2.8.6

git-svn-id: http://svn.automattic.com/wordpress/tags/2.8.6@12177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2.8.6
2009-11-12 18:06:10 +00:00 · 2009-11-12 17:46:16 +00:00 · 2009-11-12 16:06:26 +00:00 · 2009-11-12 05:21:24 +00:00 · 2009-11-12 02:50:13 +00:00 · 2009-11-11 23:22:44 +00:00
120 changed files with 2000 additions and 1459 deletions
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo" style="text-align: center">
 	<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-	<br /> Version 2.8
+	<br /> Version 2.8.6
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>

@@ -29,7 +29,7 @@

 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.8:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.6:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified.</li>
 	<li>Upload the new files.</li>
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -602,8 +602,12 @@ case 'add-comment' :
 	if ( !current_user_can( 'edit_post', $id ) )
 		die('-1');
 	$search = isset($_POST['s']) ? $_POST['s'] : false;
-	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
-	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false;
+	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
+	$per_page = isset($_POST['per_page']) ?  (int) $_POST['per_page'] + 8 : 28;
+	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
+	if ( 1 > $start )
+		$start = 27;
+
 	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
 	$p = isset($_POST['p']) ? $_POST['p'] : 0;
 	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
@@ -814,8 +818,10 @@ case 'add-meta' :
 			die('0'); // if meta doesn't exist
 		if ( !current_user_can( 'edit_post', $meta->post_id ) )
 			die('-1');
-		if ( !$u = update_meta( $mid, $key, $value ) )
-			die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+		if ( $meta->meta_value != stripslashes($value) ) {
+			if ( !$u = update_meta( $mid, $key, $value ) )
+				die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+		}

 		$key = stripslashes($key);
 		$value = stripslashes($value);
--- a/wp-admin/admin-footer.php
+++ b/wp-admin/admin-footer.php
@@ -5,6 +5,10 @@
 * @package WordPress
 * @subpackage Administration
 */
+
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 ?>

 <div class="clear"></div></div><!-- wpbody-content -->
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@@ -146,7 +146,7 @@ if (isset($plugin_page)) {

 	// Make sure rules are flushed
 	global $wp_rewrite;
-	$wp_rewrite->flush_rules();
+	$wp_rewrite->flush_rules(false);

 	exit();
 } else {
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) )
 *
 * @param string $msg Error Message. Assumed to contain HTML and be sanitized.
 */
-function comment_footer_die( $msg ) {  //
+function comment_footer_die( $msg ) {
 	echo "<div class='wrap'><p>$msg</p></div>";
 	include('admin-footer.php');
 	die;
@@ -119,7 +119,7 @@ if ( 'spam' == $_GET['dt'] ) {
 <?php if ( $comment->comment_author_url ) { ?>
 <tr>
 <th scope="row"><?php _e('URL'); ?></th>
-<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
+<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
 </tr>
 <?php } ?>
 <tr>
--- a/wp-admin/css/colors-classic.css
+++ b/wp-admin/css/colors-classic.css
@@ -267,7 +267,7 @@ td.help {
 	color: #000;
 }

-.side-info h5, .bordertitle {
+.side-info h5 {
 	border-bottom-color: #dadada;
 }

--- a/wp-admin/css/colors-fresh.css
+++ b/wp-admin/css/colors-fresh.css
@@ -267,7 +267,7 @@ td.help {
 	color: #000;
 }

-.side-info h5, .bordertitle {
+.side-info h5 {
 	border-bottom-color: #dadada;
 }

--- a/wp-admin/css/global.css
+++ b/wp-admin/css/global.css
@@ -375,7 +375,6 @@ ol.ol-decimal > li {
 .widefat {
 	border-width: 1px;
 	border-style: solid;
-	border-collapse: separate;
 	border-spacing: 0;
 	width: 100%;
 	clear: both;
--- a/wp-admin/css/ie.css
+++ b/wp-admin/css/ie.css
@@ -246,7 +246,8 @@ a.button {
 .tagchecklist,
 #col-container,
 #col-left,
-#col-right {
+#col-right,
+.fileedit-sub {
 	display: block;
 	zoom: 100%;
 }
@@ -337,6 +338,11 @@ table.ie-fixed {
 	padding: 4px 0 22px;
 }

+.widefat {
+	empty-cells: show;
+	border-collapse: collapse;
+}
+
 .tablenav a.button-secondary {
 	display: inline-block;
 	padding: 2px 5px;
--- a/wp-admin/css/plugin-install.css
+++ b/wp-admin/css/plugin-install.css
@@ -68,7 +68,7 @@ div.star img {
 	border-top-left-radius: 3px;
 	-webkit-border-bottom-left-radius: 3px;
 	-khtml-border-bottom-left-radius: 3px;
-	border-top-bottom-radius: 3px;
+	border-bottom-left-radius: 3px;
 }

 #plugin-information .action-button a {
@@ -110,7 +110,7 @@ div.star img {
 	-moz-border-radius-bottomleft: 3px;
 	-webkit-border-bottom-left-radius: 3px;
 	-khtml-border-bottom-left-radius: 3px;
-	border-top-bottom-radius: 3px;
+	border-bottom-left-radius: 3px;
 }

 #plugin-information .fyi li {
--- a/wp-admin/css/theme-editor-rtl.css
+++ b/wp-admin/css/theme-editor-rtl.css
@@ -1,12 +1,3 @@
 #templateside {
 	float: left;
 }
-#themeselector {
-	padding-right: 0;
-	padding-left: 5px;
-	float: left;
-}
-div.tablenav {
-	margin-right: 0;
-	margin-left: 210px;
-}
--- a/wp-admin/css/theme-editor.css
+++ b/wp-admin/css/theme-editor.css
@@ -11,41 +11,26 @@
 #templateside {
 	float: right;
 	width: 190px;
+	word-wrap: break-word;
 }

-#templateside h3, #postcustomstuff p.submit {
+#templateside h3,
+#postcustomstuff p.submit {
 	margin: 0;
 }

-h3#bordertitle {
-	margin-bottom: 10px;
-}
-
 #templateside h4 {
-	margin-bottom: 0;
+	margin: 1em 0 0;
 }

-#templateside ol, #templateside ul {
-	list-style: none;
+#templateside ol,
+#templateside ul {
 	margin: .5em;
 	padding: 0;
 }

-#templateside ol li, #templateside ul li {
-	margin: 1px 0;
-}
-
-#themeselector {
-	padding-right: 5px;
-	float: right;
-	position: relative;
-	bottom: 25px;
-	top:20px;
-}
-
-#themeselector select {
-	margin: 0;
-	padding: 0;
+#templateside li {
+	margin: 4px 0;
 }

 .nonessential {
@@ -56,11 +41,6 @@ h3#bordertitle {
 	padding: 1px;
 }

-div.bordertitle h2 {
-	border: none;
-	padding-bottom: 0;
-}
-
 div.tablenav {
 	margin-right: 210px;
 }
@@ -72,4 +52,9 @@ div.tablenav {
 	line-height: 22px;
 	vertical-align: top;
 	font-weight: bold;
-}
+}
+
+.fileedit-sub {
+	padding: 10px 0 8px;
+	line-height: 180%;
+}
--- a/wp-admin/edit-attachment-rows.php
+++ b/wp-admin/edit-attachment-rows.php
@@ -6,7 +6,9 @@
 * @subpackage Administration
 */

-if ( ! defined('ABSPATH') ) die();
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');

 if ( have_posts() ) { ?>
 <table class="widefat fixed" cellspacing="0">
@@ -207,4 +209,3 @@ foreach ($posts_columns as $column_name => $column_display_name ) {
 <?php
 } // end if ( have_posts() )
 ?>
-
--- a/wp-admin/edit-category-form.php
+++ b/wp-admin/edit-category-form.php
@@ -6,6 +6,13 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit categories for this blog.'));
+
 /**
 * @var object
 */
@@ -69,6 +76,7 @@ _fill_empty_category($category);
 			<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($category->description); ?></textarea><br />
            <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
 		</tr>
+		<?php do_action('edit_category_form_fields', $category); ?>
 	</table>
 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Category'); ?>" /></p>
 <?php do_action('edit_category_form', $category); ?>
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();

@@ -193,7 +196,7 @@ else

 $start = $offset = ( $page - 1 ) * $comments_per_page;

-list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 5, $post_id, $comment_type ); // Grab a few extra
+list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 8, $post_id, $comment_type ); // Grab a few extra

 $_comment_post_ids = array();
 foreach ( $_comments as $_c ) {
@@ -358,7 +361,8 @@ if ( $page_links )
 	<input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" />
 	<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
 	<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
-	<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
+	<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
+	<input type="hidden" name="per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
 	<input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" />
 	<input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" />
 	<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
--- a/wp-admin/edit-form-advanced.php
+++ b/wp-admin/edit-form-advanced.php
@@ -6,6 +6,10 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
 * Post ID global
 * @name $post_ID
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -6,6 +6,10 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
 * @var string
 */
@@ -13,6 +17,7 @@ $submitbutton_text = __('Edit Comment');
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . esc_attr($comment->comment_post_ID);
+$comment->comment_author_email = esc_attr($comment->comment_author_email);
 ?>

 <form name="post" action="comment.php" method="post" id="post">
@@ -24,12 +29,6 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr(
 <div id="poststuff" class="metabox-holder has-right-sidebar">
 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
-<?php
-
-$email = esc_attr( $comment->comment_author_email );
-$url = esc_attr( $comment->comment_author_url );
-// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
-?>

 <div id="side-info-column" class="inner-sidebar">
 <div id="submitdiv" class="stuffbox" >
@@ -95,25 +94,24 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
 <tr valign="top">
 	<td class="first">
 	<?php
-		if ( $email ) {
+		if ( $comment->comment_author_email ) {
 			printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
 		} else {
 			_e( 'E-mail:' );
 		}
 ?></td>
-	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
+	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
 </tr>
 <tr valign="top">
 	<td class="first">
 	<?php
-		$url = get_comment_author_url();
-		if ( ! empty( $url ) && 'http://' != $url ) {
-			$link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
+		if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
+			$link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
 			printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
 		} else {
 			_e( 'URL:' );
 		} ?></td>
-	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($url); ?>" tabindex="3" /></td>
+	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($comment->comment_author_url); ?>" tabindex="3" /></td>
 </tr>
 </tbody>
 </table>
--- a/wp-admin/edit-link-category-form.php
+++ b/wp-admin/edit-link-category-form.php
@@ -6,6 +6,13 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit link categories for this blog.'));
+
 /**
 * @var object
 */
@@ -74,6 +81,7 @@ _fill_empty_link_category($category);
 			<th scope="row" valign="top"><label for="description"><?php _e('Description (optional)') ?></label></th>
 			<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $category->description; ?></textarea></td>
 		</tr>
+		<?php do_action('edit_link_category_form_fields', $category); ?>
 	</table>
 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo esc_attr($submit_text) ?>" /></p>
 <?php do_action('edit_link_category_form', $category); ?>
--- a/wp-admin/edit-link-form.php
+++ b/wp-admin/edit-link-form.php
@@ -6,6 +6,10 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 if ( ! empty($link_id) ) {
 	$heading = sprintf( __( '<a href="%s">Links</a> / Edit Link' ), 'link-manager.php' );
 	$submit_text = __('Update Link');
--- a/wp-admin/edit-page-form.php
+++ b/wp-admin/edit-page-form.php
@@ -6,6 +6,10 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
 * Post ID global.
 * @name $post_ID
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_pages') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Handle bulk actions
 if ( isset($_GET['action']) && ( -1 != $_GET['action'] || -1 != $_GET['action2'] ) ) {
 	$doaction = ( -1 != $_GET['action'] ) ? $_GET['action'] : $_GET['action2'];
--- a/wp-admin/edit-post-rows.php
+++ b/wp-admin/edit-post-rows.php
@@ -6,7 +6,9 @@
 * @subpackage Administration
 */

-if ( ! defined('ABSPATH') ) die();
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 ?>
 <table class="widefat post fixed" cellspacing="0">
 	<thead>
--- a/wp-admin/edit-tag-form.php
+++ b/wp-admin/edit-tag-form.php
@@ -6,6 +6,13 @@
 * @subpackage Administration
 */

+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit tags for this blog.'));
+
 if ( empty($tag_ID) ) { ?>
 	<div id="message" class="updated fade"><p><strong><?php _e('A tag was not selected for editing.'); ?></strong></p></div>
 <?php
@@ -39,6 +46,7 @@ do_action('edit_tag_form_pre', $tag); ?>
 			<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
            <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
 		</tr>
+		<?php do_action('edit_tag_form_fields', $tag); ?>
 	</table>
 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Tag'); ?>" /></p>
 <?php do_action('edit_tag_form', $tag); ?>
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Back-compat for viewing comments of an entry
 if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
 	wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );
--- a/wp-admin/export.php
+++ b/wp-admin/export.php
@@ -9,6 +9,9 @@
 /** Load WordPress Bootstrap */
 require_once ('admin.php');

+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to export the content of this blog.'));
+
 /** Load WordPress export API */
 require_once('includes/export.php');
 $title = __('Export');
--- a/wp-admin/import.php
+++ b/wp-admin/import.php
@@ -8,6 +8,10 @@

 /** Load WordPress Bootstrap */
 require_once ('admin.php');
+
+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to import content in this blog.'));
+
 $title = __('Import');
 require_once ('admin-header.php');
 $parent_file = 'tools.php';
--- a/wp-admin/import/btt.php
+++ b/wp-admin/import/btt.php
@@ -1,130 +0,0 @@
-<?php
-/**
- * BunnyTags Plugin Tag Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * BunnyTags Plugin tag converter
- *
- * This will process the BunnyTags plugin tags and convert them to the WordPress
- * 2.3 taxonomy.
- *
- * @since unknown
- */
-class BunnyTags_Import {
-
-	function header() {
-		echo '<div class="wrap">';
-		screen_icon();
-		echo '<h2>'.__('Import Bunny&#8217;s Technorati Tags').'</h2>';
-		echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
-	}
-
-	function footer() {
-		echo '</div>';
-	}
-
-	function greet() {
-		echo '<div class="narrow">';
-		echo '<p>'.__('Howdy! This imports tags from Bunny&#8217;s Technorati Tags into WordPress tags.').'</p>';
-		echo '<p>'.__('This is suitable for Bunny&#8217;s Technorati Tags version 0.6.').'</p>';
-		echo '<p><strong>'.__('All existing Bunny&#8217;s Technorati Tags will be removed after import.').'</strong></p>';
-		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
-		echo '<form action="admin.php?import=btt&amp;step=1" method="post">';
-		wp_nonce_field('import-btt');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Tags').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-
-	function dispatch() {
-		if ( empty($_GET['step']) )
-			$step = 0;
-		else
-			$step = absint($_GET['step']);
-
-		// load the header
-		$this->header();
-
-		switch ( $step ) {
-			case 0 :
-				$this->greet();
-				break;
-			case 1 :
-				check_admin_referer('import-btt');
-				$this->check_post_keyword( true );
-				break;
-			case 2 :
-				check_admin_referer('import-btt');
-				$this->check_post_keyword( false );
-				break;
-			case 3:
-				$this->done();
-				break;
-		}
-
-		// load the footer
-		$this->footer();
-	}
-
-	function check_post_keyword($precheck = true) {
-		global $wpdb;
-
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Reading Bunny&#8217;s Technorati Tags&#8230;').'</h3></p>';
-
-		// import Bunny's Keywords tags
-		$metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'");
-		if ( !is_array($metakeys)) {
-			echo '<p>' . __('No Tags Found!') . '</p>';
-			return false;
-		} else {
-			$count = count($metakeys);
-			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
-			echo '<ul>';
-			foreach ( $metakeys as $post_meta ) {
-				if ( $post_meta->meta_value != '' ) {
-					$post_keys = explode(' ', $post_meta->meta_value);
-					foreach ( $post_keys as $keyword ) {
-						$keyword = addslashes(trim(str_replace('+',' ',$keyword)));
-						if ( '' != $keyword ) {
-							echo '<li>' . $post_meta->post_id . '&nbsp;-&nbsp;' . $keyword . '</li>';
-							if ( !$precheck )
-								wp_add_post_tags($post_meta->post_id, $keyword);
-						}
-					}
-				}
-				if ( !$precheck )
-					delete_post_meta($post_meta->post_id, 'tags');
-			}
-			echo '</ul>';
-		}
-
-		echo '<form action="admin.php?import=btt&amp;step='.($precheck? 2:3).'" method="post">';
-		wp_nonce_field('import-btt');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-
-	function done() {
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Import Complete!').'</h3></p>';
-		echo '</div>';
-	}
-
-	function BunnyTags_Import() {
-	}
-
-}
-
-// create the import object
-$btt_import = new BunnyTags_Import();
-
-// add it to the import page!
-register_importer('btt', 'Bunny&#8217;s Technorati Tags', __('Import Bunny&#8217;s Technorati Tags into WordPress tags.'), array($btt_import, 'dispatch'));
-
-?>
--- a/wp-admin/import/jkw.php
+++ b/wp-admin/import/jkw.php
@@ -1,192 +0,0 @@
-<?php
-/**
- * Jeromes Keyword Plugin Importer
- *
- * @package WordPress
- * @subpackage Importer
- */
-
-/**
- * Jeromes Keyword Plugin Importer class
- *
- * Will convert Jeromes Keyword Plugin tags to WordPress taxonomy tags.
- *
- * @since 2.3
- */
-class JeromesKeyword_Import {
-
-	function header() {
-		echo '<div class="wrap">';
-		screen_icon();
-		echo '<h2>'.__('Import Jerome&#8217;s Keywords').'</h2>';
-		echo '<p>'.__('Steps may take a few minutes depending on the size of your database. Please be patient.').'<br /><br /></p>';
-	}
-
-	function footer() {
-		echo '</div>';
-	}
-
-	function greet() {
-		echo '<div class="narrow">';
-		echo '<p>'.__('Howdy! This imports tags from Jerome&#8217;s Keywords into WordPress tags.').'</p>';
-		echo '<p>'.__('This is suitable for Jerome&#8217;s Keywords version 1.x and 2.0a.').'</p>';
-		echo '<p><strong>'.__('All existing Jerome&#8217;s Keywords will be removed after import.').'</strong></p>';
-		echo '<p><strong>'.__('Don&#8217;t be stupid - backup your database before proceeding!').'</strong></p>';
-		echo '<form action="admin.php?import=jkw&amp;step=1" method="post">';
-		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 1.x').'" /></p>';
-		echo '</form>';
-		echo '<form action="admin.php?import=jkw&amp;step=3" method="post">';
-		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Import Version 2.0a').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-
-	function dispatch() {
-		if ( empty($_GET['step']) )
-			$step = 0;
-		else
-			$step = absint($_GET['step']);
-
-		// load the header
-		$this->header();
-
-		switch ( $step ) {
-			case 0 :
-				$this->greet();
-				break;
-			case 1 :
-				check_admin_referer('import-jkw');
-				$this->check_V1_post_keyword( true );
-				break;
-			case 2 :
-				check_admin_referer('import-jkw');
-				$this->check_V1_post_keyword( false );
-				break;
-			case 3 :
-				check_admin_referer('import-jkw');
-				$this->check_V2_post_keyword( true );
-				break;
-			case 4 :
-				check_admin_referer('import-jkw');
-				$this->check_V2_post_keyword( false );
-				break;
-			case 5:
-				check_admin_referer('import-jkw');
-				$this->cleanup_V2_import();
-				break;
-			case 6:
-				$this->done();
-				break;
-		}
-
-		// load the footer
-		$this->footer();
-	}
-
-	function check_V1_post_keyword($precheck = true) {
-		global $wpdb;
-
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Reading Jerome&#8217;s Keywords Tags&#8230;').'</h3></p>';
-
-		// import Jerome's Keywords tags
-		$metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'");
-		if ( !is_array($metakeys)) {
-			echo '<p>' . __('No Tags Found!') . '</p>';
-			return false;
-		} else {
-			$count = count($metakeys);
-			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> post with tags were read.', 'Done! <strong>%s</strong> posts with tags were read.', $count), $count ) . '<br /></p>';
-			echo '<ul>';
-			foreach ( $metakeys as $post_meta ) {
-				if ( $post_meta->meta_value != '' ) {
-					$post_keys = explode(',', $post_meta->meta_value);
-					foreach ( $post_keys as $keyword ) {
-						$keyword = addslashes(trim($keyword));
-						if ( '' != $keyword ) {
-							echo '<li>' . $post_meta->post_id . '&nbsp;-&nbsp;' . $keyword . '</li>';
-							if ( !$precheck )
-								wp_add_post_tags($post_meta->post_id, $keyword);
-						}
-					}
-				}
-				if ( !$precheck )
-					delete_post_meta($post_meta->post_id, 'keywords');
-			}
-			echo '</ul>';
-		}
-
-		echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 2:6).'" method="post">';
-		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-
-	function check_V2_post_keyword($precheck = true) {
-		global $wpdb;
-
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Reading Jerome&#8217;s Keywords Tags&#8230;').'</h3></p>';
-
-		// import Jerome's Keywords tags
-		$tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1);
-		$metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename");
-		if ( !is_array($metakeys) ) {
-			echo '<p>' . __('No Tags Found!') . '</p>';
-			return false;
-		} else {
-			$count = count($metakeys);
-			echo '<p>' . sprintf( _n('Done! <strong>%s</strong> tag were read.', 'Done! <strong>%s</strong> tags were read.', $count), $count ) . '<br /></p>';
-			echo '<ul>';
-			foreach ( $metakeys as $post_meta ) {
-				$keyword = addslashes(trim($post_meta->tag_name));
-				if ( $keyword != '' ) {
-					echo '<li>' . $post_meta->post_id . '&nbsp;-&nbsp;' . $keyword . '</li>';
-					if ( !$precheck )
-						wp_add_post_tags($post_meta->post_id, $keyword);
-				}
-			}
-		echo '</ul>';
-		}
-		echo '<form action="admin.php?import=jkw&amp;step='.($precheck? 4:5).'" method="post">';
-		wp_nonce_field('import-jkw');
-		echo '<p class="submit"><input type="submit" name="submit" class="button" value="'.esc_attr__('Next').'" /></p>';
-		echo '</form>';
-		echo '</div>';
-	}
-
-	function cleanup_V2_import() {
-		global $wpdb;
-
-		/* options from V2.0a (jeromes-keywords.php) */
-		$options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin');
-
-		$wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1));
-
-		foreach ( $options as $o )
-			delete_option('jkeywords_' . $o);
-
-		$this->done();
-	}
-
-	function done() {
-		echo '<div class="narrow">';
-		echo '<p><h3>'.__('Import Complete!').'</h3></p>';
-		echo '</div>';
-	}
-
-	function JeromesKeyword_Import() {
-	}
-
-}
-
-// create the import object
-$jkw_import = new JeromesKeyword_Import();
-
-// add it to the import page!
-register_importer('jkw', 'Jerome&#8217;s Keywords', __('Import Jerome&#8217;s Keywords into WordPress tags.'), array($jkw_import, 'dispatch'));
-
-?>
--- a/wp-admin/import/wordpress.php
+++ b/wp-admin/import/wordpress.php
@@ -684,8 +684,8 @@ class WP_Import {
 	}

 	function is_valid_meta_key($key) {
-		// skip _wp_attached_file metadata since we'll regenerate it from scratch
-		if ( $key == '_wp_attached_file' )
+		// skip attachment metadata since we'll regenerate it from scratch
+		if ( $key == '_wp_attached_file' || $key == '_wp_attachment_metadata' )
 			return false;
 		return $key;
 	}
--- a/wp-admin/includes/class-wp-filesystem-direct.php
+++ b/wp-admin/includes/class-wp-filesystem-direct.php
@@ -20,7 +20,6 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function WP_Filesystem_Direct($arg) {
 		$this->method = 'direct';
 		$this->errors = new WP_Error();
-		$this->permission = umask();
 	}
 	function connect() {
 		return true;
@@ -64,12 +63,22 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 		return true;
 	}
 	function chmod($file, $mode = false, $recursive = false) {
-		if ( ! $mode )
-			$mode = $this->permission;
 		if ( ! $this->exists($file) )
 			return false;
+
+		if ( ! $mode ) {
+			if ( $this->permission )
+				$mode = $this->permission;
+			elseif ( $this->is_file($file) )
+				$mode = FS_CHMOD_FILE;
+			elseif ( $this->is_dir($file) )
+				$mode = FS_CHMOD_DIR;
+			else
+				return false;	
+		}
+
 		if ( ! $recursive )
-			return @chmod($file,$mode);
+			return @chmod($file, $mode);
 		if ( ! $this->is_dir($file) )
 			return @chmod($file, $mode);
 		//Is a directory, and we want recursive
@@ -197,11 +206,9 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	}

 	function mkdir($path, $chmod = false, $chown = false, $chgrp = false){
-		if ( ! $chmod)
-			$chmod = $this->permission;
-
-		if ( ! @mkdir($path, $chmod) )
+		if ( ! @mkdir($path) )
 			return false;
+		$this->chmod($path, $chmod);
 		if ( $chown )
 			$this->chown($path, $chown);
 		if ( $chgrp )
--- a/wp-admin/includes/class-wp-filesystem-ssh2.php
+++ b/wp-admin/includes/class-wp-filesystem-ssh2.php
@@ -13,7 +13,7 @@
 *
 * @contrib http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/ - Installation Notes
 *
- * Complie libssh2 (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now.)
+ * Complie libssh2 (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now, But many users have found the latest versions work)
 *
 * cd /usr/src
 * wget http://surfnet.dl.sourceforge.net/sourceforge/libssh2/libssh2-0.14.tar.gz
@@ -22,7 +22,7 @@
 * ./configure
 * make all install
 *
- * Note: No not leave the directory yet!
+ * Note: Do not leave the directory yet!
 *
 * Enter: pecl install -f ssh2
 *
@@ -33,6 +33,7 @@
 * Restart Apache!
 * Check phpinfo() streams to confirm that: ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp  exist.
 *
+ * Note: as of WordPress 2.8, This utilises the PHP5+ function 'stream_get_contents'
 *
 * @since 2.7
 * @package WordPress
@@ -45,7 +46,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	var $sftp_link = false;
 	var $keys = false;
 	/*
-	 * This is the timeout value for ssh results to comeback.
+	 * This is the timeout value for ssh results.
 	 * Slower servers might need this incressed, but this number otherwise should not change.
 	 *
 	 * @parm $timeout int
@@ -66,8 +67,8 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			$this->errors->add('no_ssh2_ext', __('The ssh2 PHP extension is not available'));
 			return false;
 		}
-		if ( ! version_compare(phpversion(), '5', '>=') ) {
-			$this->errors->add('ssh2_php_requirement', __('The ssh2 PHP extension is available, however requires PHP 5+'));
+		if ( !function_exists('stream_get_contents') ) {
+			$this->errors->add('ssh2_php_requirement', __('The ssh2 PHP extension is available, however, we require the PHP5 function <code>stream_get_contents()</code>'));
 			return false;
 		}

@@ -101,7 +102,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			$this->options['username'] = $opt['username'];

 		if ( empty ($opt['password']) ) {
-			if ( !$this->keys )	//	 password can be blank if we are using keys
+			if ( !$this->keys )	//password can be blank if we are using keys
 				$this->errors->add('empty_password', __('SSH2 password is required'));
 		} else {
 			$this->options['password'] = $opt['password'];
@@ -128,7 +129,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			}
 		} else {
 			if ( ! @ssh2_auth_pubkey_file($this->link, $this->options['username'], $this->options['public_key'], $this->options['private_key'], $this->options['password'] ) ) {
-				$this->errors->add('auth', sprintf(__('Public and Private keys incorrent for %s'), $this->options['username']));
+				$this->errors->add('auth', sprintf(__('Public and Private keys incorrect for %s'), $this->options['username']));
 				return false;
 			}
 		}
@@ -148,10 +149,11 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		} else {
 			stream_set_blocking( $stream, true );
 			stream_set_timeout( $stream, $this->timeout );
-			$data = stream_get_contents($stream);
+			$data = stream_get_contents( $stream );
+			fclose( $stream );

 			if ( $returnbool )
-				return '' != trim($data);
+				return ( $data === false ) ? false : '' != trim($data);
 			else
 				return $data;
 		}
@@ -166,17 +168,17 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {

 	function get_contents($file, $type = '', $resumepos = 0 ) {
 		$file = ltrim($file, '/');
-		return file_get_contents('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return file_get_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function get_contents_array($file) {
 		$file = ltrim($file, '/');
-		return file('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return file('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function put_contents($file, $contents, $type = '' ) {
 		$file = ltrim($file, '/');
-		return file_put_contents('ssh2.sftp://' . $this->sftp_link .'/' . $file, $contents);
+		return file_put_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file, $contents);
 	}

 	function cwd() {
@@ -270,44 +272,43 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}

 	function exists($file) {
-		//return $this->run_command(sprintf('ls -lad %s', escapeshellarg($file)), true);
 		$file = ltrim($file, '/');
-		return file_exists('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return file_exists('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function is_file($file) {
 		$file = ltrim($file, '/');
-		return is_file('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return is_file('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function is_dir($path) {
 		$path = ltrim($path, '/');
-		return is_dir('ssh2.sftp://' . $this->sftp_link .'/' . $path);
+		return is_dir('ssh2.sftp://' . $this->sftp_link . '/' . $path);
 	}

 	function is_readable($file) {
 		$file = ltrim($file, '/');
-		return is_readable('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return is_readable('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function is_writable($file) {
 		$file = ltrim($file, '/');
-		return is_writable('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return is_writable('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function atime($file) {
 		$file = ltrim($file, '/');
-		return fileatime('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return fileatime('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function mtime($file) {
 		$file = ltrim($file, '/');
-		return filemtime('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return filemtime('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function size($file) {
 		$file = ltrim($file, '/');
-		return filesize('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return filesize('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}

 	function touch($file, $time = 0, $atime = 0) {
@@ -379,4 +380,4 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		unset($dir);
 		return $ret;
 	}
-}
+}
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -89,8 +89,8 @@ function get_comment_to_edit( $id ) {

 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
-	$comment->comment_author_url = esc_url($comment->comment_author_url);
 	$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
+	$comment->comment_author_url = esc_url($comment->comment_author_url);

 	return $comment;
 }
--- a/wp-admin/includes/dashboard.php
+++ b/wp-admin/includes/dashboard.php
@@ -605,7 +605,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 }

 function wp_dashboard_incoming_links() {
-	wp_dashboard_cached_rss_widget( 'dashboard_incoming_links', 'wp_dashboard_incoming_links_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 /**
@@ -634,8 +634,10 @@ function wp_dashboard_incoming_links_output() {

 	echo "<ul>\n";

-	$count = 0;
-	foreach ( $rss->get_items() as $item ) {
+	if ( !isset($items) )
+		$items = 10;
+
+	foreach ( $rss->get_items(0, $items) as $item ) {
 		$publisher = '';
 		$site_link = '';
 		$link = '';
@@ -644,10 +646,14 @@ function wp_dashboard_incoming_links_output() {
 		$link = esc_url( strip_tags( $item->get_link() ) );

 		$author = $item->get_author();
-		$site_link = esc_url( strip_tags( $author->get_link() ) );
+		if ( $author ) {
+			$site_link = esc_url( strip_tags( $author->get_link() ) );

-		if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
-			$publisher = __( 'Somebody' );
+			if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
+				$publisher = __( 'Somebody' );
+		} else {
+		  $publisher = __( 'Somebody' );
+		}
 		if ( $site_link )
 			$publisher = "<a href='$site_link'>$publisher</a>";
 		else
@@ -684,7 +690,7 @@ function wp_dashboard_incoming_links_control() {
 }

 function wp_dashboard_primary() {
-	wp_dashboard_cached_rss_widget( 'dashboard_primary', 'wp_dashboard_rss_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 function wp_dashboard_primary_control() {
@@ -706,7 +712,7 @@ function wp_dashboard_rss_output( $widget_id ) {
 }

 function wp_dashboard_secondary() {
-	wp_dashboard_cached_rss_widget( 'dashboard_secondary', 'wp_dashboard_secondary_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 function wp_dashboard_secondary_control() {
@@ -741,11 +747,7 @@ function wp_dashboard_secondary_output() {
 }

 function wp_dashboard_plugins() {
-	wp_dashboard_cached_rss_widget( 'dashboard_plugins', 'wp_dashboard_plugins_output', array(
-		'http://wordpress.org/extend/plugins/rss/browse/popular/',
-		'http://wordpress.org/extend/plugins/rss/browse/new/',
-		'http://wordpress.org/extend/plugins/rss/browse/updated/'
-	) );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }

 /**
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -445,7 +445,7 @@ function download_url( $url ) {
 	if ( ! $handle )
 		return new WP_Error('http_no_file', __('Could not create Temporary file'));

-	$response = wp_remote_get($url, array('timeout' => 30));
+	$response = wp_remote_get($url, array('timeout' => 60));

 	if ( is_wp_error($response) ) {
 		fclose($handle);
@@ -645,7 +645,7 @@ function get_filesystem_method($args = array(), $context = false) {
 		}
 	}

-	if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') && extension_loaded('sockets') ) $method = 'ssh2';
+	if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') && function_exists('stream_get_contents') ) $method = 'ssh2';
 	if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
 	if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
 	return apply_filters('filesystem_method', $method, $args);
@@ -761,7 +761,7 @@ jQuery(function($){
 <td><input name="password" type="password" id="password" value="<?php if ( defined('FTP_PASS') ) echo '*****'; ?>"<?php if ( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>

-<?php if ( extension_loaded('ssh2') ) : ?>
+<?php if ( extension_loaded('ssh2') && function_exists('stream_get_contents') ) : ?>
 <tr id="ssh_keys" valign="top" style="<?php if ( 'ssh' != $connection_type ) echo 'display:none' ?>">
 <th scope="row"><?php _e('Authentication Keys') ?>
 <div class="key-labels textright">
@@ -781,7 +781,7 @@ jQuery(function($){
 <?php if ( 'ftpext' == $type ) : ?>
 <br /><label><input id="ftps" name="connection_type" type="radio" value="ftps" <?php checked('ftps', $connection_type); if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"';  ?>/> <?php _e('FTPS (SSL)') ?></label>
 <?php endif; ?>
-<?php if ( extension_loaded('ssh2') ) : ?>
+<?php if ( extension_loaded('ssh2') && function_exists('stream_get_contents') ) : ?>
 <br /><label><input id="ssh" name="connection_type" type="radio" value="ssh" <?php checked('ssh', $connection_type);  if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"'; ?>/> <?php _e('SSH') ?></label>
 <?php endif; ?>
 </fieldset>
--- a/wp-admin/includes/manifest.php
+++ b/wp-admin/includes/manifest.php
@@ -92,8 +92,7 @@ function &get_manifest() {

 	if ( @is_file('../wp-includes/js/tinymce/tiny_mce.js') ) :
 	$mce = array(
-		array('../wp-includes/js/tinymce/wp-tinymce.php', 'c=1&' . $mce_ver, true),
-		array('../wp-includes/js/tinymce/wp-tinymce.php', 'c=0&' . $mce_ver, true),
+		array('../wp-includes/js/tinymce/wp-tinymce.php', $mce_ver, true),

 		array('../wp-includes/js/tinymce/tiny_mce.js', $mce_ver, true),
 		array('../wp-includes/js/tinymce/langs/wp-langs-en.js', $mce_ver, true),
--- a/wp-admin/includes/media.php
+++ b/wp-admin/includes/media.php
@@ -369,7 +369,6 @@ EOF;
 	printf($context, $out);
 }
 add_action( 'media_buttons', 'media_buttons' );
-add_action('media_upload_media', 'media_upload_handler');

 /**
 * {@internal Missing Short Description}}
@@ -381,7 +380,7 @@ add_action('media_upload_media', 'media_upload_handler');
 function media_upload_form_handler() {
 	check_admin_referer('media-form');

-	$errors = array();
+	$errors = null;

 	if ( isset($_POST['send']) ) {
 		$keys = array_keys($_POST['send']);
@@ -1312,10 +1311,10 @@ var swfu;
 SWFUpload.onload = function() {
 	var settings = {
 			button_text: '<span class="button"><?php _e('Select Files'); ?></span>',
-			button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande","Lucida Sans Unicode",Tahoma,Verdana,sans-serif; }',
+			button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif; }',
 			button_height: "24",
 			button_width: "132",
-			button_text_top_padding: 1,
+			button_text_top_padding: 2,
 			button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
 			button_placeholder_id: "flash-browse-button",
 			upload_url : "<?php echo esc_attr( $flash_action_url ); ?>",
--- a/wp-admin/includes/misc.php
+++ b/wp-admin/includes/misc.php
@@ -72,7 +72,9 @@ function insert_with_markers( $filename, $marker, $insertion ) {
 			$markerdata = explode( "\n", implode( '', file( $filename ) ) );
 		}

-		$f = fopen( $filename, 'w' );
+		if ( !$f = @fopen( $filename, 'w' ) )
+			return false;
+
 		$foundit = false;
 		if ( $markerdata ) {
 			$state = true;
@@ -270,6 +272,9 @@ function wp_doc_link_parse( $content ) {
 	if ( !is_string( $content ) || empty( $content ) )
 		return array();

+	if ( !function_exists('token_get_all') )
+		return array();
+
 	$tokens = token_get_all( $content );
 	$functions = array();
 	$ignore_functions = array();
--- a/wp-admin/includes/plugin-install.php
+++ b/wp-admin/includes/plugin-install.php
@@ -46,6 +46,8 @@ function plugins_api($action, $args = null) {
 			if ( ! $res )
 				$res = new WP_Error('plugins_api_failed', __('An unknown error occurred'), $request['body']);
 		}
+	} elseif ( !is_wp_error($res) ) {
+		$res->external = true;
 	}

 	return apply_filters('plugins_api_result', $res, $action, $args);
@@ -441,7 +443,7 @@ function install_plugin_information() {
 			//Default to a "new" plugin
 			$type = 'install';
 			//Check to see if this plugin is known to be installed, and has an update awaiting it.
-			$update_plugins = get_option('update_plugins');
+			$update_plugins = get_transient('update_plugins');
 			if ( is_object( $update_plugins ) ) {
 				foreach ( (array)$update_plugins->response as $file => $plugin ) {
 					if ( $plugin->slug === $api->slug ) {
@@ -462,7 +464,7 @@ function install_plugin_information() {
 						$newer_version = $installed_plugin[ $key ]['Version'];
 					} else {
 						//If the above update check failed, Then that probably means that the update checker has out-of-date information, force a refresh
-						delete_option('update_plugins');
+						delete_transient('update_plugins');
 						$update_file = $api->slug . '/' . $key; //This code branch only deals with a plugin which is in a folder the same name as its slug, Doesnt support plugins which have 'non-standard' names
 						$type = 'update_available';
 					}
@@ -509,12 +511,13 @@ function install_plugin_information() {
 			<li><strong><?php _e('Compatible up to:') ?></strong> <?php echo $api->tested ?></li>
 <?php endif; if ( ! empty($api->downloaded) ) : ?>
 			<li><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $api->downloaded), number_format_i18n($api->downloaded)) ?></li>
-<?php endif; if ( ! empty($api->slug) ) : ?>
+<?php endif; if ( ! empty($api->slug) && empty($api->external) ) : ?>
 			<li><a target="_blank" href="http://wordpress.org/extend/plugins/<?php echo $api->slug ?>/"><?php _e('WordPress.org Plugin Page &#187;') ?></a></li>
 <?php endif; if ( ! empty($api->homepage) ) : ?>
 			<li><a target="_blank" href="<?php echo $api->homepage ?>"><?php _e('Plugin Homepage  &#187;') ?></a></li>
 <?php endif; ?>
 		</ul>
+		<?php if ( ! empty($api->rating) ) : ?>
 		<h2><?php _e('Average Rating') ?></h2>
 		<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
 			<div class="star star-rating" style="width: <?php echo esc_attr($api->rating) ?>px"></div>
@@ -525,6 +528,7 @@ function install_plugin_information() {
 			<div class="star star1"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('1 star') ?>" /></div>
 		</div>
 		<small><?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?></small>
+		<?php endif; ?>
 	</div>
 	<div id="section-holder" class="wrap">
 	<?php
--- a/wp-admin/includes/plugin.php
+++ b/wp-admin/includes/plugin.php
@@ -585,7 +585,7 @@ function uninstall_plugin($plugin) {
 //

 function add_menu_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '' ) {
-	global $menu, $admin_page_hooks;
+	global $menu, $admin_page_hooks, $_registered_pages;

 	$file = plugin_basename( $file );

@@ -602,11 +602,13 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio

 	$menu[] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );

+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }

 function add_object_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_object_menu;
+	global $menu, $admin_page_hooks, $_wp_last_object_menu, $_registered_pages;

 	$file = plugin_basename( $file );

@@ -623,11 +625,13 @@ function add_object_page( $page_title, $menu_title, $access_level, $file, $funct

 	$menu[$_wp_last_object_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );

+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }

 function add_utility_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_utility_menu;
+	global $menu, $admin_page_hooks, $_wp_last_utility_menu, $_registered_pages;

 	$file = plugin_basename( $file );

@@ -646,6 +650,8 @@ function add_utility_page( $page_title, $menu_title, $access_level, $file, $func

 	$menu[$_wp_last_utility_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );

+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }

@@ -654,6 +660,7 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	global $menu;
 	global $_wp_real_parent_file;
 	global $_wp_submenu_nopriv;
+	global $_registered_pages;

 	$file = plugin_basename( $file );

@@ -683,6 +690,11 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	if (!empty ( $function ) && !empty ( $hookname ))
 		add_action( $hookname, $function );

+	$_registered_pages[$hookname] = true;
+	// backwards-compatibility for plugins using add_management page.  See wp-admin/admin.php for redirect from edit.php to tools.php
+	if ( 'tools.php' == $parent ) 
+		$_registered_pages[get_plugin_page_hookname( $file, 'edit.php')] = true;
+
 	return $hookname;
 }

@@ -919,14 +931,21 @@ function user_can_access_admin_page() {
 	global $_wp_menu_nopriv;
 	global $_wp_submenu_nopriv;
 	global $plugin_page;
+	global $_registered_pages;

 	$parent = get_admin_page_parent();

 	if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
 		return false;

-	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
-		return false;
+	if ( isset( $plugin_page ) ) {
+		if ( isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
+			return false;
+
+		$hookname = get_plugin_page_hookname($plugin_page, $parent);
+		if ( !isset($_registered_pages[$hookname]) )
+			return false;
+	}

 	if ( empty( $parent) ) {
 		if ( isset( $_wp_menu_nopriv[$pagenow] ) )
@@ -935,6 +954,8 @@ function user_can_access_admin_page() {
 			return false;
 		if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) )
 			return false;
+		if ( isset( $plugin_page ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+			return false;
 		foreach (array_keys( $_wp_submenu_nopriv ) as $key ) {
 			if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
 				return false;
@@ -944,6 +965,9 @@ function user_can_access_admin_page() {
 		return true;
 	}

+	if ( isset( $plugin_page ) && ( $plugin_page == $parent ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+		return false;
+
 	if ( isset( $submenu[$parent] ) ) {
 		foreach ( $submenu[$parent] as $submenu_array ) {
 			if ( isset( $plugin_page ) && ( $submenu_array[2] == $plugin_page ) ) {
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -246,7 +246,7 @@ function bulk_edit_posts( $post_data = null ) {

 	if ( isset($post_data['post_category']) ) {
 		if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
-			$new_cats = array_map( absint, $post_data['post_category'] );
+			$new_cats = array_map( 'absint', $post_data['post_category'] );
 		else
 			unset($post_data['post_category']);
 	}
@@ -1059,6 +1059,32 @@ function wp_set_post_lock( $post_id ) {
 		update_post_meta( $post->ID, '_edit_last', $current_user->ID );
 }

+/**
+ * Outputs the notice message to say that someone else is editing this post at the moment.
+ * 
+ * @since 2.8.5
+ * @return none
+ */
+function _admin_notice_post_locked() {
+	global $post;
+	$last_user = get_userdata( get_post_meta( $post->ID, '_edit_last', true ) );
+	$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
+	
+	switch ($post->post_type) {
+		case 'post':
+			$message = __( 'Warning: %s is currently editing this post' );
+			break;
+		case 'page':
+			$message = __( 'Warning: %s is currently editing this page' );
+			break;
+		default:
+			$message = __( 'Warning: %s is currently editing this.' );
+	}
+	
+	$message = sprintf( $message, esc_html( $last_user_name ) );
+	echo "<div class='error'><p>$message</p></div>";	
+}
+
 /**
 * Creates autosave data for the specified post from $_POST data.
 *
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -1447,6 +1447,8 @@ function _post_row($a_post, $pending_comments, $mode) {
 			if ( current_user_can('edit_post', $post->ID) ) {
 				$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
 				$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
+			}
+			if ( current_user_can('delete_post', $post->ID) ) {
 				$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
 			}
 			if ( in_array($post->post_status, array('pending', 'draft')) ) {
@@ -1660,6 +1662,8 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
 		if ( current_user_can('edit_page', $page->ID) ) {
 			$actions['edit'] = '<a href="' . $edit_link . '" title="' . esc_attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
 			$actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
+		}
+		if ( current_user_can('delete_page', $page->ID) ) {
 			$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
 		}
 		if ( in_array($post->post_status, array('pending', 'draft')) ) {
@@ -2081,9 +2085,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
 	$author_url = get_comment_author_url();
 	if ( 'http://' == $author_url )
 		$author_url = '';
-	$author_url_display = $author_url;
-	$author_url_display = str_replace('http://www.', '', $author_url_display);
-	$author_url_display = str_replace('http://', '', $author_url_display);
+	$author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url);
 	if ( strlen($author_url_display) > 50 )
 		$author_url_display = substr($author_url_display, 0, 49) . '...';

@@ -3471,11 +3473,6 @@ function screen_meta($screen) {
 				$_wp_contextual_help[$screen] = $help;
 			}
 			break;
-		case 'theme-editor':
-		case 'plugin-editor':
-			$settings = '<p><a id="codepress-on" href="' . $screen . '.php?codepress=on">' . __('Enable syntax highlighting') . '</a><a id="codepress-off" href="' . $screen . '.php?codepress=off">' . __('Disable syntax highlighting') . "</a></p>\n";
-			$show_screen = true;
-			break;
 		case 'widgets':
 			if ( !isset($_wp_contextual_help['widgets']) ) {
 				$help = widgets_help();
--- a/wp-admin/includes/update-core.php
+++ b/wp-admin/includes/update-core.php
@@ -126,6 +126,8 @@ $_old_files = array(
 'wp-admin/edit-form-ajax-cat.php',
 'wp-admin/execute-pings.php',
 'wp-admin/import/b2.php',
+'wp-admin/import/btt.php',
+'wp-admin/import/jkw.php',
 'wp-admin/inline-uploading.php',
 'wp-admin/link-categories.php',
 'wp-admin/list-manipulation.js',
@@ -229,7 +231,7 @@ function update_core($from, $to) {
 	$result = copy_dir($from . '/wordpress', $to);
 	if ( is_wp_error($result) ) {
 		$wp_filesystem->delete($maintenance_file);
-		$wp_filesystem->delete($working_dir, true);
+		$wp_filesystem->delete($from, true);
 		return $result;
 	}

--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -253,7 +253,7 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true, $post_type = 'p
 		if ( $user->has_cap("edit_{$post_type}s") || $exclude_zeros == false )
 			return array($user->id);
 		else
-			return false;
+			return array();
 	}

 	$level_key = $wpdb->prefix . 'user_level';
--- a/wp-admin/includes/widgets.php
+++ b/wp-admin/includes/widgets.php
@@ -97,10 +97,13 @@ function wp_list_widget_controls_dynamic_sidebar( $params ) {

 function next_widget_id_number($id_base) {
 	global $wp_registered_widgets;
-	$number = 2;
+	$number = 1;

-	while ( isset($wp_registered_widgets["$id_base-$number"]) )
-		$number++;
+	foreach ( $wp_registered_widgets as $widget_id => $widget ) {
+		if ( preg_match( '/' . $id_base . '-([0-9]+)$/', $widget_id, $matches ) )
+			$number = max($number, $matches[1]);
+	}
+	$number++;

 	return $number;
 }
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -49,6 +49,12 @@ header( 'Content-Type: text/html; charset=utf-8' );
 }//end function display_header();

 function display_setup_form( $error = null ) {
+	// Ensure that Blogs appear in search engines by default
+	$blog_public = 1;
+	if ( isset($_POST) && !empty($_POST) ) {
+		$blog_public = isset($_POST['blog_public']);
+	}
+	
 	if ( ! is_null( $error ) ) {
 ?>
 <p><?php printf( __('<strong>ERROR</strong>: %s'), $error); ?></p>
@@ -65,7 +71,7 @@ function display_setup_form( $error = null ) {
 			<?php _e('Double-check your email address before continuing.'); ?>
 		</tr>
 		<tr>
-			<td colspan="2"><label><input type="checkbox" name="blog_public" value="1"<?php if( isset($_POST) && ! empty($_POST) && isset( $_POST['blog_public'] ) ) : ?> checked="checked"<?php endif; ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
+			<td colspan="2"><label><input type="checkbox" name="blog_public" value="1" <?php checked($blog_public); ?> /> <?php _e('Allow my blog to appear in search engines like Google and Technorati.'); ?></label></td>
 		</tr>
 	</table>
 	<p class="step"><input type="submit" name="Submit" value="<?php esc_attr_e('Install WordPress'); ?>" class="button" /></p>
--- a/wp-admin/js/dashboard.dev.js
+++ b/wp-admin/js/dashboard.dev.js
@@ -1,6 +1,6 @@
+var ajaxWidgets, ajaxPopulateWidgets, quickPressLoad;

 jQuery(document).ready( function($) {
-	var ajaxWidgets, ajaxPopulateWidgets, quickPressLoad;
 	// These widgets are sometimes populated via ajax
 	ajaxWidgets = [
 		'dashboard_incoming_links',
@@ -9,15 +9,35 @@ jQuery(document).ready( function($) {
 		'dashboard_plugins'
 	];

-	ajaxPopulateWidgets = function() {
-		$.each( ajaxWidgets, function() {
-			var e = jQuery('#' + this + ':visible div.inside').find('.widget-loading');
-			if ( e.size() ) { e.parent().load('index-extra.php?jax=' + this); }
-		} );
+	ajaxPopulateWidgets = function(el) {
+		show = function(id, i) {
+			var p, e = $('#' + id + ' div.inside:visible').find('.widget-loading');
+			if ( e.length ) {
+				p = e.parent();
+				setTimeout( function(){
+					p.load('index-extra.php?jax=' + id, '', function() {
+						p.hide().slideDown('normal', function(){
+							$(this).css('display', '');
+							if ( 'dashboard_plugins' == id && $.isFunction(tb_init) )
+								tb_init('#dashboard_plugins a.thickbox');
+						});
+					});
+				}, i * 500 );
+			}
+		}
+		if ( el ) {
+			el = el.toString();
+			if ( $.inArray(el, ajaxWidgets) != -1 )
+				show(el, 0);
+		} else {
+			$.each( ajaxWidgets, function(i) {
+				show(this, i);
+			});
+		}
 	};
 	ajaxPopulateWidgets();

-	postboxes.add_postbox_toggles('dashboard', { onShow: ajaxPopulateWidgets } );
+	postboxes.add_postbox_toggles('dashboard', { pbshow: ajaxPopulateWidgets } );

 	/* QuickPress */
 	quickPressLoad = function() {
--- a/wp-admin/js/dashboard.js
+++ b/wp-admin/js/dashboard.js
@@ -1 +1 @@
-jQuery(document).ready(function(c){var a,b,d;a=["dashboard_incoming_links","dashboard_primary","dashboard_secondary","dashboard_plugins"];b=function(){c.each(a,function(){var f=jQuery("#"+this+":visible div.inside").find(".widget-loading");if(f.size()){f.parent().load("index-extra.php?jax="+this)}})};b();postboxes.add_postbox_toggles("dashboard",{onShow:b});d=function(){var e=c("#quickpost-action"),f;f=c("#quick-press").submit(function(){c("#dashboard_quick_press h3").append('<img src="images/wpspin_light.gif" style="margin: 0 6px 0 0; vertical-align: middle" />');c('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","disabled");if("post"==e.val()){e.val("post-quickpress-publish")}c("#dashboard_quick_press div.inside").load(f.attr("action"),f.serializeArray(),function(){c("#dashboard_quick_press h3 img").remove();c('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","");c("#dashboard_quick_press ul").find("li").each(function(){c("#dashboard_recent_drafts ul").prepend(this)}).end().remove();tb_init("a.thickbox");d()});return false});c("#publish").click(function(){e.val("post-quickpress-publish")})};d()});
+var ajaxWidgets,ajaxPopulateWidgets,quickPressLoad;jQuery(document).ready(function(a){ajaxWidgets=["dashboard_incoming_links","dashboard_primary","dashboard_secondary","dashboard_plugins"];ajaxPopulateWidgets=function(b){show=function(g,c){var f,d=a("#"+g+" div.inside:visible").find(".widget-loading");if(d.length){f=d.parent();setTimeout(function(){f.load("index-extra.php?jax="+g,"",function(){f.hide().slideDown("normal",function(){a(this).css("display","");if("dashboard_plugins"==g&&a.isFunction(tb_init)){tb_init("#dashboard_plugins a.thickbox")}})})},c*500)}};if(b){b=b.toString();if(a.inArray(b,ajaxWidgets)!=-1){show(b,0)}}else{a.each(ajaxWidgets,function(c){show(this,c)})}};ajaxPopulateWidgets();postboxes.add_postbox_toggles("dashboard",{pbshow:ajaxPopulateWidgets});quickPressLoad=function(){var b=a("#quickpost-action"),c;c=a("#quick-press").submit(function(){a("#dashboard_quick_press h3").append('<img src="images/wpspin_light.gif" style="margin: 0 6px 0 0; vertical-align: middle" />');a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","disabled");if("post"==b.val()){b.val("post-quickpress-publish")}a("#dashboard_quick_press div.inside").load(c.attr("action"),c.serializeArray(),function(){a("#dashboard_quick_press h3 img").remove();a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","");a("#dashboard_quick_press ul").find("li").each(function(){a("#dashboard_recent_drafts ul").prepend(this)}).end().remove();tb_init("a.thickbox");quickPressLoad()});return false});a("#publish").click(function(){b.val("post-quickpress-publish")})};quickPressLoad()});
--- a/wp-admin/js/edit-comments.dev.js
+++ b/wp-admin/js/edit-comments.dev.js
@@ -23,7 +23,7 @@ setCommentsList = function() {
 			if ( isNaN(n) ) return;
 			n = n + ( $('#' + settings.element).is('.' + settings.dimClass) ? 1 : -1 );
 			if ( n < 0 ) { n = 0; }
-			$('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
+			a.parents('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
 			n = n.toString();
 			if ( n.length > 3 )
 				n = n.substr(0, n.length-3)+' '+n.substr(-3);
@@ -77,7 +77,7 @@ setCommentsList = function() {
 				n = n + 1;
 			}
 			if ( n < 0 ) { n = 0; }
-			$('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
+			a.parents('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
 			n = n.toString();
 			if ( n.length > 3 )
 				n = n.substr(0, n.length-3)+' '+n.substr(-3);
--- a/wp-admin/js/edit-comments.js
+++ b/wp-admin/js/edit-comments.js
--- a/wp-admin/js/post.dev.js
+++ b/wp-admin/js/post.dev.js
@@ -212,10 +212,6 @@ var commentsBox, tagCloud;
 jQuery(document).ready( function($) {
 	var noSyncChecks = false, syncChecks, catAddAfter, stamp = $('#timestamp').html(), visibility = $('#post-visibility-display').html(), sticky = '';

-	// for Press This
-	if ( typeof autosave != 'function' )
-		autosave = function(){};
-
 	// postboxes
 	postboxes.add_postbox_toggles('post');

@@ -225,7 +221,13 @@ jQuery(document).ready( function($) {
 	// prepare the tag UI
 	tag_init();

-	$('#title').blur( function() { if ( ($("#post_ID").val() > 0) || ($("#title").val().length == 0) ) return; autosave(); } );
+	$('#title').blur( function() {
+		if ( ($("#post_ID").val() > 0) || ($("#title").val().length == 0) )
+			return;
+
+		if ( typeof(autosave) != 'undefined' )
+			autosave();
+	});

 	// auto-suggest stuff
 	$('.newtag').each(function(){
@@ -477,7 +479,7 @@ jQuery(document).ready( function($) {
 	// Custom Fields
 	$('#the-list').wpList( { addAfter: function( xml, s ) {
 		$('table#list-table').show();
-		if ( $.isFunction( autosave_update_post_ID ) ) {
+		if ( typeof( autosave_update_post_ID ) != 'undefined' ) {
 			autosave_update_post_ID(s.parsed.responses[0].supplemental.postid);
 		}
 	}, addBefore: function( s ) {
--- a/wp-admin/js/post.js
+++ b/wp-admin/js/post.js
--- a/wp-admin/js/postbox.dev.js
+++ b/wp-admin/js/postbox.dev.js
@@ -4,15 +4,15 @@ var postboxes;
 		add_postbox_toggles : function(page,args) {
 			this.init(page,args);
 			$('.postbox h3, .postbox .handlediv').click( function() {
-				var p = $(this).parent('.postbox');
-				/*
-				if ( p.hasClass('noclick') ) {
-					p.removeClass('noclick');
-					return false;
-				}
-				*/
+				var p = $(this).parent('.postbox'), id = p.attr('id');
 				p.toggleClass('closed');
 				postboxes.save_state(page);
+				if ( id ) {
+					if ( !p.hasClass('closed') && $.isFunction(postboxes.pbshow) )
+						postboxes.pbshow(id);
+					else if ( p.hasClass('closed') && $.isFunction(postboxes.pbhide) )
+						postboxes.pbhide(id);
+				}
 			} );
 			$('.postbox h3 a').click( function(e) {
 				e.stopPropagation();
--- a/wp-admin/js/postbox.js
+++ b/wp-admin/js/postbox.js
@@ -1 +1 @@
-var postboxes;(function(a){postboxes={add_postbox_toggles:function(c,b){this.init(c,b);a(".postbox h3, .postbox .handlediv").click(function(){var e=a(this).parent(".postbox");e.toggleClass("closed");postboxes.save_state(c)});a(".postbox h3 a").click(function(f){f.stopPropagation()});a(".hide-postbox-tog").click(function(){var e=a(this).val();if(a(this).attr("checked")){a("#"+e).show();if(a.isFunction(postboxes.pbshow)){postboxes.pbshow(e)}}else{a("#"+e).hide();if(a.isFunction(postboxes.pbhide)){postboxes.pbhide(e)}}postboxes.save_state(c)});a('.columns-prefs input[type="radio"]').click(function(){var e=a(this).val(),f,g,h=a("#poststuff");if(h.length){if(e==2){h.addClass("has-right-sidebar");a("#side-sortables").addClass("temp-border")}else{if(e==1){h.removeClass("has-right-sidebar");a("#normal-sortables").append(a("#side-sortables").children(".postbox"))}}}else{for(f=4;(f>e&&f>1);f--){g=a("#"+d(f)+"-sortables");a("#"+d(f-1)+"-sortables").append(g.children(".postbox"));g.parent().hide()}for(f=1;f<=e;f++){g=a("#"+d(f)+"-sortables");if(g.parent().is(":hidden")){g.addClass("temp-border").parent().show()}}a(".postbox-container:visible").css("width",98/e+"%")}postboxes.save_order(c)});function d(e){switch(e){case 1:return"normal";break;case 2:return"side";break;case 3:return"column3";break;case 4:return"column4";break;default:return""}}},init:function(c,b){a.extend(this,b||{});a("#wpbody-content").css("overflow","hidden");a(".meta-box-sortables").sortable({placeholder:"sortable-placeholder",connectWith:".meta-box-sortables",items:".postbox",handle:".hndle",cursor:"move",distance:2,tolerance:"pointer",forcePlaceholderSize:true,helper:"clone",opacity:0.65,start:function(f,d){a("body").css({WebkitUserSelect:"none",KhtmlUserSelect:"none"})},stop:function(f,d){postboxes.save_order(c);d.item.parent().removeClass("temp-border");a("body").css({WebkitUserSelect:"",KhtmlUserSelect:""})}})},save_state:function(d){var b=a(".postbox").filter(".closed").map(function(){return this.id}).get().join(","),c=a(".postbox").filter(":hidden").map(function(){return this.id}).get().join(",");a.post(postboxL10n.requestFile,{action:"closed-postboxes",closed:b,hidden:c,closedpostboxesnonce:jQuery("#closedpostboxesnonce").val(),page:d})},save_order:function(c){var b,d=a(".columns-prefs input:checked").val()||0;b={action:"meta-box-order",_ajax_nonce:a("#meta-box-order-nonce").val(),page_columns:d,page:c};a(".meta-box-sortables").each(function(){b["order["+this.id.split("-")[0]+"]"]=a(this).sortable("toArray").join(",")});a.post(postboxL10n.requestFile,b)},pbshow:false,pbhide:false}}(jQuery));
+var postboxes;(function(a){postboxes={add_postbox_toggles:function(c,b){this.init(c,b);a(".postbox h3, .postbox .handlediv").click(function(){var e=a(this).parent(".postbox"),f=e.attr("id");e.toggleClass("closed");postboxes.save_state(c);if(f){if(!e.hasClass("closed")&&a.isFunction(postboxes.pbshow)){postboxes.pbshow(f)}else{if(e.hasClass("closed")&&a.isFunction(postboxes.pbhide)){postboxes.pbhide(f)}}}});a(".postbox h3 a").click(function(f){f.stopPropagation()});a(".hide-postbox-tog").click(function(){var e=a(this).val();if(a(this).attr("checked")){a("#"+e).show();if(a.isFunction(postboxes.pbshow)){postboxes.pbshow(e)}}else{a("#"+e).hide();if(a.isFunction(postboxes.pbhide)){postboxes.pbhide(e)}}postboxes.save_state(c)});a('.columns-prefs input[type="radio"]').click(function(){var e=a(this).val(),f,g,h=a("#poststuff");if(h.length){if(e==2){h.addClass("has-right-sidebar");a("#side-sortables").addClass("temp-border")}else{if(e==1){h.removeClass("has-right-sidebar");a("#normal-sortables").append(a("#side-sortables").children(".postbox"))}}}else{for(f=4;(f>e&&f>1);f--){g=a("#"+d(f)+"-sortables");a("#"+d(f-1)+"-sortables").append(g.children(".postbox"));g.parent().hide()}for(f=1;f<=e;f++){g=a("#"+d(f)+"-sortables");if(g.parent().is(":hidden")){g.addClass("temp-border").parent().show()}}a(".postbox-container:visible").css("width",98/e+"%")}postboxes.save_order(c)});function d(e){switch(e){case 1:return"normal";break;case 2:return"side";break;case 3:return"column3";break;case 4:return"column4";break;default:return""}}},init:function(c,b){a.extend(this,b||{});a("#wpbody-content").css("overflow","hidden");a(".meta-box-sortables").sortable({placeholder:"sortable-placeholder",connectWith:".meta-box-sortables",items:".postbox",handle:".hndle",cursor:"move",distance:2,tolerance:"pointer",forcePlaceholderSize:true,helper:"clone",opacity:0.65,start:function(f,d){a("body").css({WebkitUserSelect:"none",KhtmlUserSelect:"none"})},stop:function(f,d){postboxes.save_order(c);d.item.parent().removeClass("temp-border");a("body").css({WebkitUserSelect:"",KhtmlUserSelect:""})}})},save_state:function(d){var b=a(".postbox").filter(".closed").map(function(){return this.id}).get().join(","),c=a(".postbox").filter(":hidden").map(function(){return this.id}).get().join(",");a.post(postboxL10n.requestFile,{action:"closed-postboxes",closed:b,hidden:c,closedpostboxesnonce:jQuery("#closedpostboxesnonce").val(),page:d})},save_order:function(c){var b,d=a(".columns-prefs input:checked").val()||0;b={action:"meta-box-order",_ajax_nonce:a("#meta-box-order-nonce").val(),page_columns:d,page:c};a(".meta-box-sortables").each(function(){b["order["+this.id.split("-")[0]+"]"]=a(this).sortable("toArray").join(",")});a.post(postboxL10n.requestFile,b)},pbshow:false,pbhide:false}}(jQuery));
--- a/wp-admin/link-add.php
+++ b/wp-admin/link-add.php
@@ -9,6 +9,9 @@
 /** Load WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_links') )
+	wp_die(__('You do not have sufficient permissions to add links to this blog.'));
+
 $title = __('Add New Link');
 $parent_file = 'link-manager.php';

--- a/wp-admin/link-parse-opml.php
+++ b/wp-admin/link-parse-opml.php
@@ -6,8 +6,8 @@
 * @subpackage Administration
 */

-/** Load WordPress Bootstrap */
-require_once('../wp-load.php');
+if ( ! defined('ABSPATH') )
+	die();

 global $opml, $map;

--- a/wp-admin/media-upload.php
+++ b/wp-admin/media-upload.php
@@ -29,16 +29,7 @@ if ( isset($action) && $action == 'edit' && !$ID )
 	wp_die(__("You are not allowed to be here"));

 if ( isset($_GET['inline']) ) {
-
-	if ( isset($_GET['upload-page-form']) ) {
-		$errors = media_upload_form_handler();
-
-		$location = 'upload.php';
-		if ( $errors )
-			$location .= '?message=3';
-
-		wp_redirect( admin_url($location) );
-	}
+	$errors = array();

 	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
 		// Upload File button was clicked
@@ -50,6 +41,16 @@ if ( isset($_GET['inline']) ) {
 		}
 	}

+	if ( isset($_GET['upload-page-form']) ) {
+		$errors = array_merge($errors, (array) media_upload_form_handler());
+
+		$location = 'upload.php';
+		if ( $errors )
+			$location .= '?message=3';
+
+		wp_redirect( admin_url($location) );
+	}
+
 	$title = __('Upload New Media');
 	$parent_file = 'upload.php';
 	require_once('admin-header.php'); ?>
--- a/wp-admin/menu-header.php
+++ b/wp-admin/menu-header.php
@@ -74,7 +74,10 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 		} elseif ( $submenu_as_parent && !empty($submenu[$item[2]]) ) {
 			$submenu[$item[2]] = array_values($submenu[$item[2]]);  // Re-index.
 			$menu_hook = get_plugin_page_hook($submenu[$item[2]][0][2], $item[2]);
-			if ( ( ('index.php' != $submenu[$item[2]][0][2]) && file_exists(WP_PLUGIN_DIR . "/{$submenu[$item[2]][0][2]}") ) || !empty($menu_hook)) {
+			$menu_file = $submenu[$item[2]][0][2];
+			if ( false !== $pos = strpos($menu_file, '?') )
+				$menu_file = substr($menu_file, 0, $pos);
+			if ( ( ('index.php' != $submenu[$item[2]][0][2]) && file_exists(WP_PLUGIN_DIR . "/$menu_file") ) || !empty($menu_hook)) {
 				$admin_is_parent = true;
 				echo "<div class='wp-menu-image'><a href='admin.php?page={$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
 			} else {
@@ -82,7 +85,10 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 			}
 		} else if ( current_user_can($item[1]) ) {
 			$menu_hook = get_plugin_page_hook($item[2], 'admin.php');
-			if ( ('index.php' != $item[2]) && file_exists(WP_PLUGIN_DIR . "/{$item[2]}") || !empty($menu_hook) ) {
+			$menu_file = $item[2];
+			if ( false !== $pos = strpos($menu_file, '?') )
+				$menu_file = substr($menu_file, 0, $pos);
+			if ( ('index.php' != $item[2]) && file_exists(WP_PLUGIN_DIR . "/$menu_file") || !empty($menu_hook) ) {
 				$admin_is_parent = true;
 				echo "\n\t<div class='wp-menu-image'><a href='admin.php?page={$item[2]}'>$img</a></div>$toggle<a href='admin.php?page={$item[2]}'$class$tabindex>{$item[0]}</a>";
 			} else {
@@ -102,22 +108,31 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 					$class[] = 'wp-first-item';
 					$first = false;
 				}
+
+				$menu_file = $item[2];
+				if ( false !== $pos = strpos($menu_file, '?') )
+					$menu_file = substr($menu_file, 0, $pos);
+
 				if ( isset($submenu_file) ) {
 					if ( $submenu_file == $sub_item[2] )
 						$class[] = 'current';
 				// If plugin_page is set the parent must either match the current page or not physically exist.
 				// This allows plugin pages with the same hook to exist under different parents.
-				} else if ( (isset($plugin_page) && $plugin_page == $sub_item[2] && (!file_exists($item[2]) || ($item[2] == $self))) || (!isset($plugin_page) && $self == $sub_item[2]) ) {
+				} else if ( (isset($plugin_page) && $plugin_page == $sub_item[2] && (!file_exists($menu_file) || ($item[2] == $self))) || (!isset($plugin_page) && $self == $sub_item[2]) ) {
 					$class[] = 'current';
 				}

 				$class = $class ? ' class="' . join( ' ', $class ) . '"' : '';

 				$menu_hook = get_plugin_page_hook($sub_item[2], $item[2]);
+				$sub_file = $sub_item[2];
+				if ( false !== $pos = strpos($sub_file, '?') )
+					$sub_file = substr($sub_file, 0, $pos);

-				if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") ) || ! empty($menu_hook) ) {
+				if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/$sub_file") ) || ! empty($menu_hook) ) {
 					// If admin.php is the current page or if the parent exists as a file in the plugins or admin dir
-					$parent_exists = (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/{$item[2]}") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}") ) || file_exists($item[2]);
+					
+					$parent_exists = (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/$menu_file") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}") ) || file_exists($menu_file);
 					if ( $parent_exists )
 						echo "<li$class><a href='{$item[2]}?page={$sub_item[2]}'$class$tabindex>{$sub_item[0]}</a></li>";
 					elseif ( 'admin.php' == $pagenow || !$parent_exists )
--- a/wp-admin/options-discussion.php
+++ b/wp-admin/options-discussion.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Discussion Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/options-general.php
+++ b/wp-admin/options-general.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('./admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('General Settings');
 $parent_file = 'options-general.php';
 /* translators: date and time format for exact current time, mainly about timezones, see http://php.net/date */
@@ -157,7 +160,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 <span class="description"><?php _e('Choose a city in the same timezone as you.'); ?></span>
 <br />
 <span>
-<?php if (get_option('timezone_string')) : ?>
+<?php if ($tzstring) : ?>
 	<?php
 	$now = localtime(time(),true);
 	if ($now['tm_isdst']) _e('This timezone is currently in daylight savings time.');
@@ -165,11 +168,11 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 	?>
 	<br />
 	<?php
-	if (function_exists('timezone_transitions_get') && $tzstring) {
+	if (function_exists('timezone_transitions_get')) {
 		$dateTimeZoneSelected = new DateTimeZone($tzstring);
 		foreach (timezone_transitions_get($dateTimeZoneSelected) as $tr) {
 			if ($tr['ts'] > time()) {
-			    	$found = true;
+			    $found = true;
 				break;
 			}
 		}
@@ -179,10 +182,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 			$message = $tr['isdst'] ?
 				__('Daylight savings time begins on: <code>%s</code>.') :
 				__('Standard time begins  on: <code>%s</code>.');
-			$tz = new DateTimeZone($tzstring);
-			$d = new DateTime( "@{$tr['ts']}" );
-			$d->setTimezone($tz);
-			printf( $message, date_i18n(get_option('date_format').' '.get_option('time_format'), $d->format('U') ) );
+			printf( $message, date_i18n(get_option('date_format').' '.get_option('time_format'), $tr['ts'] ) );
 		} else {
 			_e('This timezone does not observe daylight savings time.');
 		}
--- a/wp-admin/options-media.php
+++ b/wp-admin/options-media.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Media Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/options-misc.php
+++ b/wp-admin/options-misc.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Miscellaneous Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/options-permalink.php
+++ b/wp-admin/options-permalink.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Permalink Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/options-privacy.php
+++ b/wp-admin/options-privacy.php
@@ -9,6 +9,9 @@
 /** Load WordPress Administration Bootstrap */
 require_once('./admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Privacy Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/options-reading.php
+++ b/wp-admin/options-reading.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Reading Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/options-writing.php
+++ b/wp-admin/options-writing.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Writing Settings');
 $parent_file = 'options-general.php';

--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -98,11 +98,7 @@ case 'edit':

 	if ( current_user_can('edit_page', $page_ID) ) {
 		if ( $last = wp_check_post_lock( $post->ID ) ) {
-			$last_user = get_userdata( $last );
-			$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-			$message = sprintf( __( 'Warning: %s is currently editing this page' ), esc_html( $last_user_name ) );
-			$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-			add_action('admin_notices', create_function( '', "echo '$message';" ) );
+			add_action('admin_notices', '_admin_notice_post_locked' );
 		} else {
 			wp_set_post_lock( $post->ID );
 			wp_enqueue_script('autosave');
--- a/wp-admin/plugin-editor.php
+++ b/wp-admin/plugin-editor.php
@@ -83,9 +83,6 @@ default:
 		exit;
 	}

-	if ( use_codepress() )
-		wp_enqueue_script( 'codepress' );
-
 	// List of allowable extensions
 	$editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include');
 	$editable_extensions = (array) apply_filters('editable_extensions', $editable_extensions);
@@ -111,12 +108,14 @@ default:
 	if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) {
 		$functions = wp_doc_link_parse( $content );

-		$docs_select = '<select name="docs-list" id="docs-list">';
-		$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
-		foreach ( $functions as $function) {
-			$docs_select .= '<option value="' . esc_attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
+		if ( !empty($functions) ) {
+			$docs_select = '<select name="docs-list" id="docs-list">';
+			$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
+			foreach ( $functions as $function) {
+				$docs_select .= '<option value="' . esc_attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
+			}
+			$docs_select .= '</select>';
 		}
-		$docs_select .= '</select>';
 	}

 	$content = htmlspecialchars( $content );
@@ -136,8 +135,25 @@ default:
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title ); ?></h2>
-<div class="bordertitle">
-	<form id="themeselector" action="plugin-editor.php" method="post">
+
+<div class="fileedit-sub">
+<div class="alignleft">
+<big><?php
+	if ( is_plugin_active($plugin) ) {
+		if ( is_writeable($real_file) )
+			echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);
+		else
+			echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);
+	} else {
+		if ( is_writeable($real_file) )
+			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);
+		else
+			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);
+	}
+	?></big>
+</div>
+<div class="alignright">
+	<form action="plugin-editor.php" method="post">
 		<strong><label for="plugin"><?php _e('Select plugin to edit:'); ?> </label></strong>
 		<select name="plugin" id="plugin">
 <?php
@@ -156,27 +172,11 @@ default:
 		<input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" />
 	</form>
 </div>
-<div class="tablenav">
-<div class="alignleft">
-<big><?php
-	if ( is_plugin_active($plugin) ) {
-		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);
-		else
-			echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);
-	} else {
-		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);
-		else
-			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);
-	}
-	?></big>
-</div>
 <br class="clear" />
 </div>
-<br class="clear" />
-	<div id="templateside">
-	<h3 id="bordertitle"><?php _e('Plugin Files'); ?></h3>
+
+<div id="templateside">
+	<h3><?php _e('Plugin Files'); ?></h3>

 	<ul>
 <?php
@@ -195,15 +195,15 @@ foreach ( $plugin_files as $plugin_file ) :
 		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&amp;plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li>
 <?php endforeach; ?>
 	</ul>
-	</div>
-	<form name="template" id="template" action="plugin-editor.php" method="post">
+</div>
+<form name="template" id="template" action="plugin-editor.php" method="post">
 	<?php wp_nonce_field('edit-plugin_' . $file) ?>
 		<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
 		<input type="hidden" name="action" value="update" />
 		<input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" />
 		<input type="hidden" name="plugin" value="<?php echo esc_attr($plugin) ?>" />
 		</div>
-		<?php if ( isset( $functions ) ) : ?>
+		<?php if ( !empty( $docs_select ) ) : ?>
 		<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php esc_attr_e( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&amp;locale=<?php echo urlencode( get_locale() ) ?>&amp;version=<?php echo urlencode( $wp_version ) ?>&amp;redirect=true'); }" /></div>
 		<?php endif; ?>
 <?php if ( is_writeable($real_file) ) : ?>
@@ -221,10 +221,10 @@ foreach ( $plugin_files as $plugin_file ) :
 <?php else : ?>
 	<p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="http://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
 <?php endif; ?>
- </form>
-<div class="clear"> &nbsp; </div>
+</form>
+<br class="clear" />
 </div>
 <?php
 	break;
 }
-include("admin-footer.php") ?>
+include("admin-footer.php");
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( ! current_user_can('activate_plugins') )
+	wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
+
 if ( isset($_POST['clear-recent-list']) )
 	$action = 'clear-recent-list';
 elseif ( !empty($_REQUEST['action']) )
@@ -37,6 +40,9 @@ $_SERVER['REQUEST_URI'] = remove_query_arg(array('error', 'deleted', 'activate',
 if ( !empty($action) ) {
 	switch ( $action ) {
 		case 'activate':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+
 			check_admin_referer('activate-plugin_' . $plugin);

 			$result = activate_plugin($plugin, 'plugins.php?error=true&plugin=' . $plugin);
@@ -53,6 +59,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'activate-selected':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+			
 			check_admin_referer('bulk-manage-plugins');

 			$plugins = (array) $_POST['checked'];
@@ -75,6 +84,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'error_scrape':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+
 			check_admin_referer('plugin-activation-error_' . $plugin);

 			$valid = validate_plugin($plugin);
@@ -88,6 +100,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'deactivate':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
+
 			check_admin_referer('deactivate-plugin_' . $plugin);
 			deactivate_plugins($plugin);
 			update_option('recently_activated', array($plugin => time()) + (array)get_option('recently_activated'));
@@ -95,6 +110,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'deactivate-selected':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
+
 			check_admin_referer('bulk-manage-plugins');

 			$plugins = (array) $_POST['checked'];
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -133,11 +133,7 @@ case 'edit':

 	if ( current_user_can('edit_post', $post_ID) ) {
 		if ( $last = wp_check_post_lock( $post->ID ) ) {
-			$last_user = get_userdata( $last );
-			$last_user_name = $last_user ? $last_user->display_name : __('Somebody');
-			$message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
-			$message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
-			add_action('admin_notices', create_function( '', "echo '$message';" ) );
+			add_action('admin_notices', '_admin_notice_post_locked' );
 		} else {
 			wp_set_post_lock( $post->ID );
 			wp_enqueue_script('autosave');
--- a/wp-admin/press-this.php
+++ b/wp-admin/press-this.php
@@ -91,8 +91,8 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
 }

 // Set Variables
-$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : '';
-$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
+$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : '';
+$selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : '';
 if ( ! empty($selection) ) {
 	$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
 	$selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
@@ -117,7 +117,7 @@ switch ($_REQUEST['ajax']) {
 		<div class="postbox">
 		<h2><label for="embed-code"><?php _e('Embed Code') ?></label></h2>
 		<div class="inside">
-			<textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo format_to_edit($selection, true); ?></textarea>
+			<textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo wp_htmledit_pre( $selection ); ?></textarea>
 			<p id="options"><a href="#" class="select button"><?php _e('Insert Video'); ?></a> <a href="#" class="close button"><?php _e('Cancel'); ?></a></p>
 		</div>
 		</div>
@@ -548,8 +548,8 @@ var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
 			<div id="quicktags"></div>
 			<div class="editor-container">
 				<textarea name="content" id="content" style="width:100%;" class="mceEditor" rows="15">
-					<?php if ($selection) echo wp_richedit_pre(htmlspecialchars_decode($selection)); ?>
-					<?php if ($url) { echo '<p>'; if($selection) _e('via '); echo "<a href='$url'>$title</a>."; echo '</p>'; } ?>
+					<?php if ($selection) echo wp_richedit_pre( $selection ); ?>
+					<?php if ($url) { echo '<p>'; if($selection) _e('via '); printf( "<a href='%s'>%s</a>.", esc_url( $url ), esc_html( $title ) ); echo '</p>'; } ?>
 				</textarea>
 			</div>
 		</div>
--- a/wp-admin/rtl.css
+++ b/wp-admin/rtl.css
@@ -138,6 +138,12 @@ td.available-theme {
 .folded #adminmenu img.wp-menu-image {
 	padding: 7px 6px 0 0;
 }
+#adminmenu a.separator {
+	cursor: e-resize;
+}
+.folded #adminmenu a.separator {
+ 	cursor: w-resize;
+}
 #adminmenu .wp-submenu .wp-submenu-head {
 	padding: 6px 10px 6px 4px;
 }
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -22,8 +22,7 @@ if (empty($theme)) {
 	$theme = get_current_theme();
 } else {
 	$theme = stripslashes($theme);
- }
-
+}

 if ( ! isset($themes[$theme]) )
 	wp_die(__('The requested theme does not exist.'));
@@ -65,8 +64,8 @@ case 'update':
 	}

 	$location = wp_kses_no_null($location);
-	$strip = array('%0d', '%0a');
-	$location = str_replace($strip, '', $location);
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$location = _deep_replace($strip, $location);
 	header("Location: $location");
 	exit();

@@ -77,9 +76,6 @@ default:
 	if ( !current_user_can('edit_themes') )
 		wp_die('<p>'.__('You do not have sufficient permissions to edit themes for this blog.').'</p>');

-	if ( use_codepress() )
-		wp_enqueue_script( 'codepress' );
-
 	require_once('admin-header.php');

 	update_recently_edited($file);
@@ -117,8 +113,13 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title ); ?></h2>
-<div class="bordertitle">
-	<form id="themeselector" action="theme-editor.php" method="post">
+
+<div class="fileedit-sub">
+<div class="alignleft">
+<big><?php echo sprintf($desc_header, $file_show); ?></big>
+</div>
+<div class="alignright">
+	<form action="theme-editor.php" method="post">
 		<strong><label for="theme"><?php _e('Select theme to edit:'); ?> </label></strong>
 		<select name="theme" id="theme">
 <?php
@@ -134,15 +135,11 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
 		<input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" />
 	</form>
 </div>
-<div class="tablenav">
-<div class="alignleft">
-<big><?php echo sprintf($desc_header, $file_show); ?></big>
-</div>
 <br class="clear" />
 </div>
-<br class="clear" />
-	<div id="templateside">
-	<h3 id="bordertitle"><?php _e("Theme Files"); ?></h3>
+
+<div id="templateside">
+	<h3><?php _e("Theme Files"); ?></h3>

 <?php
 if ($allowed_files) :
@@ -193,10 +190,9 @@ if ($allowed_files) :
 	</ul>
 <?php endif; ?>
 </div>
-	<?php
-	if (!$error) {
-	?>
-	<form name="template" id="template" action="theme-editor.php" method="post">
+
+<?php if (!$error) { ?>
+<form name="template" id="template" action="theme-editor.php" method="post">
 	<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
 		 <input type="hidden" name="action" value="update" />
@@ -222,16 +218,16 @@ if ($allowed_files) :
 <p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="http://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
 <?php endif; ?>
 		</div>
-	</form>
-	<?php
+</form>
+<?php
 	} else {
 		echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
 	}
-	?>
-<div class="clear"> &nbsp; </div>
+?>
+<br class="clear" />
 </div>
 <?php
 break;
 }

-include("admin-footer.php") ?>
+include("admin-footer.php");
--- a/wp-admin/themes.php
+++ b/wp-admin/themes.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');

+if ( !current_user_can('switch_themes') )
+	wp_die( __( 'Cheatin&#8217; uh?' ) );
+
 if ( isset($_GET['action']) ) {
 	if ( 'activate' == $_GET['action'] ) {
 		check_admin_referer('switch-theme_' . $_GET['template']);
--- a/wp-admin/update-core.php
+++ b/wp-admin/update-core.php
@@ -14,7 +14,7 @@ if ( ! current_user_can('update_plugins') )

 function list_core_update( $update ) {
 	global $wp_local_package;
-	$version_string = 'en_US' == $update->locale ?
+	$version_string = ('en_US' == $update->locale && 'en_US' == get_locale() ) ?
 			$update->current : sprintf("%s&ndash;<strong>%s</strong>", $update->current, $update->locale);
 	$current = false;
 	if ( !isset($update->response) || 'latest' == $update->response )
@@ -53,6 +53,9 @@ function list_core_update( $update ) {
 	echo '</p>';
 	if ( 'en_US' != $update->locale && ( !isset($wp_local_package) || $wp_local_package != $update->locale ) )
 	    echo '<p class="hint">'.__('This localized version contains both the translation and various other localization fixes. You can skip upgrading if you want to keep your current translation.').'</p>';
+	else if ( 'en_US' == $update->locale && get_locale() != 'en_US' ) {
+	    echo '<p class="hint">'.sprintf( __('You are about to install WordPress %s <strong>in English.</strong> There is a chance this upgrade will break your translation. You may prefer to wait for the localized version to be released.'), $update->current ).'</p>';
+	}
 	echo '</form>';

 }
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -68,13 +68,11 @@ switch ( $step ) :
 		break;
 	case 1:
 		wp_upgrade();
-
-		if ( empty( $_GET['backto'] ) )
-			$backto = __get_option( 'home' ) . '/';
-		else {
-			$backto = stripslashes( urldecode( $_GET['backto'] ) );
+			
+			$backto = empty($_GET['backto']) ? '' : $_GET['backto'] ;
+			$backto = stripslashes( urldecode( $backto ) );
 			$backto = esc_url_raw( $backto  );
-		}
+			$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
 ?>
 <h2><?php _e( 'Upgrade Complete' ); ?></h2>
 	<p><?php _e( 'Your WordPress database has been successfully upgraded!' ); ?></p>
--- a/wp-admin/wp-admin.css
+++ b/wp-admin/wp-admin.css
@@ -437,6 +437,10 @@ a.button-secondary {
 	padding: 2px;
 }

+#timezone_string option {
+	margin-left: 1em;
+}
+
 .approve {
 	display: none;
 }
@@ -2092,12 +2096,6 @@ p.search-box {
 	padding: 0 0 .2em 1px;
 }

-.bordertitle {
-	padding-bottom: 5px;
-	border-bottom-width: 1px;
-	border-bottom-style: solid;
-}
-
 /* Edit posts */

 td.post-title strong, td.plugin-title strong {
@@ -3186,6 +3184,10 @@ table.fixed {
 	overflow: hidden;
 }

+.widefat td p {
+	margin: 2px 0 0.8em;
+}
+
 table .vers,
 table .column-visible,
 table .column-rating {
--- a/wp-app.php
+++ b/wp-app.php
@@ -780,6 +780,7 @@ EOD;
 		}

 		$location = get_post_meta($entry['ID'], '_wp_attached_file', true);
+		$location = get_option ('upload_path') . '/' . $location; 
 		$filetype = wp_check_filetype($location);

 		if(!isset($location) || 'attachment' != $entry['post_type'] || empty($filetype['ext']))
@@ -789,11 +790,19 @@ EOD;
 		header('Content-Type: ' . $entry['post_mime_type']);
 		header('Connection: close');

-		$fp = fopen($location, "rb");
-		while(!feof($fp)) {
-			echo fread($fp, 4096);
+		if ($fp = fopen($location, "rb")) { 
+			status_header('200'); 
+			header('Content-Type: ' . $entry['post_mime_type']); 
+			header('Connection: close');
+
+			while(!feof($fp)) {
+				echo fread($fp, 4096);
+			}
+
+			fclose($fp);
+		} else {
+			status_header ('404');
 		}
-		fclose($fp);

 		log_app('function',"get_file($postID)");
 		exit;
--- a/wp-content/plugins/hello.php
+++ b/wp-content/plugins/hello.php
@@ -2,14 +2,14 @@
 /**
 * @package Hello_Dolly
 * @author Matt Mullenweg
- * @version 1.5
+ * @version 1.5.1
 */
 /*
 Plugin Name: Hello Dolly
 Plugin URI: http://wordpress.org/#
 Description: This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of your admin screen on every page.
 Author: Matt Mullenweg
-Version: 1.5
+Version: 1.5.1
 Author URI: http://ma.tt/
 */

@@ -62,6 +62,9 @@ add_action('admin_footer', 'hello_dolly');

 // We need some CSS to position the paragraph
 function dolly_css() {
+	// This makes sure that the posinioning is also good for right-to-left languages
+	$x = ( 'rtl' == get_bloginfo( 'text_direction' ) ) ? 'left' : 'right';
+
 	echo "
 	<style type='text/css'>
 	#dolly {
@@ -69,7 +72,7 @@ function dolly_css() {
 		top: 4.5em;
 		margin: 0;
 		padding: 0;
-		right: 215px;
+		$x: 215px;
 		font-size: 11px;
 	}
 	</style>
--- a/wp-includes/author-template.php
+++ b/wp-includes/author-template.php
@@ -132,7 +132,7 @@ function the_author_meta($field = '', $user_id = false) {
 */
 function the_author_link() {
 	if ( get_the_author_meta('url') ) {
-		echo '<a href="' . get_the_author_meta('url') . '" title="' . sprintf(__("Visit %s&#8217;s website"), get_the_author()) . '" rel="external">' . get_the_author() . '</a>';
+		echo '<a href="' . get_the_author_meta('url') . '" title="' . esc_attr( sprintf(__("Visit %s&#8217;s website"), get_the_author()) ) . '" rel="external">' . get_the_author() . '</a>';
 	} else {
 		the_author();
 	}
@@ -181,7 +181,7 @@ function the_author_posts_link($deprecated = '') {
 	printf(
 		'<a href="%1$s" title="%2$s">%3$s</a>',
 		get_author_posts_url( $authordata->ID, $authordata->user_nicename ),
-		sprintf( __( 'Posts by %s' ), esc_attr( get_the_author() ) ),
+		esc_attr( sprintf( __( 'Posts by %s' ), get_the_author() ) ),
 		get_the_author()
 	);
 }
@@ -292,7 +292,7 @@ function wp_list_authors($args = '') {
 			if ( ! $hide_empty )
 				$link = $name;
 		} else {
-			$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . sprintf(__("Posts by %s"), esc_attr($author->display_name)) . '">' . $name . '</a>';
+			$link = '<a href="' . get_author_posts_url($author->ID, $author->user_nicename) . '" title="' . esc_attr( sprintf(__("Posts by %s"), $author->display_name) ) . '">' . $name . '</a>';

 			if ( (! empty($feed_image)) || (! empty($feed)) ) {
 				$link .= ' ';
@@ -301,8 +301,8 @@ function wp_list_authors($args = '') {
 				$link .= '<a href="' . get_author_feed_link($author->ID) . '"';

 				if ( !empty($feed) ) {
-					$title = ' title="' . $feed . '"';
-					$alt = ' alt="' . $feed . '"';
+					$title = ' title="' . esc_attr($feed) . '"';
+					$alt = ' alt="' . esc_attr($feed) . '"';
 					$name = $feed;
 					$link .= $title;
 				}
@@ -310,7 +310,7 @@ function wp_list_authors($args = '') {
 				$link .= '>';

 				if ( !empty($feed_image) )
-					$link .= "<img src=\"$feed_image\" style=\"border: none;\"$alt$title" . ' />';
+					$link .= "<img src=\"" . esc_url($feed_image) . "\" style=\"border: none;\"$alt$title" . ' />';
 				else
 					$link .= $name;

--- a/wp-includes/bookmark-template.php
+++ b/wp-includes/bookmark-template.php
@@ -90,7 +90,7 @@ function _walk_bookmarks($bookmarks, $args = '' ) {

 		$rel = $bookmark->link_rel;
 		if ( '' != $rel )
-			$rel = ' rel="' . $rel . '"';
+			$rel = ' rel="' . esc_attr($rel) . '"';

 		$target = $bookmark->link_target;
 		if ( '' != $target )
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -900,6 +900,12 @@ function map_meta_cap( $cap, $user_id ) {
 		else
 			$caps[] = 'read_private_pages';
 		break;
+	case 'unfiltered_upload':
+		if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS == true )
+			$caps[] = $cap;
+		else
+			$caps[] = 'do_not_allow';
+		break;
 	default:
 		// If no meta caps match, return the original cap.
 		$caps[] = $cap;
--- a/wp-includes/category-template.php
+++ b/wp-includes/category-template.php
@@ -68,7 +68,7 @@ function get_category_parents( $id, $link = false, $separator = '/', $nicename =
 	}

 	if ( $link )
-		$chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $parent->cat_name ) . '">'.$name.'</a>' . $separator;
+		$chain .= '<a href="' . get_category_link( $parent->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $parent->cat_name ) ) . '">'.$name.'</a>' . $separator;
 	else
 		$chain .= $name.$separator;
 	return $chain;
@@ -190,17 +190,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
 				case 'multiple':
 					if ( $category->parent )
 						$thelist .= get_category_parents( $category->parent, true, $separator );
-					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a></li>';
+					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a></li>';
 					break;
 				case 'single':
-					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
 					if ( $category->parent )
 						$thelist .= get_category_parents( $category->parent, false, $separator );
 					$thelist .= $category->name.'</a></li>';
 					break;
 				case '':
 				default:
-					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
+					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a></li>';
 			}
 		}
 		$thelist .= '</ul>';
@@ -213,17 +213,17 @@ function get_the_category_list( $separator = '', $parents='', $post_id = false )
 				case 'multiple':
 					if ( $category->parent )
 						$thelist .= get_category_parents( $category->parent, true, $separator );
-					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
+					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->cat_name.'</a>';
 					break;
 				case 'single':
-					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>';
+					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>';
 					if ( $category->parent )
 						$thelist .= get_category_parents( $category->parent, false, $separator );
 					$thelist .= "$category->cat_name</a>";
 					break;
 				case '':
 				default:
-					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . sprintf( __( "View all posts in %s" ), $category->name ) . '" ' . $rel . '>' . $category->name.'</a>';
+					$thelist .= '<a href="' . get_category_link( $category->term_id ) . '" title="' . esc_attr( sprintf( __( "View all posts in %s" ), $category->name ) ) . '" ' . $rel . '>' . $category->name.'</a>';
 			}
 			++$i;
 		}
@@ -352,6 +352,8 @@ function wp_dropdown_categories( $args = '' ) {
 		$tab_index_attribute = " tabindex=\"$tab_index\"";

 	$categories = get_categories( $r );
+	$name = esc_attr($name);
+	$class = esc_attr($class);

 	$output = '';
 	if ( ! empty( $categories ) ) {
--- a/wp-includes/class-simplepie.php
+++ b/wp-includes/class-simplepie.php
@@ -751,21 +751,24 @@ class SimplePie
 	 */
 	function __destruct()
 	{
-		if (!empty($this->data['items']))
+		if ((version_compare(PHP_VERSION, '5.3', '<') || !gc_enabled()) && !ini_get('zend.ze1_compatibility_mode'))
 		{
-			foreach ($this->data['items'] as $item)
+			if (!empty($this->data['items']))
 			{
-				$item->__destruct();
+				foreach ($this->data['items'] as $item)
+				{
+					$item->__destruct();
+				}
+				unset($item, $this->data['items']);
 			}
-			unset($this->data['items']);
-		}
-		if (!empty($this->data['ordered_items']))
-		{
-			foreach ($this->data['ordered_items'] as $item)
+			if (!empty($this->data['ordered_items']))
 			{
-				$item->__destruct();
+				foreach ($this->data['ordered_items'] as $item)
+				{
+					$item->__destruct();
+				}
+				unset($item, $this->data['ordered_items']);
 			}
-			unset($this->data['ordered_items']);
 		}
 	}

@@ -1683,7 +1686,7 @@ function embed_wmedia(width, height, link) {

 				$headers = $file->headers;
 				$data = $file->body;
-				$sniffer = new $this->content_type_sniffer_class($file);
+				$sniffer =& new $this->content_type_sniffer_class($file);
 				$sniffed = $sniffer->get_type();
 			}
 			else
@@ -1961,7 +1964,7 @@ function embed_wmedia(width, height, link) {

 					if ($file->success && ($file->status_code == 200 || ($file->status_code > 206 && $file->status_code < 300)) && strlen($file->body) > 0)
 					{
-						$sniffer = new $this->content_type_sniffer_class($file);
+						$sniffer =& new $this->content_type_sniffer_class($file);
 						if (substr($sniffer->get_type(), 0, 6) === 'image/')
 						{
 							if ($cache->save(array('headers' => $file->headers, 'body' => $file->body)))
@@ -3082,7 +3085,10 @@ class SimplePie_Item
 	 */
 	function __destruct()
 	{
-		unset($this->feed);
+		if ((version_compare(PHP_VERSION, '5.3', '<') || !gc_enabled()) && !ini_get('zend.ze1_compatibility_mode'))
+		{
+			unset($this->feed);
+		}
 	}

 	function get_item_tags($namespace, $tag)
@@ -5682,14 +5688,6 @@ class SimplePie_Source
 		return md5(serialize($this->data));
 	}

-	/**
-	 * Remove items that link back to this before destroying this object
-	 */
-	function __destruct()
-	{
-		unset($this->item);
-	}
-
 	function get_source_tags($namespace, $tag)
 	{
 		if (isset($this->data['child'][$namespace][$tag]))
@@ -7746,7 +7744,7 @@ class SimplePie_File
 								{
 									case 'gzip':
 									case 'x-gzip':
-										$decoder = new SimplePie_gzdecode($this->body);
+										$decoder =& new SimplePie_gzdecode($this->body);
 										if (!$decoder->parse())
 										{
 											$this->error = 'Unable to decode HTTP "gzip" stream';
@@ -8954,23 +8952,12 @@ class SimplePie_Misc

 	function parse_url($url)
 	{
-		static $cache = array();
-		if (isset($cache[$url]))
+		preg_match('/^(([^:\/?#]+):)?(\/\/([^\/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?$/', $url, $match);
+		for ($i = count($match); $i <= 9; $i++)
 		{
-			return $cache[$url];
-		}
-		elseif (preg_match('/^(([^:\/?#]+):)?(\/\/([^\/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?$/', $url, $match))
-		{
-			for ($i = count($match); $i <= 9; $i++)
-			{
-				$match[$i] = '';
-			}
-			return $cache[$url] = array('scheme' => $match[2], 'authority' => $match[4], 'path' => $match[5], 'query' => $match[7], 'fragment' => $match[9]);
-		}
-		else
-		{
-			return $cache[$url] = array('scheme' => '', 'authority' => '', 'path' => '', 'query' => '', 'fragment' => '');
+			$match[$i] = '';
 		}
+		return array('scheme' => $match[2], 'authority' => $match[4], 'path' => $match[5], 'query' => $match[7], 'fragment' => $match[9]);
 	}

 	function compress_parse_url($scheme = '', $authority = '', $path = '', $query = '', $fragment = '')
@@ -10555,7 +10542,7 @@ class SimplePie_Misc
 	 */
 	function entities_decode($data)
 	{
-		$decoder = new SimplePie_Decode_HTML_Entities($data);
+		$decoder =& new SimplePie_Decode_HTML_Entities($data);
 		return $decoder->parse();
 	}

@@ -10809,36 +10796,31 @@ class SimplePie_Misc
 	 */
 	function codepoint_to_utf8($codepoint)
 	{
-		static $cache = array();
 		$codepoint = (int) $codepoint;
-		if (isset($cache[$codepoint]))
+		if ($codepoint < 0)
 		{
-			return $cache[$codepoint];
-		}
-		elseif ($codepoint < 0)
-		{
-			return $cache[$codepoint] = false;
+			return false;
 		}
 		else if ($codepoint <= 0x7f)
 		{
-			return $cache[$codepoint] = chr($codepoint);
+			return chr($codepoint);
 		}
 		else if ($codepoint <= 0x7ff)
 		{
-			return $cache[$codepoint] = chr(0xc0 | ($codepoint >> 6)) . chr(0x80 | ($codepoint & 0x3f));
+			return chr(0xc0 | ($codepoint >> 6)) . chr(0x80 | ($codepoint & 0x3f));
 		}
 		else if ($codepoint <= 0xffff)
 		{
-			return $cache[$codepoint] = chr(0xe0 | ($codepoint >> 12)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
+			return chr(0xe0 | ($codepoint >> 12)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
 		}
 		else if ($codepoint <= 0x10ffff)
 		{
-			return $cache[$codepoint] = chr(0xf0 | ($codepoint >> 18)) . chr(0x80 | (($codepoint >> 12) & 0x3f)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
+			return chr(0xf0 | ($codepoint >> 18)) . chr(0x80 | (($codepoint >> 12) & 0x3f)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
 		}
 		else
 		{
 			// U+FFFD REPLACEMENT CHARACTER
-			return $cache[$codepoint] = "\xEF\xBF\xBD";
+			return "\xEF\xBF\xBD";
 		}
 	}

@@ -10956,7 +10938,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x00\x00\x00\x3F\x00\x00\x00\x3E"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32BE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32BE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -10969,7 +10951,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x3F\x00\x00\x00\x3E\x00\x00\x00"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32LE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32LE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -10982,7 +10964,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x00\x3F\x00\x3E"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16BE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16BE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -10995,7 +10977,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x3F\x00\x3E\x00"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16LE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16LE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -11008,7 +10990,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x3F\x3E"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
+				$parser =& new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -11734,20 +11716,7 @@ class SimplePie_Parse_Date
 		static $cache;
 		if (!isset($cache[get_class($this)]))
 		{
-			if (extension_loaded('Reflection'))
-			{
-				$class = new ReflectionClass(get_class($this));
-				$methods = $class->getMethods();
-				$all_methods = array();
-				foreach ($methods as $method)
-				{
-					$all_methods[] = $method->getName();
-				}
-			}
-			else
-			{
-				$all_methods = get_class_methods($this);
-			}
+			$all_methods = get_class_methods($this);

 			foreach ($all_methods as $method)
 			{
@@ -11774,7 +11743,7 @@ class SimplePie_Parse_Date
 		static $object;
 		if (!$object)
 		{
-			$object = new SimplePie_Parse_Date;
+			$object =& new SimplePie_Parse_Date;
 		}
 		return $object;
 	}
@@ -12809,7 +12778,7 @@ class SimplePie_Locator

 		if ($this->file->method & SIMPLEPIE_FILE_SOURCE_REMOTE)
 		{
-			$sniffer = new $this->content_type_sniffer_class($this->file);
+			$sniffer =& new $this->content_type_sniffer_class($this->file);
 			if ($sniffer->get_type() !== 'text/html')
 			{
 				return null;
@@ -12855,7 +12824,7 @@ class SimplePie_Locator
 	{
 		if ($file->method & SIMPLEPIE_FILE_SOURCE_REMOTE)
 		{
-			$sniffer = new $this->content_type_sniffer_class($file);
+			$sniffer =& new $this->content_type_sniffer_class($file);
 			$sniffed = $sniffer->get_type();
 			if (in_array($sniffed, array('application/rss+xml', 'application/rdf+xml', 'text/rdf', 'application/atom+xml', 'text/xml', 'application/xml')))
 			{
@@ -13083,7 +13052,7 @@ class SimplePie_Parser

 		if (substr($data, 0, 5) === '<?xml' && strspn(substr($data, 5, 1), "\x09\x0A\x0D\x20") && ($pos = strpos($data, '?>')) !== false)
 		{
-			$declaration = new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
+			$declaration =& new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
 			if ($declaration->parse())
 			{
 				$data = substr($data, $pos + 2);
@@ -13669,4 +13638,4 @@ class SimplePie_Sanitize
 	}
 }

-?>
+?>
--- a/wp-includes/classes.php
+++ b/wp-includes/classes.php
@@ -214,9 +214,9 @@ class WP {

 					// Trim the query of everything up to the '?'.
 					$query = preg_replace("!^.+\?!", '', $query);
-
+										
 					// Substitute the substring matches into the query.
-					eval("@\$query = \"" . addslashes($query) . "\";");
+					$query = addslashes(WP_MatchesMapRegex::apply($query, $matches));

 					$this->matched_query = $query;

@@ -1592,4 +1592,94 @@ class WP_Ajax_Response {
 	}
 }

+/**
+ * Helper class to remove the need to use eval to replace $matches[] in query strings.
+ * 
+ * @since 2.9.0
+ */
+class WP_MatchesMapRegex {
+	/**
+	 * store for matches
+	 * 
+	 * @access private
+	 * @var array
+	 */
+	var $_matches;
+	
+	/**
+	 * store for mapping result
+	 * 
+	 * @access public
+	 * @var string
+	 */
+	var $output;
+	
+	/**
+	 * subject to perform mapping on (query string containing $matches[] references
+	 * 
+	 * @access private
+	 * @var string
+	 */
+	var $_subject;
+	
+	/**
+	 * regexp pattern to match $matches[] references 
+	 * 
+	 * @var string
+	 */
+	var $_pattern = '(\$matches\[[1-9]+[0-9]*\])'; // magic number
+	
+	/**
+	 * constructor
+	 * 
+	 * @param string $subject subject if regex
+	 * @param array  $matches data to use in map
+	 * @return self
+	 */						
+	function WP_MatchesMapRegex($subject, $matches) {
+		$this->_subject = $subject;
+		$this->_matches = $matches;
+		$this->output = $this->_map();				
+	}
+	
+	/**
+	 * Substitute substring matches in subject.
+	 * 
+	 * static helper function to ease use
+	 * 
+	 * @access public
+	 * @param string $subject subject
+	 * @param array  $matches data used for subsitution
+	 * @return string
+	 */
+	function apply($subject, $matches) {
+		$oSelf =& new WP_MatchesMapRegex($subject, $matches);
+		return $oSelf->output;																
+	}
+	
+	/**
+	 * do the actual mapping 
+	 * 
+	 * @access private
+	 * @return string
+	 */
+	function _map() {
+		$callback = array(&$this, 'callback');
+		return preg_replace_callback($this->_pattern, $callback, $this->_subject);
+	}
+	
+	/**
+	 * preg_replace_callback hook
+	 * 
+	 * @access public
+	 * @param  array $matches preg_replace regexp matches
+	 * @return string
+	 */
+	function callback($matches) {
+		$index = intval(substr($matches[0], 9, -1));
+		return ( isset( $this->_matches[$index] ) ? $this->_matches[$index] : '' );
+	}
+	
+}
+
 ?>
--- a/wp-includes/comment-template.php
+++ b/wp-includes/comment-template.php
@@ -194,6 +194,7 @@ function comment_author_IP() {
 function get_comment_author_url() {
 	global $comment;
 	$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
+	$url = esc_url( $url, array('http', 'https') );
 	return apply_filters('get_comment_author_url', $url);
 }

@@ -337,6 +338,8 @@ function get_comment_class( $class = '', $comment_id = null, $post_id = null ) {
 		$classes = array_merge($classes, $class);
 	}

+	$classes = array_map('esc_attr', $classes);
+
 	return apply_filters('comment_class', $classes, $class, $comment_id, $post_id);
 }

@@ -817,8 +820,28 @@ function comments_template( $file = '/comments.php', $separate_comments = false
 		$file = '/comments.php';

 	$req = get_option('require_name_email');
+
+	/**
+	 * Comment author information fetched from the comment cookies.
+	 *
+	 * @uses wp_get_current_commenter()
+	 */
 	$commenter = wp_get_current_commenter();
-	extract($commenter, EXTR_SKIP);
+
+	/**
+	 * The name of the current comment author escaped for use in attributes.
+	 */
+	$comment_author = $commenter['comment_author']; // Escaped by sanitize_comment_cookies()
+
+	/**
+	 * The email address of the current comment author escaped for use in attributes.
+	 */	
+	$comment_author_email = $commenter['comment_author_email'];  // Escaped by sanitize_comment_cookies()
+
+	/**
+	 * The url of the current comment author escaped for use in attributes.
+	 */	
+	$comment_author_url = esc_url($commenter['comment_author_url']);

 	/** @todo Use API instead of SELECTs. */
 	if ( $user_ID) {
@@ -919,7 +942,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c
 	$number = get_comments_number( $id );

 	if ( 0 == $number && !comments_open() && !pings_open() ) {
-		echo '<span' . ((!empty($css_class)) ? ' class="' . $css_class . '"' : '') . '>' . $none . '</span>';
+		echo '<span' . ((!empty($css_class)) ? ' class="' . esc_attr( $css_class ) . '"' : '') . '>' . $none . '</span>';
 		return;
 	}

@@ -951,7 +974,7 @@ function comments_popup_link( $zero = false, $one = false, $more = false, $css_c

 	echo apply_filters( 'comments_popup_link_attributes', '' );

-	echo ' title="' . sprintf( __('Comment on %s'), $title ) . '">';
+	echo ' title="' . esc_attr( sprintf( __('Comment on %s'), $title ) ) . '">';
 	comments_number( $zero, $one, $more, $number );
 	echo '</a>';
 }
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -1324,6 +1324,9 @@ function do_all_pings() {
 	if ( is_array($trackbacks) )
 		foreach ( $trackbacks as $trackback )
 			do_trackbacks($trackback);
+
+	//Do Update Services/Generic Pings
+	generic_ping();
 }

 /**
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@@ -186,7 +186,6 @@ add_action('do_feed_rss', 'do_feed_rss', 10, 1);
 add_action('do_feed_rss2', 'do_feed_rss2', 10, 1);
 add_action('do_feed_atom', 'do_feed_atom', 10, 1);
 add_action('do_pings', 'do_all_pings', 10, 1);
-add_action('do_generic_ping', 'generic_ping', 10, 1);
 add_action('do_robots', 'do_robots');
 add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 add_action('admin_print_scripts', 'print_head_scripts', 20);
--- a/wp-includes/default-widgets.php
+++ b/wp-includes/default-widgets.php
@@ -526,8 +526,10 @@ class WP_Widget_Recent_Posts extends WP_Widget {
 		if ( !is_array($cache) )
 			$cache = array();

-		if ( isset($cache[$args['widget_id']]) )
-			return $cache[$args['widget_id']];
+		if ( isset($cache[$args['widget_id']]) ) {
+			echo $cache[$args['widget_id']];
+			return;
+		}

 		ob_start();
 		extract($args);
@@ -710,7 +712,7 @@ class WP_Widget_RSS extends WP_Widget {
 		if ( ! is_wp_error($rss) ) {
 			$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
 			if ( empty($title) )
-				$title = htmlentities(strip_tags($rss->get_title()));
+				$title = esc_html(strip_tags($rss->get_title()));
 			$link = esc_url(strip_tags($rss->get_permalink()));
 			while ( stristr($link, 'http') != $link )
 				$link = substr($link, 1);
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -80,8 +80,8 @@ function wptexturize($text) {
 }

 function wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') {
-	$o = preg_quote($opening);
-	$c = preg_quote($closing);
+	$o = preg_quote($opening, '/');
+	$c = preg_quote($closing, '/');
 	foreach($disabled_elements as $element) {
 		if (preg_match('/^'.$o.$element.'\b/', $text)) array_push($stack, $element);
 		if (preg_match('/^'.$o.'\/'.$element.$c.'/', $text)) {
@@ -600,11 +600,44 @@ function remove_accents($string) {
 */
 function sanitize_file_name( $filename ) {
 	$filename_raw = $filename;
-	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
+	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
 	$special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
 	$filename = str_replace($special_chars, '', $filename);
 	$filename = preg_replace('/[\s-]+/', '-', $filename);
 	$filename = trim($filename, '.-_');
+
+	// Split the filename into a base and extension[s]
+	$parts = explode('.', $filename);
+
+	// Return if only one extension
+	if ( count($parts) <= 2 )
+		return apply_filters('sanitize_file_name', $filename, $filename_raw);
+
+	// Process multiple extensions
+	$filename = array_shift($parts);
+	$extension = array_pop($parts);
+	$mimes = get_allowed_mime_types();
+
+	// Loop over any intermediate extensions.  Munge them with a trailing underscore if they are a 2 - 5 character
+	// long alpha string not in the extension whitelist.
+	foreach ( (array) $parts as $part) {
+		$filename .= '.' . $part;
+		
+		if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
+			$allowed = false;
+			foreach ( $mimes as $ext_preg => $mime_match ) {
+				$ext_preg = '!(^' . $ext_preg . ')$!i';
+				if ( preg_match( $ext_preg, $part ) ) {
+					$allowed = true;
+					break;
+				}
+			}
+			if ( !$allowed )
+				$filename .= '_';
+		}
+	}
+	$filename .= '.' . $extension;
+
 	return apply_filters('sanitize_file_name', $filename, $filename_raw);
 }

@@ -1452,18 +1485,20 @@ function wp_iso_descrambler($string) {
 * Returns a date in the GMT equivalent.
 *
 * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
- * value of the 'gmt_offset' option.
+ * value of the 'gmt_offset' option. Return format can be overridden using the
+ * $format parameter
 *
 * @since 1.2.0
 *
 * @uses get_option() to retrieve the the value of 'gmt_offset'.
 * @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
 * @return string GMT version of the date provided.
 */
-function get_gmt_from_date($string) {
+function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
 	preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
 	$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
-	$string_gmt = gmdate('Y-m-d H:i:s', $string_time - get_option('gmt_offset') * 3600);
+	$string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * 3600);
 	return $string_gmt;
 }

@@ -1471,17 +1506,18 @@ function get_gmt_from_date($string) {
 * Converts a GMT date into the correct format for the blog.
 *
 * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
- * gmt_offset.
+ * gmt_offset.Return format can be overridden using the $format parameter
 *
 * @since 1.2.0
 *
 * @param string $string The date to be converted.
+ * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
 * @return string Formatted date relative to the GMT offset.
 */
-function get_date_from_gmt($string) {
+function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
 	preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
 	$string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
-	$string_localtime = gmdate('Y-m-d H:i:s', $string_time + get_option('gmt_offset')*3600);
+	$string_localtime = gmdate($format, $string_time + get_option('gmt_offset')*3600);
 	return $string_localtime;
 }

@@ -2042,8 +2078,8 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {

 	if ('' == $url) return $url;
 	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
-	$strip = array('%0d', '%0a');
-	$url = str_replace($strip, '', $url);
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$url = _deep_replace($strip, $url);
 	$url = str_replace(';//', '://', $url);
 	/* If the URL doesn't appear to contain a scheme, we
 	 * presume it needs http:// appended (unless a relative
@@ -2067,6 +2103,35 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
 	return apply_filters('clean_url', $url, $original_url, $context);
 }

+/**
+ * Perform a deep string replace operation to ensure the values in $search are no longer present
+ * 
+ * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
+ * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
+ * str_replace would return
+ * 
+ * @since 2.8.1
+ * @access private
+ * 
+ * @param string|array $search
+ * @param string $subject
+ * @return string The processed string
+ */
+function _deep_replace($search, $subject){
+	$found = true;
+	while($found) {
+		$found = false;
+		foreach( (array) $search as $val ) {
+			while(strpos($subject, $val) !== false) {
+				$found = true;
+				$subject = str_replace($val, '', $subject);
+			}
+		}
+	}
+	
+	return $subject;
+}
+
 /**
 * Escapes data for use in a MySQL query
 *
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -2226,8 +2226,36 @@ function wp_ext2type( $ext ) {
 * @return array Values with extension first and mime type.
 */
 function wp_check_filetype( $filename, $mimes = null ) {
-	// Accepted MIME types are set here as PCRE unless provided.
-	$mimes = ( is_array( $mimes ) ) ? $mimes : apply_filters( 'upload_mimes', array(
+	if ( empty($mimes) )
+		$mimes = get_allowed_mime_types();
+	$type = false;
+	$ext = false;
+
+	foreach ( $mimes as $ext_preg => $mime_match ) {
+		$ext_preg = '!\.(' . $ext_preg . ')$!i';
+		if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
+			$type = $mime_match;
+			$ext = $ext_matches[1];
+			break;
+		}
+	}
+
+	return compact( 'ext', 'type' );
+}
+
+/**
+ * Retrieve list of allowed mime types and file extensions.
+ *
+ * @since 2.8.6
+ *
+ * @return array Array of mime types keyed by the file extension regex corresponding to those types.
+ */
+function get_allowed_mime_types() {
+	static $mimes = false;
+
+	if ( !$mimes ) {
+		// Accepted MIME types are set here as PCRE unless provided.
+		$mimes = apply_filters( 'upload_mimes', array(
 		'jpg|jpeg|jpe' => 'image/jpeg',
 		'gif' => 'image/gif',
 		'png' => 'image/png',
@@ -2273,22 +2301,10 @@ function wp_check_filetype( $filename, $mimes = null ) {
 		'odc' => 'application/vnd.oasis.opendocument.chart',
 		'odb' => 'application/vnd.oasis.opendocument.database',
 		'odf' => 'application/vnd.oasis.opendocument.formula',
-		)
-	);
-
-	$type = false;
-	$ext = false;
-
-	foreach ( $mimes as $ext_preg => $mime_match ) {
-		$ext_preg = '!\.(' . $ext_preg . ')$!i';
-		if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
-			$type = $mime_match;
-			$ext = $ext_matches[1];
-			break;
-		}
+		) );
 	}

-	return compact( 'ext', 'type' );
+	return $mimes;
 }

 /**
@@ -2682,7 +2698,7 @@ function smilies_init() {
 		} else {
 			$wp_smiliessearch .= '|';
 		}
-		$wp_smiliessearch .= preg_quote($rest);
+		$wp_smiliessearch .= preg_quote($rest, '/');
 	}

 	$wp_smiliessearch .= ')(?:\s|$)/m';
@@ -3149,128 +3165,183 @@ function update_site_option( $key, $value ) {
 * Overrides the gmt_offset option if we have a timezone_string available
 */
 function wp_timezone_override_offset() {
-	if (!wp_timezone_supported()) return false;
+	if ( !wp_timezone_supported() ) {
+		return false;
+	}
+	if ( !$timezone_string = get_option( 'timezone_string' ) ) {
+		return false;
+	}

-	$tz = get_option('timezone_string');
-	if (empty($tz)) return false;
-
-	@date_default_timezone_set($tz);
-
-	$dateTimeZoneSelected = timezone_open($tz);
-	$dateTimeServer = date_create();
-	if ($dateTimeZoneSelected === false || $dateTimeServer === false) return false;
-
-	$timeOffset = timezone_offset_get($dateTimeZoneSelected, $dateTimeServer);
-	$timeOffset = $timeOffset / 3600;
-
-	return $timeOffset;
+	@date_default_timezone_set( $timezone_string );
+	$timezone_object = timezone_open( $timezone_string );
+	$datetime_object = date_create();
+	if ( false === $timezone_object || false === $datetime_object ) {
+		return false;
+	}
+	return round( timezone_offset_get( $timezone_object, $datetime_object ) / 3600, 2 );
 }

 /**
 * Check for PHP timezone support
- *
 */
 function wp_timezone_supported() {
-	if (function_exists('date_default_timezone_set')
-		&& function_exists('timezone_identifiers_list')
-		&& function_exists('timezone_open')
-		&& function_exists('timezone_offset_get')
-		)
-		return apply_filters('timezone_support',true);
+	$support = false;
+	if (
+		function_exists( 'date_default_timezone_set' ) &&
+		function_exists( 'timezone_identifiers_list' ) &&
+		function_exists( 'timezone_open' ) &&
+		function_exists( 'timezone_offset_get' )
+	) {
+		$support = true;
+	}
+	return apply_filters( 'timezone_support', $support );
+}

-	return apply_filters('timezone_support',false);
+function _wp_timezone_choice_usort_callback( $a, $b ) {
+	// Don't use translated versions of Etc
+	if ( 'Etc' === $a['continent'] && 'Etc' === $b['continent'] ) {
+		// Make the order of these more like the old dropdown
+		if ( 'GMT+' === substr( $a['city'], 0, 4 ) && 'GMT+' === substr( $b['city'], 0, 4 ) ) {
+			return -1 * ( strnatcasecmp( $a['city'], $b['city'] ) );
+		}
+		if ( 'UTC' === $a['city'] ) {
+			if ( 'GMT+' === substr( $b['city'], 0, 4 ) ) {
+				return 1;
+			}
+			return -1;
+		}
+		if ( 'UTC' === $b['city'] ) {
+			if ( 'GMT+' === substr( $a['city'], 0, 4 ) ) {
+				return -1;
+			}
+			return 1;
+		}
+		return strnatcasecmp( $a['city'], $b['city'] );
+	}
+	if ( $a['t_continent'] == $b['t_continent'] ) {
+		if ( $a['t_city'] == $b['t_city'] ) {
+			return strnatcasecmp( $a['t_subcity'], $b['t_subcity'] );
+		}
+		return strnatcasecmp( $a['t_city'], $b['t_city'] );
+	} else {
+		// Force Etc to the bottom of the list
+		if ( 'Etc' === $a['continent'] ) {
+			return 1;
+		}
+		if ( 'Etc' === $b['continent'] ) {
+			return -1;
+		}
+		return strnatcasecmp( $a['t_continent'], $b['t_continent'] );
+	}
 }

 /**
 * Gives a nicely formatted list of timezone strings // temporary! Not in final
 *
- * @param string $selectedzone - which zone should be the selected one
+ * @param $selected_zone string Selected Zone
 *
 */
-function wp_timezone_choice($selectedzone) {
+function wp_timezone_choice( $selected_zone ) {
 	static $mo_loaded = false;

-	$continents = array('Africa', 'America', 'Antarctica', 'Arctic', 'Asia', 'Atlantic', 'Australia', 'Europe', 'Indian', 'Pacific', 'Etc');
+	$continents = array( 'Africa', 'America', 'Antarctica', 'Arctic', 'Asia', 'Atlantic', 'Australia', 'Europe', 'Indian', 'Pacific', 'Etc' );

 	// Load translations for continents and cities
-	if ( ! $mo_loaded ) {
+	if ( !$mo_loaded ) {
 		$locale = get_locale();
-		$mofile = WP_LANG_DIR . "/continents-cities-$locale.mo";
-		load_textdomain('continents-cities', $mofile);
+		$mofile = WP_LANG_DIR . '/continents-cities-' . $locale . '.mo';
+		load_textdomain( 'continents-cities', $mofile );
 		$mo_loaded = true;
 	}

-	$all = timezone_identifiers_list();
-
-	$i = 0;
-	foreach ( $all as $zone ) {
-		$zone = explode('/',$zone);
-		if ( ! in_array($zone[0], $continents) )
+	$zonen = array();
+	foreach ( timezone_identifiers_list() as $zone ) {
+		$zone = explode( '/', $zone );
+		if ( !in_array( $zone[0], $continents ) ) {
 			continue;
-		if ( $zone[0] == 'Etc' && in_array($zone[1], array('UCT', 'GMT', 'GMT0', 'GMT+0', 'GMT-0', 'Greenwich', 'Universal', 'Zulu')) )
+		}
+		if ( 'Etc' === $zone[0] && in_array( $zone[1], array( 'UCT', 'GMT', 'GMT0', 'GMT+0', 'GMT-0', 'Greenwich', 'Universal', 'Zulu' ) ) ) {
 			continue;
-		$zonen[$i]['continent'] = isset($zone[0]) ? $zone[0] : '';
-		$zonen[$i]['city'] = isset($zone[1]) ? $zone[1] : '';
-		$zonen[$i]['subcity'] = isset($zone[2]) ? $zone[2] : '';
-		$i++;
-	}
-
-	usort($zonen, create_function(
-		'$a, $b', '
-		$t = create_function(\'$s\', \'return translate(str_replace("_", " ", $s), "continents-cities");\');
-		$a_continent = $t($a["continent"]);
-		$b_continent = $t($b["continent"]);
-		$a_city = $t($a["city"]);
-		$b_city = $t($b["city"]);
-		$a_subcity = $t($a["subcity"]);
-		$b_subcity = $t($b["subcity"]);
-		if ( $a_continent == $b_continent && $a_city == $b_city )
-			return strnatcasecmp($a_subcity, $b_subcity);
-		elseif ( $a_continent == $b_continent )
-			return strnatcasecmp($a_city, $b_city);
-		else
-			return strnatcasecmp($a_continent, $b_continent);
-		'));
-
-	$structure = '';
-	$pad = '&nbsp;&nbsp;&nbsp;';
-
-	if ( empty($selectedzone) )
-		$structure .= '<option selected="selected" value="">' . __('Select a city') . "</option>\n";
-	foreach ( $zonen as $zone ) {
-		extract($zone);
-		if ( empty($selectcontinent) && !empty($city) ) {
-			$selectcontinent = $continent;
-			$structure .= '<optgroup label="'. esc_attr( translate( $continent, "continents-cities" ) ) .'">' . "\n"; // continent
-		} elseif ( !empty($selectcontinent) && $selectcontinent != $continent ) {
-			$structure .= "</optgroup>\n";
-			$selectcontinent = '';
-			if ( !empty($city) ) {
-				$selectcontinent = $continent;
-				$structure .= '<optgroup label="'. esc_attr( translate( $continent, "continents-cities" ) ) .'">' . "\n"; // continent
-			}
 		}

-		if ( !empty($city) ) {
-			$display = str_replace('_',' ',$city);
-			$display = translate($display, "continents-cities");
-			if ( !empty($subcity) ) {
-				$display_subcity = str_replace('_', ' ', $subcity);
-				$display_subcity = translate($display_subcity, "continents-cities");
-				$city = $city . '/'. $subcity;
-				$display = $display . '/' . $display_subcity;
-			}
-			if ( $continent == 'Etc' )
-				$display = strtr($display, '+-', '-+');
-			$structure .= "\t<option ".((($continent.'/'.$city)==$selectedzone)?'selected="selected"':'')." value=\"".($continent.'/'.$city)."\">$pad".$display."</option>\n"; //Timezone
+		// This determines what gets set and translated - we don't translate Etc/* strings here, they are done later
+		$exists = array(
+			0 => ( isset( $zone[0] ) && $zone[0] ) ? true : false,
+			1 => ( isset( $zone[1] ) && $zone[1] ) ? true : false,
+			2 => ( isset( $zone[2] ) && $zone[2] ) ? true : false
+		);
+		$exists[3] = ( $exists[0] && 'Etc' !== $zone[0] ) ? true : false;
+		$exists[4] = ( $exists[1] && $exists[3] ) ? true : false;
+		$exists[5] = ( $exists[2] && $exists[3] ) ? true : false;
+
+		$zonen[] = array(
+			'continent'   => ( $exists[0] ? $zone[0] : '' ),
+			'city'        => ( $exists[1] ? $zone[1] : '' ),
+			'subcity'     => ( $exists[2] ? $zone[2] : '' ),
+			't_continent' => ( $exists[3] ? translate( str_replace( '_', ' ', $zone[0] ), 'continents-cities' ) : '' ),
+			't_city'      => ( $exists[4] ? translate( str_replace( '_', ' ', $zone[1] ), 'continents-cities' ) : '' ),
+			't_subcity'   => ( $exists[5] ? translate( str_replace( '_', ' ', $zone[2] ), 'continents-cities' ) : '' )
+		);
+	}
+	usort( $zonen, '_wp_timezone_choice_usort_callback' );
+
+	$structure = array();
+
+	if ( empty( $selected_zone ) ) {
+		$structure[] = '<option selected="selected" value="">' . __( 'Select a city' ) . '</option>';
+	}
+
+	foreach ( $zonen as $key => $zone ) {
+		// Build value in an array to join later
+		$value = array( $zone['continent'] );
+
+		if ( empty( $zone['city'] ) ) {
+			// It's at the continent level (generally won't happen)
+			$display = $zone['t_continent'];
 		} else {
-			$structure .= "<option ".(($continent==$selectedzone)?'selected="selected"':'')." value=\"".$continent."\">" . translate($continent, "continents-cities") . "</option>\n"; //Timezone
+			// It's inside a continent group
+			
+			// Continent optgroup
+			if ( !isset( $zonen[$key - 1] ) || $zonen[$key - 1]['continent'] !== $zone['continent'] ) {
+				$label = ( 'Etc' === $zone['continent'] ) ? __( 'Manual offsets' ) : $zone['t_continent'];
+				$structure[] = '<optgroup label="'. esc_attr( $label ) .'">';
+			}
+			
+			// Add the city to the value
+			$value[] = $zone['city'];
+			if ( 'Etc' === $zone['continent'] ) {
+				if ( 'UTC' === $zone['city'] ) {
+					$display = '';
+				} else {
+					$display = str_replace( 'GMT', '', $zone['city'] );
+					$display = strtr( $display, '+-', '-+' ) . ':00';
+				}
+				$display = sprintf( __( 'UTC %s' ), $display );
+			} else {
+				$display = $zone['t_city'];
+				if ( !empty( $zone['subcity'] ) ) {
+					// Add the subcity to the value
+					$value[] = $zone['subcity'];
+					$display .= ' - ' . $zone['t_subcity'];
+				}
+			}
+		}
+
+		// Build the value
+		$value = join( '/', $value );
+		$selected = '';
+		if ( $value === $selected_zone ) {
+			$selected = 'selected="selected" ';
+		}
+		$structure[] = '<option ' . $selected . 'value="' . esc_attr( $value ) . '">' . esc_html( $display ) . "</option>";
+		
+		// Close continent optgroup
+		if ( !empty( $zone['city'] ) && ( !isset($zonen[$key + 1]) || (isset( $zonen[$key + 1] ) && $zonen[$key + 1]['continent'] !== $zone['continent']) ) ) {
+			$structure[] = '</optgroup>';
 		}
 	}

-	if ( !empty($selectcontinent) )
-		$structure .= "</optgroup>\n";
-	return $structure;
+	return join( "\n", $structure );
 }


--- a/wp-includes/functions.wp-styles.php
+++ b/wp-includes/functions.wp-styles.php
@@ -92,7 +92,7 @@ function wp_enqueue_style( $handle, $src = false, $deps = array(), $ver = false,
 */
 function wp_style_is( $handle, $list = 'queue' ) {
 	global $wp_styles;
-	if ( !is_a($wp_styles, 'WP_Scripts') )
+	if ( !is_a($wp_styles, 'WP_Styles') )
 		$wp_styles = new WP_Styles();

 	$query = $wp_styles->query( $handle, $list );
--- a/wp-includes/general-template.php
+++ b/wp-includes/general-template.php
@@ -1023,7 +1023,7 @@ function get_calendar($initial = true) {

 	/* translators: Calendar caption: 1: month name, 2: 4-digit year */
 	$calendar_caption = _x('%1$s %2$s', 'calendar caption');
-	echo '<table id="wp-calendar" summary="' . __('Calendar') . '">
+	echo '<table id="wp-calendar" summary="' . esc_attr__('Calendar') . '">
 	<caption>' . sprintf($calendar_caption, $wp_locale->get_month($thismonth), date('Y', $unixmonth)) . '</caption>
 	<thead>
 	<tr>';
@@ -1036,6 +1036,7 @@ function get_calendar($initial = true) {

 	foreach ( $myweek as $wd ) {
 		$day_name = (true == $initial) ? $wp_locale->get_weekday_initial($wd) : $wp_locale->get_weekday_abbrev($wd);
+		$wd = esc_attr($wd);
 		echo "\n\t\t<th abbr=\"$wd\" scope=\"col\" title=\"$wd\">$day_name</th>";
 	}

@@ -1058,8 +1059,8 @@ function get_calendar($initial = true) {

 	if ( $next ) {
 		echo "\n\t\t".'<td abbr="' . $wp_locale->get_month($next->month) . '" colspan="3" id="next"><a href="' .
-		get_month_link($next->year, $next->month) . '" title="' . sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month),
-			date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' &raquo;</a></td>';
+		get_month_link($next->year, $next->month) . '" title="' . esc_attr( sprintf(__('View posts for %1$s %2$s'), $wp_locale->get_month($next->month) ,
+			date('Y', mktime(0, 0 , 0, $next->month, 1, $next->year))) ) . '">' . $wp_locale->get_month_abbrev($wp_locale->get_month($next->month)) . ' &raquo;</a></td>';
 	} else {
 		echo "\n\t\t".'<td colspan="3" id="next" class="pad">&nbsp;</td>';
 	}
@@ -1116,7 +1117,7 @@ function get_calendar($initial = true) {
 	// See how much we should pad in the beginning
 	$pad = calendar_week_mod(date('w', $unixmonth)-$week_begins);
 	if ( 0 != $pad )
-		echo "\n\t\t".'<td colspan="'.$pad.'" class="pad">&nbsp;</td>';
+		echo "\n\t\t".'<td colspan="'. esc_attr($pad) .'" class="pad">&nbsp;</td>';

 	$daysinmonth = intval(date('t', $unixmonth));
 	for ( $day = 1; $day <= $daysinmonth; ++$day ) {
@@ -1130,7 +1131,7 @@ function get_calendar($initial = true) {
 			echo '<td>';

 		if ( in_array($day, $daywithpost) ) // any posts today?
-				echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"$ak_titles_for_day[$day]\">$day</a>";
+				echo '<a href="' . get_day_link($thisyear, $thismonth, $day) . "\" title=\"" . esc_attr($ak_titles_for_day[$day]) . "\">$day</a>";
 		else
 			echo $day;
 		echo '</td>';
@@ -1141,7 +1142,7 @@ function get_calendar($initial = true) {

 	$pad = 7 - calendar_week_mod(date('w', mktime(0, 0 , 0, $thismonth, $day, $thisyear))-$week_begins);
 	if ( $pad != 0 && $pad != 7 )
-		echo "\n\t\t".'<td class="pad" colspan="'.$pad.'">&nbsp;</td>';
+		echo "\n\t\t".'<td class="pad" colspan="'. esc_attr($pad) .'">&nbsp;</td>';

 	echo "\n\t</tr>\n\t</tbody>\n\t</table>";

--- a/wp-includes/http.php
+++ b/wp-includes/http.php
@@ -73,11 +73,11 @@ class WP_Http {
 	 * Tests all of the objects and returns the object that passes. Also caches
 	 * that object to be used later.
 	 *
-	 * The order for the GET/HEAD requests are HTTP Extension, FSockopen Streams, 
-	 * Fopen, and finally cURL. Whilst Fsockopen has the highest overhead, Its
-	 * used 2nd due to high compatibility with most hosts, The HTTP Extension is
-	 * tested first due to hosts which have it enabled, are likely to work
-	 * correctly with it.
+	 * The order for the GET/HEAD requests are Streams, HTTP Extension, Fopen,
+	 * and finally Fsockopen. fsockopen() is used last, because it has the most
+	 * overhead in its implementation. There isn't any real way around it, since
+	 * redirects have to be supported, much the same way the other transports
+	 * also handle redirects.
 	 *
 	 * There are currently issues with "localhost" not resolving correctly with
 	 * DNS. This may cause an error "failed to open stream: A connection attempt
@@ -98,18 +98,18 @@ class WP_Http {
 			if ( true === WP_Http_ExtHttp::test($args) ) {
 				$working_transport['exthttp'] = new WP_Http_ExtHttp();
 				$blocking_transport[] = &$working_transport['exthttp'];
-			} else if ( true === WP_Http_Fsockopen::test($args) ) {
-				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
-				$blocking_transport[] = &$working_transport['fsockopen'];
+			} else if ( true === WP_Http_Curl::test($args) ) {
+				$working_transport['curl'] = new WP_Http_Curl();
+				$blocking_transport[] = &$working_transport['curl'];
 			} else if ( true === WP_Http_Streams::test($args) ) {
 				$working_transport['streams'] = new WP_Http_Streams();
 				$blocking_transport[] = &$working_transport['streams'];
 			} else if ( true === WP_Http_Fopen::test($args) ) {
 				$working_transport['fopen'] = new WP_Http_Fopen();
 				$blocking_transport[] = &$working_transport['fopen'];
-			} else if ( true === WP_Http_Curl::test($args) ) {
-				$working_transport['curl'] = new WP_Http_Curl();
-				$blocking_transport[] = &$working_transport['curl'];
+			} else if ( true === WP_Http_Fsockopen::test($args) ) {
+				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
+				$blocking_transport[] = &$working_transport['fsockopen'];
 			}

 			foreach ( array('curl', 'streams', 'fopen', 'fsockopen', 'exthttp') as $transport ) {
@@ -149,15 +149,15 @@ class WP_Http {
 			if ( true === WP_Http_ExtHttp::test($args) ) {
 				$working_transport['exthttp'] = new WP_Http_ExtHttp();
 				$blocking_transport[] = &$working_transport['exthttp'];
-			} else if ( true === WP_Http_Fsockopen::test($args) ) {
-				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
-				$blocking_transport[] = &$working_transport['fsockopen'];
-			} else if ( true === WP_Http_Streams::test($args) ) {
-				$working_transport['streams'] = new WP_Http_Streams();
-				$blocking_transport[] = &$working_transport['streams'];
 			} else if ( true === WP_Http_Curl::test($args) ) {
 				$working_transport['curl'] = new WP_Http_Curl();
 				$blocking_transport[] = &$working_transport['curl'];
+			} else if ( true === WP_Http_Streams::test($args) ) {
+				$working_transport['streams'] = new WP_Http_Streams();
+				$blocking_transport[] = &$working_transport['streams'];
+			} else if ( true === WP_Http_Fsockopen::test($args) ) {
+				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
+				$blocking_transport[] = &$working_transport['fsockopen'];
 			}

 			foreach ( array('curl', 'streams', 'fsockopen', 'exthttp') as $transport ) {
@@ -239,7 +239,7 @@ class WP_Http {
 		$arrURL = parse_url($url);

 		if ( $this->block_request( $url ) )
-			return new WP_Error('http_request_failed', 'User has blocked requests through HTTP.');
+			return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.'));

 		// Determine if this is a https call and pass that on to the transport functions
 		// so that we can blacklist the transports that do not support ssl verification
--- a/wp-includes/js/swfupload/plugins/swfupload.speed.js
+++ b/wp-includes/js/swfupload/plugins/swfupload.speed.js
@@ -1,342 +1,342 @@
-/*
-	Speed Plug-in
-	
-	Features:
-		*Adds several properties to the 'file' object indicated upload speed, time left, upload time, etc.
-			- currentSpeed -- String indicating the upload speed, bytes per second
-			- averageSpeed -- Overall average upload speed, bytes per second
-			- movingAverageSpeed -- Speed over averaged over the last several measurements, bytes per second
-			- timeRemaining -- Estimated remaining upload time in seconds
-			- timeElapsed -- Number of seconds passed for this upload
-			- percentUploaded -- Percentage of the file uploaded (0 to 100)
-			- sizeUploaded -- Formatted size uploaded so far, bytes
-		
-		*Adds setting 'moving_average_history_size' for defining the window size used to calculate the moving average speed.
-		
-		*Adds several Formatting functions for formatting that values provided on the file object.
-			- SWFUpload.speed.formatBPS(bps) -- outputs string formatted in the best units (Gbps, Mbps, Kbps, bps)
-			- SWFUpload.speed.formatTime(seconds) -- outputs string formatted in the best units (x Hr y M z S)
-			- SWFUpload.speed.formatSize(bytes) -- outputs string formatted in the best units (w GB x MB y KB z B )
-			- SWFUpload.speed.formatPercent(percent) -- outputs string formatted with a percent sign (x.xx %)
-			- SWFUpload.speed.formatUnits(baseNumber, divisionArray, unitLabelArray, fractionalBoolean)
-				- Formats a number using the division array to determine how to apply the labels in the Label Array
-				- factionalBoolean indicates whether the number should be returned as a single fractional number with a unit (speed)
-				    or as several numbers labeled with units (time)
-	*/
-
-var SWFUpload;
-if (typeof(SWFUpload) === "function") {
-	SWFUpload.speed = {};
-	
-	SWFUpload.prototype.initSettings = (function (oldInitSettings) {
-		return function () {
-			if (typeof(oldInitSettings) === "function") {
-				oldInitSettings.call(this);
-			}
-			
-			this.ensureDefault = function (settingName, defaultValue) {
-				this.settings[settingName] = (this.settings[settingName] == undefined) ? defaultValue : this.settings[settingName];
-			};
-
-			// List used to keep the speed stats for the files we are tracking
-			this.fileSpeedStats = {};
-			this.speedSettings = {};
-
-			this.ensureDefault("moving_average_history_size", "10");
-			
-			this.speedSettings.user_file_queued_handler = this.settings.file_queued_handler;
-			this.speedSettings.user_file_queue_error_handler = this.settings.file_queue_error_handler;
-			this.speedSettings.user_upload_start_handler = this.settings.upload_start_handler;
-			this.speedSettings.user_upload_error_handler = this.settings.upload_error_handler;
-			this.speedSettings.user_upload_progress_handler = this.settings.upload_progress_handler;
-			this.speedSettings.user_upload_success_handler = this.settings.upload_success_handler;
-			this.speedSettings.user_upload_complete_handler = this.settings.upload_complete_handler;
-			
-			this.settings.file_queued_handler = SWFUpload.speed.fileQueuedHandler;
-			this.settings.file_queue_error_handler = SWFUpload.speed.fileQueueErrorHandler;
-			this.settings.upload_start_handler = SWFUpload.speed.uploadStartHandler;
-			this.settings.upload_error_handler = SWFUpload.speed.uploadErrorHandler;
-			this.settings.upload_progress_handler = SWFUpload.speed.uploadProgressHandler;
-			this.settings.upload_success_handler = SWFUpload.speed.uploadSuccessHandler;
-			this.settings.upload_complete_handler = SWFUpload.speed.uploadCompleteHandler;
-			
-			delete this.ensureDefault;
-		};
-	})(SWFUpload.prototype.initSettings);
-
-	
-	SWFUpload.speed.fileQueuedHandler = function (file) {
-		if (typeof this.speedSettings.user_file_queued_handler === "function") {
-			file = SWFUpload.speed.extendFile(file);
-			
-			return this.speedSettings.user_file_queued_handler.call(this, file);
-		}
-	};
-	
-	SWFUpload.speed.fileQueueErrorHandler = function (file, errorCode, message) {
-		if (typeof this.speedSettings.user_file_queue_error_handler === "function") {
-			file = SWFUpload.speed.extendFile(file);
-			
-			return this.speedSettings.user_file_queue_error_handler.call(this, file, errorCode, message);
-		}
-	};
-
-	SWFUpload.speed.uploadStartHandler = function (file) {
-		if (typeof this.speedSettings.user_upload_start_handler === "function") {
-			file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
-			return this.speedSettings.user_upload_start_handler.call(this, file);
-		}
-	};
-	
-	SWFUpload.speed.uploadErrorHandler = function (file, errorCode, message) {
-		file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
-		SWFUpload.speed.removeTracking(file, this.fileSpeedStats);
-
-		if (typeof this.speedSettings.user_upload_error_handler === "function") {
-			return this.speedSettings.user_upload_error_handler.call(this, file, errorCode, message);
-		}
-	};
-	SWFUpload.speed.uploadProgressHandler = function (file, bytesComplete, bytesTotal) {
-		this.updateTracking(file, bytesComplete);
-		file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
-
-		if (typeof this.speedSettings.user_upload_progress_handler === "function") {
-			return this.speedSettings.user_upload_progress_handler.call(this, file, bytesComplete, bytesTotal);
-		}
-	};
-	
-	SWFUpload.speed.uploadSuccessHandler = function (file, serverData) {
-		if (typeof this.speedSettings.user_upload_success_handler === "function") {
-			file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
-			return this.speedSettings.user_upload_success_handler.call(this, file, serverData);
-		}
-	};
-	SWFUpload.speed.uploadCompleteHandler = function (file) {
-		file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
-		SWFUpload.speed.removeTracking(file, this.fileSpeedStats);
-
-		if (typeof this.speedSettings.user_upload_complete_handler === "function") {
-			return this.speedSettings.user_upload_complete_handler.call(this, file);
-		}
-	};
-	
-	// Private: extends the file object with the speed plugin values
-	SWFUpload.speed.extendFile = function (file, trackingList) {
-		var tracking;
-		
-		if (trackingList) {
-			tracking = trackingList[file.id];
-		}
-		
-		if (tracking) {
-			file.currentSpeed = tracking.currentSpeed;
-			file.averageSpeed = tracking.averageSpeed;
-			file.movingAverageSpeed = tracking.movingAverageSpeed;
-			file.timeRemaining = tracking.timeRemaining;
-			file.timeElapsed = tracking.timeElapsed;
-			file.percentUploaded = tracking.percentUploaded;
-			file.sizeUploaded = tracking.bytesUploaded;
-
-		} else {
-			file.currentSpeed = 0;
-			file.averageSpeed = 0;
-			file.movingAverageSpeed = 0;
-			file.timeRemaining = 0;
-			file.timeElapsed = 0;
-			file.percentUploaded = 0;
-			file.sizeUploaded = 0;
-		}
-		
-		return file;
-	};
-	
-	// Private: Updates the speed tracking object, or creates it if necessary
-	SWFUpload.prototype.updateTracking = function (file, bytesUploaded) {
-		var tracking = this.fileSpeedStats[file.id];
-		if (!tracking) {
-			this.fileSpeedStats[file.id] = tracking = {};
-		}
-		
-		// Sanity check inputs
-		bytesUploaded = bytesUploaded || tracking.bytesUploaded || 0;
-		if (bytesUploaded < 0) {
-			bytesUploaded = 0;
-		}
-		if (bytesUploaded > file.size) {
-			bytesUploaded = file.size;
-		}
-		
-		var tickTime = (new Date()).getTime();
-		if (!tracking.startTime) {
-			tracking.startTime = (new Date()).getTime();
-			tracking.lastTime = tracking.startTime;
-			tracking.currentSpeed = 0;
-			tracking.averageSpeed = 0;
-			tracking.movingAverageSpeed = 0;
-			tracking.movingAverageHistory = [];
-			tracking.timeRemaining = 0;
-			tracking.timeElapsed = 0;
-			tracking.percentUploaded = bytesUploaded / file.size;
-			tracking.bytesUploaded = bytesUploaded;
-		} else if (tracking.startTime > tickTime) {
-			this.debug("When backwards in time");
-		} else {
-			// Get time and deltas
-			var now = (new Date()).getTime();
-			var lastTime = tracking.lastTime;
-			var deltaTime = now - lastTime;
-			var deltaBytes = bytesUploaded - tracking.bytesUploaded;
-			
-			if (deltaBytes === 0 || deltaTime === 0) {
-				return tracking;
-			}
-			
-			// Update tracking object
-			tracking.lastTime = now;
-			tracking.bytesUploaded = bytesUploaded;
-			
-			// Calculate speeds
-			tracking.currentSpeed = (deltaBytes * 8 ) / (deltaTime / 1000);
-			tracking.averageSpeed = (tracking.bytesUploaded * 8) / ((now - tracking.startTime) / 1000);
-
-			// Calculate moving average
-			tracking.movingAverageHistory.push(tracking.currentSpeed);
-			if (tracking.movingAverageHistory.length > this.settings.moving_average_history_size) {
-				tracking.movingAverageHistory.shift();
-			}
-			
-			tracking.movingAverageSpeed = SWFUpload.speed.calculateMovingAverage(tracking.movingAverageHistory);
-			
-			// Update times
-			tracking.timeRemaining = (file.size - tracking.bytesUploaded) * 8 / tracking.movingAverageSpeed;
-			tracking.timeElapsed = (now - tracking.startTime) / 1000;
-			
-			// Update percent
-			tracking.percentUploaded = (tracking.bytesUploaded / file.size * 100);
-		}
-		
-		return tracking;
-	};
-	SWFUpload.speed.removeTracking = function (file, trackingList) {
-		try {
-			trackingList[file.id] = null;
-			delete trackingList[file.id];
-		} catch (ex) {
-		}
-	};
-	
-	SWFUpload.speed.formatUnits = function (baseNumber, unitDivisors, unitLabels, singleFractional) {
-		var i, unit, unitDivisor, unitLabel;
-
-		if (baseNumber === 0) {
-			return "0 " + unitLabels[unitLabels.length - 1];
-		}
-		
-		if (singleFractional) {
-			unit = baseNumber;
-			unitLabel = unitLabels.length >= unitDivisors.length ? unitLabels[unitDivisors.length - 1] : "";
-			for (i = 0; i < unitDivisors.length; i++) {
-				if (baseNumber >= unitDivisors[i]) {
-					unit = (baseNumber / unitDivisors[i]).toFixed(2);
-					unitLabel = unitLabels.length >= i ? " " + unitLabels[i] : "";
-					break;
-				}
-			}
-			
-			return unit + unitLabel;
-		} else {
-			var formattedStrings = [];
-			var remainder = baseNumber;
-			
-			for (i = 0; i < unitDivisors.length; i++) {
-				unitDivisor = unitDivisors[i];
-				unitLabel = unitLabels.length > i ? " " + unitLabels[i] : "";
-				
-				unit = remainder / unitDivisor;
-				if (i < unitDivisors.length -1) {
-					unit = Math.floor(unit);
-				} else {
-					unit = unit.toFixed(2);
-				}
-				if (unit > 0) {
-					remainder = remainder % unitDivisor;
-					
-					formattedStrings.push(unit + unitLabel);
-				}
-			}
-			
-			return formattedStrings.join(" ");
-		}
-	};
-	
-	SWFUpload.speed.formatBPS = function (baseNumber) {
-		var bpsUnits = [1073741824, 1048576, 1024, 1], bpsUnitLabels = ["Gbps", "Mbps", "Kbps", "bps"];
-		return SWFUpload.speed.formatUnits(baseNumber, bpsUnits, bpsUnitLabels, true);
-	
-	};
-	SWFUpload.speed.formatTime = function (baseNumber) {
-		var timeUnits = [86400, 3600, 60, 1], timeUnitLabels = ["d", "h", "m", "s"];
-		return SWFUpload.speed.formatUnits(baseNumber, timeUnits, timeUnitLabels, false);
-	
-	};
-	SWFUpload.speed.formatBytes = function (baseNumber) {
-		var sizeUnits = [1073741824, 1048576, 1024, 1], sizeUnitLabels = ["GB", "MB", "KB", "bytes"];
-		return SWFUpload.speed.formatUnits(baseNumber, sizeUnits, sizeUnitLabels, true);
-	
-	};
-	SWFUpload.speed.formatPercent = function (baseNumber) {
-		return baseNumber.toFixed(2) + " %";
-	};
-	
-	SWFUpload.speed.calculateMovingAverage = function (history) {
-		var vals = [], size, sum = 0.0, mean = 0.0, varianceTemp = 0.0, variance = 0.0, standardDev = 0.0;
-		var i;
-		var mSum = 0, mCount = 0;
-		
-		size = history.length;
-		
-		// Check for sufficient data
-		if (size >= 8) {
-			// Clone the array and Calculate sum of the values 
-			for (i = 0; i < size; i++) {
-				vals[i] = history[i];
-				sum += vals[i];
-			}
-
-			mean = sum / size;
-
-			// Calculate variance for the set
-			for (i = 0; i < size; i++) {
-				varianceTemp += Math.pow((vals[i] - mean), 2);
-			}
-
-			variance = varianceTemp / size;
-			standardDev = Math.sqrt(variance);
-			
-			//Standardize the Data
-			for (i = 0; i < size; i++) {
-				vals[i] = (vals[i] - mean) / standardDev;
-			}
-
-			// Calculate the average excluding outliers
-			var deviationRange = 2.0;
-			for (i = 0; i < size; i++) {
-				
-				if (vals[i] <= deviationRange && vals[i] >= -deviationRange) {
-					mCount++;
-					mSum += history[i];
-				}
-			}
-			
-		} else {
-			// Calculate the average (not enough data points to remove outliers)
-			mCount = size;
-			for (i = 0; i < size; i++) {
-				mSum += history[i];
-			}
-		}
-
-		return mSum / mCount;
-	};
-	
+/*
+	Speed Plug-in
+	
+	Features:
+		*Adds several properties to the 'file' object indicated upload speed, time left, upload time, etc.
+			- currentSpeed -- String indicating the upload speed, bytes per second
+			- averageSpeed -- Overall average upload speed, bytes per second
+			- movingAverageSpeed -- Speed over averaged over the last several measurements, bytes per second
+			- timeRemaining -- Estimated remaining upload time in seconds
+			- timeElapsed -- Number of seconds passed for this upload
+			- percentUploaded -- Percentage of the file uploaded (0 to 100)
+			- sizeUploaded -- Formatted size uploaded so far, bytes
+		
+		*Adds setting 'moving_average_history_size' for defining the window size used to calculate the moving average speed.
+		
+		*Adds several Formatting functions for formatting that values provided on the file object.
+			- SWFUpload.speed.formatBPS(bps) -- outputs string formatted in the best units (Gbps, Mbps, Kbps, bps)
+			- SWFUpload.speed.formatTime(seconds) -- outputs string formatted in the best units (x Hr y M z S)
+			- SWFUpload.speed.formatSize(bytes) -- outputs string formatted in the best units (w GB x MB y KB z B )
+			- SWFUpload.speed.formatPercent(percent) -- outputs string formatted with a percent sign (x.xx %)
+			- SWFUpload.speed.formatUnits(baseNumber, divisionArray, unitLabelArray, fractionalBoolean)
+				- Formats a number using the division array to determine how to apply the labels in the Label Array
+				- factionalBoolean indicates whether the number should be returned as a single fractional number with a unit (speed)
+				    or as several numbers labeled with units (time)
+	*/
+
+var SWFUpload;
+if (typeof(SWFUpload) === "function") {
+	SWFUpload.speed = {};
+	
+	SWFUpload.prototype.initSettings = (function (oldInitSettings) {
+		return function () {
+			if (typeof(oldInitSettings) === "function") {
+				oldInitSettings.call(this);
+			}
+			
+			this.ensureDefault = function (settingName, defaultValue) {
+				this.settings[settingName] = (this.settings[settingName] == undefined) ? defaultValue : this.settings[settingName];
+			};
+
+			// List used to keep the speed stats for the files we are tracking
+			this.fileSpeedStats = {};
+			this.speedSettings = {};
+
+			this.ensureDefault("moving_average_history_size", "10");
+			
+			this.speedSettings.user_file_queued_handler = this.settings.file_queued_handler;
+			this.speedSettings.user_file_queue_error_handler = this.settings.file_queue_error_handler;
+			this.speedSettings.user_upload_start_handler = this.settings.upload_start_handler;
+			this.speedSettings.user_upload_error_handler = this.settings.upload_error_handler;
+			this.speedSettings.user_upload_progress_handler = this.settings.upload_progress_handler;
+			this.speedSettings.user_upload_success_handler = this.settings.upload_success_handler;
+			this.speedSettings.user_upload_complete_handler = this.settings.upload_complete_handler;
+			
+			this.settings.file_queued_handler = SWFUpload.speed.fileQueuedHandler;
+			this.settings.file_queue_error_handler = SWFUpload.speed.fileQueueErrorHandler;
+			this.settings.upload_start_handler = SWFUpload.speed.uploadStartHandler;
+			this.settings.upload_error_handler = SWFUpload.speed.uploadErrorHandler;
+			this.settings.upload_progress_handler = SWFUpload.speed.uploadProgressHandler;
+			this.settings.upload_success_handler = SWFUpload.speed.uploadSuccessHandler;
+			this.settings.upload_complete_handler = SWFUpload.speed.uploadCompleteHandler;
+			
+			delete this.ensureDefault;
+		};
+	})(SWFUpload.prototype.initSettings);
+
+	
+	SWFUpload.speed.fileQueuedHandler = function (file) {
+		if (typeof this.speedSettings.user_file_queued_handler === "function") {
+			file = SWFUpload.speed.extendFile(file);
+			
+			return this.speedSettings.user_file_queued_handler.call(this, file);
+		}
+	};
+	
+	SWFUpload.speed.fileQueueErrorHandler = function (file, errorCode, message) {
+		if (typeof this.speedSettings.user_file_queue_error_handler === "function") {
+			file = SWFUpload.speed.extendFile(file);
+			
+			return this.speedSettings.user_file_queue_error_handler.call(this, file, errorCode, message);
+		}
+	};
+
+	SWFUpload.speed.uploadStartHandler = function (file) {
+		if (typeof this.speedSettings.user_upload_start_handler === "function") {
+			file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
+			return this.speedSettings.user_upload_start_handler.call(this, file);
+		}
+	};
+	
+	SWFUpload.speed.uploadErrorHandler = function (file, errorCode, message) {
+		file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
+		SWFUpload.speed.removeTracking(file, this.fileSpeedStats);
+
+		if (typeof this.speedSettings.user_upload_error_handler === "function") {
+			return this.speedSettings.user_upload_error_handler.call(this, file, errorCode, message);
+		}
+	};
+	SWFUpload.speed.uploadProgressHandler = function (file, bytesComplete, bytesTotal) {
+		this.updateTracking(file, bytesComplete);
+		file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
+
+		if (typeof this.speedSettings.user_upload_progress_handler === "function") {
+			return this.speedSettings.user_upload_progress_handler.call(this, file, bytesComplete, bytesTotal);
+		}
+	};
+	
+	SWFUpload.speed.uploadSuccessHandler = function (file, serverData) {
+		if (typeof this.speedSettings.user_upload_success_handler === "function") {
+			file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
+			return this.speedSettings.user_upload_success_handler.call(this, file, serverData);
+		}
+	};
+	SWFUpload.speed.uploadCompleteHandler = function (file) {
+		file = SWFUpload.speed.extendFile(file, this.fileSpeedStats);
+		SWFUpload.speed.removeTracking(file, this.fileSpeedStats);
+
+		if (typeof this.speedSettings.user_upload_complete_handler === "function") {
+			return this.speedSettings.user_upload_complete_handler.call(this, file);
+		}
+	};
+	
+	// Private: extends the file object with the speed plugin values
+	SWFUpload.speed.extendFile = function (file, trackingList) {
+		var tracking;
+		
+		if (trackingList) {
+			tracking = trackingList[file.id];
+		}
+		
+		if (tracking) {
+			file.currentSpeed = tracking.currentSpeed;
+			file.averageSpeed = tracking.averageSpeed;
+			file.movingAverageSpeed = tracking.movingAverageSpeed;
+			file.timeRemaining = tracking.timeRemaining;
+			file.timeElapsed = tracking.timeElapsed;
+			file.percentUploaded = tracking.percentUploaded;
+			file.sizeUploaded = tracking.bytesUploaded;
+
+		} else {
+			file.currentSpeed = 0;
+			file.averageSpeed = 0;
+			file.movingAverageSpeed = 0;
+			file.timeRemaining = 0;
+			file.timeElapsed = 0;
+			file.percentUploaded = 0;
+			file.sizeUploaded = 0;
+		}
+		
+		return file;
+	};
+	
+	// Private: Updates the speed tracking object, or creates it if necessary
+	SWFUpload.prototype.updateTracking = function (file, bytesUploaded) {
+		var tracking = this.fileSpeedStats[file.id];
+		if (!tracking) {
+			this.fileSpeedStats[file.id] = tracking = {};
+		}
+		
+		// Sanity check inputs
+		bytesUploaded = bytesUploaded || tracking.bytesUploaded || 0;
+		if (bytesUploaded < 0) {
+			bytesUploaded = 0;
+		}
+		if (bytesUploaded > file.size) {
+			bytesUploaded = file.size;
+		}
+		
+		var tickTime = (new Date()).getTime();
+		if (!tracking.startTime) {
+			tracking.startTime = (new Date()).getTime();
+			tracking.lastTime = tracking.startTime;
+			tracking.currentSpeed = 0;
+			tracking.averageSpeed = 0;
+			tracking.movingAverageSpeed = 0;
+			tracking.movingAverageHistory = [];
+			tracking.timeRemaining = 0;
+			tracking.timeElapsed = 0;
+			tracking.percentUploaded = bytesUploaded / file.size;
+			tracking.bytesUploaded = bytesUploaded;
+		} else if (tracking.startTime > tickTime) {
+			this.debug("When backwards in time");
+		} else {
+			// Get time and deltas
+			var now = (new Date()).getTime();
+			var lastTime = tracking.lastTime;
+			var deltaTime = now - lastTime;
+			var deltaBytes = bytesUploaded - tracking.bytesUploaded;
+			
+			if (deltaBytes === 0 || deltaTime === 0) {
+				return tracking;
+			}
+			
+			// Update tracking object
+			tracking.lastTime = now;
+			tracking.bytesUploaded = bytesUploaded;
+			
+			// Calculate speeds
+			tracking.currentSpeed = (deltaBytes * 8 ) / (deltaTime / 1000);
+			tracking.averageSpeed = (tracking.bytesUploaded * 8) / ((now - tracking.startTime) / 1000);
+
+			// Calculate moving average
+			tracking.movingAverageHistory.push(tracking.currentSpeed);
+			if (tracking.movingAverageHistory.length > this.settings.moving_average_history_size) {
+				tracking.movingAverageHistory.shift();
+			}
+			
+			tracking.movingAverageSpeed = SWFUpload.speed.calculateMovingAverage(tracking.movingAverageHistory);
+			
+			// Update times
+			tracking.timeRemaining = (file.size - tracking.bytesUploaded) * 8 / tracking.movingAverageSpeed;
+			tracking.timeElapsed = (now - tracking.startTime) / 1000;
+			
+			// Update percent
+			tracking.percentUploaded = (tracking.bytesUploaded / file.size * 100);
+		}
+		
+		return tracking;
+	};
+	SWFUpload.speed.removeTracking = function (file, trackingList) {
+		try {
+			trackingList[file.id] = null;
+			delete trackingList[file.id];
+		} catch (ex) {
+		}
+	};
+	
+	SWFUpload.speed.formatUnits = function (baseNumber, unitDivisors, unitLabels, singleFractional) {
+		var i, unit, unitDivisor, unitLabel;
+
+		if (baseNumber === 0) {
+			return "0 " + unitLabels[unitLabels.length - 1];
+		}
+		
+		if (singleFractional) {
+			unit = baseNumber;
+			unitLabel = unitLabels.length >= unitDivisors.length ? unitLabels[unitDivisors.length - 1] : "";
+			for (i = 0; i < unitDivisors.length; i++) {
+				if (baseNumber >= unitDivisors[i]) {
+					unit = (baseNumber / unitDivisors[i]).toFixed(2);
+					unitLabel = unitLabels.length >= i ? " " + unitLabels[i] : "";
+					break;
+				}
+			}
+			
+			return unit + unitLabel;
+		} else {
+			var formattedStrings = [];
+			var remainder = baseNumber;
+			
+			for (i = 0; i < unitDivisors.length; i++) {
+				unitDivisor = unitDivisors[i];
+				unitLabel = unitLabels.length > i ? " " + unitLabels[i] : "";
+				
+				unit = remainder / unitDivisor;
+				if (i < unitDivisors.length -1) {
+					unit = Math.floor(unit);
+				} else {
+					unit = unit.toFixed(2);
+				}
+				if (unit > 0) {
+					remainder = remainder % unitDivisor;
+					
+					formattedStrings.push(unit + unitLabel);
+				}
+			}
+			
+			return formattedStrings.join(" ");
+		}
+	};
+	
+	SWFUpload.speed.formatBPS = function (baseNumber) {
+		var bpsUnits = [1073741824, 1048576, 1024, 1], bpsUnitLabels = ["Gbps", "Mbps", "Kbps", "bps"];
+		return SWFUpload.speed.formatUnits(baseNumber, bpsUnits, bpsUnitLabels, true);
+	
+	};
+	SWFUpload.speed.formatTime = function (baseNumber) {
+		var timeUnits = [86400, 3600, 60, 1], timeUnitLabels = ["d", "h", "m", "s"];
+		return SWFUpload.speed.formatUnits(baseNumber, timeUnits, timeUnitLabels, false);
+	
+	};
+	SWFUpload.speed.formatBytes = function (baseNumber) {
+		var sizeUnits = [1073741824, 1048576, 1024, 1], sizeUnitLabels = ["GB", "MB", "KB", "bytes"];
+		return SWFUpload.speed.formatUnits(baseNumber, sizeUnits, sizeUnitLabels, true);
+	
+	};
+	SWFUpload.speed.formatPercent = function (baseNumber) {
+		return baseNumber.toFixed(2) + " %";
+	};
+	
+	SWFUpload.speed.calculateMovingAverage = function (history) {
+		var vals = [], size, sum = 0.0, mean = 0.0, varianceTemp = 0.0, variance = 0.0, standardDev = 0.0;
+		var i;
+		var mSum = 0, mCount = 0;
+		
+		size = history.length;
+		
+		// Check for sufficient data
+		if (size >= 8) {
+			// Clone the array and Calculate sum of the values 
+			for (i = 0; i < size; i++) {
+				vals[i] = history[i];
+				sum += vals[i];
+			}
+
+			mean = sum / size;
+
+			// Calculate variance for the set
+			for (i = 0; i < size; i++) {
+				varianceTemp += Math.pow((vals[i] - mean), 2);
+			}
+
+			variance = varianceTemp / size;
+			standardDev = Math.sqrt(variance);
+			
+			//Standardize the Data
+			for (i = 0; i < size; i++) {
+				vals[i] = (vals[i] - mean) / standardDev;
+			}
+
+			// Calculate the average excluding outliers
+			var deviationRange = 2.0;
+			for (i = 0; i < size; i++) {
+				
+				if (vals[i] <= deviationRange && vals[i] >= -deviationRange) {
+					mCount++;
+					mSum += history[i];
+				}
+			}
+			
+		} else {
+			// Calculate the average (not enough data points to remove outliers)
+			mCount = size;
+			for (i = 0; i < size; i++) {
+				mSum += history[i];
+			}
+		}
+
+		return mSum / mCount;
+	};
+	
 }
--- a/wp-includes/js/tinymce/wp-tinymce.php
+++ b/wp-includes/js/tinymce/wp-tinymce.php
@@ -8,7 +8,7 @@ function get_file($path) {
 		$path = realpath($path);

 	if ( ! $path || ! @is_file($path) )
-		return '';
+		return false;

 	return @file_get_contents($path);
 }
@@ -20,9 +20,9 @@ header('Vary: Accept-Encoding'); // Handle proxies
 header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
 header("Cache-Control: public, max-age=$expires_offset");

-if ( isset($_GET['c']) && 1 == $_GET['c'] && false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') ) {
+if ( isset($_GET['c']) && 1 == $_GET['c'] && false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && ( $file = get_file($basepath . '/wp-tinymce.js.gz') ) ) {
 	header('Content-Encoding: gzip');
-	echo get_file($basepath . '/wp-tinymce.js.gz');
+	echo $file;
 } else {
 	echo get_file($basepath . '/wp-tinymce.js');
 }
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -119,23 +119,35 @@ if (!CUSTOM_TAGS) {
 			'target' => array ()),
 		'h1' => array(
 			'align' => array (),
-			'class' => array ()),
-		'h2' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h2' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h3' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h3' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h4' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h4' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h5' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h5' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h6' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h6' => array (
 			'align' => array (),
-			'class' => array ()),
-		'hr' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'hr' => array (
 			'align' => array (),
 			'class' => array (),
 			'noshade' => array (),
@@ -521,6 +533,19 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
 					break;
 				}

+			if ( $arreach['name'] == 'style' ) {
+				$orig_value = $arreach['value'];
+
+				$value = safecss_filter_attr($orig_value);
+
+				if ( empty($value) )
+					continue;
+
+				$arreach['value'] = $value;
+
+				$arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']);
+			}
+
 			if ($ok)
 				$attr2 .= ' '.$arreach['whole']; # it passed them
 		} # if !is_array($current)
@@ -1122,4 +1147,49 @@ function kses_init() {

 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
-?>
+
+function safecss_filter_attr( $css, $deprecated = '' ) {
+	$css = wp_kses_no_null($css);
+	$css = str_replace(array("\n","\r","\t"), '', $css);
+
+	if ( preg_match( '%[\\(&]|/\*%', $css ) ) // remove any inline css containing \ ( & or comments
+		return '';
+
+	$css_array = split( ';', trim( $css ) );
+	$allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float', 
+	'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', 
+	'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left',
+	'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', 
+	'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', 
+	'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', 
+	'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', 
+	'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', 
+	'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', 
+	'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', 
+	'width' ) );
+
+	if ( empty($allowed_attr) )
+		return $css;
+
+	$css = '';
+	foreach ( $css_array as $css_item ) {
+		if ( $css_item == '' )
+			continue;
+		$css_item = trim( $css_item );
+		$found = false;
+		if ( strpos( $css_item, ':' ) === false ) {
+			$found = true;
+		} else {
+			$parts = split( ':', $css_item );
+			if ( in_array( trim( $parts[0] ), $allowed_attr ) )
+				$found = true;
+		}
+		if ( $found ) {
+			if( $css != '' )
+				$css .= ';';
+			$css .= $css_item;
+		}
+	}
+
+	return $css;
+}
--- a/wp-includes/l10n.php
+++ b/wp-includes/l10n.php
@@ -301,35 +301,34 @@ function _nx_noop( $single, $plural, $context ) {


 /**
- * Loads MO file into the list of domains.
+ * Loads a MO file into the domain $domain.
 *
- * If the domain already exists, the inclusion will fail. If the MO file is not
- * readable, the inclusion will fail.
+ * If the domain already exists, the translations will be merged. If both
+ * sets have the same string, the translation from the original value will be taken.
 *
 * On success, the .mo file will be placed in the $l10n global by $domain
- * and will be an gettext_reader object.
+ * and will be a MO object.
 *
 * @since 1.5.0
- * @uses $l10n Gets list of domain translated string (gettext_reader) objects
- * @uses CacheFileReader Reads the MO file
- * @uses gettext_reader Allows for retrieving translated strings
+ * @uses $l10n Gets list of domain translated string objects
 *
 * @param string $domain Unique identifier for retrieving translated strings
 * @param string $mofile Path to the .mo file
- * @return null On failure returns null and also on success returns nothing.
+ * @return bool true on success, false on failure
 */
 function load_textdomain($domain, $mofile) {
 	global $l10n;

-	if ( !is_readable($mofile)) return;
+	if ( !is_readable( $mofile ) ) return false;

 	$mo = new MO();
-	$mo->import_from_file( $mofile );
+	if ( !$mo->import_from_file( $mofile ) ) return false;

-	if (isset($l10n[$domain]))
+	if ( isset( $l10n[$domain] ) )
 		$mo->merge_with( $l10n[$domain] );

 	$l10n[$domain] = &$mo;
+	return true;
 }

 /**
@@ -345,7 +344,7 @@ function load_default_textdomain() {

 	$mofile = WP_LANG_DIR . "/$locale.mo";

-	load_textdomain('default', $mofile);
+	return load_textdomain('default', $mofile);
 }

 /**
@@ -372,7 +371,7 @@ function load_plugin_textdomain($domain, $abs_rel_path = false, $plugin_rel_path
 		$path = WP_PLUGIN_DIR;

 	$mofile = $path . '/'. $domain . '-' . $locale . '.mo';
-	load_textdomain($domain, $mofile);
+	return load_textdomain($domain, $mofile);
 }

 /**
@@ -393,7 +392,7 @@ function load_theme_textdomain($domain, $path = false) {
 	$path = ( empty( $path ) ) ? get_template_directory() : $path;

 	$mofile = "$path/$locale.mo";
-	load_textdomain($domain, $mofile);
+	return load_textdomain($domain, $mofile);
 }

 /**
@@ -423,6 +422,6 @@ function &get_translations_for_domain( $domain ) {
 * won't suffer from that problem.
 */
 function translate_user_role( $name ) {
-	return before_last_bar( translate_with_gettext_context( $name, 'User role' ) );
+	return translate_with_gettext_context( before_last_bar($name), 'User role' );
 }
 ?>
--- a/wp-includes/link-template.php
+++ b/wp-includes/link-template.php
@@ -768,8 +768,7 @@ function get_edit_comment_link( $comment_id = 0 ) {
 function edit_comment_link( $link = 'Edit This', $before = '', $after = '' ) {
 	global $comment, $post;

-	if ( $post->post_type == 'attachment' ) {
-	} elseif ( $post->post_type == 'page' ) {
+	if ( $post->post_type == 'page' ) {
 		if ( !current_user_can( 'edit_page', $post->ID ) )
 			return;
 	} else {
@@ -1693,7 +1692,7 @@ function site_url($path = '', $scheme = null) {
 	// should the list of allowed schemes be maintained elsewhere?
 	$orig_scheme = $scheme;
 	if ( !in_array($scheme, array('http', 'https')) ) {
-		if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
+		if ( ( 'login_post' == $scheme || 'rpc' == $scheme ) && ( force_ssl_login() || force_ssl_admin() ) )
 			$scheme = 'https';
 		elseif ( ('login' == $scheme) && ( force_ssl_admin() ) )
 			$scheme = 'https';
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@@ -591,9 +591,9 @@ function img_caption_shortcode($attr, $content = null) {
 	if ( 1 > (int) $width || empty($caption) )
 		return $content;

-	if ( $id ) $id = 'id="' . $id . '" ';
+	if ( $id ) $id = 'id="' . esc_attr($id) . '" ';

-	return '<div ' . $id . 'class="wp-caption ' . $align . '" style="width: ' . (10 + (int) $width) . 'px">'
+	return '<div ' . $id . 'class="wp-caption ' . esc_attr($align) . '" style="width: ' . (10 + (int) $width) . 'px">'
 	. do_shortcode( $content ) . '<p class="wp-caption-text">' . $caption . '</p></div>';
 }

--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -880,17 +880,8 @@ function wp_sanitize_redirect($location) {
 	$location = wp_kses_no_null($location);

 	// remove %0d and %0a from location
-	$strip = array('%0d', '%0a');
-	$found = true;
-	while($found) {
-		$found = false;
-		foreach( (array) $strip as $val ) {
-			while(strpos($location, $val) !== false) {
-				$found = true;
-				$location = str_replace($val, '', $location);
-			}
-		}
-	}
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$location = _deep_replace($strip, $location);
 	return $location;
 }
 endif;
@@ -908,8 +899,7 @@ if ( !function_exists('wp_safe_redirect') ) :
 * but only used in a few places.
 *
 * @since 2.3
- * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
- *		WordPress host string and $location host string.
+ * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
 *
 * @return void Does not return anything
 **/
@@ -918,6 +908,31 @@ function wp_safe_redirect($location, $status = 302) {
 	// Need to look at the URL the way it will end up in wp_redirect()
 	$location = wp_sanitize_redirect($location);

+	$location = wp_validate_redirect($location, admin_url());
+
+	wp_redirect($location, $status);
+}
+endif;
+
+if ( !function_exists('wp_validate_redirect') ) :
+/**
+ * Validates a URL for use in a redirect.
+ *
+ * Checks whether the $location is using an allowed host, if it has an absolute
+ * path. A plugin can therefore set or remove allowed host(s) to or from the
+ * list.
+ *
+ * If the host is not allowed, then the redirect is to $default supplied
+ *
+ * @since 2.8.1
+ * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
+ *		WordPress host string and $location host string.
+ *
+ * @param string $location The redirect to validate
+ * @param string $default The value to return is $location is not allowed
+ * @return string redirect-sanitized URL
+ **/
+function wp_validate_redirect($location, $default = '') {
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;
@@ -931,9 +946,9 @@ function wp_safe_redirect($location, $status = 302) {
 	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');

 	if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
-		$location = admin_url();
+		$location = $default;

-	wp_redirect($location, $status);
+	return $location;
 }
 endif;

--- a/Show More
+++ b/Show More