2.8.4

git-svn-id: http://svn.automattic.com/wordpress/tags/2.8.4@11806 1a063a9b-81f0-0310-95a4-ce76da25c4cd

readme.html

@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo" style="text-align: center">
 	<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-	<br /> Version 2.8
+	<br /> Version 2.8.4
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>
 
@@ -29,7 +29,7 @@
 
 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.8:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.4:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified.</li>
 	<li>Upload the new files.</li>

wp-admin/admin-ajax.php

@@ -602,8 +602,12 @@ case 'add-comment' :
 	if ( !current_user_can( 'edit_post', $id ) )
 		die('-1');
 	$search = isset($_POST['s']) ? $_POST['s'] : false;
-	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
-	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false;
+	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
+	$per_page = isset($_POST['per_page']) ?  (int) $_POST['per_page'] + 8 : 28;
+	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
+	if ( 1 > $start )
+		$start = 27;
+
 	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
 	$p = isset($_POST['p']) ? $_POST['p'] : 0;
 	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
@@ -814,8 +818,10 @@ case 'add-meta' :
 			die('0'); // if meta doesn't exist
 		if ( !current_user_can( 'edit_post', $meta->post_id ) )
 			die('-1');
-		if ( !$u = update_meta( $mid, $key, $value ) )
-			die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+		if ( $meta->meta_value != stripslashes($value) ) {
+			if ( !$u = update_meta( $mid, $key, $value ) )
+				die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+		}
 
 		$key = stripslashes($key);
 		$value = stripslashes($value);

wp-admin/admin-footer.php

@@ -5,6 +5,10 @@
  * @package WordPress
  * @subpackage Administration
  */
+
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 ?>
 
 <div class="clear"></div></div><!-- wpbody-content -->

wp-admin/admin.php

@@ -146,7 +146,7 @@ if (isset($plugin_page)) {
 
 	// Make sure rules are flushed
 	global $wp_rewrite;
-	$wp_rewrite->flush_rules();
+	$wp_rewrite->flush_rules(false);
 
 	exit();
 } else {

wp-admin/comment.php

@@ -22,7 +22,7 @@ if ( isset( $_POST['deletecomment'] ) )
  *
  * @param string $msg Error Message. Assumed to contain HTML and be sanitized.
  */
-function comment_footer_die( $msg ) {  //
+function comment_footer_die( $msg ) {
 	echo "<div class='wrap'><p>$msg</p></div>";
 	include('admin-footer.php');
 	die;
@@ -119,7 +119,7 @@ if ( 'spam' == $_GET['dt'] ) {
 <?php if ( $comment->comment_author_url ) { ?>
 <tr>
 <th scope="row"><?php _e('URL'); ?></th>
-<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
+<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
 </tr>
 <?php } ?>
 <tr>

wp-admin/css/colors-classic.css

@@ -267,7 +267,7 @@ td.help {
 	color: #000;
 }
 
-.side-info h5, .bordertitle {
+.side-info h5 {
 	border-bottom-color: #dadada;
 }
 

wp-admin/css/colors-fresh.css

@@ -267,7 +267,7 @@ td.help {
 	color: #000;
 }
 
-.side-info h5, .bordertitle {
+.side-info h5 {
 	border-bottom-color: #dadada;
 }
 

wp-admin/css/global.css

@@ -375,7 +375,6 @@ ol.ol-decimal > li {
 .widefat {
 	border-width: 1px;
 	border-style: solid;
-	border-collapse: separate;
 	border-spacing: 0;
 	width: 100%;
 	clear: both;

wp-admin/css/ie.css

@@ -246,7 +246,8 @@ a.button {
 .tagchecklist,
 #col-container,
 #col-left,
-#col-right {
+#col-right,
+.fileedit-sub {
 	display: block;
 	zoom: 100%;
 }
@@ -337,6 +338,11 @@ table.ie-fixed {
 	padding: 4px 0 22px;
 }
 
+.widefat {
+	empty-cells: show;
+	border-collapse: collapse;
+}
+
 .tablenav a.button-secondary {
 	display: inline-block;
 	padding: 2px 5px;

wp-admin/css/plugin-install.css

@@ -68,7 +68,7 @@ div.star img {
 	border-top-left-radius: 3px;
 	-webkit-border-bottom-left-radius: 3px;
 	-khtml-border-bottom-left-radius: 3px;
-	border-top-bottom-radius: 3px;
+	border-bottom-left-radius: 3px;
 }
 
 #plugin-information .action-button a {
@@ -110,7 +110,7 @@ div.star img {
 	-moz-border-radius-bottomleft: 3px;
 	-webkit-border-bottom-left-radius: 3px;
 	-khtml-border-bottom-left-radius: 3px;
-	border-top-bottom-radius: 3px;
+	border-bottom-left-radius: 3px;
 }
 
 #plugin-information .fyi li {

wp-admin/css/theme-editor-rtl.css

@@ -1,12 +1,3 @@
 #templateside {
 	float: left;
 }
-#themeselector {
-	padding-right: 0;
-	padding-left: 5px;
-	float: left;
-}
-div.tablenav {
-	margin-right: 0;
-	margin-left: 210px;
-}

wp-admin/css/theme-editor.css

@@ -11,41 +11,26 @@
 #templateside {
 	float: right;
 	width: 190px;
+	word-wrap: break-word;
 }
 
-#templateside h3, #postcustomstuff p.submit {
+#templateside h3,
+#postcustomstuff p.submit {
 	margin: 0;
 }
 
-h3#bordertitle {
-	margin-bottom: 10px;
-}
-
 #templateside h4 {
-	margin-bottom: 0;
+	margin: 1em 0 0;
 }
 
-#templateside ol, #templateside ul {
-	list-style: none;
+#templateside ol,
+#templateside ul {
 	margin: .5em;
 	padding: 0;
 }
 
-#templateside ol li, #templateside ul li {
-	margin: 1px 0;
-}
-
-#themeselector {
-	padding-right: 5px;
-	float: right;
-	position: relative;
-	bottom: 25px;
-	top:20px;
-}
-
-#themeselector select {
-	margin: 0;
-	padding: 0;
+#templateside li {
+	margin: 4px 0;
 }
 
 .nonessential {
@@ -56,11 +41,6 @@ h3#bordertitle {
 	padding: 1px;
 }
 
-div.bordertitle h2 {
-	border: none;
-	padding-bottom: 0;
-}
-
 div.tablenav {
 	margin-right: 210px;
 }
@@ -72,4 +52,9 @@ div.tablenav {
 	line-height: 22px;
 	vertical-align: top;
 	font-weight: bold;
-}
+}
+
+.fileedit-sub {
+	padding: 10px 0 8px;
+	line-height: 180%;
+}

wp-admin/edit-attachment-rows.php

@@ -6,7 +6,9 @@
  * @subpackage Administration
  */
 
-if ( ! defined('ABSPATH') ) die();
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 
 if ( have_posts() ) { ?>
 <table class="widefat fixed" cellspacing="0">

wp-admin/edit-category-form.php

@@ -6,6 +6,13 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit categories for this blog.'));
+
 /**
  * @var object
  */
@@ -69,6 +76,7 @@ _fill_empty_category($category);
 			<td><textarea name="category_description" id="category_description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($category->description); ?></textarea><br />
             <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
 		</tr>
+		<?php do_action('edit_category_form_fields', $category); ?>
 	</table>
 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Category'); ?>" /></p>
 <?php do_action('edit_category_form', $category); ?>

wp-admin/edit-comments.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin’ uh?'));
+
 wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();
 
@@ -193,7 +196,7 @@ else
 
 $start = $offset = ( $page - 1 ) * $comments_per_page;
 
-list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 5, $post_id, $comment_type ); // Grab a few extra
+list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 8, $post_id, $comment_type ); // Grab a few extra
 
 $_comment_post_ids = array();
 foreach ( $_comments as $_c ) {
@@ -358,7 +361,8 @@ if ( $page_links )
 	<input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" />
 	<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
 	<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
-	<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
+	<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
+	<input type="hidden" name="per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
 	<input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" />
 	<input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" />
 	<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>

wp-admin/edit-form-advanced.php

@@ -6,6 +6,10 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
  * Post ID global
  * @name $post_ID

wp-admin/edit-form-comment.php

@@ -6,6 +6,10 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
  * @var string
  */
@@ -13,6 +17,7 @@ $submitbutton_text = __('Edit Comment');
 $toprow_title = sprintf(__('Editing Comment # %s'), $comment->comment_ID);
 $form_action = 'editedcomment';
 $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr($comment->comment_ID) . "' />\n<input type='hidden' name='comment_post_ID' value='" . esc_attr($comment->comment_post_ID);
+$comment->comment_author_email = esc_attr($comment->comment_author_email);
 ?>
 
 <form name="post" action="comment.php" method="post" id="post">
@@ -24,12 +29,6 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . esc_attr(
 <div id="poststuff" class="metabox-holder has-right-sidebar">
 <input type="hidden" name="user_ID" value="<?php echo (int) $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
-<?php
-
-$email = esc_attr( $comment->comment_author_email );
-$url = esc_attr( $comment->comment_author_url );
-// add_meta_box('submitdiv', __('Save'), 'comment_submit_meta_box', 'comment', 'side', 'core');
-?>
 
 <div id="side-info-column" class="inner-sidebar">
 <div id="submitdiv" class="stuffbox" >
@@ -95,25 +94,24 @@ $date = date_i18n( $datef, strtotime( $comment->comment_date ) );
 <tr valign="top">
 	<td class="first">
 	<?php
-		if ( $email ) {
+		if ( $comment->comment_author_email ) {
 			printf( __( 'E-mail (%s):' ), get_comment_author_email_link( __( 'send e-mail' ), '', '' ) );
 		} else {
 			_e( 'E-mail:' );
 		}
 ?></td>
-	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo esc_attr($email); ?>" tabindex="2" id="email" /></td>
+	<td><input type="text" name="newcomment_author_email" size="30" value="<?php echo $comment->comment_author_email; ?>" tabindex="2" id="email" /></td>
 </tr>
 <tr valign="top">
 	<td class="first">
 	<?php
-		$url = get_comment_author_url();
-		if ( ! empty( $url ) && 'http://' != $url ) {
-			$link = "<a href='$url' rel='external nofollow' target='_blank'>" . __('visit site') . "</a>";
+		if ( ! empty( $comment->comment_author_url ) && 'http://' != $comment->comment_author_url ) {
+			$link = '<a href="' . $comment->comment_author_url . '" rel="external nofollow" target="_blank">' . __('visit site') . '</a>';
 			printf( __( 'URL (%s):' ), apply_filters('get_comment_author_link', $link ) );
 		} else {
 			_e( 'URL:' );
 		} ?></td>
-	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($url); ?>" tabindex="3" /></td>
+	<td><input type="text" id="newcomment_author_url" name="newcomment_author_url" size="30" class="code" value="<?php echo esc_attr($comment->comment_author_url); ?>" tabindex="3" /></td>
 </tr>
 </tbody>
 </table>

wp-admin/edit-link-category-form.php

@@ -6,6 +6,13 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit link categories for this blog.'));
+
 /**
  * @var object
  */
@@ -74,6 +81,7 @@ _fill_empty_link_category($category);
 			<th scope="row" valign="top"><label for="description"><?php _e('Description (optional)') ?></label></th>
 			<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo $category->description; ?></textarea></td>
 		</tr>
+		<?php do_action('edit_link_category_form_fields', $category); ?>
 	</table>
 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php echo esc_attr($submit_text) ?>" /></p>
 <?php do_action('edit_link_category_form', $category); ?>

wp-admin/edit-link-form.php

@@ -6,6 +6,10 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 if ( ! empty($link_id) ) {
 	$heading = sprintf( __( '<a href="%s">Links</a> / Edit Link' ), 'link-manager.php' );
 	$submit_text = __('Update Link');

wp-admin/edit-page-form.php

@@ -6,6 +6,10 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
 /**
  * Post ID global.
  * @name $post_ID

wp-admin/edit-pages.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_pages') )
+	wp_die(__('Cheatin’ uh?'));
+
 // Handle bulk actions
 if ( isset($_GET['action']) && ( -1 != $_GET['action'] || -1 != $_GET['action2'] ) ) {
 	$doaction = ( -1 != $_GET['action'] ) ? $_GET['action'] : $_GET['action2'];

wp-admin/edit-post-rows.php

@@ -6,7 +6,9 @@
  * @subpackage Administration
  */
 
-if ( ! defined('ABSPATH') ) die();
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
 ?>
 <table class="widefat post fixed" cellspacing="0">
 	<thead>

wp-admin/edit-tag-form.php

@@ -6,6 +6,13 @@
  * @subpackage Administration
  */
 
+// don't load directly
+if ( !defined('ABSPATH') )
+	die('-1');
+
+if ( !current_user_can('manage_categories') )
+	wp_die(__('You do not have sufficient permissions to edit tags for this blog.'));
+
 if ( empty($tag_ID) ) { ?>
 	<div id="message" class="updated fade"><p><strong><?php _e('A tag was not selected for editing.'); ?></strong></p></div>
 <?php
@@ -39,6 +46,7 @@ do_action('edit_tag_form_pre', $tag); ?>
 			<td><textarea name="description" id="description" rows="5" cols="50" style="width: 97%;"><?php echo esc_html($tag->description); ?></textarea><br />
             <span class="description"><?php _e('The description is not prominent by default, however some themes may show it.'); ?></span></td>
 		</tr>
+		<?php do_action('edit_tag_form_fields', $tag); ?>
 	</table>
 <p class="submit"><input type="submit" class="button-primary" name="submit" value="<?php esc_attr_e('Update Tag'); ?>" /></p>
 <?php do_action('edit_tag_form', $tag); ?>

wp-admin/edit.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin’ uh?'));
+
 // Back-compat for viewing comments of an entry
 if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
 	wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );

wp-admin/export.php

@@ -9,6 +9,9 @@
 /** Load WordPress Bootstrap */
 require_once ('admin.php');
 
+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to export the content of this blog.'));
+
 /** Load WordPress export API */
 require_once('includes/export.php');
 $title = __('Export');

wp-admin/import.php

@@ -8,6 +8,10 @@
 
 /** Load WordPress Bootstrap */
 require_once ('admin.php');
+
+if ( !current_user_can('edit_files') )
+	wp_die(__('You do not have sufficient permissions to import content in this blog.'));
+
 $title = __('Import');
 require_once ('admin-header.php');
 $parent_file = 'tools.php';

wp-admin/includes/class-wp-filesystem-direct.php

@@ -20,7 +20,6 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	function WP_Filesystem_Direct($arg) {
 		$this->method = 'direct';
 		$this->errors = new WP_Error();
-		$this->permission = umask();
 	}
 	function connect() {
 		return true;
@@ -64,12 +63,22 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 		return true;
 	}
 	function chmod($file, $mode = false, $recursive = false) {
-		if ( ! $mode )
-			$mode = $this->permission;
 		if ( ! $this->exists($file) )
 			return false;
+
+		if ( ! $mode ) {
+			if ( $this->permission )
+				$mode = $this->permission;
+			elseif ( $this->is_file($file) )
+				$mode = FS_CHMOD_FILE;
+			elseif ( $this->is_dir($file) )
+				$mode = FS_CHMOD_DIR;
+			else
+				return false;	
+		}
+
 		if ( ! $recursive )
-			return @chmod($file,$mode);
+			return @chmod($file, $mode);
 		if ( ! $this->is_dir($file) )
 			return @chmod($file, $mode);
 		//Is a directory, and we want recursive
@@ -197,11 +206,9 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base {
 	}
 
 	function mkdir($path, $chmod = false, $chown = false, $chgrp = false){
-		if ( ! $chmod)
-			$chmod = $this->permission;
-
-		if ( ! @mkdir($path, $chmod) )
+		if ( ! @mkdir($path) )
 			return false;
+		$this->chmod($path, $chmod);
 		if ( $chown )
 			$this->chown($path, $chown);
 		if ( $chgrp )

wp-admin/includes/class-wp-filesystem-ssh2.php

@@ -13,7 +13,7 @@
  *
  * @contrib http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/ - Installation Notes
  *
- * Complie libssh2 (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now.)
+ * Complie libssh2 (Note: Only 0.14 is officaly working with PHP 5.2.6+ right now, But many users have found the latest versions work)
  *
  * cd /usr/src
  * wget http://surfnet.dl.sourceforge.net/sourceforge/libssh2/libssh2-0.14.tar.gz
@@ -22,7 +22,7 @@
  * ./configure
  * make all install
  *
- * Note: No not leave the directory yet!
+ * Note: Do not leave the directory yet!
  *
  * Enter: pecl install -f ssh2
  *
@@ -33,6 +33,7 @@
  * Restart Apache!
  * Check phpinfo() streams to confirm that: ssh2.shell, ssh2.exec, ssh2.tunnel, ssh2.scp, ssh2.sftp  exist.
  *
+ * Note: as of WordPress 2.8, This utilises the PHP5+ function 'stream_get_contents'
  *
  * @since 2.7
  * @package WordPress
@@ -45,7 +46,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	var $sftp_link = false;
 	var $keys = false;
 	/*
-	 * This is the timeout value for ssh results to comeback.
+	 * This is the timeout value for ssh results.
 	 * Slower servers might need this incressed, but this number otherwise should not change.
 	 *
 	 * @parm $timeout int
@@ -66,8 +67,8 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			$this->errors->add('no_ssh2_ext', __('The ssh2 PHP extension is not available'));
 			return false;
 		}
-		if ( ! version_compare(phpversion(), '5', '>=') ) {
-			$this->errors->add('ssh2_php_requirement', __('The ssh2 PHP extension is available, however requires PHP 5+'));
+		if ( !function_exists('stream_get_contents') ) {
+			$this->errors->add('ssh2_php_requirement', __('The ssh2 PHP extension is available, however, we require the PHP5 function <code>stream_get_contents()</code>'));
 			return false;
 		}
 
@@ -101,7 +102,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			$this->options['username'] = $opt['username'];
 
 		if ( empty ($opt['password']) ) {
-			if ( !$this->keys )	//	 password can be blank if we are using keys
+			if ( !$this->keys )	//password can be blank if we are using keys
 				$this->errors->add('empty_password', __('SSH2 password is required'));
 		} else {
 			$this->options['password'] = $opt['password'];
@@ -128,7 +129,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 			}
 		} else {
 			if ( ! @ssh2_auth_pubkey_file($this->link, $this->options['username'], $this->options['public_key'], $this->options['private_key'], $this->options['password'] ) ) {
-				$this->errors->add('auth', sprintf(__('Public and Private keys incorrent for %s'), $this->options['username']));
+				$this->errors->add('auth', sprintf(__('Public and Private keys incorrect for %s'), $this->options['username']));
 				return false;
 			}
 		}
@@ -148,10 +149,11 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		} else {
 			stream_set_blocking( $stream, true );
 			stream_set_timeout( $stream, $this->timeout );
-			$data = stream_get_contents($stream);
+			$data = stream_get_contents( $stream );
+			fclose( $stream );
 
 			if ( $returnbool )
-				return '' != trim($data);
+				return ( $data === false ) ? false : '' != trim($data);
 			else
 				return $data;
 		}
@@ -166,17 +168,17 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 
 	function get_contents($file, $type = '', $resumepos = 0 ) {
 		$file = ltrim($file, '/');
-		return file_get_contents('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return file_get_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function get_contents_array($file) {
 		$file = ltrim($file, '/');
-		return file('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return file('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function put_contents($file, $contents, $type = '' ) {
 		$file = ltrim($file, '/');
-		return file_put_contents('ssh2.sftp://' . $this->sftp_link .'/' . $file, $contents);
+		return file_put_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file, $contents);
 	}
 
 	function cwd() {
@@ -270,44 +272,43 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 	}
 
 	function exists($file) {
-		//return $this->run_command(sprintf('ls -lad %s', escapeshellarg($file)), true);
 		$file = ltrim($file, '/');
-		return file_exists('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return file_exists('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function is_file($file) {
 		$file = ltrim($file, '/');
-		return is_file('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return is_file('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function is_dir($path) {
 		$path = ltrim($path, '/');
-		return is_dir('ssh2.sftp://' . $this->sftp_link .'/' . $path);
+		return is_dir('ssh2.sftp://' . $this->sftp_link . '/' . $path);
 	}
 
 	function is_readable($file) {
 		$file = ltrim($file, '/');
-		return is_readable('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return is_readable('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function is_writable($file) {
 		$file = ltrim($file, '/');
-		return is_writable('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return is_writable('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function atime($file) {
 		$file = ltrim($file, '/');
-		return fileatime('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return fileatime('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function mtime($file) {
 		$file = ltrim($file, '/');
-		return filemtime('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return filemtime('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function size($file) {
 		$file = ltrim($file, '/');
-		return filesize('ssh2.sftp://' . $this->sftp_link .'/' . $file);
+		return filesize('ssh2.sftp://' . $this->sftp_link . '/' . $file);
 	}
 
 	function touch($file, $time = 0, $atime = 0) {
@@ -379,4 +380,4 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base {
 		unset($dir);
 		return $ret;
 	}
-}
+}

wp-admin/includes/comment.php

@@ -89,8 +89,8 @@ function get_comment_to_edit( $id ) {
 
 	$comment->comment_author = format_to_edit( $comment->comment_author );
 	$comment->comment_author_email = format_to_edit( $comment->comment_author_email );
-	$comment->comment_author_url = esc_url($comment->comment_author_url);
 	$comment->comment_author_url = format_to_edit( $comment->comment_author_url );
+	$comment->comment_author_url = esc_url($comment->comment_author_url);
 
 	return $comment;
 }

wp-admin/includes/dashboard.php

@@ -605,7 +605,7 @@ function _wp_dashboard_recent_comments_row( &$comment, $show_date = true ) {
 }
 
 function wp_dashboard_incoming_links() {
-	wp_dashboard_cached_rss_widget( 'dashboard_incoming_links', 'wp_dashboard_incoming_links_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }
 
 /**
@@ -634,8 +634,10 @@ function wp_dashboard_incoming_links_output() {
 
 	echo "<ul>\n";
 
-	$count = 0;
-	foreach ( $rss->get_items() as $item ) {
+	if ( !isset($items) )
+		$items = 10;
+
+	foreach ( $rss->get_items(0, $items) as $item ) {
 		$publisher = '';
 		$site_link = '';
 		$link = '';
@@ -644,10 +646,14 @@ function wp_dashboard_incoming_links_output() {
 		$link = esc_url( strip_tags( $item->get_link() ) );
 
 		$author = $item->get_author();
-		$site_link = esc_url( strip_tags( $author->get_link() ) );
+		if ( $author ) {
+			$site_link = esc_url( strip_tags( $author->get_link() ) );
 
-		if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
-			$publisher = __( 'Somebody' );
+			if ( !$publisher = esc_html( strip_tags( $author->get_name() ) ) )
+				$publisher = __( 'Somebody' );
+		} else {
+		  $publisher = __( 'Somebody' );
+		}
 		if ( $site_link )
 			$publisher = "<a href='$site_link'>$publisher</a>";
 		else
@@ -684,7 +690,7 @@ function wp_dashboard_incoming_links_control() {
 }
 
 function wp_dashboard_primary() {
-	wp_dashboard_cached_rss_widget( 'dashboard_primary', 'wp_dashboard_rss_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }
 
 function wp_dashboard_primary_control() {
@@ -706,7 +712,7 @@ function wp_dashboard_rss_output( $widget_id ) {
 }
 
 function wp_dashboard_secondary() {
-	wp_dashboard_cached_rss_widget( 'dashboard_secondary', 'wp_dashboard_secondary_output' );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }
 
 function wp_dashboard_secondary_control() {
@@ -741,11 +747,7 @@ function wp_dashboard_secondary_output() {
 }
 
 function wp_dashboard_plugins() {
-	wp_dashboard_cached_rss_widget( 'dashboard_plugins', 'wp_dashboard_plugins_output', array(
-		'http://wordpress.org/extend/plugins/rss/browse/popular/',
-		'http://wordpress.org/extend/plugins/rss/browse/new/',
-		'http://wordpress.org/extend/plugins/rss/browse/updated/'
-	) );
+	echo '<p class="widget-loading hide-if-no-js">' . __( 'Loading&#8230;' ) . '</p><p class="describe hide-if-js">' . __('This widget requires JavaScript.') . '</p>';
 }
 
 /**

wp-admin/includes/file.php

@@ -445,7 +445,7 @@ function download_url( $url ) {
 	if ( ! $handle )
 		return new WP_Error('http_no_file', __('Could not create Temporary file'));
 
-	$response = wp_remote_get($url, array('timeout' => 30));
+	$response = wp_remote_get($url, array('timeout' => 60));
 
 	if ( is_wp_error($response) ) {
 		fclose($handle);
@@ -645,7 +645,7 @@ function get_filesystem_method($args = array(), $context = false) {
 		}
  	}
 
-	if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') && extension_loaded('sockets') ) $method = 'ssh2';
+	if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') && function_exists('stream_get_contents') ) $method = 'ssh2';
 	if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
 	if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
 	return apply_filters('filesystem_method', $method, $args);
@@ -761,7 +761,7 @@ jQuery(function($){
 <td><input name="password" type="password" id="password" value="<?php if ( defined('FTP_PASS') ) echo '*****'; ?>"<?php if ( defined('FTP_PASS') ) echo ' disabled="disabled"' ?> size="40" /></td>
 </tr>
 
-<?php if ( extension_loaded('ssh2') ) : ?>
+<?php if ( extension_loaded('ssh2') && function_exists('stream_get_contents') ) : ?>
 <tr id="ssh_keys" valign="top" style="<?php if ( 'ssh' != $connection_type ) echo 'display:none' ?>">
 <th scope="row"><?php _e('Authentication Keys') ?>
 <div class="key-labels textright">
@@ -781,7 +781,7 @@ jQuery(function($){
 <?php if ( 'ftpext' == $type ) : ?>
 <br /><label><input id="ftps" name="connection_type" type="radio" value="ftps" <?php checked('ftps', $connection_type); if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"';  ?>/> <?php _e('FTPS (SSL)') ?></label>
 <?php endif; ?>
-<?php if ( extension_loaded('ssh2') ) : ?>
+<?php if ( extension_loaded('ssh2') && function_exists('stream_get_contents') ) : ?>
 <br /><label><input id="ssh" name="connection_type" type="radio" value="ssh" <?php checked('ssh', $connection_type);  if ( defined('FTP_SSL') || defined('FTP_SSH') ) echo ' disabled="disabled"'; ?>/> <?php _e('SSH') ?></label>
 <?php endif; ?>
 </fieldset>

wp-admin/includes/manifest.php

@@ -92,8 +92,7 @@ function &get_manifest() {
 
 	if ( @is_file('../wp-includes/js/tinymce/tiny_mce.js') ) :
 	$mce = array(
-		array('../wp-includes/js/tinymce/wp-tinymce.php', 'c=1&' . $mce_ver, true),
-		array('../wp-includes/js/tinymce/wp-tinymce.php', 'c=0&' . $mce_ver, true),
+		array('../wp-includes/js/tinymce/wp-tinymce.php', $mce_ver, true),
 
 		array('../wp-includes/js/tinymce/tiny_mce.js', $mce_ver, true),
 		array('../wp-includes/js/tinymce/langs/wp-langs-en.js', $mce_ver, true),

wp-admin/includes/media.php

@@ -369,7 +369,6 @@ EOF;
 	printf($context, $out);
 }
 add_action( 'media_buttons', 'media_buttons' );
-add_action('media_upload_media', 'media_upload_handler');
 
 /**
  * {@internal Missing Short Description}}
@@ -381,7 +380,7 @@ add_action('media_upload_media', 'media_upload_handler');
 function media_upload_form_handler() {
 	check_admin_referer('media-form');
 
-	$errors = array();
+	$errors = null;
 
 	if ( isset($_POST['send']) ) {
 		$keys = array_keys($_POST['send']);
@@ -1312,10 +1311,10 @@ var swfu;
 SWFUpload.onload = function() {
 	var settings = {
 			button_text: '<span class="button"><?php _e('Select Files'); ?></span>',
-			button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande","Lucida Sans Unicode",Tahoma,Verdana,sans-serif; }',
+			button_text_style: '.button { text-align: center; font-weight: bold; font-family:"Lucida Grande",Verdana,Arial,"Bitstream Vera Sans",sans-serif; }',
 			button_height: "24",
 			button_width: "132",
-			button_text_top_padding: 1,
+			button_text_top_padding: 2,
 			button_image_url: '<?php echo includes_url('images/upload.png'); ?>',
 			button_placeholder_id: "flash-browse-button",
 			upload_url : "<?php echo esc_attr( $flash_action_url ); ?>",

wp-admin/includes/misc.php

@@ -72,7 +72,9 @@ function insert_with_markers( $filename, $marker, $insertion ) {
 			$markerdata = explode( "\n", implode( '', file( $filename ) ) );
 		}
 
-		$f = fopen( $filename, 'w' );
+		if ( !$f = @fopen( $filename, 'w' ) )
+			return false;
+
 		$foundit = false;
 		if ( $markerdata ) {
 			$state = true;
@@ -270,6 +272,9 @@ function wp_doc_link_parse( $content ) {
 	if ( !is_string( $content ) || empty( $content ) )
 		return array();
 
+	if ( !function_exists('token_get_all') )
+		return array();
+
 	$tokens = token_get_all( $content );
 	$functions = array();
 	$ignore_functions = array();

wp-admin/includes/plugin-install.php

@@ -46,6 +46,8 @@ function plugins_api($action, $args = null) {
 			if ( ! $res )
 				$res = new WP_Error('plugins_api_failed', __('An unknown error occurred'), $request['body']);
 		}
+	} elseif ( !is_wp_error($res) ) {
+		$res->external = true;
 	}
 
 	return apply_filters('plugins_api_result', $res, $action, $args);
@@ -441,7 +443,7 @@ function install_plugin_information() {
 			//Default to a "new" plugin
 			$type = 'install';
 			//Check to see if this plugin is known to be installed, and has an update awaiting it.
-			$update_plugins = get_option('update_plugins');
+			$update_plugins = get_transient('update_plugins');
 			if ( is_object( $update_plugins ) ) {
 				foreach ( (array)$update_plugins->response as $file => $plugin ) {
 					if ( $plugin->slug === $api->slug ) {
@@ -462,7 +464,7 @@ function install_plugin_information() {
 						$newer_version = $installed_plugin[ $key ]['Version'];
 					} else {
 						//If the above update check failed, Then that probably means that the update checker has out-of-date information, force a refresh
-						delete_option('update_plugins');
+						delete_transient('update_plugins');
 						$update_file = $api->slug . '/' . $key; //This code branch only deals with a plugin which is in a folder the same name as its slug, Doesnt support plugins which have 'non-standard' names
 						$type = 'update_available';
 					}
@@ -509,12 +511,13 @@ function install_plugin_information() {
 			<li><strong><?php _e('Compatible up to:') ?></strong> <?php echo $api->tested ?></li>
 <?php endif; if ( ! empty($api->downloaded) ) : ?>
 			<li><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $api->downloaded), number_format_i18n($api->downloaded)) ?></li>
-<?php endif; if ( ! empty($api->slug) ) : ?>
+<?php endif; if ( ! empty($api->slug) && empty($api->external) ) : ?>
 			<li><a target="_blank" href="http://wordpress.org/extend/plugins/<?php echo $api->slug ?>/"><?php _e('WordPress.org Plugin Page &#187;') ?></a></li>
 <?php endif; if ( ! empty($api->homepage) ) : ?>
 			<li><a target="_blank" href="<?php echo $api->homepage ?>"><?php _e('Plugin Homepage  &#187;') ?></a></li>
 <?php endif; ?>
 		</ul>
+		<?php if ( ! empty($api->rating) ) : ?>
 		<h2><?php _e('Average Rating') ?></h2>
 		<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?>">
 			<div class="star star-rating" style="width: <?php echo esc_attr($api->rating) ?>px"></div>
@@ -525,6 +528,7 @@ function install_plugin_information() {
 			<div class="star star1"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('1 star') ?>" /></div>
 		</div>
 		<small><?php printf(_n('(based on %s rating)', '(based on %s ratings)', $api->num_ratings), number_format_i18n($api->num_ratings)); ?></small>
+		<?php endif; ?>
 	</div>
 	<div id="section-holder" class="wrap">
 	<?php

wp-admin/includes/plugin.php

@@ -585,7 +585,7 @@ function uninstall_plugin($plugin) {
 //
 
 function add_menu_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '' ) {
-	global $menu, $admin_page_hooks;
+	global $menu, $admin_page_hooks, $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -602,11 +602,13 @@ function add_menu_page( $page_title, $menu_title, $access_level, $file, $functio
 
 	$menu[] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
 function add_object_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_object_menu;
+	global $menu, $admin_page_hooks, $_wp_last_object_menu, $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -623,11 +625,13 @@ function add_object_page( $page_title, $menu_title, $access_level, $file, $funct
 
 	$menu[$_wp_last_object_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
 function add_utility_page( $page_title, $menu_title, $access_level, $file, $function = '', $icon_url = '') {
-	global $menu, $admin_page_hooks, $_wp_last_utility_menu;
+	global $menu, $admin_page_hooks, $_wp_last_utility_menu, $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -646,6 +650,8 @@ function add_utility_page( $page_title, $menu_title, $access_level, $file, $func
 
 	$menu[$_wp_last_utility_menu] = array ( $menu_title, $access_level, $file, $page_title, 'menu-top ' . $hookname, $hookname, $icon_url );
 
+	$_registered_pages[$hookname] = true;
+
 	return $hookname;
 }
 
@@ -654,6 +660,7 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	global $menu;
 	global $_wp_real_parent_file;
 	global $_wp_submenu_nopriv;
+	global $_registered_pages;
 
 	$file = plugin_basename( $file );
 
@@ -683,6 +690,11 @@ function add_submenu_page( $parent, $page_title, $menu_title, $access_level, $fi
 	if (!empty ( $function ) && !empty ( $hookname ))
 		add_action( $hookname, $function );
 
+	$_registered_pages[$hookname] = true;
+	// backwards-compatibility for plugins using add_management page.  See wp-admin/admin.php for redirect from edit.php to tools.php
+	if ( 'tools.php' == $parent ) 
+		$_registered_pages[get_plugin_page_hookname( $file, 'edit.php')] = true;
+
 	return $hookname;
 }
 
@@ -919,14 +931,21 @@ function user_can_access_admin_page() {
 	global $_wp_menu_nopriv;
 	global $_wp_submenu_nopriv;
 	global $plugin_page;
+	global $_registered_pages;
 
 	$parent = get_admin_page_parent();
 
 	if ( !isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$pagenow] ) )
 		return false;
 
-	if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
-		return false;
+	if ( isset( $plugin_page ) ) {
+		if ( isset( $_wp_submenu_nopriv[$parent][$plugin_page] ) )
+			return false;
+
+		$hookname = get_plugin_page_hookname($plugin_page, $parent);
+		if ( !isset($_registered_pages[$hookname]) )
+			return false;
+	}
 
 	if ( empty( $parent) ) {
 		if ( isset( $_wp_menu_nopriv[$pagenow] ) )
@@ -935,6 +954,8 @@ function user_can_access_admin_page() {
 			return false;
 		if ( isset( $plugin_page ) && isset( $_wp_submenu_nopriv[$pagenow][$plugin_page] ) )
 			return false;
+		if ( isset( $plugin_page ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+			return false;
 		foreach (array_keys( $_wp_submenu_nopriv ) as $key ) {
 			if ( isset( $_wp_submenu_nopriv[$key][$pagenow] ) )
 				return false;
@@ -944,6 +965,9 @@ function user_can_access_admin_page() {
 		return true;
 	}
 
+	if ( isset( $plugin_page ) && ( $plugin_page == $parent ) && isset( $_wp_menu_nopriv[$plugin_page] ) )
+		return false;
+
 	if ( isset( $submenu[$parent] ) ) {
 		foreach ( $submenu[$parent] as $submenu_array ) {
 			if ( isset( $plugin_page ) && ( $submenu_array[2] == $plugin_page ) ) {

wp-admin/includes/template.php

@@ -1447,6 +1447,8 @@ function _post_row($a_post, $pending_comments, $mode) {
 			if ( current_user_can('edit_post', $post->ID) ) {
 				$actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '" title="' . esc_attr(__('Edit this post')) . '">' . __('Edit') . '</a>';
 				$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="' . esc_attr(__('Edit this post inline')) . '">' . __('Quick&nbsp;Edit') . '</a>';
+			}
+			if ( current_user_can('delete_post', $post->ID) ) {
 				$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this post')) . "' href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
 			}
 			if ( in_array($post->post_status, array('pending', 'draft')) ) {
@@ -1660,6 +1662,8 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
 		if ( current_user_can('edit_page', $page->ID) ) {
 			$actions['edit'] = '<a href="' . $edit_link . '" title="' . esc_attr(__('Edit this page')) . '">' . __('Edit') . '</a>';
 			$actions['inline'] = '<a href="#" class="editinline">' . __('Quick&nbsp;Edit') . '</a>';
+		}
+		if ( current_user_can('delete_page', $page->ID) ) {
 			$actions['delete'] = "<a class='submitdelete' title='" . esc_attr(__('Delete this page')) . "' href='" . wp_nonce_url("page.php?action=delete&amp;post=$page->ID", 'delete-page_' . $page->ID) . "' onclick=\"if ( confirm('" . esc_js(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>";
 		}
 		if ( in_array($post->post_status, array('pending', 'draft')) ) {
@@ -2081,9 +2085,7 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
 	$author_url = get_comment_author_url();
 	if ( 'http://' == $author_url )
 		$author_url = '';
-	$author_url_display = $author_url;
-	$author_url_display = str_replace('http://www.', '', $author_url_display);
-	$author_url_display = str_replace('http://', '', $author_url_display);
+	$author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url);
 	if ( strlen($author_url_display) > 50 )
 		$author_url_display = substr($author_url_display, 0, 49) . '...';
 
@@ -3471,11 +3473,6 @@ function screen_meta($screen) {
 				$_wp_contextual_help[$screen] = $help;
 			}
 			break;
-		case 'theme-editor':
-		case 'plugin-editor':
-			$settings = '<p><a id="codepress-on" href="' . $screen . '.php?codepress=on">' . __('Enable syntax highlighting') . '</a><a id="codepress-off" href="' . $screen . '.php?codepress=off">' . __('Disable syntax highlighting') . "</a></p>\n";
-			$show_screen = true;
-			break;
 		case 'widgets':
 			if ( !isset($_wp_contextual_help['widgets']) ) {
 				$help = widgets_help();

wp-admin/includes/update-core.php

@@ -229,7 +229,7 @@ function update_core($from, $to) {
 	$result = copy_dir($from . '/wordpress', $to);
 	if ( is_wp_error($result) ) {
 		$wp_filesystem->delete($maintenance_file);
-		$wp_filesystem->delete($working_dir, true);
+		$wp_filesystem->delete($from, true);
 		return $result;
 	}
 

wp-admin/includes/user.php

@@ -253,7 +253,7 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true, $post_type = 'p
 		if ( $user->has_cap("edit_{$post_type}s") || $exclude_zeros == false )
 			return array($user->id);
 		else
-			return false;
+			return array();
 	}
 
 	$level_key = $wpdb->prefix . 'user_level';

wp-admin/includes/widgets.php

@@ -97,10 +97,13 @@ function wp_list_widget_controls_dynamic_sidebar( $params ) {
 
 function next_widget_id_number($id_base) {
 	global $wp_registered_widgets;
-	$number = 2;
+	$number = 1;
 
-	while ( isset($wp_registered_widgets["$id_base-$number"]) )
-		$number++;
+	foreach ( $wp_registered_widgets as $widget_id => $widget ) {
+		if ( preg_match( '/' . $id_base . '-([0-9]+)$/', $widget_id, $matches ) )
+			$number = max($number, $matches[1]);
+	}
+	$number++;
 
 	return $number;
 }

wp-admin/js/dashboard.dev.js

@@ -1,6 +1,6 @@
+var ajaxWidgets, ajaxPopulateWidgets, quickPressLoad;
 
 jQuery(document).ready( function($) {
-	var ajaxWidgets, ajaxPopulateWidgets, quickPressLoad;
 	// These widgets are sometimes populated via ajax
 	ajaxWidgets = [
 		'dashboard_incoming_links',
@@ -9,15 +9,35 @@ jQuery(document).ready( function($) {
 		'dashboard_plugins'
 	];
 
-	ajaxPopulateWidgets = function() {
-		$.each( ajaxWidgets, function() {
-			var e = jQuery('#' + this + ':visible div.inside').find('.widget-loading');
-			if ( e.size() ) { e.parent().load('index-extra.php?jax=' + this); }
-		} );
+	ajaxPopulateWidgets = function(el) {
+		show = function(id, i) {
+			var p, e = $('#' + id + ' div.inside:visible').find('.widget-loading');
+			if ( e.length ) {
+				p = e.parent();
+				setTimeout( function(){
+					p.load('index-extra.php?jax=' + id, '', function() {
+						p.hide().slideDown('normal', function(){
+							$(this).css('display', '');
+							if ( 'dashboard_plugins' == id && $.isFunction(tb_init) )
+								tb_init('#dashboard_plugins a.thickbox');
+						});
+					});
+				}, i * 500 );
+			}
+		}
+		if ( el ) {
+			el = el.toString();
+			if ( $.inArray(el, ajaxWidgets) != -1 )
+				show(el, 0);
+		} else {
+			$.each( ajaxWidgets, function(i) {
+				show(this, i);
+			});
+		}
 	};
 	ajaxPopulateWidgets();
 
-	postboxes.add_postbox_toggles('dashboard', { onShow: ajaxPopulateWidgets } );
+	postboxes.add_postbox_toggles('dashboard', { pbshow: ajaxPopulateWidgets } );
 
 	/* QuickPress */
 	quickPressLoad = function() {

wp-admin/js/dashboard.js

@@ -1 +1 @@
-jQuery(document).ready(function(c){var a,b,d;a=["dashboard_incoming_links","dashboard_primary","dashboard_secondary","dashboard_plugins"];b=function(){c.each(a,function(){var f=jQuery("#"+this+":visible div.inside").find(".widget-loading");if(f.size()){f.parent().load("index-extra.php?jax="+this)}})};b();postboxes.add_postbox_toggles("dashboard",{onShow:b});d=function(){var e=c("#quickpost-action"),f;f=c("#quick-press").submit(function(){c("#dashboard_quick_press h3").append('<img src="images/wpspin_light.gif" style="margin: 0 6px 0 0; vertical-align: middle" />');c('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","disabled");if("post"==e.val()){e.val("post-quickpress-publish")}c("#dashboard_quick_press div.inside").load(f.attr("action"),f.serializeArray(),function(){c("#dashboard_quick_press h3 img").remove();c('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","");c("#dashboard_quick_press ul").find("li").each(function(){c("#dashboard_recent_drafts ul").prepend(this)}).end().remove();tb_init("a.thickbox");d()});return false});c("#publish").click(function(){e.val("post-quickpress-publish")})};d()});
+var ajaxWidgets,ajaxPopulateWidgets,quickPressLoad;jQuery(document).ready(function(a){ajaxWidgets=["dashboard_incoming_links","dashboard_primary","dashboard_secondary","dashboard_plugins"];ajaxPopulateWidgets=function(b){show=function(g,c){var f,d=a("#"+g+" div.inside:visible").find(".widget-loading");if(d.length){f=d.parent();setTimeout(function(){f.load("index-extra.php?jax="+g,"",function(){f.hide().slideDown("normal",function(){a(this).css("display","");if("dashboard_plugins"==g&&a.isFunction(tb_init)){tb_init("#dashboard_plugins a.thickbox")}})})},c*500)}};if(b){b=b.toString();if(a.inArray(b,ajaxWidgets)!=-1){show(b,0)}}else{a.each(ajaxWidgets,function(c){show(this,c)})}};ajaxPopulateWidgets();postboxes.add_postbox_toggles("dashboard",{pbshow:ajaxPopulateWidgets});quickPressLoad=function(){var b=a("#quickpost-action"),c;c=a("#quick-press").submit(function(){a("#dashboard_quick_press h3").append('<img src="images/wpspin_light.gif" style="margin: 0 6px 0 0; vertical-align: middle" />');a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","disabled");if("post"==b.val()){b.val("post-quickpress-publish")}a("#dashboard_quick_press div.inside").load(c.attr("action"),c.serializeArray(),function(){a("#dashboard_quick_press h3 img").remove();a('#quick-press .submit input[type="submit"], #quick-press .submit input[type="reset"]').attr("disabled","");a("#dashboard_quick_press ul").find("li").each(function(){a("#dashboard_recent_drafts ul").prepend(this)}).end().remove();tb_init("a.thickbox");quickPressLoad()});return false});a("#publish").click(function(){b.val("post-quickpress-publish")})};quickPressLoad()});

wp-admin/js/edit-comments.dev.js

@@ -23,7 +23,7 @@ setCommentsList = function() {
 			if ( isNaN(n) ) return;
 			n = n + ( $('#' + settings.element).is('.' + settings.dimClass) ? 1 : -1 );
 			if ( n < 0 ) { n = 0; }
-			$('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
+			a.parents('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
 			n = n.toString();
 			if ( n.length > 3 )
 				n = n.substr(0, n.length-3)+' '+n.substr(-3);
@@ -77,7 +77,7 @@ setCommentsList = function() {
 				n = n + 1;
 			}
 			if ( n < 0 ) { n = 0; }
-			$('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
+			a.parents('#awaiting-mod')[ 0 == n ? 'addClass' : 'removeClass' ]('count-0');
 			n = n.toString();
 			if ( n.length > 3 )
 				n = n.substr(0, n.length-3)+' '+n.substr(-3);

wp-admin/js/post.dev.js

@@ -212,10 +212,6 @@ var commentsBox, tagCloud;
 jQuery(document).ready( function($) {
 	var noSyncChecks = false, syncChecks, catAddAfter, stamp = $('#timestamp').html(), visibility = $('#post-visibility-display').html(), sticky = '';
 
-	// for Press This
-	if ( typeof autosave != 'function' )
-		autosave = function(){};
-
 	// postboxes
 	postboxes.add_postbox_toggles('post');
 
@@ -225,7 +221,13 @@ jQuery(document).ready( function($) {
 	// prepare the tag UI
 	tag_init();
 
-	$('#title').blur( function() { if ( ($("#post_ID").val() > 0) || ($("#title").val().length == 0) ) return; autosave(); } );
+	$('#title').blur( function() {
+		if ( ($("#post_ID").val() > 0) || ($("#title").val().length == 0) )
+			return;
+
+		if ( typeof(autosave) != 'undefined' )
+			autosave();
+	});
 
 	// auto-suggest stuff
 	$('.newtag').each(function(){
@@ -477,7 +479,7 @@ jQuery(document).ready( function($) {
 	// Custom Fields
 	$('#the-list').wpList( { addAfter: function( xml, s ) {
 		$('table#list-table').show();
-		if ( $.isFunction( autosave_update_post_ID ) ) {
+		if ( typeof( autosave_update_post_ID ) != 'undefined' ) {
 			autosave_update_post_ID(s.parsed.responses[0].supplemental.postid);
 		}
 	}, addBefore: function( s ) {

wp-admin/js/postbox.dev.js

@@ -4,15 +4,15 @@ var postboxes;
 		add_postbox_toggles : function(page,args) {
 			this.init(page,args);
 			$('.postbox h3, .postbox .handlediv').click( function() {
-				var p = $(this).parent('.postbox');
-				/*
-				if ( p.hasClass('noclick') ) {
-					p.removeClass('noclick');
-					return false;
-				}
-				*/
+				var p = $(this).parent('.postbox'), id = p.attr('id');
 				p.toggleClass('closed');
 				postboxes.save_state(page);
+				if ( id ) {
+					if ( !p.hasClass('closed') && $.isFunction(postboxes.pbshow) )
+						postboxes.pbshow(id);
+					else if ( p.hasClass('closed') && $.isFunction(postboxes.pbhide) )
+						postboxes.pbhide(id);
+				}
 			} );
 			$('.postbox h3 a').click( function(e) {
 				e.stopPropagation();

wp-admin/js/postbox.js

@@ -1 +1 @@
-var postboxes;(function(a){postboxes={add_postbox_toggles:function(c,b){this.init(c,b);a(".postbox h3, .postbox .handlediv").click(function(){var e=a(this).parent(".postbox");e.toggleClass("closed");postboxes.save_state(c)});a(".postbox h3 a").click(function(f){f.stopPropagation()});a(".hide-postbox-tog").click(function(){var e=a(this).val();if(a(this).attr("checked")){a("#"+e).show();if(a.isFunction(postboxes.pbshow)){postboxes.pbshow(e)}}else{a("#"+e).hide();if(a.isFunction(postboxes.pbhide)){postboxes.pbhide(e)}}postboxes.save_state(c)});a('.columns-prefs input[type="radio"]').click(function(){var e=a(this).val(),f,g,h=a("#poststuff");if(h.length){if(e==2){h.addClass("has-right-sidebar");a("#side-sortables").addClass("temp-border")}else{if(e==1){h.removeClass("has-right-sidebar");a("#normal-sortables").append(a("#side-sortables").children(".postbox"))}}}else{for(f=4;(f>e&&f>1);f--){g=a("#"+d(f)+"-sortables");a("#"+d(f-1)+"-sortables").append(g.children(".postbox"));g.parent().hide()}for(f=1;f<=e;f++){g=a("#"+d(f)+"-sortables");if(g.parent().is(":hidden")){g.addClass("temp-border").parent().show()}}a(".postbox-container:visible").css("width",98/e+"%")}postboxes.save_order(c)});function d(e){switch(e){case 1:return"normal";break;case 2:return"side";break;case 3:return"column3";break;case 4:return"column4";break;default:return""}}},init:function(c,b){a.extend(this,b||{});a("#wpbody-content").css("overflow","hidden");a(".meta-box-sortables").sortable({placeholder:"sortable-placeholder",connectWith:".meta-box-sortables",items:".postbox",handle:".hndle",cursor:"move",distance:2,tolerance:"pointer",forcePlaceholderSize:true,helper:"clone",opacity:0.65,start:function(f,d){a("body").css({WebkitUserSelect:"none",KhtmlUserSelect:"none"})},stop:function(f,d){postboxes.save_order(c);d.item.parent().removeClass("temp-border");a("body").css({WebkitUserSelect:"",KhtmlUserSelect:""})}})},save_state:function(d){var b=a(".postbox").filter(".closed").map(function(){return this.id}).get().join(","),c=a(".postbox").filter(":hidden").map(function(){return this.id}).get().join(",");a.post(postboxL10n.requestFile,{action:"closed-postboxes",closed:b,hidden:c,closedpostboxesnonce:jQuery("#closedpostboxesnonce").val(),page:d})},save_order:function(c){var b,d=a(".columns-prefs input:checked").val()||0;b={action:"meta-box-order",_ajax_nonce:a("#meta-box-order-nonce").val(),page_columns:d,page:c};a(".meta-box-sortables").each(function(){b["order["+this.id.split("-")[0]+"]"]=a(this).sortable("toArray").join(",")});a.post(postboxL10n.requestFile,b)},pbshow:false,pbhide:false}}(jQuery));
+var postboxes;(function(a){postboxes={add_postbox_toggles:function(c,b){this.init(c,b);a(".postbox h3, .postbox .handlediv").click(function(){var e=a(this).parent(".postbox"),f=e.attr("id");e.toggleClass("closed");postboxes.save_state(c);if(f){if(!e.hasClass("closed")&&a.isFunction(postboxes.pbshow)){postboxes.pbshow(f)}else{if(e.hasClass("closed")&&a.isFunction(postboxes.pbhide)){postboxes.pbhide(f)}}}});a(".postbox h3 a").click(function(f){f.stopPropagation()});a(".hide-postbox-tog").click(function(){var e=a(this).val();if(a(this).attr("checked")){a("#"+e).show();if(a.isFunction(postboxes.pbshow)){postboxes.pbshow(e)}}else{a("#"+e).hide();if(a.isFunction(postboxes.pbhide)){postboxes.pbhide(e)}}postboxes.save_state(c)});a('.columns-prefs input[type="radio"]').click(function(){var e=a(this).val(),f,g,h=a("#poststuff");if(h.length){if(e==2){h.addClass("has-right-sidebar");a("#side-sortables").addClass("temp-border")}else{if(e==1){h.removeClass("has-right-sidebar");a("#normal-sortables").append(a("#side-sortables").children(".postbox"))}}}else{for(f=4;(f>e&&f>1);f--){g=a("#"+d(f)+"-sortables");a("#"+d(f-1)+"-sortables").append(g.children(".postbox"));g.parent().hide()}for(f=1;f<=e;f++){g=a("#"+d(f)+"-sortables");if(g.parent().is(":hidden")){g.addClass("temp-border").parent().show()}}a(".postbox-container:visible").css("width",98/e+"%")}postboxes.save_order(c)});function d(e){switch(e){case 1:return"normal";break;case 2:return"side";break;case 3:return"column3";break;case 4:return"column4";break;default:return""}}},init:function(c,b){a.extend(this,b||{});a("#wpbody-content").css("overflow","hidden");a(".meta-box-sortables").sortable({placeholder:"sortable-placeholder",connectWith:".meta-box-sortables",items:".postbox",handle:".hndle",cursor:"move",distance:2,tolerance:"pointer",forcePlaceholderSize:true,helper:"clone",opacity:0.65,start:function(f,d){a("body").css({WebkitUserSelect:"none",KhtmlUserSelect:"none"})},stop:function(f,d){postboxes.save_order(c);d.item.parent().removeClass("temp-border");a("body").css({WebkitUserSelect:"",KhtmlUserSelect:""})}})},save_state:function(d){var b=a(".postbox").filter(".closed").map(function(){return this.id}).get().join(","),c=a(".postbox").filter(":hidden").map(function(){return this.id}).get().join(",");a.post(postboxL10n.requestFile,{action:"closed-postboxes",closed:b,hidden:c,closedpostboxesnonce:jQuery("#closedpostboxesnonce").val(),page:d})},save_order:function(c){var b,d=a(".columns-prefs input:checked").val()||0;b={action:"meta-box-order",_ajax_nonce:a("#meta-box-order-nonce").val(),page_columns:d,page:c};a(".meta-box-sortables").each(function(){b["order["+this.id.split("-")[0]+"]"]=a(this).sortable("toArray").join(",")});a.post(postboxL10n.requestFile,b)},pbshow:false,pbhide:false}}(jQuery));

wp-admin/link-add.php

@@ -9,6 +9,9 @@
 /** Load WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_links') )
+	wp_die(__('You do not have sufficient permissions to add links to this blog.'));
+
 $title = __('Add New Link');
 $parent_file = 'link-manager.php';
 

wp-admin/link-parse-opml.php

@@ -6,8 +6,8 @@
  * @subpackage Administration
  */
 
-/** Load WordPress Bootstrap */
-require_once('../wp-load.php');
+if ( ! defined('ABSPATH') )
+	die();
 
 global $opml, $map;
 

wp-admin/media-upload.php

@@ -29,16 +29,7 @@ if ( isset($action) && $action == 'edit' && !$ID )
 	wp_die(__("You are not allowed to be here"));
 
 if ( isset($_GET['inline']) ) {
-
-	if ( isset($_GET['upload-page-form']) ) {
-		$errors = media_upload_form_handler();
-
-		$location = 'upload.php';
-		if ( $errors )
-			$location .= '?message=3';
-
-		wp_redirect( admin_url($location) );
-	}
+	$errors = array();
 
 	if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
 		// Upload File button was clicked
@@ -50,6 +41,16 @@ if ( isset($_GET['inline']) ) {
 		}
 	}
 
+	if ( isset($_GET['upload-page-form']) ) {
+		$errors = array_merge($errors, (array) media_upload_form_handler());
+
+		$location = 'upload.php';
+		if ( $errors )
+			$location .= '?message=3';
+
+		wp_redirect( admin_url($location) );
+	}
+
 	$title = __('Upload New Media');
 	$parent_file = 'upload.php';
 	require_once('admin-header.php'); ?>

wp-admin/menu-header.php

@@ -74,7 +74,10 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 		} elseif ( $submenu_as_parent && !empty($submenu[$item[2]]) ) {
 			$submenu[$item[2]] = array_values($submenu[$item[2]]);  // Re-index.
 			$menu_hook = get_plugin_page_hook($submenu[$item[2]][0][2], $item[2]);
-			if ( ( ('index.php' != $submenu[$item[2]][0][2]) && file_exists(WP_PLUGIN_DIR . "/{$submenu[$item[2]][0][2]}") ) || !empty($menu_hook)) {
+			$menu_file = $submenu[$item[2]][0][2];
+			if ( false !== $pos = strpos($menu_file, '?') )
+				$menu_file = substr($menu_file, 0, $pos);
+			if ( ( ('index.php' != $submenu[$item[2]][0][2]) && file_exists(WP_PLUGIN_DIR . "/$menu_file") ) || !empty($menu_hook)) {
 				$admin_is_parent = true;
 				echo "<div class='wp-menu-image'><a href='admin.php?page={$submenu[$item[2]][0][2]}'>$img</a></div>$toggle<a href='admin.php?page={$submenu[$item[2]][0][2]}'$class$tabindex>{$item[0]}</a>";
 			} else {
@@ -82,7 +85,10 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 			}
 		} else if ( current_user_can($item[1]) ) {
 			$menu_hook = get_plugin_page_hook($item[2], 'admin.php');
-			if ( ('index.php' != $item[2]) && file_exists(WP_PLUGIN_DIR . "/{$item[2]}") || !empty($menu_hook) ) {
+			$menu_file = $item[2];
+			if ( false !== $pos = strpos($menu_file, '?') )
+				$menu_file = substr($menu_file, 0, $pos);
+			if ( ('index.php' != $item[2]) && file_exists(WP_PLUGIN_DIR . "/$menu_file") || !empty($menu_hook) ) {
 				$admin_is_parent = true;
 				echo "\n\t<div class='wp-menu-image'><a href='admin.php?page={$item[2]}'>$img</a></div>$toggle<a href='admin.php?page={$item[2]}'$class$tabindex>{$item[0]}</a>";
 			} else {
@@ -102,22 +108,31 @@ function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) {
 					$class[] = 'wp-first-item';
 					$first = false;
 				}
+
+				$menu_file = $item[2];
+				if ( false !== $pos = strpos($menu_file, '?') )
+					$menu_file = substr($menu_file, 0, $pos);
+
 				if ( isset($submenu_file) ) {
 					if ( $submenu_file == $sub_item[2] )
 						$class[] = 'current';
 				// If plugin_page is set the parent must either match the current page or not physically exist.
 				// This allows plugin pages with the same hook to exist under different parents.
-				} else if ( (isset($plugin_page) && $plugin_page == $sub_item[2] && (!file_exists($item[2]) || ($item[2] == $self))) || (!isset($plugin_page) && $self == $sub_item[2]) ) {
+				} else if ( (isset($plugin_page) && $plugin_page == $sub_item[2] && (!file_exists($menu_file) || ($item[2] == $self))) || (!isset($plugin_page) && $self == $sub_item[2]) ) {
 					$class[] = 'current';
 				}
 
 				$class = $class ? ' class="' . join( ' ', $class ) . '"' : '';
 
 				$menu_hook = get_plugin_page_hook($sub_item[2], $item[2]);
+				$sub_file = $sub_item[2];
+				if ( false !== $pos = strpos($sub_file, '?') )
+					$sub_file = substr($sub_file, 0, $pos);
 
-				if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/{$sub_item[2]}") ) || ! empty($menu_hook) ) {
+				if ( ( ('index.php' != $sub_item[2]) && file_exists(WP_PLUGIN_DIR . "/$sub_file") ) || ! empty($menu_hook) ) {
 					// If admin.php is the current page or if the parent exists as a file in the plugins or admin dir
-					$parent_exists = (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/{$item[2]}") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}") ) || file_exists($item[2]);
+					
+					$parent_exists = (!$admin_is_parent && file_exists(WP_PLUGIN_DIR . "/$menu_file") && !is_dir(WP_PLUGIN_DIR . "/{$item[2]}") ) || file_exists($menu_file);
 					if ( $parent_exists )
 						echo "<li$class><a href='{$item[2]}?page={$sub_item[2]}'$class$tabindex>{$sub_item[0]}</a></li>";
 					elseif ( 'admin.php' == $pagenow || !$parent_exists )

wp-admin/options-discussion.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Discussion Settings');
 $parent_file = 'options-general.php';
 

wp-admin/options-general.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('./admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('General Settings');
 $parent_file = 'options-general.php';
 /* translators: date and time format for exact current time, mainly about timezones, see http://php.net/date */
@@ -157,7 +160,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 <span class="description"><?php _e('Choose a city in the same timezone as you.'); ?></span>
 <br />
 <span>
-<?php if (get_option('timezone_string')) : ?>
+<?php if ($tzstring) : ?>
 	<?php
 	$now = localtime(time(),true);
 	if ($now['tm_isdst']) _e('This timezone is currently in daylight savings time.');
@@ -165,11 +168,11 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 	?>
 	<br />
 	<?php
-	if (function_exists('timezone_transitions_get') && $tzstring) {
+	if (function_exists('timezone_transitions_get')) {
 		$dateTimeZoneSelected = new DateTimeZone($tzstring);
 		foreach (timezone_transitions_get($dateTimeZoneSelected) as $tr) {
 			if ($tr['ts'] > time()) {
-			    	$found = true;
+			    $found = true;
 				break;
 			}
 		}
@@ -179,10 +182,7 @@ if (empty($tzstring)) { // set the Etc zone if no timezone string exists
 			$message = $tr['isdst'] ?
 				__('Daylight savings time begins on: <code>%s</code>.') :
 				__('Standard time begins  on: <code>%s</code>.');
-			$tz = new DateTimeZone($tzstring);
-			$d = new DateTime( "@{$tr['ts']}" );
-			$d->setTimezone($tz);
-			printf( $message, date_i18n(get_option('date_format').' '.get_option('time_format'), $d->format('U') ) );
+			printf( $message, date_i18n(get_option('date_format').' '.get_option('time_format'), $tr['ts'] ) );
 		} else {
 			_e('This timezone does not observe daylight savings time.');
 		}

wp-admin/options-media.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Media Settings');
 $parent_file = 'options-general.php';
 

wp-admin/options-misc.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Miscellaneous Settings');
 $parent_file = 'options-general.php';
 

wp-admin/options-permalink.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Permalink Settings');
 $parent_file = 'options-general.php';
 

wp-admin/options-privacy.php

@@ -9,6 +9,9 @@
 /** Load WordPress Administration Bootstrap */
 require_once('./admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Privacy Settings');
 $parent_file = 'options-general.php';
 

wp-admin/options-reading.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Reading Settings');
 $parent_file = 'options-general.php';
 

wp-admin/options-writing.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('manage_options') )
+	wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
+
 $title = __('Writing Settings');
 $parent_file = 'options-general.php';
 

wp-admin/plugin-editor.php

@@ -83,9 +83,6 @@ default:
 		exit;
 	}
 
-	if ( use_codepress() )
-		wp_enqueue_script( 'codepress' );
-
 	// List of allowable extensions
 	$editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include');
 	$editable_extensions = (array) apply_filters('editable_extensions', $editable_extensions);
@@ -111,12 +108,14 @@ default:
 	if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) {
 		$functions = wp_doc_link_parse( $content );
 
-		$docs_select = '<select name="docs-list" id="docs-list">';
-		$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
-		foreach ( $functions as $function) {
-			$docs_select .= '<option value="' . esc_attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
+		if ( !empty($functions) ) {
+			$docs_select = '<select name="docs-list" id="docs-list">';
+			$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
+			foreach ( $functions as $function) {
+				$docs_select .= '<option value="' . esc_attr( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
+			}
+			$docs_select .= '</select>';
 		}
-		$docs_select .= '</select>';
 	}
 
 	$content = htmlspecialchars( $content );
@@ -136,8 +135,25 @@ default:
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title ); ?></h2>
-<div class="bordertitle">
-	<form id="themeselector" action="plugin-editor.php" method="post">
+
+<div class="fileedit-sub">
+<div class="alignleft">
+<big><?php
+	if ( is_plugin_active($plugin) ) {
+		if ( is_writeable($real_file) )
+			echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);
+		else
+			echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);
+	} else {
+		if ( is_writeable($real_file) )
+			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);
+		else
+			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);
+	}
+	?></big>
+</div>
+<div class="alignright">
+	<form action="plugin-editor.php" method="post">
 		<strong><label for="plugin"><?php _e('Select plugin to edit:'); ?> </label></strong>
 		<select name="plugin" id="plugin">
 <?php
@@ -156,27 +172,11 @@ default:
 		<input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" />
 	</form>
 </div>
-<div class="tablenav">
-<div class="alignleft">
-<big><?php
-	if ( is_plugin_active($plugin) ) {
-		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (active)'), $file);
-		else
-			echo sprintf(__('Browsing <strong>%s</strong> (active)'), $file);
-	} else {
-		if ( is_writeable($real_file) )
-			echo sprintf(__('Editing <strong>%s</strong> (inactive)'), $file);
-		else
-			echo sprintf(__('Browsing <strong>%s</strong> (inactive)'), $file);
-	}
-	?></big>
-</div>
 <br class="clear" />
 </div>
-<br class="clear" />
-	<div id="templateside">
-	<h3 id="bordertitle"><?php _e('Plugin Files'); ?></h3>
+
+<div id="templateside">
+	<h3><?php _e('Plugin Files'); ?></h3>
 
 	<ul>
 <?php
@@ -195,15 +195,15 @@ foreach ( $plugin_files as $plugin_file ) :
 		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&amp;plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li>
 <?php endforeach; ?>
 	</ul>
-	</div>
-	<form name="template" id="template" action="plugin-editor.php" method="post">
+</div>
+<form name="template" id="template" action="plugin-editor.php" method="post">
 	<?php wp_nonce_field('edit-plugin_' . $file) ?>
 		<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
 		<input type="hidden" name="action" value="update" />
 		<input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" />
 		<input type="hidden" name="plugin" value="<?php echo esc_attr($plugin) ?>" />
 		</div>
-		<?php if ( isset( $functions ) ) : ?>
+		<?php if ( !empty( $docs_select ) ) : ?>
 		<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value="<?php esc_attr_e( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&amp;locale=<?php echo urlencode( get_locale() ) ?>&amp;version=<?php echo urlencode( $wp_version ) ?>&amp;redirect=true'); }" /></div>
 		<?php endif; ?>
 <?php if ( is_writeable($real_file) ) : ?>
@@ -221,10 +221,10 @@ foreach ( $plugin_files as $plugin_file ) :
 <?php else : ?>
 	<p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="http://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
 <?php endif; ?>
- </form>
-<div class="clear"> &nbsp; </div>
+</form>
+<br class="clear" />
 </div>
 <?php
 	break;
 }
-include("admin-footer.php") ?>
+include("admin-footer.php");

wp-admin/plugins.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( ! current_user_can('activate_plugins') )
+	wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
+
 if ( isset($_POST['clear-recent-list']) )
 	$action = 'clear-recent-list';
 elseif ( !empty($_REQUEST['action']) )
@@ -37,6 +40,9 @@ $_SERVER['REQUEST_URI'] = remove_query_arg(array('error', 'deleted', 'activate',
 if ( !empty($action) ) {
 	switch ( $action ) {
 		case 'activate':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+
 			check_admin_referer('activate-plugin_' . $plugin);
 
 			$result = activate_plugin($plugin, 'plugins.php?error=true&plugin=' . $plugin);
@@ -53,6 +59,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'activate-selected':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+			
 			check_admin_referer('bulk-manage-plugins');
 
 			$plugins = (array) $_POST['checked'];
@@ -75,6 +84,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'error_scrape':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
+
 			check_admin_referer('plugin-activation-error_' . $plugin);
 
 			$valid = validate_plugin($plugin);
@@ -88,6 +100,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'deactivate':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
+
 			check_admin_referer('deactivate-plugin_' . $plugin);
 			deactivate_plugins($plugin);
 			update_option('recently_activated', array($plugin => time()) + (array)get_option('recently_activated'));
@@ -95,6 +110,9 @@ if ( !empty($action) ) {
 			exit;
 			break;
 		case 'deactivate-selected':
+			if ( ! current_user_can('activate_plugins') )
+				wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
+
 			check_admin_referer('bulk-manage-plugins');
 
 			$plugins = (array) $_POST['checked'];

wp-admin/rtl.css

@@ -138,6 +138,12 @@ td.available-theme {
 .folded #adminmenu img.wp-menu-image {
 	padding: 7px 6px 0 0;
 }
+#adminmenu a.separator {
+	cursor: e-resize;
+}
+.folded #adminmenu a.separator {
+ 	cursor: w-resize;
+}
 #adminmenu .wp-submenu .wp-submenu-head {
 	padding: 6px 10px 6px 4px;
 }

wp-admin/theme-editor.php

@@ -22,8 +22,7 @@ if (empty($theme)) {
 	$theme = get_current_theme();
 } else {
 	$theme = stripslashes($theme);
- }
-
+}
 
 if ( ! isset($themes[$theme]) )
 	wp_die(__('The requested theme does not exist.'));
@@ -65,8 +64,8 @@ case 'update':
 	}
 
 	$location = wp_kses_no_null($location);
-	$strip = array('%0d', '%0a');
-	$location = str_replace($strip, '', $location);
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$location = _deep_replace($strip, $location);
 	header("Location: $location");
 	exit();
 
@@ -77,9 +76,6 @@ default:
 	if ( !current_user_can('edit_themes') )
 		wp_die('<p>'.__('You do not have sufficient permissions to edit themes for this blog.').'</p>');
 
-	if ( use_codepress() )
-		wp_enqueue_script( 'codepress' );
-
 	require_once('admin-header.php');
 
 	update_recently_edited($file);
@@ -117,8 +113,13 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
 <div class="wrap">
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title ); ?></h2>
-<div class="bordertitle">
-	<form id="themeselector" action="theme-editor.php" method="post">
+
+<div class="fileedit-sub">
+<div class="alignleft">
+<big><?php echo sprintf($desc_header, $file_show); ?></big>
+</div>
+<div class="alignright">
+	<form action="theme-editor.php" method="post">
 		<strong><label for="theme"><?php _e('Select theme to edit:'); ?> </label></strong>
 		<select name="theme" id="theme">
 <?php
@@ -134,15 +135,11 @@ $desc_header = ( $description != $file_show ) ? "<strong>$description</strong> (
 		<input type="submit" name="Submit" value="<?php esc_attr_e('Select') ?>" class="button" />
 	</form>
 </div>
-<div class="tablenav">
-<div class="alignleft">
-<big><?php echo sprintf($desc_header, $file_show); ?></big>
-</div>
 <br class="clear" />
 </div>
-<br class="clear" />
-	<div id="templateside">
-	<h3 id="bordertitle"><?php _e("Theme Files"); ?></h3>
+
+<div id="templateside">
+	<h3><?php _e("Theme Files"); ?></h3>
 
 <?php
 if ($allowed_files) :
@@ -193,10 +190,9 @@ if ($allowed_files) :
 	</ul>
 <?php endif; ?>
 </div>
-	<?php
-	if (!$error) {
-	?>
-	<form name="template" id="template" action="theme-editor.php" method="post">
+
+<?php if (!$error) { ?>
+<form name="template" id="template" action="theme-editor.php" method="post">
 	<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
 		 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>
 		 <input type="hidden" name="action" value="update" />
@@ -222,16 +218,16 @@ if ($allowed_files) :
 <p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="http://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
 <?php endif; ?>
 		</div>
-	</form>
-	<?php
+</form>
+<?php
 	} else {
 		echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
 	}
-	?>
-<div class="clear"> &nbsp; </div>
+?>
+<br class="clear" />
 </div>
 <?php
 break;
 }
 
-include("admin-footer.php") ?>
+include("admin-footer.php");

wp-admin/themes.php

@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('switch_themes') )
+	wp_die( __( 'Cheatin’ uh?' ) );
+
 if ( isset($_GET['action']) ) {
 	if ( 'activate' == $_GET['action'] ) {
 		check_admin_referer('switch-theme_' . $_GET['template']);

wp-admin/update-core.php

@@ -14,7 +14,7 @@ if ( ! current_user_can('update_plugins') )
 
 function list_core_update( $update ) {
 	global $wp_local_package;
-	$version_string = 'en_US' == $update->locale ?
+	$version_string = ('en_US' == $update->locale && 'en_US' == get_locale() ) ?
 			$update->current : sprintf("%s&ndash;<strong>%s</strong>", $update->current, $update->locale);
 	$current = false;
 	if ( !isset($update->response) || 'latest' == $update->response )
@@ -53,6 +53,9 @@ function list_core_update( $update ) {
 	echo '</p>';
 	if ( 'en_US' != $update->locale && ( !isset($wp_local_package) || $wp_local_package != $update->locale ) )
 	    echo '<p class="hint">'.__('This localized version contains both the translation and various other localization fixes. You can skip upgrading if you want to keep your current translation.').'</p>';
+	else if ( 'en_US' == $update->locale && get_locale() != 'en_US' ) {
+	    echo '<p class="hint">'.sprintf( __('You are about to install WordPress %s <strong>in English.</strong> There is a chance this upgrade will break your translation. You may prefer to wait for the localized version to be released.'), $update->current ).'</p>';
+	}
 	echo '</form>';
 
 }

wp-admin/upgrade.php

@@ -68,13 +68,11 @@ switch ( $step ) :
 		break;
 	case 1:
 		wp_upgrade();
-
-		if ( empty( $_GET['backto'] ) )
-			$backto = __get_option( 'home' ) . '/';
-		else {
-			$backto = stripslashes( urldecode( $_GET['backto'] ) );
+			
+			$backto = empty($_GET['backto']) ? '' : $_GET['backto'] ;
+			$backto = stripslashes( urldecode( $backto ) );
 			$backto = esc_url_raw( $backto  );
-		}
+			$backto = wp_validate_redirect($backto, __get_option( 'home' ) . '/');
 ?>
 <h2><?php _e( 'Upgrade Complete' ); ?></h2>
 	<p><?php _e( 'Your WordPress database has been successfully upgraded!' ); ?></p>

wp-admin/wp-admin.css

@@ -437,6 +437,10 @@ a.button-secondary {
 	padding: 2px;
 }
 
+#timezone_string option {
+	margin-left: 1em;
+}
+
 .approve {
 	display: none;
 }
@@ -2092,12 +2096,6 @@ p.search-box {
 	padding: 0 0 .2em 1px;
 }
 
-.bordertitle {
-	padding-bottom: 5px;
-	border-bottom-width: 1px;
-	border-bottom-style: solid;
-}
-
 /* Edit posts */
 
 td.post-title strong, td.plugin-title strong {
@@ -3186,6 +3184,10 @@ table.fixed {
 	overflow: hidden;
 }
 
+.widefat td p {
+	margin: 2px 0 0.8em;
+}
+
 table .vers,
 table .column-visible,
 table .column-rating {

wp-content/plugins/hello.php

@@ -2,14 +2,14 @@
 /**
  * @package Hello_Dolly
  * @author Matt Mullenweg
- * @version 1.5
+ * @version 1.5.1
  */
 /*
 Plugin Name: Hello Dolly
 Plugin URI: http://wordpress.org/#
 Description: This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of your admin screen on every page.
 Author: Matt Mullenweg
-Version: 1.5
+Version: 1.5.1
 Author URI: http://ma.tt/
 */
 
@@ -62,6 +62,9 @@ add_action('admin_footer', 'hello_dolly');
 
 // We need some CSS to position the paragraph
 function dolly_css() {
+	// This makes sure that the posinioning is also good for right-to-left languages
+	$x = ( 'rtl' == get_bloginfo( 'text_direction' ) ) ? 'left' : 'right';
+
 	echo "
 	<style type='text/css'>
 	#dolly {
@@ -69,7 +72,7 @@ function dolly_css() {
 		top: 4.5em;
 		margin: 0;
 		padding: 0;
-		right: 215px;
+		$x: 215px;
 		font-size: 11px;
 	}
 	</style>

wp-includes/class-simplepie.php

@@ -751,21 +751,24 @@ class SimplePie
 	 */
 	function __destruct()
 	{
-		if (!empty($this->data['items']))
+		if ((version_compare(PHP_VERSION, '5.3', '<') || !gc_enabled()) && !ini_get('zend.ze1_compatibility_mode'))
 		{
-			foreach ($this->data['items'] as $item)
+			if (!empty($this->data['items']))
 			{
-				$item->__destruct();
+				foreach ($this->data['items'] as $item)
+				{
+					$item->__destruct();
+				}
+				unset($item, $this->data['items']);
 			}
-			unset($this->data['items']);
-		}
-		if (!empty($this->data['ordered_items']))
-		{
-			foreach ($this->data['ordered_items'] as $item)
+			if (!empty($this->data['ordered_items']))
 			{
-				$item->__destruct();
+				foreach ($this->data['ordered_items'] as $item)
+				{
+					$item->__destruct();
+				}
+				unset($item, $this->data['ordered_items']);
 			}
-			unset($this->data['ordered_items']);
 		}
 	}
 
@@ -1683,7 +1686,7 @@ function embed_wmedia(width, height, link) {
 
 				$headers = $file->headers;
 				$data = $file->body;
-				$sniffer = new $this->content_type_sniffer_class($file);
+				$sniffer =& new $this->content_type_sniffer_class($file);
 				$sniffed = $sniffer->get_type();
 			}
 			else
@@ -1961,7 +1964,7 @@ function embed_wmedia(width, height, link) {
 
 					if ($file->success && ($file->status_code == 200 || ($file->status_code > 206 && $file->status_code < 300)) && strlen($file->body) > 0)
 					{
-						$sniffer = new $this->content_type_sniffer_class($file);
+						$sniffer =& new $this->content_type_sniffer_class($file);
 						if (substr($sniffer->get_type(), 0, 6) === 'image/')
 						{
 							if ($cache->save(array('headers' => $file->headers, 'body' => $file->body)))
@@ -3082,7 +3085,10 @@ class SimplePie_Item
 	 */
 	function __destruct()
 	{
-		unset($this->feed);
+		if ((version_compare(PHP_VERSION, '5.3', '<') || !gc_enabled()) && !ini_get('zend.ze1_compatibility_mode'))
+		{
+			unset($this->feed);
+		}
 	}
 
 	function get_item_tags($namespace, $tag)
@@ -5682,14 +5688,6 @@ class SimplePie_Source
 		return md5(serialize($this->data));
 	}
 
-	/**
-	 * Remove items that link back to this before destroying this object
-	 */
-	function __destruct()
-	{
-		unset($this->item);
-	}
-
 	function get_source_tags($namespace, $tag)
 	{
 		if (isset($this->data['child'][$namespace][$tag]))
@@ -7746,7 +7744,7 @@ class SimplePie_File
 								{
 									case 'gzip':
 									case 'x-gzip':
-										$decoder = new SimplePie_gzdecode($this->body);
+										$decoder =& new SimplePie_gzdecode($this->body);
 										if (!$decoder->parse())
 										{
 											$this->error = 'Unable to decode HTTP "gzip" stream';
@@ -8954,23 +8952,12 @@ class SimplePie_Misc
 
 	function parse_url($url)
 	{
-		static $cache = array();
-		if (isset($cache[$url]))
+		preg_match('/^(([^:\/?#]+):)?(\/\/([^\/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?$/', $url, $match);
+		for ($i = count($match); $i <= 9; $i++)
 		{
-			return $cache[$url];
-		}
-		elseif (preg_match('/^(([^:\/?#]+):)?(\/\/([^\/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?$/', $url, $match))
-		{
-			for ($i = count($match); $i <= 9; $i++)
-			{
-				$match[$i] = '';
-			}
-			return $cache[$url] = array('scheme' => $match[2], 'authority' => $match[4], 'path' => $match[5], 'query' => $match[7], 'fragment' => $match[9]);
-		}
-		else
-		{
-			return $cache[$url] = array('scheme' => '', 'authority' => '', 'path' => '', 'query' => '', 'fragment' => '');
+			$match[$i] = '';
 		}
+		return array('scheme' => $match[2], 'authority' => $match[4], 'path' => $match[5], 'query' => $match[7], 'fragment' => $match[9]);
 	}
 
 	function compress_parse_url($scheme = '', $authority = '', $path = '', $query = '', $fragment = '')
@@ -10555,7 +10542,7 @@ class SimplePie_Misc
 	 */
 	function entities_decode($data)
 	{
-		$decoder = new SimplePie_Decode_HTML_Entities($data);
+		$decoder =& new SimplePie_Decode_HTML_Entities($data);
 		return $decoder->parse();
 	}
 
@@ -10809,36 +10796,31 @@ class SimplePie_Misc
 	 */
 	function codepoint_to_utf8($codepoint)
 	{
-		static $cache = array();
 		$codepoint = (int) $codepoint;
-		if (isset($cache[$codepoint]))
+		if ($codepoint < 0)
 		{
-			return $cache[$codepoint];
-		}
-		elseif ($codepoint < 0)
-		{
-			return $cache[$codepoint] = false;
+			return false;
 		}
 		else if ($codepoint <= 0x7f)
 		{
-			return $cache[$codepoint] = chr($codepoint);
+			return chr($codepoint);
 		}
 		else if ($codepoint <= 0x7ff)
 		{
-			return $cache[$codepoint] = chr(0xc0 | ($codepoint >> 6)) . chr(0x80 | ($codepoint & 0x3f));
+			return chr(0xc0 | ($codepoint >> 6)) . chr(0x80 | ($codepoint & 0x3f));
 		}
 		else if ($codepoint <= 0xffff)
 		{
-			return $cache[$codepoint] = chr(0xe0 | ($codepoint >> 12)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
+			return chr(0xe0 | ($codepoint >> 12)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
 		}
 		else if ($codepoint <= 0x10ffff)
 		{
-			return $cache[$codepoint] = chr(0xf0 | ($codepoint >> 18)) . chr(0x80 | (($codepoint >> 12) & 0x3f)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
+			return chr(0xf0 | ($codepoint >> 18)) . chr(0x80 | (($codepoint >> 12) & 0x3f)) . chr(0x80 | (($codepoint >> 6) & 0x3f)) . chr(0x80 | ($codepoint & 0x3f));
 		}
 		else
 		{
 			// U+FFFD REPLACEMENT CHARACTER
-			return $cache[$codepoint] = "\xEF\xBF\xBD";
+			return "\xEF\xBF\xBD";
 		}
 	}
 
@@ -10956,7 +10938,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x00\x00\x00\x3F\x00\x00\x00\x3E"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32BE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32BE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -10969,7 +10951,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x3F\x00\x00\x00\x3E\x00\x00\x00"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32LE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 20), 'UTF-32LE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -10982,7 +10964,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x00\x3F\x00\x3E"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16BE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16BE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -10995,7 +10977,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x3F\x00\x3E\x00"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16LE', 'UTF-8'));
+				$parser =& new SimplePie_XML_Declaration_Parser(SimplePie_Misc::change_encoding(substr($data, 20, $pos - 10), 'UTF-16LE', 'UTF-8'));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -11008,7 +10990,7 @@ class SimplePie_Misc
 		{
 			if ($pos = strpos($data, "\x3F\x3E"))
 			{
-				$parser = new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
+				$parser =& new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
 				if ($parser->parse())
 				{
 					$encoding[] = $parser->encoding;
@@ -11734,20 +11716,7 @@ class SimplePie_Parse_Date
 		static $cache;
 		if (!isset($cache[get_class($this)]))
 		{
-			if (extension_loaded('Reflection'))
-			{
-				$class = new ReflectionClass(get_class($this));
-				$methods = $class->getMethods();
-				$all_methods = array();
-				foreach ($methods as $method)
-				{
-					$all_methods[] = $method->getName();
-				}
-			}
-			else
-			{
-				$all_methods = get_class_methods($this);
-			}
+			$all_methods = get_class_methods($this);
 
 			foreach ($all_methods as $method)
 			{
@@ -11774,7 +11743,7 @@ class SimplePie_Parse_Date
 		static $object;
 		if (!$object)
 		{
-			$object = new SimplePie_Parse_Date;
+			$object =& new SimplePie_Parse_Date;
 		}
 		return $object;
 	}
@@ -12809,7 +12778,7 @@ class SimplePie_Locator
 
 		if ($this->file->method & SIMPLEPIE_FILE_SOURCE_REMOTE)
 		{
-			$sniffer = new $this->content_type_sniffer_class($this->file);
+			$sniffer =& new $this->content_type_sniffer_class($this->file);
 			if ($sniffer->get_type() !== 'text/html')
 			{
 				return null;
@@ -12855,7 +12824,7 @@ class SimplePie_Locator
 	{
 		if ($file->method & SIMPLEPIE_FILE_SOURCE_REMOTE)
 		{
-			$sniffer = new $this->content_type_sniffer_class($file);
+			$sniffer =& new $this->content_type_sniffer_class($file);
 			$sniffed = $sniffer->get_type();
 			if (in_array($sniffed, array('application/rss+xml', 'application/rdf+xml', 'text/rdf', 'application/atom+xml', 'text/xml', 'application/xml')))
 			{
@@ -13083,7 +13052,7 @@ class SimplePie_Parser
 
 		if (substr($data, 0, 5) === '<?xml' && strspn(substr($data, 5, 1), "\x09\x0A\x0D\x20") && ($pos = strpos($data, '?>')) !== false)
 		{
-			$declaration = new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
+			$declaration =& new SimplePie_XML_Declaration_Parser(substr($data, 5, $pos - 5));
 			if ($declaration->parse())
 			{
 				$data = substr($data, $pos + 2);
@@ -13669,4 +13638,4 @@ class SimplePie_Sanitize
 	}
 }
 
-?>
+?>

wp-includes/comment-template.php

@@ -194,6 +194,7 @@ function comment_author_IP() {
 function get_comment_author_url() {
 	global $comment;
 	$url = ('http://' == $comment->comment_author_url) ? '' : $comment->comment_author_url;
+	$url = esc_url( $url, array('http', 'https') );
 	return apply_filters('get_comment_author_url', $url);
 }
 
@@ -817,8 +818,28 @@ function comments_template( $file = '/comments.php', $separate_comments = false
 		$file = '/comments.php';
 
 	$req = get_option('require_name_email');
+
+	/**
+	 * Comment author information fetched from the comment cookies.
+	 *
+	 * @uses wp_get_current_commenter()
+	 */
 	$commenter = wp_get_current_commenter();
-	extract($commenter, EXTR_SKIP);
+
+	/**
+	 * The name of the current comment author escaped for use in attributes.
+	 */
+	$comment_author = $commenter['comment_author']; // Escaped by sanitize_comment_cookies()
+
+	/**
+	 * The email address of the current comment author escaped for use in attributes.
+	 */	
+	$comment_author_email = $commenter['comment_author_email'];  // Escaped by sanitize_comment_cookies()
+
+	/**
+	 * The url of the current comment author escaped for use in attributes.
+	 */	
+	$comment_author_url = esc_url($commenter['comment_author_url']);
 
 	/** @todo Use API instead of SELECTs. */
 	if ( $user_ID) {

wp-includes/comment.php

@@ -1324,6 +1324,9 @@ function do_all_pings() {
 	if ( is_array($trackbacks) )
 		foreach ( $trackbacks as $trackback )
 			do_trackbacks($trackback);
+
+	//Do Update Services/Generic Pings
+	generic_ping();
 }
 
 /**

wp-includes/default-filters.php

@@ -186,7 +186,6 @@ add_action('do_feed_rss', 'do_feed_rss', 10, 1);
 add_action('do_feed_rss2', 'do_feed_rss2', 10, 1);
 add_action('do_feed_atom', 'do_feed_atom', 10, 1);
 add_action('do_pings', 'do_all_pings', 10, 1);
-add_action('do_generic_ping', 'generic_ping', 10, 1);
 add_action('do_robots', 'do_robots');
 add_action('sanitize_comment_cookies', 'sanitize_comment_cookies');
 add_action('admin_print_scripts', 'print_head_scripts', 20);

wp-includes/default-widgets.php

@@ -526,8 +526,10 @@ class WP_Widget_Recent_Posts extends WP_Widget {
 		if ( !is_array($cache) )
 			$cache = array();
 
-		if ( isset($cache[$args['widget_id']]) )
-			return $cache[$args['widget_id']];
+		if ( isset($cache[$args['widget_id']]) ) {
+			echo $cache[$args['widget_id']];
+			return;
+		}
 
 		ob_start();
 		extract($args);
@@ -710,7 +712,7 @@ class WP_Widget_RSS extends WP_Widget {
 		if ( ! is_wp_error($rss) ) {
 			$desc = esc_attr(strip_tags(@html_entity_decode($rss->get_description(), ENT_QUOTES, get_option('blog_charset'))));
 			if ( empty($title) )
-				$title = htmlentities(strip_tags($rss->get_title()));
+				$title = esc_html(strip_tags($rss->get_title()));
 			$link = esc_url(strip_tags($rss->get_permalink()));
 			while ( stristr($link, 'http') != $link )
 				$link = substr($link, 1);

wp-includes/formatting.php

@@ -80,8 +80,8 @@ function wptexturize($text) {
 }
 
 function wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') {
-	$o = preg_quote($opening);
-	$c = preg_quote($closing);
+	$o = preg_quote($opening, '/');
+	$c = preg_quote($closing, '/');
 	foreach($disabled_elements as $element) {
 		if (preg_match('/^'.$o.$element.'\b/', $text)) array_push($stack, $element);
 		if (preg_match('/^'.$o.'\/'.$element.$c.'/', $text)) {
@@ -2042,8 +2042,8 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
 
 	if ('' == $url) return $url;
 	$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
-	$strip = array('%0d', '%0a');
-	$url = str_replace($strip, '', $url);
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$url = _deep_replace($strip, $url);
 	$url = str_replace(';//', '://', $url);
 	/* If the URL doesn't appear to contain a scheme, we
 	 * presume it needs http:// appended (unless a relative
@@ -2067,6 +2067,35 @@ function clean_url( $url, $protocols = null, $context = 'display' ) {
 	return apply_filters('clean_url', $url, $original_url, $context);
 }
 
+/**
+ * Perform a deep string replace operation to ensure the values in $search are no longer present
+ * 
+ * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
+ * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
+ * str_replace would return
+ * 
+ * @since 2.8.1
+ * @access private
+ * 
+ * @param string|array $search
+ * @param string $subject
+ * @return string The processed string
+ */
+function _deep_replace($search, $subject){
+	$found = true;
+	while($found) {
+		$found = false;
+		foreach( (array) $search as $val ) {
+			while(strpos($subject, $val) !== false) {
+				$found = true;
+				$subject = str_replace($val, '', $subject);
+			}
+		}
+	}
+	
+	return $subject;
+}
+
 /**
  * Escapes data for use in a MySQL query
  *

wp-includes/functions.php

@@ -2682,7 +2682,7 @@ function smilies_init() {
 		} else {
 			$wp_smiliessearch .= '|';
 		}
-		$wp_smiliessearch .= preg_quote($rest);
+		$wp_smiliessearch .= preg_quote($rest, '/');
 	}
 
 	$wp_smiliessearch .= ')(?:\s|$)/m';
@@ -3149,128 +3149,183 @@ function update_site_option( $key, $value ) {
  * Overrides the gmt_offset option if we have a timezone_string available
  */
 function wp_timezone_override_offset() {
-	if (!wp_timezone_supported()) return false;
+	if ( !wp_timezone_supported() ) {
+		return false;
+	}
+	if ( !$timezone_string = get_option( 'timezone_string' ) ) {
+		return false;
+	}
 
-	$tz = get_option('timezone_string');
-	if (empty($tz)) return false;
-
-	@date_default_timezone_set($tz);
-
-	$dateTimeZoneSelected = timezone_open($tz);
-	$dateTimeServer = date_create();
-	if ($dateTimeZoneSelected === false || $dateTimeServer === false) return false;
-
-	$timeOffset = timezone_offset_get($dateTimeZoneSelected, $dateTimeServer);
-	$timeOffset = $timeOffset / 3600;
-
-	return $timeOffset;
+	@date_default_timezone_set( $timezone_string );
+	$timezone_object = timezone_open( $timezone_string );
+	$datetime_object = date_create();
+	if ( false === $timezone_object || false === $datetime_object ) {
+		return false;
+	}
+	return round( timezone_offset_get( $timezone_object, $datetime_object ) / 3600, 2 );
 }
 
 /**
  * Check for PHP timezone support
- *
  */
 function wp_timezone_supported() {
-	if (function_exists('date_default_timezone_set')
-		&& function_exists('timezone_identifiers_list')
-		&& function_exists('timezone_open')
-		&& function_exists('timezone_offset_get')
-		)
-		return apply_filters('timezone_support',true);
+	$support = false;
+	if (
+		function_exists( 'date_default_timezone_set' ) &&
+		function_exists( 'timezone_identifiers_list' ) &&
+		function_exists( 'timezone_open' ) &&
+		function_exists( 'timezone_offset_get' )
+	) {
+		$support = true;
+	}
+	return apply_filters( 'timezone_support', $support );
+}
 
-	return apply_filters('timezone_support',false);
+function _wp_timezone_choice_usort_callback( $a, $b ) {
+	// Don't use translated versions of Etc
+	if ( 'Etc' === $a['continent'] && 'Etc' === $b['continent'] ) {
+		// Make the order of these more like the old dropdown
+		if ( 'GMT+' === substr( $a['city'], 0, 4 ) && 'GMT+' === substr( $b['city'], 0, 4 ) ) {
+			return -1 * ( strnatcasecmp( $a['city'], $b['city'] ) );
+		}
+		if ( 'UTC' === $a['city'] ) {
+			if ( 'GMT+' === substr( $b['city'], 0, 4 ) ) {
+				return 1;
+			}
+			return -1;
+		}
+		if ( 'UTC' === $b['city'] ) {
+			if ( 'GMT+' === substr( $a['city'], 0, 4 ) ) {
+				return -1;
+			}
+			return 1;
+		}
+		return strnatcasecmp( $a['city'], $b['city'] );
+	}
+	if ( $a['t_continent'] == $b['t_continent'] ) {
+		if ( $a['t_city'] == $b['t_city'] ) {
+			return strnatcasecmp( $a['t_subcity'], $b['t_subcity'] );
+		}
+		return strnatcasecmp( $a['t_city'], $b['t_city'] );
+	} else {
+		// Force Etc to the bottom of the list
+		if ( 'Etc' === $a['continent'] ) {
+			return 1;
+		}
+		if ( 'Etc' === $b['continent'] ) {
+			return -1;
+		}
+		return strnatcasecmp( $a['t_continent'], $b['t_continent'] );
+	}
 }
 
 /**
  * Gives a nicely formatted list of timezone strings // temporary! Not in final
  *
- * @param string $selectedzone - which zone should be the selected one
+ * @param $selected_zone string Selected Zone
  *
  */
-function wp_timezone_choice($selectedzone) {
+function wp_timezone_choice( $selected_zone ) {
 	static $mo_loaded = false;
 
-	$continents = array('Africa', 'America', 'Antarctica', 'Arctic', 'Asia', 'Atlantic', 'Australia', 'Europe', 'Indian', 'Pacific', 'Etc');
+	$continents = array( 'Africa', 'America', 'Antarctica', 'Arctic', 'Asia', 'Atlantic', 'Australia', 'Europe', 'Indian', 'Pacific', 'Etc' );
 
 	// Load translations for continents and cities
-	if ( ! $mo_loaded ) {
+	if ( !$mo_loaded ) {
 		$locale = get_locale();
-		$mofile = WP_LANG_DIR . "/continents-cities-$locale.mo";
-		load_textdomain('continents-cities', $mofile);
+		$mofile = WP_LANG_DIR . '/continents-cities-' . $locale . '.mo';
+		load_textdomain( 'continents-cities', $mofile );
 		$mo_loaded = true;
 	}
 
-	$all = timezone_identifiers_list();
-
-	$i = 0;
-	foreach ( $all as $zone ) {
-		$zone = explode('/',$zone);
-		if ( ! in_array($zone[0], $continents) )
+	$zonen = array();
+	foreach ( timezone_identifiers_list() as $zone ) {
+		$zone = explode( '/', $zone );
+		if ( !in_array( $zone[0], $continents ) ) {
 			continue;
-		if ( $zone[0] == 'Etc' && in_array($zone[1], array('UCT', 'GMT', 'GMT0', 'GMT+0', 'GMT-0', 'Greenwich', 'Universal', 'Zulu')) )
+		}
+		if ( 'Etc' === $zone[0] && in_array( $zone[1], array( 'UCT', 'GMT', 'GMT0', 'GMT+0', 'GMT-0', 'Greenwich', 'Universal', 'Zulu' ) ) ) {
 			continue;
-		$zonen[$i]['continent'] = isset($zone[0]) ? $zone[0] : '';
-		$zonen[$i]['city'] = isset($zone[1]) ? $zone[1] : '';
-		$zonen[$i]['subcity'] = isset($zone[2]) ? $zone[2] : '';
-		$i++;
-	}
-
-	usort($zonen, create_function(
-		'$a, $b', '
-		$t = create_function(\'$s\', \'return translate(str_replace("_", " ", $s), "continents-cities");\');
-		$a_continent = $t($a["continent"]);
-		$b_continent = $t($b["continent"]);
-		$a_city = $t($a["city"]);
-		$b_city = $t($b["city"]);
-		$a_subcity = $t($a["subcity"]);
-		$b_subcity = $t($b["subcity"]);
-		if ( $a_continent == $b_continent && $a_city == $b_city )
-			return strnatcasecmp($a_subcity, $b_subcity);
-		elseif ( $a_continent == $b_continent )
-			return strnatcasecmp($a_city, $b_city);
-		else
-			return strnatcasecmp($a_continent, $b_continent);
-		'));
-
-	$structure = '';
-	$pad = '   ';
-
-	if ( empty($selectedzone) )
-		$structure .= '<option selected="selected" value="">' . __('Select a city') . "</option>\n";
-	foreach ( $zonen as $zone ) {
-		extract($zone);
-		if ( empty($selectcontinent) && !empty($city) ) {
-			$selectcontinent = $continent;
-			$structure .= '<optgroup label="'. esc_attr( translate( $continent, "continents-cities" ) ) .'">' . "\n"; // continent
-		} elseif ( !empty($selectcontinent) && $selectcontinent != $continent ) {
-			$structure .= "</optgroup>\n";
-			$selectcontinent = '';
-			if ( !empty($city) ) {
-				$selectcontinent = $continent;
-				$structure .= '<optgroup label="'. esc_attr( translate( $continent, "continents-cities" ) ) .'">' . "\n"; // continent
-			}
 		}
 
-		if ( !empty($city) ) {
-			$display = str_replace('_',' ',$city);
-			$display = translate($display, "continents-cities");
-			if ( !empty($subcity) ) {
-				$display_subcity = str_replace('_', ' ', $subcity);
-				$display_subcity = translate($display_subcity, "continents-cities");
-				$city = $city . '/'. $subcity;
-				$display = $display . '/' . $display_subcity;
-			}
-			if ( $continent == 'Etc' )
-				$display = strtr($display, '+-', '-+');
-			$structure .= "\t<option ".((($continent.'/'.$city)==$selectedzone)?'selected="selected"':'')." value=\"".($continent.'/'.$city)."\">$pad".$display."</option>\n"; //Timezone
+		// This determines what gets set and translated - we don't translate Etc/* strings here, they are done later
+		$exists = array(
+			0 => ( isset( $zone[0] ) && $zone[0] ) ? true : false,
+			1 => ( isset( $zone[1] ) && $zone[1] ) ? true : false,
+			2 => ( isset( $zone[2] ) && $zone[2] ) ? true : false
+		);
+		$exists[3] = ( $exists[0] && 'Etc' !== $zone[0] ) ? true : false;
+		$exists[4] = ( $exists[1] && $exists[3] ) ? true : false;
+		$exists[5] = ( $exists[2] && $exists[3] ) ? true : false;
+
+		$zonen[] = array(
+			'continent'   => ( $exists[0] ? $zone[0] : '' ),
+			'city'        => ( $exists[1] ? $zone[1] : '' ),
+			'subcity'     => ( $exists[2] ? $zone[2] : '' ),
+			't_continent' => ( $exists[3] ? translate( str_replace( '_', ' ', $zone[0] ), 'continents-cities' ) : '' ),
+			't_city'      => ( $exists[4] ? translate( str_replace( '_', ' ', $zone[1] ), 'continents-cities' ) : '' ),
+			't_subcity'   => ( $exists[5] ? translate( str_replace( '_', ' ', $zone[2] ), 'continents-cities' ) : '' )
+		);
+	}
+	usort( $zonen, '_wp_timezone_choice_usort_callback' );
+
+	$structure = array();
+
+	if ( empty( $selected_zone ) ) {
+		$structure[] = '<option selected="selected" value="">' . __( 'Select a city' ) . '</option>';
+	}
+
+	foreach ( $zonen as $key => $zone ) {
+		// Build value in an array to join later
+		$value = array( $zone['continent'] );
+
+		if ( empty( $zone['city'] ) ) {
+			// It's at the continent level (generally won't happen)
+			$display = $zone['t_continent'];
 		} else {
-			$structure .= "<option ".(($continent==$selectedzone)?'selected="selected"':'')." value=\"".$continent."\">" . translate($continent, "continents-cities") . "</option>\n"; //Timezone
+			// It's inside a continent group
+			
+			// Continent optgroup
+			if ( !isset( $zonen[$key - 1] ) || $zonen[$key - 1]['continent'] !== $zone['continent'] ) {
+				$label = ( 'Etc' === $zone['continent'] ) ? __( 'Manual offsets' ) : $zone['t_continent'];
+				$structure[] = '<optgroup label="'. esc_attr( $label ) .'">';
+			}
+			
+			// Add the city to the value
+			$value[] = $zone['city'];
+			if ( 'Etc' === $zone['continent'] ) {
+				if ( 'UTC' === $zone['city'] ) {
+					$display = '';
+				} else {
+					$display = str_replace( 'GMT', '', $zone['city'] );
+					$display = strtr( $display, '+-', '-+' ) . ':00';
+				}
+				$display = sprintf( __( 'UTC %s' ), $display );
+			} else {
+				$display = $zone['t_city'];
+				if ( !empty( $zone['subcity'] ) ) {
+					// Add the subcity to the value
+					$value[] = $zone['subcity'];
+					$display .= ' - ' . $zone['t_subcity'];
+				}
+			}
+		}
+
+		// Build the value
+		$value = join( '/', $value );
+		$selected = '';
+		if ( $value === $selected_zone ) {
+			$selected = 'selected="selected" ';
+		}
+		$structure[] = '<option ' . $selected . 'value="' . esc_attr( $value ) . '">' . esc_html( $display ) . "</option>";
+		
+		// Close continent optgroup
+		if ( !empty( $zone['city'] ) && ( !isset($zonen[$key + 1]) || (isset( $zonen[$key + 1] ) && $zonen[$key + 1]['continent'] !== $zone['continent']) ) ) {
+			$structure[] = '</optgroup>';
 		}
 	}
 
-	if ( !empty($selectcontinent) )
-		$structure .= "</optgroup>\n";
-	return $structure;
+	return join( "\n", $structure );
 }
 
 

wp-includes/functions.wp-styles.php

@@ -92,7 +92,7 @@ function wp_enqueue_style( $handle, $src = false, $deps = array(), $ver = false,
  */
 function wp_style_is( $handle, $list = 'queue' ) {
 	global $wp_styles;
-	if ( !is_a($wp_styles, 'WP_Scripts') )
+	if ( !is_a($wp_styles, 'WP_Styles') )
 		$wp_styles = new WP_Styles();
 
 	$query = $wp_styles->query( $handle, $list );

wp-includes/http.php

@@ -73,11 +73,11 @@ class WP_Http {
 	 * Tests all of the objects and returns the object that passes. Also caches
 	 * that object to be used later.
 	 *
-	 * The order for the GET/HEAD requests are HTTP Extension, FSockopen Streams, 
-	 * Fopen, and finally cURL. Whilst Fsockopen has the highest overhead, Its
-	 * used 2nd due to high compatibility with most hosts, The HTTP Extension is
-	 * tested first due to hosts which have it enabled, are likely to work
-	 * correctly with it.
+	 * The order for the GET/HEAD requests are Streams, HTTP Extension, Fopen,
+	 * and finally Fsockopen. fsockopen() is used last, because it has the most
+	 * overhead in its implementation. There isn't any real way around it, since
+	 * redirects have to be supported, much the same way the other transports
+	 * also handle redirects.
 	 *
 	 * There are currently issues with "localhost" not resolving correctly with
 	 * DNS. This may cause an error "failed to open stream: A connection attempt
@@ -98,18 +98,18 @@ class WP_Http {
 			if ( true === WP_Http_ExtHttp::test($args) ) {
 				$working_transport['exthttp'] = new WP_Http_ExtHttp();
 				$blocking_transport[] = &$working_transport['exthttp'];
-			} else if ( true === WP_Http_Fsockopen::test($args) ) {
-				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
-				$blocking_transport[] = &$working_transport['fsockopen'];
+			} else if ( true === WP_Http_Curl::test($args) ) {
+				$working_transport['curl'] = new WP_Http_Curl();
+				$blocking_transport[] = &$working_transport['curl'];
 			} else if ( true === WP_Http_Streams::test($args) ) {
 				$working_transport['streams'] = new WP_Http_Streams();
 				$blocking_transport[] = &$working_transport['streams'];
 			} else if ( true === WP_Http_Fopen::test($args) ) {
 				$working_transport['fopen'] = new WP_Http_Fopen();
 				$blocking_transport[] = &$working_transport['fopen'];
-			} else if ( true === WP_Http_Curl::test($args) ) {
-				$working_transport['curl'] = new WP_Http_Curl();
-				$blocking_transport[] = &$working_transport['curl'];
+			} else if ( true === WP_Http_Fsockopen::test($args) ) {
+				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
+				$blocking_transport[] = &$working_transport['fsockopen'];
 			}
 
 			foreach ( array('curl', 'streams', 'fopen', 'fsockopen', 'exthttp') as $transport ) {
@@ -149,15 +149,15 @@ class WP_Http {
 			if ( true === WP_Http_ExtHttp::test($args) ) {
 				$working_transport['exthttp'] = new WP_Http_ExtHttp();
 				$blocking_transport[] = &$working_transport['exthttp'];
-			} else if ( true === WP_Http_Fsockopen::test($args) ) {
-				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
-				$blocking_transport[] = &$working_transport['fsockopen'];
-			} else if ( true === WP_Http_Streams::test($args) ) {
-				$working_transport['streams'] = new WP_Http_Streams();
-				$blocking_transport[] = &$working_transport['streams'];
 			} else if ( true === WP_Http_Curl::test($args) ) {
 				$working_transport['curl'] = new WP_Http_Curl();
 				$blocking_transport[] = &$working_transport['curl'];
+			} else if ( true === WP_Http_Streams::test($args) ) {
+				$working_transport['streams'] = new WP_Http_Streams();
+				$blocking_transport[] = &$working_transport['streams'];
+			} else if ( true === WP_Http_Fsockopen::test($args) ) {
+				$working_transport['fsockopen'] = new WP_Http_Fsockopen();
+				$blocking_transport[] = &$working_transport['fsockopen'];
 			}
 
 			foreach ( array('curl', 'streams', 'fsockopen', 'exthttp') as $transport ) {
@@ -239,7 +239,7 @@ class WP_Http {
 		$arrURL = parse_url($url);
 
 		if ( $this->block_request( $url ) )
-			return new WP_Error('http_request_failed', 'User has blocked requests through HTTP.');
+			return new WP_Error('http_request_failed', __('User has blocked requests through HTTP.'));
 
 		// Determine if this is a https call and pass that on to the transport functions
 		// so that we can blacklist the transports that do not support ssl verification

wp-includes/js/tinymce/wp-tinymce.php

@@ -8,7 +8,7 @@ function get_file($path) {
 		$path = realpath($path);
 
 	if ( ! $path || ! @is_file($path) )
-		return '';
+		return false;
 
 	return @file_get_contents($path);
 }
@@ -20,9 +20,9 @@ header('Vary: Accept-Encoding'); // Handle proxies
 header('Expires: ' . gmdate( "D, d M Y H:i:s", time() + $expires_offset ) . ' GMT');
 header("Cache-Control: public, max-age=$expires_offset");
 
-if ( isset($_GET['c']) && 1 == $_GET['c'] && false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') ) {
+if ( isset($_GET['c']) && 1 == $_GET['c'] && false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && ( $file = get_file($basepath . '/wp-tinymce.js.gz') ) ) {
 	header('Content-Encoding: gzip');
-	echo get_file($basepath . '/wp-tinymce.js.gz');
+	echo $file;
 } else {
 	echo get_file($basepath . '/wp-tinymce.js');
 }

wp-includes/kses.php

@@ -119,23 +119,35 @@ if (!CUSTOM_TAGS) {
 			'target' => array ()),
 		'h1' => array(
 			'align' => array (),
-			'class' => array ()),
-		'h2' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h2' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h3' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h3' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h4' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h4' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h5' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h5' => array (
 			'align' => array (),
-			'class' => array ()),
-		'h6' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'h6' => array (
 			'align' => array (),
-			'class' => array ()),
-		'hr' => array(
+			'class' => array (),
+			'id'    => array (),
+			'style' => array ()),
+		'hr' => array (
 			'align' => array (),
 			'class' => array (),
 			'noshade' => array (),
@@ -521,6 +533,19 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
 					break;
 				}
 
+			if ( $arreach['name'] == 'style' ) {
+				$orig_value = $arreach['value'];
+
+				$value = safecss_filter_attr($orig_value);
+
+				if ( empty($value) )
+					continue;
+
+				$arreach['value'] = $value;
+
+				$arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']);
+			}
+
 			if ($ok)
 				$attr2 .= ' '.$arreach['whole']; # it passed them
 		} # if !is_array($current)
@@ -1122,4 +1147,49 @@ function kses_init() {
 
 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
-?>
+
+function safecss_filter_attr( $css, $deprecated = '' ) {
+	$css = wp_kses_no_null($css);
+	$css = str_replace(array("\n","\r","\t"), '', $css);
+
+	if ( preg_match( '%[\\(&]|/\*%', $css ) ) // remove any inline css containing \ ( & or comments
+		return '';
+
+	$css_array = split( ';', trim( $css ) );
+	$allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float', 
+	'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', 
+	'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left',
+	'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', 
+	'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', 
+	'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', 
+	'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', 
+	'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', 
+	'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', 
+	'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', 
+	'width' ) );
+
+	if ( empty($allowed_attr) )
+		return $css;
+
+	$css = '';
+	foreach ( $css_array as $css_item ) {
+		if ( $css_item == '' )
+			continue;
+		$css_item = trim( $css_item );
+		$found = false;
+		if ( strpos( $css_item, ':' ) === false ) {
+			$found = true;
+		} else {
+			$parts = split( ':', $css_item );
+			if ( in_array( trim( $parts[0] ), $allowed_attr ) )
+				$found = true;
+		}
+		if ( $found ) {
+			if( $css != '' )
+				$css .= ';';
+			$css .= $css_item;
+		}
+	}
+
+	return $css;
+}

wp-includes/l10n.php

@@ -301,35 +301,34 @@ function _nx_noop( $single, $plural, $context ) {
 
 
 /**
- * Loads MO file into the list of domains.
+ * Loads a MO file into the domain $domain.
  *
- * If the domain already exists, the inclusion will fail. If the MO file is not
- * readable, the inclusion will fail.
+ * If the domain already exists, the translations will be merged. If both
+ * sets have the same string, the translation from the original value will be taken.
  *
  * On success, the .mo file will be placed in the $l10n global by $domain
- * and will be an gettext_reader object.
+ * and will be a MO object.
  *
  * @since 1.5.0
- * @uses $l10n Gets list of domain translated string (gettext_reader) objects
- * @uses CacheFileReader Reads the MO file
- * @uses gettext_reader Allows for retrieving translated strings
+ * @uses $l10n Gets list of domain translated string objects
  *
  * @param string $domain Unique identifier for retrieving translated strings
  * @param string $mofile Path to the .mo file
- * @return null On failure returns null and also on success returns nothing.
+ * @return bool true on success, false on failure
  */
 function load_textdomain($domain, $mofile) {
 	global $l10n;
 
-	if ( !is_readable($mofile)) return;
+	if ( !is_readable( $mofile ) ) return false;
 
 	$mo = new MO();
-	$mo->import_from_file( $mofile );
+	if ( !$mo->import_from_file( $mofile ) ) return false;
 
-	if (isset($l10n[$domain]))
+	if ( isset( $l10n[$domain] ) )
 		$mo->merge_with( $l10n[$domain] );
 
 	$l10n[$domain] = &$mo;
+	return true;
 }
 
 /**
@@ -345,7 +344,7 @@ function load_default_textdomain() {
 
 	$mofile = WP_LANG_DIR . "/$locale.mo";
 
-	load_textdomain('default', $mofile);
+	return load_textdomain('default', $mofile);
 }
 
 /**
@@ -372,7 +371,7 @@ function load_plugin_textdomain($domain, $abs_rel_path = false, $plugin_rel_path
 		$path = WP_PLUGIN_DIR;
 
 	$mofile = $path . '/'. $domain . '-' . $locale . '.mo';
-	load_textdomain($domain, $mofile);
+	return load_textdomain($domain, $mofile);
 }
 
 /**
@@ -393,7 +392,7 @@ function load_theme_textdomain($domain, $path = false) {
 	$path = ( empty( $path ) ) ? get_template_directory() : $path;
 
 	$mofile = "$path/$locale.mo";
-	load_textdomain($domain, $mofile);
+	return load_textdomain($domain, $mofile);
 }
 
 /**
@@ -423,6 +422,6 @@ function &get_translations_for_domain( $domain ) {
  * won't suffer from that problem.
  */
 function translate_user_role( $name ) {
-	return before_last_bar( translate_with_gettext_context( $name, 'User role' ) );
+	return translate_with_gettext_context( before_last_bar($name), 'User role' );
 }
 ?>

wp-includes/link-template.php

@@ -768,8 +768,7 @@ function get_edit_comment_link( $comment_id = 0 ) {
 function edit_comment_link( $link = 'Edit This', $before = '', $after = '' ) {
 	global $comment, $post;
 
-	if ( $post->post_type == 'attachment' ) {
-	} elseif ( $post->post_type == 'page' ) {
+	if ( $post->post_type == 'page' ) {
 		if ( !current_user_can( 'edit_page', $post->ID ) )
 			return;
 	} else {
@@ -1693,7 +1692,7 @@ function site_url($path = '', $scheme = null) {
 	// should the list of allowed schemes be maintained elsewhere?
 	$orig_scheme = $scheme;
 	if ( !in_array($scheme, array('http', 'https')) ) {
-		if ( ('login_post' == $scheme) && ( force_ssl_login() || force_ssl_admin() ) )
+		if ( ( 'login_post' == $scheme || 'rpc' == $scheme ) && ( force_ssl_login() || force_ssl_admin() ) )
 			$scheme = 'https';
 		elseif ( ('login' == $scheme) && ( force_ssl_admin() ) )
 			$scheme = 'https';

wp-includes/pluggable.php

@@ -880,17 +880,8 @@ function wp_sanitize_redirect($location) {
 	$location = wp_kses_no_null($location);
 
 	// remove %0d and %0a from location
-	$strip = array('%0d', '%0a');
-	$found = true;
-	while($found) {
-		$found = false;
-		foreach( (array) $strip as $val ) {
-			while(strpos($location, $val) !== false) {
-				$found = true;
-				$location = str_replace($val, '', $location);
-			}
-		}
-	}
+	$strip = array('%0d', '%0a', '%0D', '%0A');
+	$location = _deep_replace($strip, $location);
 	return $location;
 }
 endif;
@@ -908,8 +899,7 @@ if ( !function_exists('wp_safe_redirect') ) :
  * but only used in a few places.
  *
  * @since 2.3
- * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
- *		WordPress host string and $location host string.
+ * @uses wp_validate_redirect() To validate the redirect is to an allowed host.
  *
  * @return void Does not return anything
  **/
@@ -918,6 +908,31 @@ function wp_safe_redirect($location, $status = 302) {
 	// Need to look at the URL the way it will end up in wp_redirect()
 	$location = wp_sanitize_redirect($location);
 
+	$location = wp_validate_redirect($location, admin_url());
+
+	wp_redirect($location, $status);
+}
+endif;
+
+if ( !function_exists('wp_validate_redirect') ) :
+/**
+ * Validates a URL for use in a redirect.
+ *
+ * Checks whether the $location is using an allowed host, if it has an absolute
+ * path. A plugin can therefore set or remove allowed host(s) to or from the
+ * list.
+ *
+ * If the host is not allowed, then the redirect is to $default supplied
+ *
+ * @since 2.8.1
+ * @uses apply_filters() Calls 'allowed_redirect_hosts' on an array containing
+ *		WordPress host string and $location host string.
+ *
+ * @param string $location The redirect to validate
+ * @param string $default The value to return is $location is not allowed
+ * @return string redirect-sanitized URL
+ **/
+function wp_validate_redirect($location, $default = '') {
 	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'
 	if ( substr($location, 0, 2) == '//' )
 		$location = 'http:' . $location;
@@ -931,9 +946,9 @@ function wp_safe_redirect($location, $status = 302) {
 	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');
 
 	if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )
-		$location = admin_url();
+		$location = $default;
 
-	wp_redirect($location, $status);
+	return $location;
 }
 endif;
 

wp-includes/plugin.php

@@ -53,7 +53,7 @@
  * @subpackage Plugin
  * @since 0.71
  * @global array $wp_filter Stores all of the filters added in the form of
- *	wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)]']
+ *	wp_filter['tag']['array of priorities']['array of functions serialized']['array of ['array (functions, accepted_args)']']
  * @global array $merged_filters Tracks the tags that need to be merged for later. If the hook is added, it doesn't need to run through that process.
  *
  * @param string $tag The name of the filter to hook the $function_to_add to.
@@ -495,6 +495,7 @@ function plugin_basename($file) {
 	$mu_plugin_dir = str_replace('\\','/',WPMU_PLUGIN_DIR); // sanitize for Win32 installs
 	$mu_plugin_dir = preg_replace('|/+|','/', $mu_plugin_dir); // remove any duplicate slash
 	$file = preg_replace('#^' . preg_quote($plugin_dir, '#') . '/|^' . preg_quote($mu_plugin_dir, '#') . '/#','',$file); // get relative path from plugins dir
+	$file = trim($file, '/');
 	return $file;
 }
 

wp-includes/pomo/entry.php

@@ -2,7 +2,7 @@
 /**
  * Contains Translation_Entry class
  *
- * @version $Id: entry.php 13 2008-04-21 12:03:37Z nbachiyski $
+ * @version $Id: entry.php 115 2009-05-11 18:56:15Z nbachiyski $
  * @package pomo
  * @subpackage entry
  */
@@ -48,9 +48,7 @@ class Translation_Entry {
 		// get member variable values from args hash
 		$object_varnames = array_keys(get_object_vars($this));
 		foreach ($args as $varname => $value) {
-			if (in_array($varname, $object_varnames)) {
-				$this->$varname = $value;
-			}
+			$this->$varname = $value;
 		}
 		if (isset($args['plural'])) $this->is_plural = true;
 		if (!is_array($this->translations)) $this->translations = array();

wp-includes/pomo/mo.php

@@ -2,7 +2,7 @@
 /**
  * Class for working with MO files
  *
- * @version $Id: mo.php 33 2009-02-16 09:33:39Z nbachiyski $
+ * @version $Id: mo.php 106 2009-04-23 19:48:22Z nbachiyski $
  * @package pomo
  * @subpackage mo
  */
@@ -10,16 +10,10 @@
 require_once dirname(__FILE__) . '/translations.php';
 require_once dirname(__FILE__) . '/streams.php';
 
-class MO extends Translations {
+class MO extends Gettext_Translations {
 
 	var $_nplurals = 2;
 
-	function set_header($header, $value) {
-		parent::set_header($header, $value);
-		if ('Plural-Forms' == $header)
-			$this->_gettext_select_plural_form = $this->_make_gettext_select_plural_form($value);
-	}
-
 	/**
 	 * Fills up with the entries from MO file $filename
 	 *
@@ -32,6 +26,73 @@ class MO extends Translations {
 		}
 		return $this->import_from_reader($reader);
 	}
+	
+	function export_to_file($filename) {
+		$fh = fopen($filename, 'wb');
+		if ( !$fh ) return false;
+		$entries = array_filter($this->entries, create_function('$e', 'return !empty($e->translations);'));
+		ksort($entries);
+		$magic = 0x950412de;
+		$revision = 0;
+		$total = count($entries) + 1; // all the headers are one entry
+		$originals_lenghts_addr = 28;
+		$translations_lenghts_addr = $originals_lenghts_addr + 8 * $total;
+		$size_of_hash = 0;
+		$hash_addr = $translations_lenghts_addr + 8 * $total;
+		$current_addr = $hash_addr;
+		fwrite($fh, pack('V*', $magic, $revision, $total, $originals_lenghts_addr,
+			$translations_lenghts_addr, $size_of_hash, $hash_addr));
+		fseek($fh, $originals_lenghts_addr);
+		
+		// headers' msgid is an empty string
+		fwrite($fh, pack('VV', 0, $current_addr));
+		$current_addr++;
+		$originals_table = chr(0);
+
+		foreach($entries as $entry) {
+			$originals_table .= $this->export_original($entry) . chr(0);
+			$length = strlen($this->export_original($entry));
+			fwrite($fh, pack('VV', $length, $current_addr));
+			$current_addr += $length + 1; // account for the NULL byte after
+		}
+		
+		$exported_headers = $this->export_headers();
+		fwrite($fh, pack('VV', strlen($exported_headers), $current_addr));
+		$current_addr += strlen($exported_headers) + 1;
+		$translations_table = $exported_headers . chr(0);
+		
+		foreach($entries as $entry) {
+			$translations_table .= $this->export_translations($entry) . chr(0);
+			$length = strlen($this->export_translations($entry));
+			fwrite($fh, pack('VV', $length, $current_addr));
+			$current_addr += $length + 1;
+		}
+		
+		fwrite($fh, $originals_table);
+		fwrite($fh, $translations_table);
+		fclose($fh);
+	}
+	
+	function export_original($entry) {
+		//TODO: warnings for control characters
+		$exported = $entry->singular;
+		if ($entry->is_plural) $exported .= chr(0).$entry->plural;
+		if (!is_null($entry->context)) $exported = $entry->context . chr(4) . $exported;
+		return $exported;
+	}
+	
+	function export_translations($entry) {
+		//TODO: warnings for control characters
+		return implode(chr(0), $entry->translations);
+	}
+	
+	function export_headers() {
+		$exported = '';
+		foreach($this->headers as $header => $value) {
+			$exported.= "$header: $value\n";
+		}
+		return $exported;
+	}
 
 	function get_byteorder($magic) {
 
@@ -42,7 +103,7 @@ class MO extends Translations {
 		$magic_little_64 = (int) 2500072158;
 		// 0xde120495
 		$magic_big = ((int) - 569244523) && 0xFFFFFFFF;
-
+		
 		if ($magic_little == $magic || $magic_little_64 == $magic) {
 			return 'little';
 		} else if ($magic_big == $magic) {
@@ -63,22 +124,22 @@ class MO extends Translations {
 		$revision = $reader->readint32();
 		$total = $reader->readint32();
 		// get addresses of array of lenghts and offsets for original string and translations
-		$originals_lo_addr = $reader->readint32();
-		$translations_lo_addr = $reader->readint32();
+		$originals_lenghts_addr = $reader->readint32();
+		$translations_lenghts_addr = $reader->readint32();
 
-		$reader->seekto($originals_lo_addr);
-		$originals_lo = $reader->readint32array($total * 2); // each of
-		$reader->seekto($translations_lo_addr);
-		$translations_lo = $reader->readint32array($total * 2);
+		$reader->seekto($originals_lenghts_addr);
+		$originals_lenghts = $reader->readint32array($total * 2); // each of 
+		$reader->seekto($translations_lenghts_addr);
+		$translations_lenghts = $reader->readint32array($total * 2);
 
 		$length = create_function('$i', 'return $i * 2 + 1;');
 		$offset = create_function('$i', 'return $i * 2 + 2;');
 
 		for ($i = 0; $i < $total; ++$i) {
-			$reader->seekto($originals_lo[$offset($i)]);
-			$original = $reader->read($originals_lo[$length($i)]);
-			$reader->seekto($translations_lo[$offset($i)]);
-			$translation = $reader->read($translations_lo[$length($i)]);
+			$reader->seekto($originals_lenghts[$offset($i)]);
+			$original = $reader->read($originals_lenghts[$length($i)]);
+			$reader->seekto($translations_lenghts[$offset($i)]);
+			$translation = $reader->read($translations_lenghts[$length($i)]);
 			if ('' == $original) {
 				$this->set_headers($this->make_headers($translation));
 			} else {
@@ -88,17 +149,6 @@ class MO extends Translations {
 		return true;
 	}
 
-	function make_headers($translation) {
-		$headers = array();
-		$lines = explode("\n", $translation);
-		foreach($lines as $line) {
-			$parts = explode(':', $line, 2);
-			if (!isset($parts[1])) continue;
-			$headers[trim($parts[0])] = trim($parts[1]);
-		}
-		return $headers;
-	}
-
 	/**
 	 * @static
 	 */

wp-includes/pomo/po.php

@@ -2,7 +2,7 @@
 /**
  * Class for working with PO files
  *
- * @version $Id: po.php 33 2009-02-16 09:33:39Z nbachiyski $
+ * @version $Id: po.php 123 2009-05-13 19:35:43Z nbachiyski $
  * @package pomo
  * @subpackage po
  */
@@ -16,8 +16,8 @@ ini_set('auto_detect_line_endings', 1);
 /**
  * Routines for working with PO files
  */
-class PO extends Translations {
-
+class PO extends Gettext_Translations {
+	
 
 	/**
 	 * Exports headers to a PO entry
@@ -75,7 +75,6 @@ class PO extends Translations {
 		return fclose($fh);
 	}
 
-
 	/**
 	 * Formats a string in PO-style
 	 *
@@ -87,31 +86,59 @@ class PO extends Translations {
 		$quote = '"';
 		$slash = '\\';
 		$newline = "\n";
-		$tab = "\t";
 
 		$replaces = array(
 			"$slash" 	=> "$slash$slash",
-			"$tab" 		=> '\t',
 			"$quote"	=> "$slash$quote",
+			"\t" 		=> '\t',
 		);
+
 		$string = str_replace(array_keys($replaces), array_values($replaces), $string);
 
-		$po = array();
-		foreach (explode($newline, $string) as $line) {
-			$po[] = wordwrap($line, PO_MAX_LINE_LEN - 2, " $quote$newline$quote");
-		}
-		$po = $quote.implode("${slash}n$quote$newline$quote", $po).$quote;
+		$po = $quote.implode("${slash}n$quote$newline$quote", explode($newline, $string)).$quote;
 		// add empty string on first line for readbility
-		if (false !== strpos($po, $newline)) {
+		if (false !== strpos($string, $newline) &&
+				(substr_count($string, $newline) > 1 || !($newline === substr($string, -strlen($newline))))) {
 			$po = "$quote$quote$newline$po";
 		}
 		// remove empty strings
 		$po = str_replace("$newline$quote$quote", '', $po);
 		return $po;
 	}
+	
+	/**
+	 * Gives back the original string from a PO-formatted string
+	 * 
+	 * @static
+	 * @param string $string PO-formatted string
+	 * @return string enascaped string
+	 */
+	function unpoify($string) {
+		$escapes = array('t' => "\t", 'n' => "\n", '\\' => '\\');
+		$lines = array_map('trim', explode("\n", $string));
+		$lines = array_map(array('PO', 'trim_quotes'), $lines);
+		$unpoified = '';
+		$previous_is_backslash = false;
+		foreach($lines as $line) {
+			preg_match_all('/./u', $line, $chars);
+			$chars = $chars[0];
+			foreach($chars as $char) {
+				if (!$previous_is_backslash) {
+					if ('\\' == $char)
+						$previous_is_backslash = true;
+					else
+						$unpoified .= $char;
+				} else {
+					$previous_is_backslash = false;
+					$unpoified .= isset($escapes[$char])? $escapes[$char] : $char;
+				}
+			}
+		}
+		return $unpoified;
+	}
 
 	/**
-	 * Inserts $with in the beginning of every new line of $string and
+	 * Inserts $with in the beginning of every new line of $string and 
 	 * returns the modified string
 	 *
 	 * @static
@@ -157,7 +184,7 @@ class PO extends Translations {
 		if (!empty($entry->translator_comments)) $po[] = PO::comment_block($entry->translator_comments);
 		if (!empty($entry->extracted_comments)) $po[] = PO::comment_block($entry->extracted_comments, '.');
 		if (!empty($entry->references)) $po[] = PO::comment_block(implode(' ', $entry->references), ':');
-		if (!empty($entry->flags)) $po[] = PO::comment_block(implode("\n", $entry->flags), ',');
+		if (!empty($entry->flags)) $po[] = PO::comment_block(implode(", ", $entry->flags), ',');
 		if (!is_null($entry->context)) $po[] = 'msgctxt '.PO::poify($entry->context);
 		$po[] = 'msgid '.PO::poify($entry->singular);
 		if (!$entry->is_plural) {
@@ -173,5 +200,161 @@ class PO extends Translations {
 		return implode("\n", $po);
 	}
 
+	function import_from_file($filename) {
+		$f = fopen($filename, 'r');
+		if (!$f) return false;
+		$lineno = 0;
+		while (true) {
+			$res = $this->read_entry($f, $lineno);
+			if (!$res) break;
+			if ($res['entry']->singular == '') {
+				$this->set_headers($this->make_headers($res['entry']->translations[0]));
+			} else {
+				$this->add_entry($res['entry']);
+			}
+		}
+		PO::read_line($f, 'clear');
+		return $res !== false;
+	}
+	
+	function read_entry($f, $lineno = 0) {
+		$entry = new Translation_Entry();
+		// where were we in the last step
+		// can be: comment, msgctxt, msgid, msgid_plural, msgstr, msgstr_plural
+		$context = '';
+		$msgstr_index = 0;
+		$is_final = create_function('$context', 'return $context == "msgstr" || $context == "msgstr_plural";');
+		while (true) {
+			$lineno++;
+			$line = PO::read_line($f);
+			if (!$line)  {
+				if (feof($f)) {
+					if ($is_final($context))
+						break;
+					elseif (!$context) // we haven't read a line and eof came
+						return null;
+					else
+						return false;
+				} else {
+					return false;
+				}
+			}
+			if ($line == "\n") continue;
+			$line = trim($line);
+			if (preg_match('/^#/', $line, $m)) {
+				// the comment is the start of a new entry
+				if ($is_final($context)) {
+					PO::read_line($f, 'put-back');
+					$lineno--;
+					break;
+				}
+				// comments have to be at the beginning
+				if ($context && $context != 'comment') {
+					return false;
+				}
+				// add comment
+				$this->add_comment_to_entry($entry, $line);;
+			} elseif (preg_match('/^msgctxt\s+(".*")/', $line, $m)) {
+				if ($is_final($context)) {
+					PO::read_line($f, 'put-back');
+					$lineno--;
+					break;
+				}
+				if ($context && $context != 'comment') {
+					return false;
+				}
+				$context = 'msgctxt';
+				$entry->context .= PO::unpoify($m[1]);
+			} elseif (preg_match('/^msgid\s+(".*")/', $line, $m)) {
+				if ($is_final($context)) {
+					PO::read_line($f, 'put-back');
+					$lineno--;
+					break;
+				}
+				if ($context && $context != 'msgctxt' && $context != 'comment') {
+					return false;
+				}
+				$context = 'msgid';
+				$entry->singular .= PO::unpoify($m[1]);
+			} elseif (preg_match('/^msgid_plural\s+(".*")/', $line, $m)) {
+				if ($context != 'msgid') {
+					return false;
+				}
+				$context = 'msgid_plural';
+				$entry->is_plural = true;
+				$entry->plural .= PO::unpoify($m[1]);
+			} elseif (preg_match('/^msgstr\s+(".*")/', $line, $m)) {
+				if ($context != 'msgid') {
+					return false;
+				}
+				$context = 'msgstr';
+				$entry->translations = array(PO::unpoify($m[1]));
+			} elseif (preg_match('/^msgstr\[(\d+)\]\s+(".*")/', $line, $m)) {
+				if ($context != 'msgid_plural' && $context != 'msgstr_plural') {
+					return false;
+				}
+				$context = 'msgstr_plural';
+				$msgstr_index = $m[1];
+				$entry->translations[$m[1]] = PO::unpoify($m[2]);
+			} elseif (preg_match('/^".*"$/', $line)) {
+				$unpoified = PO::unpoify($line);
+				switch ($context) {
+					case 'msgid':
+						$entry->singular .= $unpoified; break;
+					case 'msgctxt':
+						$entry->context .= $unpoified; break;
+					case 'msgid_plural':
+						$entry->plural .= $unpoified; break;
+					case 'msgstr':
+						$entry->translations[0] .= $unpoified; break;
+					case 'msgstr_plural':
+						$entry->translations[$msgstr_index] .= $unpoified; break;
+					default:
+						return false;
+				}
+			} else {
+				return false;
+			}
+		}
+		if (array() == array_filter($entry->translations)) $entry->translations = array();
+		return array('entry' => $entry, 'lineno' => $lineno);
+	}
+	
+	function read_line($f, $action = 'read') {
+		static $last_line = '';
+		static $use_last_line = false;
+		if ('clear' == $action) {
+			$last_line = '';
+			return true;
+		}
+		if ('put-back' == $action) {
+			$use_last_line = true;
+			return true;
+		}
+		$line = $use_last_line? $last_line : fgets($f);
+		$last_line = $line;
+		$use_last_line = false;
+		return $line;
+	}
+	
+	function add_comment_to_entry(&$entry, $po_comment_line) {
+		$first_two = substr($po_comment_line, 0, 2);
+		$comment = trim(substr($po_comment_line, 2));
+		if ('#:' == $first_two) {
+			$entry->references = array_merge($entry->references, preg_split('/\s+/', $comment));
+		} elseif ('#.' == $first_two) {
+			$entry->extracted_comments = trim($entry->extracted_comments . "\n" . $comment);
+		} elseif ('#,' == $first_two) {
+			$entry->flags = array_merge($entry->flags, preg_split('/,\s*/', $comment));
+		} else {
+			$entry->translator_comments = trim($entry->translator_comments . "\n" . $comment);
+		}
+	}
+	
+	function trim_quotes($s) {
+		if ( substr($s, 0, 1) == '"') $s = substr($s, 1);
+		if ( substr($s, -1, 1) == '"') $s = substr($s, 0, -1);
+		return $s;
+	}
 }
 ?>

wp-includes/pomo/streams.php

@@ -3,7 +3,7 @@
  * Classes, which help reading streams of data from files.
  * Based on the classes from Danilo Segan <danilo@kvota.net>
  *
- * @version $Id: streams.php 33 2009-02-16 09:33:39Z nbachiyski $
+ * @version $Id: streams.php 138 2009-06-23 13:22:09Z nbachiyski $
  * @package pomo
  * @subpackage streams
  */
@@ -17,34 +17,48 @@ class POMO_StringReader {
   var $_pos;
   var $_str;
 
-  function POMO_StringReader($str = '') {
-    $this->_str = $str;
-    $this->_pos = 0;
-  }
+	function POMO_StringReader($str = '') {
+		$this->_str = $str;
+		$this->_pos = 0;
+		$this->is_overloaded = ((ini_get("mbstring.func_overload") & 2) != 0) && function_exists('mb_substr');
+	}
 
-  function read($bytes) {
-    $data = substr($this->_str, $this->_pos, $bytes);
-    $this->_pos += $bytes;
-    if (strlen($this->_str)<$this->_pos)
-      $this->_pos = strlen($this->_str);
+	function _substr($string, $start, $length) {
+		if ($this->is_overloaded) {
+			return mb_substr($string,$start,$length,'ascii');
+		} else {
+			return substr($string,$start,$length);
+		}
+	}
+	
+	function _strlen($string) {
+		if ($this->is_overloaded) {
+			return mb_strlen($string,'ascii');
+		} else {
+			return strlen($string);
+		}
+	}
 
-    return $data;
-  }
+	function read($bytes) {
+		$data = $this->_substr($this->_str, $this->_pos, $bytes);
+		$this->_pos += $bytes;
+		if ($this->_strlen($this->_str) < $this->_pos) $this->_pos = $this->_strlen($this->_str);
+		return $data;
+	}
 
-  function seekto($pos) {
-    $this->_pos = $pos;
-    if (strlen($this->_str)<$this->_pos)
-      $this->_pos = strlen($this->_str);
-    return $this->_pos;
-  }
+	function seekto($pos) {
+		$this->_pos = $pos;
+		if ($this->_strlen($this->_str) < $this->_pos) $this->_pos = $this->_strlen($this->_str);
+		return $this->_pos;
+	}
 
-  function pos() {
-    return $this->_pos;
-  }
+	function pos() {
+		return $this->_pos;
+	}
 
-  function length() {
-    return strlen($this->_str);
-  }
+	function length() {
+		return $this->_strlen($this->_str);
+	}
 
 }
 
@@ -53,10 +67,11 @@ class POMO_StringReader {
  */
 class POMO_CachedFileReader extends POMO_StringReader {
 	function POMO_CachedFileReader($filename) {
+		parent::POMO_StringReader();
 		$this->_str = file_get_contents($filename);
 		if (false === $this->_str)
 			return false;
-		$this->pos = 0;
+		$this->_pos = 0;
 	}
 }
 
@@ -96,7 +111,7 @@ class POMO_CachedIntFileReader extends POMO_CachedFileReader {
 	 */
 	function readint32() {
 		$bytes = $this->read(4);
-		if (4 != strlen($bytes))
+		if (4 != $this->_strlen($bytes))
 			return false;
 		$endian_letter = ('big' == $this->endian)? 'N' : 'V';
 		$int = unpack($endian_letter, $bytes);
@@ -112,7 +127,7 @@ class POMO_CachedIntFileReader extends POMO_CachedFileReader {
 	 */
 	function readint32array($count) {
 		$bytes = $this->read(4 * $count);
-		if (4*$count != strlen($bytes))
+		if (4*$count != $this->_strlen($bytes))
 			return false;
 		$endian_letter = ('big' == $this->endian)? 'N' : 'V';
 		return unpack($endian_letter.$count, $bytes);

wp-includes/pomo/translations.php

@@ -2,7 +2,7 @@
 /**
  * Class for a set of entries for translation and their associated headers
  *
- * @version $Id: translations.php 35 2009-02-16 12:54:57Z nbachiyski $
+ * @version $Id: translations.php 114 2009-05-11 17:30:38Z nbachiyski $
  * @package pomo
  * @subpackage translations
  */
@@ -19,10 +19,13 @@ class Translations {
 	 * @param object &$entry
 	 * @return bool true on success, false if the entry doesn't have a key
 	 */
-	function add_entry(&$entry) {
+	function add_entry($entry) {
+		if (is_array($entry)) {
+			$entry = new Translation_Entry($entry);
+		}
 		$key = $entry->key();
 		if (false === $key) return false;
-		$this->entries[$key] = &$entry;
+		$this->entries[$key] = $entry;
 		return true;
 	}
 
@@ -87,12 +90,24 @@ class Translations {
 		$total_plural_forms = $this->get_plural_forms_count();
 		if ($translated && 0 <= $index && $index < $total_plural_forms &&
 				is_array($translated->translations) &&
-				count($translated->translations) == $total_plural_forms)
+				isset($translated->translations[$index]))
 			return $translated->translations[$index];
 		else
 			return 1 == $count? $singular : $plural;
 	}
 
+	/**
+	 * Merge $other in the current object.
+	 *
+	 * @param Object &$other Another Translation object, whose translations will be merged in this one
+	 * @return void
+	 **/
+	function merge_with(&$other) {
+		$this->entries = array_merge($this->entries, $other->entries);
+	}
+}
+
+class Gettext_Translations extends Translations {
 	/**
 	 * The gettext implmentation of select_plural_form.
 	 *
@@ -130,7 +145,7 @@ class Translations {
 	/**
 	 * Adds parantheses to the inner parts of ternary operators in
 	 * plural expressions, because PHP evaluates ternary oerators from left to right
-	 *
+	 * 
 	 * @param string $expression the expression without parentheses
 	 * @return string the expression with parentheses added
 	 */
@@ -158,16 +173,27 @@ class Translations {
 		}
 		return rtrim($res, ';');
 	}
-
-	/**
-	 * Merge $other in the current object.
-	 *
-	 * @param Object &$other Another Translation object, whose translations will be merged in this one
-	 * @return void
-	 **/
-	function merge_with(&$other) {
-		$this->entries = array_merge($this->entries, $other->entries);
+	
+	function make_headers($translation) {
+		$headers = array();
+		// sometimes \ns are used instead of real new lines
+		$translation = str_replace('\n', "\n", $translation);
+		$lines = explode("\n", $translation);
+		foreach($lines as $line) {
+			$parts = explode(':', $line, 2);
+			if (!isset($parts[1])) continue;
+			$headers[trim($parts[0])] = trim($parts[1]);
+		}
+		return $headers;
 	}
+
+	function set_header($header, $value) {
+		parent::set_header($header, $value);
+		if ('Plural-Forms' == $header)
+			$this->_gettext_select_plural_form = $this->_make_gettext_select_plural_form($value);
+	}
+
+	
 }
 
 ?>

wp-includes/post-template.php

@@ -430,13 +430,14 @@ function get_body_class( $class = '' ) {
 		if ( $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' LIMIT 1", $pageID) ) )
 			$classes[] = 'page-parent';
 
-		if ( $wp_query->post->post_parent )
+		if ( $wp_query->post->post_parent ) {
 			$classes[] = 'page-child';
 			$classes[] = 'parent-pageid-' . $wp_query->post->post_parent;
-
-		if ( is_page_template() )
+		}
+		if ( is_page_template() ) {
 			$classes[] = 'page-template';
 			$classes[] = 'page-template-' . str_replace( '.php', '-php', get_post_meta( $pageID, '_wp_page_template', true ) );
+		}
 	} elseif ( is_search() ) {
 		if ( !empty($wp_query->posts) )
 			$classes[] = 'search-results';
@@ -805,7 +806,7 @@ function wp_list_pages($args = '') {
  * @param array|string $args
  */
 function wp_page_menu( $args = array() ) {
-	$defaults = array('sort_column' => 'post_title', 'menu_class' => 'menu', 'echo' => true, 'link_before' => '', 'link_after' => '');
+	$defaults = array('sort_column' => 'menu_order, post_title', 'menu_class' => 'menu', 'echo' => true, 'link_before' => '', 'link_after' => '');
 	$args = wp_parse_args( $args, $defaults );
 	$args = apply_filters( 'wp_page_menu_args', $args );
 

wp-includes/post.php

@@ -1192,7 +1192,7 @@ function wp_delete_post($postid = 0) {
 		foreach ( (array) $children as $child )
 			clean_page_cache($child->ID);
 
-		$wp_rewrite->flush_rules();
+		$wp_rewrite->flush_rules(false);
 	} else {
 		clean_post_cache($postid);
 	}
@@ -3274,9 +3274,6 @@ function _transition_post_status($new_status, $old_status, $post) {
 		if ( '' == get_the_guid($post->ID) )
 			$wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post->ID ) ), array( 'ID' => $post->ID ) );
 		do_action('private_to_published', $post->ID);  // Deprecated, use private_to_publish
-		// do generic pings once per hour at most
-		if ( !wp_next_scheduled('do_generic_ping') )
-			wp_schedule_single_event(time() + 3600, 'do_generic_ping');
 	}
 
 	// Always clears the hook in case the post status bounced from future to draft.
@@ -3354,7 +3351,7 @@ function _save_post_hook($post_id, $post) {
 		// Avoid flushing rules for every post during import.
 		if ( !defined('WP_IMPORTING') ) {
 			global $wp_rewrite;
-			$wp_rewrite->flush_rules();
+			$wp_rewrite->flush_rules(false);
 		}
 	} else {
 		clean_post_cache($post_id);

wp-includes/query.php

@@ -1234,6 +1234,7 @@ class WP_Query {
 		$qv['day'] = absint($qv['day']);
 		$qv['w'] = absint($qv['w']);
 		$qv['m'] = absint($qv['m']);
+		$qv['paged'] = absint($qv['paged']);
 		$qv['cat'] = preg_replace( '|[^0-9,-]|', '', $qv['cat'] ); // comma separated list of positive or negative integers
 		$qv['pagename'] = trim( $qv['pagename'] );
 		$qv['name'] = trim( $qv['name'] );

wp-includes/rewrite.php

@@ -1822,13 +1822,14 @@ class WP_Rewrite {
 	 *
 	 * @since 2.0.1
 	 * @access public
+	 * @param $hard bool Whether to update .htaccess (hard flush) or just update rewrite_rules transient (soft flush). Default is true (hard).
 	 */
-	function flush_rules() {
+	function flush_rules($hard = true) {
 		delete_transient('rewrite_rules');
 		$this->wp_rewrite_rules();
-		if ( function_exists('save_mod_rewrite_rules') )
+		if ( $hard && function_exists('save_mod_rewrite_rules') )
 			save_mod_rewrite_rules();
-		if ( function_exists('iis7_save_url_rewrite_rules') )
+		if ( $hard && function_exists('iis7_save_url_rewrite_rules') )
 			iis7_save_url_rewrite_rules();
 	}
 

wp-includes/script-loader.php

@@ -240,7 +240,7 @@ function wp_default_scripts( &$scripts ) {
 		$scripts->add( 'user-profile', "/wp-admin/js/user-profile$suffix.js", array('jquery'), '20090514' );
 		$scripts->add_data( 'user-profile', 'group', 1 );
 
-		$scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array('wp-lists', 'jquery-ui-resizable', 'quicktags'), '20090209' );
+		$scripts->add( 'admin-comments', "/wp-admin/js/edit-comments$suffix.js", array('wp-lists', 'jquery-ui-resizable', 'quicktags'), '20090627' );
 		$scripts->add_data( 'admin-comments', 'group', 1 );
 		$scripts->localize( 'admin-comments', 'adminCommentsL10n', array(
 			'hotkeys_highlight_first' => isset($_GET['hotkeys_highlight_first']),
@@ -249,7 +249,7 @@ function wp_default_scripts( &$scripts ) {
 
 		$scripts->add( 'xfn', "/wp-admin/js/xfn$suffix.js", false, '3517m' );
 
-		$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array('jquery-ui-sortable'), '20090327' );
+		$scripts->add( 'postbox', "/wp-admin/js/postbox$suffix.js", array('jquery-ui-sortable'), '20090618' );
 		$scripts->add_data( 'postbox', 'group', 1 );
 		$scripts->localize( 'postbox', 'postboxL10n', array(
 			'requestFile' => admin_url('admin-ajax.php')
@@ -264,7 +264,7 @@ function wp_default_scripts( &$scripts ) {
 			'l10n_print_after' => 'try{convertEntities(slugL10n);}catch(e){};'
 		) );
 
-		$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox', 'slug'), '20090526' );
+		$scripts->add( 'post', "/wp-admin/js/post$suffix.js", array('suggest', 'wp-lists', 'postbox', 'slug'), '20090624' );
 		$scripts->add_data( 'post', 'group', 1 );
 		$scripts->localize( 'post', 'postL10n', array(
 			'tagsUsed' =>  __('Tags used on this post:'),
@@ -377,7 +377,7 @@ function wp_default_scripts( &$scripts ) {
 
 		$scripts->add( 'farbtastic', '/wp-admin/js/farbtastic.js', array('jquery'), '1.2' );
 
-		$scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'jquery', 'admin-comments', 'postbox' ), '20090201' );
+		$scripts->add( 'dashboard', "/wp-admin/js/dashboard$suffix.js", array( 'jquery', 'admin-comments', 'postbox' ), '20090618' );
 		$scripts->add_data( 'dashboard', 'group', 1 );
 
 		$scripts->add( 'hoverIntent', "/wp-includes/js/hoverIntent$suffix.js", array('jquery'), '20090102' );
@@ -421,12 +421,12 @@ function wp_default_styles( &$styles ) {
 	$rtl_styles = array( 'global', 'colors', 'dashboard', 'ie', 'install', 'login', 'media', 'theme-editor', 'upload', 'widgets', 'press-this', 'plugin-install', 'farbtastic' );
 
 	// all colors stylesheets need to have the same query strings (cache manifest compat)
-	$colors_version = '20090610';
+	$colors_version = '20090625';
 
-	$styles->add( 'wp-admin', '/wp-admin/wp-admin.css', array(), '20090610' );
+	$styles->add( 'wp-admin', '/wp-admin/wp-admin.css', array(), '20090625' );
 	$styles->add_data( 'wp-admin', 'rtl', '/wp-admin/rtl.css' );
 
-	$styles->add( 'ie', '/wp-admin/css/ie.css', array(), '20090514' );
+	$styles->add( 'ie', '/wp-admin/css/ie.css', array(), '20090630' );
 	$styles->add_data( 'ie', 'conditional', 'lte IE 7' );
 
 	// Register "meta" stylesheet for admin colors. All colors-* style sheets should have the same version string.
@@ -438,12 +438,12 @@ function wp_default_styles( &$styles ) {
 	$styles->add( 'colors-classic', '/wp-admin/css/colors-classic.css', array(), $colors_version);
 	$styles->add_data( 'colors-classic', 'rtl', true );
 
-	$styles->add( 'global', '/wp-admin/css/global.css', array(), '20090514' );
+	$styles->add( 'global', '/wp-admin/css/global.css', array(), '20090630' );
 	$styles->add( 'media', '/wp-admin/css/media.css', array(), '20090516' );
 	$styles->add( 'widgets', '/wp-admin/css/widgets.css', array(), '20090603' );
 	$styles->add( 'dashboard', '/wp-admin/css/dashboard.css', array(), '20090514' );
 	$styles->add( 'install', '/wp-admin/css/install.css', array(), '20090514' );
-	$styles->add( 'theme-editor', '/wp-admin/css/theme-editor.css', array(), '20090514' );
+	$styles->add( 'theme-editor', '/wp-admin/css/theme-editor.css', array(), '20090625' );
 	$styles->add( 'press-this', '/wp-admin/css/press-this.css', array(), '20090514' );
 	$styles->add( 'thickbox', '/wp-includes/js/thickbox/thickbox.css', array(), '20090514' );
 	$styles->add( 'login', '/wp-admin/css/login.css', array(), '20090514' );

wp-includes/update.php

@@ -115,7 +115,7 @@ function wp_update_plugins() {
 
 	$new_option = new stdClass;
 	$new_option->last_checked = time();
-	$timeout = 'load-plugins.php' == current_filter() ? 360 : 43200; //Check for updated every 60 minutes if hitting the themes page, Else, check every 12 hours
+	$timeout = 'load-plugins.php' == current_filter() ? 3600 : 43200; //Check for updated every 60 minutes if hitting the themes page, Else, check every 12 hours
 	$time_not_changed = isset( $current->last_checked ) && $timeout > ( time() - $current->last_checked );
 
 	$plugin_changed = false;
@@ -198,7 +198,7 @@ function wp_update_themes( ) {
 
 	$new_option = new stdClass;
 	$new_option->last_checked = time( );
-	$timeout = 'load-themes.php' == current_filter() ? 360 : 43200; //Check for updated every 60 minutes if hitting the themes page, Else, check every 12 hours
+	$timeout = 'load-themes.php' == current_filter() ? 3600 : 43200; //Check for updated every 60 minutes if hitting the themes page, Else, check every 12 hours
 	$time_not_changed = isset( $current_theme->last_checked ) && $timeout > ( time( ) - $current_theme->last_checked );
 
 	if( $time_not_changed )

wp-includes/vars.php

@@ -17,6 +17,7 @@ if ( is_admin() ) {
 	// wp-admin pages are checked more carefully
 	preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
 	$pagenow = $self_matches[1];
+	$pagenow = trim($pagenow, '/');
 	$pagenow = preg_replace('#\?.*?$#', '', $pagenow);
 	if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
 		$pagenow = 'index.php';

wp-includes/version.php

@@ -8,7 +8,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '2.8';
+$wp_version = '2.8.4';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
@@ -29,4 +29,4 @@ $tinymce_version = '3241-1141';
  *
  * @global string $manifest_version
  */
-$manifest_version = '20090610';
+$manifest_version = '20090616';

wp-includes/widgets.php

@@ -885,7 +885,7 @@ function dynamic_sidebar($index = 1) {
 function is_active_widget($callback = false, $widget_id = false, $id_base = false, $skip_inactive = true) {
 	global $wp_registered_widgets;
 
-	$sidebars_widgets = wp_get_sidebars_widgets(false);
+	$sidebars_widgets = wp_get_sidebars_widgets();
 
 	if ( is_array($sidebars_widgets) ) {
 		foreach ( $sidebars_widgets as $sidebar => $widgets ) {
@@ -935,7 +935,7 @@ function is_dynamic_sidebar() {
  */
 function is_active_sidebar( $index ) {
 	$index = ( is_int($index) ) ? "sidebar-$index" : sanitize_title($index);
-	$sidebars_widgets = get_option( 'sidebars_widgets', array() );
+	$sidebars_widgets = wp_get_sidebars_widgets();
 	if ( isset($sidebars_widgets[$index]) && !empty($sidebars_widgets[$index]) )
 		return true;
 
@@ -953,89 +953,93 @@ function is_active_sidebar( $index ) {
  * @since 2.2.0
  * @access private
  *
- * @param bool $update Optional, default is true. Whether to save upgrade of widget array list.
- * @return array Upgraded list of widgets to version 2 array format.
+ * @param bool $update Optional, deprecated.
+ * @return array Upgraded list of widgets to version 3 array format when called from the admin.
  */
-function wp_get_sidebars_widgets($update = true) {
+function wp_get_sidebars_widgets($deprecated = true) {
 	global $wp_registered_widgets, $wp_registered_sidebars, $_wp_sidebars_widgets;
 
 	// If loading from front page, consult $_wp_sidebars_widgets rather than options
 	// to see if wp_convert_widget_settings() has made manipulations in memory.
-	if ( is_admin() ) {
-		$sidebars_widgets = get_option('sidebars_widgets', array());
-	} else {
+	if ( !is_admin() ) {
 		if ( empty($_wp_sidebars_widgets) )
-			$sidebars_widgets = get_option('sidebars_widgets', array());
-		else
-			$sidebars_widgets = &$_wp_sidebars_widgets;
-	}
-	$_sidebars_widgets = array();
+			$_wp_sidebars_widgets = get_option('sidebars_widgets', array());
 
-	if ( !isset($sidebars_widgets['array_version']) )
-		$sidebars_widgets['array_version'] = 1;
+		$sidebars_widgets = $_wp_sidebars_widgets;
+	} else {
+		$sidebars_widgets = get_option('sidebars_widgets', array());
+		$_sidebars_widgets = array();
 
-	switch ( $sidebars_widgets['array_version'] ) {
-		case 1 :
-			foreach ( (array) $sidebars_widgets as $index => $sidebar )
-			if ( is_array($sidebar) )
-			foreach ( (array) $sidebar as $i => $name ) {
-				$id = strtolower($name);
-				if ( isset($wp_registered_widgets[$id]) ) {
-					$_sidebars_widgets[$index][$i] = $id;
-					continue;
-				}
-				$id = sanitize_title($name);
-				if ( isset($wp_registered_widgets[$id]) ) {
-					$_sidebars_widgets[$index][$i] = $id;
-					continue;
-				}
+		if ( isset($sidebars_widgets['wp_inactive_widgets']) )
+			$sidebars_widgets['array_version'] = 3;
+		elseif ( !isset($sidebars_widgets['array_version']) )
+			$sidebars_widgets['array_version'] = 1;
 
-				$found = false;
-
-				foreach ( $wp_registered_widgets as $widget_id => $widget ) {
-					if ( strtolower($widget['name']) == strtolower($name) ) {
-						$_sidebars_widgets[$index][$i] = $widget['id'];
-						$found = true;
-						break;
-					} elseif ( sanitize_title($widget['name']) == sanitize_title($name) ) {
-						$_sidebars_widgets[$index][$i] = $widget['id'];
-						$found = true;
-						break;
+		switch ( $sidebars_widgets['array_version'] ) {
+			case 1 :
+				foreach ( (array) $sidebars_widgets as $index => $sidebar )
+				if ( is_array($sidebar) )
+				foreach ( (array) $sidebar as $i => $name ) {
+					$id = strtolower($name);
+					if ( isset($wp_registered_widgets[$id]) ) {
+						$_sidebars_widgets[$index][$i] = $id;
+						continue;
 					}
-				}
-
-				if ( $found )
-					continue;
-
-				unset($_sidebars_widgets[$index][$i]);
-			}
-			$_sidebars_widgets['array_version'] = 2;
-			$sidebars_widgets = $_sidebars_widgets;
-			unset($_sidebars_widgets);
-
-		case 2 :
-			$sidebars = array_keys( $wp_registered_sidebars );
-			if ( !empty( $sidebars ) ) {
-				// Move the known-good ones first
-				foreach ( (array) $sidebars as $id ) {
-					if ( array_key_exists( $id, $sidebars_widgets ) ) {
-						$_sidebars_widgets[$id] = $sidebars_widgets[$id];
-						unset($sidebars_widgets[$id], $sidebars[$id]);
+					$id = sanitize_title($name);
+					if ( isset($wp_registered_widgets[$id]) ) {
+						$_sidebars_widgets[$index][$i] = $id;
+						continue;
 					}
+
+					$found = false;
+
+					foreach ( $wp_registered_widgets as $widget_id => $widget ) {
+						if ( strtolower($widget['name']) == strtolower($name) ) {
+							$_sidebars_widgets[$index][$i] = $widget['id'];
+							$found = true;
+							break;
+						} elseif ( sanitize_title($widget['name']) == sanitize_title($name) ) {
+							$_sidebars_widgets[$index][$i] = $widget['id'];
+							$found = true;
+							break;
+						}
+					}
+
+					if ( $found )
+						continue;
+
+					unset($_sidebars_widgets[$index][$i]);
 				}
-
-				// Assign to each unmatched registered sidebar the first available orphan
-				unset( $sidebars_widgets[ 'array_version' ] );
-				while ( ( $sidebar = array_shift( $sidebars ) ) && $widgets = array_shift( $sidebars_widgets ) )
-					$_sidebars_widgets[ $sidebar ] = $widgets;
-
-				$_sidebars_widgets['array_version'] = 3;
+				$_sidebars_widgets['array_version'] = 2;
 				$sidebars_widgets = $_sidebars_widgets;
 				unset($_sidebars_widgets);
-			}
 
-			if ( $update && is_admin() )
-				update_option('sidebars_widgets', $sidebars_widgets);
+			case 2 :
+				$sidebars = array_keys( $wp_registered_sidebars );
+				if ( !empty( $sidebars ) ) {
+					// Move the known-good ones first
+					foreach ( (array) $sidebars as $id ) {
+						if ( array_key_exists( $id, $sidebars_widgets ) ) {
+							$_sidebars_widgets[$id] = $sidebars_widgets[$id];
+							unset($sidebars_widgets[$id], $sidebars[$id]);
+						}
+					}
+
+					// move the rest to wp_inactive_widgets
+					if ( !isset($_sidebars_widgets['wp_inactive_widgets']) )
+						$_sidebars_widgets['wp_inactive_widgets'] = array();
+
+					if ( !empty($sidebars_widgets) ) {
+						foreach ( $sidebars_widgets as $lost => $val ) {
+							if ( is_array($val) )
+								$_sidebars_widgets['wp_inactive_widgets'] = array_merge( (array) $_sidebars_widgets['wp_inactive_widgets'], $val );
+						}
+					}
+
+					$sidebars_widgets = $_sidebars_widgets;
+					unset($_sidebars_widgets);
+				}
+		}
 	}
 
 	if ( isset($sidebars_widgets['array_version']) )
@@ -1086,9 +1090,8 @@ function wp_get_widget_defaults() {
  * @return array
  */
 function wp_convert_widget_settings($base_name, $option_name, $settings) {
-	global $_wp_sidebars_widgets;
 	// This test may need expanding.
-	$single = false;
+	$single = $changed = false;
 	if ( empty($settings) ) {
 		$single = true;
 	} else {
@@ -1110,7 +1113,7 @@ function wp_convert_widget_settings($base_name, $option_name, $settings) {
 			$sidebars_widgets = get_option('sidebars_widgets');
 		} else {
 			if ( empty($GLOBALS['_wp_sidebars_widgets']) )
-				$GLOBALS['_wp_sidebars_widgets'] = get_option('sidebars_widgets');
+				$GLOBALS['_wp_sidebars_widgets'] = get_option('sidebars_widgets', array());
 			$sidebars_widgets = &$GLOBALS['_wp_sidebars_widgets'];
 		}
 
@@ -1119,13 +1122,14 @@ function wp_convert_widget_settings($base_name, $option_name, $settings) {
 				foreach ( $sidebar as $i => $name ) {
 					if ( $base_name == $name ) {
 						$sidebars_widgets[$index][$i] = "$name-2";
+						$changed = true;
 						break 2;
 					}
 				}
 			}
 		}
 
-		if ( is_admin() )
+		if ( is_admin() && $changed )
 			update_option('sidebars_widgets', $sidebars_widgets);
 	}
 

wp-login.php

@@ -161,7 +161,7 @@ function retrieve_password() {
 	$message .= get_option('siteurl') . "\r\n\r\n";
 	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
 	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
-	$message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n";
+	$message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
 
 	$title = sprintf(__('[%s] Password Reset'), get_option('blogname'));
 
@@ -182,15 +182,18 @@ function retrieve_password() {
  * @param string $key Hash to validate sending user's password
  * @return bool|WP_Error
  */
-function reset_password($key) {
+function reset_password($key, $login) {
 	global $wpdb;
 
 	$key = preg_replace('/[^a-z0-9]/i', '', $key);
 
-	if ( empty( $key ) )
+	if ( empty( $key ) || !is_string( $key ) )
 		return new WP_Error('invalid_key', __('Invalid key'));
 
-	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
+	if ( empty($login) || !is_string($login) )
+		return new WP_Error('invalid_key', __('Invalid key'));
+
+	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
 	if ( empty( $user ) )
 		return new WP_Error('invalid_key', __('Invalid key'));
 
@@ -370,7 +373,7 @@ break;
 
 case 'resetpass' :
 case 'rp' :
-	$errors = reset_password($_GET['key']);
+	$errors = reset_password($_GET['key'], $_GET['login']);
 
 	if ( ! is_wp_error($errors) ) {
 		wp_redirect('wp-login.php?checkemail=newpass');

wp-settings.php

@@ -60,8 +60,8 @@ $_REQUEST = array_merge($_GET, $_POST);
 if ( ! isset($blog_id) )
 	$blog_id = 1;
 
-// Fix for IIS, which doesn't set REQUEST_URI
-if ( empty( $_SERVER['REQUEST_URI'] ) ) {
+// Fix for IIS when running with PHP ISAPI
+if ( empty( $_SERVER['REQUEST_URI'] ) || ( php_sapi_name() != 'cgi-fcgi' && preg_match( '/^Microsoft-IIS\//', $_SERVER['SERVER_SOFTWARE'] ) ) ) {
 
 	// IIS Mod-Rewrite
 	if (isset($_SERVER['HTTP_X_ORIGINAL_URL'])) {
@@ -316,6 +316,7 @@ if ( !is_blog_installed() && (strpos($_SERVER['PHP_SELF'], 'install.php') === fa
 		$link = preg_replace('|/[^/]+?$|', '/', $_SERVER['PHP_SELF']) . 'wp-admin/install.php';
 	require_once(ABSPATH . WPINC . '/kses.php');
 	require_once(ABSPATH . WPINC . '/pluggable.php');
+	require_once(ABSPATH . WPINC . '/formatting.php');
 	wp_redirect($link);
 	die(); // have to die here ~ Mark
 }
@@ -528,6 +529,10 @@ if ( !defined( 'AUTOSAVE_INTERVAL' ) )
 
 require (ABSPATH . WPINC . '/vars.php');
 
+// make taxonomies available to plugins and themes
+// @plugin authors: warning: this gets registered again on the init hook
+create_initial_taxonomies();
+
 // Check for hacks file if the option is enabled
 if ( get_option('hack_file') ) {
 	if ( file_exists(ABSPATH . 'my-hacks.php') )