
-	}
-
-	if ( $wp_filesystem->errors->get_error_code() ) {
-		foreach ( $wp_filesystem->errors->get_error_messages() as $message )
-			show_message($message);
-		return;
-	}
-
-	$result = wp_install_plugin_local_package( $package, 'show_message' );
-
-	if ( is_wp_error($result) ) {
-		show_message($result);
-		show_message( __('Installation Failed') );
-	} else {
-		show_message( __('Successfully installed the plugin.') );
-		$plugin_file = $result;
-
-		$install_actions = apply_filters('install_plugin_complete_actions', array(
-							'activate_plugin' => '<a href="' . wp_nonce_url('plugins.php?action=activate&amp;plugin=' . $plugin_file, 'activate-plugin_' . $plugin_file) . '" title="' . __('Activate this plugin') . '" target="_parent">' . __('Activate Plugin') . '</a>',
-							'plugins_page' => '<a href="' . admin_url('plugins.php') . '" title="' . __('Goto plugins page') . '" target="_parent">' . __('Return to Plugins page') . '</a>'
-							), array(), $plugin_file);
-		if ( ! empty($install_actions) )
-			show_message('<strong>' . __('Actions:') . '</strong> ' . implode(' | ', (array)$install_actions));
-	}
-}
-
-/**
- * Install plugin.
- *
- * @since 2.7.0
- *
- * @param string $package
- * @param string $feedback Optional.
- * @return mixed.
- */
-function wp_install_plugin($package, $feedback = '') {
-	global $wp_filesystem;
-
-	if ( !empty($feedback) )
-		add_filter('install_feedback', $feedback);
-
-	// Is a filesystem accessor setup?
-	if ( ! $wp_filesystem || ! is_object($wp_filesystem) )
-		WP_Filesystem();
-
-	if ( ! is_object($wp_filesystem) )
-		return new WP_Error('fs_unavailable', __('Could not access filesystem.'));
-
-	if ( $wp_filesystem->errors->get_error_code() )
-		return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors);
-
-	//Get the base plugin folder
-	$plugins_dir = $wp_filesystem->wp_plugins_dir();
-	if ( empty($plugins_dir) )
-		return new WP_Error('fs_no_plugins_dir', __('Unable to locate WordPress Plugin directory.'));
-
-	//And the same for the Content directory.
-	$content_dir = $wp_filesystem->wp_content_dir();
-	if( empty($content_dir) )
-		return new WP_Error('fs_no_content_dir', __('Unable to locate WordPress Content directory (wp-content).'));
-
-	$plugins_dir = trailingslashit( $plugins_dir );
-	$content_dir = trailingslashit( $content_dir );
-
-	if ( empty($package) )
-		return new WP_Error('no_package', __('Install package not available.'));
-
-	// Download the package
-	apply_filters('install_feedback', sprintf(__('Downloading plugin package from %s'), $package));
-	$download_file = download_url($package);
-
-	if ( is_wp_error($download_file) )
-		return new WP_Error('download_failed', __('Download failed.'), $download_file->get_error_message());
-
-	$working_dir = $content_dir . 'upgrade/' . basename($package, '.zip');
-
-	// Clean up working directory
-	if ( $wp_filesystem->is_dir($working_dir) )
-		$wp_filesystem->delete($working_dir, true);
-
-	apply_filters('install_feedback', __('Unpacking the plugin package'));
-	// Unzip package to working directory
-	$result = unzip_file($download_file, $working_dir);
-
-	// Once extracted, delete the package
-	@unlink($download_file);
-
-	if ( is_wp_error($result) ) {
-		$wp_filesystem->delete($working_dir, true);
-		return $result;
-	}
-
-	//Get a list of the directories in the working directory before we delete it, We need to know the new folder for the plugin
-	$filelist = array_keys( $wp_filesystem->dirlist($working_dir) );
-
-	if( $wp_filesystem->exists( $plugins_dir . $filelist[0] ) ) {
-		$wp_filesystem->delete($working_dir, true);
-		return new WP_Error('install_folder_exists', __('Folder already exists.'), $filelist[0] );
-	}
-
-	apply_filters('install_feedback', __('Installing the plugin'));
-	// Copy new version of plugin into place.
-	$result = copy_dir($working_dir, $plugins_dir);
-	if ( is_wp_error($result) ) {
-		$wp_filesystem->delete($working_dir, true);
-		return $result;
-	}
-
-	//Get a list of the directories in the working directory before we delete it, We need to know the new folder for the plugin
-	$filelist = array_keys( $wp_filesystem->dirlist($working_dir) );
-
-	// Remove working directory
-	$wp_filesystem->delete($working_dir, true);
-
-	if( empty($filelist) )
-		return false; //We couldnt find any files in the working dir, therefor no plugin installed? Failsafe backup.
-
-	$folder = $filelist[0];
-	$plugin = get_plugins('/' . $folder); //Ensure to pass with leading slash
-	$pluginfiles = array_keys($plugin); //Assume the requested plugin is the first in the list
-
-	//Return the plugin files name.
-	return  $folder . '/' . $pluginfiles[0];
-}
-
-/**
- * Install plugin from local package
- *
- * @since 2.7.0
- *
- * @param string $package
- * @param string $feedback Optional.
- * @return mixed.
- */
-function wp_install_plugin_local_package($package, $feedback = '') {
-	global $wp_filesystem;
-
-	if ( !empty($feedback) )
-		add_filter('install_feedback', $feedback);
-
-	// Is a filesystem accessor setup?
-	if ( ! $wp_filesystem || ! is_object($wp_filesystem) )
-		WP_Filesystem();
-
-	if ( ! is_object($wp_filesystem) )
-		return new WP_Error('fs_unavailable', __('Could not access filesystem.'));
-
-	if ( $wp_filesystem->errors->get_error_code() )
-		return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors);
-
-	//Get the base plugin folder
-	$plugins_dir = $wp_filesystem->wp_plugins_dir();
-	if ( empty($plugins_dir) )
-		return new WP_Error('fs_no_plugins_dir', __('Unable to locate WordPress Plugin directory.'));
-
-	//And the same for the Content directory.
-	$content_dir = $wp_filesystem->wp_content_dir();
-	if( empty($content_dir) )
-		return new WP_Error('fs_no_content_dir', __('Unable to locate WordPress Content directory (wp-content).'));
-
-	$plugins_dir = trailingslashit( $plugins_dir );
-	$content_dir = trailingslashit( $content_dir );
-
-	if ( empty($package) )
-		return new WP_Error('no_package', __('Install package not available.'));
-
-	$working_dir = $content_dir . 'upgrade/' . basename($package, '.zip');
-
-	// Clean up working directory
-	if ( $wp_filesystem->is_dir($working_dir) )
-		$wp_filesystem->delete($working_dir, true);
-
-	apply_filters('install_feedback', __('Unpacking the plugin package'));
-	// Unzip package to working directory
-	$result = unzip_file($package, $working_dir);
-
-	// Once extracted, delete the package
-	unlink($package);
-
-	if ( is_wp_error($result) ) {
-		$wp_filesystem->delete($working_dir, true);
-		return $result;
-	}
-
-	//Get a list of the directories in the working directory before we delete it, We need to know the new folder for the plugin
-	$filelist = array_keys( $wp_filesystem->dirlist($working_dir) );
-
-	if( $wp_filesystem->exists( $plugins_dir . $filelist[0] ) ) {
-		$wp_filesystem->delete($working_dir, true);
-		return new WP_Error('install_folder_exists', __('Folder already exists.'), $filelist[0] );
-	}
-
-	apply_filters('install_feedback', __('Installing the plugin'));
-	// Copy new version of plugin into place.
-	$result = copy_dir($working_dir, $plugins_dir);
-	if ( is_wp_error($result) ) {
-		$wp_filesystem->delete($working_dir, true);
-		return $result;
-	}
-
-	//Get a list of the directories in the working directory before we delete it, We need to know the new folder for the plugin
-	$filelist = array_keys( $wp_filesystem->dirlist($working_dir) );
-
-	// Remove working directory
-	$wp_filesystem->delete($working_dir, true);
-
-	if( empty($filelist) )
-		return false; //We couldnt find any files in the working dir, therefor no plugin installed? Failsafe backup.
-
-	$folder = $filelist[0];
-	$plugin = get_plugins('/' . $folder); //Ensure to pass with leading slash
-	$pluginfiles = array_keys($plugin); //Assume the requested plugin is the first in the list
-
-	//Return the plugin files name.
-	return  $folder . '/' . $pluginfiles[0];
-}
-
-?>
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -86,7 +86,7 @@ function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {

 	foreach ( array( 'name', 'uri', 'version', 'description', 'author_name', 'author_uri', 'text_domain', 'domain_path' ) as $field ) {
 		if ( !empty( ${$field} ) )
-			${$field} = trim(${$field}[1]);
+			${$field} = _cleanup_header_comment(${$field}[1]);
 		else
 			${$field} = '';
 	}
@@ -97,11 +97,12 @@ function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
 				'TextDomain' => $text_domain, 'DomainPath' => $domain_path
 				);
 	if ( $markup || $translate )
-		$plugin_data = _get_plugin_data_markup_translate($plugin_data, $markup, $translate);
+		$plugin_data = _get_plugin_data_markup_translate($plugin_file, $plugin_data, $markup, $translate);
+
 	return $plugin_data;
 }

-function _get_plugin_data_markup_translate($plugin_data, $markup = true, $translate = true) {
+function _get_plugin_data_markup_translate($plugin_file, $plugin_data, $markup = true, $translate = true) {

 	//Translate fields
 	if( $translate && ! empty($plugin_data['TextDomain']) ) {
@@ -121,7 +122,7 @@ function _get_plugin_data_markup_translate($plugin_data, $markup = true, $transl
 		else
 			$plugin_data['Title'] = $plugin_data['Name'];

-		if ( ! empty($plugin_data['AuthorURI']) )
+		if ( ! empty($plugin_data['AuthorURI']) && ! empty($plugin_data['Author']) )
 			$plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '" title="' . __( 'Visit author homepage' ) . '">' . $plugin_data['Author'] . '</a>';

 		$plugin_data['Description'] = wptexturize( $plugin_data['Description'] );
@@ -140,6 +141,46 @@ function _get_plugin_data_markup_translate($plugin_data, $markup = true, $transl
 	return $plugin_data;
 }

+/**
+ * Get a list of a plugin's files.
+ *
+ * @since 2.8.0
+ *
+ * @param string $plugin Plugin ID
+ * @return array List of files relative to the plugin root.
+ */
+function get_plugin_files($plugin) {
+	$plugin_file = WP_PLUGIN_DIR . '/' . $plugin;
+	$dir = dirname($plugin_file);
+	$plugin_files = array($plugin);
+	if ( is_dir($dir) && $dir != WP_PLUGIN_DIR ) {
+		$plugins_dir = @ opendir( $dir );
+		if ( $plugins_dir ) {
+			while (($file = readdir( $plugins_dir ) ) !== false ) {
+				if ( substr($file, 0, 1) == '.' )
+					continue;
+				if ( is_dir( $dir . '/' . $file ) ) {
+					$plugins_subdir = @ opendir( $dir . '/' . $file );
+					if ( $plugins_subdir ) {
+						while (($subfile = readdir( $plugins_subdir ) ) !== false ) {
+							if ( substr($subfile, 0, 1) == '.' )
+								continue;
+							$plugin_files[] = plugin_basename("$dir/$file/$subfile");
+						}
+						@closedir( $plugins_subdir );
+					}
+				} else {
+					if ( plugin_basename("$dir/$file") != $plugin )
+						$plugin_files[] = plugin_basename("$dir/$file");
+				}
+			}
+			@closedir( $plugins_dir );
+		}
+	}
+
+	return $plugin_files;
+}
+
 /**
 * Check the plugins directory and retrieve all plugin files with plugin data.
 *
@@ -175,6 +216,7 @@ function get_plugins($plugin_folder = '') {

 	// Files in wp-content/plugins directory
 	$plugins_dir = @ opendir( $plugin_root);
+	$plugin_files = array();
 	if ( $plugins_dir ) {
 		while (($file = readdir( $plugins_dir ) ) !== false ) {
 			if ( substr($file, 0, 1) == '.' )
@@ -198,7 +240,7 @@ function get_plugins($plugin_folder = '') {
 	@closedir( $plugins_dir );
 	@closedir( $plugins_subdir );

-	if ( !$plugins_dir || !$plugin_files )
+	if ( !$plugins_dir || empty($plugin_files) )
 		return $wp_plugins;

 	foreach ( $plugin_files as $plugin_file ) {
@@ -391,14 +433,10 @@ function delete_plugins($plugins, $redirect = '' ) {
 		return;
 	}

-	if ( $wp_filesystem->errors->get_error_code() ) {
-		return $wp_filesystem->errors;
-	}
-
 	if ( ! is_object($wp_filesystem) )
 		return new WP_Error('fs_unavailable', __('Could not access filesystem.'));

-	if ( $wp_filesystem->errors->get_error_code() )
+	if ( is_wp_error($wp_filesystem->errors) && $wp_filesystem->errors->get_error_code() )
 		return new WP_Error('fs_error', __('Filesystem error'), $wp_filesystem->errors);

 	//Get the base plugin folder
@@ -430,7 +468,10 @@ function delete_plugins($plugins, $redirect = '' ) {
 		return new WP_Error('could_not_remove_plugin', sprintf(__('Could not fully remove the plugin(s) %s'), implode(', ', $errors)) );

 	// Force refresh of plugin update information
-	delete_option('update_plugins');
+	if ( $current = get_transient('update_plugins') ) {
+		unset( $current->response[ $plugin_file ] );
+		set_transient('update_plugins', $current);
+	}

 	return true;
 }
@@ -476,6 +517,9 @@ function validate_plugin($plugin) {
 	if ( ! file_exists(WP_PLUGIN_DIR . '/' . $plugin) )
 		return new WP_Error('plugin_not_found', __('Plugin file does not exist.'));

+	$installed_plugins = get_plugins();
+	if ( ! isset($installed_plugins[$plugin]) )
+		return new WP_Error('no_plugin_header', __('The plugin does not have a valid header.'));
 	return 0;
 }

@@ -541,7 +585,7 @@ function uninstall_plugin($plugin) {
 //

 function add_menu_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '' ) {
-	global $menu, $admin_page_hooks;
+	global $menu, $admin_page_hooks, $_registered_pages;

 	$file = plugin_basename( $file );

@@ -553,14 +597,18 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio

 	if ( empty($icon_url) )
 		$icon_url = 'images/generic.png';
+	elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') )
+		$icon_url = 'https://' . substr($icon_url, 7);

 	$menu[] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );

+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }

 function add_object_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_object_menu;
+	global $menu, $admin_page_hooks, $_wp_last_object_menu, $_registered_pages;

 	$file = plugin_basename( $file );

@@ -577,11 +625,13 @@ function add_object_page( $page_title, $menu_title, $access_level, $file, $funct

 	$menu[$_wp_last_object_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );

+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }

 function add_utility_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_utility_menu;
+	global $menu, $admin_page_hooks, $_wp_last_utility_menu, $_registered_pages;

 	$file = plugin_basename( $file );

@@ -593,11 +643,15 @@ function add_utility_page( $page_title, $menu_title, $access_level, $file, $func

 	if ( empty($icon_url) )
 		$icon_url = 'images/generic.png';
+	elseif ( is_ssl() && 0 === strpos($icon_url, 'http://') )
+		$icon_url = 'https://' . substr($icon_url, 7);

 	$_wp_last_utility_menu++;

 	$menu[$_wp_last_utility_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );

+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }

@@ -606,6 +660,7 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	global $menu;
 	global $_wp_real_parent_file;
 	global $_wp_submenu_nopriv;
+	global $_registered_pages;

 	$file = plugin_basename( $file );

@@ -623,7 +678,7 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	// parent file someone is trying to link back to the parent manually.  In
 	// this case, don't automatically add a link back to avoid duplication.
 	if (!isset( $submenu[$parent] ) && $file != $parent  ) {
-		foreach ( $menu as $parent_menu ) {
+		foreach ( (array)$menu as $parent_menu ) {
 			if ( $parent_menu[2] == $parent && current_user_can( $parent_menu[1] ) )
 				$submenu[$parent][] = $parent_menu;
 		}
@@ -635,6 +690,11 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	if (!empty ( $function ) && !empty ( $hookname ))
 		add_action( $hookname, $function );

+	$_registered_pages[$hookname] = true;
+	// backwards-compatibility for plugins using add_management page.  See wp-admin/admin.php for redirect from edit.php to tools.php
+	if ( 'tools.php' == $parent ) 
+		$_registered_pages[get_plugin_page_hookname( $file, 'edit.php')] = true;
+
 	return $hookname;
 }

@@ -721,7 +781,7 @@ function get_admin_page_parent( $parent = '' ) {
 */

 	if ( $pagenow == 'admin.php' && isset( $plugin_page ) ) {
-		foreach ( $menu as $parent_menu ) {
+		foreach ( (array)$menu as $parent_menu ) {
 			if ( $parent_menu[2] == $plugin_page ) {
 				$parent_file = $plugin_page;
 				if ( isset( $_wp_real_parent_file[$parent_file] ) )
@@ -744,7 +804,7 @@ function get_admin_page_parent( $parent = '' ) {
 		return $parent_file;
 	}

-	foreach (array_keys( $submenu ) as $parent) {
+	foreach (array_keys( (array)$submenu ) as $parent) {
 		foreach ( $submenu[$parent] as $submenu_array ) {
 			if ( isset( $_wp_real_parent_file[$parent] ) )
 				$parent = $_wp_real_parent_file[$parent];
@@ -780,7 +840,7 @@ function get_admin_page_title() {
 	$parent = $parent1 = get_admin_page_parent();

 	if ( empty ( $parent) ) {
-		foreach ( $menu as $menu_array ) {
+		foreach ( (array)$menu as $menu_array ) {
 			if ( isset( $menu_array[3] ) ) {
 				if ( $menu_array[2] == $pagenow ) {
 					$title = $menu_array[3];
@@ -818,6 +878,18 @@ function get_admin_page_title() {
 				}
 			}
 		}
+		if ( !isset($title) || empty ( $title ) ) {
+			foreach ( $menu as $menu_array ) {
+				if ( isset( $plugin_page ) &&
+					($plugin_page == $menu_array[2] ) &&
+					($pagenow == 'admin.php' ) &&
+					($parent1 == $menu_array[2] ) )
+					{
+						$title = $menu_array[3];
+						return $menu_array[3];
+					}
+			}
+		}
 	}

 	return $title;
@@ -859,14 +931,21 @@ function user_can_access_admin_page() {
 	global $_wp_menu_nopriv;
 	global $_wp_submenu_nopriv;
 	global $plugin_page;
+	global $_registered_pages;

 	$parent = get_admin_page_parent();

-	if ( isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
+	if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
 		return false;

-	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
-		return false;
+	if ( isset( $plugin_page ) ) {
+		if ( isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
+			return false;
+
+		$hookname = get_plugin_page_hookname($plugin_page, $parent);
+		if ( !isset($_registered_pages[$hookname]) )
+			return false;
+	}

 	if ( empty( $parent) ) {
 		if ( isset( $_wp_menu_nopriv[$pagenow] ) )
@@ -875,6 +954,8 @@ function user_can_access_admin_page() {
 			return false;
 		if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) )
 			return false;
+		if ( isset( $plugin_page ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+			return false;
 		foreach (array_keys( $_wp_submenu_nopriv ) as $key ) {
 			if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
 				return false;
@@ -884,6 +965,9 @@ function user_can_access_admin_page() {
 		return true;
 	}

+	if ( isset( $plugin_page ) && ( $plugin_page == $parent ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+		return false;
+
 	if ( isset( $submenu[$parent] ) ) {
 		foreach ( $submenu[$parent] as $submenu_array ) {
 			if ( isset( $plugin_page ) && ( $submenu_array[2] == $plugin_page ) ) {
@@ -969,7 +1053,7 @@ function add_option_update_handler($option_group, $option_name, $sanitize_callba
 */
 function remove_option_update_handler($option_group, $option_name, $sanitize_callback = '') {
 	global $new_whitelist_options;
-	$pos = array_search( $option_name, $new_whitelist_options );
+	$pos = array_search( $option_name, (array) $new_whitelist_options );
 	if ( $pos !== false )
 		unset( $new_whitelist_options[ $option_group ][ $pos ] );
 	if ( $sanitize_callback != '' )
@@ -1041,9 +1125,11 @@ function remove_option_whitelist( $del_options, $options = '' ) {
 	}
 	foreach( $del_options as $page => $keys ) {
 		foreach( $keys as $key ) {
-			$pos = array_search( $key, $whitelist_options[ $page ] );
-			if( $pos !== false )
-				unset( $whitelist_options[ $page ][ $pos ] );
+			if ( isset($whitelist_options[ $page ]) && is_array($whitelist_options[ $page ]) ) {
+				$pos = array_search( $key, $whitelist_options[ $page ] );
+				if( $pos !== false )
+					unset( $whitelist_options[ $page ][ $pos ] );
+			}
 		}
 	}
 	return $whitelist_options;
@@ -1057,7 +1143,7 @@ function remove_option_whitelist( $del_options, $options = '' ) {
 * @param string $option_group A settings group name.  This should match the group name used in register_setting().
 */
 function settings_fields($option_group) {
-	echo "<input type='hidden' name='option_page' value='$option_group' />";
+	echo "<input type='hidden' name='option_page' value='" . esc_attr($option_group) . "' />";
 	echo '<input type="hidden" name="action" value="update" />';
 	wp_nonce_field("$option_group-options");
 }
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -228,7 +228,7 @@ function bulk_edit_posts( $post_data = null ) {
 	if ( empty($post_data) )
 		$post_data = &$_POST;

-	if ( 'page' == $post_data['post_type'] ) {
+	if ( isset($post_data['post_type']) && 'page' == $post_data['post_type'] ) {
 		if ( ! current_user_can( 'edit_pages' ) )
 			wp_die( __('You are not allowed to edit pages.') );
 	} else {
@@ -236,7 +236,7 @@ function bulk_edit_posts( $post_data = null ) {
 			wp_die( __('You are not allowed to edit posts.') );
 	}

-	$post_IDs = array_map( intval, (array) $post_data['post'] );
+	$post_IDs = array_map( 'intval', (array) $post_data['post'] );

 	$reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tags_input', 'post_category', 'sticky' );
 	foreach ( $reset as $field ) {
@@ -319,9 +319,9 @@ function bulk_edit_posts( $post_data = null ) {
 */
 function get_default_post_to_edit() {
 	if ( !empty( $_REQUEST['post_title'] ) )
-		$post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
+		$post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
 	else if ( !empty( $_REQUEST['popuptitle'] ) ) {
-		$post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
+		$post_title = esc_html( stripslashes( $_REQUEST['popuptitle'] ));
 		$post_title = funky_javascript_fix( $post_title );
 	} else {
 		$post_title = '';
@@ -329,16 +329,16 @@ function get_default_post_to_edit() {

 	$post_content = '';
 	if ( !empty( $_REQUEST['content'] ) )
-		$post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
+		$post_content = esc_html( stripslashes( $_REQUEST['content'] ));
 	else if ( !empty( $post_title ) ) {
-		$text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
+		$text       = esc_html( stripslashes( urldecode( $_REQUEST['text'] ) ) );
 		$text       = funky_javascript_fix( $text);
-		$popupurl   = clean_url($_REQUEST['popupurl']);
+		$popupurl   = esc_url($_REQUEST['popupurl']);
 		$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
 	}

 	if ( !empty( $_REQUEST['excerpt'] ) )
-		$post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
+		$post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
 	else
 		$post_excerpt = '';

@@ -346,6 +346,7 @@ function get_default_post_to_edit() {
 	$post->post_name = '';
 	$post->post_author = '';
 	$post->post_date = '';
+	$post->post_date_gmt = '';
 	$post->post_password = '';
 	$post->post_status = 'draft';
 	$post->post_type = 'post';
@@ -397,30 +398,42 @@ function get_post_to_edit( $id ) {
 }

 /**
- * {@internal Missing Short Description}}
+ * Determine if a post exists based on title, content, and date
 *
 * @since unknown
 *
- * @param unknown_type $title
- * @param unknown_type $content
- * @param unknown_type $post_date
- * @return unknown
+ * @param string $title Post title
+ * @param string $content Optional post content
+ * @param string $date Optional post date
+ * @return int Post ID if post exists, 0 otherwise.
 */
-function post_exists($title, $content = '', $post_date = '') {
+function post_exists($title, $content = '', $date = '') {
 	global $wpdb;

-	$title = stripslashes($title);
-	$content = stripslashes($content);
-	$post_date = stripslashes($post_date);
+	$post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
+	$post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
+	$post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );

-	if (!empty ($post_date))
-		$post_date = $wpdb->prepare("AND post_date = %s", $post_date);
+	$query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
+	$args = array();

-	if (!empty ($title))
-		return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
-	else
-		if (!empty ($content))
-			return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
+	if ( !empty ( $date ) ) {
+		$query .= ' AND post_date = %s';
+		$args[] = $post_date;
+	}
+
+	if ( !empty ( $title ) ) {
+		$query .= ' AND post_title = %s';
+		$args[] = $post_title;
+	}
+
+	if ( !empty ( $content ) ) {
+		$query .= 'AND post_content = %s';
+		$args[] = $post_content;
+	}
+
+	if ( !empty ( $args ) )
+		return $wpdb->get_var( $wpdb->prepare($query, $args) );

 	return 0;
 }
@@ -664,10 +677,13 @@ function update_meta( $meta_id, $meta_key, $meta_value ) {
 	if ( in_array($meta_key, $protected) )
 		return false;

+	if ( '' === trim( $meta_value ) )
+		return false;
+
 	$post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) );
 	wp_cache_delete($post_id, 'post_meta');

-	$meta_value = maybe_serialize( stripslashes( $meta_value ));
+	$meta_value = maybe_serialize( stripslashes( $meta_value ) );
 	$meta_id = (int) $meta_id;

 	$data  = compact( 'meta_key', 'meta_value' );
@@ -743,7 +759,7 @@ function _relocate_children( $old_ID, $new_ID ) {
 	global $wpdb;
 	$old_ID = (int) $old_ID;
 	$new_ID = (int) $new_ID;
-	return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
+	return $wpdb->update($wpdb->posts, array('post_parent' => $new_ID), array('post_parent' => $old_ID) );
 }

 /**
@@ -774,11 +790,11 @@ function wp_edit_posts_query( $q = false ) {
 	$q['m']   = isset($q['m']) ? (int) $q['m'] : 0;
 	$q['cat'] = isset($q['cat']) ? (int) $q['cat'] : 0;
 	$post_stati  = array(	//	array( adj, noun )
-				'publish' => array(__('Published'), __('Published posts'), __ngettext_noop('Published <span class="count">(%s)</span>', 'Published <span class="count">(%s)</span>')),
-				'future' => array(__('Scheduled'), __('Scheduled posts'), __ngettext_noop('Scheduled <span class="count">(%s)</span>', 'Scheduled <span class="count">(%s)</span>')),
-				'pending' => array(__('Pending Review'), __('Pending posts'), __ngettext_noop('Pending Review <span class="count">(%s)</span>', 'Pending Review <span class="count">(%s)</span>')),
-				'draft' => array(__('Draft'), _c('Drafts|manage posts header'), __ngettext_noop('Draft <span class="count">(%s)</span>', 'Drafts <span class="count">(%s)</span>')),
-				'private' => array(__('Private'), __('Private posts'), __ngettext_noop('Private <span class="count">(%s)</span>', 'Private <span class="count">(%s)</span>')),
+				'publish' => array(_x('Published', 'post'), __('Published posts'), _n_noop('Published <span class="count">(%s)</span>', 'Published <span class="count">(%s)</span>')),
+				'future' => array(_x('Scheduled', 'post'), __('Scheduled posts'), _n_noop('Scheduled <span class="count">(%s)</span>', 'Scheduled <span class="count">(%s)</span>')),
+				'pending' => array(_x('Pending Review', 'post'), __('Pending posts'), _n_noop('Pending Review <span class="count">(%s)</span>', 'Pending Review <span class="count">(%s)</span>')),
+				'draft' => array(_x('Draft', 'post'), _x('Drafts', 'manage posts header'), _n_noop('Draft <span class="count">(%s)</span>', 'Drafts <span class="count">(%s)</span>')),
+				'private' => array(_x('Private', 'post'), __('Private posts'), _n_noop('Private <span class="count">(%s)</span>', 'Private <span class="count">(%s)</span>')),
 			);

 	$post_stati = apply_filters('post_stati', $post_stati);
@@ -802,7 +818,12 @@ function wp_edit_posts_query( $q = false ) {
 		$orderby = 'date';
 	}

-	wp("post_type=post&what_to_show=posts$post_status_q&posts_per_page=15&order=$order&orderby=$orderby");
+	$posts_per_page = get_user_option('edit_per_page');
+	if ( empty($posts_per_page) )
+		$posts_per_page = 15;
+	$posts_per_page = apply_filters('edit_posts_per_page', $posts_per_page);
+
+	wp("post_type=post&$post_status_q&posts_per_page=$posts_per_page&order=$order&orderby=$orderby");

 	return array($post_stati, $avail_post_stati);
 }
@@ -838,11 +859,14 @@ function wp_edit_attachments_query( $q = false ) {
 	$q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
 	$q['post_type'] = 'attachment';
 	$q['post_status'] = 'any';
-	$q['posts_per_page'] = 15;
+	$media_per_page = get_user_option('upload_per_page');
+	if ( empty($media_per_page) )
+		$media_per_page = 20;
+	$q['posts_per_page'] = $media_per_page;
 	$post_mime_types = array(	//	array( adj, noun )
-				'image' => array(__('Images'), __('Manage Images'), __ngettext_noop('Image <span class="count">(%s)</span>', 'Images <span class="count">(%s)</span>')),
-				'audio' => array(__('Audio'), __('Manage Audio'), __ngettext_noop('Audio <span class="count">(%s)</span>', 'Audio <span class="count">(%s)</span>')),
-				'video' => array(__('Video'), __('Manage Video'), __ngettext_noop('Video <span class="count">(%s)</span>', 'Video <span class="count">(%s)</span>')),
+				'image' => array(__('Images'), __('Manage Images'), _n_noop('Image <span class="count">(%s)</span>', 'Images <span class="count">(%s)</span>')),
+				'audio' => array(__('Audio'), __('Manage Audio'), _n_noop('Audio <span class="count">(%s)</span>', 'Audio <span class="count">(%s)</span>')),
+				'video' => array(__('Video'), __('Manage Video'), _n_noop('Video <span class="count">(%s)</span>', 'Video <span class="count">(%s)</span>')),
 			);
 	$post_mime_types = apply_filters('post_mime_types', $post_mime_types);

@@ -871,7 +895,7 @@ function postbox_classes( $id, $page ) {
 	$current_user = wp_get_current_user();
 	if ( $closed = get_user_option('closedpostboxes_'.$page, 0, false ) ) {
 		if ( !is_array( $closed ) ) return '';
-		return in_array( $id, $closed )? 'if-js-closed' : '';
+		return in_array( $id, $closed )? 'closed' : '';
 	} else {
 		return '';
 	}
@@ -903,12 +927,16 @@ function get_sample_permalink($id, $title=null, $name = null) {
 		$post->post_name = sanitize_title($post->post_name? $post->post_name : $post->post_title, $post->ID);
 	}

+	$post->post_name = wp_unique_post_slug($post->post_name, $post->ID, $post->post_status, $post->post_type, $post->post_parent);
+
 	// If the user wants to set a new name -- override the current one
 	// Note: if empty name is supplied -- use the title instead, see #6072
 	if (!is_null($name)) {
 		$post->post_name = sanitize_title($name? $name : $title, $post->ID);
 	}

+	$post->filter = 'sample';
+
 	$permalink = get_permalink($post, true);

 	// Handle page hierarchy
@@ -926,6 +954,8 @@ function get_sample_permalink($id, $title=null, $name = null) {
 	$post->post_status = $original_status;
 	$post->post_date = $original_date;
 	$post->post_name = $original_name;
+	unset($post->filter);
+
 	return $permalink;
 }

@@ -939,12 +969,22 @@ function get_sample_permalink($id, $title=null, $name = null) {
 * @param unknown_type $new_slug
 * @return unknown
 */
-function get_sample_permalink_html($id, $new_title=null, $new_slug=null) {
+function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
 	$post = &get_post($id);
 	list($permalink, $post_name) = get_sample_permalink($post->ID, $new_title, $new_slug);
-	if (false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%')) {
-		return '';
+	if ( 'publish' == $post->post_status )
+		$view_post = 'post' == $post->post_type ? __('View Post') : __('View Page');
+
+	if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
+		$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink">' . $permalink . "</span>\n";
+		if ( current_user_can( 'manage_options' ) )
+			$return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
+		if ( isset($view_post) )
+			$return .= "<span id='view-post-btn'><a href='$permalink' class='button' target='_blank'>$view_post</a></span>\n";
+
+		return $return;
 	}
+
 	$title = __('Click to edit this part of the permalink');
 	if (function_exists('mb_strlen')) {
 		if (mb_strlen($post_name) > 30) {
@@ -959,10 +999,16 @@ function get_sample_permalink_html($id, $new_title=null, $new_slug=null) {
 			$post_name_abridged = $post_name;
 		}
 	}
-	$post_name_html = '<span id="editable-post-name" title="'.$title.'">'.$post_name_abridged.'</span><span id="editable-post-name-full">'.$post_name.'</span>';
+
+	$post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>';
 	$display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink);
+	$view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink);
 	$return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink">' . $display_link . "</span>\n";
-	$return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button" onclick="edit_permalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
+	$return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button hide-if-no-js" onclick="edit_permalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
+	$return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
+	if ( isset($view_post) )
+		$return .= "<span id='view-post-btn'><a href='$view_link' class='button' target='_blank'>$view_post</a></span>\n";
+
 	return $return;
 }

@@ -1035,6 +1081,9 @@ function wp_create_post_autosave( $post_id ) {
 		return wp_update_post( $new_autosave );
 	}

+	// _wp_put_post_revision() expects unescaped.
+	$_POST = stripslashes_deep($_POST);
+
 	// Otherwise create the new autosave as a special post revision
 	return _wp_put_post_revision( $_POST, true );
 }
@@ -1103,20 +1152,24 @@ function post_preview() {
 /**
 * Adds the TinyMCE editor used on the Write and Edit screens.
 *
- * Has option to output a trimmed down version used in Press This.
- *
 * @package WordPress
 * @since 2.7
+ *
+ * TinyMCE is loaded separately from other Javascript by using wp-tinymce.php. It outputs concatenated
+ * and optionaly pre-compressed version of the core and all default plugins. Additional plugins are loaded
+ * directly by TinyMCE using non-blocking method. Custom plugins can be refreshed by adding a query string
+ * to the URL when queueing them with the mce_external_plugins filter.
+ *
+ * @param bool $teeny optional Output a trimmed down version used in Press This.
 */
 function wp_tiny_mce( $teeny = false ) {
+	global $concatenate_scripts, $compress_scripts, $tinymce_version;
+
 	if ( ! user_can_richedit() )
 		return;

 	$baseurl = includes_url('js/tinymce');

-	$mce_css = $baseurl . '/wordpress.css';
-	$mce_css = apply_filters('mce_css', $mce_css);
-
 	$mce_locale = ( '' == get_locale() ) ? 'en' : strtolower( substr(get_locale(), 0, 2) ); // only ISO 639-1

 	/*
@@ -1131,7 +1184,7 @@ function wp_tiny_mce( $teeny = false ) {
 		$plugins = apply_filters( 'teeny_mce_plugins', array('safari', 'inlinepopups', 'media', 'autosave', 'fullscreen') );
 		$ext_plugins = '';
 	} else {
-		$plugins = array( 'safari', 'inlinepopups', 'autosave', 'spellchecker', 'paste', 'wordpress', 'media', 'fullscreen', 'wpeditimage', 'wpgallery' );
+		$plugins = array( 'safari', 'inlinepopups', 'spellchecker', 'paste', 'wordpress', 'media', 'fullscreen', 'wpeditimage', 'wpgallery', 'tabfocus' );

 		/*
 		The following filter takes an associative array of external plugins for TinyMCE in the form 'plugin_name' => 'url'.
@@ -1142,7 +1195,7 @@ function wp_tiny_mce( $teeny = false ) {
 		*/
 		$mce_external_plugins = apply_filters('mce_external_plugins', array());

-		$ext_plugins = "\n";
+		$ext_plugins = '';
 		if ( ! empty($mce_external_plugins) ) {

 			/*
@@ -1161,9 +1214,9 @@ function wp_tiny_mce( $teeny = false ) {

 			if ( ! empty($mce_external_languages) ) {
 				foreach ( $mce_external_languages as $name => $path ) {
-					if ( is_file($path) && is_readable($path) ) {
+					if ( @is_file($path) && @is_readable($path) ) {
 						include_once($path);
-						$ext_plugins .= $strings;
+						$ext_plugins .= $strings . "\n";
 						$loaded_langs[] = $name;
 					}
 				}
@@ -1184,21 +1237,21 @@ function wp_tiny_mce( $teeny = false ) {
 					if ( function_exists('realpath') )
 						$path = trailingslashit( realpath($path) );

-					if ( is_file($path . $mce_locale . '.js') )
-						$strings .= @file_get_contents($path . $mce_locale . '.js');
+					if ( @is_file($path . $mce_locale . '.js') )
+						$strings .= @file_get_contents($path . $mce_locale . '.js') . "\n";

-					if ( is_file($path . $mce_locale . '_dlg.js') )
-						$strings .= @file_get_contents($path . $mce_locale . '_dlg.js');
+					if ( @is_file($path . $mce_locale . '_dlg.js') )
+						$strings .= @file_get_contents($path . $mce_locale . '_dlg.js') . "\n";

 					if ( 'en' != $mce_locale && empty($strings) ) {
-						if ( is_file($path . 'en.js') ) {
+						if ( @is_file($path . 'en.js') ) {
 							$str1 = @file_get_contents($path . 'en.js');
-							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 );
+							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n";
 						}

-						if ( is_file($path . 'en_dlg.js') ) {
+						if ( @is_file($path . 'en_dlg.js') ) {
 							$str2 = @file_get_contents($path . 'en_dlg.js');
-							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 );
+							$strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n";
 						}
 					}

@@ -1235,8 +1288,8 @@ function wp_tiny_mce( $teeny = false ) {

 	// TinyMCE init settings
 	$initArray = array (
-		'mode' => 'none',
-		'onpageload' => 'switchEditors.edInit',
+		'mode' => 'specific_textareas',
+		'editor_selector' => 'theEditor',
 		'width' => '100%',
 		'theme' => 'advanced',
 		'skin' => 'wp_theme',
@@ -1257,19 +1310,21 @@ function wp_tiny_mce( $teeny = false ) {
 		'convert_urls' => false,
 		'apply_source_formatting' => false,
 		'remove_linebreaks' => true,
-		'paste_convert_middot_lists' => true,
-		'paste_remove_spans' => true,
-		'paste_remove_styles' => true,
 		'gecko_spellcheck' => true,
 		'entities' => '38,amp,60,lt,62,gt',
 		'accessibility_focus' => true,
-		'tab_focus' => ':prev,:next',
-		'content_css' => "$mce_css",
+		'tabfocus_elements' => 'major-publishing-actions',
+		'media_strict' => false,
 		'save_callback' => 'switchEditors.saveCallback',
 		'wpeditimage_disable_captions' => $no_captions,
 		'plugins' => "$plugins"
 	);

+	$mce_css = trim(apply_filters('mce_css', ''), ' ,');
+
+	if ( ! empty($mce_css) )
+		$initArray['content_css'] = "$mce_css";
+
 	// For people who really REALLY know what they're doing with TinyMCE
 	// You can modify initArray to add, remove, change elements of the config before tinyMCE.init
 	// Setting "valid_elements", "invalid_elements" and "extended_valid_elements" can be done through "tiny_mce_before_init".
@@ -1280,9 +1335,26 @@ function wp_tiny_mce( $teeny = false ) {
 		$initArray = apply_filters('tiny_mce_before_init', $initArray);
 	}

-	$language = $initArray['language'];
+	if ( empty($initArray['theme_advanced_buttons3']) && !empty($initArray['theme_advanced_buttons4']) ) {
+		$initArray['theme_advanced_buttons3'] = $initArray['theme_advanced_buttons4'];
+		$initArray['theme_advanced_buttons4'] = '';
+	}

-	$ver = apply_filters('tiny_mce_version', '3101');
+	if ( ! isset($concatenate_scripts) )
+		script_concat_settings();
+
+	$language = $initArray['language'];
+	$zip = $compress_scripts ? 1 : 0;
+
+	/**
+	 * Deprecated
+	 *
+	 * The tiny_mce_version filter is not needed since external plugins are loaded directly by TinyMCE.
+	 * These plugins can be refreshed by appending query string to the URL passed to mce_external_plugins filter.
+	 * If the plugin has a popup dialog, a query string can be added to the button action that opens it (in the plugin's code).
+	 */
+	$version = apply_filters('tiny_mce_version', '');
+	$version = 'ver=' . $tinymce_version . $version;

 	if ( 'en' != $language )
 		include_once(ABSPATH . WPINC . '/js/tinymce/langs/wp-langs.php');
@@ -1298,52 +1370,35 @@ function wp_tiny_mce( $teeny = false ) {
 tinyMCEPreInit = {
 	base : "<?php echo $baseurl; ?>",
 	suffix : "",
-	query : "ver=<?php echo $ver; ?>",
+	query : "<?php echo $version; ?>",
 	mceInit : {<?php echo $mce_options; ?>},
-
-	go : function() {
-		var t = this, sl = tinymce.ScriptLoader, ln = t.mceInit.language, th = t.mceInit.theme, pl = t.mceInit.plugins;
-
-		sl.markDone(t.base + '/langs/' + ln + '.js');
-
-		sl.markDone(t.base + '/themes/' + th + '/langs/' + ln + '.js');
-		sl.markDone(t.base + '/themes/' + th + '/langs/' + ln + '_dlg.js');
-
-		tinymce.each(pl.split(','), function(n) {
-			if (n && n.charAt(0) != '-') {
-				sl.markDone(t.base + '/plugins/' + n + '/langs/' + ln + '.js');
-				sl.markDone(t.base + '/plugins/' + n + '/langs/' + ln + '_dlg.js');
-			}
-		});
-	},
-
-	load_ext : function(url,lang) {
-		var sl = tinymce.ScriptLoader;
-
-		sl.markDone(url + '/langs/' + lang + '.js');
-		sl.markDone(url + '/langs/' + lang + '_dlg.js');
-	}
+	load_ext : function(url,lang){var sl=tinymce.ScriptLoader;sl.markDone(url+'/langs/'+lang+'.js');sl.markDone(url+'/langs/'+lang+'_dlg.js');}
 };
 /* ]]> */
 </script>
-<script type="text/javascript" src="<?php echo $baseurl; ?>/tiny_mce.js?ver=<?php echo $ver; ?>"></script>
-<?php if ( 'en' != $language && isset($lang) ) { ?>
-<script type="text/javascript">
-<?php echo $lang; ?>
-</script>
-<?php } else { ?>
-<script type="text/javascript" src="<?php echo $baseurl; ?>/langs/wp-langs-en.js?ver=<?php echo $ver; ?>"></script>
-<?php } ?>
-<script type="text/javascript">
-<?php if ( $ext_plugins ) echo $ext_plugins; ?>
-
-// Mark translations as done
-tinyMCEPreInit.go();
-
-// Init
-tinyMCE.init(tinyMCEPreInit.mceInit);
-</script>

+<?php
+	if ( $concatenate_scripts )
+		echo "<script type='text/javascript' src='$baseurl/wp-tinymce.php?c=$zip&amp;$version'></script>\n";
+	else
+		echo "<script type='text/javascript' src='$baseurl/tiny_mce.js?$version'></script>\n";
+
+	if ( 'en' != $language && isset($lang) )
+		echo "<script type='text/javascript'>\n$lang\n</script>\n";
+	else
+		echo "<script type='text/javascript' src='$baseurl/langs/wp-langs-en.js?$version'></script>\n";
+?>
+
+<script type="text/javascript">
+/* <![CDATA[ */
+<?php if ( $ext_plugins ) echo "$ext_plugins\n"; ?>
+<?php if ( $concatenate_scripts ) { ?>
+tinyMCEPreInit.go();
+<?php } else { ?>
+(function(){var t=tinyMCEPreInit,sl=tinymce.ScriptLoader,ln=t.mceInit.language,th=t.mceInit.theme,pl=t.mceInit.plugins;sl.markDone(t.base+'/langs/'+ln+'.js');sl.markDone(t.base+'/themes/'+th+'/langs/'+ln+'.js');sl.markDone(t.base+'/themes/'+th+'/langs/'+ln+'_dlg.js');tinymce.each(pl.split(','),function(n){if(n&&n.charAt(0)!='-'){sl.markDone(t.base+'/plugins/'+n+'/langs/'+ln+'.js');sl.markDone(t.base+'/plugins/'+n+'/langs/'+ln+'_dlg.js');}});})();
+<?php } ?>
+tinyMCE.init(tinyMCEPreInit.mceInit);
+/* ]]> */
+</script>
 <?php
 }
-?>
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -28,7 +28,7 @@ if ( $wpdb->has_cap( 'collation' ) ) {

 /** Create WordPress database tables SQL */
 $wp_queries = "CREATE TABLE $wpdb->terms (
- term_id bigint(20) NOT NULL auto_increment,
+ term_id bigint(20) unsigned NOT NULL auto_increment,
 name varchar(200) NOT NULL default '',
 slug varchar(200) NOT NULL default '',
 term_group bigint(10) NOT NULL default 0,
@@ -37,25 +37,26 @@ $wp_queries = "CREATE TABLE $wpdb->terms (
 KEY name (name)
 ) $charset_collate;
 CREATE TABLE $wpdb->term_taxonomy (
- term_taxonomy_id bigint(20) NOT NULL auto_increment,
- term_id bigint(20) NOT NULL default 0,
+ term_taxonomy_id bigint(20) unsigned NOT NULL auto_increment,
+ term_id bigint(20) unsigned NOT NULL default 0,
 taxonomy varchar(32) NOT NULL default '',
 description longtext NOT NULL,
- parent bigint(20) NOT NULL default 0,
+ parent bigint(20) unsigned NOT NULL default 0,
 count bigint(20) NOT NULL default 0,
 PRIMARY KEY  (term_taxonomy_id),
- UNIQUE KEY term_id_taxonomy (term_id,taxonomy)
+ UNIQUE KEY term_id_taxonomy (term_id,taxonomy),
+ KEY taxonomy (taxonomy)
 ) $charset_collate;
 CREATE TABLE $wpdb->term_relationships (
- object_id bigint(20) NOT NULL default 0,
- term_taxonomy_id bigint(20) NOT NULL default 0,
+ object_id bigint(20) unsigned NOT NULL default 0,
+ term_taxonomy_id bigint(20) unsigned NOT NULL default 0,
 term_order int(11) NOT NULL default 0,
 PRIMARY KEY  (object_id,term_taxonomy_id),
 KEY term_taxonomy_id (term_taxonomy_id)
 ) $charset_collate;
 CREATE TABLE $wpdb->comments (
  comment_ID bigint(20) unsigned NOT NULL auto_increment,
-  comment_post_ID int(11) NOT NULL default '0',
+  comment_post_ID bigint(20) unsigned NOT NULL default '0',
  comment_author tinytext NOT NULL,
  comment_author_email varchar(100) NOT NULL default '',
  comment_author_url varchar(200) NOT NULL default '',
@@ -67,8 +68,8 @@ CREATE TABLE $wpdb->comments (
  comment_approved varchar(20) NOT NULL default '1',
  comment_agent varchar(255) NOT NULL default '',
  comment_type varchar(20) NOT NULL default '',
-  comment_parent bigint(20) NOT NULL default '0',
-  user_id bigint(20) NOT NULL default '0',
+  comment_parent bigint(20) unsigned NOT NULL default '0',
+  user_id bigint(20) unsigned NOT NULL default '0',
  PRIMARY KEY  (comment_ID),
  KEY comment_approved (comment_approved),
  KEY comment_post_ID (comment_post_ID),
@@ -76,26 +77,24 @@ CREATE TABLE $wpdb->comments (
  KEY comment_date_gmt (comment_date_gmt)
 ) $charset_collate;
 CREATE TABLE $wpdb->links (
-  link_id bigint(20) NOT NULL auto_increment,
+  link_id bigint(20) unsigned NOT NULL auto_increment,
  link_url varchar(255) NOT NULL default '',
  link_name varchar(255) NOT NULL default '',
  link_image varchar(255) NOT NULL default '',
  link_target varchar(25) NOT NULL default '',
-  link_category bigint(20) NOT NULL default '0',
  link_description varchar(255) NOT NULL default '',
  link_visible varchar(20) NOT NULL default 'Y',
-  link_owner int(11) NOT NULL default '1',
+  link_owner bigint(20) unsigned NOT NULL default '1',
  link_rating int(11) NOT NULL default '0',
  link_updated datetime NOT NULL default '0000-00-00 00:00:00',
  link_rel varchar(255) NOT NULL default '',
  link_notes mediumtext NOT NULL,
  link_rss varchar(255) NOT NULL default '',
  PRIMARY KEY  (link_id),
-  KEY link_category (link_category),
  KEY link_visible (link_visible)
 ) $charset_collate;
 CREATE TABLE $wpdb->options (
-  option_id bigint(20) NOT NULL auto_increment,
+  option_id bigint(20) unsigned NOT NULL auto_increment,
  blog_id int(11) NOT NULL default '0',
  option_name varchar(64) NOT NULL default '',
  option_value longtext NOT NULL,
@@ -104,8 +103,8 @@ CREATE TABLE $wpdb->options (
  KEY option_name (option_name)
 ) $charset_collate;
 CREATE TABLE $wpdb->postmeta (
-  meta_id bigint(20) NOT NULL auto_increment,
-  post_id bigint(20) NOT NULL default '0',
+  meta_id bigint(20) unsigned NOT NULL auto_increment,
+  post_id bigint(20) unsigned NOT NULL default '0',
  meta_key varchar(255) default NULL,
  meta_value longtext,
  PRIMARY KEY  (meta_id),
@@ -114,12 +113,11 @@ CREATE TABLE $wpdb->postmeta (
 ) $charset_collate;
 CREATE TABLE $wpdb->posts (
  ID bigint(20) unsigned NOT NULL auto_increment,
-  post_author bigint(20) NOT NULL default '0',
+  post_author bigint(20) unsigned NOT NULL default '0',
  post_date datetime NOT NULL default '0000-00-00 00:00:00',
  post_date_gmt datetime NOT NULL default '0000-00-00 00:00:00',
  post_content longtext NOT NULL,
  post_title text NOT NULL,
-  post_category int(4) NOT NULL default '0',
  post_excerpt text NOT NULL,
  post_status varchar(20) NOT NULL default 'publish',
  comment_status varchar(20) NOT NULL default 'open',
@@ -131,7 +129,7 @@ CREATE TABLE $wpdb->posts (
  post_modified datetime NOT NULL default '0000-00-00 00:00:00',
  post_modified_gmt datetime NOT NULL default '0000-00-00 00:00:00',
  post_content_filtered text NOT NULL,
-  post_parent bigint(20) NOT NULL default '0',
+  post_parent bigint(20) unsigned NOT NULL default '0',
  guid varchar(255) NOT NULL default '',
  menu_order int(11) NOT NULL default '0',
  post_type varchar(20) NOT NULL default 'post',
@@ -158,8 +156,8 @@ CREATE TABLE $wpdb->users (
  KEY user_nicename (user_nicename)
 ) $charset_collate;
 CREATE TABLE $wpdb->usermeta (
-  umeta_id bigint(20) NOT NULL auto_increment,
-  user_id bigint(20) NOT NULL default '0',
+  umeta_id bigint(20) unsigned NOT NULL auto_increment,
+  user_id bigint(20) unsigned NOT NULL default '0',
  meta_key varchar(255) default NULL,
  meta_value longtext,
  PRIMARY KEY  (umeta_id),
@@ -181,138 +179,169 @@ function populate_options() {

 	do_action('populate_options');

-	add_option('siteurl', $guessurl);
-	add_option('blogname', __('My Blog'));
-	add_option('blogdescription', __('Just another WordPress weblog'));
-	add_option('users_can_register', 0);
-	add_option('admin_email', 'you@example.com');
-	add_option('start_of_week', 1);
-	add_option('use_balanceTags', 0);
-	add_option('use_smilies', 1);
-	add_option('require_name_email', 1);
-	add_option('comments_notify', 1);
-	add_option('posts_per_rss', 10);
-	add_option('rss_excerpt_length', 50);
-	add_option('rss_use_excerpt', 0);
-	add_option('mailserver_url', 'mail.example.com');
-	add_option('mailserver_login', 'login@example.com');
-	add_option('mailserver_pass', 'password');
-	add_option('mailserver_port', 110);
-	add_option('default_category', 1);
-	add_option('default_comment_status', 'open');
-	add_option('default_ping_status', 'open');
-	add_option('default_pingback_flag', 1);
-	add_option('default_post_edit_rows', 10);
-	add_option('posts_per_page', 10);
-	add_option('what_to_show', 'posts');
-	add_option('date_format', __('F j, Y'));
-	add_option('time_format', __('g:i a'));
-	add_option('links_updated_date_format', __('F j, Y g:i a'));
-	add_option('links_recently_updated_prepend', '<em>');
-	add_option('links_recently_updated_append', '</em>');
-	add_option('links_recently_updated_time', 120);
-	add_option('comment_moderation', 0);
-	add_option('moderation_notify', 1);
-	add_option('permalink_structure');
-	add_option('gzipcompression', 0);
-	add_option('hack_file', 0);
-	add_option('blog_charset', 'UTF-8');
-	add_option('moderation_keys');
-	add_option('active_plugins');
-	add_option('home', $guessurl);
-	// in case it is set, but blank, update "home"
-	if ( !__get_option('home') ) update_option('home', $guessurl);
-	add_option('category_base');
-	add_option('ping_sites', 'http://rpc.pingomatic.com/');
-	add_option('advanced_edit', 0);
-	add_option('comment_max_links', 2);
-	add_option('gmt_offset', date('Z') / 3600);
-	// 1.5
-	add_option('default_email_category', 1);
-	add_option('recently_edited');
-	add_option('use_linksupdate', 0);
-	add_option('template', 'default');
-	add_option('stylesheet', 'default');
-	add_option('comment_whitelist', 1);
-	add_option('page_uris');
-	add_option('blacklist_keys');
-	add_option('comment_registration', 0);
-	add_option('rss_language', 'en');
-	add_option('html_type', 'text/html');
-	// 1.5.1
-	add_option('use_trackback', 0);
-	// 2.0
-	add_option('default_role', 'subscriber');
-	add_option('db_version', $wp_db_version);
-	// 2.0.1
 	if ( ini_get('safe_mode') ) {
 		// Safe mode screws up mkdir(), so we must use a flat structure.
-		add_option('uploads_use_yearmonth_folders', 0);
-		add_option('upload_path', WP_CONTENT_DIR);
+		$uploads_use_yearmonth_folders = 0;
+		$upload_path = WP_CONTENT_DIR;
 	} else {
-		add_option('uploads_use_yearmonth_folders', 1);
-		add_option('upload_path', WP_CONTENT_DIR . '/uploads');
+		$uploads_use_yearmonth_folders = 1;
+		$upload_path = WP_CONTENT_DIR . '/uploads';
 	}

+	$options = array(
+	'siteurl' => $guessurl,
+	'blogname' => __('My Blog'),
+	'blogdescription' => __('Just another WordPress weblog'),
+	'users_can_register' => 0,
+	'admin_email' => 'you@example.com',
+	'start_of_week' => 1,
+	'use_balanceTags' => 0,
+	'use_smilies' => 1,
+	'require_name_email' => 1,
+	'comments_notify' => 1,
+	'posts_per_rss' => 10,
+	'rss_excerpt_length' => 50,
+	'rss_use_excerpt' => 0,
+	'mailserver_url' => 'mail.example.com',
+	'mailserver_login' => 'login@example.com',
+	'mailserver_pass' => 'password',
+	'mailserver_port' => 110,
+	'default_category' => 1,
+	'default_comment_status' => 'open',
+	'default_ping_status' => 'open',
+	'default_pingback_flag' => 1,
+	'default_post_edit_rows' => 10,
+	'posts_per_page' => 10,
+	/* translators: default date format, see http://php.net/date */
+	'date_format' => __('F j, Y'),
+	/* translators: default time format, see http://php.net/date */
+	'time_format' => __('g:i a'),
+	/* translators: links last updated date format, see http://php.net/date */
+	'links_updated_date_format' => __('F j, Y g:i a'),
+	'links_recently_updated_prepend' => '<em>',
+	'links_recently_updated_append' => '</em>',
+	'links_recently_updated_time' => 120,
+	'comment_moderation' => 0,
+	'moderation_notify' => 1,
+	'permalink_structure' => '',
+	'gzipcompression' => 0,
+	'hack_file' => 0,
+	'blog_charset' => 'UTF-8',
+	'moderation_keys' => '',
+	'active_plugins' => array(),
+	'home' => $guessurl,
+	'category_base' => '',
+	'ping_sites' => 'http://rpc.pingomatic.com/',
+	'advanced_edit' => 0,
+	'comment_max_links' => 2,
+	'gmt_offset' => date('Z') / 3600,
+
+	// 1.5
+	'default_email_category' => 1,
+	'recently_edited' => '',
+	'use_linksupdate' => 0,
+	'template' => 'default',
+	'stylesheet' => 'default',
+	'comment_whitelist' => 1,
+	'blacklist_keys' => '',
+	'comment_registration' => 0,
+	'rss_language' => 'en',
+	'html_type' => 'text/html',
+
+	// 1.5.1
+	'use_trackback' => 0,
+
+	// 2.0
+	'default_role' => 'subscriber',
+	'db_version' => $wp_db_version,
+
+	// 2.0.1
+	'uploads_use_yearmonth_folders' => $uploads_use_yearmonth_folders,
+	'upload_path' => $upload_path,
+
 	// 2.0.3
-	add_option('secret', wp_generate_password(64));
+	'secret' => wp_generate_password(64),

 	// 2.1
-	add_option('blog_public', '1');
-	add_option('default_link_category', 2);
-	add_option('show_on_front', 'posts');
+	'blog_public' => '1',
+	'default_link_category' => 2,
+	'show_on_front' => 'posts',

 	// 2.2
-	add_option('tag_base');
+	'tag_base' => '',

 	// 2.5
-	add_option('show_avatars', '1');
-	add_option('avatar_rating', 'G');
-	add_option('upload_url_path', '');
-	add_option('thumbnail_size_w', 150);
-	add_option('thumbnail_size_h', 150);
-	add_option('thumbnail_crop', 1);
-	add_option('medium_size_w', 300);
-	add_option('medium_size_h', 300);
+	'show_avatars' => '1',
+	'avatar_rating' => 'G',
+	'upload_url_path' => '',
+	'thumbnail_size_w' => 150,
+	'thumbnail_size_h' => 150,
+	'thumbnail_crop' => 1,
+	'medium_size_w' => 300,
+	'medium_size_h' => 300,

 	// 2.6
-	add_option('avatar_default', 'mystery');
-	add_option('enable_app', 0);
-	add_option('enable_xmlrpc', 0);
+	'avatar_default' => 'mystery',
+	'enable_app' => 0,
+	'enable_xmlrpc' => 0,

 	// 2.7
-	add_option('large_size_w', 1024);
-	add_option('large_size_h', 1024);
-	add_option('image_default_link_type', 'file');
-	add_option('image_default_size', '');
-	add_option('image_default_align', '');
-	add_option('close_comments_for_old_posts', 0);
-	add_option('close_comments_days_old', 14);
-	add_option('thread_comments', 0);
-	add_option('thread_comments_depth', 5);
-	add_option('page_comments', 1);
-	add_option('comments_per_page', 50);
-	add_option('default_comments_page', 'newest');
-	add_option('comment_order', 'asc');
-	add_option('use_ssl', 0);
-	add_option('sticky_posts', array());
-	add_option('widget_categories', array());
-	add_option('widget_text', array());
-	add_option('widget_rss', array());
-	add_option('update_core', array());
-	add_option('dismissed_update_core', array());
+	'large_size_w' => 1024,
+	'large_size_h' => 1024,
+	'image_default_link_type' => 'file',
+	'image_default_size' => '',
+	'image_default_align' => '',
+	'close_comments_for_old_posts' => 0,
+	'close_comments_days_old' => 14,
+	'thread_comments' => 0,
+	'thread_comments_depth' => 5,
+	'page_comments' => 1,
+	'comments_per_page' => 50,
+	'default_comments_page' => 'newest',
+	'comment_order' => 'asc',
+	'sticky_posts' => array(),
+	'widget_categories' => array(),
+	'widget_text' => array(),
+	'widget_rss' => array(),
+
+	// 2.8
+	'timezone_string' => ''
+	);
+
+	// Set autoload to no for these options
+	$fat_options = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' );
+
+	$existing_options = $wpdb->get_col("SELECT option_name FROM $wpdb->options");
+
+	$insert = '';
+	foreach ( $options as $option => $value ) {
+		if ( in_array($option, $existing_options) )
+			continue;
+		if ( in_array($option, $fat_options) )
+			$autoload = 'no';
+		else
+			$autoload = 'yes';
+
+		$option = $wpdb->escape($option);
+		if ( is_array($value) )
+			$value = serialize($value);
+		$value = $wpdb->escape($value);
+		if ( !empty($insert) )
+			$insert .= ', ';
+		$insert .= "('$option', '$value', '$autoload')";
+	}
+
+	if ( !empty($insert) )
+		$wpdb->query("INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES " . $insert);
+
+	// in case it is set, but blank, update "home"
+	if ( !__get_option('home') ) update_option('home', $guessurl);

 	// Delete unused options
-	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins');
-	foreach ($unusedoptions as $option) :
+	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update', 'action', 'rich_editing', 'autosave_interval', 'deactivated_plugins', 'can_compress_scripts',
+		'page_uris', 'rewrite_rules', 'update_core', 'update_plugins', 'update_themes', 'doing_cron', 'random_seed');
+	foreach ($unusedoptions as $option)
 		delete_option($option);
-	endforeach;
-
-	// Set up a few options not to load by default
-	$fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' );
-	foreach ($fatoptions as $fatoption) :
-		$wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'");
-	endforeach;
 }

 /**
@@ -327,6 +356,7 @@ function populate_roles() {
 	populate_roles_250();
 	populate_roles_260();
 	populate_roles_270();
+	populate_roles_280();
 }

 /**
@@ -338,20 +368,25 @@ function populate_roles_160() {
 	// Add roles

 	// Dummy gettext calls to get strings in the catalog.
-	_c('Administrator|User role');
-	_c('Editor|User role');
-	_c('Author|User role');
-	_c('Contributor|User role');
-	_c('Subscriber|User role');
+	/* translators: user role */
+	_x('Administrator', 'User role');
+	/* translators: user role */
+	_x('Editor', 'User role');
+	/* translators: user role */
+	_x('Author', 'User role');
+	/* translators: user role */
+	_x('Contributor', 'User role');
+	/* translators: user role */
+	_x('Subscriber', 'User role');

-	add_role('administrator', 'Administrator|User role');
-	add_role('editor', 'Editor|User role');
-	add_role('author', 'Author|User role');
-	add_role('contributor', 'Contributor|User role');
-	add_role('subscriber', 'Subscriber|User role');
+	add_role('administrator', 'Administrator');
+	add_role('editor', 'Editor');
+	add_role('author', 'Author');
+	add_role('contributor', 'Contributor');
+	add_role('subscriber', 'Subscriber');

 	// Add caps for Administrator role
-	$role = get_role('administrator');
+	$role =& get_role('administrator');
 	$role->add_cap('switch_themes');
 	$role->add_cap('edit_themes');
 	$role->add_cap('activate_plugins');
@@ -384,7 +419,7 @@ function populate_roles_160() {
 	$role->add_cap('level_0');

 	// Add caps for Editor role
-	$role = get_role('editor');
+	$role =& get_role('editor');
 	$role->add_cap('moderate_comments');
 	$role->add_cap('manage_categories');
 	$role->add_cap('manage_links');
@@ -406,7 +441,7 @@ function populate_roles_160() {
 	$role->add_cap('level_0');

 	// Add caps for Author role
-	$role = get_role('author');
+	$role =& get_role('author');
 	$role->add_cap('upload_files');
 	$role->add_cap('edit_posts');
 	$role->add_cap('edit_published_posts');
@@ -417,14 +452,14 @@ function populate_roles_160() {
 	$role->add_cap('level_0');

 	// Add caps for Contributor role
-	$role = get_role('contributor');
+	$role =& get_role('contributor');
 	$role->add_cap('edit_posts');
 	$role->add_cap('read');
 	$role->add_cap('level_1');
 	$role->add_cap('level_0');

 	// Add caps for Subscriber role
-	$role = get_role('subscriber');
+	$role =& get_role('subscriber');
 	$role->add_cap('read');
 	$role->add_cap('level_0');
 }
@@ -437,7 +472,7 @@ function populate_roles_160() {
 function populate_roles_210() {
 	$roles = array('administrator', 'editor');
 	foreach ($roles as $role) {
-		$role = get_role($role);
+		$role =& get_role($role);
 		if ( empty($role) )
 			continue;

@@ -458,19 +493,19 @@ function populate_roles_210() {
 		$role->add_cap('read_private_pages');
 	}

-	$role = get_role('administrator');
+	$role =& get_role('administrator');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_users');
 		$role->add_cap('create_users');
 	}

-	$role = get_role('author');
+	$role =& get_role('author');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_posts');
 		$role->add_cap('delete_published_posts');
 	}

-	$role = get_role('contributor');
+	$role =& get_role('contributor');
 	if ( ! empty($role) ) {
 		$role->add_cap('delete_posts');
 	}
@@ -482,7 +517,7 @@ function populate_roles_210() {
 * @since 2.3.0
 */
 function populate_roles_230() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );

 	if ( !empty( $role ) ) {
 		$role->add_cap( 'unfiltered_upload' );
@@ -495,7 +530,7 @@ function populate_roles_230() {
 * @since 2.5.0
 */
 function populate_roles_250() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );

 	if ( !empty( $role ) ) {
 		$role->add_cap( 'edit_dashboard' );
@@ -508,7 +543,7 @@ function populate_roles_250() {
 * @since 2.6.0
 */
 function populate_roles_260() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );

 	if ( !empty( $role ) ) {
 		$role->add_cap( 'update_plugins' );
@@ -522,7 +557,7 @@ function populate_roles_260() {
 * @since 2.7.0
 */
 function populate_roles_270() {
-	$role = get_role( 'administrator' );
+	$role =& get_role( 'administrator' );

 	if ( !empty( $role ) ) {
 		$role->add_cap( 'install_plugins' );
@@ -530,4 +565,17 @@ function populate_roles_270() {
 	}
 }

+/**
+ * Create and modify WordPress roles for WordPress 2.8.
+ *
+ * @since 2.8.0
+ */
+function populate_roles_280() {
+	$role =& get_role( 'administrator' );
+
+	if ( !empty( $role ) ) {
+		$role->add_cap( 'install_themes' );
+	}
+}
+
 ?>
--- a/wp-admin/includes/taxonomy.php
+++ b/wp-admin/includes/taxonomy.php
@@ -18,8 +18,8 @@
 * @param unknown_type $cat_name
 * @return unknown
 */
-function category_exists($cat_name) {
-	$id = is_term($cat_name, 'category');
+function category_exists($cat_name, $parent = 0) {
+	$id = is_term($cat_name, 'category', $parent);
 	if ( is_array($id) )
 		$id = $id['term_id'];
 	return $id;
@@ -194,21 +194,37 @@ function wp_update_category($catarr) {
 * @param unknown_type $post_id
 * @return unknown
 */
-function get_tags_to_edit( $post_id ) {
+function get_tags_to_edit( $post_id, $taxonomy = 'post_tag' ) {
+	return get_terms_to_edit( $post_id, $taxonomy);
+}
+
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $post_id
+ * @return unknown
+ */
+function get_terms_to_edit( $post_id, $taxonomy = 'post_tag' ) {
 	$post_id = (int) $post_id;
 	if ( !$post_id )
 		return false;

-	$tags = wp_get_post_tags($post_id);
+	$tags = wp_get_post_terms($post_id, $taxonomy, array());

 	if ( !$tags )
 		return false;

+	if ( is_wp_error($tags) )
+		return $tags;
+
 	foreach ( $tags as $tag )
 		$tag_names[] = $tag->name;
 	$tags_to_edit = join( ',', $tag_names );
-	$tags_to_edit = attribute_escape( $tags_to_edit );
-	$tags_to_edit = apply_filters( 'tags_to_edit', $tags_to_edit );
+	$tags_to_edit = esc_attr( $tags_to_edit );
+	$tags_to_edit = apply_filters( 'terms_to_edit', $tags_to_edit, $taxonomy );
+
 	return $tags_to_edit;
 }

@@ -233,10 +249,20 @@ function tag_exists($tag_name) {
 * @return unknown
 */
 function wp_create_tag($tag_name) {
-	if ( $id = tag_exists($tag_name) )
-		return $id;
-
-	return wp_insert_term($tag_name, 'post_tag');
+	return wp_create_term( $tag_name, 'post_tag');
 }

-?>
+/**
+ * {@internal Missing Short Description}}
+ *
+ * @since unknown
+ *
+ * @param unknown_type $tag_name
+ * @return unknown
+ */
+function wp_create_term($tag_name, $taxonomy = 'post_tag') {
+	if ( $id = is_term($tag_name, $taxonomy) )
+		return $id;
+
+	return wp_insert_term($tag_name, $taxonomy);
+}
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
--- a/Show More
+++ b/Show More